Commit graph

5177 commits

Author SHA1 Message Date
Clinton Wolfe
f5251f3c29 Re-work unit tests for user and users (#125)
* Constructor unit tests

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Constructor tests pass, all others gutted

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Basic 'where' test in place, no criteria

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Wired up filter table to backend list users

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Unit testing for has_mfa_enabled and has_console_password

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Simple AWS client implementation for Users

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Rework resource parameters and validation; copy in code from #121

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Add constructor tests

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Add search/recall tests

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Recall unit tests pass

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Failing unit tests for username and has_console_password

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* has_console_password works in unit tests

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* has_mfa_enabled failing unit tests

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* has_mfa_enabled passes unit tests

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Failing unit tests for Access Keys

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* CLean up bad rebase commit

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Access keys property works, as an uncooked AWS response

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* De-linting

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Integration tests work

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Remove provider support libraries

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Integration tests pass for users resource

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* De-lint

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Remove aws connection load from user

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Adapt aws_iam_user to rely on AwsResourceMixin

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-12-08 19:34:09 +01:00
Adam Leff
a18441f86e Rubocop: disable GuardClause and ClassLength (#2382)
Neither of these cops is helping us write good code, and GuardClause
specifically is actually contributing to us writing sometimes-unclear
code. Disabling both of these cops and removing all unnecessary disable
decorators in the codebase.

Signed-off-by: Adam Leff <adam@leff.co>
2017-12-07 20:22:55 +01:00
Chef Expeditor
10cad48c65 Update CHANGELOG.md to reflect the promotion of 1.48.0 to stable 2017-12-07 18:49:37 +00:00
Clinton Wolfe
9277e0585e Rename the resource pack loading shim to a filename that will sort first on all OS's (#133)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-12-07 13:35:23 -05:00
Chef Expeditor
952b5c152d Bump version to 1.48.0 by Expeditor 2017-12-07 18:21:21 +00:00
Adam Leff
cd51c0c631
Fix changelog categories, bump minor version for release (#2381)
Signed-off-by: Adam Leff <adam@leff.co>
2017-12-07 13:21:09 -05:00
Chef Expeditor
8750589b8f Bump version to 1.47.8 by Expeditor 2017-12-07 15:45:37 +00:00
Chef Expeditor
6560fb1bde Bump version to 1.47.7 by Expeditor 2017-12-07 15:45:04 +00:00
Chef Expeditor
b0e74a6d56 Bump version to 1.47.6 by Expeditor 2017-12-07 15:44:15 +00:00
Adam Leff
5be9739ec1 Remove rainbow dependency, fix duplicate rake gem (#2374)
The version of Rainbow brought in as a direct dependency also depends
directly on Rake, and our pin of Rake was inaccurate. This was causing
Omnibus to build packages that contained two rake gems which would emit
"Unresolved specs during Gem::Specification.reset" warnings when
running InSpec.

Signed-off-by: Adam Leff <adam@leff.co>
2017-12-07 13:50:53 +01:00
Miah Johnson
e33f4959e1 Allow crontab resource to read crontab at user specified paths. (#2328)
* add a emulated /etc/cron.d/crondotd file to the mocking system.

* test that we handle incoming paths correctly by rendering to_s.

* We take in both users and a path, so lets call that destination.

* To make the test pass we'll determine if we are dealing with a path or
a user and return the correct string.

* we will need the ability to determine if we are dealing with a path when either calling the crontab command or reading the file directly, so break that out into a path? method.

* remove author field.

* test contents of our crondotd file.

* we have to explicitly make @destination a String to use include?.

* when we get a path we use inspec.file to get conents, otherwise we run the crontab command.

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Add documentation for example usage with file path.

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Make path? and path_or_user private methods

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Add missing username filed to crondotd mock file

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Pass argument as a hash when testing file paths

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Expected results should include usernames when testing file paths

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Add special string `@yearly` test to crondotd mock file

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Add user to existing cron tests

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Rubocop says I need spaces after/before curly brackets

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Add user to crondotd file tests and add @yearly test

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Modify initialize to take options hash and be backwards compatible.

Change initialize default argument to create a hash by default, though
it is still possible to pass in a 'user' string argument.

@user gets set with the argument value unless its a hash, in which case
it tries to set the value of the user key, otherwise it becomes nil.

@file gets set with the value of the path key, unless it doesn't exist
in which case it becomes nil.

All hash keys are symbolized to ensure consistent access.

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Check if @path is nil to determine if we run crontab command or parse
file.

path? was removed as we're not overloading a @destination variable
anymore.

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* if @user is nil assume current user otherwise crontab for @user

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Change to complete if rather than ternary.

We have three possible cases, current user, other user, or file path.
This accounts for all of them.

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Add user to the crontab FilterTable

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Remove path? and path_or_user

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Move crontab parsing to two methods, parse_user_crontab and
parse_system_crontab

Because a command in a crontab file could have spaces we must parse user
and system crontabs differently.

When we parse user crontabs the user field will either be nil, or the requested user.

Both user and path parsers handle special strings (@yearly, @weekly,
etc). And also account for position of user in these files (or adds it
in user case)

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Update examples with user: and path:

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Add spaces after : in example docs

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Disable rubocop ClassLength check

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Moved rubocop ClassLength metric next to class instead of above the
module.

Remove unnecessary braces.

Add is_system_crontab? and is_user_crontab helper methods and use them.

Add tests to see if error conditions are raised when the resource is
invoked with missing parameters (user, or path), and on a unsupported
os.

Change initialize to group all hash functions together and raise errors
when user and path is unset. Also raise errors on unsupported operating
systems.

Change order of ternary and use is_system_crontab? rather than
@path.nil?

Signed-off-by: Miah Johnson <miah@chia-pet.org>
2017-12-07 13:50:07 +01:00
Jared Quick
72af4a96f1 Update default cli options to be per command. (#2378)
Signed-off-by: Jared Quick <jquick@chef.io>
2017-12-07 13:19:36 +01:00
Chef Expeditor
628d778b05 Bump version to 1.47.5 by Expeditor 2017-12-06 21:22:22 +00:00
Jared Quick
4c592f49c1 Resolve merge issue with json-config vs thor defaults (#2377)
* Add debug for caching and fix cli merge bug.

Signed-off-by: Jared Quick <jquick@chef.io>

* Update options merge to take cli options over json.

Signed-off-by: Jared Quick <jquick@chef.io>
2017-12-06 22:22:11 +01:00
Chef Expeditor
4ccdf5bb89 Bump version to 1.47.4 by Expeditor 2017-12-06 20:18:55 +00:00
Jared Quick
31578de5e4 Fix inspec appveyor test with the new local train transport (#2376)
* test appveyor with ruby#File

Signed-off-by: Jared Quick <jquick@chef.io>

* Update inspec train to version 0.31.1

Signed-off-by: Jared Quick <jquick@chef.io>
2017-12-06 15:18:38 -05:00
Jerry Aldrich III
1d09f57000 Change Atlas to VagrantCloud (#2372)
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-12-05 12:21:06 -05:00
Clinton Wolfe
9a44db15f7 Update rubocop 0.44.0 -> 0.51.0 (#127)
* Update rubocop to latest

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Code tweaks for rubocop

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-12-05 17:55:55 +01:00
Chef Expeditor
e0d5306502 Bump version to 1.47.3 by Expeditor 2017-12-05 13:21:42 +00:00
Jared Quick
578577f79a Update command resource to check for mock backend. (#2353)
Signed-off-by: Jared Quick <jquick@chef.io>
2017-12-05 14:21:31 +01:00
Chef Expeditor
0248d80557 Bump version to 1.47.2 by Expeditor 2017-12-05 13:13:54 +00:00
Jerry Aldrich III
49d36de0f3 Allow inspec check to ignore only_if (#2250)
* Allow `inspec check` to ignore `only_if`

When using `inspec check` a mock Train backend is created. This means
that the following would raise an error because `os.name` is `nil`

```
only_if { os.name.include?('anything') }
```

Since `inspec check` isn't concerned with the evaluation of `only_if`
this skips those checks if the block given raises an error.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Remove unnecessary `e` in rescue

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Modify implementation to use `check_mode`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Move `check_mode` concept to the Profile scope

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Fix lint after rubocop upgrade

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Add comment for mocked ControlEvalContext options

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-12-05 14:13:41 +01:00
Chef Expeditor
817a215b77 Bump version to 1.47.1 by Expeditor 2017-12-05 12:07:42 +00:00
Jared Quick
0dc0e3b457 Update rspec cli control summary to not uniq fails. (#2362)
Signed-off-by: Jared Quick <jquick@chef.io>
2017-12-05 13:07:31 +01:00
Chef Expeditor
18ca2e9fbb Update CHANGELOG.md to reflect the promotion of 1.47.0 to stable 2017-12-04 22:43:03 +00:00
Chef Expeditor
f983b92d16 Bump version to 1.47.0 by Expeditor 2017-12-04 21:40:29 +00:00
Jared Quick
d49f4e3fe1 Enable caching for backend calls (#2309)
* Enable caching for command and file calls to train
* Moved transport conn to connection and refactored tests
* Update caching flag to use train caching.
* Move caching flag to cli option.
* Add backed cache default from thor.
* Add hard disable for cache option and remove all cache from debug shell.
* Add comment to caching settings conditional.
* Force file cache on when caching enabled.
* Update gemspec for train 0.30.0.

Signed-off-by: Jared Quick <jquick@chef.io>
2017-12-04 16:40:14 -05:00
Chef Expeditor
ceabe4b94a Bump version to 1.46.7 by Expeditor 2017-12-04 20:31:17 +00:00
Jared Quick
4b1c1b041f security_policy resource: use PID for filename instead of random (#2368)
* Update security policy export to use pid instead of random.

Signed-off-by: Jared Quick <jquick@chef.io>

* Update helper for the new train.

Signed-off-by: Jared Quick <jquick@chef.io>
2017-12-04 15:31:06 -05:00
Clinton Wolfe
2955aabf7f DRY up AWS resource implementation and test backend implementations (#121)
* Standardize requires in unit tests

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Standardize requires in resources

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Move AWS connection hook into non-resource library area

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Add an AWS resource mixin, pushing constructor out to it

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Push resource param name recognition into mixin

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Push exists predicate up to mixin

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Rename base.rb to be resource_mixin for clarity

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Separate the backend from its factory, and push it out into a class mixin

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Push BackendFactory up into the resource mixin

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* De-linting

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Remove aws_conn require from LMF and CloudWatch Alarm filters

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Use resource mixin for Cloudwatch Alarm

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Rework LMF to use the resource mixin

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Rubocop.

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Remove SDK load from connection.rb; that happens in aws.rb now

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Mixin should default to allowing empty resource params

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Update LMF to enforce params being required

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-12-04 19:32:13 +01:00
Chef Expeditor
0aac3b13ad Bump version to 1.46.6 by Expeditor 2017-12-04 16:59:41 +00:00
eramoto
6a16a3ef99 Fix example in key_rsa.rb (#2364)
key_rsa resource: fix inline shell documentation help, wrong resource name used in examples
2017-12-04 11:59:30 -05:00
Jordan Craig
d928c76702 Fix incorrect case in paragraph. (#2363)
Incorrect case used in paragraph to describe interactive debugging with Pry.

Obvious fix.
2017-12-04 11:55:33 -05:00
Chef Expeditor
ffc699c4d9 Bump version to 1.46.5 by Expeditor 2017-12-01 09:24:25 +00:00
Adam Leff
3ffaee91c2 docker_image resource: properly handle registries in image strings (#2356)
When supplying a docker image that contains a registry with a port number,
such as `localhost:5000/chef/inspec:1.46.3`, the docker_image resource
was unable to locate the image in question due to incorrect parsing
of the repository and tag.

Signed-off-by: Adam Leff <adam@leff.co>
2017-12-01 10:24:15 +01:00
Chef Expeditor
222d4b6aac Bump version to 1.46.4 by Expeditor 2017-11-29 21:31:20 +00:00
Adam Leff
12fec238f7
json resource: ensure params is not nil in even of read/parse failure (#2354)
When the JSON resource (and those that subclass off of it) were modified
to properly throw exceptions in the event of failure, this caused the
`params` method to return nil instead of what it used to be, an empty
hash.

This is fine in the case of a describe block, but it's not okay when used
outside of a describe, as it will cause users trying to pluck from the
hash to throw a dreaded-and-unhelpful NilClass error.

This change pre-populates the params to be an empty hash, and if the
read/parse steps fail, it will still be one.

Signed-off-by: Adam Leff <adam@leff.co>
2017-11-29 16:31:06 -05:00
Chef Expeditor
a3954dec1b Bump version to 1.46.3 by Expeditor 2017-11-29 14:16:49 +00:00
Jared Quick
3f14e467b3 Unique export file for security policy resource (#2350)
* Add a unique export for security policy resource.

Signed-off-by: Jared Quick <jquick@chef.io>

* Remove skip resource on empty policy file.

Signed-off-by: Jared Quick <jquick@chef.io>
2017-11-29 15:16:40 +01:00
Chef Expeditor
f3733d58ad Update CHANGELOG.md to reflect the promotion of 1.46.2 to stable 2017-11-29 12:42:06 +00:00
Chef Expeditor
ed98bb4b77 Bump version to 1.46.2 by Expeditor 2017-11-29 12:32:53 +00:00
Jerry Aldrich III
71057675de Allow skipping/failing resources in FilterTable (#2349)
* Allow skipping/failing resources in FilterTable

`FilterTable` is commonly used in the class body of a resource and is
evaluated during an `instance_eval`. This means that if you raise an
exception (e.g. SkipResource) it will halt `inspec exec` and
`inspec check`.

This adds an `ExceptionCatcher` class that will postpone evaluation
until test execution.

This allows `inspec check` and `inspec exec` to perform as intended when
skipping/failing a resource in `FilterTable`

Huge thanks to @adamleff for providing the starting code/ideas!

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Comment why `ExceptionCatcher` doesn't raise

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Remove `accessor` from `ExceptionCatcher`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Return the existing ExceptionCatcher object rather than creating new

Signed-off-by: Adam Leff <adam@leff.co>
2017-11-29 07:32:40 -05:00
Chef Expeditor
24f695a311 Bump version to 1.46.1 by Expeditor 2017-11-29 11:02:12 +00:00
David Alexander
beb326a15a wmi resource: properly escape quotes in WMI query (#2342)
* Modifies test for failing WMI string interpolation

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* Fixes #2260 (WMI string interpolation)

Signed-off-by: David Alexander <opensource@thelonelyghost.com>
2017-11-29 12:01:44 +01:00
Patrick Münch
bd6a8fd980 kernel_module: correct docs style for code boxes (#2348)
Signed-off-by: Patrick Münch <patrick.muench1111@gmail.com>
2017-11-28 18:12:05 -05:00
Chef Expeditor
30fd2b669b Bump version to 1.46.0 by Expeditor 2017-11-28 13:45:11 +00:00
Christoph Hartmann
9cdf03ac4b allow override of attribute identifier and support default values different from strings (#2347)
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-11-28 08:45:02 -05:00
Chef Expeditor
3f3655963d Bump version to 1.45.17 by Expeditor 2017-11-28 08:19:03 +00:00
David Alexander
71b90f1b22 file resource: fix NilClass error when using advanced windows permissions (#2344)
* Fixes #2343 (Windows file permissions regression)

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* Updates docs with missing info on `be_allowed()` matcher

Signed-off-by: David Alexander <opensource@thelonelyghost.com>
2017-11-28 09:18:49 +01:00
Adam Leff
d77551baf1 Remove rubocop from example Gemfiles (#2341)
The pinned version of Rubocop in some of the TK examples' Gemfiles
was a very old version with known vulnerabilities. Since these are just
examples and have no Rake tasks that rely on them, I removed rubocop
outright from the example Gemfiles.

Signed-off-by: Adam Leff <adam@leff.co>
2017-11-27 19:05:52 +01:00