* Error cleanly if a reporter error while rendering.
* Add functional test for automate reporter.
* Remove authors.
Signed-off-by: Jared Quick <jquick@chef.io>
to set_skip_rule could be a boolean, or a message. Now value should
always be a boolean, and if a message is needed one can be passed and
will be set.
Allow only_if to take a message during control_eval DSL.
Add test for only_if(message).
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Add --vendor-cache flag for archive, check, and json commands.
* Remove unused ignore_supports flag for Inspec::Runner.
This flag was only set in two code paths that did not call
Inspec::Runner so setting it did not have any effect.
Signed-off-by: Pete Higgins <pete@peterhiggins.org>
* Provide a json_merge report used by A2 that merges all child profiles.
Signed-off-by: Jared Quick <jquick@chef.io>
* Merge profile controls from child up until we find something usable.
Signed-off-by: Jared Quick <jquick@chef.io>
* Add testng for json_merged report.
Signed-off-by: Jared Quick <jquick@chef.io>
* Push the profile population to be later in the report.
Signed-off-by: Jared Quick <jquick@chef.io>
* windows_feature resource: Add DISM support
This modifies the `windows_feature` resource to fallback to DISM when
the `Get-WindowsFeature` command is not available.
* Allow specifying `:dism` or `:powershell`
* Replace stacktrace with smaller error message
* Add notes/todo about raise behavior
* Remove duplicated platform check
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* cli: Downcase supermarket tool name to match URL
This downcases the user provided tool name. Without this fetching the
profile will fail because the Supermarket API downcases in the URL.
* Add another downcase
* Add handling for `supermarket://owner_but_no_name`
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Constrain RuboCop disables to single method
* Add comment to Alpine package command
* Use single quotes for Alpine package command
* Change `it` statement to be readable
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
Context:
When testing a Windows registry key with a period character in it e.g. `explorer.exe` it is not possible to use `its("explorer.exe")` because the period would be interpreted as method chaining.
In this case, you must instead use `its(["explorer", "exe"])`
See https://github.com/inspec/inspec/issues/1281
This commit fixes `to_ruby`in `Inspec::Describe` so that it produces an array in the generated Inspec code instead of a string.
Signed-off-by: James Stocks <jstocks@chef.io>
* Use fail_resource rather than skip_resource when the platform is not
supported by the resource.
* Update tests to handle failing on unsupported platforms.
Update functional tests.
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Functional tests for regex control selection
* Implementation for regex-based control filtering
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
profile name. eg "with/slash" would result in a profile created in the
"with" directory named "slash"
Add test for inspec init, and updated other for new output.
Clean up profiles created during testing and place them in temporary
directories.
Describe our test a bit better.
Check that the profile was created in the right location.
Check that the profile is named correctly.
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Updating inspec with bastion options as per https://github.com/inspec/train/pull/310
* Updating train pin
* Adding --password to pass the test
* Revert "Updating train pin"
* PR changes
Signed-off-by: Noel Georgi <18496730+frezbo@users.noreply.github.com>
* Sort `Dir.entries` in functional test
Ruby's `Dir.entries` differs between OS's. This ensures the same order
is used when comparing two arrays.
* Remove unused variable `exec_out`
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Add long description to inspec exec command, mentioning exit codes
* Modify website doc builder code to use long description if available
* Functional test for --distinct-exit flag
* Implement --distinct-exit option
* Inspec shell also needs the option
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* apache_conf resource: Strip quotes from values
* Update regex to capture all vars between quotes
* Change `x` and `y` to proper variable names
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* A functional test for attributes
* Add tests for nested attrs in yaml
* remove commented-out tests
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Fix the control merging issues when overriding child controls.
* Fix rubocop issue and vendor compression.
* Add in lock file for vendor profile
Signed-off-by: Jared Quick <jquick@chef.io>
* Add insecure option to the automate report json.
* Add in automate and compliance json documentation.
* Fix typo.
Signed-off-by: Jared Quick <jquick@chef.io>
* Un-deprecate plural properties on shadow; deprecate the singular versions
* Update filtertable interface to current
* A weak attempt at making the docs coherent
* Doc feedback per Jerry
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* set port default to nil, introduce local_mode
* raise instead of warning
* restore default port, allow explicit nil
Signed-off-by: Tor Magnus Rakvåg <tm@intility.no>
* Adding YAML reporter
* Updating yaml o/p
* Removing comment
* Adding UT for YAML reporter, adding missing reporters
* This PR takes care of the following:
- Fixes the YAML reporter UT
- Adds the report method to YAML reporter to support code example as in #3085
- Disables the cyclomatic complexity Metric for reporter
Signed-off-by: Noel Georgi <18496730+frezbo@users.noreply.github.com>
* implement members property
* flatten groups entry, extract flatten helper
* lints
* more idiomatic spec, add example of members testing
Signed-off-by: Tor Magnus Rakvåg <tm@intility.no>
* Add integration and unit tests for aws_ec2_instances
* Basic docs for aws_ec2_instances
* Add basic aws_ec2_instances resource
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Add check if aws s3 bucket is encrypted.
Required terraform aws provider >= 1.6
Fix indentation issue in aws_s3_bucket.rb
* Implement most changes recommended by @TrevorBramble, and refactored other methods to align with recommendations (except Terraform nitpick; preference is to keep coding style consistent until full refactor).
Signed-off-by: Jeremy Phillips <github@uranusbytes.com>
* nginx_conf resource: Fix include paths with quotes
* Move quote removal to `NginxParser`
* Add parsers/tests for quotes in quotes
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
This change should make it easier to work with a running environment.
You may now apply changes without doing a full teardown/rebuild any time
you make a change to the terraform plan.
Adds some documenation on how to use the Terraform tooling.
Adds AZURE_LOCATION to override the default region.
Signed-off-by: David McCown <dmccown@chef.io>
* Update tests and docs to assume one recorder per region
* Config recorder supports singleton fetch
* Docs and tests for singleton mode delivery_channel
* Implementation for singleton delivery channel, and some other code cleanup
* Implement some feedback, and fix a bug in traversing the struct in looking for empty results
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Update terrform to 0.11.7 (latest) and aws plugin to 1.14; upgrade plugins on test startup
* TF route table resource doesn't export associations or routes attributes. Which we weren't using anyway.
* Downgrade to aws plugin 1.13 to avoid TF panic; suppress deprecation warning for aws_region
* Fix incoherent attribute combination on cloudtrail
* Add -auto-approve to suppress interactive confirmation
* Update version pinning for AWS minimal account
* Use a plan file in AWS runs
* Pin azure TF run to 0.11 and 1.3; also an autoformatter pass on the TF code.
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Bug replication tests, unit and integration
* Fixes statement_count
* Fixes statement_count and have_statement
* rubocop trim whitespace
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Update singular implementation to avoid use of inner object
* Update docs and tests for 3 new filters and properties on aws_vpcs
* Implement new filters and properties; one failing test due to odd FilterTable behavior
* changes to avoid bug 2929
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Add tests for method chained shadow resource with readable and
unreadable shadow files.
Ensure @params always has a safe value, otherwise we may stacktrace when
unable to read /etc/shadow and invoked with method chaining.
* Wrap deprecation notices with a proc/must_output to clean up test
output.
Added some missing newlines.
Catch deprecation notice on `lines`.
* Resolve the majority of the issues pointed out by @tbramble.
Deprecate `lines`; its really only used internally but it was 'exposed'
through tests and who knows if there is external use. `lines` is not
documented as a property at least..
`#set_params` is much better now =)
Signed-off-by: Miah Johnson <miah@chia-pet.org>
Provides low-, and mid-level properties and matchers for examining rules on aws_security_group.
* Second draft of docs for SG rules interface; need to clarify semantics of reject
* First cut at unit tests
* Cleanup test fixtures
* Implementation for allow, with plausible unit tests
* Doc updates based on reality
* Add integration tests; move allow to allow_ / out; several docs updates
* Add be_open_to_the_world and be_open_to_the_world_on_port
* Update docs to reflect adding allow_only
* Update docs to reflect use of position to allow multiple rules with 'only'
* Implement allow_only with unit tests; still need integration tests
* Add integration tests for allow_only
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* * Adds new property to test how many days ago the CloudTrail delivered logs to the CloudWatch Logs.
* * Changes query for selected cloud trail in unit test
* Changes uses Time.now explicitly instead of making a variable in the unit test
Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
* Adds new property to test the users in an aws_iam_group
* Adds terraform code to add the recall_hit user to the administrator group
Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
* Initial commit of skeletal resource aws_route_tables
* Fixes issues with documentation
* Renames route table terraform resources to be more conventional
* Removes tags terraform resources
* Changes aws_route_table and aws_route_tables integration tests to use new terraform names
* Removes unneeded data given in unit tests
Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
* Initial commit of skeletal resource aws_s3_buckets
* Add fixes to documents
* Removes property 'creation_date' for there is no use case as of right now
* Rebases on master and moves aws_s3_buckets integration test to the correct location
* Adds test on unit test for false exists
Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
* Adds chocolatey package resource
* Adds docs for chocolatey_package resource
* Differentiate chocolatey package from windows feature
Suggested by @frezbo
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
* Change `skip_resource` to use raise
* Add `supports` lines to example resource
* Change to rescue `StandardError` vs `Exception`
* Change raise to use `e.message` vs `$!`
* Remove redundant returns
* Change `File.exists?` to `File.exist?`
* Update shasum in tests
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Add AWS hardware MFA matcher
Adding a hardware as well as a virtual MFA matcher for aws_iam_root_user
resource
* Add New AWS Root Matcher Docs
- Add documentation for new root MFA matchers
- Fix logic for checking MFA devices from feedback on PR
* Add Integration tests for MFA matchers
- Add integration tests for virtual and hardware MFA matchers
- Clean up logic for has_virtual_mfa_enabled? method
Signed-off-by: Paul Welch <pwelch@chef.io>
* Add python check for pip resource
When checking pip resources, we should skip resource if python is not
installed or we will fail with an error when trying to parse the path.
* Check pip command on windows
On Windows, if pip has a newer version available, it adds an error
message to stderr. Now checking if both stderr and stdout on windows
have values. If so, assume pip package is installed.
* Clean up powershell query command
- Make it easier to read what the powershell command is doing
- Make it easier to read what the cmd_successful method lokos for
Signed-off-by: Paul Welch <pwelch@chef.io>
Without the terminating character ($), it just accepted any characters
at all after the initial matching set.
Also add some tests to assure we're raising appropriately.
Co-authored-by: Trevor Bramble <tbramble@chef.io>
Co-authored-by: Joshua Padgett <jpadgett@chef.io>
Signed-off-by: Trevor Bramble <tbramble@chef.io>
This adds `powershell` resource support for non-Windows OSs via `pwsh`
and Base64 encoded commands.
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Mitigate trivial warning on test by initializing
Also fixes passing a ambiguous argument.
* Mitigate trivial warning by removing redundant method
Signed-off-by: ERAMOTO Masaya <eramoto.masaya@jp.fujitsu.com>
* registry_key resource was returning an incorrect value
when key value was greater than 2147483647
* added mock
* Fix issue with default reg key
(default) key was returning nil even when a value was present.
Signed-off-by: Omar Irizarry <irizarry_omar_j@network.lilly.com>
* Initial commit of new skeletal resource aws_config_delivery_channel
* Changes delivery_frequency to be an integer and names delivery_frequency_in_hours
* Adds more documentation and clarifies descriptions
* Wraps API call in the aws_catch_errors function
* Changes config bucket name to use dashes instead of underscores
* Updates on master and changes directory location of build and integration files
* Fix integration tests to only create one ConfigRecorder
Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
* Initial commit of skeletal resource aws_kms_key
* * Adds comments to rerun travis
* * Clarifies some parts of the doc.
* Changes matcher have_aws_key_manager to manged_by_aws
* Fixes copypasta
* Adds clarification to property names
* Fixes rescueing exceptions from the api
* raises exceptions in the unit tests
Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
This mock was a remenant of file reading tests that became obsolete with
the centralization of that code.
Signed-off-by: Trevor Bramble <tbramble@chef.io>
* Clean up test data, correct parse error handling
* Use functional pipeline to avoid need for conditional clauses and clarify the intent of the comment parsing.
* Extract magic strings to constants
* Remove code and tests now covered by FileReader
Co-authored-by: Trevor Bramble <tbramble@chef.io>
Co-authored-by: Paul Welch <pwelch@chef.io>
Signed-off-by: Trevor Bramble <tbramble@chef.io>
* Initial commit of skeletal resource aws_sns_topics
* Adds clarification in documentation
* Adds functionality for calling the next token returned from aws api.
* Wraps api calls in the catch_aws_errs method
Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
