Commit graph

5576 commits

Author SHA1 Message Date
Dominik Richter
ec79938060 Merge pull request #1741 from chef/adamleff/warn-with-sudo-no-target
Error and exit when using --sudo locally
2017-05-02 13:26:55 +02:00
Adam Leff
6ed5379134 Error and exit when using --sudo locally
Running `inspec exec` with --sudo locally produces unintended results
given that we cannot escalate local Ruby methods after we're already
running. --sudo is meant to only be used with remote targets. We do
not currently enforce that.

This change will print an error for the user if they attempt to use
--sudo with a local exec and exit non-zero.

Signed-off-by: Adam Leff <adam@leff.co>
2017-05-02 12:41:02 +02:00
Dominik Richter
37f6b33713 Merge pull request #1748 from chef/sr/typo
[www] fix typo
2017-05-02 11:58:50 +02:00
Stephan Renatus
222dd6107f [www] fix typo
Signed-off-by: Stephan Renatus <srenatus@chef.io>
2017-05-02 11:46:01 +02:00
Dominik Richter
0651a36346 Merge pull request #1746 from chef/adamleff/fix-xinetd
Fix xinetd resource failing when file cannot be read
2017-05-02 11:43:31 +02:00
Dominik Richter
5e04ad50cc Merge pull request #1747 from chef/adamleff/fix-yaml-docs
Fix YAML resource documentation
2017-05-02 11:41:26 +02:00
Christoph Hartmann
11905af32a Merge pull request #32 from chef/issue31
add password expiry and password expiry time to iam_password_policy
2017-05-02 11:23:44 +02:00
Christoph Hartmann
042b6550dd Merge pull request #30 from chef/Issue9-UserProvider
User provider refactor
2017-05-02 11:20:48 +02:00
Adam Leff
bc2458bf5a
Fix YAML resource documentation
The `yaml` resource documentation was missing many clues that users
need to successfully use the resource.

Signed-off-by: Adam Leff <adam@leff.co>
2017-05-01 16:16:00 -05:00
Adam Leff
6819940067
Fix xinetd resource failing when file cannot be read
The file resource's `#content` method will return nil if the file
cannot be read for permissions issues. If you try to run a profile
that uses the `xinetd` resource without sudo privileges, InSpec
would try to call `#empty` on nil.

This change fixes this issue by checking for nil before checking
for emptiness.

Signed-off-by: Adam Leff <adam@leff.co>
2017-05-01 15:59:07 -05:00
Adam Leff
ff082e12c7 Merge pull request #1745 from chef/adamleff/fix-table
[www] Fix ServerSpec migration doc rendering
2017-05-01 16:20:23 -04:00
Adam Leff
d95d666bc9
Fix ServerSpec migration doc rendering
RedCarpet table rendering was not enabled, and we need to treat
the resource names as code to avoid resources with two underscores
from being rendered as partial italics.

Signed-off-by: Adam Leff <adam@leff.co>
2017-05-01 15:18:49 -05:00
Adam Leff
ad9ce512a2 Merge pull request #1742 from shortdudey123/serverspec_migration_update
Improve "Which Serverspec resources are available in InSpec?" doc
2017-05-01 15:51:12 -04:00
Grant Ridder
4daf948eec Converge inspec doesn't have yet from comma seperated list to bullet list
Signed-off-by: Grant Ridder <shortdudey123@gmail.com>
2017-05-01 10:10:40 -07:00
Grant Ridder
82a478f2ba Improve "Which Serverspec resources are available in InSpec?" doc
- Switch serverspec and inspec resource compare to a table and fix the links
- Add links for serverspec resources not in inspec

Serverspec to InSpec markdown table generated with:
```
mapping = {
  bond: 'bond',
  bridge: 'bridge',
  command: 'command',
  cron: 'crontab',
  docker_container: 'docker_container',
  docker_image: 'docker_image',
  file: 'file',
  group: 'group',
  host: 'host',
  interface: 'interface',
  iis_website: 'iis_website',
  iis_app_pool: 'iis_website',
  iptables: 'iptables',
  kernel_module: 'kernel_module',
  linux_kernel_parameter: 'kernel_parameter',
  mysql_config: 'mysql_conf',
  package: 'package',
  port: 'port',
  ppa: 'apt',
  process: 'processes',
  service: 'service',
  user: 'user',
  windows_feature: 'windows_feature',
  windows_registry_key: 'registry_key',
  x509_certificate: 'x509_certificate',
  yumrepo: 'yum',
  zfs: 'zfs_pool'
}

serverspec_base = 'http://serverspec.org/resource_types.html#'
inspec_base = "https://www.inspec.io/docs/reference/resources/"

serverspec_max = serverspec_base.length + mapping.max_by{|k,v| k.length}[0].length * 2 + 4
inspec_max = inspec_base.length + mapping.max_by{|k,v| v.length}[1].length * 2 + 5

serverspec_header_half = ' ' * ((serverspec_max - 'Serverspec'.length) / 2)
inspec_header_half = ' ' * ((inspec_max - 'InSpec'.length) / 2)

puts "| #{serverspec_header_half}Serverspec#{serverspec_header_half} | #{inspec_header_half}InSpec#{inspec_header_half} |"
puts "|:#{'-' * serverspec_max}:|:#{'-' * inspec_max}:|"

mapping.each do |serverspec, inspec|
  serverspec_text = "[#{serverspec}](#{serverspec_base}#{serverspec})"
  padding = serverspec_max - serverspec_text.length
  serverspec_string = serverspec_text + ' ' * padding

  inspec_text = "[#{inspec}](#{inspec_base}#{inspec}/)"
  padding = inspec_max - inspec_text.length
  inspec_string = inspec_text + ' ' * padding

  puts "| #{serverspec_string} | #{inspec_string} |"
end
```

Signed-off-by: Grant Ridder <shortdudey123@gmail.com>
2017-04-28 15:03:04 -07:00
Dominik Richter
935850a5b1 Merge pull request #1739 from chef/adamleff/flush-cache
[www] Add rake task for flushing Fastly cache
2017-04-28 21:48:36 +02:00
Ryan Hass
99ebae186b Fix exit status check in hab run hook generator.
The exit status would never return "InSpec run completed successfully"
since the value of $RC was always an integer which never was prefixed
with an "x". This checks the return directly since we currently do not
have any complex logic which warrants the need to check different
return status values where a prefixed return code is necessary.

Signed-off-by: Ryan Hass <rhass@users.noreply.github.com>
2017-04-28 11:54:13 -07:00
Adam Leff
d022faea81
Add rake task for flushing Fastly cache
inspec.io is now hosted by Fastly which operates as a caching reverse
proxy. This change adds a Rake task that will flush the cache at Fastly
if the API key and Service ID are set in the appropriate environment
variables.

Flushing the cache is not required, so this will not error out if the
environment variables aren't provided; the cache will eventually clear
on its own. This will simply speed along the process as needed.

Signed-off-by: Adam Leff <adam@leff.co>
2017-04-28 14:22:00 -04:00
Ryan Hass
4622de7a28 Update habitat plan and hook generators
* Fixed bug with install step where profile would include the .hart
  files from previous builds.
* Updated the generated plan to support plan.sh syntax changes in
  habitat 0.21.0 and later by removing the `pkg_source` and the
  `do_download`, `do_verify`, and `do_unpack` overrides.
* Updated the generate run hook to leverage habitat to perform most of
  the origin, package name, and path variable interpolations.

Signed-off-by: Ryan Hass <rhass@users.noreply.github.com>
2017-04-28 09:31:11 -07:00
Chris Redekop
891f075d13 Update resource based on PR feedback
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
2017-04-28 10:52:42 +00:00
Viktor Yakovlyev
19f752f778 add 1.11, password expiry and password expiry time in days, fix examples
Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>

check for unset password expiry

Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>

pr changes

Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>
2017-04-28 10:52:42 +00:00
Christoph Hartmann
ed137ae052 Merge pull request #1737 from chef/dr/deprecation-messages
rename old deprecations that were meant for 1.0
2017-04-28 12:40:13 +02:00
Dominik Richter
144dede6eb rename old deprecations that were meant for 1.0
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-28 12:09:24 +02:00
Ryan Hass
56364caeaa Add core/hab to pkg_deps in hab plan.
Runtime of `hab pkg exec chef/inspec` changes the path for the inspec
runtime to match that of the inspec hab package. This makes it so tests
which need to execute things like `hab pkg path myorigin/mypath` in the
can profile/test can successfully execute the command.

Signed-off-by: Ryan Hass <rhass@users.noreply.github.com>
2017-04-27 17:17:54 -07:00
Dominik Richter
a7b8d2a117 Merge pull request #1734 from chef/adamleff/update-website-references
Update inspec.io references in docs/code
2017-04-28 00:49:43 +02:00
Adam Leff
a1769cc01b
Update inspec.io references in docs/code
The website is now at https://www.inspec.io - updating all inspec.io
references accordingly. :)

Signed-off-by: Adam Leff <adam@leff.co>
2017-04-27 18:05:51 -04:00
Adam Leff
9ac3db0c6a Merge pull request #1733 from chef/adamleff/release-1.22.0
Release v1.22.0
2017-04-27 17:30:32 -04:00
Adam Leff
2c5668ef16
Release v1.22.0
Signed-off-by: Adam Leff <adam@leff.co>
2017-04-27 17:27:58 -04:00
sfreeman
c43c863109 Added user provider
Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>
2017-04-27 16:17:43 -04:00
Adam Leff
c3ab00f74c Merge pull request #1730 from chef/adamleff/rake-updates-for-appbundle-updater
Rakefile updates to support appbundle-updater
2017-04-27 14:52:08 -04:00
Adam Leff
76e1d62ad3 Merge pull request #1731 from chef/adamleff/update-cname
Update GH Pages CNAME
2017-04-27 14:50:54 -04:00
Adam Leff
872574f661
Update GH Pages CNAME
GH pages is now an origin server with a new FQDN, "origin.inspec.io"

Signed-off-by: Adam Leff <adam@leff.co>
2017-04-27 14:48:32 -04:00
Adam Leff
3d272d280b
Rakefile updates to support appbundle-updater
InSpec is "appbundled" into the ChefDK which means users can't
simply run `chef gem install inspec` and get an updated InSpec.
`appbundle-updater` exists to combat this and, when run, will
pull the source and install the gem using `rake install`.

In the appbundle-updater config, we'll want to exclude unnecessary
gems from getting installed, such as the "tests" group. Our Rakefile
doesn't work without the "tests" group being installed.

This change makes the Rakefile usuable when the "tests" gems aren't
available.

Signed-off-by: Adam Leff <adam@leff.co>
2017-04-27 14:15:42 -04:00
Elliott Davis
27d04b56d7 Update postgresql conf resource to accept include_dir as a string as well as an array
Even though I couldn't find any docs around include_dir accepting anything other than a string I left the existing functionality alone.
This forces include_dir to check multiple directories as well as single string directories for additional conf files.

Signed-off-by: Elliott Davis <edavis@chef.io>
2017-04-27 10:26:06 -05:00
Dominik Richter
a6eeb208b1 Merge pull request #1722 from chef/adamleff/matchers-shell-help
Add matchers help to shell, clean up help output
2017-04-27 01:28:59 +02:00
Adam Leff
42797b4231 Add matchers help to shell, clean up help output
A new `help matchers` command will provide helpful examples on a few
of the standard matchers: be, cmp, include, etc.

I also cleaned up the formatting of the resources list and provided
better feedback if a user requests help for an unknown resource.

Resolves #1684

Signed-off-by: Adam Leff <adam@leff.co>
2017-04-27 01:16:39 +02:00
Dominik Richter
4d73d3ccfe Merge pull request #1724 from chef/adamleff/event-update
[www] update event on main page
2017-04-27 01:14:41 +02:00
Adam Leff
5c63210390 Merge pull request #1726 from chef/dr/ports-doc-cmp
use cmp in port docs instead of eq
2017-04-26 18:22:27 -04:00
Adam Leff
2996662bbe Merge pull request #1723 from chef/dr/parse_config-opts
rename SimpleConfig / parse_config / parse_config_file options
2017-04-26 18:20:19 -04:00
Dominik Richter
84a59cab50 use cmp in port docs instead of eq
Fixes https://github.com/chef/inspec/issues/438

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-27 00:17:34 +02:00
Adam Leff
ce4d0d2481
[www] update event on main page
Signed-off-by: Adam Leff <adam@leff.co>
2017-04-26 17:59:54 -04:00
Dominik Richter
1dafe50bd9 rename SimpleConfig / parse_config / parse_config_file options
See https://github.com/chef/inspec/issues/1709
Fixes https://github.com/chef/inspec/issues/1709

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-26 23:18:40 +02:00
Dominik Richter
71a4f0d8f0 Merge pull request #1719 from chef/dr/inspec-version
provide `inspec.version` information
2017-04-26 13:40:29 +02:00
Dominik Richter
8e5fbb9e02 provide inspec.version information
as a friendly shortcut and a native call within profiles

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-26 13:07:32 +02:00
Christoph Hartmann
075336da54 Merge pull request #1718 from chef/dr/expose-inspec
provide the `inspec` keyword
2017-04-26 13:03:30 +02:00
Dominik Richter
8b7ef09f85 provide the inspec keyword
Instead of my favorite shortcut of `os.inspec` just finally add it as a global keyword.

Preparation for https://github.com/chef/inspec/issues/1396

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-26 12:30:31 +02:00
Christoph Hartmann
bf1d2ded6d Merge pull request #1717 from chef/dr/prettyprint-inspec-backend
print and prettyprint the inspec backend class
2017-04-26 12:23:36 +02:00
Dominik Richter
50e1c76fce print and prettyprint the inspec backend class
This is always bothersome when debugging code and drilling down objects, since it will just a return a two-layer anonymous class with no help at all.
Instead print a nice name and even give a bit of information on pretty-printing (which pry does naturally)

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-26 12:04:01 +02:00
Christoph Hartmann
5212ba9580 Merge pull request #1713 from chef/dr/docs-impact
describe the value ranges of `impact`
2017-04-25 21:14:28 +02:00
Dominik Richter
a7771a4ebc describe the value ranges of impact
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-04-25 19:01:16 +02:00