Running `inspec exec` with --sudo locally produces unintended results
given that we cannot escalate local Ruby methods after we're already
running. --sudo is meant to only be used with remote targets. We do
not currently enforce that.
This change will print an error for the user if they attempt to use
--sudo with a local exec and exit non-zero.
Signed-off-by: Adam Leff <adam@leff.co>
The file resource's `#content` method will return nil if the file
cannot be read for permissions issues. If you try to run a profile
that uses the `xinetd` resource without sudo privileges, InSpec
would try to call `#empty` on nil.
This change fixes this issue by checking for nil before checking
for emptiness.
Signed-off-by: Adam Leff <adam@leff.co>
RedCarpet table rendering was not enabled, and we need to treat
the resource names as code to avoid resources with two underscores
from being rendered as partial italics.
Signed-off-by: Adam Leff <adam@leff.co>
The exit status would never return "InSpec run completed successfully"
since the value of $RC was always an integer which never was prefixed
with an "x". This checks the return directly since we currently do not
have any complex logic which warrants the need to check different
return status values where a prefixed return code is necessary.
Signed-off-by: Ryan Hass <rhass@users.noreply.github.com>
inspec.io is now hosted by Fastly which operates as a caching reverse
proxy. This change adds a Rake task that will flush the cache at Fastly
if the API key and Service ID are set in the appropriate environment
variables.
Flushing the cache is not required, so this will not error out if the
environment variables aren't provided; the cache will eventually clear
on its own. This will simply speed along the process as needed.
Signed-off-by: Adam Leff <adam@leff.co>
* Fixed bug with install step where profile would include the .hart
files from previous builds.
* Updated the generated plan to support plan.sh syntax changes in
habitat 0.21.0 and later by removing the `pkg_source` and the
`do_download`, `do_verify`, and `do_unpack` overrides.
* Updated the generate run hook to leverage habitat to perform most of
the origin, package name, and path variable interpolations.
Signed-off-by: Ryan Hass <rhass@users.noreply.github.com>
Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>
check for unset password expiry
Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>
pr changes
Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>
Runtime of `hab pkg exec chef/inspec` changes the path for the inspec
runtime to match that of the inspec hab package. This makes it so tests
which need to execute things like `hab pkg path myorigin/mypath` in the
can profile/test can successfully execute the command.
Signed-off-by: Ryan Hass <rhass@users.noreply.github.com>
InSpec is "appbundled" into the ChefDK which means users can't
simply run `chef gem install inspec` and get an updated InSpec.
`appbundle-updater` exists to combat this and, when run, will
pull the source and install the gem using `rake install`.
In the appbundle-updater config, we'll want to exclude unnecessary
gems from getting installed, such as the "tests" group. Our Rakefile
doesn't work without the "tests" group being installed.
This change makes the Rakefile usuable when the "tests" gems aren't
available.
Signed-off-by: Adam Leff <adam@leff.co>
Even though I couldn't find any docs around include_dir accepting anything other than a string I left the existing functionality alone.
This forces include_dir to check multiple directories as well as single string directories for additional conf files.
Signed-off-by: Elliott Davis <edavis@chef.io>
A new `help matchers` command will provide helpful examples on a few
of the standard matchers: be, cmp, include, etc.
I also cleaned up the formatting of the resources list and provided
better feedback if a user requests help for an unknown resource.
Resolves#1684
Signed-off-by: Adam Leff <adam@leff.co>
Instead of my favorite shortcut of `os.inspec` just finally add it as a global keyword.
Preparation for https://github.com/chef/inspec/issues/1396
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
This is always bothersome when debugging code and drilling down objects, since it will just a return a two-layer anonymous class with no help at all.
Instead print a nice name and even give a bit of information on pretty-printing (which pry does naturally)
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>