* Adds cli options to enable audit log and configure the audit log
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Updated code to validate the audit log options. Audit log options are only valid for inspec exec and inspec shell command as those commands use the backend to execute commands and for file operations
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Updates cli options documentation for audit log options
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Disable audit log in test environment unless and until explicitly --enable-audit-log option is provided in test
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Rename enable-audit-log cli option to disable-audit-log
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* CHEF-8210 Enables feature preview flag for audit logging
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Revert "Disable audit log in test environment unless and until explicitly --enable-audit-log option is provided in test"
This reverts commit 50a42f0b44cf2fde6d927a00e444370cdd288a5d.
* Adds functional test for audit logging feature
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Updates cli doc for audit loggin feature flag
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Debug why audit log functional test fails in ci environment
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Revert "Rename enable-audit-log cli option to disable-audit-log"
This reverts commit d5169ec705.
* Revert "Debug why audit log functional test fails in ci environment"
This reverts commit 6f43898ad0.
* Removes the --enable-audit-log option from cli as feature flag will handle the enabling and disabling of audit log feature. And introduces few code changes after reverting renaming of --enable-audit-log option
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Updates the functional test for audit log
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* REVERT THIS ONCE THE TEST IS GREEN: This is just to test implementation of audit log against the train changes made for audit log
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Removes the right one
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Documentation for inspec audit logging feature
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Renames inspec audit log file
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Edits to audit log docs
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Remove --audit-log-rotation and --audit-log-size option to set from CLI
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Make sure we delete audit log file before running each test
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Appends timestamp and process id to generate audit log file per invocation/execution
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Updates functional test for audit logging feature
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Fix typo in audit logging docs
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Appends the timestamp and process id to user provided audit log file so that unique audit log file created per invocation
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Updates the audit log functional test
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Minor code improvements
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Adds exception class for invalid audit log options
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Revert "REVERT THIS ONCE THE TEST IS GREEN: This is just to test implementation of audit log against the train changes made for audit log"
This reverts commit a66137e70b.
* Upgrade train-core version pinning
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Docs review
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
* Fix titles
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
* Update the signature for features.yaml file
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
---------
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
Co-authored-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Co-authored-by: Ian Maddaus <ian.maddaus@progress.com>
* Updated exec option to allow unsigned profiles run
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Added method to verify signed profile and to check for signed profile
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Invoked logic on each run to verify profiles if signed else raise sig req error
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Tests cases added to validate behaviour of inspec exec with signed and unsigned profiles with --chef-allow-unsigned flag
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Refactored and moved delete_signing_keys to common helper library for tests
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Updated code comments for more information and clarity on security update of signed profiles inspec exec
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Test cases to validate inspec run with combination of signed and unsigned profiles
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Documented usage of flag --chef-allow-unsigned
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Renamed the flag to run unsigned profiles to --allow-unsigned
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Refactored logic on profile level for profile signing verification
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Renaming the argument variable - from runner_call to silent
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Added profile mandate check for other inspec commands running profile evaluation
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Updated error message for profile sign requirement
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Updated test helper to fix inspec json test
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Fixed inspec json ability to use cli options successfully
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Documentation added for signed profiles mandatory usage with CLI commands
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Flow changes of raising exception when unsigned instead of direct exit
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Renamed unsigned profile flags
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Extracted out allow unsigned condition to config and modified comment info
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Doc update on consent of using signed and unsigned profiles
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Fix in signing mandatin check and added additional check on runner for better error UI for exec command
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Removed repeated allow-unsigned-profile defination from exec_options
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Test fixes
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Enabled feature preview flag for mandatory signing
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Test fixes after feature flag usage for mandatory signing
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Doc changes using feature preview flag for mandatory signing feature
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Inspec exec tests fixes for ENV values and parallel test fix using default option --allow-unsigned-profile false
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Kitchen fix while using signed profiles with inspec
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Unit test fix for profile resource exception
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Virtual profile detection improved
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Move mandatory profile sigining info to sigining page
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Renamed flag from --allow-unsigned-profile to --allow-unsigned-profiles
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Typo fix in signing doc
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Trim note in cli.md about mandatory profile signing
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Docs changes
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
* Correct docs regarding exit code 5
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
---------
Signed-off-by: Nik08 <nikita.mathur@progress.com>
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
Co-authored-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Co-authored-by: Ian Maddaus <ian.maddaus@progress.com>
* Convenience method skeleton
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Basic support for a config file
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Add features() array method
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Accept config as an option to with_feature
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Accept logger as an option to with_feature
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Refactor to push code into its own files
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Basic logger integration
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Crude validation of feature names, simply issues a warning log message
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Linting
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Add basic tamperproofing to feature config
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Convenience method skeleton
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Basic support for a config file
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Add features() array method
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Accept config as an option to with_feature
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Accept logger as an option to with_feature
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Refactor to push code into its own files
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Basic logger integration
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Crude validation of feature names, simply issues a warning log message
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Linting
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Add basic tamperproofing to feature config
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* CFINSPEC-464 CLI commands declaration using with_feature functionality (#6263)
* Declared inspec cli commands within feature_with function
Signed-off-by: Nikita Mathur <nikita.mathur@chef.io>
* Added enhanced outcomes, waivers, reporters and streaming reporters within with_feature block
Signed-off-by: Nikita Mathur <nikita.mathur@chef.io>
* Added with_feature declaration for attestations
Signed-off-by: Nikita Mathur <nikita.mathur@chef.io>
Signed-off-by: Nikita Mathur <nikita.mathur@chef.io>
* Update features.yaml signature after adding in new feature flags
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Fix lint
Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
* Resolved undefined method with_feature in reporters.rb
Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
* Fix for features tampered file test failing
Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
* Fixed the failing functional test for junit2: Missing the entry in the features.yaml
Added progress-bar reporter entry in features.yaml
Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Signed-off-by: Nikita Mathur <nikita.mathur@chef.io>
Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
Co-authored-by: Nikita Mathur <Nik08@users.noreply.github.com>
Co-authored-by: Vasu1105 <vasundhara.jagdale@chef.io>
The classes in inspec/object have been moved to the inspec-objects
library. They aren't used directly by Inspec and will be removed in the
next major release.
Signed-off-by: Bryan McLellan <btm@loftninjas.org>
This converts all current deprecation warnings/TODOs to use the
`Inspec.deprecate()` deprecation facility.
This also modifies `Inspec.deprecate()` to only require 1 argument.
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
