Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-12-20 18:13:20 +00:00
Code Issues Projects Releases Packages Wiki Activity
3650 commits 459 branches 1907 tags 77 MiB
Commit graph

1679 commits

Author SHA1 Message Date
Kartik Null Cating-Subramanian
1243d9475d Rubocoooop! 2016-08-25 14:22:15 -04:00
Michał Sochoń
3c106096b9 Update port.rb 2016-08-25 19:57:41 +02:00
Michał Sochoń
8b6107c5b9 Update port.rb 
fix comment section, expand example section
 2016-08-25 17:03:41 +02:00
Steven Danna
fd87b679be Minor refactor of Inspec::Profile#load_checks_params 2016-08-25 14:42:55 +02:00
Steven Danna
6034ece853 Initial control isolation support 
The goal of this change is to provide an isolated view of the available
profiles when the user calls the include_controls or require_controls
APIs.  Namely,

- A profile should only be able to reference profiles that are part of
  its transitive dependency tree. That is, if the dependency tree for a
  profile looks like the following:

  A
  |- B --> C
  |
  |- D --> E

  Then profile B should only be able to see profile C and fail if it
  tries to reference A, D, or E.

- The same profile should be include-able at different versions from
  different parts of the tree without conflict.  That is, if the
  dependency tree for a profile looks like the following:

  A
  |- B --> C@1.0
  |
  |- D --> C@2.0

  Then profile B should see the 1.0 version of C and profile D should
  see the 2.0 profile C with respect to the included controls.

To achieve these goals we:

- Ensure that we construct ProfileContext objects with respect to the
  correct dependencies in Inspec::DSL.

- Provide a method of accessing all transitively defined rules on a
  ProfileContext without pushing all of the rules onto the same global
  namespace.

This does not yet handle attributes or libraries.
 2016-08-25 14:42:55 +02:00
Christoph Hartmann
1300900693 add unit test for local fetcher with windows path support 2016-08-24 16:23:27 +02:00
Annie Hedgpeth
fe5c7c49a4 Attempt at a bug fix to read backslashes as forward slashes in local fetcher 2016-08-24 15:11:20 +02:00
Christoph Hartmann
3182978e85 fix lint 2016-08-24 14:40:26 +02:00
Kartik Null Cating-Subramanian
db032e437e Speed up windows package lookup - maybe 2016-08-24 14:33:56 +02:00
Steven Danna
ed179ac088
Only redirect logging to STDERR if format=json 
Signed-off-by: Steven Danna <steve@chef.io>
 2016-08-24 09:12:59 +01:00
Steven Danna
80fe61b8cd
Expand relative paths based on profile location 
Also: Log to STDERR by default

NB: This will result in absolute paths being rendered to lock files. We
think that is OK for now since we are going to build some UX around
path-based dependencies and lock files.  Namely, we are going to tell
people it is a bad idea.

Signed-off-by: Steven Danna <steve@chef.io>
 2016-08-24 09:12:56 +01:00
Anirudh Gupta
4041f1898e can check windows service startup mode now 2016-08-24 02:01:10 +05:30
username-is-already-taken2
52c52d565f Update host.rb 
Resolved an issue checking ports on windows

The previous version wasn't really checking if a port was accessible as we were only validating if the ping succeeded. Using TcpTestSucceeded to determine if the connection worked or not.
 2016-08-23 17:15:33 +02:00
Steven Danna
366e65b198
Add the start of tests for the Resolver class 
Signed-off-by: Steven Danna <steve@chef.io>
 2016-08-23 14:50:12 +01:00
Steven Danna
d64b72d71d
Replace Molinillo-based resolver 
The Molinillo library is a good library for systems that need a
constraint solver that will solve dependency problems requiring a single
version of each named dependency.

In our case, the eventual goal is to allow libraries to have conflicting
transitive dependencies at runtime. Isolation will be provided by
restricting all calls within a given profile to scope which can only see
that profile's dependencies.

To facilitate working on the isolation feature, I've replaced the
Molinillo-based resolver with a minimal resolver which will allow us to
load multiple versions of the same library.

Since we will likely want a good amount of logging around this feature
in the future, I've added a Inspec::Log singleton-style class, replacing
the previous Inpsec::Log which appeared unused in the code base.

Signed-off-by: Steven Danna <steve@chef.io>
 2016-08-23 14:27:57 +01:00
Steven Danna
d9b6210d30
Remove unused url functions from fetchers 
Signed-off-by: Steven Danna <steve@chef.io>
 2016-08-23 13:54:56 +01:00
Steven Danna
02d611e68c
Add archive_path helper to Tar and Url fetchers 
Eventually I think we'll want this as part of the fetcher API generally.

Signed-off-by: Steven Danna <steve@chef.io>
 2016-08-23 13:54:56 +01:00
Steven Danna
a6ec345eac
Don't set nil cwd in inspec/profile 2016-08-23 13:54:56 +01:00
Steven Danna
3049eb1388
Add comments based on code review and plans for future work 
Signed-off-by: Steven Danna <steve@chef.io>
 2016-08-23 13:54:56 +01:00
Steven Danna
9c1b82e7d4
Add prototype of inspec.lock 
This adds a basic prototype of inspec.lock. When the lockfile exists on
disk, the dependencies tree is constructed using the information in the
lock file rather than using the resolver.

Signed-off-by: Steven Danna <steve@chef.io>
 2016-08-23 13:54:55 +01:00
Christoph Hartmann
13e9a69701 Merge pull request #945 from chef/os_helpers 
Add darwin helper
 2016-08-23 13:55:58 +02:00
Tim Smith
d953986d25 Add darwin helper 
Signed-off-by: Tim Smith <tsmith@chef.io>
 2016-08-23 10:37:52 +02:00
Kartik Null Cating-Subramanian
039c760545 Fixup behavior and add functional tests 2016-08-23 03:07:23 +02:00
Kartik Null Cating-Subramanian
01763d43ed Fix command evaluation for inspec shell -c 2016-08-23 03:07:23 +02:00
Christoph Hartmann
2ac94cb947 0.31.0 2016-08-19 20:05:56 +02:00
Kartik Null Cating-Subramanian
83d9deda4f inspec shell documentation 2016-08-19 19:29:32 +02:00
Kartik Null Cating-Subramanian
33ae22d313 Support controls and describe blocks in InSpec shell 2016-08-19 19:07:23 +02:00
Steven Danna
bde8aa6768 Add basic class descriptions 
Signed-off-by: Steven Danna <steve@chef.io>
 2016-08-19 09:47:40 +02:00
Steven Danna
f97924901e Ensure we expand requirements with respect to cwd 
Signed-off-by: Steven Danna <steve@chef.io>
 2016-08-19 09:47:40 +02:00
Steven Danna
d779dd53ae Move all dependency related classes into inspec/dependencies 
Signed-off-by: Steven Danna <steve@chef.io>
 2016-08-19 09:47:40 +02:00
Steven Danna
2041a08aa2 Fetch deps based on urls 
This extends the dependency feature to include support for url-based
dependencies.  It takes some deviations from the current support for
URLs that we'll likely want to make more consistent.

By default, we store downloaded archives in the cache rather than the
unpacked archive. However, to facilitate debugging, we will prefer the
unpacked archive if we find it in the cache.

Signed-off-by: Steven Danna <steve@chef.io>
 2016-08-19 09:47:40 +02:00
Steven Danna
afc581b613 Cleanup dependency class organization 
- Move classes into their own files
- Remove classes that aren't used

Signed-off-by: Steven Danna <steve@chef.io>
 2016-08-19 09:47:40 +02:00
Christoph Hartmann
af04a0f5ba implement workaround for thor 2016-08-18 20:50:49 +02:00
Victoria Jeffrey
b98c3e243e give accurate information for inspec compliance login --help 2016-08-18 20:00:27 +02:00
Christoph Hartmann
cf784ded7c update exit codes 2016-08-18 19:40:08 +02:00
Victoria Jeffrey
c3d245fafd fail gracefully on inspec compliance profiles when bad token is provided 2016-08-18 19:35:29 +02:00
Victoria Jeffrey
24a2c5c356 return token stored message on login 2016-08-18 16:47:34 +02:00
Christoph Hartmann
502aef54fd use bundler instead of gem, to speed up integration testing for different versions 2016-08-18 16:32:45 +02:00
Steven Danna
34ae3122e9 Fix recursive deps for path-based deps 
Signed-off-by: Steven Danna <steve@chef.io>
 2016-08-18 16:02:16 +02:00
Victoria Jeffrey
bdb1d913d9 Remove false username/passwd msg from inspec compliance login 2016-08-17 17:15:52 +02:00
Victoria Jeffrey
b75b8ab4a9 inspec compliance version fails gracefully when server config info is missing 2016-08-17 17:00:53 +02:00
Christoph Hartmann
96754cac6c fix integration tests for Chef Compliance 2016-08-17 13:51:26 +02:00
Chris Evett
3df98b7a19 add iis_site tests and refactor post code review 2016-08-17 06:57:48 -04:00
Chris Evett
4d63afc1f8 add documentation to resources.rst for iis_site and fix comment 2016-08-17 06:57:48 -04:00
Chris Evett
7f9fbc6cce add iis_site resource 2016-08-17 06:57:48 -04:00
Christoph Hartmann
c23263f3d0 handle xinetd config with only one entry 2016-08-16 17:23:22 +02:00
Steven Danna
b5cd64d16a Ignore comment lines in /etc/passwd 
Most passwd/shadow implementations treat lines that start with '#' as
comments. For example, the implementation in OS X:

     if (buf[0] == '#') {
          /* skip comments for Rhapsody. */
          continue;
     }

https://opensource.apple.com/source/remote_cmds/remote_cmds-41/rpc_yppasswdd.tproj/passwd.c

Fixes #725

Signed-off-by: Steven Danna <steve@chef.io>
 2016-08-16 10:54:52 +02:00
Victoria Jeffrey
6f198f539b cleanup 2016-08-16 10:01:10 +02:00
Victoria Jeffrey
cf771ab967 ssh_config parse should be case insensitive 2016-08-16 10:01:10 +02:00
Dominik Richter
c4282ab6b2 add ssl resource (early access) 2016-08-15 07:49:41 -07:00
Dominik Richter
5f1d83f196 Merge pull request #912 from chef/ap/port-win-process 
Windows ports with pid and process name
 2016-08-12 20:59:28 +02:00
Alex Pop
353dcf10ec make netstat default for getting ports and get only listening ones 2016-08-12 16:02:56 +01:00
Dominik Richter
b8569e6923 0.30.0 2016-08-12 16:23:38 +02:00
Christoph Hartmann
57bdd3464c add feature to fetch children from registry key 2016-08-12 14:51:23 +02:00
Christoph Hartmann
1faa68732e use powershell function for registry key 2016-08-12 14:51:23 +02:00
Christoph Hartmann
571bc14742 support hash params as options for registry key 2016-08-12 14:51:23 +02:00
Dominik Richter
e637067c43 auto-genreate inspec cli docs 2016-08-12 13:40:59 +02:00
Steven Danna
90be4acab1
Fix rubocop violation, lock rack to avoid dependency madness 
Signed-off-by: Steven Danna <steve@chef.io>
 2016-08-11 16:41:05 +01:00
Dominik Richter
cac89dc6dd add missing errors file to collect inspec error classes 2016-08-10 22:41:32 +02:00
Dominik Richter
7e569669aa introduce dependency resolution 
This commit is the foundation of the dependency resolution as described in https://github.com/chef/inspec/issues/888 .

It currently only works with local dependencies, as seen in the example inheritance profile.

Tests and full resolution are coming next on the path to an MVP implementation.
 2016-08-10 22:41:32 +02:00
Steven Danna
c71f5cdb30 Improve detection of postgresql conf dir and data dir 
Redhat conf_dir detection was regressed in 57d7275 which inadvertently
removed the setting of @conf_dir. Any attempt to use the postgres
resource on RHEL would rain an exception:

    inspec> postgres.data_dir
    TypeError: no implicit conversion of nil into String

Further, the redhat detection code appears to assume that RHEL always
uses versioned data directories. This however, does not appear to be the
case:

    $ cat /etc/redhat-release
    CentOS release 6.7 (Final)
    $ sudo ls /var/lib/pgsql/
    backups  data  pgstartup.log

The code now can handle both versioned and un-versioned directory
formats on RHEL. Further, it provides diagnostic warnings about
uncertainty in the discovered data directories and configuration
directories.

Signed-off-by: Steven Danna <steve@chef.io>
 2016-08-10 18:44:15 +02:00
Steven Danna
b4b6792878 Add readline ignore markers to color escape codes in the shell 
Previously, if you typed more than 20 characters at the prompt and
attempted pressed Ctrl+a (readline's "Move to start of line" command),
your prompt would appear at the ~11th character from the start of the
line, unable to go further back.

This was a result readline counting the terminal escape sequences we use
for color output as part of the line.

Wrapping these sequences in \001 and \002 instructs readline to ignore
them when doing calculations regarding line-length, resolving the
problem.
 2016-08-10 14:26:56 +02:00
Steven Danna
afddebaf3f
Add inspec env command to configure shell tab-completion 
This adds a new subcommand:

   inspec env [SHELL]

which outputs a shell-appropriate completion script that the user can
source into their shell:

   eval "$(inspec env SHELL)"

Currently, we provide completions for ZSH and Bash. The completion
scripts are generated from the data Thor collects.

If the user doesn't provide SHELL we attempt to detect what the user's
shell may be using a number of methods.

Signed-off-by: Steven Danna <steve@chef.io>
 2016-08-10 02:07:53 +01:00
Christoph Hartmann
85bba1a809 0.29.0 2016-08-08 13:32:36 +02:00
Dominik Richter
16bd6a14d5 revert control_summary field in output 
(1) The field is not yet optimal, the calculations are great!
(2) Changing this field should go together with all other breaking json changes, especially if https://github.com/chef/inspec/pull/811 results in a change.
 2016-08-08 11:54:27 +02:00
Victoria Jeffrey
6c91183995 count controls in the summary output. Fix #852 2016-08-05 11:43:29 -04:00
Kartik Null Cating-Subramanian
c5556e65f8 Cleanup to fix some formatting. Fix #872 2016-08-05 09:41:47 -04:00
Kartik Null Cating-Subramanian
742037c29d Generate test labels for multi-test controls: Fix #812 2016-08-05 09:41:47 -04:00
Steven Danna
13ebea48e1 Allow port to be specified as a string 
This allows the user to write:

   describe port(22) do
     it { should be_listening }
   end

as well as

   describe port('22') do
     it { should be_listening }
   end

without hitting an error.

Fixes #867

Signed-off-by: Steven Danna <steve@chef.io>
 2016-08-05 14:01:08 +02:00
Christoph Hartmann
b3652bf85d improve code style for parse_config thanks @stevendanna 
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
 2016-08-05 12:29:34 +02:00
Christoph Hartmann
d9a1a500d0 add params and content method to parse_config 2016-08-05 12:13:56 +02:00
Steven Danna
57d7275857
Update inspec for os[:family] change in Train 
Signed-off-by: Steven Danna <steve@chef.io>
 2016-08-04 13:32:35 +01:00
Steven Danna
28946f5fde
Use systemctl's helper command to determine enabled & active status 
The output of `systemctl show SERVICENAME` can be misleading in the
case of non-native services (i.e. services configured via an init script
and integrated with systemd via a shim) or for more sophisticated unit
types.

For example, the UnitFileState of ntp is "bad":

    > systemctl show ntp | grep UnitFileState
    UnitFileState=bad

despite systemd reporting it as enabled:

   > systemctl is-enabled ntp
   ntp.service is not a native service, redirecting to
   systemd-sysv-install
   Executing /lib/systemd/systemd-sysv-install is-enabled ntp
   enabled

Further, the old parsing code would have missed unit files in the
following states that are technically enabled:

   enabled-runtime, indirect, generated, and transient

Using the `is-enabled` commands ensures that we report the same enabled
status that systemd reports, without having to update our own parsing in
the event that new unit states are added. Additionally, as shown above,
it handles the sysv compatibility helper.

Similarly, the is-active helper command ensures that we always report
the same active/not-active status as systemd would natively. For
instance, a quick reading of `src/systemctl/systemctl.c` in the systemd
source shows that systemctl reports units as active if they are in the
state `UNIT_ACTIVE` or `UNIT_RELOADING`.

Fixes #749

Signed-off-by: Steven Danna <steve@chef.io>
 2016-08-03 13:31:09 +01:00
Christoph Hartmann
bd3a7ee7df 0.28.1 2016-08-03 12:56:36 +02:00
Dominik Richter
70dd639471 move base_cli to lib/inspec 
It is not a disconnected library, but a core component of inspec. Fix its location.
 2016-07-26 20:11:25 +02:00
Dominik Richter
69f9c0ff59 fix color code barriers 2016-07-22 12:41:00 +02:00
Dominik Richter
3059a18c56 0.28.0 2016-07-21 15:27:41 +02:00
Dominik Richter
c2f34932ad add port resource for windows 2008 
using `netstat -an`
 2016-07-21 14:58:43 +02:00
Chris Evett
925da00b3d fixing rubocop error 2016-07-17 14:22:04 -04:00
Chris Evett
85988aab9c add mssql resource 2016-07-17 14:18:25 -04:00
Dominik Richter
255d8fcd68 prevent circular loading of resource library 2016-07-16 05:15:23 +02:00
Dominik Richter
b9a2ec9b40 0.27.1 2016-07-15 16:27:14 +02:00
Alex Pop
ba4b9c26c5 fix symbols and strings inconsistency 2016-07-13 11:53:04 +01:00
Patrick Münch
7d986c2d17 FIX #823 wrong postgres path detection 
Signed-off-by: Patrick Münch <patrick.muench1111@gmail.com>
 2016-07-12 19:59:08 +02:00
Christoph Hartmann
c94751fcf9 0.27.0 2016-07-10 21:16:15 -05:00
Dominik Richter
68cf88f701 add suid sgid and sticky support for file resource 2016-07-10 23:08:42 +02:00
Dominik Richter
c6644ebdfe check service running by ActiveState 
See http://unix.stackexchange.com/questions/159174/differences-between-inactive-vs-disabled-and-active-vs-enabled-services
 2016-07-06 12:57:04 +02:00
Christoph Hartmann
8a17cb6b5b update readme for bundles 2016-06-29 08:14:36 +02:00
Dominik Richter
5da73db6a3 api: report source location with field identifiers 
Mixing types in an array without specifying what these fields point to is not just confusing, but also causes issues with endpoints that may consume this data and dont process mixed types. We strive to have a stable api for 1.0 and this is a sin that was left after the major overhaul. Time to fix it.
 2016-06-28 12:03:20 +02:00
Christoph Hartmann
9bdb01f1d5 improve wmi resource 2016-06-19 23:40:45 +02:00
Christoph Hartmann
f87f25fb07 add boolean support for cmp matcher 2016-06-18 20:33:08 +02:00
Dominik Richter
8660d5d81c feedback round with @chris-rock 2016-06-16 20:37:51 +02:00
Dominik Richter
211a2e25fb align inspec detect output 2016-06-16 13:00:09 +02:00
Dominik Richter
0fec9cca13 enhance cli output for inspec check 2016-06-16 13:00:09 +02:00
Christoph Hartmann
e5903679b9 0.26.0 2016-06-16 12:50:48 +02:00
Dominik Richter
e3b20e88b7 provide target info in cli output 2016-06-16 12:26:46 +02:00
Dominik Richter
c34fd350cf multi-profile reporting in cli formatter 2016-06-16 00:08:50 +02:00
Dominik Richter
4fbdee84cf use utf-8 characters for default cli formatter 
see https://github.com/chef/inspec/issues/532
 2016-06-15 19:27:56 +02:00
Stephan Renatus
0a00d21113 integer?("0300") should not be true 2016-06-15 18:34:42 +02:00
Dominik Richter
f93084520f introduce cli report formatter 2016-06-15 17:11:29 +02:00
Christoph Hartmann
2d64face12 0.25.0 2016-06-14 03:16:40 +02:00
Christoph Hartmann
f1faf47112 introduce secrets backend 2016-06-14 02:49:47 +02:00
Christoph Hartmann
c7a49056c4 feature: attribute handling 2016-06-14 02:49:03 +02:00
Dominik Richter
c9403a8d7b 0.24.0 2016-06-03 23:06:51 +02:00
Dominik Richter
2db8d83d56 support intra-libraries file referencing + loading 
solves https://github.com/chef/inspec/issues/779
 2016-06-03 22:54:35 +02:00
Christoph Hartmann
d19dd89c1e 0.23.0 2016-05-31 09:57:15 +02:00
Dominik Richter
302a718b48 list arbitrary ports and query it 
utilizing filter table to make port more flexible and useful.
 2016-05-31 03:14:07 +02:00
Dominik Richter
02dae2c3c5 add simple style for filter table data 
for quick flattening, filtering, and non-nil results. this also simplifies some interal calls and structure
 2016-05-31 03:01:03 +02:00
Christoph Hartmann
9e753a5dbc add helper methods for os resource 2016-05-31 00:01:26 +02:00
Dominik Richter
d6345ffd17 add resource to filter table blocks 
i.e. get access to the original resource for more information and calls.
 2016-05-30 23:31:14 +02:00
Christoph Hartmann
ebf9b95356 0.22.1 2016-05-18 19:04:04 +02:00
Dominik Richter
b54b4309da fix reporter/formatter disagreements 
reporters didnt stick to the formatters that were configured but looked for an old json one. this MR ensures that the formatter that is configured is pulled out to generate the report
 2016-05-18 18:25:41 +02:00
Christoph Hartmann
820a942fa3 0.22.0 2016-05-16 20:12:52 +02:00
Christoph Hartmann
7515b488fd Merge pull request #754 from jeremymv2/sudo_command 
add sudo_command option
 2016-05-16 15:32:29 +02:00
Anirudh Gupta
c9dbbfd5dc modification in command resource example 2016-05-16 11:53:21 +05:30
Jeremy J. Miller
cfcc06a379 fix spelling 2016-05-15 11:04:23 -04:00
Jeremy J. Miller
9795879628 add sudo_command option 2016-05-15 07:22:18 -04:00
Dominik Richter
00921d9f97 0.21.6 2016-05-13 20:51:32 +02:00
Dominik Richter
67f7a5936c catch corner-case with symbols on test-objects 2016-05-13 20:39:17 +02:00
Alex Pop
4241cbf7ce can-t go in else when nil either 2016-05-13 19:22:09 +01:00
Alex Pop
6a9f015527 prevent nil.include? 2016-05-13 19:03:33 +01:00
Dominik Richter
4152101679 0.21.5 2016-05-13 19:29:46 +02:00
Dominik Richter
603e3e21b3 fix construction of ruby objects on string and array handlers 2016-05-13 19:07:43 +02:00
Dominik Richter
b837f8c8ec 0.21.4 2016-05-13 12:58:35 +02:00
Dominik Richter
2323ec52d2 add polyfill for ruby 1.9.3. struct 2016-05-13 11:57:06 +02:00
Dominik Richter
dde4433933 use struct for processes list 
we know all the fields + struct is fully compatible to the curren hash implementation
 2016-05-13 11:22:56 +02:00
Christoph Hartmann
987c42ed99 0.21.3 2016-05-12 00:27:30 +02:00
Christoph Hartmann
f3b41ccea9 deprecate arrray matcher 2016-05-12 00:14:54 +02:00
Christoph Hartmann
1f470971d2 Revert "Add all_match to matchers" 
This reverts commit 29cf4522e4.
 2016-05-11 23:47:24 +02:00
Christoph Hartmann
48d8694789 Revert "fix contain_match, add none_match" 
This reverts commit 54b397f3a5.
 2016-05-11 23:47:24 +02:00
Christoph Hartmann
5939e5b2f9 Merge pull request #739 from chef/ap/port-not-nil 
Return empty array instead of nil for port methods
 2016-05-11 23:32:43 +02:00
Alex Pop
2a9d9b5481 return empty array instead of nil to be .each friendly 2016-05-11 22:21:22 +01:00
Christoph Hartmann
03b1ecfac5 Merge pull request #735 from tpcwang/escape-windows-osenv 
Escape os_env command on Windows to handle env variables containing parentheses.
 2016-05-11 23:09:34 +02:00
Christoph Hartmann
21a91f964c 0.21.2 2016-05-11 14:16:24 +02:00
Alex Pop
54b397f3a5 fix contain_match, add none_match 
update matchers doc and add more integration tests
allow non-string data types and non-arrays
 2016-05-11 12:47:36 +01:00
tpcwang
c8d2991589 Escape os_env command on Windows to handle env variables containing parentheses. 
Update the mock file to match the new command
 2016-05-11 01:09:06 -07:00
Christoph Hartmann
7e514c8735 0.21.1 2016-05-10 22:43:34 +02:00
Christoph Hartmann
9fd9f8aa69 Merge pull request #733 from chef/vj/add-label-for-processes 
Expose label for processes only on linux
 2016-05-10 22:39:02 +02:00
Victoria Jeffrey
1811eb6666 Expose label for processes only on linux 2016-05-10 13:59:13 -04:00
Victoria Jeffrey
29cf4522e4 Add all_match to matchers 2016-05-10 10:00:55 -04:00
Christoph Hartmann
1c2fd97a39 fix: remove non-existent class 2016-05-10 13:18:33 +02:00
Christoph Hartmann
a83088edea 0.21.0 2016-05-10 11:09:57 +02:00
Alex Pop
91b83b45a5 remove redundant space when missing expectation 2016-05-09 15:20:29 +01:00
Alex Pop
9ded3b8835 Provide service params as a mash, empty unless systemd for now 2016-05-09 14:54:09 +02:00
Christoph Hartmann
d2a8ba0022 add human-readable output for detect, as well as a --format json 2016-05-09 13:24:49 +02:00
Dominik Richter
5d925b2851 api: make processes return integers for pid/vsz/rss 2016-05-06 16:49:21 +02:00
Alex Pop
9a83814f35 update mount example with include 2016-05-06 14:27:42 +01:00
Christoph Hartmann
6e93a13000 show error if user is not logged in to compliance server 2016-05-06 13:47:22 +02:00
Alex Pop
c518b9edc2 expose systemd service properties via .info 2016-05-06 13:36:42 +02:00
Christoph Hartmann
8258d111ef rename json to minijson and fulljson to json 2016-05-06 13:27:42 +02:00
Dominik Richter
b14495051a prevent duplicate profile-loading 
this happens when the profile is run (exec) and also interpreted (via profile.params). It will load 2 profile context calls (both via Runner) which in turn gets 2 rounds of interpreter+runner executions. This is an issue with auto-generated IDs, due to their random component, which changes in this case
 2016-05-06 13:14:40 +02:00
Dominik Richter
20d08a63b5 inspec --format [json|fulljson|rspecjson] overhaul 
Full rewrite of all formatters. Create a minimal JSON, a full JSON, and a fallback RSpec formatter. The latter is only needed for corner cases and should not really be used. The former 2 are for (1) running `inspec json` followed by `inspec exec` (`--format json`) and (2) running just `inspec exec --format fulljson`.
 2016-05-06 13:14:40 +02:00
Dominik Richter
a809097d12 simplify full_id generation 2016-05-06 13:14:40 +02:00
Dominik Richter
8ba859fe92 remove legacy global DSL code 2016-05-06 13:14:40 +02:00
Dominik Richter
4d28fd8f31 remove inspec [exec|json|...] --id flag 2016-05-06 13:14:40 +02:00
Dominik Richter
b9543241eb export #tests() from OrTest object 
make these inner tests accessible
 2016-05-06 02:10:33 +02:00
Dominik Richter
67fccc1246 expose deprecated fields in passwd 2016-05-04 15:27:58 +02:00
Dominik Richter
fc718267c4 extend filter table to handle soft variable lookup 2016-05-04 15:27:58 +02:00
Dominik Richter
fb91b788a6 use filtertable with passwd resource 2016-05-04 15:27:58 +02:00
Alex Pop
f78afe0d75 Use only strings in resource examples, docs and tests 2016-05-03 23:27:18 +01:00
Victoria Jeffrey
33e35a1e94 use strings instead of symbols 2016-05-03 15:39:34 -04:00
Anirudh Gupta
738ef69bcf prefixed hpux to cmd file name 2016-05-03 21:38:39 +05:30
Anirudh Gupta
d839f218bf hpux support for basic port properties 2016-05-03 14:30:59 +05:30
Dominik Richter
f30b6fb6f5 bugfix: handle train errors in inspec execution 2016-05-02 08:34:45 -04:00
Alex Pop
e24772e4b7 releasing 0.20.1 2016-04-30 02:02:29 +01:00
Alex Pop
56d856531b support basename parameter and add tests 2016-04-29 13:40:32 -04:00
Dominik Richter
6b5b592c03 0.20.0 2016-04-29 09:13:10 -04:00
Dominik Richter
8ee6a14bc5 validate target backend 2016-04-28 20:44:36 -04:00
Dominik Richter
83b4dfbf4d use the source_path instead of path for file internal reporting 2016-04-28 20:11:21 -04:00
Dominik Richter
3e8974d243 update to new train interface 2016-04-28 19:55:34 -04:00
Alex Pop
3ab53e940d make file resource follow links and provide method to get to the original link object 2016-04-28 19:55:34 -04:00
Christoph Hartmann
46f38b51d0 add integration tests for compliance plugin 2016-04-29 01:12:53 +02:00
Christoph Hartmann
8678ab6625 fix compliance plugin 2016-04-29 00:39:25 +02:00
Dominik Richter
6f612dc948 WIP add block support to where conditionals (1) passwd.users { != 2 } (2) add tests 2016-04-28 23:10:52 +02:00
Dominik Richter
0c8e891ee1 add #entries to filter table + remodel configuration 2016-04-28 22:46:39 +02:00
Dominik Richter
048a1584b9 encapsulated filters 2016-04-28 22:46:39 +02:00
Dominik Richter
652f10ad9a use Inspec::Filter in xinetd resource 2016-04-28 22:46:39 +02:00
Dominik Richter
d86161c616 add general filter utility for resources 2016-04-28 22:46:39 +02:00
Dominik Richter
01caf05020 add cmd for executing calls against the inspec api 2016-04-27 06:31:01 -07:00
Christoph Hartmann
ab9f5f9c1a Merge pull request #682 from Anirudh-Gupta/hpux 
Hpux
 2016-04-27 06:29:05 -07:00
Anirudh Gupta
1330e09df5 added file permission by user check for hp-ux 2016-04-26 14:53:28 +05:30
Christoph Hartmann
2242790528 Merge pull request #678 from Anirudh-Gupta/hpux 
added hpux user and package resource support
 2016-04-25 07:22:19 -05:00
Dominik Richter
d0760662ce bugfix: restore pax_global_header fetcher filter 
The original tests were deactivated. Reactivate and fix the implementation.

TODO: verify that this matches expectations
 2016-04-24 02:38:22 -04:00
Alex Pop
ce7b06da35 releasing inspec 0.19.3 2016-04-22 17:13:04 +01:00
Dominik Richter
bc724c81ff fix legacy supports call 
as reported by Jeremy Miller and Alex Pop
 2016-04-22 11:15:57 -04:00
Anirudh Gupta
75534fdaa5 added hpux user and package resource support 2016-04-21 14:01:56 +05:30
Dominik Richter
3778f7968e v0.19.2 2016-04-21 02:30:42 -04:00
Alex Pop
1254bce74f keeping rubocop happy 2016-04-20 12:03:20 -04:00
Alex Pop
0b1c37362b fix indenting for loops and or 2016-04-20 12:03:20 -04:00
Alex Pop
9f156bb36b update file resource example to use cmd matcher for better failure output in octal 2016-04-20 11:57:34 -04:00
Alex Pop
7a3b4736b8 fix the shadow password example now that cmp can handle arrays 2016-04-20 11:57:34 -04:00
Alex Pop
b38e71b6f2 allow integers to be cmp regexed 2016-04-20 11:57:31 -04:00
Dominik Richter
9b199c9223 add regexp to cmp matcher 
i.e. `123 should { cmp /2+/ }`
 2016-04-20 11:57:31 -04:00
Dominik Richter
07f17a3f8d bugfix: fix formatting of cmp expectations 
E.g. for regex it will print a very cryptic `(?-mix:123)` for `/123/` instead of the pure regex
 2016-04-20 02:11:00 -04:00
Dominik Richter
9da23f9cbc remodel bash and shell wrappers 2016-04-18 11:48:42 -04:00
Stephan Renatus
f7272f746c 0.19.1 2016-04-18 11:39:52 +02:00
Dominik Richter
0631779412 configure command execution shells to sh/bash/zsh 2016-04-18 01:09:37 -04:00
Dominik Richter
fa6143d6d4 be descriptive on shadow.entries 
When used in combination: `shadow[.filter(...)].entries.each { |entry| ... }`, these entries would not  be very descriptive at all. You would basically only retrieve the full filter chain e.g. 20 times, without any information about what entry you are currently looking at. This fixes it, by providing the entry identified by the user name
 2016-04-17 19:12:14 -04:00
Dominik Richter
0cb03e8726 bugfix: print cmp expectations 2016-04-17 18:50:21 -04:00
Dominik Richter
53f855e681 0.19.0 2016-04-17 14:19:37 -04:00
Thomas Cate
e6d98968c9 first pass at working legacy-grub/grub2 config 2016-04-17 10:46:35 -04:00
Thomas Cate
0f8aff0b91 added default and per kernel checking 2016-04-17 10:46:35 -04:00
Thomas Cate
3051ead64d added tests for grub_conf resource 2016-04-17 10:46:29 -04:00
Thomas Cate
19333f0ece handle unsupported OSs 2016-04-17 10:46:29 -04:00
Thomas Cate
1b1690a3e3 improve examples 2016-04-17 10:46:29 -04:00
Thomas Cate
3559ba4aeb convert single entry arrays to strings 2016-04-17 10:46:24 -04:00
Thomas Cate
fc811518e8 remove troubleshooting output 2016-04-17 10:45:22 -04:00
Thomas Cate
96536db318 first pass at a grub_config resource 2016-04-17 10:45:22 -04:00
Dominik Richter
2a0ccbfd76 fail on unsupported os/platform 2016-04-17 00:04:37 -04:00
Dominik Richter
ebd094fbb0 bugfix: rspec world handling on rspec 3.5 
This accessor is designed to work with rspec 3.0 - 3.5 (and potentially up).
 2016-04-16 20:33:01 -04:00
Christoph Hartmann
27357c8630 update documentation for json resource 2016-04-16 20:16:32 -04:00
Dominik Richter
f54195408f simplify key symbolization in metadata 2016-04-16 18:47:59 -04:00
Dominik Richter
14995534cd skip profiles if the platform isnt supported 2016-04-16 15:34:23 -04:00
Dominik Richter
a1188b26ce add supports_runtime? to metadata 2016-04-16 15:25:59 -04:00
Dominik Richter
5d58fa267b feature: cmp < / > / <= / >= / == / != sth matcher 2016-04-15 19:19:15 -04:00
Alex Pop
dec217a8ce prevent its(:to_i) from generated tests 2016-04-15 01:03:39 -04:00
Satish Puranam
07315ce5d2 Cleanup code meet lint guidelines 2016-04-14 13:39:03 -04:00
Satish Puranam
b0bc88f637 Cleanup, remove redundant checking of os family 2016-04-13 19:08:14 -04:00
Satish Puranam
81029274e2 Add support suse 11 to service resource 2016-04-13 18:24:26 -04:00
Christoph Hartmann
3007aef248 add function tests for compliance command 2016-04-13 16:55:14 -04:00
Christoph Hartmann
07c359431f fix: make the plugin compatible with all versions of chef compliance 2016-04-13 16:27:57 -04:00
Christoph Hartmann
01bec4cd1e merge cli commands login, api_token and token to login 2016-04-13 16:27:57 -04:00
Stephan Renatus
54db2625eb inspec-compliance: restore compat with pre-1.0 2016-04-13 16:27:57 -04:00
Stephan Renatus
71e1372b5e fix rubocop 2016-04-13 16:27:57 -04:00
Stephan Renatus
4004dfbb3c inspec-compliance: update README 2016-04-13 16:27:57 -04:00
Stephan Renatus
7b740a2f9d inspec-compliance: style 2016-04-13 16:27:57 -04:00
Stephan Renatus
e0bd2bb595 inspec-compliance: work with compliance 1.0 2016-04-13 16:27:57 -04:00
Jacob McCann
9dbf5354e5 Add 'static' value as enabled to systemd service enabled check 2016-04-13 14:44:28 -05:00
Dominik Richter
046e6ce501 bugfix: non-profile execution with json formatter 2016-04-11 11:17:26 -04:00
Dominik Richter
9f8fe7f4b0 0.18.0 2016-04-09 16:10:13 +02:00
Dominik Richter
fb54c4ea24 api: inspec.yml supports now adds tests w/o running 
Instead of just removing all tests because of OS support, supports now acts by adding all tests to the execution context, but doesnt actually execute them. Instead tests are set to skip before they get to the actual execution context
 2016-04-06 11:28:52 +02:00
Dominik Richter
c55fb0b587 prevent only_ifs from getting overwritten 2016-04-06 10:46:36 +02:00
Dominik Richter
a72fee6623 add only_if for controls 2016-04-06 10:46:36 +02:00
Dominik Richter
c73afd4c1c overhault rule/control internals 
instead of keeping them as flat variables, prefix all internals with `__` to create consistency. Also add accessors on the class-level to expose these values in all rules. This way we keep all variable-names in one location and get some safety on access.
 2016-04-06 10:46:36 +02:00
Dominik Richter
598e8be07f don't remove controls with only_if 
instead mark them as skipped, but don't just remove them.

This also introduced a number of tests around only_if on the global level
 2016-04-06 10:15:53 +02:00
Dominik Richter
0cffb21b97 0.17.1 2016-03-31 20:06:02 +01:00
Dominik Richter
8150a67e4a add inspec objects (not exposed by default) 2016-03-31 19:50:44 +01:00
Dominik Richter
f845a16442 0.17.0 2016-03-31 14:23:07 +02:00
Christoph Hartmann
6fba237848 Merge pull request #580 from mulesoft-ops/amazon-linux-support 
Amazon linux support for service resource
 2016-03-31 09:55:36 +01:00
Dominik Richter
419b6a087c add file uid and gid accessors 2016-03-31 02:23:30 +02:00
Dominik Richter
2cad553de8 add advanced passwd filters (experimental) 2016-03-31 02:03:20 +02:00
Joshua Bussdieker
7a185f02dc Amazon linux support for service resource 2016-03-29 08:32:50 -07:00
Julian Tabel
bd594f3608 added apipath cli option to inspec compliance with default to /api 2016-03-29 10:49:48 +02:00
Christoph Hartmann
ca0506b6a3 eases the removal of leading and trailing whitespace for powershell and vbscript 2016-03-26 22:25:53 +01:00
Dominik Richter
41fb327e20 0.16.4 2016-03-25 14:25:44 +01:00
Dominik Richter
ee170cc526 support --controls for json 2016-03-25 01:58:59 +01:00
Stephan Renatus
be93f25e6e inspec-compliance: url_encode profile names 2016-03-24 23:47:41 +01:00
Dominik Richter
856460054f dont fail with stacktrace on connection errors 2016-03-24 23:24:58 +01:00
Alex Pop
3c3d711dfd bugfix: fix rare inspec shell missing all resources 
In some instances, when running inspec shell, you dont get any resources inside of it. i.e. `inspec shell` and then `os` will lead to

```ruby
NameError: undefined local variable or method `os' for
from (pry):1:in `add_content'
```

This is because of instance_eval loading withing the given source/line
information and not attaching to the profile context which actually has
all the resources. Fix it by making sure that inspec shell always
attaches to the profile context with resources by providing nil for
source and line information.
 2016-03-24 20:37:46 +01:00
Stephan Renatus
d91bce0a20 0.16.3 2016-03-23 16:49:27 +01:00
Stephan Renatus
f19b3f632f inspec-compliance: fix upload of profiles 2016-03-23 16:13:23 +01:00
Dominik Richter
8d524630c3 0.16.2 2016-03-22 20:30:21 +01:00
Dominik Richter
c5f0d11e4c bugfix: dont crash on read_file contents in parse_config 2016-03-22 18:42:50 +01:00
Dominik Richter
cd031607c1 0.16.1 2016-03-22 12:57:45 +01:00
Christoph Hartmann
cd57b26bd0 wmi unit test 2016-03-20 11:53:56 +01:00
Christoph Hartmann
f97301882e add namespace for wmi resource 2016-03-20 11:53:56 +01:00
Christoph Hartmann
67251d2982 implement object traversal for wmi object, make namespace and filter optional 2016-03-20 11:53:56 +01:00
Christoph Hartmann
d045927d28 add wmi resource 2016-03-20 11:53:56 +01:00
Christoph Hartmann
849c23d0aa remove comments from ps script and remove tmp vb script after execution 2016-03-19 19:04:31 +01:00
Christoph Hartmann
6d53e43e7d add vbscript resource 2016-03-19 19:04:31 +01:00
Christoph Hartmann
f50255486b add support for addresses in port resource 2016-03-19 11:48:14 +01:00
Dominik Richter
eecf62643a 0.16.0 2016-03-19 11:13:32 +01:00
Dominik Richter
a9632d53d4 fix inspec shell and continuously test it 2016-03-19 09:13:23 +01:00
Christoph Hartmann
e2466d0dbb rename script to powershell 2016-03-18 15:41:54 +01:00
Dominik Richter
d41d6ef4e0 add metadata from profile to summary 2016-03-18 02:42:53 +01:00
Dominik Richter
040b2eac8e add --format fulljson formatter 2016-03-18 02:42:53 +01:00
Dominik Richter
76fe4483d4 feature: add tags and refs 2016-03-18 01:42:26 +01:00
Dominik Richter
b7e438eabc add a mock fetcher 2016-03-17 23:37:09 +01:00
Dominik Richter
c1d2da5bf3 ensure fetchers test against strings 2016-03-17 23:37:09 +01:00
Adam Leff
0acd926dbd adding named resource registry classes 2016-03-17 15:58:20 +01:00
Dominik Richter
4676b5eedd dont generate pretty json by default 
we have jq for that!
 2016-03-17 15:41:57 +01:00
Victoria Jeffrey
08616f50d0 Add title, description, code, and source_location to example metadata 2016-03-17 15:22:57 +01:00
Dominik Richter
16c3c00482 bugfix: prevent duplicate loading of library files 2016-03-17 14:43:52 +01:00
Dominik Richter
f7c2fa4392 functional tests for inspec detect + version + exec 2016-03-17 10:21:38 +01:00
Dominik Richter
0218f1f3ca feature: --output on archive 2016-03-17 10:21:38 +01:00
Dominik Richter
e3991a2025 bugfix: inspec archive with profile path for inheritance 2016-03-16 20:32:02 +01:00
Dominik Richter
641572ec7f move CLI components to lib/inspec/cli 
This makes it easier for other applications to include this component. require from bin/inspec just doesnt behave (or needs workarounds)
 2016-03-16 08:17:04 +01:00
Victoria Jeffrey
7f27c33e1f add output stream to rspec configuration 2016-03-09 15:12:22 +01:00
Dominik Richter
f94330154e 0.15.0 2016-03-09 10:58:21 +01:00
Dominik Richter
24ffdf0478 descope calls to global File 
This is just for simplicity. I expect other users to make the same mistake when using it, so I would rather our tests crash if we have this type of conflict again and prevent it in the first place. Renaming File to FileResource should take care of all important places
 2016-03-09 10:48:54 +01:00
Dominik Richter
844580074d rename internal OS -> OSResource 2016-03-09 10:48:54 +01:00
Dominik Richter
387415859e rename internal File -> FileResource 2016-03-09 10:48:48 +01:00
Dominik Richter
9cb2bc5dec Merge pull request #526 from chef/adamleff/resource-namespace 
Placing all resources in the Inspec::Resources namespace
 2016-03-09 10:29:11 +01:00
Adam Leff
577688a3a0 Placing all resources in the Inspec::Resources namespace 
Many of the resources are named as a top-level class with a fairly generic class name, such as "OS". This causes an issue specifically with kitchen-google which depends on a gem which depends on the "os" gem which itself defines an OS class with a different superclass. This prevents users from using TK, Google Compute, and Inspec without this fix.

Some mocked commands had their digest changed as well due to the new indentation, specifically in the User and RegistryKey classes.

I strongly recommend viewing this diff with `git diff --ignore-space-change`
to see the *real* changes. :)
 2016-03-08 13:40:16 -05:00
Dominik Richter
e89738c5f7 0.14.9 2016-03-08 17:52:55 +01:00
Dominik Richter
ccf2694940 bugfix: inheritance of local profiles 2016-03-08 14:59:14 +01:00
Dominik Richter
90f2212ed5 add color output + make default 2016-03-07 22:21:31 +01:00
Dominik Richter
b831b62a90 make controls selectable 2016-03-06 23:54:28 +01:00
Dominik Richter
f6bd7ed3b8 unify exec options 2016-03-06 15:07:12 +01:00
Dominik Richter
ae08fe2f84 0.14.8 2016-03-04 16:50:51 +01:00
Dominik Richter
903b0597d9 expose control impacts in json 2016-03-04 16:30:10 +01:00
Christoph Hartmann
53a2333c20 0.14.7 2016-03-01 21:33:03 +01:00
Christoph Hartmann
d4554771da adds a insecure option for the compliance plugin to work with self-signed ssl 2016-03-01 20:51:23 +01:00
Christoph Hartmann
9605cfe3e8 0.14.6 2016-03-01 17:04:25 +01:00
Christoph Hartmann
bc2cde6b29 make supermarket command more robust 2016-03-01 13:26:36 +01:00
Alex Pop
051ac89376 make PROFILE required and update usage info 2016-03-01 10:27:22 +00:00
Christoph Hartmann
acdae94201 add missing supermarket loader 2016-02-29 19:28:53 +01:00
Christoph Hartmann
593df248b4 0.14.5 2016-02-29 13:47:55 +01:00
Dominik Richter
9449afcb3d 0.14.4 2016-02-26 17:42:06 +01:00
Dominik Richter
7cdb710e5e dont crash on empty metadata during finalize 2016-02-26 16:56:36 +01:00
Dominik Richter
e617f74bcd filter xinetd fields by regex 2016-02-26 14:46:51 +01:00
Dominik Richter
4a39275fc0 add xinetd_conf resource 2016-02-26 13:19:16 +01:00
Dominik Richter
3ae50adae9 feature: conditional OR via describe.one 
```
describe.one do
  describe command("uname -r").stdout do
    it { should_not match /x86_64/ }
  end
  describe test_sth_for_x64_processors do
    ...
  end
end
```
 2016-02-25 14:30:23 +01:00
Dominik Richter
4020229914 bugfix: standalone describe without block 
i.e. make sure it doesnt crash just because no block was given due to source/line detection.

also return the result of the rule's delegated describe call and not the rule itself to the outer method. this is for consistency (and the following commits)
 2016-02-25 11:03:53 +01:00
Dominik Richter
78d119beaf 0.14.3 2016-02-24 17:11:41 +01:00
Dominik Richter
40b3af86f8 bugfix: catch fetcher.abs_path(nil) 2016-02-24 16:07:00 +01:00
Dominik Richter
b75ba7d345 throw fetcher and reader errors in profile detection 2016-02-24 15:55:47 +01:00
Christoph Hartmann
681f817992 enable cmp matcher to catch the case where expected is a number string, and actual is a number 2016-02-23 22:18:16 +01:00
Dominik Richter
47b0d97313 0.14.2 2016-02-22 21:20:56 +01:00
Christoph Hartmann
9ea68471e5 fix cc upload 2016-02-22 21:14:50 +01:00
Dominik Richter
926023de91 load plugins in the same gem installation 2016-02-22 21:01:07 +01:00
Christoph Hartmann
a31da47791 0.14.1 2016-02-22 18:47:37 +01:00
Christoph Hartmann
0c02a30dc5 ignore pax_global_header as valid file 2016-02-22 18:16:07 +01:00
Dominik Richter
7c377a0ab0 0.14.0 2016-02-22 12:53:27 +01:00
Stephan Renatus
01d7d5bf8a fetchers/tar: slight simplification 2016-02-22 12:06:42 +01:00
Stephan Renatus
356995bd7b plugins/fetcher: remove attr_reader shadowing 2016-02-22 12:06:42 +01:00
Dominik Richter
33b2876d7c fix tests and lint 2016-02-22 12:06:42 +01:00
Dominik Richter
d44af5dcc7 bugfix: dont set ID for profile params too early 2016-02-22 12:06:42 +01:00
Dominik Richter
37ec3cf6f2 migrate load-path hooking for legacy modes 2016-02-22 12:06:42 +01:00
Dominik Richter
d065794d96 remove old target interface 2016-02-22 12:06:42 +01:00
Dominik Richter
82195d82d6 make url fetcher less restrictive on file-endings 2016-02-22 12:06:42 +01:00
Dominik Richter
5cabb7d273 migrate inspec-supermarket target to fetcher 2016-02-22 12:06:37 +01:00
Dominik Richter
9c3f336d06 migrate inspec-compliance target to fetcher 2016-02-22 11:24:36 +01:00
Dominik Richter
e4c3c9370b fix detection with new profile/runner scheme 2016-02-22 11:24:36 +01:00
Dominik Richter
07ae2afd3b bugfix: generate archive in current folder 
instead of e.g. the rubygems location somewhere on the system
 2016-02-22 11:24:36 +01:00
Dominik Richter
1e1e473cb0 replace target-helper with fetcher+reader 2016-02-22 11:24:35 +01:00
Dominik Richter
202a781f6a fail on incorrect metadata of url download 2016-02-22 11:24:35 +01:00
Dominik Richter
c79d9f7777 add flat source reader 2016-02-22 11:24:35 +01:00
Dominik Richter
c9d1272f49 add relative fetcher 
This helps reduce any folder structures, weather on disk or in archives, to their relative root paths; i.e. ignore all file-prefixes that are given and go directly to the underlying files, relative to the common folders that contain it
 2016-02-22 11:24:35 +01:00
Dominik Richter
f023d02bbb add inspec source reader 2016-02-22 11:24:35 +01:00
Dominik Richter
125ee53041 create source_reader plugin structure 2016-02-22 11:24:35 +01:00
Dominik Richter
1825fd1fef separate reusable plugin registry with sorting 2016-02-22 11:24:35 +01:00
Dominik Richter
d293550375 chain fetchers together 2016-02-22 11:24:35 +01:00
Dominik Richter
7b073fe153 add url fetcher 2016-02-22 11:24:35 +01:00
Dominik Richter
4e830ffc24 add tar fetcher 2016-02-22 11:24:35 +01:00
Dominik Richter
1c29667523 add zip fetcher 2016-02-22 11:24:35 +01:00
Dominik Richter
a83e29cc01 add local fetcher 2016-02-22 11:24:35 +01:00
Dominik Richter
27f7aa7796 create new fetcher system 2016-02-22 11:24:35 +01:00
Dominik Richter
ee82c3a2ff bugfix: handle edge-cases in upstart service 
e.g. when a service could not be found and command outputs become empty / matchers dont hit'
 2016-02-22 09:52:16 +01:00
Dominik Richter
1147d30679 bugfix: make sure version is always a string 2016-02-22 09:26:48 +01:00
Dominik Richter
c7312be8ec force encoding to utf-8 2016-02-22 05:18:41 +01:00
Christoph Hartmann
e466ec4e90 0.13.0 2016-02-19 14:50:03 +01:00
Dominik Richter
1e096c7181 add shadow resource for /etc/shadow 2016-02-19 14:26:04 +01:00
Christoph Hartmann
3f6b89e24d extend github url support 2016-02-19 09:12:25 +01:00
Christoph Hartmann
3a2488cade fix mime-type map 2016-02-19 09:11:38 +01:00
Christoph Hartmann
9e2dc30fb5 minor typo fix 2016-02-18 21:12:25 +01:00
Dominik Richter
1fa957c8ca ensure deprecated methods still work 2016-02-18 16:25:02 +01:00
Dominik Richter
83fcc35d2a expose all fields + deprecate singular accessors 2016-02-18 16:10:42 +01:00
Dominik Richter
d9427b3aac add filter to passwd 2016-02-18 16:10:42 +01:00
Christoph Hartmann
26276ca991 use ruby zip and tar for unit tests 2016-02-18 14:27:16 +01:00
Dominik Richter
17d4e1dc3c simplify url-construction of inspec-compliance 2016-02-18 14:25:55 +01:00
Dominik Richter
b872c04616 bugfix: url helper loading zip and tar 2016-02-18 14:25:55 +01:00
Dominik Richter
6bc57b2d92 bugfix: stop reading fro mzip when file is found 2016-02-18 14:25:55 +01:00
Dominik Richter
03bf732d82 add cmp for Arrays 2016-02-18 13:58:37 +01:00
Dominik Richter
2bbbb29a9b simplify cmp matcher checks 2016-02-18 12:07:40 +01:00
Stephan Renatus
453cd420fb fix service_ctl override logic 2016-02-17 12:55:09 +01:00
Stephan Renatus
d2469d9519 inspec-compliance: ensure file permissions when saving config 2016-02-17 10:46:06 +01:00
Dominik Richter
294db6744f 0.12.0 2016-02-15 11:54:14 +01:00
Christoph Hartmann
96d02ba4a2 add inspec profile as example 2016-02-14 21:27:40 +01:00
Christoph Hartmann
b967af3c89 rename generate to init 2016-02-14 21:26:37 +01:00
Christoph Hartmann
f281f9c351 implement generate cli command 2016-02-14 19:38:58 +01:00
Dominik Richter
36cbafc438 add runlevel helper object to services 2016-02-14 18:23:58 +01:00
Dominik Richter
0934948a1a support runlevels for system V + service matching 
Bugfix: there were services that would get matched because of the way the regex was constructed, i.e. if the user inserted `.` or `*` or anything regexy. Even if the service only had part of the name you were interested in, it would match (e.g. `sshd` would find `my_sshdaemon`).

Apart from this, runlevels are now detected for SystemV. This is exposed in `#info`
 2016-02-13 02:11:51 +01:00
Dominik Richter
2426d30870 bugfix: verify the resolver type first 2016-02-11 15:40:35 +01:00
Dominik Richter
137bee74ca add content resolver to dir helper 2016-02-10 23:46:55 +01:00
Dominik Richter
3efd0961f0 make sure archive resolvers return one file only 2016-02-10 22:49:51 +01:00
Dominik Richter
19a0a18db1 sync archive+tar+zip helpers to new dir-resolver 2016-02-10 22:30:13 +01:00
Dominik Richter
6bd757c585 improve documentation on target resolvers 2016-02-10 20:36:54 +01:00
Dominik Richter
d272024b01 rework resolver connection 
I.e. we want to get access to the actual directory handler, with full exposure of the underlying directory resolver. e.g. Get the InspecProfileDirectory handler (which provides access to tests, metadata, libraries), but be able to get all data with that alone (e.g. an ArchiveHelper for ZIP which reads all files/folders from zip)
 2016-02-10 20:36:43 +01:00
Dominik Richter
293b1a4c25 unify all directory resolvers 2016-02-10 12:20:28 +01:00
Dominik Richter
2d92e164c2 create plugin interface for directory resolvers 2016-02-10 11:15:08 +01:00
Stephan Renatus
ac2584f51d iptables: strip lines if iptables -S output 
As it turns out, some of the lines on CentOS 6 had a trailing space in it.

Fixes #420.
 2016-02-10 09:57:32 +01:00
Stephan Renatus
cdad6e63c3 iptables: some simplifications 2016-02-10 09:57:32 +01:00
Dominik Richter
d55aeddbdf 0.11.0 2016-02-09 17:54:38 +01:00
Christoph Hartmann
0f14ebb1d1 simplify value extraction for apache resource without any magic 2016-02-09 17:35:33 +01:00
Christoph Hartmann
a3eda1fcee implement method missing for apache_conf resource 2016-02-09 17:35:33 +01:00
Christoph Hartmann
796af68a69 Fix supermarket cli registration 2016-02-09 15:22:29 +01:00
Dominik Richter
971d651551 change version constraints 
Move to a more mathematical representation of version numbers comparisons. The existing one is semantically correct, but may lead to slight confusion.
 2016-02-09 11:51:52 +01:00
Stephan Renatus
e5b88fc486 auditd_rules: suppress warning for centos 5; improve docs wording 2016-02-09 11:51:52 +01:00
Stephan Renatus
405b3e3fa4 rubocop fixes 2016-02-09 11:51:52 +01:00
Stephan Renatus
4b6eced92a auditd_rules: access by key, tests + documentation 2016-02-09 11:51:52 +01:00
Stephan Renatus
cd5f47ed33 auditd_rules: unit tests, meet the real world 2016-02-09 11:51:52 +01:00
Stephan Renatus
664561aa80 auditd_rules: status querying (old/new) and unit tests 
TODO: unit tests for the legacy format
 2016-02-09 11:51:52 +01:00
Stephan Renatus
57db5a9414 unit test FilterArray, make retrieved values unique 2016-02-09 11:51:52 +01:00
Stephan Renatus
5270f21da9 move FilterArray to utils, add retrieving values 2016-02-09 11:51:52 +01:00
Stephan Renatus
4afb22565e auditd_rules: teach old dog new tricks 2016-02-09 11:51:52 +01:00
Stephan Renatus
2afc29e48f auditd_rules: stash legacy behaviour away 2016-02-09 11:51:52 +01:00
Dominik Richter
0421b6dc1a exit early 2016-02-09 11:04:50 +01:00
Dominik Richter
c966e94835 typos 2016-02-09 11:04:34 +01:00
Dominik Richter
e56321f6c7 semantics: rename CLI plugins registry -> subcommands 
Basically make sure everyone understands these are only subcommands. we might consider adding plugins for options or existing commands instead of new subcommands. this just ensures everyone knows what registry is for
 2016-02-09 01:20:38 +01:00
Dominik Richter
7ccf0fa364 avoid automatic plugin loading throughout the library 
only load plugins through the binary, never through the library. This avoids issue we have in accidentally loading plugins in tests and integration work. They should only be loaded when users request them.
 2016-02-09 00:55:02 +01:00
Dominik Richter
1ae0bc2e60 clarify the role of the plugin API at the moment 2016-02-09 00:25:25 +01:00
Christoph Hartmann
b33129fbf5 implement supermarket extension 2016-02-08 20:06:07 +01:00
Dominik Richter
dc028a3877 fix loading order of plugins 2016-02-07 23:47:10 +01:00
Christoph Hartmann
c6c9d0278c 0.10.1 2016-02-05 18:52:44 +01:00
Dominik Richter
bb264897f4 wrap basecli in inspec module 
Take care of a rare error which has Inspec undefined
 2016-02-05 18:25:40 +01:00
Christoph Hartmann
be7aa8f0c4 0.10.0 2016-02-05 17:18:07 +01:00
Christoph Hartmann
b7a88dbd7a fix linting and unit test 2016-02-05 16:57:51 +01:00
Christoph Hartmann
f826c07af5 minor improvements 2016-02-05 14:55:12 +01:00
Christoph Hartmann
7e88f56917 move plugin to bundles 2016-02-05 14:48:55 +01:00
Christoph Hartmann
a55a4869d9 extract base cli class 2016-02-05 14:20:32 +01:00
Christoph Hartmann
7494854c60 implement profile upload 2016-02-05 14:18:05 +01:00
Christoph Hartmann
368f6ed56a refactor compliance plugin 2016-02-05 14:18:05 +01:00
Christoph Hartmann
2cb3d6f90f bugfix: rescue url error in url target helper 2016-02-05 14:15:57 +01:00
Christoph Hartmann
6c1b9fff9d do not try to load a profile if we have no token available 2016-02-05 14:15:57 +01:00
Christoph Hartmann
7f57b12258 refactor cli 2016-02-05 14:15:57 +01:00
Christoph Hartmann
823e30e9cf re-introduce compliance exec 2016-02-05 14:14:34 +01:00
Christoph Hartmann
0958327f06 improve url target helper, match github url with trailing / 2016-02-05 14:14:34 +01:00
Christoph Hartmann
6cf8ecf304 add target helper for compliance plugin, extract API methods from CLI 2016-02-05 14:14:34 +01:00
Christoph Hartmann
0b59dab9ea initial version of compliance plugin 2016-02-05 14:13:22 +01:00
Christoph Hartmann
bab7eb1986 improve styling 2016-02-05 14:06:55 +01:00
Christoph Hartmann
589db0bcd0 add registry for cli plugins 2016-02-05 14:06:55 +01:00
Stephan Renatus
f63a8ad1d5 upstart_service: add version fallback, fix regexp 
before this regexp change, a service called "running" (hello integration
tests) would always be "running" ;)
 2016-02-05 13:49:18 +01:00
Christoph Hartmann
e6ff20f91e add metadata warnings in structured hash 2016-02-04 18:46:11 +01:00
Christoph Hartmann
d7cb5a9ae0 adapt unit tests 2016-02-04 18:05:40 +01:00
Christoph Hartmann
ea63a39b40 improve code style 2016-02-04 17:01:38 +01:00
Christoph Hartmann
14a3100e41 simplify result value from profile check 2016-02-04 16:47:33 +01:00
Christoph Hartmann
7e19c5eec6 fix ignore errors option use in archive method 2016-02-04 16:41:59 +01:00
Christoph Hartmann
1796c3271b generate hash output for check and use it in inspec cli 2016-02-04 16:41:14 +01:00
Christoph Hartmann
6b7e5818fb expose source location in rule 2016-02-04 16:38:57 +01:00
Christoph Hartmann
d50b634879 bugfix: fix control tests 2016-02-04 16:38:57 +01:00
Christoph Hartmann
826d059b19 optimize json logger for line delimited JSON 2016-02-04 16:38:57 +01:00
Christoph Hartmann
907a4e1f33 add json stream logger for inspec check 2016-02-04 16:38:57 +01:00
Dominik Richter
ecb78e3a19 establish plugin loading dock 2016-02-04 14:43:51 +01:00
Stephan Renatus
e8c7452acf Inspec::Profile: document that it always reads with ignore_supports 2016-02-03 16:47:52 +01:00
Stephan Renatus
828d6ad443 Inspec::Profile fix @metadata 2016-02-03 16:47:49 +01:00
Stephan Renatus
cc60fa1e23 tar/zip: return empty-string if an entry is empty; zip: return ref 2016-02-03 14:38:46 +01:00
Stephan Renatus
1510f330a9 read and return metadata from archives, too 
Note that this adds `ref: some/where/in/tarball/file` to the file
contents hash; it wasn't there before but it may be useful for error
reporting nonetheless.
 2016-02-03 14:38:46 +01:00
Stephan Renatus
f335865377 WIP: kill all the checks that fail with tarballs. 
current output:

    $ inspec check test/unit/mock/profiles/complete-profile.tgz
    I, [2016-02-03T10:22:21.377650 #13207]  INFO -- : Checking profile in test/unit/mock/profiles/complete-profile.tgz
    I, [2016-02-03T10:22:21.377745 #13207]  INFO -- : Found 1 rules.
    I, [2016-02-03T10:22:21.377771 #13207]  INFO -- : Rule definitions OK.
 2016-02-03 14:38:46 +01:00
Stephan Renatus
889be88543 remove stray require 2016-02-03 14:04:55 +01:00
Stephan Renatus
79d171fb2c rubocop 2016-02-03 14:04:55 +01:00
Stephan Renatus
45f0cbff03 inspec/rspec: decouple reporting and formatting 
If reporting is requested, register a "reporting formatter", i.e.,
Inspec::RSpecReporter, that does the same things JsonFormatter does, but
suppresses output.

When the report is then requested, it returns the output hash that
JsonFormatter aggregates.
 2016-02-03 14:04:55 +01:00
Stephan Renatus
6789e089d7 Inspec::Runner: provide a report 2016-02-03 14:04:55 +01:00
Stephan Renatus
ff682532cf fix warning in #find_files[_or_error] 2016-02-01 16:32:47 +01:00
Dominik Richter
34bc94d13f mock resource operating systems for tests 2016-01-29 21:55:08 +01:00
Dominik Richter
4c1b6f7509 remove os check exposure in file resource 2016-01-29 21:55:08 +01:00
Christoph Hartmann
9cfc69cf15 0.9.11 2016-01-29 18:34:12 +01:00
Stephan Renatus
6fbd28c2bb runit_service: fix resource, improve integration tests 
Turns out using `/usr/bin/yes` to imitate a daemon process is a TERRIBLE idea.
 2016-01-29 17:03:05 +01:00
Christoph Hartmann
317b0cae9d lint check in user resource 2016-01-28 21:11:13 +01:00
Christoph Hartmann
6ccfbe5e95 bugfix: use freebsd netstat parser instead of linux netstat parser for solaris 2016-01-28 21:08:52 +01:00
Christoph Hartmann
35899ebce6 optimize style in user resource 2016-01-28 18:30:39 +01:00
Christoph Hartmann
202190ea56 fix user resource unit test 2016-01-28 18:30:39 +01:00
Christoph Hartmann
ef3dbbb35c improvement: make port parsing on solaris more reliable 2016-01-28 18:30:38 +01:00
Christoph Hartmann
678ee2b473 parse port information on solaris 10 and 11 via netstat 2016-01-28 18:30:38 +01:00
Christoph Hartmann
59f3214817 use id -a for solaris 2016-01-28 18:30:38 +01:00
Christoph Hartmann
bd1e5e4085 service resource for solaris 10 and 11 2016-01-28 18:30:38 +01:00
Christoph Hartmann
913191fb9e package resource for solaris 10 and 11 2016-01-28 18:30:38 +01:00
Christoph Hartmann
dd59dd9a5a use os.linux and os.windows where possible 2016-01-28 18:30:38 +01:00
Christoph Hartmann
a5f526b368 use freebsd file permission checks for solaris 2016-01-28 18:30:38 +01:00
Christoph Hartmann
2fd6aea357 extend etc_group support for all unix systems 2016-01-28 18:30:38 +01:00