* Add integration and unit tests for aws_ec2_instances
* Basic docs for aws_ec2_instances
* Add basic aws_ec2_instances resource
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Add check if aws s3 bucket is encrypted.
Required terraform aws provider >= 1.6
Fix indentation issue in aws_s3_bucket.rb
* Implement most changes recommended by @TrevorBramble, and refactored other methods to align with recommendations (except Terraform nitpick; preference is to keep coding style consistent until full refactor).
Signed-off-by: Jeremy Phillips <github@uranusbytes.com>
* Update tests and docs to assume one recorder per region
* Config recorder supports singleton fetch
* Docs and tests for singleton mode delivery_channel
* Implementation for singleton delivery channel, and some other code cleanup
* Implement some feedback, and fix a bug in traversing the struct in looking for empty results
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
The `shell` matcher have to be `shells` and expects an array.
Wrong:
`its('shell') { should eq "/sbin/nologin" }`
Got error:
```
× Users with username =~ /stockservice-.*/ shell
undefined method 'shell' for Users with username =~ /stockservice-.*/:#<Class:0x000055c2471fa900>
Did you mean? shells
```
Correct:
its('shells') { should eq ["/sbin/nologin"] }
I think it's an documentation mistake.
-----------------------------------------
$ inspec --version
2.1.43
Signed-off-by: Axel Kummer <axel.kummer@netresearch.de>
* Update singular implementation to avoid use of inner object
* Update docs and tests for 3 new filters and properties on aws_vpcs
* Implement new filters and properties; one failing test due to odd FilterTable behavior
* changes to avoid bug 2929
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Provides low-, and mid-level properties and matchers for examining rules on aws_security_group.
* Second draft of docs for SG rules interface; need to clarify semantics of reject
* First cut at unit tests
* Cleanup test fixtures
* Implementation for allow, with plausible unit tests
* Doc updates based on reality
* Add integration tests; move allow to allow_ / out; several docs updates
* Add be_open_to_the_world and be_open_to_the_world_on_port
* Update docs to reflect adding allow_only
* Update docs to reflect use of position to allow multiple rules with 'only'
* Implement allow_only with unit tests; still need integration tests
* Add integration tests for allow_only
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* * Adds new property to test how many days ago the CloudTrail delivered logs to the CloudWatch Logs.
* * Changes query for selected cloud trail in unit test
* Changes uses Time.now explicitly instead of making a variable in the unit test
Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
* Adds new property to test the users in an aws_iam_group
* Adds terraform code to add the recall_hit user to the administrator group
Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
* Initial commit of skeletal resource aws_route_tables
* Fixes issues with documentation
* Renames route table terraform resources to be more conventional
* Removes tags terraform resources
* Changes aws_route_table and aws_route_tables integration tests to use new terraform names
* Removes unneeded data given in unit tests
Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
* Initial commit of skeletal resource aws_s3_buckets
* Add fixes to documents
* Removes property 'creation_date' for there is no use case as of right now
* Rebases on master and moves aws_s3_buckets integration test to the correct location
* Adds test on unit test for false exists
Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
* Adds chocolatey package resource
* Adds docs for chocolatey_package resource
* Differentiate chocolatey package from windows feature
Suggested by @frezbo
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
* Change `skip_resource` to use raise
* Add `supports` lines to example resource
* Change to rescue `StandardError` vs `Exception`
* Change raise to use `e.message` vs `$!`
* Remove redundant returns
* Change `File.exists?` to `File.exist?`
* Update shasum in tests
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Add AWS hardware MFA matcher
Adding a hardware as well as a virtual MFA matcher for aws_iam_root_user
resource
* Add New AWS Root Matcher Docs
- Add documentation for new root MFA matchers
- Fix logic for checking MFA devices from feedback on PR
* Add Integration tests for MFA matchers
- Add integration tests for virtual and hardware MFA matchers
- Clean up logic for has_virtual_mfa_enabled? method
Signed-off-by: Paul Welch <pwelch@chef.io>
* Initial commit of new skeletal resource aws_config_delivery_channel
* Changes delivery_frequency to be an integer and names delivery_frequency_in_hours
* Adds more documentation and clarifies descriptions
* Wraps API call in the aws_catch_errors function
* Changes config bucket name to use dashes instead of underscores
* Updates on master and changes directory location of build and integration files
* Fix integration tests to only create one ConfigRecorder
Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
* Initial commit of skeletal resource aws_kms_key
* * Adds comments to rerun travis
* * Clarifies some parts of the doc.
* Changes matcher have_aws_key_manager to manged_by_aws
* Fixes copypasta
* Adds clarification to property names
* Fixes rescueing exceptions from the api
* raises exceptions in the unit tests
Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
* Initial commit of skeletal resource aws_sns_topics
* Adds clarification in documentation
* Adds functionality for calling the next token returned from aws api.
* Wraps api calls in the catch_aws_errs method
Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
* Documents `supports` attribute of custom resource DSL
* Uses html definition list for definitions
* Reverts <dl> changes to pure markdown again
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
Owner and mode are provided by the file resource, not ssh_config.
Fixes#2471
Co-authored-by: Trevor Bramble tbramble@chef.io
Co-authored-by: Paul Welch pwelch@chef.io
Signed-off-by: Paul Welch <pwelch@chef.io>
The main index is displaying the wrong resource name. The url to the resource
is not correct either. This should generate the correct entry and path in the
docs.
Signed-off-by: Franklin Webber <franklin@chef.io>
* Initial commit of new resource
* Makes changes to docs to match changes to the resources.
* Adds clarifications in docs and changes it to be an erb file.
* Simplifies some unit tests
* Wraps calls to the api in a aws_catch_errors method
* Removes provisioner terraform code
Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
Add information about setting the path to the NGINX server configuration
file if it is not in the default path.
Signed-off-by: Paul Welch <pwelch@chef.io>
* Fix under construction page
Previously, the content was hidden behind the banner. The buttons also
did not contain horizontal spacing.
* Add links to Learn Chef Rally content.
I also corrected a few caplitalization issues and edited a few sentences for clarity.
* ssh => SSH
* Update Slack URL
Was pointing to Habitat by mistake.
Signed-off-by: Thomas Petchel <tpetchel@gmail.com>
The dot notation is supported for family on the os resource. That is
by far easier to type out and use.
Also fixes that the platform names returned are Strings and not Symbols.
Signed-off-by: Franklin Webber <franklin@chef.io>
shadow file.
After much thought the deprecations from #2642 were for the wrong methods.
Plural method names feel much more natural when working with this
resource because you can have more than a single result.
Consider a match like `shadow.user(/^www/)`, this could return multiple
users, so `shadow.users` feels more natural here.
The problem is that the fields we're matching in the shadow file itself
are singular. Each entry is for a user, which has a password, and some
other fields. A user never has `passwords` in the shadow file, only a
`password`.
This is made more obvious when you use the `filter` method.
When we use this filter: `shadow.filter(min_days: 20, max_days: 30)` we
are matching fields in the shadow file and not using our matcher
methods. This means that if there is a discrepancy between our matcher
methods, and the shadow fields the user could end up confused. Like I did =)
This PR changes:
Changed matchers to match shadow fields.
Updated documentation to reflect changes.
Updated tests to reflect changes.
Re-add `filter` method, and add a test for it.
Renamed variable for FilterTable to be less confusing.
Renamed query argument for methods to be consistent.
Cleanup docs based on comments from @jerryaldrichiii
Make Rubocop happy <3
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Change shadow resource to use FilterTable rather than custom filter
implementation.
Add tests for singluar aliased methods and other minor changes to work
with FilterTable output.
Coverage is at 100%
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* merge master
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Fixes docs for file example
* The version test should be a string
* There was a missing closing brace in the regex examples
* Some white-spaced got cleaned up
* I added the file name into the variable for the pg examples
Signed-off-by: Franklin Webber <franklin@chef.io>
* Updates docs file to use real postgre path
Signed-off-by: Franklin Webber <franklin@chef.io>
* Moves the 'real' example filepath to the describe
Signed-off-by: Franklin Webber <franklin@chef.io>
* Distinguish between universal and specialized matchers
* Make the table of contents clickable
* Add note about RSpec matchers, possibly regrettable
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Signed-off-by: kgarmoe <kgarmoe@chef.io>
* Initial commit of new resource
* Removes deprecated matcher in example
* Adds a new terraform file for config resources
* Fixes and clarifies documentation
* Wraps calls to api in catch_aws_errors method
* Changes the names of two matchers
Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
Moved 2 space examples 2 more spaces in. Don't be shy, show the world your code the way it was meant to be seen.
Underscores in markdown must be escaped otherwise the world goes crooked.
Signed-off-by: Franklin Webber <franklin@chef.io>
* New styles
* Fundamental styles for home page
* Legal pages
* Community page, downloads page, tutorials page
* Docs page
* Content toggle and github badge
* Add code - highlighter
* Copy button
* Sliding content animation
* fix particle animatino on downloads page
* Scroll-to-top button
* docs sidebar links
* innocent comments on resources
* Fancy code animation
* Small update to diamond
* whatever slider
* Slider styles
* initial selection if no sliders are there
* add netifly config
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
* inspec for provisioners
* fix incorrect text on aws ssm
* fix layout javascript
post-rebase
* resource grouping in docs
* introduce groups in docs/resources
* fix minor spelling issues and move download button in new features section
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
* pass linting
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
* Removed additional ending brackets } in a few cases
* Removed the belong_to_group
* Cleans white space and addressed a little formatting
Signed-off-by: Franklin Webber <franklin@chef.io>
* Docs for apache resource
Signed-off-by: kgarmoe <kgarmoe@chef.io>
* Add deprecation warning to apache docs and resource, and clean up examples.
Signed-off-by: Adam Leff <adam@leff.co>
* Update apache_conf resource to remove dependency on apache resource
Signed-off-by: Adam Leff <adam@leff.co>
* Make conf_dir method public
Signed-off-by: Adam Leff <adam@leff.co>
* Removes unnecessary aide_conf commit, pulled in from e25f0a45
Signed-off-by: Adam Leff <adam@leff.co>
* Switch to Pathname to calculate conf_dir
Needed to avoid Windows adding `C:\` in unit tests when calling
File.expand_path.
Signed-off-by: Adam Leff <adam@leff.co>
* Fixes the apache_conf Listen property returns an array
The result is an array and not a string even when there is one value.
Signed-off-by: Franklin Webber <franklin@chef.io>
* Updates the apache_conf timeout, allowoverride, and maxclients to include
It seems that all of these values are placed in an array of values so
the matcher needs to be `include`.
Signed-off-by: Franklin Webber <franklin@chef.io>
* Updates docs for apache_conf
* Uses the suggested `cmp` instead of `include`
* Adds the way to properly compare a list of multiple ports
Signed-off-by: Franklin Webber <franklin@chef.io>
This adds support for `architectures` to the `packages` resource.
Example:
```
describe packages(/compat-libstdc++-33/) do
its('architectures') { should include 'x86_64' }
its('architectures') { should include 'i686' }
end
```
This also adds documentation for the `packages` resource
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* adding df resource
Signed-off-by: Vern Burton <me@vernburton.com>
* adding unit tests and required mocks for them, created integration test
Signed-off-by: Vern Burton <me@vernburton.com>
* cleaning up skip test to include only the filename and not full path
Signed-off-by: Vern Burton <me@vernburton.com>
* adding docs
Signed-off-by: Vern Burton <me@vernburton.com>
* size makes more sense than space
Signed-off-by: Vern Burton <me@vernburton.com>
* removing unneeded author lines
Signed-off-by: Vern Burton <me@vernburton.com>
* as the command changed, changing mock to the new sha
Signed-off-by: Vern Burton <me@vernburton.com>
* updating to address comments from #2441
* removing author lines
* using attr_reader functions
* using ruby string functions rather than pipe to sed
* adding os family detection
* using ResourceFailed as the pattern already existed for OS family detection
* using if for future case support for unix and unix-like (FreeBSD)
Signed-off-by: Vern Burton <me@vernburton.com>
* adding supports to resource metadata, and adding tests that show that resource says that it is not supported on windows/unix.
Signed-off-by: Vern Burton <me@vernburton.com>
* focusing on linux os family and removing logic for assumed future cases
Signed-off-by: Vern Burton <me@vernburton.com>
* changing df to filesystem
Signed-off-by: Vern Burton <me@vernburton.com>
This change adds the `docker_service` resource for Docker swarm mode services. This
branches off some of the common elements (id, exists) into a `DockerObject` module along
with a utility function for parsing the image/repo string. That function was implemented
separately by `docker_image` and `docker_container`, now with a third resource, it made
sense to consolidate that into an included module. I used the most comprehensive
implementation. Existing classes had to be slightly modified for the genericization.
Signed-off-by: Matt Kulka <mkulka@parchment.com>
* SMTP example for the ini resource was incorrect and did not work
Obvious fix.
* Fixed documentation and removed semicolons as the ini parser includes those semicolons
Obvious fix.
* adding database.xml with attributes to files and mocking it in the helper.rb
Signed-off-by: Vern Burton <me@vernburton.com>
* adding logic to test class returned by XPATH and using functions from respective classes to fill a array for return, and unit and integration tests to ensure functionality
Signed-off-by: Vern Burton <me@vernburton.com>
* updating docs to show how attributes are used
Signed-off-by: Vern Burton <me@vernburton.com>
* 'and' instead of 'or' makes more sense
Signed-off-by: Vern Burton <me@vernburton.com>
* adding default else for capturing unknown classes from REXML
Signed-off-by: Vern Burton <me@vernburton.com>
* removing extra newline
Signed-off-by: Vern Burton <me@vernburton.com>
* adding fail case with enough information to debug in future case
Signed-off-by: Vern Burton <me@vernburton.com>
* adding control statement to add rule in front of string as long as it doesn't already contain rule.
Correcting resource name in firewalld from etc_hosts_deny
adding tests for both branches of the statement created in firewalld
Signed-off-by: Vern Burton <me@vernburton.com>
* moving to unless with a start_with
Signed-off-by: Vern Burton <me@vernburton.com>
* adding documentation that states that it is not needed to add `rule` string
Signed-off-by: Vern Burton <me@vernburton.com>
When a header includes two `_`s, they must be escaped, otherwise, the
text between the two `_`s is rendered with emphasis. E.g.,
`<h1 id="etchostsallow">etc<em>hosts</em>allow</h1>`
Escaping the `_`s fixes this and the header is rendered properly.
This is a fix for:
* etc_hosts_allow
* etc_hosts_deny
* postgres_hba_conf
* postgres_ident_conf
This change also adds the `h1` title to the windows_hotfix resource
page.
Signed-off-by: Nathen Harvey <nharvey@chef.io>
* Add mode method to test the value of Bonding Mode
Signed-off-by: Eammon Hanlon <eammon.hanlon@microsoft.com>
* Add test for bonding mode in bond unit test
Signed-off-by: Eammon Hanlon <eammon.hanlon@microsoft.com>
* Add documentation on mode matcher for bond resource
Signed-off-by: Eammon Hanlon <eammon.hanlon@microsoft.com>
* Update example for 'Test parameters for bond0'
Signed-off-by: Eammon Hanlon <eammon.hanlon@microsoft.com>
* Fixes usage of 'output' to 'stdout'
* Adds examples for 'exit_status' and 'stderr'
* Modifies the matchers section to point to the command resource
Signed-off-by: Franklin Webber <franklin@chef.io>
* Rewrite of Inspec Azure Resource pack to allow the testing of _any_ value Azure reosurce.
Closes#36Closes#37
This fixes#56 so that it works with the latest version of the SDK. In fact it will only work to version >= 0.15
Signed-off-by: Russell Seymour <russell.seymour@turtlesystems.co.uk>
* Fixes#2343 (Windows file permissions regression)
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
* Updates docs with missing info on `be_allowed()` matcher
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
* remove second end in first describe example, because of wrong syntax
Signed-off-by: Patrick Münch <patrick.muench1111@gmail.com>
* correct style of the examples
Signed-off-by: Patrick Münch <patrick.muench1111@gmail.com>
* Full docs, first draft; integration tests; started on unit tests
* Integration tests pass
* Docs update
* More consistent syntax in examples
* Alter fetch phase to perform fetch, handle results, and unpack into instance vars, more like other resources
* Docs first draft, integration tests, and constructor unit tests for SNS topic
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Skeleton of SNS topic
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Constructor arg validation works
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Passing unit tests for recall
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Subscription Count property, works
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Subscription, not subscriber
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Integration tests pass; also wildard ARNs are not allowed
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Rubocop changes
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Doc updates per kagarmoe
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Add non-halting exception support to resources
This adds two `Inspec::Exceptions` that can be used within resources to
either skip or fail a test without halting execution.
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Update docs in source to use matcher-style calls, not properties-as-predicates
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Main doc file for aws_iam_user
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Add documentation for existing resources
This adds documentation for the following resources, including custom matchers:
- aws_ec2_instance
- aws_iam_access_key
- aws_iam_password_policy
- aws_iam_root_user
- aws_iam_users
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Fix `aws_iam_users` example (Console + No MFA) (#104)
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Correct copypasta
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Remove misleading singular matcher information from the plural docs for aws_iam_users
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Correct `aws-iam-userss` typo (#105)
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Add EC2 instance state info
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* test commit
Signed-off-by: kgarmoe <kgarmoe@chef.io>
* copy edits
Signed-off-by: kgarmoe <kgarmoe@chef.io>
* Yikes, forgot to save after correcting a merge conflict
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Fix the docs for the shadow resource
Inspired by the work in PR #2246
Signed-off-by: Adam Leff <adam@leff.co>
* Fix typo
Signed-off-by: Adam Leff <adam@leff.co>
* Added CRAN resource to check R modules
control 'cran-1' do
impact 1.0
desc '
Ensure R module DBI is installed.
'
describe cpan('DBI') do
it { should be_installed }
its('version') { should cmp >= '3.0' }
end
end
Signed-off-by: Markus Grobelin <grobi@koppzu.de>
* cran resource: made lint happy, added negative unit test, removed unused arg perl_lib_path
Signed-off-by: Markus Grobelin <grobi@koppzu.de>
* Added CPAN resource to check Perl modules
control 'cpan-1' do
impact 1.0
desc '
Ensure Perl modules DBI and DBD::Pg are installed.
'
describe cpan('DBI') do
it { should be_installed }
end
describe cpan('DBD::Pg') do
it { should be_installed }
its('version') { should cmp >= '3.0' }
end
end
Signed-off-by: Markus Grobelin <grobi@koppzu.de>
* cpan resource: fixed unit test for non-installed module
Signed-off-by: Markus Grobelin <grobi@koppzu.de>
* new resource: elasticsearch resource, test cluster/node state
This is a new resource for testing an Elasticsearch cluster. It operates
by fetching the `_nodes` endpoint from a given Elasticsearch node and
collects data about each node in a cluster, even if there's only a
single node.
This work is based on inspiration from an initial PR #1956 submitted by
@rx294.
Signed-off-by: Rony Xavier <rx294@nyu.edu>
Signed-off-by: Aaron Lippold <lippold@gmail.com>
Signed-off-by: Adam Leff <adam@leff.co>
* Reduce mock data on non-default tests
Signed-off-by: Adam Leff <adam@leff.co>
* Enhance cmp matcher to work with symbols
The `cmp` matcher will now stringify symbol actual values if the
expected value was passed in as a string. This will help with the file
resource `type` method where Train returns the file type as a symbol.
Signed-off-by: Adam Leff <adam@leff.co>
* Fix documentation for file type character_device
Signed-off-by: Adam Leff <adam@leff.co>
* Fix docs for block_device
Signed-off-by: Adam Leff <adam@leff.co>
* Fix file mtime docs
Signed-off-by: Adam Leff <adam@leff.co>
This change enhances the processes resource to support the busybox
ps command which is common on Alpine, for example. The way we
map ps fields to the structs needed by FilterTable have also been
refactored to be more flexible so we can support multiple formats
in the future.
Also, the processes resource now allows the grep argument to be optional
thus allowing a user to query all resources without passing in a
match-all regex.
Signed-off-by: Adam Leff <adam@leff.co>
The docs for the `os` resource did not have the proper parameters
listed and also improperly had `os[:debian]` examples instead of
`os.debian?`
Signed-off-by: Adam Leff <adam@leff.co>
* Docs update to describe using cmp for version matching on packages
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Add 'and' and force Travis to re-run checks
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Currently, the http resource always executes locally, even when scanning
a remote machine with `--target` which leads to undesireable behavior.
This change adds the ability to remotely execute tests with curl. This
behavior is currently opt-in with the `enable_remote_worker` flag, but
will become the default behavior in InSpec 2.0. Deprecation warnings
are emitted if the user is scanning a remote target but has not opted
in to the new behavior.
Signed-off-by: Adam Leff <adam@leff.co>
As discussed during the Chef Community Summit 2017 in Seattle, many
more technical users wish to use `expect` syntax and wish to see
more examples of how to do so with InSpec resources.
Signed-off-by: Adam Leff <adam@leff.co>
* Clarify the copy
* Fix the name of the kitchen configuration file. `.kitchen.yml`, not
* `kitchen.yml`
* Use proper syntax for specifying recipes in the sample code
* Use a valid Supermarket-based profile in the sample code
* Demonstrate using local InSpec tests
Resolves#1565
Signed-off-by: Nathen Harvey <nharvey@chef.io>
* New Resource - firewalld
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* New Resource - firewalld
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* New Resource - firewalld
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* New Resource - firewalld
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* Modifications to new resourec - firewalld
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* Modifications to new resource - firewalld
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* Modifications to new resource firewalld
Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
* Modifications to new resource - firewalld
Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
* Changing firewalld_command method to prepend the command with 'firewall-cmd' to reduce code reuse.
Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
* Modifications made
* installed? method now tells by checking if firewall-cmd is a command on the system
* The firewalld_command method now strips the stdout of the return
* added another test for testing multiple active zones
Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
* Fixing rake lint issue
Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
* Fixing match and returning boolean for seeing if firewalld is running
Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
* Fixing lint issues
Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
* Empty commit to rerun. Accidentally updated branch.
Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
* Rerunning test, accidentally updated branch. needs sign off commit
Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
* Add hotfix resource for Windows
Signed-off-by: Matt Ray <matthewhray@gmail.com>
* Renamed hotfix to windows_hotfix
Added additional unit test checking for KB that is not present on a box
Signed-off-by: Matt Ray <matthewhray@gmail.com>
* Integration test to spot-check for hotfixes
Queries the Windows operating system via Powershell for a list of all
installed hotfixes and spot-checks every 10th one with the
windows_hotfix resource. Checking hundreds is time-consuming. Also
checks to ensure a non-installed hotfix is not present.
Signed-off-by: Matt Ray <matthewhray@gmail.com>
* add example for checking last permissions octet
Signed-off-by: Thomas Cate <tcate@chef.io>
* Correctly describe the last permissions bit for file resource
Signed-off-by: Thomas Cate <tcate@chef.io>
* Added auditd resource and documentation.
Signed-off-by: Jennifer Burns <jburns@mitre.org>
* Added unit tests for auditd resource and updated auditd_rules_test to match new entries in auditctl
Signed-off-by: Jennifer Burns <jburns@mitre.org>
* Removed all legacy code for audit < 2.3. Removed parens to create consistency.
Signed-off-by: Jennifer Burns <jburns@mitre.org>
* Updated method names and removed unnecessary content based on review
Signed-off-by: Jennifer Burns <jburns@mitre.org>
* Adding support for fstab
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* New Resource - etc_fstab
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* New Resource - etc_fstab
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* Modifications to new resource - etc_fstab
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* Modifications to new resource - etc_fstab
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* Modifications to new resource - etc_fstab
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* Modifications to docs of new resource etc_fstab
Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
* Modifications to new resource etc_fstab
Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
* wip: extend nginx_conf for http+servers+locations
... well `http` entries really, but we couldnt just call it `https`.
the goal is to `nginx_conf.http` / `nginx_conf.servers` / `nginx_conf.locations` and then also have these calls cascaded down to simplify the access to these fields. the current pattern is rather tedious since we need to check for nil everywhere.
* add test for new nginx accessors
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
* add docs for nginx-conf
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
* fix all incorrect NGINX spellings in docs
* prevent edge-cases where nginx params are nil
for location, http, and servers
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
* more descriptive to_s for nginx servers
as suggested by @adamleff, thank you!
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
* add more descriptive to_s for nginx location
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
* Provisioner script to setup resource tests for setgid/setuid/sticky bit tests. This appears to be the correct mechanism per docker_run, but I don't see any other provisioner scripts, so I suspect there is a different Chef-internal mechanism at play here.
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* TDD Red for setgid/setuid/sticky File matchers
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Add documentation for file resource sgid, sticky, and suid matchers
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Add matchers to File for setgid, setuid, and sticky by aliasing existing predicates; TDD green
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Rubocop prefers alias to alias_method.
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Lint before pushing, of course
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Correct spelling of setgid and setuid matchers in docs
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Add be_setgid, be_setuid, be_sticky matcher integration tests for File.
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Revert "Provisioner script to setup resource tests for setgid/setuid/sticky bit tests. This appears to be the correct mechanism per docker_run, but I don't see any other provisioner scripts, so I suspect there is a different Chef-internal mechanism at play here."
This reverts commit 42e672f3b1.
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Revert "TDD Red for setgid/setuid/sticky File matchers"
This reverts commit a4f891fc7e.
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
The current docs refer to a method called `link_target` which does not
exist. `link_path` provides the functionality.
Signed-off-by: Adam Leff <adam@leff.co>
* Add support for XML files
Signed-off-by: Morley, Jonathan <jmorley@cvent.com>
* Use REXML instead of nokogiri
Signed-off-by: Morley, Jonathan <jmorley@cvent.com>
* Filter check output based on sensitive flag
-Updated check in formatters to filter check output during failures based on
sensitive metadata flag
-Added functional test of output filtering
-Updated documentation with blerb on usage
* Update output format for sensitive resources
Signed-off-by: Kevin Formsma <kevin.formsma@gmail.com>
* Update color output on new test
Update the color output to match the newly-expected non-color format if there are no tests that match.
Signed-off-by: Adam Leff <adam@leff.co>
* Added aide_conf resource and subsequent files
* Updated to match on all selection lines
Signed-off-by: Jennifer Burns <jburns@mitre.org>
* Changed to use CommentParser and fixed typo
Signed-off-by: Jennifer Burns <jburns@mitre.org>
* Fix typo in test file
Signed-off-by: Jennifer Burns <jburns@mitre.org>
* Updated to address PR feedback
Signed-off-by: Jennifer Burns <jburns@mitre.org>
* check the proper field for dpkg installation state fixes#2006
Signed-off-by: Mathieu Sauve-Frankel <msf@kisoku.net>
* Properly handle held packages on dpkg-flavored OS
InSpec was looking at the wrong field in `dpkg -s` output to determine
whether a package was installed or not. An installed, held package was
incorrectly reported as uninstalled.
This adds the proper unit tests and also adds a `be_held` matcher.
Thanks to @kisoku for the initial work in #2007.
Signed-off-by: Adam Leff <adam@leff.co>
Reuse blog post content on profile inheritance for web site
based on feedback from colleagues and community members.
Signed-off-by: Adam Leff <adam@leff.co>
* Changes resources/filename to match resource name
Signed-off-by: kgarmoe <kgarmoe@chef.io>
* Deletes original resource files.
Signed-off-by: kgarmoe <kgarmoe@chef.io>
* New matcher 'be_in'
Fixes#2018
Signed-off-by: Rony Xavier <rx294@nyu.edu>
* small fixes to wording.
Signed-off-by: Aaron Lippold <lippold@gmail.com>
* Added code to use be_in for with the following use case:
describe nginx do
its(module_list) { should be_in AUTHORIZED_MODULE_LIST }
end
Fixes#2018
Signed-off-by: Rony Xavier <rx294@nyu.edu>
* Updates to the matcher
Fixes#2018
Signed-off-by: Rony Xavier <rx294@nyu.edu>
* Added tests for the be_in matcher
Signed-off-by: Rony Xavier <rx294@nyu.edu>
* Requested updates completed
Signed-off-by: Rony Xavier <rx294@nyu.edu>
* Fix host resolution on Darwin, use dig wherever possible
The `host` and `dig` commands do not return non-zero if a query returns NXDOMAIN
or NOERROR, but the DarwinHostProvider was expecting it when deciding whether to
fall back to IPv4 if a IPv6 query failed. Therefore, the `host` resource would
not function properly when resolving hostnames on Darwin. The logic has been
changed to use `dig` short output and query for both v6 and v4 addresses.
Additionally, the LinuxHostProvider has been modified to prefer `dig` if it's
available to keep behavior similar between Darwin and Linux whenever possible.
This has the added benefit of providing v6 and v4 resolution if possible where
`getent hosts` only returns v6 if v6 records exist.
Signed-off-by: Adam Leff <adam@leff.co>
* Fix up methods, add command mock, do string matching in ruby instead of command
Fixes#1643Fixes#1673
Signed-off-by: Aaron Lippold <lippold@gmail.com>
* Update iptables docs
* Correct nomenclature and be a bit more specific for existing exampls
* Provide an example of allowing a specified port in.
* Update iptables.md.erb
* showing how to shellout in docs
Signed-off-by: Richard Shade <rshade@rightscale.com>
* adding basic example
Signed-off-by: Richard Shade <rshade@rightscale.com>
* cleanup
Signed-off-by: Richard Shade <rshade@rightscale.com>
* adding in mysql socket, as this doesn't work with non-default installs
Signed-off-by: Richard Shade <rshade@rightscale.com>
* updating per peer review to make socket not a req, and adding port
Signed-off-by: Richard Shade <rshade@rightscale.com>
* updating docs
Signed-off-by: Richard Shade <rshade@rightscale.com>
* attributes-related note added to docs
Hello friends.
I just received two separate stacktraces and spent half an hour trying to figure out why my attribute()-calls didn't work. The Slack channel then notified me that these attribute()-calls must live on the top-level of the file. Thought I'd prepare a PR to save others this fight :)
Greetings from southern germany.
* attributes-related note added to docs
Hello friends.
I just received two separate stacktraces and spent half an hour trying to figure out why my attribute()-calls didn't work. The Slack channel then notified me that these attribute()-calls must live on the top-level of the file. Thought I'd prepare a PR to save others this fight :)
Greetings from southern germany.
Signed-off-by: Stefan Staudenmeyer <stefan.staudenmeyer@instana.com>
* attributes-related doc note -> added control block
Signed-off-by: Stefan Staudenmeyer <stefan.staudenmeyer@instana.com>
