On some systems the output of ps may be truncated, which may prevent
profiles from working as intended.
Some implementations specifically mention that the output width is
undefined "(it may be 80, unlimited, determined by the TERM variable,
and so on)".
This fixes#5226.
Signed-off-by: Raphael Geissert <atomo64@gmail.com>
macOS 11 Big Sur will be released later this year. Current beta versions
return 10.16 as the version, but the product name has changed from 'Mac
OS X' to 'macOS'. Train probably needs to be modified to deprecate
'mac_os_x' as a platform in favor of 'macos' but that would be a
significant downstream change. Train does fall back to 'darwin' on macOS
10.16, so by adding darwin to the list of platform names for the service
resource we are able to work around this for the moment.
This is the only location where mac_os_x is currently being used in
InSpec. Because we're in a case statement on platform rather than the
more generic platform family, we can't simply remove mac_os_x in favor
of darwin.
Signed-off-by: Bryan McLellan <btm@loftninjas.org>
Everyone now has an `inspec` method, but the AWS ones still return
nil as their backend hasn't been set up.
This seems wrong...
Signed-off-by: Ryan Davis <zenspider@chef.io>
+ State normal path first.
+ Use Enumerable to state your logic up front, don't build it into
loops with breaks/returns.
+ Remove nonsensical duplication of key formats. (should push up or remove)
+ Had to add an extra test case that wasn't covered here but was in
metadata_test.rb (why?!?)
Signed-off-by: Ryan Davis <zenspider@chef.io>
Now discovers the first available conf file from a list of known
paths. Might have to expand based on various distros.
Had to tweak the tests because the mock loader mocks EVERYTHING every
time. :/
Signed-off-by: Ryan Davis <zenspider@chef.io>
Per auditctl(8), the -a option can have either list,action or
action,list. This PR matches against valid actions for the action field
and passed the remainder off to the list field.
Closes#4664
Signed-off-by: Trevor Vaughan <tvaughan@onyxpoint.com>
This does NOT include fixes for our dependencies that are also having
2.7 warnings (which cause our functional tests to fail because for
some reason we expect stderr to be empty, which is brittle).
I've got upstream PRs to fix all of those. My tests pass locally. I
could push a commit that modifies the Gemfile to use my forks, but I'd
like to see how this fares for now.
Signed-off-by: Ryan Davis <zenspider@chef.io>
The output for ``yum -v repolist all`` changes slightly in CentOS 8. There are
two specific changes:
1. EL8 is no longer trailing the repo name with release version and arch (i.e.
base instead of base/7/x86)
2. EL8 no longer adds a trailing newline on the last repo and instead has a line
with ``Total packages:``. This means the repo listed last will never show up.
A fix was introduced in #4566 however the tests still use CentOS 7 yum output
instead of dnf repolist output. One issue was still discovered where it was
including the ``Total packages`` line in the last repository. This includes a
regex for to work around that and fixes for the tests.
Signed-off-by: Lance Albertson <lance@osuosl.org>
Extended quick_resource to have platform methods and a new string
command mock. The named resource to mock may now be a symbol.
Added a new test that shows how to use quick_resource with multiple commands.
Fixes#4629.
Signed-off-by: Ryan Davis <zenspider@chef.io>
* Renamed and added extra test data to distinguish between centos 7 & centos 8.
* Renamed and added extra tests to cover centos 8.
* Fixed missing repo data by checking at the end if we were still in parse mode.
Fixes#4517
Signed-off-by: Ryan Davis <zenspider@chef.io>
Cc: Miah Johnson <miah@chia-pet.org>
test/unit/resources/json_test.rb had the start of a setup to directly
instantiate resources. I've refactored that up to helper.rb and
extended it with some helper methods so we can directly specify what a
resource command should respond with. For many/most of our tests, this
should be sufficient.
Finally, I switched our yum tests over to use the new setup. This will
allow us to address #4517 and extend the tests for centos8 output
differences with ease. Ease, folks... ease.
Signed-off-by: Ryan Davis <zenspider@chef.io>
Cc: Miah Johnson <miah@chia-pet.org>
3 files left to go, and they're behaving oddly so I'm leaving them out
in this pass. Looks like 21 deprecations left.
Signed-off-by: Ryan Davis <zenspider@chef.io>
Namespacing changed in faraday from Faraday::Error::* to Faraday::*
but was not reflected in faraday_middleware (which hasn't released
since February). I will file an issue and/or PR with them later.
Signed-off-by: Ryan Davis <zenspider@chef.io>
This provides the user with messages if `json(command: 'command_that_errors')`
exits non-zero and/or has STDERR.
Without this the resource will report "No output from command" when really the
output is contained in STDERR.
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
Backticks means you can't selectively run one of these tests w/o
subshelling out to `brew`, or having to edit first.
Signed-off-by: Ryan Davis <zenspider@chef.io>
Removes pre-loading and registration of resources by adding
method_missing to a couple key areas.
This still drops the ball in some areas, but it is a start.
Pass the first argument of the opts array instead of the whole array which
confuses the SimpleConfig parser. Also added a test which verifies this fixes
the issue.
In addition, change the base_name to something that matches other resource base
names.
Signed-off-by: Lance Albertson <lance@osuosl.org>
I noticed that my profile targeting group "staff" on OSX wasn't
returning *me*. I'm awesome! So that seemed wrong. And it turns out it
is wrong. We were not collecting any users whose primary group was
that group. (almost all regular users are in group staff and they're
all missing).
Signed-off-by: Ryan Davis <zenspider@chef.io>
When using `schtasks` a list is returned if the task has multiple
triggers. This merges that list with the last item taking precedence.
This is how `Get-ScheduledTask` behaves.
Initially, I was going to rewrite this resource to use
`Get-ScheduledTask` but the original author purposely did not do this
so that PowerShell v3 would be supported. We only support PowerShell
v5, but I don't want to break any current users and this change didn't
seem to controversial to me.
If it gives us trouble, I recommend rewriting it to use
`Get-ScheduledTask`.
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
This should resolve#1011 which provides an ip6tables resource to test IPv6
iptables rules. This is essentially a copy of the iptables resource with a few
renames.
In addition, I've pulled in the integration tests for iptables into ip6tables
and enabled it on docker so that it properly gets tested regularly. The test
cookbook recipe has been updated to support all of the current platforms that
are being tested.
Signed-off-by: Lance Albertson <lance@osuosl.org>
This fixes `nginx_conf.params` when:
- Given an empty file
- Given a file with only comments
- Given a file that has an include for a file that:
- Is empty
- Has all lines commented out
This also fixes a test where a missing file is actually empty
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
This speeds up parallel unit test runs from a very consistent 2:49 to
a very consistent 1:53, or a 33% reduction.
Signed-off-by: Ryan Davis <zenspider@chef.io>
Trying to fix file_test failure that only happens on travis.
The "mock" file in question is supposed to have a stat of 644, but
actually has 664 but only on travis-ci.
Signed-off-by: Ryan Davis <zenspider@chef.io>
Adds missing functionality to `interface`. Fixes#1830
```
describe interface("eth0") do
its(ipv4_addresses) { should include 1.2.3.4 }
end
```
And so on... see diff/docs for additional matchers.
Signed-off-by: Matt Kulka <mkulka@parchment.com>
This converts all current deprecation warnings/TODOs to use the
`Inspec.deprecate()` deprecation facility.
This also modifies `Inspec.deprecate()` to only require 1 argument.
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
By specifying a `max_redirects` attribute, the `http` resource worker
will follow any HTTP Redirect response (301, 302, etc...) up to the
limit defined by this attribute. For a local worker, exceeding that
limit will raise a `FaradayMiddleware::RedirectLimitReached` exception.
For a remote worker, the curl command will exit without populating the
`status` and `body` properties.
Signed-off-by: Keith Walters <keith.walters@cattywamp.us>
The value of `ciphers` is 681 on my localhost, but 993 on Travis.
This modifies the test to allow both values.
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* add aws_eks_cluster
Signed-off-by: Timothy van Zadelhoff
timothy.inspec@theothersolution.nl
* disable ABC check on fetch_from_api
Signed-off-by: Timothy van Zadelhoff <timothy.inspec@theothersolution.nl>
* add status predicates
* Change docs for status attribute
Signed-off-by: Timothy van Zadelhoff <timothy.inspec@theothersolution.nl>
* Add integration tests
Signed-off-by: Timothy van Zadelhoff <timothy.inspec@theothersolution.nl>
* Adjust EKS build code to almost work
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* EKS only uses private subnets - integration tests pass
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Correct AWS Exception class for resource search miss in unit test
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Update unit test to reflect AWS resource-standard miss behavior, returning nil for most properties
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Improve filesystem.rb to support windows
improve filesystem.rb to support windows.
Split into 2 classes LinuxFileSystemResource / WindowsFileSystemResource
Add filesystem to verify a FS-type ( currently not for linux because missing test server )
Size on Windows is converted to GB - discussion about this welcome
update to reflect also windows os
* Create get-wmiobject-filesystem
* Delete get-wmiobject-filesystem
* Fix the testing code for filesystem.
Change its 'filesystem' to 'type' according to recommendation from @miah
Signed-off-by: Markus Hackethal <mh@it31.de>
* add security-group to security-group rules
* update docs
* Add integration tests for security-group to security-group rules
* rubocop fix
* Add one security group rule, with position.
* make control fit description
Signed-off-by: Timothy van Zadelhoff <timothy.inspec@theothersolution.nl
Methods like…
* `count()` return `Integer` values
* `boolean()` return `TrueClass`/`FalseClass` values
* `concat()` return `String` values
…but threw exceptions because those types weren't supported.
This adds support to the `xml` resource, and adds tests to verify some of those examples.
Signed-off-by: Mark Hughes <greenantdotcom@users.noreply.github.com>
* Resource for a Windows Security Identifier (SID)
* Integration tests for security_identifier resource
* Address rubocop violations
* Improve security_identifier from PR feedback
* Update security_identifier tests
* Improve security_identifier unit tests
* Fix unit tests fpr security_identifier resource
* More security_identifier unit tests
* Add docs page for security_identifier resource
* Fix issues with documentation
* Improve docs
Link to Microsoft reference page, and use their term 'trustee' instead of 'entity' where applicable.
* Change exists to exist
* Test appveyor file changes.
Signed-off-by: Jared Quick <jquick@chef.io>
* Add missing tests for groups resource, document members propery, and assorted fixes.
Update existing documentation for group resource.
Add documentation for groups resource.
Update group resource tests to test members property.
Change groups resource members property to have simple style. (this
ensures members is a single array)
remove deprecated have_gid propery.
change `if !` to `unless`
Remove early return from members method. This prevented members from
working correctly on any OS other than Windows.
Add missing tests for the groups resource.
remove tests for has_gid
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Fix comments
Signed-off-by: Jared Quick <jquick@chef.io>
* Remove deprecated yumrepo. (#3435)
* Remove deprecations for cli `--format` and metadata.rb (#3452)
* Remove deprecated database_helpers stderr/stdout methods.
Update deprecation text for processes/apache.
* Remove deprecations for `--format` and metadata.rb
Remove deprecated `format` code.
Remove deprecated code test and change json-config format test to use
reporter.
Remove deprecated metadata.rb code
Remove deprecation notice for old supports syntax.
Deprecate metadata.rb from source_reader
Remove rubocop disables as they are no longer required for this code block.
Remove deprecated legacy metadata.rb mock profiles.
Remove deprecated metadata.rb profile tests.
Remove deprecated yumrepo test.
* Allow inspec-3.0 branch to be tested.
* Allow appveyor to test inspec-3.0 branch
* Change runner tests to use reporter rather than format.
Remove deprecated `supports: linux` tests.
* Remove skip from inherited profiles from showing up in reporting (breaking change) (#3332)
* Skip loading dependency profiles if they are unsupported on the current
platform.
Skip loading dependencies if they are unsupported on the current
platform.
Wrap our log and next in a conditional checking if the platform is
supported.
Change a `if !` into a `unless`
Check if the backend is a Train Mock Connection and if so say that the
profile does support the platform.
While iterating through tests being loaded skip when the platform is
unsupported.
We now log a WARN when a profile is skipped due to unsupported platform,
so lets check that.
Modified existing test to log that there are 0 skipped tests, instead of
2.
Add functional test that loads profile-support-skip with a json reporter
to check that our controls are not loaded and that stderr contains our
warning.
* Rather than iterating through each test return before recursion if the platform is
unsupported.
* Resolve tests using a supported platform different from testing platform
Add a control to `test/unit/mock/profiles/complete-profile` that would
work on any OS with a Internet connection. This allows the profile
to execute on any OS with success. `filesystem_spec.rb` was a control
that would only work on Linux and some BSD's.
We want profile tests to consistently work across development and testing
platforms, and not get 'skipped' in some cases. Travis-CI tests on Linux,
Inspec Dev team uses Linux and MacOS, Appveyor tests on Windows
Also Updated `file_provider_test.rb` for `complete-profile` content changes.
If you `MockLoader.load_profile` on a unsupported platform you might not
hit the usual skip. Lets handle situations where the tests array in
Profile#load_checks_params could be nil.
* Use safe navigation rather than checking if tests is nil.
Update tests to point to unsupported_inspec and account for WARN changes.
Make unsupported_inspec profile support os-family 'unsupported_inspec'
* Fix skip bug when using include/require controls. (#3487)
* Fix skip bug when using include/require controls.
* fix test and feedback.
* Remove need for UUID detection for Automate report (#3507)
* Add json metadata for skipped profiles (#3495)
* Add skip metadata to json reports
* Unify skip messages.
* Update with status field.
* Add testing.
* Fix tests.
* lint
* Add skip exit codes for profile skips.
* Update website for 3.0 launch
Add `plugins` to sidebar.
Change 2.0 -> 3.0 in slim files.
Update 3.0 features list.
* Fix comments
* Update float to numeric.
* Change Float to numeric.
* updated feature list and impact doc
* Change "What's new in InSpec 3.0" -> "Announcing InSpec 3.0"
* Bump VERSION to 3.0.0 (#3511)
* Remove 3.0 testing checks.
* Fix azure link.
For larger processes, Busybox's ps displays the vsz and rss columns in
megabytes or gigabytes, with no option I've found to override the behavior.
This change updates the process regex to account for that and converts
the values to kilobytes so they can still be cast as integers.
Signed-off-by: Jonathan Hartman <j@hartman.io>
This is useful when you have multiple versions of the same gem installed. It can be leveraged like so:
```
describe gem('rest-client') do
its('versions') { should include /1.8\.\d+/ }
its('versions') { should include /2.0\.\d+/ }
its('versions.count') { should_be eq 2 }
end
```
Signed-off-by: Ben Abrams <me@benabrams.it>
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
Signed-off-by: Jared Quick <jquick@chef.io>
* adding cloudlinux into the mocker under the redhat family as it is found inside of train, and creating tests for cloudlinux that mirror the centos/redhat tests.
* adding cloudlinux under the select_service_mgmt method so that it can be matched.
Signed-off-by: Vern Burton <me@vernburton.com>
* windows_feature resource: Add DISM support
This modifies the `windows_feature` resource to fallback to DISM when
the `Get-WindowsFeature` command is not available.
* Allow specifying `:dism` or `:powershell`
* Replace stacktrace with smaller error message
* Add notes/todo about raise behavior
* Remove duplicated platform check
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Constrain RuboCop disables to single method
* Add comment to Alpine package command
* Use single quotes for Alpine package command
* Change `it` statement to be readable
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Use fail_resource rather than skip_resource when the platform is not
supported by the resource.
* Update tests to handle failing on unsupported platforms.
Update functional tests.
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* apache_conf resource: Strip quotes from values
* Update regex to capture all vars between quotes
* Change `x` and `y` to proper variable names
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Un-deprecate plural properties on shadow; deprecate the singular versions
* Update filtertable interface to current
* A weak attempt at making the docs coherent
* Doc feedback per Jerry
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* set port default to nil, introduce local_mode
* raise instead of warning
* restore default port, allow explicit nil
Signed-off-by: Tor Magnus Rakvåg <tm@intility.no>
* implement members property
* flatten groups entry, extract flatten helper
* lints
* more idiomatic spec, add example of members testing
Signed-off-by: Tor Magnus Rakvåg <tm@intility.no>
* Add integration and unit tests for aws_ec2_instances
* Basic docs for aws_ec2_instances
* Add basic aws_ec2_instances resource
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Add check if aws s3 bucket is encrypted.
Required terraform aws provider >= 1.6
Fix indentation issue in aws_s3_bucket.rb
* Implement most changes recommended by @TrevorBramble, and refactored other methods to align with recommendations (except Terraform nitpick; preference is to keep coding style consistent until full refactor).
Signed-off-by: Jeremy Phillips <github@uranusbytes.com>
* nginx_conf resource: Fix include paths with quotes
* Move quote removal to `NginxParser`
* Add parsers/tests for quotes in quotes
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Update tests and docs to assume one recorder per region
* Config recorder supports singleton fetch
* Docs and tests for singleton mode delivery_channel
* Implementation for singleton delivery channel, and some other code cleanup
* Implement some feedback, and fix a bug in traversing the struct in looking for empty results
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Bug replication tests, unit and integration
* Fixes statement_count
* Fixes statement_count and have_statement
* rubocop trim whitespace
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Update singular implementation to avoid use of inner object
* Update docs and tests for 3 new filters and properties on aws_vpcs
* Implement new filters and properties; one failing test due to odd FilterTable behavior
* changes to avoid bug 2929
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Add tests for method chained shadow resource with readable and
unreadable shadow files.
Ensure @params always has a safe value, otherwise we may stacktrace when
unable to read /etc/shadow and invoked with method chaining.
* Wrap deprecation notices with a proc/must_output to clean up test
output.
Added some missing newlines.
Catch deprecation notice on `lines`.
* Resolve the majority of the issues pointed out by @tbramble.
Deprecate `lines`; its really only used internally but it was 'exposed'
through tests and who knows if there is external use. `lines` is not
documented as a property at least..
`#set_params` is much better now =)
Signed-off-by: Miah Johnson <miah@chia-pet.org>