Commit graph

4180 commits

Author SHA1 Message Date
Seth Chisamore
a081b343e0 Revert "Update SHA1 fingerprint for MSI signing cert (#2013)" (#2014)
This reverts commit b803194abd.

Reverting this as we are investigating using an EV cert which has
instant reputation with Microsoft Smartscreen filter.

Signed-off-by: Seth Chisamore <schisamo@chef.io>
2017-07-12 17:26:09 -04:00
Seth Chisamore
b803194abd Update SHA1 fingerprint for MSI signing cert (#2013)
The cert has been updated as the old one expires on 2017-07-25.

Signed-off-by: Seth Chisamore <schisamo@chef.io>
2017-07-12 15:24:14 -04:00
Adam Leff
9580732814 Source reader should not hand back files with nil contents (#2003)
If a profile has a data files directory that looks like this:

```
files/platforms/one/data.json
files/platforms/two/data.json
files/platforms/three/data.json
```

... the source reader will return the directories in the list of files but with
nil contents. This causes an issue when Inspec::Profile tries to create a sha256
checksum of the profile contents only to try to cast nil to a string when
building the null-delimited profile contents string.

Files that are empty will have an empty string as its contents, so it's safe to
assume that file entries with nil contents are actually a directory and have no
affect on the profile's checksum. Therefore, this change will eliminate any file
entries in responses from the source readers where the contents are nil.

Signed-off-by: Adam Leff <adam@leff.co>
2017-07-11 21:33:55 +02:00
Adam Leff
1ea06ac3ea Change host resource to use getent ahosts on Linux (#2002)
* Change host resource to use getent ahosts on Linux

In InSpec 1.31, we changed the `host` resource to use `dig` instead of `getent
hosts` for name resolution because `getent hosts` does not return all entries
(only the first v6 entry if it exists, then the first v4 entry) and we wanted to
keep the Darwin and Linux implementation as close as possible. Unfortunately,
this affected users' ability to do resolution checks for entried stored in their
/etc/hosts file.

This change goes back to using `getent` for Linux and changes to `getent ahosts`
which returns both v4 and v6 records. Additionally, the Darwin provider's dig
implementation was reordered to return v4 addresses before v6 addresses to be
consistent with how `getent ahosts` returns records.

Signed-off-by: Adam Leff <adam@leff.co>

* Update unit tests for resolve_with_getent with proper output

Signed-off-by: Adam Leff <adam@leff.co>
2017-07-11 21:32:52 +02:00
Adam Leff
fb5e5c54e3 Promote artifact to stable during Habitat upload (#1999)
`pkg` commands in Habitat 0.25 now use channels and prefer the `stable` channel by
default. However, artifacts uploaded with `hab pkg upload` go to `unstable` by
default (as it should).

This change ensures that `chef/inspec` artifacts land in `stable` during our
release process.

Signed-off-by: Adam Leff <adam@leff.co>
2017-07-11 21:30:06 +02:00
Adam Leff
c29648a623 Release v1.31.1 (#1996)
Signed-off-by: Adam Leff <adam@leff.co>
2017-07-06 16:29:20 -04:00
Adam Leff
1fdea330d3 host resource: fix netcat detection (#1995)
The logic used to determine whether a viable netcat binary exists is wrong and
prevents Linux hosts from doing TCP reachability checks.

Signed-off-by: Adam Leff <adam@leff.co>
2017-07-06 16:23:57 -04:00
Adam Leff
dd3457537e Release v1.31.0 (#1994)
Signed-off-by: Adam Leff <adam@leff.co>
2017-07-06 14:07:16 -04:00
Adam Leff
3916d7aca2 Fix formatter when two profiles have the same name (#1991)
* Fix formatter when two profiles have the same name

In the event that an InSpec runner has two profiles that are named the same
(such as when InSpec generates a profile for the Flat source reader, and Test
Kitchen is running concurrently), InSpec could hand back a profile that does not
contain the example. This leads to nil control data and ugly NilClass errors
when TK runs concurrently.

This change modifies the method that finds the profile by control to not only
match on profile name but also match on example ID.

Signed-off-by: Adam Leff <adam@leff.co>
2017-07-06 13:30:37 -04:00
Adam Leff
7bba235014 Add support for ncat in host resource for CoreOS (#1993)
CoreOS is considered a member of the Linux family, and the `host` resource tries
to use `nc` on Linux hosts to test TCP reachability. Unfortunately, `nc` is not
available on CoreOS, but `ncat` is.

This change attempts to use `nc` first, then `ncat` if it's available.

Signed-off-by: Adam Leff <adam@leff.co>
2017-07-06 13:19:16 -04:00
Maggie Walker
c351d27334 Remove Google Custom Search and replace with Swiftype (#1992)
Since Google Custom Search is EOL-ing, we are replacing it with
Swiftype. This adds the necessary markup and JS to make that happen,
as well as some CSS overrides to make it fit with the styling on
the site.

Signed-off-by: Maggie Walker <magwalk@gmail.com>
2017-07-05 17:56:54 -04:00
Tor Magnus Rakvåg
61a8675417 clarify PowerShell requirement (#1989)
Signed-off-by: Tor Magnus Rakvag <tm@intility.no>
2017-07-05 21:28:20 +02:00
Adam Leff
c280e9a816 Fix host resolution on Darwin, use dig wherever possible (#1986)
* Fix host resolution on Darwin, use dig wherever possible

The `host` and `dig` commands do not return non-zero if a query returns NXDOMAIN
or NOERROR, but the DarwinHostProvider was expecting it when deciding whether to
fall back to IPv4 if a IPv6 query failed. Therefore, the `host` resource would
not function properly when resolving hostnames on Darwin. The logic has been
changed to use `dig` short output and query for both v6 and v4 addresses.

Additionally, the LinuxHostProvider has been modified to prefer `dig` if it's
available to keep behavior similar between Darwin and Linux whenever possible.
This has the added benefit of providing v6 and v4 resolution if possible where
`getent hosts` only returns v6 if v6 records exist.

Signed-off-by: Adam Leff <adam@leff.co>
2017-07-05 10:45:30 -04:00
Christoph Hartmann
3255054390 simplify kernel module docs (#1987)
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-07-05 09:57:47 -04:00
Aaron Lippold
cc7ed38d09 kernel_module resource: added blacklisting, enabled, disabled, docs and unit tests (#1798)
* Fix up methods, add command mock, do string matching in ruby instead of command

Fixes #1643
Fixes #1673

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-07-05 11:41:44 +02:00
Aaron Lippold
224935e9cf New postgres_hba_conf resource (#1964)
* Created pg_hba_conf resource

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Created pg_hba_conf resource

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Corrections

* updated to parse auth-options

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* updated `conf_path` instance var to `conf_file` for consistancy.

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* pg_hba_conf - updated the parse_line method
added test and doc files

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Updated few bugs on pg_hba_conf
updated test files and docs

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Updated docs

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Made updates based on the reccomendations

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* PR commit

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* PR Commit

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Update Gemfile.lock

* PR Commit

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Updated doc file for postgres_hba_conf resource to use
'cmp' matcher instead of 'eq'

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Made requested changes, except for SimpleConfig - will address that later.

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-07-03 20:13:51 +02:00
Aaron Lippold
57864f1488 New postgres_ident_conf resource (#1963)
* Initial commit of pg_ident_conf resource

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Initial commit of pg_ident_conf resource

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Small updates to organization of code

Signed-off-by: Aaron Lippold <lippold@gmail.com>
Signed-off-by: Rony Xaiver <rx294@nyu.edu>

* updated `conf_path` instance var to `conf_file` since we are returning
a file.

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* Updated few bugs on pg_ident_conf
added test files and docs

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Updated docs

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Added mock folders

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Added mock folders

Signed-off-by: Rony Xavier <rx294@nyu.edu>
Signed-off-by: Aaron Lippold <lippold@gmail.com>

* Added mock folders

Signed-off-by: Rony Xavier <rx294@nyu.edu>
Signed-off-by: Aaron Lippold <lippold@gmail.com>

* Added OS check

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Added mock file

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Added mock folders

Signed-off-by: Rony Xavier <rx294@nyu.edu>
Signed-off-by: Aaron Lippold <lippold@gmail.com>

* added windows mock file

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* Changed resource name from pg_ident_conf to postgres_ident_conf

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Completed corrections reccomended on PR

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* removed copyright information

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-07-03 20:01:40 +02:00
Aaron Lippold
1b58763aff updated postgres_session resource properly escape queries (#1939)
* fixed a small courner case in the error detection - error: vs error
fixed resource to use 'shellwords' module to escape the query
requested chances in method architecture for testing
added unit tests

Fixes: #1814

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* updated resource and tests with requested review changes

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* removed unneeded call to `escaped_query` in the `create_sql_cmd`.

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* removed license info

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-07-03 08:10:27 +02:00
Adam Leff
0d74a7dc50 Release v1.30.0 (#1978)
Signed-off-by: Adam Leff <adam@leff.co>
2017-06-29 15:19:16 -04:00
Christoph Hartmann
0839be50d6 oracle_session and mssql_session improvement (#1857)
* improve database parsing
* support sqlcli
* ensure headers are downcast
* externalize database helper
* use password as argument
* feedback from @adamleff
* inline docs update + linting
* stay backwards compatible
* implement tests
2017-06-29 11:01:32 -04:00
Adam Leff
a6582bea9b Remove any "All Rights Reserved" references (#1969)
* Remove any "All Rights Reserved" references

InSpec is licensed and released under the Apache 2.0 license. This
change removes all reference to legacy code files that still had
any Copyright or License lines referring to "All Rights Reserved".

Signed-off-by: Adam Leff <adam@leff.co>

* fix functional tests

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-06-28 04:14:19 -07:00
Jerry Aldrich III
cc6f1e90ca Add rpm_dbpath support to the package resource (#1960)
Signed-off-by: Jerry Aldrich III <jerry@chef.io>
2017-06-28 03:21:15 -07:00
Sean Walberg
a0ebc43132 Update iptables docs (#1968)
* Update iptables docs

* Correct nomenclature and be a bit more specific for existing exampls
* Provide an example of allowing a specified port in.

* Update iptables.md.erb
2017-06-28 03:17:24 -07:00
Christoph Hartmann
50e762e492 fix mysql resource (#1971)
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-06-27 12:26:47 +02:00
Christoph Hartmann
8f247673e5 optimize for docker 1.13 (#1966)
Ensure docker resource works with docker 1.13+
2017-06-26 15:45:03 -04:00
Aaron Lippold
d6d9a58489 Small typo in the postgres.rb resource with a call to (#1962)
version_from_dir.

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-06-26 12:23:39 -04:00
Dominik Richter
56549aed82 add nginx_conf resource (#1889)
The resource itself only offers contents and params right now. It resolved
all include calls it can find and creates the aggregated config object.

This is limited in functionality. One last (set of) PR(s) is needed to
add an interface that makes querying this config file easier. It is due
to the file's inherent complexity that I want to explore which methods
are needed to be effective. In the meantime, this resource offers accessors
to the underlying data that are stable.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-06-26 06:37:41 -07:00
Christoph Hartmann
9ac36bca30 make postgres resource working in mock runner (for inspec check) (#1961)
* make postgres resource working in mock runner (for inspec check)

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>

* keep nil for empty states

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-06-26 15:16:09 +02:00
Aaron Lippold
3bb98fa1e8 Fixes the postgres_conf parsing of complex paramerters (#1938)
Fixes #1671

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-06-23 08:31:27 -07:00
Adam Leff
f7c8c646a9 Extract Compliance::API version parsing to separate method (#1931)
For cleanliness and ease of testing, I've moved the logic that
parses the server version from the compliance config to a
separate method.

Signed-off-by: Adam Leff <adam@leff.co>
2017-06-23 08:29:50 -07:00
Richard Shade
1fbd4b57a2 Mysql socket (#1933)
* showing how to shellout in docs

Signed-off-by: Richard Shade <rshade@rightscale.com>

* adding basic example

Signed-off-by: Richard Shade <rshade@rightscale.com>

* cleanup

Signed-off-by: Richard Shade <rshade@rightscale.com>

* adding in mysql socket, as this doesn't work with non-default installs

Signed-off-by: Richard Shade <rshade@rightscale.com>

* updating per peer review to make socket not a req, and adding port

Signed-off-by: Richard Shade <rshade@rightscale.com>

* updating docs

Signed-off-by: Richard Shade <rshade@rightscale.com>
2017-06-23 08:28:15 -07:00
DörteDev
b12f95ea76 attributes-related note added to docs (#1941)
* attributes-related note added to docs

Hello friends.

I just received two separate stacktraces and spent half an hour trying to figure out why my attribute()-calls didn't work. The Slack channel then notified me that these attribute()-calls must live on the top-level of the file. Thought I'd prepare a PR to save others this fight :)

Greetings from southern germany.

* attributes-related note added to docs

Hello friends.

I just received two separate stacktraces and spent half an hour trying to figure out why my attribute()-calls didn't work. The Slack channel then notified me that these attribute()-calls must live on the top-level of the file. Thought I'd prepare a PR to save others this fight :)

Greetings from southern germany.

Signed-off-by: Stefan Staudenmeyer <stefan.staudenmeyer@instana.com>

* attributes-related doc note -> added control block

Signed-off-by: Stefan Staudenmeyer <stefan.staudenmeyer@instana.com>
2017-06-23 07:45:11 -07:00
Adam Leff
b4f772546b Fix directory resource output and exists check (#1950)
* Fix to_s on directory resource

The `to_s` method on the `directory` resource is not defined
in the correct class, leading `directory` resources to be printed
as the parent resource (`file`) instead.

Signed-off-by: Adam Leff <adam@leff.co>

* Directory existence should check to see if it's a directory

Signed-off-by: Adam Leff <adam@leff.co>
2017-06-23 07:44:15 -07:00
Adam Leff
c808712182 Exclude 2.0 Release PRs from current changelog (#1953)
PRs that get merged to the 'release-2.0' branch will
have this label applied which we want to ensure do
not get included in the existing CHANGELOG.md

Signed-off-by: Adam Leff <adam@leff.co>
2017-06-23 07:43:32 -07:00
Adam Leff
81e617e1ad Release v1.29.0 (#1955)
Signed-off-by: Adam Leff <adam@leff.co>
2017-06-22 15:16:19 -04:00
Adam Leff
1601b23e8d Don't send HTTP headers that have nil values (#1948)
Net::HTTP does not gracefully handle HTTP options/headers
that have nil values. This updates Fetchers::Url to verify
that all headers we attempt to configure have non-nil,
non-empty values.

This originally surfaced via the audit cookbook with the
chef-automate fetcher in use without the data_collector
token being set.

Signed-off-by: Adam Leff <adam@leff.co>
2017-06-21 19:09:13 -05:00
Dominik Richter
3f68835c74 reject nil as a command input (#1863)
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-06-19 11:07:36 -04:00
Aaron Lippold
e9371b2624 small typo in the resource with exist? function. (#1937)
Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-06-19 14:28:35 +02:00
Adam Leff
e6256a6c24 Release v1.28.1 (#1935)
Signed-off-by: Adam Leff <adam@leff.co>
2017-06-16 12:45:15 -04:00
Nolan Davidson
52cc27dd06 Adding toml resource (#1924)
* Adding toml resource

This adds a `toml` resource that inherits from the json resource and
behaves the same way as the JSON and YAML resources.

Signed-off-by: Nolan Davidson <ndavidson@chef.io>
2017-06-15 16:54:12 -04:00
Adam Leff
3d4f1f8d39 Release 1.28.0 (#1930)
Signed-off-by: Adam Leff <adam@leff.co>
2017-06-15 14:52:03 -04:00
Justin Moy
45f3b8113c Host resource ping method should return stdout (#1927)
* Host resource ping method should return stdout

Signed-off-by: Justin Moy <justin.moy@sendgrid.com>

* output connection_output and socket_output

Signed-off-by: Justin Moy <justin.moy@sendgrid.com>

* lint

Signed-off-by: Justin Moy <justin.moy@sendgrid.com>

* remove output from method names / hash keys

Signed-off-by: Justin Moy <justin.moy@sendgrid.com>
2017-06-15 14:01:16 -04:00
Kristian Vlaardingerbroek
ced4ca1858 Add support for CoreOS to the service resource (#1928)
* s/package/service/ on service unit test descriptions

Signed-off-by: Kristian Vlaardingerbroek <kvlaardingerbroek@schubergphilis.com>

* Add support for CoreOS to the service resource

Signed-off-by: Kristian Vlaardingerbroek <kvlaardingerbroek@schubergphilis.com>
2017-06-15 13:19:58 -04:00
pete higgins
89e30f8d31 Reduce warnings (#1917)
* Remove some apparently unused test setup to remove some warnings.
* Initialize some instance variables before use to silence warnings.
* Remove an unused variable to remove a warning.
* Remove some indirection.
* Silence logger during tests.
* Check if an instance variable was defined before referencing to remove a warning.
* Define duplicated constant once in root rakefile.
* Initialize an instance variable to remove a warning.
* Remove PROJECT_DIR to reduce coupling.

Signed-off-by: Pete Higgins <pete@peterhiggins.org>
2017-06-15 12:10:47 -04:00
Justin Schuhmann
a69cd1efee Adds support for iis_app InSpec testing (#1905)
Signed-off-by: Justin Schuhmann <jmschu02@gmail.com>
2017-06-15 11:13:07 +02:00
Adam Leff
148d26dc86 Fix directory name for the inspec-habitat unit tests (#1923)
Silly Adam and his silly typos.

Signed-off-by: Adam Leff <adam@leff.co>
2017-06-13 10:05:47 +02:00
Adam Leff
6668bf15ea Fix detection of Automate pre-0.8.x in Compliance::API (#1922)
The is_automate_server_pre_080? and is_automate_server_080_and_later?
methods needed some fixing. The Compliance configuration could have
a "version" key that was not nil but was an empty hash, indicating
that it came from a pre-0.8.x Automate server. What we really need
to look for is config['version']['version'] being nil?.

Signed-off-by: Adam Leff <adam@leff.co>
2017-06-13 10:05:09 +02:00
Dominik Richter
9e3706aabe bugfix: enforce option values where needed (#1918)
Due to limitations in Thor it is not possible to set an argument to be both optional and its value to be mandatory. E.g. the user supplying the --password argument is optional and not always required, but whenever it is used, it requires a value. Handle options that were defined with mandatory values in a way that fails with an `ArgumentError` if the value is missing, i.e.:

```
> inspec exec examples/profile --password
ArgumentError: Please provide a value for --password. For example: --password=hello.
```

It works without `--password` or with `--password=arg`. Also handled for `--sudo-password`.

Fixes: https://github.com/chef/inspec/issues/1901
As suggested: https://github.com/chef/inspec/pull/1904

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-06-12 17:33:16 -04:00
Dominik Richter
54444e8878 fix intermitten functional vendor test failures (#1919)
* fix intermitten functional vendor test failures

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* isolate artifact functional tests to temporary directory

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-06-12 14:01:26 +02:00
Dominik Richter
d48b2d4096 bugfix: reading tgz files with binread (#1920)
This is currently failing because both `alias` and `alias_method` create method imprints in the FileProvider. This leads to a failure where the TarProvider assumes it doesn't implement `binread`, which in fact it does, since it just calls `read`.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-06-12 13:00:19 +02:00