* Initial commit of skeletal resource aws_kms_key
* * Adds comments to rerun travis
* * Clarifies some parts of the doc.
* Changes matcher have_aws_key_manager to manged_by_aws
* Fixes copypasta
* Adds clarification to property names
* Fixes rescueing exceptions from the api
* raises exceptions in the unit tests
Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
This mock was a remenant of file reading tests that became obsolete with
the centralization of that code.
Signed-off-by: Trevor Bramble <tbramble@chef.io>
* Clean up test data, correct parse error handling
* Use functional pipeline to avoid need for conditional clauses and clarify the intent of the comment parsing.
* Extract magic strings to constants
* Remove code and tests now covered by FileReader
Co-authored-by: Trevor Bramble <tbramble@chef.io>
Co-authored-by: Paul Welch <pwelch@chef.io>
Signed-off-by: Trevor Bramble <tbramble@chef.io>
* Initial commit of skeletal resource aws_sns_topics
* Adds clarification in documentation
* Adds functionality for calling the next token returned from aws api.
* Wraps api calls in the catch_aws_errs method
Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
* Create file-check functionality into utility file
There are the similar issues as PR #2302. Almost resources return false
positives when a file does not exist or is not read.
* Replace to file-check functionality
* Fix dh_params and x509_certificate resources
If a file is empty, OpenSSL::PKey::DH and OpenSSL::X509::Certificate have
raised an exception and have skipped the inspection. Thus x509_certificate
and dh_params resources are not allowed to read a empty file.
* to_s of shadow expects filters is not nil
* Remove workaround of sshd_config
Removes the workaround of sshd_config since Travis CI fails due to a bug
of dev-sec/ssh-baseline and the PR #100 will fix it.
* Use init block variable in methods
Signed-off-by: ERAMOTO Masaya <eramoto.masaya@jp.fujitsu.com>
* Initial commit of new resource
* Makes changes to docs to match changes to the resources.
* Adds clarifications in docs and changes it to be an erb file.
* Simplifies some unit tests
* Wraps calls to the api in a aws_catch_errors method
* Removes provisioner terraform code
Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
When testing on a filesystem used for a long time or built on a small
sized partition, the actual file order may be different from the
expected file order as below:
1) Failure:
inspec keyword::inspec.profile.files#test_0002_lists all profile files when calling #files [/work/git/inspec/test/unit/dsl/other_keywords_test.rb:50]:
--- expected
+++ actual
@@ -1 +1 @@
-["a_sub_dir/sub_items.conf", "items.conf"]
+["items.conf", "a_sub_dir/sub_items.conf"]
2) Failure:
SourceReaders::InspecReader::with a valid profile#test_0005_retrieves all extra files [/work/git/inspec/test/unit/source_readers/inspec_test.rb:39]:
--- expected
+++ actual
@@ -1 +1 @@
-["files/a_sub_dir/sub_items.conf", "files/items.conf"]
+["files/items.conf", "files/a_sub_dir/sub_items.conf"]
Signed-off-by: ERAMOTO Masaya <eramoto.masaya@jp.fujitsu.com>
* Modify version constraints to be an Array
This will allow both old and new versions of InSpec to parse the
`inspec.lock` correctly.
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* quote password when generating mysql command string
* added a test for mysql_session, added shellwords escaping to mysql_session resource
* changed the name of the escape method
* clarified test conditions
Signed-off-by: Tom Hodder <tom@limepepper.co.uk>
shadow file.
After much thought the deprecations from #2642 were for the wrong methods.
Plural method names feel much more natural when working with this
resource because you can have more than a single result.
Consider a match like `shadow.user(/^www/)`, this could return multiple
users, so `shadow.users` feels more natural here.
The problem is that the fields we're matching in the shadow file itself
are singular. Each entry is for a user, which has a password, and some
other fields. A user never has `passwords` in the shadow file, only a
`password`.
This is made more obvious when you use the `filter` method.
When we use this filter: `shadow.filter(min_days: 20, max_days: 30)` we
are matching fields in the shadow file and not using our matcher
methods. This means that if there is a discrepancy between our matcher
methods, and the shadow fields the user could end up confused. Like I did =)
This PR changes:
Changed matchers to match shadow fields.
Updated documentation to reflect changes.
Updated tests to reflect changes.
Re-add `filter` method, and add a test for it.
Renamed variable for FilterTable to be less confusing.
Renamed query argument for methods to be consistent.
Cleanup docs based on comments from @jerryaldrichiii
Make Rubocop happy <3
Signed-off-by: Miah Johnson <miah@chia-pet.org>
Removes skip_resource and raise .. if InSpec.os stuff from initialize as this is covered by platform support.
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* return 1 as exit code for commands that are not available
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
* update tests
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
* Change shadow resource to use FilterTable rather than custom filter
implementation.
Add tests for singluar aliased methods and other minor changes to work
with FilterTable output.
Coverage is at 100%
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* merge master
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Add support to use bash in host resource
Netcat's presence is widely regarded as a security issue, and thus not
always available. This solution first tries to use bash builtins and
timeout (from coreutils), so is less likely to require installing
additional packages.
* Darwin UDP support in host resource
* Host: use netcat first if available
Signed-off-by: João Vale <jpvale@gmail.com>
* Fix aws-iam-users pagination
PROBLEM: aws-iam-users resource only retrieves 100 records due to pagination
in the AWS IAM list_users function.
FIX: Iterate over all the pages using the AWS pagination variables `marker`
and `is_truncated`
Signed-off-by: Richard Nixon <richard.nixon@btinternet.com>
* Move instance variable to avoid `NoMethodError`
Methods for `role` and `system` properties are dynamically generated and
return values from the `@virtualization_data` Mash. Therefor, we must
ensure `@virtualization_data` exists before calling these methods.
* Move supports logic to `supports platform: linux`
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Initial commit of new resource
* Removes deprecated matcher in example
* Adds a new terraform file for config resources
* Fixes and clarifies documentation
* Wraps calls to api in catch_aws_errors method
* Changes the names of two matchers
Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
* Fix formatting of iam user integration tests by placing them in controls
* Fix subnet AZ test by making it an attribute; can't hardcode it
* Fix VPC ID fixture export for subnet testing
* Rename Azure integration tasks to match AWS and allow on-demand attribute dump
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* package resource: Fix `brew` package detection
This allows for package detection via `brew` to handle cases where a
particular package formula exists but is not installed.
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Fixes the deprecation warning text for report and output.
Remove an extra 'is being' from the 'is being is being'
Signed-off-by: Franklin Webber <franklin@chef.io>
* Fix legacy reporter output.
Signed-off-by: Jared Quick <jquick@chef.io>
* Wrap test in a proc to catch warnings.
Signed-off-by: Jared Quick <jquick@chef.io>
* Add output deprecation.
Signed-off-by: Jared Quick <jquick@chef.io>
This does the following to `inspec detect`:
- Modifies it to use the `platform` resource
- Changes the output to mention Platform and show the family hierarchy
- Changes the JSON output by changing `family` to `families`
- Adds better error messaging (no more stacktraces!)
- Adds support for APIs such as AWS/Azure
- Hides Arch from API platforms (not applicable)
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>