Commit graph

169 commits

Author SHA1 Message Date
Miah Johnson
659b4b373a Remove # encoding: utf8 magic comments
Signed-off-by: Miah Johnson <miah@chia-pet.org>
2019-05-07 16:06:23 -07:00
Clinton Wolfe
6a580ade70 Add missing group argument in deprecator
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-04-17 15:58:18 -04:00
Clinton Wolfe
ba6d59dc66 Deprecation handler in unit test helper
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-04-16 16:27:56 -04:00
Clinton Wolfe
fc1bc75358 Adjust deprecations somewhat
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-04-12 10:55:36 -04:00
Jerry Aldrich
40031a9b83 Use deprecation facility throughout code
This converts all current deprecation warnings/TODOs to use the
`Inspec.deprecate()` deprecation facility.

This also modifies `Inspec.deprecate()` to only require 1 argument.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2019-04-11 19:15:01 -04:00
Clinton Wolfe
c9e8716310 Change two more mentions of DEFAULT_ATTRIBUTE
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-02-22 10:10:50 -05:00
Clinton Wolfe
4601740140 Linting
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-01-16 00:42:01 -05:00
Clinton Wolfe
45c1a11ad6 Create a real GroupEntry when the group is unrecognized, simplifying logic
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-01-16 00:41:21 -05:00
Clinton Wolfe
b89681350e Correct comment reference exit code
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-01-16 00:26:29 -05:00
Clinton Wolfe
48e2188047 Remove class var for testing, replace with tramp data
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-01-16 00:24:19 -05:00
Clinton Wolfe
212fe36b76 Add debug output to ignore actions
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-01-15 23:49:20 -05:00
Clinton Wolfe
c6e22ddb16 Refine stack heuristics to reject RSpec and the deprecation system itself
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-01-15 23:36:03 -05:00
Clinton Wolfe
c63f6e28a3 Clarify error message when unknown_group_action is invalid
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-01-15 23:22:16 -05:00
Clinton Wolfe
6fc5bd8b83 Add comment field to group entries
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-01-15 23:17:52 -05:00
Clinton Wolfe
fe0236cb64 Remove spurious 'ocurrences' field from GroupEntry
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-01-15 15:40:14 -05:00
Jerry Aldrich
f5ec7c9c65 Fix style/RuboCop on cw/deprecation-facility
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2019-01-14 13:57:59 -08:00
Clinton Wolfe
c169119895 linting
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-01-10 23:54:50 -08:00
Clinton Wolfe
c43e401dda Fix default exit code logic to properly use value in Inspec::UI
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-01-10 23:54:50 -08:00
Clinton Wolfe
b2bb8c062b Last polish on the unit tests, all pass
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-01-10 23:54:50 -08:00
Clinton Wolfe
642d8d61b6 Funcitonal tests pass; some unit tests fail
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-01-10 23:54:50 -08:00
Clinton Wolfe
f5ab0d9125 Config file validation in place
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-01-10 23:54:50 -08:00
Clinton Wolfe
2121667e31 Starting implementation, global method is wired up
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-01-10 23:54:50 -08:00
Tim Smith
a1aef8fe17 Update list of SPDX licenses (#3677)
Signed-off-by: Tim Smith <tsmith@chef.io>
2018-12-20 14:41:11 -05:00
Andrey Klyachkin
f835c24e89 ksh support (#3533)
Add ksh (Korn Shell) resource
2018-10-23 09:16:24 -04:00
Clinton Wolfe
ff2be7be56 FilterTable: allow Strings or Symbols as fields (#3481)
* Allow strings or symbols to be used interchangeably in filtertable criteria; improve error message
* rubocop
* Update test count

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-10-17 09:29:58 -04:00
Jared Quick
2bbcdbde9b
Inspec 3.0 (#3512)
* Remove deprecated yumrepo. (#3435)

* Remove deprecations for cli `--format` and metadata.rb (#3452)

* Remove deprecated database_helpers stderr/stdout methods.
Update deprecation text for processes/apache.

* Remove deprecations for `--format` and metadata.rb
Remove deprecated `format` code.
Remove deprecated code test and change json-config format test to use
reporter.
Remove deprecated metadata.rb code
Remove deprecation notice for old supports syntax.
Deprecate metadata.rb from source_reader
Remove rubocop disables as they are no longer required for this code block.
Remove deprecated legacy metadata.rb mock profiles.
Remove deprecated metadata.rb profile tests.
Remove deprecated yumrepo test.

* Allow inspec-3.0 branch to be tested.
* Allow appveyor to test inspec-3.0 branch
* Change runner tests to use reporter rather than format.
Remove deprecated `supports: linux` tests.

* Remove skip from inherited profiles from showing up in reporting (breaking change) (#3332)

* Skip loading dependency profiles if they are unsupported on the current
platform.

Skip loading dependencies if they are unsupported on the current
platform.

Wrap our log and next in a conditional checking if the platform is
supported.

Change a `if !` into a `unless`

Check if the backend is a Train Mock Connection and if so say that the
profile does support the platform.

While iterating through tests being loaded skip when the platform is
unsupported.

We now log a WARN when a profile is skipped due to unsupported platform,
so lets check that.

Modified existing test to log that there are 0 skipped tests, instead of
2.

Add functional test that loads profile-support-skip with a json reporter
to check that our controls are not loaded and that stderr contains our
warning.

* Rather than iterating through each test return before recursion if the platform is
unsupported.

* Resolve tests using a supported platform different from testing platform

Add a control to `test/unit/mock/profiles/complete-profile` that would
work on any OS with a Internet connection. This allows the profile
to execute on any OS with success. `filesystem_spec.rb` was a control
that would only work on Linux and some BSD's.

We want profile tests to consistently work across development and testing
platforms, and not get 'skipped' in some cases.  Travis-CI tests on Linux,
Inspec Dev team uses Linux and MacOS, Appveyor tests on Windows

Also Updated `file_provider_test.rb` for `complete-profile` content changes.

If you `MockLoader.load_profile` on a unsupported platform you might not
hit the usual skip. Lets handle situations where the tests array in
Profile#load_checks_params could be nil.

* Use safe navigation rather than checking if tests is nil.
Update tests to point to unsupported_inspec and account for WARN changes.
Make unsupported_inspec profile support os-family 'unsupported_inspec'

* Fix skip bug when using include/require controls. (#3487)

* Fix skip bug when using include/require controls.
* fix test and feedback.

* Remove need for UUID detection for Automate report (#3507)
* Add json metadata for skipped profiles (#3495)

* Add skip metadata to json reports
* Unify skip messages.
* Update with status field.
* Add testing.
* Fix tests.
* lint
* Add skip exit codes for profile skips.
* Update website for 3.0 launch

Add `plugins` to sidebar.
Change 2.0 -> 3.0 in slim files.
Update 3.0 features list.
* Fix comments
* Update float to numeric.
* Change Float to numeric.
* updated feature list and impact doc
* Change "What's new in InSpec 3.0" -> "Announcing InSpec 3.0"
* Bump VERSION to 3.0.0 (#3511)

* Remove 3.0 testing checks.

* Fix azure link.
2018-10-15 18:25:27 -04:00
Clinton Wolfe
811318f2f8 Plugins API v2: Loader, Base API, and Test Harness (#3278)
* Functional tests for userdir option
* Accepts --config-dir CLI option
* Actually loads a config file from the config dir, more cases to test
* Able to load config and verify contents from config-dir
* Functional tests to ensure precedence for config options
* Enable setting config dir via env var
* .inspec, not .inspec.d
* Begin converting PluginCtl to PluginLoader/Registry
* Able to load and partially validate the plugins.json file
* More work on the plugin loader
* Break the world, move next gen stuff to plugin/
* Be sure to require base cli in bundled plugins
* Move test file
* Revert changes to v1 plugin, so we can have a separate one
* Checkpoint commit
* Move v2 plugin work to v2 area
* Move plugins v1 code into an isolated directory
* rubocop fixes
* Rip out the stuff about a user-dir config file, just use a plugin file
* Two psuedocode test file
* Working base API, moock plugin type, and loader.
* Adjust load path to be more welcoming
* Silence circular depencency warning, which was breaking a unit test
* Linting
* Fix plugin type registry, add tests to cover
* Feedback from Jerry

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-08-16 18:16:32 -04:00
Stanislav Voroniy
a16877f427 A number of bug fixes and new features for oracledb_session resource (#3170)
Signed-off-by: Stanislav Voroniy <stas@voroniy.com>
2018-07-09 13:57:45 -04:00
Clinton Wolfe
f9dd82f2f6
Add common methods to FilterTable automatically (#3104)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-06-05 22:35:09 -04:00
Clinton Wolfe
ca6556e0fe
Add lazy-loading to FilterTable (#3093)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-06-05 17:32:52 -04:00
Clinton Wolfe
4cd6cc07cc
Two fixes to FilterTable where criteria handling (#3045)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-06-05 00:46:32 -04:00
Clinton Wolfe
8c274daaa9
Refactor: Perform internal rename and add comments to FilterTable (#3047)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-06-04 20:20:59 -04:00
Jerry Aldrich
9e8724ca6e nginx_conf resource: Fix include paths with quotes (#2726)
* nginx_conf resource: Fix include paths with quotes
* Move quote removal to `NginxParser`
* Add parsers/tests for quotes in quotes

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-05-03 09:53:20 -04:00
David Alexander
72925a7145 Makes JSON resource enumerable, despite method_missing magic (#2910)
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
2018-04-26 11:54:16 -04:00
Omar J. Irizarry
a278ae921b Require a key attribute for the key_rsa resource (#2891)
Bug Fix #2865
* Defining an attribute without a default value generates a stacktrace
* Fix string quotes
* Moved logic out of the initilize method.
* Refactoring for better clarity.
* Fixing trailing white spaces
Signed-off-by: Omar J Irizarry <irizarry_omar_j@network.lilly.com>
2018-04-12 16:15:04 -04:00
eramoto
53a53820cf Mitigate trivial warning output on test (#2872)
* Mitigate trivial warning on test by initializing
Also fixes passing a ambiguous argument.
* Mitigate trivial warning by removing redundant method

Signed-off-by: ERAMOTO Masaya <eramoto.masaya@jp.fujitsu.com>
2018-03-28 11:22:01 -04:00
eramoto
c7e87ca3e3 Unify method in which file content is read across all resources (#2359)
* Create file-check functionality into utility file

There are the similar issues as PR #2302. Almost resources return false
positives when a file does not exist or is not read.

* Replace to file-check functionality
* Fix dh_params and x509_certificate resources

If a file is empty, OpenSSL::PKey::DH and OpenSSL::X509::Certificate have
raised an exception and have skipped the inspection. Thus x509_certificate
and dh_params resources are not allowed to read a empty file.

* to_s of shadow expects filters is not nil
* Remove workaround of sshd_config

Removes the workaround of sshd_config since Travis CI fails due to a bug
of dev-sec/ssh-baseline and the PR #100 will fix it.

* Use init block variable in methods

Signed-off-by: ERAMOTO Masaya <eramoto.masaya@jp.fujitsu.com>
2018-03-22 08:25:45 -04:00
Noel Georgi
dd033fbf1b mssql_session - Handling cases where the data is nil (#2752)
* Fixing bug where the row data returned is nil

Signed-off-by: Noel Georgi <noel.georgi@reancloud.com>
2018-03-01 14:30:07 -05:00
Jerry Aldrich
84817366a1 Remove deprecations for InSpec 2.0 (#2506)
* Add `release-2.0` target branch to AppVeyor/Travis (#2510)

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* simpleconfig: Remove deprecated config keys

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* cli (exec): Remove `--cache` command line argument

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* platform: Remove lowercase os name protection

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* matcher: Remove `contain_legacy_plus` matcher

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* matcher: Remove `contain_match` matcher

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* matcher: Remove `with_version` matcher

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* matcher: Remove `belong_to_group` matcher

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* matcher: Remove `belong_to_primary_group` matcher

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* matcher: Remove `contain` matcher

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* passwd: Remove deprecated properties

This removes:
  - `passwd.count`
  - `passwd.username`
  - `passwd.usernames`
  - `passwd.uid`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* auditd_rules: Remove in favor of `auditd` resource

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* cli: Remove `login_automate` command

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Remove `resource_skipped` message method

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-02-08 11:05:21 +01:00
Jerry Aldrich III
71057675de Allow skipping/failing resources in FilterTable (#2349)
* Allow skipping/failing resources in FilterTable

`FilterTable` is commonly used in the class body of a resource and is
evaluated during an `instance_eval`. This means that if you raise an
exception (e.g. SkipResource) it will halt `inspec exec` and
`inspec check`.

This adds an `ExceptionCatcher` class that will postpone evaluation
until test execution.

This allows `inspec check` and `inspec exec` to perform as intended when
skipping/failing a resource in `FilterTable`

Huge thanks to @adamleff for providing the starting code/ideas!

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Comment why `ExceptionCatcher` doesn't raise

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Remove `accessor` from `ExceptionCatcher`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Return the existing ExceptionCatcher object rather than creating new

Signed-off-by: Adam Leff <adam@leff.co>
2017-11-29 07:32:40 -05:00
Adam Leff
4b9acb4800 Bump Rubocop to 0.49.1 (#2323)
* Bump Rubocop to 0.49.1

This change bumps Rubocop to 0.49.1. There have been a lot of changes
since 0.39.0 and this PR is hopefully a nice compromise of turning off
certain cops and updating our codebase to take advantage of new Ruby
2.3 methods and operators.

Signed-off-by: Adam Leff <adam@leff.co>

* Set end-of-line format to line-feed only, avoid Windows-related CRLF issues

Signed-off-by: Adam Leff <adam@leff.co>
2017-11-21 08:49:41 +01:00
eramoto
986c8818d3 xinetd_conf resource: fix false positives with config file or directory doesn't exist (#2302)
xinetd_conf resource: fix false positives when config file or directory doesn't exist
2017-11-15 15:56:39 -05:00
Adam Leff
0a11280444
nginx resource: support quoted identifiers (#2292)
An nginx config may contain configuration settings that are quoted, such
as a map entry:

"~^\/opcache-api" 1;

The `nginx_conf` resource was failing to properly parse these.

Signed-off-by: Adam Leff <adam@leff.co>
2017-11-08 12:42:37 -05:00
Markus Grobelin
221db7e132 mount resource: fix for Device-/Sharenames and Mountpoints including … (#2257)
* mount resource: fix for Device-/Sharenames and Mountpoints including whitespaces

Device-/Sharenames and Mountpoints on Linux may include whitespaces (\040), e.g. /etc/fstab entry like:

```//fileserver.corp.internal/Research\040&\040Development /mnt/Research\040&\040Development cifs OTHER_OPTS```

... results in a mount line like:

```//fileserver.corp.internal/Research & Development on /mnt/Research & Development type cifs (OTHER_OPTS)```

The Linux mount command replaces \040 with whitspace automatically, so this should be tributed.

I used a control like this:

```
    describe mount('/mnt/Research & Development') do
      it { should be_mounted }
      its('device') { should eq  '//fileserver.corp.internal/Research & Development' }
    end
```

Before:

```
  ×  whitespaces-1: Mount with whitespace within sharename and mountpoint. (1 failed)
     ✔  Mount /mnt/Research & Development should be mounted
     ×  Mount /mnt/Research & Development device should eq "//fileserver.corp.internal/Research & Development"

     expected: "//fileserver.corp.internal/Research & Development"
          got: "//fileserver.corp.internal/Research"

     (compared using ==)
```

After:

```
  ✔  whitespaces-01: Mount with whitespace within sharename and mountpoint.
     ✔  Mount /mnt/Research & Development should be mounted
     ✔  Mount /mnt/Research & Development device should eq "//fileserver.corp.internal/Research & Development"
```

Signed-off-by: Markus Grobelin <grobi@koppzu.de>

* mounts_with_whitespaces: make lint happy

Signed-off-by: Markus Grobelin <grobi@koppzu.de>

* mount resource: added parentheses as suggested by https://github.com/chef/inspec/pull/2257/files

Signed-off-by: Markus Grobelin <grobi@koppzu.de>

* mount resource: fix for Device-/Sharenames and Mountpoints including whitespaces
Signed-off-by: Markus Grobelin <grobi@koppzu.de>
2017-11-01 12:01:21 +01:00
Adam Leff
9d8c53cf31 Support symbol keys in ObjectTraverser (#2221)
As detected in #2036, it is not possible to extract values from
a YAML file if the key is a symbol. This change refactors ObjectTraverser
to support symbol keys before attempting to stringify them.

Signed-off-by: Adam Leff <adam@leff.co>
2017-10-06 19:24:31 +02:00
Jerry Aldrich III
3d7244fb07 Add wildcard support to Utils::FindFiles (#2159)
Wildcards are evaluated prior to applying `sudo` permissions. This
means that running `sudo find /some/path/*.conf` will fail if the user
does not have read permissions on `/some/path/` because the wildcard
cannot expand before `sudo` is applied and `*.conf` isn't a file.

The solution for this is to run the command in a subshell that has the
proper permissions (e.g. `sudo sh -c 'find /some/path/*.conf'`).

This modifies `Utils::FindFiles` to use a subshell thus allowing
wildcard support.

This fixes #2157

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-09-23 09:17:34 +02:00
Simonas
da75f268bc Fix issue when xinetd.conf does not end in newline (#2040)
Add a newline symbol to the end of the parsed input.

Sample hexdump of a file deployed by xinetd cookbook:

$ hexdump -C /var/chef/cache/cookbooks/xinetd/templates/default/xinetd.conf.erb | tail -2
000000b0  72 20 2f 65 74 63 2f 78  69 6e 65 74 64 2e 64     |r /etc/xinetd.d|
000000bf

Signed-off-by: Simonas Kareiva <simonas@5grupe.lt>
2017-08-02 15:29:26 +02:00
Christoph Hartmann
0839be50d6 oracle_session and mssql_session improvement (#1857)
* improve database parsing
* support sqlcli
* ensure headers are downcast
* externalize database helper
* use password as argument
* feedback from @adamleff
* inline docs update + linting
* stay backwards compatible
* implement tests
2017-06-29 11:01:32 -04:00
Adam Leff
a6582bea9b Remove any "All Rights Reserved" references (#1969)
* Remove any "All Rights Reserved" references

InSpec is licensed and released under the Apache 2.0 license. This
change removes all reference to legacy code files that still had
any Copyright or License lines referring to "All Rights Reserved".

Signed-off-by: Adam Leff <adam@leff.co>

* fix functional tests

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-06-28 04:14:19 -07:00
Dominik Richter
56549aed82 add nginx_conf resource (#1889)
The resource itself only offers contents and params right now. It resolved
all include calls it can find and creates the aggregated config object.

This is limited in functionality. One last (set of) PR(s) is needed to
add an interface that makes querying this config file easier. It is due
to the file's inherent complexity that I want to explore which methods
are needed to be effective. In the meantime, this resource offers accessors
to the underlying data that are stable.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-06-26 06:37:41 -07:00