* nginx_conf resource: Fix include paths with quotes
* Move quote removal to `NginxParser`
* Add parsers/tests for quotes in quotes
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Adds chocolatey package resource
* Adds docs for chocolatey_package resource
* Differentiate chocolatey package from windows feature
Suggested by @frezbo
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
* Add python check for pip resource
When checking pip resources, we should skip resource if python is not
installed or we will fail with an error when trying to parse the path.
* Check pip command on windows
On Windows, if pip has a newer version available, it adds an error
message to stderr. Now checking if both stderr and stdout on windows
have values. If so, assume pip package is installed.
* Clean up powershell query command
- Make it easier to read what the powershell command is doing
- Make it easier to read what the cmd_successful method lokos for
Signed-off-by: Paul Welch <pwelch@chef.io>
This adds `powershell` resource support for non-Windows OSs via `pwsh`
and Base64 encoded commands.
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* registry_key resource was returning an incorrect value
when key value was greater than 2147483647
* added mock
* Fix issue with default reg key
(default) key was returning nil even when a value was present.
Signed-off-by: Omar Irizarry <irizarry_omar_j@network.lilly.com>
This mock was a remenant of file reading tests that became obsolete with
the centralization of that code.
Signed-off-by: Trevor Bramble <tbramble@chef.io>
* Clean up test data, correct parse error handling
* Use functional pipeline to avoid need for conditional clauses and clarify the intent of the comment parsing.
* Extract magic strings to constants
* Remove code and tests now covered by FileReader
Co-authored-by: Trevor Bramble <tbramble@chef.io>
Co-authored-by: Paul Welch <pwelch@chef.io>
Signed-off-by: Trevor Bramble <tbramble@chef.io>
* Add support to use bash in host resource
Netcat's presence is widely regarded as a security issue, and thus not
always available. This solution first tries to use bash builtins and
timeout (from coreutils), so is less likely to require installing
additional packages.
* Darwin UDP support in host resource
* Host: use netcat first if available
Signed-off-by: João Vale <jpvale@gmail.com>
* package resource: Fix `brew` package detection
This allows for package detection via `brew` to handle cases where a
particular package formula exists but is not installed.
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Formatter and reporter refactor.
Signed-off-by: Jared Quick <jquick@chef.io>
* Add exception and backtrace to json-min report.
Signed-off-by: Jared Quick <jquick@chef.io>
* Add sha to json-min and include generator version for json profile.
Signed-off-by: Jared Quick <jquick@chef.io>
* Fix deprecated typo and add fallback for cli resource title.
Signed-off-by: Jared Quick <jquick@chef.io>
* Update to build json report and clean up cli logic.
Signed-off-by: Jared Quick <jquick@chef.io>
* Add tests for json reporter.
Signed-off-by: Jared Quick <jquick@chef.io>
* Add cli suppress_log_output? and a fallback for invalid reporter type.
Signed-off-by: Jared Quick <jquick@chef.io>
* Update suppress_log_output? to check if we are outputting to stdout.
Signed-off-by: Jared Quick <jquick@chef.io>
* Update reporter cli optoins to work with json_config.
Signed-off-by: Jared Quick <jquick@chef.io>
* Refactor some safe-navigation and variable names.
Signed-off-by: Jared Quick <jquick@chef.io>
* Add thor banner to show reporter file output syntax.
Signed-off-by: Jared Quick <jquick@chef.io>
This adds support for `architectures` to the `packages` resource.
Example:
```
describe packages(/compat-libstdc++-33/) do
its('architectures') { should include 'x86_64' }
its('architectures') { should include 'i686' }
end
```
This also adds documentation for the `packages` resource
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* adding df resource
Signed-off-by: Vern Burton <me@vernburton.com>
* adding unit tests and required mocks for them, created integration test
Signed-off-by: Vern Burton <me@vernburton.com>
* cleaning up skip test to include only the filename and not full path
Signed-off-by: Vern Burton <me@vernburton.com>
* adding docs
Signed-off-by: Vern Burton <me@vernburton.com>
* size makes more sense than space
Signed-off-by: Vern Burton <me@vernburton.com>
* removing unneeded author lines
Signed-off-by: Vern Burton <me@vernburton.com>
* as the command changed, changing mock to the new sha
Signed-off-by: Vern Burton <me@vernburton.com>
* updating to address comments from #2441
* removing author lines
* using attr_reader functions
* using ruby string functions rather than pipe to sed
* adding os family detection
* using ResourceFailed as the pattern already existed for OS family detection
* using if for future case support for unix and unix-like (FreeBSD)
Signed-off-by: Vern Burton <me@vernburton.com>
* adding supports to resource metadata, and adding tests that show that resource says that it is not supported on windows/unix.
Signed-off-by: Vern Burton <me@vernburton.com>
* focusing on linux os family and removing logic for assumed future cases
Signed-off-by: Vern Burton <me@vernburton.com>
* changing df to filesystem
Signed-off-by: Vern Burton <me@vernburton.com>
* service resource: Fix no `.service` + systemd bug
This modifies the `enabled?` check to fallback to `sysv_service` in the
event that a `.service` file cannot be found.
For example: On Debian 8.7 the stock apache2 package does not deploy a
`.service` file but deploys a SysV style service. This causes
`systemctl is-enabled` to fail when the service is in fact enabled.
* Remove `cmd_stderr` and clean up `cmd_exit_1`
* Clean up `stderr` assignment using ternary
This change adds the `docker_service` resource for Docker swarm mode services. This
branches off some of the common elements (id, exists) into a `DockerObject` module along
with a utility function for parsing the image/repo string. That function was implemented
separately by `docker_image` and `docker_container`, now with a third resource, it made
sense to consolidate that into an included module. I used the most comprehensive
implementation. Existing classes had to be slightly modified for the genericization.
Signed-off-by: Matt Kulka <mkulka@parchment.com>
* Fix `grub_conf` menuentry detection
This does the following:
- Corrects Grub2 bug where last entry was always selected
- Adds support for specifying a Grub2 menu entry by name
- Adds support for using `GRUB_DEFAULT=saved` with Grub2
- Adds more Unit tests
* Add error if menuentry name cannot be extracted
* Add handling for missing/unreadable grubenv
* Add defensive code for failed menuentry extraction
* adding database.xml with attributes to files and mocking it in the helper.rb
Signed-off-by: Vern Burton <me@vernburton.com>
* adding logic to test class returned by XPATH and using functions from respective classes to fill a array for return, and unit and integration tests to ensure functionality
Signed-off-by: Vern Burton <me@vernburton.com>
* updating docs to show how attributes are used
Signed-off-by: Vern Burton <me@vernburton.com>
* 'and' instead of 'or' makes more sense
Signed-off-by: Vern Burton <me@vernburton.com>
* adding default else for capturing unknown classes from REXML
Signed-off-by: Vern Burton <me@vernburton.com>
* removing extra newline
Signed-off-by: Vern Burton <me@vernburton.com>
* adding fail case with enough information to debug in future case
Signed-off-by: Vern Burton <me@vernburton.com>
* adding SQL 2012 SP1 for mssql_session testing
Signed-off-by: Vern Burton <me@vernburton.com>
* updating SHA to match new commands with ports in them
Signed-off-by: Vern Burton <me@vernburton.com>
* adding port, and a default value and moving from skip_resource to resource_fail
Signed-off-by: Vern Burton <me@vernburton.com>
* adding new sha for custom host
Signed-off-by: Vern Burton <me@vernburton.com>
* adding tests for hostname and migrating test that passed port in host to a dedicated port test
Signed-off-by: Vern Burton <me@vernburton.com>
* adding integration test
Signed-off-by: Vern Burton <me@vernburton.com>
* removing services as appveyor does not have integration testing running so it would be a waste of time to enable it
Signed-off-by: Vern Burton <me@vernburton.com>
* mock instance command
Signed-off-by: Vern Burton <me@vernburton.com>
* making instance readable
Signed-off-by: Vern Burton <me@vernburton.com>
* adding instance test
Signed-off-by: Vern Burton <me@vernburton.com>
* moving to ResourceSkipped as ResourceFailed is targeted for a major release
Signed-off-by: Vern Burton <me@vernburton.com>
* Add support for Darwin Directory Service groups
This allows users to verify groups added by Chef on OS X.
The current method that `UnixGroup` uses is to check the contents of
`/etc/group`, but OS X adds groups to Directory Service and not
`/etc/group`. This modifies the `group` resource on Darwin to use
`dscacheutil` to get group info.
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Clean up `select_group_manager`
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Clean up DarwinGroup `groups` method
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* add a emulated /etc/cron.d/crondotd file to the mocking system.
* test that we handle incoming paths correctly by rendering to_s.
* We take in both users and a path, so lets call that destination.
* To make the test pass we'll determine if we are dealing with a path or
a user and return the correct string.
* we will need the ability to determine if we are dealing with a path when either calling the crontab command or reading the file directly, so break that out into a path? method.
* remove author field.
* test contents of our crondotd file.
* we have to explicitly make @destination a String to use include?.
* when we get a path we use inspec.file to get conents, otherwise we run the crontab command.
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Add documentation for example usage with file path.
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Make path? and path_or_user private methods
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Add missing username filed to crondotd mock file
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Pass argument as a hash when testing file paths
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Expected results should include usernames when testing file paths
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Add special string `@yearly` test to crondotd mock file
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Add user to existing cron tests
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Rubocop says I need spaces after/before curly brackets
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Add user to crondotd file tests and add @yearly test
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Modify initialize to take options hash and be backwards compatible.
Change initialize default argument to create a hash by default, though
it is still possible to pass in a 'user' string argument.
@user gets set with the argument value unless its a hash, in which case
it tries to set the value of the user key, otherwise it becomes nil.
@file gets set with the value of the path key, unless it doesn't exist
in which case it becomes nil.
All hash keys are symbolized to ensure consistent access.
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Check if @path is nil to determine if we run crontab command or parse
file.
path? was removed as we're not overloading a @destination variable
anymore.
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* if @user is nil assume current user otherwise crontab for @user
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Change to complete if rather than ternary.
We have three possible cases, current user, other user, or file path.
This accounts for all of them.
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Add user to the crontab FilterTable
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Remove path? and path_or_user
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Move crontab parsing to two methods, parse_user_crontab and
parse_system_crontab
Because a command in a crontab file could have spaces we must parse user
and system crontabs differently.
When we parse user crontabs the user field will either be nil, or the requested user.
Both user and path parsers handle special strings (@yearly, @weekly,
etc). And also account for position of user in these files (or adds it
in user case)
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Update examples with user: and path:
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Add spaces after : in example docs
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Disable rubocop ClassLength check
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Moved rubocop ClassLength metric next to class instead of above the
module.
Remove unnecessary braces.
Add is_system_crontab? and is_user_crontab helper methods and use them.
Add tests to see if error conditions are raised when the resource is
invoked with missing parameters (user, or path), and on a unsupported
os.
Change initialize to group all hash functions together and raise errors
when user and path is unset. Also raise errors on unsupported operating
systems.
Change order of ternary and use is_system_crontab? rather than
@path.nil?
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* test appveyor with ruby#File
Signed-off-by: Jared Quick <jquick@chef.io>
* Update inspec train to version 0.31.1
Signed-off-by: Jared Quick <jquick@chef.io>
* Update security policy export to use pid instead of random.
Signed-off-by: Jared Quick <jquick@chef.io>
* Update helper for the new train.
Signed-off-by: Jared Quick <jquick@chef.io>
* Add a unique export for security policy resource.
Signed-off-by: Jared Quick <jquick@chef.io>
* Remove skip resource on empty policy file.
Signed-off-by: Jared Quick <jquick@chef.io>
The existing method of adding `-X HEAD` to the curl command does not
work properly and can cause timeouts because curl doesn't properly
close the connection. The correct way is to use curl's own `--head`
flag.
Signed-off-by: Adam Leff <adam@leff.co>
Curl doesn't distinguish between them so need to use the sum of both as
the overall timeout.
fixes#2288
Signed-off-by: Brett Delle Grazie <brett.dellegrazie@gmail.com>
`curl` expects a valid header per RFC 2616 when using the
`-H`/`--header` option. RFC 2616 declares header field/values
should be separated using a colon (`:`):
https://tools.ietf.org/html/rfc2616#section-4.2
Signed-off-by: Seth Chisamore <schisamo@chef.io>
* mount resource: fix for Device-/Sharenames and Mountpoints including whitespaces
Device-/Sharenames and Mountpoints on Linux may include whitespaces (\040), e.g. /etc/fstab entry like:
```//fileserver.corp.internal/Research\040&\040Development /mnt/Research\040&\040Development cifs OTHER_OPTS```
... results in a mount line like:
```//fileserver.corp.internal/Research & Development on /mnt/Research & Development type cifs (OTHER_OPTS)```
The Linux mount command replaces \040 with whitspace automatically, so this should be tributed.
I used a control like this:
```
describe mount('/mnt/Research & Development') do
it { should be_mounted }
its('device') { should eq '//fileserver.corp.internal/Research & Development' }
end
```
Before:
```
× whitespaces-1: Mount with whitespace within sharename and mountpoint. (1 failed)
✔ Mount /mnt/Research & Development should be mounted
× Mount /mnt/Research & Development device should eq "//fileserver.corp.internal/Research & Development"
expected: "//fileserver.corp.internal/Research & Development"
got: "//fileserver.corp.internal/Research"
(compared using ==)
```
After:
```
✔ whitespaces-01: Mount with whitespace within sharename and mountpoint.
✔ Mount /mnt/Research & Development should be mounted
✔ Mount /mnt/Research & Development device should eq "//fileserver.corp.internal/Research & Development"
```
Signed-off-by: Markus Grobelin <grobi@koppzu.de>
* mounts_with_whitespaces: make lint happy
Signed-off-by: Markus Grobelin <grobi@koppzu.de>
* mount resource: added parentheses as suggested by https://github.com/chef/inspec/pull/2257/files
Signed-off-by: Markus Grobelin <grobi@koppzu.de>
* mount resource: fix for Device-/Sharenames and Mountpoints including whitespaces
Signed-off-by: Markus Grobelin <grobi@koppzu.de>
* Added CRAN resource to check R modules
control 'cran-1' do
impact 1.0
desc '
Ensure R module DBI is installed.
'
describe cpan('DBI') do
it { should be_installed }
its('version') { should cmp >= '3.0' }
end
end
Signed-off-by: Markus Grobelin <grobi@koppzu.de>
* cran resource: made lint happy, added negative unit test, removed unused arg perl_lib_path
Signed-off-by: Markus Grobelin <grobi@koppzu.de>
* Added CPAN resource to check Perl modules
control 'cpan-1' do
impact 1.0
desc '
Ensure Perl modules DBI and DBD::Pg are installed.
'
describe cpan('DBI') do
it { should be_installed }
end
describe cpan('DBD::Pg') do
it { should be_installed }
its('version') { should cmp >= '3.0' }
end
end
Signed-off-by: Markus Grobelin <grobi@koppzu.de>
* cpan resource: fixed unit test for non-installed module
Signed-off-by: Markus Grobelin <grobi@koppzu.de>
* new resource: elasticsearch resource, test cluster/node state
This is a new resource for testing an Elasticsearch cluster. It operates
by fetching the `_nodes` endpoint from a given Elasticsearch node and
collects data about each node in a cluster, even if there's only a
single node.
This work is based on inspiration from an initial PR #1956 submitted by
@rx294.
Signed-off-by: Rony Xavier <rx294@nyu.edu>
Signed-off-by: Aaron Lippold <lippold@gmail.com>
Signed-off-by: Adam Leff <adam@leff.co>
* Reduce mock data on non-default tests
Signed-off-by: Adam Leff <adam@leff.co>
* Support PAX-formatted tar files, standardize file lists
When a tar file is generated in PAX format, the files have an additional
relative path prefix added to them. For example, instead of:
inspec.yml
... the file is listed as:
./inspec.yml
And the source reader plugin looks only for a "inspec.yml" file to
determine the profile format.
This change addresses this issue by normalizing the file paths in the
TarReader and accounting for the additional "./" prefix that may exist
whenever the tar file is walked looking for a file to read its content.
Signed-off-by: Adam Leff <adam@leff.co>
* Remove pax from unit test, will move to functional
Signed-off-by: Adam Leff <adam@leff.co>
* Add function test for the pax header tar file
Signed-off-by: Adam Leff <adam@leff.co>
* Uses netstat to detect open ports on AIX
Signed-off-by: Keith Walters <keith.walters@cattywamp.us>
* Adds unit tests for AIX port resource
Signed-off-by: Keith Walters <keith.walters@cattywamp.us>
This change enhances the processes resource to support the busybox
ps command which is common on Alpine, for example. The way we
map ps fields to the structs needed by FilterTable have also been
refactored to be more flexible so we can support multiple formats
in the future.
Also, the processes resource now allows the grep argument to be optional
thus allowing a user to query all resources without passing in a
match-all regex.
Signed-off-by: Adam Leff <adam@leff.co>
* Add nil check for sshd config file
This fixes#1778. There was a issue where if the user did not have read
permissions on /etc/ssh/sshd_config it would error out on the empty?
check. The fix here is to also look for nil on the file content. Along
with this I refactored the inspec file empty? check as it does not exist
and was also erroring during my testing.
Signed-off-by: Jared Quick <jquick@chef.io>
* Add emptyfile test object and refactor tests
Signed-off-by: Jared Quick <jquick@chef.io>
Currently, the http resource always executes locally, even when scanning
a remote machine with `--target` which leads to undesireable behavior.
This change adds the ability to remotely execute tests with curl. This
behavior is currently opt-in with the `enable_remote_worker` flag, but
will become the default behavior in InSpec 2.0. Deprecation warnings
are emitted if the user is scanning a remote target but has not opted
in to the new behavior.
Signed-off-by: Adam Leff <adam@leff.co>
* New Resource - firewalld
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* New Resource - firewalld
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* New Resource - firewalld
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* New Resource - firewalld
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* Modifications to new resourec - firewalld
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* Modifications to new resource - firewalld
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* Modifications to new resource firewalld
Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
* Modifications to new resource - firewalld
Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
* Changing firewalld_command method to prepend the command with 'firewall-cmd' to reduce code reuse.
Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
* Modifications made
* installed? method now tells by checking if firewall-cmd is a command on the system
* The firewalld_command method now strips the stdout of the return
* added another test for testing multiple active zones
Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
* Fixing rake lint issue
Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
* Fixing match and returning boolean for seeing if firewalld is running
Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
* Fixing lint issues
Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
* Empty commit to rerun. Accidentally updated branch.
Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
* Rerunning test, accidentally updated branch. needs sign off commit
Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
* Add hotfix resource for Windows
Signed-off-by: Matt Ray <matthewhray@gmail.com>
* Renamed hotfix to windows_hotfix
Added additional unit test checking for KB that is not present on a box
Signed-off-by: Matt Ray <matthewhray@gmail.com>
* Integration test to spot-check for hotfixes
Queries the Windows operating system via Powershell for a list of all
installed hotfixes and spot-checks every 10th one with the
windows_hotfix resource. Checking hundreds is time-consuming. Also
checks to ensure a non-installed hotfix is not present.
Signed-off-by: Matt Ray <matthewhray@gmail.com>
Wildcards are evaluated prior to applying `sudo` permissions. This
means that running `sudo find /some/path/*.conf` will fail if the user
does not have read permissions on `/some/path/` because the wildcard
cannot expand before `sudo` is applied and `*.conf` isn't a file.
The solution for this is to run the command in a subshell that has the
proper permissions (e.g. `sudo sh -c 'find /some/path/*.conf'`).
This modifies `Utils::FindFiles` to use a subshell thus allowing
wildcard support.
This fixes#2157
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
This modifies the enabled check for the `service` resource to use the
service's config file instead of `initctl show-config`.
`initctl show-config` does not accurately show the state of a service if
that service's config file is modified while the service is running.
This fixes#1834.
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Add wildcard/multiple server support to nginx_conf
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* separate the merge function for maps in nginx_conf
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
* package resource: assume a default Homebrew path
Homebrew's `brew` script is installed to /usr/local/bin by default which
is usually not in a non-interactive PATH. We will now first check to see
if `brew` is in PATH, and if not, assume a default of `/usr/local/bin/brew`
Signed-off-by: Adam Leff <adam@leff.co>
* Adding support for fstab
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* New Resource - etc_fstab
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* New Resource - etc_fstab
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* Modifications to new resource - etc_fstab
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* Modifications to new resource - etc_fstab
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* Modifications to new resource - etc_fstab
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* Modifications to docs of new resource etc_fstab
Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
* Modifications to new resource etc_fstab
Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
* Add support for XML files
Signed-off-by: Morley, Jonathan <jmorley@cvent.com>
* Use REXML instead of nokogiri
Signed-off-by: Morley, Jonathan <jmorley@cvent.com>
* port resource: support ss instead of netstat
`netstat` is officially deprecated and is replaced with `ss`. This PR
changes the port resource to use `ss` if it's available on the target
system.
Signed-off-by: Adam Leff <adam@leff.co>
* Disable Metrics/ClassLength cop on the LinuxPorts class
Signed-off-by: Adam Leff <adam@leff.co>
* Update pip resource for #516 allow user to set path to pip executable
Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>
* support virtualenv path, pip file exec and better logic
Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>
* add tests for the change to the pip path and resource
Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>
* tests are case sensitive, although command line is not
Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>
* use a path verification method instead of a class method
Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>
* use guard clauses instead of conditionals
Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>
* change the control flow to return nil when commands are not available
Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>
* fix the return values when custom pip path is not valid
Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>
* Refactor pip path detection to fix unit tests
Signed-off-by: Adam Leff <adam@leff.co>
* Added aide_conf resource and subsequent files
* Updated to match on all selection lines
Signed-off-by: Jennifer Burns <jburns@mitre.org>
* Changed to use CommentParser and fixed typo
Signed-off-by: Jennifer Burns <jburns@mitre.org>
* Fix typo in test file
Signed-off-by: Jennifer Burns <jburns@mitre.org>
* Updated to address PR feedback
Signed-off-by: Jennifer Burns <jburns@mitre.org>
* check the proper field for dpkg installation state fixes#2006
Signed-off-by: Mathieu Sauve-Frankel <msf@kisoku.net>
* Properly handle held packages on dpkg-flavored OS
InSpec was looking at the wrong field in `dpkg -s` output to determine
whether a package was installed or not. An installed, held package was
incorrectly reported as uninstalled.
This adds the proper unit tests and also adds a `be_held` matcher.
Thanks to @kisoku for the initial work in #2007.
Signed-off-by: Adam Leff <adam@leff.co>
Train 0.26.1 fixes a bug where missing mocked commands would return
a zero exit code. This resulted in some unit tests failing due to
missing mocked commands.
Signed-off-by: Adam Leff <adam@leff.co>
* Change host resource to use getent ahosts on Linux
In InSpec 1.31, we changed the `host` resource to use `dig` instead of `getent
hosts` for name resolution because `getent hosts` does not return all entries
(only the first v6 entry if it exists, then the first v4 entry) and we wanted to
keep the Darwin and Linux implementation as close as possible. Unfortunately,
this affected users' ability to do resolution checks for entried stored in their
/etc/hosts file.
This change goes back to using `getent` for Linux and changes to `getent ahosts`
which returns both v4 and v6 records. Additionally, the Darwin provider's dig
implementation was reordered to return v4 addresses before v6 addresses to be
consistent with how `getent ahosts` returns records.
Signed-off-by: Adam Leff <adam@leff.co>
* Update unit tests for resolve_with_getent with proper output
Signed-off-by: Adam Leff <adam@leff.co>
* Fix host resolution on Darwin, use dig wherever possible
The `host` and `dig` commands do not return non-zero if a query returns NXDOMAIN
or NOERROR, but the DarwinHostProvider was expecting it when deciding whether to
fall back to IPv4 if a IPv6 query failed. Therefore, the `host` resource would
not function properly when resolving hostnames on Darwin. The logic has been
changed to use `dig` short output and query for both v6 and v4 addresses.
Additionally, the LinuxHostProvider has been modified to prefer `dig` if it's
available to keep behavior similar between Darwin and Linux whenever possible.
This has the added benefit of providing v6 and v4 resolution if possible where
`getent hosts` only returns v6 if v6 records exist.
Signed-off-by: Adam Leff <adam@leff.co>
* Fix up methods, add command mock, do string matching in ruby instead of command
Fixes#1643Fixes#1673
Signed-off-by: Aaron Lippold <lippold@gmail.com>
The resource itself only offers contents and params right now. It resolved
all include calls it can find and creates the aggregated config object.
This is limited in functionality. One last (set of) PR(s) is needed to
add an interface that makes querying this config file easier. It is due
to the file's inherent complexity that I want to explore which methods
are needed to be effective. In the meantime, this resource offers accessors
to the underlying data that are stable.
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
* Adding toml resource
This adds a `toml` resource that inherits from the json resource and
behaves the same way as the JSON and YAML resources.
Signed-off-by: Nolan Davidson <ndavidson@chef.io>
* s/package/service/ on service unit test descriptions
Signed-off-by: Kristian Vlaardingerbroek <kvlaardingerbroek@schubergphilis.com>
* Add support for CoreOS to the service resource
Signed-off-by: Kristian Vlaardingerbroek <kvlaardingerbroek@schubergphilis.com>
* Remove some apparently unused test setup to remove some warnings.
* Initialize some instance variables before use to silence warnings.
* Remove an unused variable to remove a warning.
* Remove some indirection.
* Silence logger during tests.
* Check if an instance variable was defined before referencing to remove a warning.
* Define duplicated constant once in root rakefile.
* Initialize an instance variable to remove a warning.
* Remove PROJECT_DIR to reduce coupling.
Signed-off-by: Pete Higgins <pete@peterhiggins.org>
* Add TCP reachability support on Linux for host resource
This enhances the `host` resource on Linux targets by using netcat
(if installed) to perform TCP reachability checks.
Signed-off-by: Adam Leff <adam@leff.co>
* documentation updates
Signed-off-by: Adam Leff <adam@leff.co>
* Appease rubocop
Signed-off-by: Adam Leff <adam@leff.co>
When attempting to parse the profile out of the target URL, we
were not raising an exception if we failed to do so. Such a situation
could arise if a user's inspec config.json is incorrect either due to
manual editing or failure to re-login after an upgrade past Automate
0.8.0.
This change provides a clear exception if this occurs and also adds
tests for the compliance_profile_name method.
Signed-off-by: Adam Leff <adam@leff.co>
The gem resource used to determine if a gem is installed based on the exit
status of the `gem` command, however that command will return zero
if the package was found or not. This patch checks to ensure that the
`gem list` command actually includes the gem name or is empty to
determine if the gem is in fact installed.
If the gem command returns something other than a `0` exit code, then
it'll skip the resource.
Signed-off-by: Keith Walters <keith.walters@cattywamp.us>
Inspired by #1640, this change cleans up the logic used when
reading in secrets files, provides clearer warnings when the
secrets files can't be parsed, and adds tests for those methods.
Signed-off-by: Adam Leff <adam@leff.co>
RubyGems on windows comes with a batch file that wraps the `gem` command
so it executes correctly. This change uses that batch file for windows
for our `gem` resource, and also properly handles when we receive no output
from the command.
Signed-off-by: Adam Leff <adam@leff.co>
Two new commands have been created:
* inspec habitat profile create /path/to/profile
* inspec habitat profile upload /path/to/profile
The `create` command creates a Habitat artifact that contains the contents
of the Habitat profile found at the provided path. This will be used later
in some Habitat + InSpec integrations.
The `upload` command does the same create process but then uploads the
resulting artifact to the Habitat Depot.
Signed-off-by: Adam Leff <adam@leff.co>
The following new resources have been added; however, they
presently only support FreeBSD and similar.
* `zfs_dataset`: tests if a named ZFS dataset is present
and/or has certain properties.
* `zfs_pool`: tests if a named ZFS pool is present and/or
has certain properties.
Additionally, the `mount` resource has been reworked to
include support for FreeBSD; while the existing class
was renamed to LinuxMountParser.
Unit-tests were added for all of the above.
Signed-off-by: Joseph Benden <joe@benden.us>
The crontab resource parses a particular user's crontab file into
individual entries and allows the user to assert information about
each entry as needed.
Signed-off-by: Adam Leff <adam@leff.co>
This pull request adds a packages resource so that we can check for pattern matches against all the packages on a system. This initially implements only dpkg support for debian-based platforms so we can cover this use case:
```ruby
describe packages(/^xserver-xorg.*/) do
its("list") { should be_empty }
end
```
This uses FilterTable so we can supply additional queries, too.
```ruby
describe packages(/vi.+/).where { status != 'installed' } do
its('statuses') { should be_empty }
end
```
Users can specify the name as a string or a regular expression. If it is a string, we will escape it and convert it to a regular expression to use in matching against the full returned list of packages. If it is a regular expression, we take that as is and use it to filter the results.
While some package management systems such as `dpkg` can take a shell glob argument to filter their results, we eschew this and require a regular expression to match multiple package names because we will need this to work across other platforms in the future. This means that the following:
```ruby
packages("vim")
```
Will return *all* the "vim" packages on the system. The `packages` resource will take `"vim"`, turn it into `/vim/`, and greedily match anything with "vim" in the name. To match only a single package named `vim`, it needs to be an anchored regular expression.
```ruby
packages(/^vim$/)
```
Signed-off-by: Joshua Timberman <joshua@chef.io>
Use entries instead of list
Added a few more tests and non installed package in output
Signed-off-by: Alex Pop <apop@chef.io>
fix lint
Signed-off-by: Alex Pop <apop@chef.io>
Signed-off-by: Joshua Timberman <joshua@chef.io>
Before this change, simplecov was reporting
1864 / 5198 LOC (35.86%) covered
After this change it is reporting
4131 / 5275 LOC (78.31%) covered.
Keeping the require at the top of the file ensure that simplecov is
loaded before any of our application code.
The goal of these changes is to ensure that the libraries from
dependencies are loaded even if their controls are never included. To
facilitate this, we break up the loading into seperate steps, and move
the loading code into the Profile which has acceess to the dependency
information.
Signed-off-by: Steven Danna <steve@chef.io>
Many of the resources are named as a top-level class with a fairly generic class name, such as "OS". This causes an issue specifically with kitchen-google which depends on a gem which depends on the "os" gem which itself defines an OS class with a different superclass. This prevents users from using TK, Google Compute, and Inspec without this fix.
Some mocked commands had their digest changed as well due to the new indentation, specifically in the User and RegistryKey classes.
I strongly recommend viewing this diff with `git diff --ignore-space-change`
to see the *real* changes. :)