* Updated exec option to allow unsigned profiles run
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Added method to verify signed profile and to check for signed profile
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Invoked logic on each run to verify profiles if signed else raise sig req error
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Tests cases added to validate behaviour of inspec exec with signed and unsigned profiles with --chef-allow-unsigned flag
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Refactored and moved delete_signing_keys to common helper library for tests
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Updated code comments for more information and clarity on security update of signed profiles inspec exec
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Test cases to validate inspec run with combination of signed and unsigned profiles
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Documented usage of flag --chef-allow-unsigned
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Renamed the flag to run unsigned profiles to --allow-unsigned
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Refactored logic on profile level for profile signing verification
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Renaming the argument variable - from runner_call to silent
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Added profile mandate check for other inspec commands running profile evaluation
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Updated error message for profile sign requirement
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Updated test helper to fix inspec json test
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Fixed inspec json ability to use cli options successfully
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Documentation added for signed profiles mandatory usage with CLI commands
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Flow changes of raising exception when unsigned instead of direct exit
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Renamed unsigned profile flags
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Extracted out allow unsigned condition to config and modified comment info
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Doc update on consent of using signed and unsigned profiles
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Fix in signing mandatin check and added additional check on runner for better error UI for exec command
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Removed repeated allow-unsigned-profile defination from exec_options
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Test fixes
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Enabled feature preview flag for mandatory signing
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Test fixes after feature flag usage for mandatory signing
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Doc changes using feature preview flag for mandatory signing feature
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Inspec exec tests fixes for ENV values and parallel test fix using default option --allow-unsigned-profile false
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Kitchen fix while using signed profiles with inspec
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Unit test fix for profile resource exception
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Virtual profile detection improved
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Move mandatory profile sigining info to sigining page
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Renamed flag from --allow-unsigned-profile to --allow-unsigned-profiles
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Typo fix in signing doc
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Trim note in cli.md about mandatory profile signing
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Docs changes
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
* Correct docs regarding exit code 5
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
---------
Signed-off-by: Nik08 <nikita.mathur@progress.com>
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
Co-authored-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Co-authored-by: Ian Maddaus <ian.maddaus@progress.com>
* Adds unit test for more security policies
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Fix for secuity_policy resource failing if policy includes single value in string format it returns array instead of string
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Update code comments
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
---------
Signed-off-by: Vasu1105 <vasundhara.jagdale@progress.com>
* Failing test for export - should not evaluate
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Sketch out a info_from_parse method
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Temporary commit to checkpoint experimental work
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Basic control ids extraction
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Modify to capture entire block
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Ability to parse desc, impact and title of a control (#6662)
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* Rework per-control metadata collectors to be class-based
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* REFACTOR: make a common base class for collectors
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* memoise `info_from_parse`
Signed-off-by: Sathish <sbabu@progress.com>
* Add --legacy-export option to inspec export (#6661)
* support legacy export option
Signed-off-by: Sathish <sbabu@progress.com>
* ability to run legacy export option
Signed-off-by: Sathish <sbabu@progress.com>
---------
Signed-off-by: Sathish <sbabu@progress.com>
* Improve ControlIDCollector and other fields of export data (#6686)
* Parse tags & refs from the ast nodes
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* ENHANCE: Improve Desc collector to collect description
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* ENHANCE: Only loop through the child node of begin block
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* FIX: Fix bug/todo to handle duplicacy of control ids
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* TEST - a profile which fails to properly be exported but is likely to be used by MITRE
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Revert "FIX: Fix bug/todo to handle duplicacy of control ids"
This reverts commit 46d66e0026.
* Revert "ENHANCE: Only loop through the child node of begin block"
This reverts commit 47c92d8746.
* ADD: Add code key in control data
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* ADD: Add source_location key in controls data
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* HACK: Update the location ref for the controls
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* FIX: Update variable name as latest changes
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* FIX: Fix source location ref for all controls in a file
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* FIX: Improve tagcollector to handle other data types
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* FIX: Improve tagcollector to handle different types of tags
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* ENHANCE & TEST: Improve tag collector to collector different tag styles and add test for it
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* update groups
Signed-off-by: Sathish <sbabu@progress.com>
* Add yml data to export info_from_parse
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* Add inputs to export data info_from_parse
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* Add status and status_messages
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* Initialize all control fields
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* WIP: Filter controls using --controls
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* Add inputs collector class - rules remaining
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* Parse inputs from dsl - 1
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* TEST: Uncomment tests to verify export
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* TEST: Include test for different desc
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* TEST: Include test for different title
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* TEST: Include test for different ref
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* Default impact to 0.5 and add test
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* FIX: Avoid duplicate inputs
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* Add test for inputs
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* REFACTOR: Minor refactoring of tests
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* Uncomment test for refs
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
---------
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Signed-off-by: Sathish <sbabu@progress.com>
Co-authored-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Co-authored-by: Sathish <sbabu@progress.com>
* Update option to match inspec's coding standard
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* Handle inputs within control block
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* TEST & ENHANCE: Enhance parser and add more tests
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* FIX: Fix broken test for profile_test
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* Update groups after filtering control
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* Add --legacy-export support to inspec json
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* TEST: Fix broken test & fix group filters
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* DOCS: Manually update cli.md to include export cmd
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* Add tag filtering support to export
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* TEST: Add test for tag and control based filtering
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* LINT: Fix lint offense
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* CHORE: Remove addressed todo and update comments
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* CHEF-6493: Support `--legacy-export` option in `inspec archive` (#6829)
* Introduce --legacy-export flag to archive command
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* Add more test to verify --legacy-export with archive
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* Update logic to fetch info based on --legacy-export flag
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
---------
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* Enhance InputCollector to match pattern instead of to indexing children type to avoid nil errors
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* Improve RefCollector to handle ref ({:ref=>'Some ref', :url=>'https://'\}\) syntax
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* Improve RefCollector and TagCollector to handle variables values from inputs/attributes
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* Run inspec check using output info_from_parse (#6673)
* Add test fixture profile that emits evaluation markers on stderr
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Failing test for export - should not evaluate
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Sketch out a info_from_parse method
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Temporary commit to checkpoint experimental work
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Basic control ids extraction
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Modify to capture entire block
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Ability to parse desc, impact and title of a control (#6662)
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* Rework per-control metadata collectors to be class-based
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* REFACTOR: make a common base class for collectors
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* memoise `info_from_parse`
Signed-off-by: Sathish <sbabu@progress.com>
* Add --legacy-export option to inspec export (#6661)
* support legacy export option
Signed-off-by: Sathish <sbabu@progress.com>
* ability to run legacy export option
Signed-off-by: Sathish <sbabu@progress.com>
---------
Signed-off-by: Sathish <sbabu@progress.com>
* Parse tags & refs from the ast nodes
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* ENHANCE: Improve Desc collector to collect description
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* ENHANCE: Only loop through the child node of begin block
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* FIX: Fix bug/todo to handle duplicacy of control ids
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* TEST - a profile which fails to properly be exported but is likely to be used by MITRE
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Revert "FIX: Fix bug/todo to handle duplicacy of control ids"
This reverts commit 46d66e0026.
* Revert "ENHANCE: Only loop through the child node of begin block"
This reverts commit 47c92d8746.
* ADD: Add code key in control data
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* ADD: Add source_location key in controls data
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* HACK: Update the location ref for the controls
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* FIX: Update variable name as latest changes
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* FIX: Fix source location ref for all controls in a file
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* FIX: Improve tagcollector to handle other data types
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* FIX: Improve tagcollector to handle different types of tags
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* ENHANCE & TEST: Improve tag collector to collector different tag styles and add test for it
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* update groups
Signed-off-by: Sathish <sbabu@progress.com>
* Add yml data to export info_from_parse
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* Add inputs to export data info_from_parse
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* Add status and status_messages
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* Initialize all control fields
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* make description `default` as a symbol
Signed-off-by: Sathish Babu <sbabu@progress.com>
* define `checks` as Set
Signed-off-by: Sathish Babu <sbabu@progress.com>
* Collect tests as part of collector
and store it in `checks`
Signed-off-by: Sathish Babu <sbabu@progress.com>
* refactor to read `ID` from controls which is an Array now unlike an Hash in `params.controls`
Signed-off-by: Sathish Babu <sbabu@progress.com>
* read yaml params from metadata
Signed-off-by: Sathish Babu <sbabu@progress.com>
* use to Array to simply DS as the o/p ie being converted to JSON
Signed-off-by: Sathish Babu <sbabu@progress.com>
* move old check as legacy check
Signed-off-by: Sathish Babu <sbabu@progress.com>
* support `legacy_check` as an option to run checks in legacy mode
Signed-off-by: Sathish Babu <sbabu@progress.com>
* fix tests to support `legacy_checks`
Signed-off-by: Sathish Babu <sbabu@progress.com>
* update document for check
Signed-off-by: Sathish Babu <sbabu@progress.com>
* Update usage doc for --legaccy-check
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
---------
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
Signed-off-by: Sathish <sbabu@progress.com>
Signed-off-by: Sathish Babu <sbabu@progress.com>
Co-authored-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Co-authored-by: Sonu Saha <98935583+ahasunos@users.noreply.github.com>
Co-authored-by: Sonu Saha <sonu.saha@progress.com>
* LINT: Fix lint offense
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
* do not include tests to controls by default
Signed-off-by: Sathish Babu <sbabu@progress.com>
* generate info with tests for check
Signed-off-by: Sathish Babu <sbabu@progress.com>
---------
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
Signed-off-by: Sathish <sbabu@progress.com>
Signed-off-by: Sathish Babu <sbabu@progress.com>
Co-authored-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Co-authored-by: Sathish <sbabu@progress.com>
Co-authored-by: Sathish Babu <80091550+sathish-progress@users.noreply.github.com>
* Testing openssl upgrade with version 1.1.1w
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Reverted change using test branch for openssl - using main branch for omnibus software
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Reverted unwanted changes from omnibus Gemfile and Gemfile.lock
Signed-off-by: Nik08 <nikita.mathur@progress.com>
---------
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Fixed inspec json ability to use cli options successfully
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Code comment moved down for deprecation warning info
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Added comment on usage of config initialisation on inspec json command
Signed-off-by: Nik08 <nikita.mathur@progress.com>
---------
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Doc change for connection issues with licensing service
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Doc updated for file formate version and software entitlement issue
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Docs editing
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
* Edits
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
* Advice to use license list when a license is not entitled
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Update docs-chef-io/content/inspec/troubleshooting.md
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Co-authored-by: Ian Maddaus <IanMadd@users.noreply.github.com>
* A few more corrections
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
---------
Signed-off-by: Nik08 <nikita.mathur@progress.com>
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Co-authored-by: Ian Maddaus <ian.maddaus@progress.com>
Co-authored-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Co-authored-by: Ian Maddaus <IanMadd@users.noreply.github.com>
* Update link in profiles.md
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
Fix link to Learn Chef
* Fix another bad link
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
* One more link
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
---------
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
* CHEF-3412 Preliminary commit to add inspec6 install docs
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
* Add instructions for versioning content
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
* Write docs for inspec 6 license key setting on first run
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Move content back to one page
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
* Editing
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
* Remove mention of discontinued homebrew availability
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Remove mention of motivation for local licensing server
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* More edits
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
* Remove text about creating trial license
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
* More edits
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
* Add an install menu section, platforms page, uninstall page, and license page
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
* nitpicking
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
---------
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Co-authored-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Add a pair of files describing the relationship between the Chef EULA and the Apache 2.0 license, intended to be referenced from rubygems.org
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Add message to rubygems.org description of all 4 gems describing relationship between the two licenses
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Insert the full text of the Apache 2.0 license into the gem description on the advice of Legal
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Update README with message clarifying relationship between the two licenses
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Removes the full text of the Apache 2 license, which after clarification is not
in fact required to be in the rubygems description.
This reverts commit 4d02573f59.
* LINTING - adjust text markers
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* LINTING - training whitespace
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Remove the word 'below' when refering to the inclusion of the Apache 2.0 license
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Add Chef-EULA to list of included files to inspec-core
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
---------
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
