Commit graph

1810 commits

Author SHA1 Message Date
Adam Leff
c383175417 Support mixed-case group entries (#2101)
* Support mixed-case group entries

The `group` resource downcased the input parameter unless the target
was a Windows node. However, it's completely legitimate for a Unix-y
node to have mixed case group and passwd entries.

This change does have the potential to break people that did not carefully
match their case when searching for a group, but we're currently blocking
people from using the group resource properly if they have mixed-case
entries.

Signed-off-by: Adam Leff <adam@leff.co>

* Fix unit tests

Signed-off-by: Adam Leff <adam@leff.co>
2017-08-30 22:02:45 +02:00
Chef Expeditor
151199b5fc Bump version to 1.34.5 by Chef Expeditor 2017-08-30 18:22:05 +00:00
Mark Harrison
ef42e2efd0 Use stored http resource response (if any) (#2108)
Currently, if you check two properties of a http resource, such as
status and body, two different http requests are made to the server.
However, the response is already stored in an instance variable, so this
change just checks to see if a response is already available and uses it
rather than making another http request.

Signed-off-by: Mark Harrison <mark@mivok.net>
2017-08-30 20:21:59 +02:00
Chef Expeditor
75b9ee8c39 Bump version to 1.34.4 by Chef Expeditor 2017-08-29 05:11:57 +00:00
Jennifer Burns
3b2bf52b1d auditd_rules resource: fix get_keys error on lines that have no keys (#2103)
* Added line to fix bug when no key in file rule and updated test to validate bug fix

Signed-off-by: Jennifer Burns <jburns@mitre.org>

* Updated to consider corner case

Signed-off-by: Jennifer Burns <jburns@mitre.org>
2017-08-29 07:11:14 +02:00
Chef Expeditor
7a41cec73f Bump version to 1.34.3 by Chef Expeditor 2017-08-25 20:21:54 +00:00
Kevin Formsma
94c2e8181c Add sensitive flag to resources to restrict logging output (#2017)
* Filter check output based on sensitive flag
-Updated check in formatters to filter check output during failures based on
sensitive metadata flag
-Added functional test of output filtering
-Updated documentation with blerb on usage
* Update output format for sensitive resources

Signed-off-by: Kevin Formsma <kevin.formsma@gmail.com>

* Update color output on new test

Update the color output to match the newly-expected non-color format if there are no tests that match.

Signed-off-by: Adam Leff <adam@leff.co>
2017-08-25 16:21:49 -04:00
Chef Expeditor
3c07341ea0 Bump version to 1.34.2 by Chef Expeditor 2017-08-25 20:13:48 +00:00
Jennifer Burns
2cef15aec3 aide_conf resource: test configuration of the AIDE file integrity tool (#2063)
* Added aide_conf resource and subsequent files

* Updated to match on all selection lines

Signed-off-by: Jennifer Burns <jburns@mitre.org>

* Changed to use CommentParser and fixed typo

Signed-off-by: Jennifer Burns <jburns@mitre.org>

* Fix typo in test file

Signed-off-by: Jennifer Burns <jburns@mitre.org>

* Updated to address PR feedback

Signed-off-by: Jennifer Burns <jburns@mitre.org>
2017-08-25 22:13:43 +02:00
Chef Expeditor
5440bb782e Bump version to 1.34.1 by Chef Expeditor 2017-08-23 14:32:42 +00:00
Chef Expeditor
f0711066e7 Bump version to 1.33.15 by Chef Expeditor 2017-08-23 14:30:19 +00:00
Adam Leff
6029a4b43d Refine the profile/test summary output of the CLI formatter (#2094)
* Refine the profile/test summary output of the CLI formatter

* The "Profile Summary" is misleading as it's not a summary of profile
  success/failure but rather the controls within the profile(s). Altered
  the output to be clear. I still like calling it the "profile summary"
  but wanted to add clarity that the numbers are about the controls.

* Made the colorized output dynamic. The success/failure will only be
  green/red if there are controls/tests that fall into that category.
  That way we are not printing red failure text when there are no
  actual failures. Fixes #1752.

* Cleaned up some grammar issues. ("1 failure" vs "1 failures")

Signed-off-by: Adam Leff <adam@leff.co>
2017-08-23 10:29:09 -04:00
Chef Expeditor
e9fecc027d Bump version to 1.33.14 by Chef Expeditor 2017-08-21 21:40:40 +00:00
Chef Expeditor
d8da929ffe Bump version to 1.33.13 by Chef Expeditor 2017-08-21 13:36:27 +00:00
Chef Expeditor
6e806110e0 Bump version to 1.33.12 by Chef Expeditor 2017-08-18 15:35:36 +00:00
Chef Expeditor
4c2d85674b Bump version to 1.33.11 by Chef Expeditor 2017-08-18 15:29:28 +00:00
Adam Leff
367d42fb3a Properly handle held packages on dpkg-flavored OS (#2087)
* check the proper field for dpkg installation state fixes #2006

Signed-off-by: Mathieu Sauve-Frankel <msf@kisoku.net>

* Properly handle held packages on dpkg-flavored OS

InSpec was looking at the wrong field in `dpkg -s` output to determine
whether a package was installed or not. An installed, held package was
incorrectly reported as uninstalled.

This adds the proper unit tests and also adds a `be_held` matcher.

Thanks to @kisoku for the initial work in #2007.

Signed-off-by: Adam Leff <adam@leff.co>
2017-08-18 17:29:23 +02:00
Chef Expeditor
443f1bf106 Bump version to 1.33.10 by Chef Expeditor 2017-08-17 14:48:51 +00:00
Stephan Renatus
bd165471e8 [docker_container] fix repo property (#2083)
With last weeks tag fix, `ourorg/container` ended up having its `repo` reported as `container`.
With this it'll be `ourorg/container` again.

Signed-off-by: Stephan Renatus <srenatus@chef.io>
2017-08-17 16:48:46 +02:00
Chef Expeditor
4ce6e91544 Bump version to 1.33.9 by Chef Expeditor 2017-08-17 14:08:59 +00:00
Chef Expeditor
b28cc5ab35 Bump version to 1.33.8 by Chef Expeditor 2017-08-15 19:39:12 +00:00
Christoph Hartmann
4a3511b6ce fix case where skip is called for os_env (#2078)
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-08-15 21:32:21 +02:00
Chef Expeditor
48e20dbd1a Bump version to 1.33.7 by Chef Expeditor 2017-08-15 18:43:03 +00:00
Chef Expeditor
45e7a85ebb Bump version to 1.33.6 by Chef Expeditor 2017-08-15 17:46:20 +00:00
Christoph Hartmann
1a904ea7a5 Moves logic from os_env from initialize phase to runtime phase (#2072)
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-08-15 13:46:13 -04:00
Chef Expeditor
e6f89664bb Bump version to 1.33.5 by Chef Expeditor 2017-08-15 03:37:23 +00:00
Christoph Hartmann
b1aba69661 add mock support for os_env resource (#2070)
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-08-15 05:37:19 +02:00
Chef Expeditor
d60d95cec3 Bump version to 1.33.4 by Chef Expeditor 2017-08-14 18:57:56 +00:00
Christoph Hartmann
427f3e9ac7 Set the default cli tool for oracle db to sqlplus, during execution we will catch this missing cli but it prevents inspec check from failing if sqlplus is not available (#2057)
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-08-14 14:57:51 -04:00
Chef Expeditor
5252c7452f Bump version to 1.33.3 by Chef Expeditor 2017-08-14 17:07:20 +00:00
Chef Expeditor
9fa932ba46 Bump version to 1.33.2 by Chef Expeditor 2017-08-14 13:03:52 +00:00
Christoph Hartmann
69cf0514f2 In mock setups like inspec check the command resource was executed since inspec.os.name was “” instead of unknown. I changed to nil to catch that case. (#2056)
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-08-14 09:03:47 -04:00
Chef Expeditor
59c6c73572 Bump version to 1.33.1 by Chef Expeditor 2017-08-10 14:35:07 +00:00
Chef Expeditor
7f84e904fa Bump version to 1.32.3 by Chef Expeditor 2017-08-10 12:57:51 +00:00
Matt Kulka
0fc870de30 Fix docker_container.tag to properly fetch from image name (#2052)
Fixes #2051

Images with repos containing port numbers will have multiple colons.

Signed-off-by: Matt Kulka <mkulka@parchment.com>
2017-08-10 14:57:45 +02:00
Chef Expeditor
f579733205 Bump version to 1.32.2 by Chef Expeditor 2017-08-07 14:07:32 +00:00
Rony Xavier
041f64a87f New 'be_in' matcher for matching against values in a list (#2022)
* New matcher 'be_in'
Fixes #2018

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* small fixes to wording.

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* Added code to use be_in for with the following use case:
describe nginx do
   its(module_list) { should be_in AUTHORIZED_MODULE_LIST }
end
Fixes #2018

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Updates to the matcher
Fixes #2018

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Added tests for the be_in matcher

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Requested updates completed

Signed-off-by: Rony Xavier <rx294@nyu.edu>
2017-08-07 16:05:22 +02:00
Chef Expeditor
d7a254a4e5 Bump version to 1.32.1 by Chef Expeditor 2017-08-03 18:19:40 +00:00
Chef Expeditor
ff72d54011 Bump version to 1.31.8 by Chef Expeditor 2017-08-02 14:44:02 +00:00
Chef Expeditor
91eb48e21f Bump version to 1.31.7 by Chef Expeditor 2017-08-02 13:29:31 +00:00
Simonas
da75f268bc Fix issue when xinetd.conf does not end in newline (#2040)
Add a newline symbol to the end of the parsed input.

Sample hexdump of a file deployed by xinetd cookbook:

$ hexdump -C /var/chef/cache/cookbooks/xinetd/templates/default/xinetd.conf.erb | tail -2
000000b0  72 20 2f 65 74 63 2f 78  69 6e 65 74 64 2e 64     |r /etc/xinetd.d|
000000bf

Signed-off-by: Simonas Kareiva <simonas@5grupe.lt>
2017-08-02 15:29:26 +02:00
Chef Expeditor
4ae34928ca Bump version to 1.31.6 by Chef Expeditor 2017-07-29 04:22:29 +00:00
Chef Expeditor
6949e9a8fb Bump version to 1.31.5 by Chef Expeditor 2017-07-27 22:41:47 +00:00
Chef Expeditor
6c6c2cbb1f Bump version to 1.31.4 by Chef Expeditor 2017-07-24 20:02:49 +00:00
Chef Expeditor
1acd8ad014 Bump version to 1.31.3 by Chef Expeditor 2017-07-24 16:37:17 +00:00
Dominik Richter
a4bd38915c bugfix: empty file strings from archive readers (#2027)
* bugfix: empty file strings from archive readers

Empty files in archives are sometimes possible (we just ran into this with TGZ), but is never a valid file to extract. So remove it and discount it altogether. Changed structure to support testing of these global calls.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* lint and rebuild

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-07-24 09:37:13 -07:00
Chef Expeditor
885a7e90ca Bump version to 1.31.2 by Chef Expeditor 2017-07-24 16:11:30 +00:00
Nicolas
332842ee48 Fix https://github.com/chef/inspec/issues/2019 (#2020)
Signed-off-by: Nicolas Rodriguez <nicoladmin@free.fr>
2017-07-18 08:28:56 -07:00
Adam Leff
9580732814 Source reader should not hand back files with nil contents (#2003)
If a profile has a data files directory that looks like this:

```
files/platforms/one/data.json
files/platforms/two/data.json
files/platforms/three/data.json
```

... the source reader will return the directories in the list of files but with
nil contents. This causes an issue when Inspec::Profile tries to create a sha256
checksum of the profile contents only to try to cast nil to a string when
building the null-delimited profile contents string.

Files that are empty will have an empty string as its contents, so it's safe to
assume that file entries with nil contents are actually a directory and have no
affect on the profile's checksum. Therefore, this change will eliminate any file
entries in responses from the source readers where the contents are nil.

Signed-off-by: Adam Leff <adam@leff.co>
2017-07-11 21:33:55 +02:00
Adam Leff
1ea06ac3ea Change host resource to use getent ahosts on Linux (#2002)
* Change host resource to use getent ahosts on Linux

In InSpec 1.31, we changed the `host` resource to use `dig` instead of `getent
hosts` for name resolution because `getent hosts` does not return all entries
(only the first v6 entry if it exists, then the first v4 entry) and we wanted to
keep the Darwin and Linux implementation as close as possible. Unfortunately,
this affected users' ability to do resolution checks for entried stored in their
/etc/hosts file.

This change goes back to using `getent` for Linux and changes to `getent ahosts`
which returns both v4 and v6 records. Additionally, the Darwin provider's dig
implementation was reordered to return v4 addresses before v6 addresses to be
consistent with how `getent ahosts` returns records.

Signed-off-by: Adam Leff <adam@leff.co>

* Update unit tests for resolve_with_getent with proper output

Signed-off-by: Adam Leff <adam@leff.co>
2017-07-11 21:32:52 +02:00