Commit graph

3859 commits

Author SHA1 Message Date
Chef Expeditor
b97b9c0fb9 Update CHANGELOG.md to reflect the promotion of 1.33.1 to stable 2017-08-10 16:55:54 +00:00
Chef Expeditor
59c6c73572 Bump version to 1.33.1 by Chef Expeditor 2017-08-10 14:35:07 +00:00
Adam Leff
c8411e8947 Bump project minor version, bump train dependency version (#2058)
Bumping InSpec's minor version to 1.33 because a recent PR added
new functionality. Also bumping train to 0.26 to pick up a recent
bug fix.

Signed-off-by: Adam Leff <adam@leff.co>
2017-08-10 10:35:01 -04:00
Chef Expeditor
7f84e904fa Bump version to 1.32.3 by Chef Expeditor 2017-08-10 12:57:51 +00:00
Matt Kulka
0fc870de30 Fix docker_container.tag to properly fetch from image name (#2052)
Fixes #2051

Images with repos containing port numbers will have multiple colons.

Signed-off-by: Matt Kulka <mkulka@parchment.com>
2017-08-10 14:57:45 +02:00
Chef Expeditor
f579733205 Bump version to 1.32.2 by Chef Expeditor 2017-08-07 14:07:32 +00:00
Rony Xavier
041f64a87f New 'be_in' matcher for matching against values in a list (#2022)
* New matcher 'be_in'
Fixes #2018

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* small fixes to wording.

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* Added code to use be_in for with the following use case:
describe nginx do
   its(module_list) { should be_in AUTHORIZED_MODULE_LIST }
end
Fixes #2018

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Updates to the matcher
Fixes #2018

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Added tests for the be_in matcher

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Requested updates completed

Signed-off-by: Rony Xavier <rx294@nyu.edu>
2017-08-07 16:05:22 +02:00
Adam Leff
15cff043f0 Add label to skip all Expeditor tasks (#2050)
In the event we have a docs-only change or similar which does not necessitate a
version bump, changelog update, or omnibus build, a single label named
`Expeditor: Skip All` can be used rather than adding individual labels.

Signed-off-by: Adam Leff <adam@leff.co>
2017-08-04 01:35:15 +02:00
Adam Leff
010335a818 Fix issues link in CONTRIBUTING.md (#2049)
The link to submit issues in the CONTRIBUTING.md doc is wrong. This fixes it. :)

Signed-off-by: Adam Leff <adam@leff.co>
2017-08-03 23:34:58 +02:00
Adam Leff
1ee22a7c4e Remove changelog generator stuff (#2048)
Version bumping and changelog generation has been moved to
Chef's expeditor tool. The github_changelog_generator bits
and the Rake tasks that use them are no longer necessary.

Also, the old historical changelog has been merged back into
the main CHANGELOG.md file since Expeditor does not alter
any existing changelog content like github_changelog_generator
does, so it's safe to bring this stuff back.

Signed-off-by: Adam Leff <adam@leff.co>
2017-08-03 22:53:24 +02:00
Chef Expeditor
cdf37cc51c Update CHANGELOG.md to reflect the promotion of 1.32.1 to stable 2017-08-03 18:29:50 +00:00
Chef Expeditor
d7a254a4e5 Bump version to 1.32.1 by Chef Expeditor 2017-08-03 18:19:40 +00:00
Adam Leff
5f376f5da7 Prep for 1.32.0 release (#2046)
Version bump, changelog updates for period between when expeditor was enabled and when v1.31.1 was released

Signed-off-by: Adam Leff <adam@leff.co>
2017-08-03 14:19:35 -04:00
Chef Expeditor
ff72d54011 Bump version to 1.31.8 by Chef Expeditor 2017-08-02 14:44:02 +00:00
Dominik Richter
805a0eeb89 catch newline issues in xinet.d (#2043)
The fix is already provided here: https://github.com/chef/inspec/pull/2040

This PR only adds a unit test to catch it

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-08-02 16:43:55 +02:00
Chef Expeditor
91eb48e21f Bump version to 1.31.7 by Chef Expeditor 2017-08-02 13:29:31 +00:00
Simonas
da75f268bc Fix issue when xinetd.conf does not end in newline (#2040)
Add a newline symbol to the end of the parsed input.

Sample hexdump of a file deployed by xinetd cookbook:

$ hexdump -C /var/chef/cache/cookbooks/xinetd/templates/default/xinetd.conf.erb | tail -2
000000b0  72 20 2f 65 74 63 2f 78  69 6e 65 74 64 2e 64     |r /etc/xinetd.d|
000000bf

Signed-off-by: Simonas Kareiva <simonas@5grupe.lt>
2017-08-02 15:29:26 +02:00
Chef Expeditor
4ae34928ca Bump version to 1.31.6 by Chef Expeditor 2017-07-29 04:22:29 +00:00
Knut Hühne
1e8ce74613 disable particle animation if users prefer reduced motion (#2023)
Signed-off-by: Knut Hühne <knut@k-nut.eu>
2017-07-28 21:21:40 -07:00
Chef Expeditor
6949e9a8fb Bump version to 1.31.5 by Chef Expeditor 2017-07-27 22:41:47 +00:00
Adam Leff
279fcb5cff Add changelog rollover on stable promotion (#2033)
With this configuration change, expeditor will add a "latest stable"
section to the changelog automatically whenever we promote InSpec
to the stable channel. All existing changelog entries will remain,
and any additional changelog entries that have been made in newer
versions that are newer than the artifact being promoted will
remain intact.

Signed-off-by: Adam Leff <adam@leff.co>
2017-07-27 18:41:42 -04:00
Chef Expeditor
6c6c2cbb1f Bump version to 1.31.4 by Chef Expeditor 2017-07-24 20:02:49 +00:00
Seth Chisamore
c857898091 Update SHA1 fingerprint for MSI signing cert (#2031)
The cert has been updated as the old one expires on 2017-07-25.

Signed-off-by: Seth Chisamore <schisamo@chef.io>
2017-07-24 16:02:43 -04:00
Chef Expeditor
1acd8ad014 Bump version to 1.31.3 by Chef Expeditor 2017-07-24 16:37:17 +00:00
Dominik Richter
a4bd38915c bugfix: empty file strings from archive readers (#2027)
* bugfix: empty file strings from archive readers

Empty files in archives are sometimes possible (we just ran into this with TGZ), but is never a valid file to extract. So remove it and discount it altogether. Changed structure to support testing of these global calls.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* lint and rebuild

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-07-24 09:37:13 -07:00
Chef Expeditor
885a7e90ca Bump version to 1.31.2 by Chef Expeditor 2017-07-24 16:11:30 +00:00
Seth Chisamore
e06c943599 [JEX-608] Use Expeditor to bump version and trigger release build (#2015)
This change updates this repo to begin using the following standard
behavior from Expeditor following a merge to the master branch:

* Automatically bump the `PATCH` version in the `VERSION` file (see https://git.io/vQQYR)
* Create a git tag for the new version (see https://git.io/vQQYR)
* Trigger a release build on manhattan.ci.chef.co using the new tag (see https://git.io/vQQY1)
* Automatically update CHANGELOG (coming soon...the `built_in:update_changelog` merge action is in development)

More details on Expeditor can be found at:
https://github.com/chef/es-lita/tree/master/lita-expeditor

Signed-off-by: Seth Chisamore <schisamo@chef.io>
2017-07-24 12:11:25 -04:00
Dominik Richter
f3d182a2ed update minimum ruby from 2.1 -> 2.2, add 2.4 (#2029)
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-07-24 11:19:53 -04:00
Nicolas
332842ee48 Fix https://github.com/chef/inspec/issues/2019 (#2020)
Signed-off-by: Nicolas Rodriguez <nicoladmin@free.fr>
2017-07-18 08:28:56 -07:00
Seth Chisamore
a081b343e0 Revert "Update SHA1 fingerprint for MSI signing cert (#2013)" (#2014)
This reverts commit b803194abd.

Reverting this as we are investigating using an EV cert which has
instant reputation with Microsoft Smartscreen filter.

Signed-off-by: Seth Chisamore <schisamo@chef.io>
2017-07-12 17:26:09 -04:00
Seth Chisamore
b803194abd Update SHA1 fingerprint for MSI signing cert (#2013)
The cert has been updated as the old one expires on 2017-07-25.

Signed-off-by: Seth Chisamore <schisamo@chef.io>
2017-07-12 15:24:14 -04:00
Adam Leff
9580732814 Source reader should not hand back files with nil contents (#2003)
If a profile has a data files directory that looks like this:

```
files/platforms/one/data.json
files/platforms/two/data.json
files/platforms/three/data.json
```

... the source reader will return the directories in the list of files but with
nil contents. This causes an issue when Inspec::Profile tries to create a sha256
checksum of the profile contents only to try to cast nil to a string when
building the null-delimited profile contents string.

Files that are empty will have an empty string as its contents, so it's safe to
assume that file entries with nil contents are actually a directory and have no
affect on the profile's checksum. Therefore, this change will eliminate any file
entries in responses from the source readers where the contents are nil.

Signed-off-by: Adam Leff <adam@leff.co>
2017-07-11 21:33:55 +02:00
Adam Leff
1ea06ac3ea Change host resource to use getent ahosts on Linux (#2002)
* Change host resource to use getent ahosts on Linux

In InSpec 1.31, we changed the `host` resource to use `dig` instead of `getent
hosts` for name resolution because `getent hosts` does not return all entries
(only the first v6 entry if it exists, then the first v4 entry) and we wanted to
keep the Darwin and Linux implementation as close as possible. Unfortunately,
this affected users' ability to do resolution checks for entried stored in their
/etc/hosts file.

This change goes back to using `getent` for Linux and changes to `getent ahosts`
which returns both v4 and v6 records. Additionally, the Darwin provider's dig
implementation was reordered to return v4 addresses before v6 addresses to be
consistent with how `getent ahosts` returns records.

Signed-off-by: Adam Leff <adam@leff.co>

* Update unit tests for resolve_with_getent with proper output

Signed-off-by: Adam Leff <adam@leff.co>
2017-07-11 21:32:52 +02:00
Adam Leff
fb5e5c54e3 Promote artifact to stable during Habitat upload (#1999)
`pkg` commands in Habitat 0.25 now use channels and prefer the `stable` channel by
default. However, artifacts uploaded with `hab pkg upload` go to `unstable` by
default (as it should).

This change ensures that `chef/inspec` artifacts land in `stable` during our
release process.

Signed-off-by: Adam Leff <adam@leff.co>
2017-07-11 21:30:06 +02:00
Adam Leff
c29648a623 Release v1.31.1 (#1996)
Signed-off-by: Adam Leff <adam@leff.co>
2017-07-06 16:29:20 -04:00
Adam Leff
1fdea330d3 host resource: fix netcat detection (#1995)
The logic used to determine whether a viable netcat binary exists is wrong and
prevents Linux hosts from doing TCP reachability checks.

Signed-off-by: Adam Leff <adam@leff.co>
2017-07-06 16:23:57 -04:00
Adam Leff
dd3457537e Release v1.31.0 (#1994)
Signed-off-by: Adam Leff <adam@leff.co>
2017-07-06 14:07:16 -04:00
Adam Leff
3916d7aca2 Fix formatter when two profiles have the same name (#1991)
* Fix formatter when two profiles have the same name

In the event that an InSpec runner has two profiles that are named the same
(such as when InSpec generates a profile for the Flat source reader, and Test
Kitchen is running concurrently), InSpec could hand back a profile that does not
contain the example. This leads to nil control data and ugly NilClass errors
when TK runs concurrently.

This change modifies the method that finds the profile by control to not only
match on profile name but also match on example ID.

Signed-off-by: Adam Leff <adam@leff.co>
2017-07-06 13:30:37 -04:00
Adam Leff
7bba235014 Add support for ncat in host resource for CoreOS (#1993)
CoreOS is considered a member of the Linux family, and the `host` resource tries
to use `nc` on Linux hosts to test TCP reachability. Unfortunately, `nc` is not
available on CoreOS, but `ncat` is.

This change attempts to use `nc` first, then `ncat` if it's available.

Signed-off-by: Adam Leff <adam@leff.co>
2017-07-06 13:19:16 -04:00
Maggie Walker
c351d27334 Remove Google Custom Search and replace with Swiftype (#1992)
Since Google Custom Search is EOL-ing, we are replacing it with
Swiftype. This adds the necessary markup and JS to make that happen,
as well as some CSS overrides to make it fit with the styling on
the site.

Signed-off-by: Maggie Walker <magwalk@gmail.com>
2017-07-05 17:56:54 -04:00
Tor Magnus Rakvåg
61a8675417 clarify PowerShell requirement (#1989)
Signed-off-by: Tor Magnus Rakvag <tm@intility.no>
2017-07-05 21:28:20 +02:00
Adam Leff
c280e9a816 Fix host resolution on Darwin, use dig wherever possible (#1986)
* Fix host resolution on Darwin, use dig wherever possible

The `host` and `dig` commands do not return non-zero if a query returns NXDOMAIN
or NOERROR, but the DarwinHostProvider was expecting it when deciding whether to
fall back to IPv4 if a IPv6 query failed. Therefore, the `host` resource would
not function properly when resolving hostnames on Darwin. The logic has been
changed to use `dig` short output and query for both v6 and v4 addresses.

Additionally, the LinuxHostProvider has been modified to prefer `dig` if it's
available to keep behavior similar between Darwin and Linux whenever possible.
This has the added benefit of providing v6 and v4 resolution if possible where
`getent hosts` only returns v6 if v6 records exist.

Signed-off-by: Adam Leff <adam@leff.co>
2017-07-05 10:45:30 -04:00
Christoph Hartmann
3255054390 simplify kernel module docs (#1987)
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-07-05 09:57:47 -04:00
Aaron Lippold
cc7ed38d09 kernel_module resource: added blacklisting, enabled, disabled, docs and unit tests (#1798)
* Fix up methods, add command mock, do string matching in ruby instead of command

Fixes #1643
Fixes #1673

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-07-05 11:41:44 +02:00
Aaron Lippold
224935e9cf New postgres_hba_conf resource (#1964)
* Created pg_hba_conf resource

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Created pg_hba_conf resource

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Corrections

* updated to parse auth-options

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* updated `conf_path` instance var to `conf_file` for consistancy.

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* pg_hba_conf - updated the parse_line method
added test and doc files

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Updated few bugs on pg_hba_conf
updated test files and docs

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Updated docs

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Made updates based on the reccomendations

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* PR commit

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* PR Commit

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Update Gemfile.lock

* PR Commit

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Updated doc file for postgres_hba_conf resource to use
'cmp' matcher instead of 'eq'

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Made requested changes, except for SimpleConfig - will address that later.

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-07-03 20:13:51 +02:00
Aaron Lippold
57864f1488 New postgres_ident_conf resource (#1963)
* Initial commit of pg_ident_conf resource

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Initial commit of pg_ident_conf resource

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Small updates to organization of code

Signed-off-by: Aaron Lippold <lippold@gmail.com>
Signed-off-by: Rony Xaiver <rx294@nyu.edu>

* updated `conf_path` instance var to `conf_file` since we are returning
a file.

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* Updated few bugs on pg_ident_conf
added test files and docs

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Updated docs

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Added mock folders

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Added mock folders

Signed-off-by: Rony Xavier <rx294@nyu.edu>
Signed-off-by: Aaron Lippold <lippold@gmail.com>

* Added mock folders

Signed-off-by: Rony Xavier <rx294@nyu.edu>
Signed-off-by: Aaron Lippold <lippold@gmail.com>

* Added OS check

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Added mock file

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Added mock folders

Signed-off-by: Rony Xavier <rx294@nyu.edu>
Signed-off-by: Aaron Lippold <lippold@gmail.com>

* added windows mock file

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* Changed resource name from pg_ident_conf to postgres_ident_conf

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Completed corrections reccomended on PR

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* removed copyright information

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-07-03 20:01:40 +02:00
Aaron Lippold
1b58763aff updated postgres_session resource properly escape queries (#1939)
* fixed a small courner case in the error detection - error: vs error
fixed resource to use 'shellwords' module to escape the query
requested chances in method architecture for testing
added unit tests

Fixes: #1814

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* updated resource and tests with requested review changes

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* removed unneeded call to `escaped_query` in the `create_sql_cmd`.

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* removed license info

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-07-03 08:10:27 +02:00
Adam Leff
0d74a7dc50 Release v1.30.0 (#1978)
Signed-off-by: Adam Leff <adam@leff.co>
2017-06-29 15:19:16 -04:00
Christoph Hartmann
0839be50d6 oracle_session and mssql_session improvement (#1857)
* improve database parsing
* support sqlcli
* ensure headers are downcast
* externalize database helper
* use password as argument
* feedback from @adamleff
* inline docs update + linting
* stay backwards compatible
* implement tests
2017-06-29 11:01:32 -04:00
Adam Leff
a6582bea9b Remove any "All Rights Reserved" references (#1969)
* Remove any "All Rights Reserved" references

InSpec is licensed and released under the Apache 2.0 license. This
change removes all reference to legacy code files that still had
any Copyright or License lines referring to "All Rights Reserved".

Signed-off-by: Adam Leff <adam@leff.co>

* fix functional tests

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-06-28 04:14:19 -07:00