Commit graph

1505 commits

Author SHA1 Message Date
mhackethal
86cf55382b filesystem: improve Windows support (#3606)
* Improve filesystem.rb to support windows

improve filesystem.rb to support windows.
Split into 2 classes LinuxFileSystemResource / WindowsFileSystemResource
Add filesystem to verify a FS-type ( currently not for linux because missing test server )
Size on Windows is converted to GB - discussion about this welcome

update to reflect also windows os

* Create get-wmiobject-filesystem
* Delete get-wmiobject-filesystem

* Fix the testing code for filesystem.
Change its 'filesystem' to 'type' according to recommendation from @miah
Signed-off-by: Markus Hackethal <mh@it31.de>
2018-11-19 13:32:59 -05:00
Clinton Wolfe
e4afadfc3f Revert setting RSpec expectation syntax to 'should' mode (#3620)
* Revert "Silence RSpec 'should' Warning (#3560)"

This reverts commit 7c611a4c24.

* Add comment with link to reverted fix

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-11-16 17:04:04 -05:00
Clinton Wolfe
35ad5d5528 Improvements to the functional helper run_inspec_process (#3603)
* Add run_inspec_process, with JSON handling, to functional helper
* Add ability to run a plugin to functional helper
* CWD fix for run_inspec_process
* Add support for running a plugin within a functional test
* Move plugin functional helper code to main func helper file
* FuncHelper: Do not send reporter or lock options if command is not exec

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-11-16 17:03:40 -05:00
Clinton Wolfe
3c8697e5e2 Create a class to handle the plugins.json file (#3575)
* unit tests for plugin conf file class, all skip
* File path stuff works
* Validation works
* Add works
* Added remove_entry
* Save works - ready to refactor others
* Rework Loader to use ConfigFile
* Modify loader and installer to use the config file class
* linting

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-11-16 17:03:09 -05:00
Harold Dost
202bec7641 Adds protection against zipslip vulnerability (#3604)
- Adds associated tests to validate paths can't be used.

Relates to: #3599
Signed-off-by: Harold Dost <h.dost@criteo.com>
2018-11-13 14:33:34 -05:00
Fernando Alexandre
8b089ea1e1 Fixes #3546 (#3592)
* When pty is used not having --no-pager makes inspec hang during the test
* Updated tests

Signed-off-by: Jose Alexandre <jose.alexandre@worldfirst.com>
2018-11-13 14:33:08 -05:00
Timothy van Zadelhoff
5739cb2d6b aws_security_group: Query against other security group ids in allow_* matchers (#3576)
* add security-group to security-group rules
* update docs
* Add integration tests for security-group to security-group rules
* rubocop fix
*     Add one security group rule, with position.
* make control fit description

Signed-off-by: Timothy van Zadelhoff <timothy.inspec@theothersolution.nl
2018-11-13 13:25:33 -05:00
Jerry Aldrich
6ba4aaf630 Add Git SSH and HTTP basic auth support to inspec exec (#3562)
* Add support for `git@` and HTTP basic auth

This adds support for the following:

```
inspec exec git@github.com:private/example_profile
inspec exec https://username:token@github.com/private/example_profile
inspec exec https://username:password@webserver/private/example_profile
```

This also uses the Git fetcher when the URL ends in `.git`. Example:

```
git config credential.helper cache
git ls-remote https://github.com/private/example_profile.git
inspec exec https://github.com/private/example_profile.git
```

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Add documentation for `inspec exec` usage

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Add tests for Git fetcher and `inspec exec`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Add `opts` to branch of Git fetcher resolve logic

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Modify Git example comments

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Force `parse_uri` to attempt a parse

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-11-08 15:55:15 -05:00
mrshanahan
cebe044a68 Update iis_site bindingInformation construction and add tests. (#3490) (#3492)
Signed-off-by: Matt Shanahan <mrshanahan11235@gmail.com>
2018-11-08 13:42:59 -05:00
Rachel Rice
de5b332feb Allow add_test to accept negation (#3586)
* Allow add_test to accept negation
This will allow for negated tests to be generated with add_tests.
* Fix rubocop violation
* Add optional options hash

Signed-off-by: Rachel Rice <rrice@chef.io>
2018-11-08 12:48:12 -05:00
Mark Hughes
45926ef63a Added xml resource support for ints, bools, and string responses (#3583)
Methods like…

* `count()` return `Integer` values
* `boolean()` return `TrueClass`/`FalseClass` values
* `concat()` return `String` values

…but threw exceptions because those types weren't supported.

This adds support to the `xml` resource, and adds tests to verify some of those examples.

Signed-off-by: Mark Hughes <greenantdotcom@users.noreply.github.com>
2018-11-08 12:47:18 -05:00
James Stocks
5da1180780 Add only_if to Inspec objects (#3577)
* Add only_if attr to Inspec::test
* Add only_if attr to Inspec::Control

Signed-off-by: James Stocks <jstocks@chef.io>
2018-11-08 12:46:19 -05:00
Jared Quick
d33d189d93
Create appvayor workers for Windows functional tests. (#3397)
* Add more windows functional tests and create some appvayor workers.
* Fix uuid test for automate

Signed-off-by: Jared Quick <jquick@chef.io>
2018-11-08 12:00:14 -05:00
Clinton Wolfe
7c611a4c24 Silence RSpec 'should' Warning (#3560)
* Failing functional test for RSpec should deprecation
* Configure RSpec to allow .should calls
* Remove cruft from test files where we needed to filter deprecation warning

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-11-07 13:59:48 -05:00
Ksenia
c07ec59070 Add 17 hexadecimal characters support aws_vpc (#3518) (#3564)
aws_vpc: accept 17 hexadecimal characters for vpc_id 

Signed-off-by kchistova <kchistova@gmail.com>
2018-11-05 10:01:16 -05:00
David Alexander
83d382c965 Fixes (some) ruby warnings related to functional tests (#3561)
* Fixes (some) ruby warnings related to functional tests
* Removes unneeded `Dir.tmpdir` from test

Signed-off-by: David Alexander <opensource@thelonelyghost.com>
2018-11-05 09:59:01 -05:00
David Grizzanti
d8c90df4df Doc typo fix (#3551)
Signed-off-by: Dave Grizzanti <david_grizzanti@comcast.com>
2018-11-05 09:11:23 -05:00
Jared Quick
0fc83871a1
Fix functional tests. (#3572)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-11-02 12:52:54 -04:00
Jared Quick
d9767884ff
Allow help args after Thor commands (#3553)
* Allow help args after thor commands.
* Add more testing and clarification.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-11-01 13:04:59 -04:00
Jared Quick
0f42b31016
Allow end of options during Thor array parsing (#3547)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-10-30 06:32:16 -04:00
Christoph Hartmann
27b80e0998 ✓ adds additional checks for vendored profiles (#3362)
* ✓ adds additional checks for vendored profiles

This PR adds additional checks to verify if:
- inspec.yml and inspec.lock dependencies are out-of-sync
- complains about a missing lock file if we have dependencies defined

* skip if legacy profile path is used
* Fix unit tests.
* Force static sha256 for lock files and protect from unnamed depends.
* Add vendor profiles for checks. Windows downloads with different sha256.
2018-10-25 14:44:29 -04:00
Stuart Paterson
f64da78edb Adding inspec init profile for GCP. (#3484)
* Adding inspec init profile for GCP.
* Adding final newline, thanks rubocop.
* Ensure README headings are at the same level.
* Move OS-specific default profile to new location
* Enforce os-platform restriction on default profile template
* Use profile templates in subdirs.
* Updates to address PR feedback after rebasing from #3491.
* Alter test setup to properly use YAML

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-10-25 14:16:31 -04:00
Jared Quick
d40dc7c41f
Update to safe navigation exit code skip search. (#3541)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-10-24 15:08:07 -04:00
Andrey Klyachkin
f835c24e89 ksh support (#3533)
Add ksh (Korn Shell) resource
2018-10-23 09:16:24 -04:00
James Stocks
7c58285eb6 New resource to work with Windows security identifiers (SIDs) (#3405)
* Resource for a Windows Security Identifier (SID)
* Integration tests for security_identifier resource
* Address rubocop violations
* Improve security_identifier from PR feedback
* Update security_identifier tests
* Improve security_identifier unit tests
* Fix unit tests fpr security_identifier resource
* More security_identifier unit tests
* Add docs page for security_identifier resource
* Fix issues with documentation
* Improve docs
Link to Microsoft reference page, and use their term 'trustee' instead of 'entity' where applicable.

* Change exists to exist
* Test appveyor file changes.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-10-19 09:01:00 -04:00
Miah Johnson
7a6119e7a6 Add missing tests for groups resource, document members property, and assorted fixes. (#3467)
* Add missing tests for groups resource, document members propery, and assorted fixes.

Update existing documentation for group resource.
Add documentation for groups resource.
Update group resource tests to test members property.
Change groups resource members property to have simple style. (this
ensures members is a single array)
remove deprecated have_gid propery.
change `if !` to `unless`
Remove early return from members method. This prevented members from
working correctly on any OS other than Windows.
Add missing tests for the groups resource.
remove tests for has_gid

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Fix comments

Signed-off-by: Jared Quick <jquick@chef.io>
2018-10-18 16:48:30 -04:00
Clinton Wolfe
ff2be7be56 FilterTable: allow Strings or Symbols as fields (#3481)
* Allow strings or symbols to be used interchangeably in filtertable criteria; improve error message
* rubocop
* Update test count

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-10-17 09:29:58 -04:00
Jerry Aldrich
7313eb7819 style: Fix quotes/style on the docker resource (#3516)
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-10-17 09:14:19 -04:00
Jared Quick
2bbcdbde9b
Inspec 3.0 (#3512)
* Remove deprecated yumrepo. (#3435)

* Remove deprecations for cli `--format` and metadata.rb (#3452)

* Remove deprecated database_helpers stderr/stdout methods.
Update deprecation text for processes/apache.

* Remove deprecations for `--format` and metadata.rb
Remove deprecated `format` code.
Remove deprecated code test and change json-config format test to use
reporter.
Remove deprecated metadata.rb code
Remove deprecation notice for old supports syntax.
Deprecate metadata.rb from source_reader
Remove rubocop disables as they are no longer required for this code block.
Remove deprecated legacy metadata.rb mock profiles.
Remove deprecated metadata.rb profile tests.
Remove deprecated yumrepo test.

* Allow inspec-3.0 branch to be tested.
* Allow appveyor to test inspec-3.0 branch
* Change runner tests to use reporter rather than format.
Remove deprecated `supports: linux` tests.

* Remove skip from inherited profiles from showing up in reporting (breaking change) (#3332)

* Skip loading dependency profiles if they are unsupported on the current
platform.

Skip loading dependencies if they are unsupported on the current
platform.

Wrap our log and next in a conditional checking if the platform is
supported.

Change a `if !` into a `unless`

Check if the backend is a Train Mock Connection and if so say that the
profile does support the platform.

While iterating through tests being loaded skip when the platform is
unsupported.

We now log a WARN when a profile is skipped due to unsupported platform,
so lets check that.

Modified existing test to log that there are 0 skipped tests, instead of
2.

Add functional test that loads profile-support-skip with a json reporter
to check that our controls are not loaded and that stderr contains our
warning.

* Rather than iterating through each test return before recursion if the platform is
unsupported.

* Resolve tests using a supported platform different from testing platform

Add a control to `test/unit/mock/profiles/complete-profile` that would
work on any OS with a Internet connection. This allows the profile
to execute on any OS with success. `filesystem_spec.rb` was a control
that would only work on Linux and some BSD's.

We want profile tests to consistently work across development and testing
platforms, and not get 'skipped' in some cases.  Travis-CI tests on Linux,
Inspec Dev team uses Linux and MacOS, Appveyor tests on Windows

Also Updated `file_provider_test.rb` for `complete-profile` content changes.

If you `MockLoader.load_profile` on a unsupported platform you might not
hit the usual skip. Lets handle situations where the tests array in
Profile#load_checks_params could be nil.

* Use safe navigation rather than checking if tests is nil.
Update tests to point to unsupported_inspec and account for WARN changes.
Make unsupported_inspec profile support os-family 'unsupported_inspec'

* Fix skip bug when using include/require controls. (#3487)

* Fix skip bug when using include/require controls.
* fix test and feedback.

* Remove need for UUID detection for Automate report (#3507)
* Add json metadata for skipped profiles (#3495)

* Add skip metadata to json reports
* Unify skip messages.
* Update with status field.
* Add testing.
* Fix tests.
* lint
* Add skip exit codes for profile skips.
* Update website for 3.0 launch

Add `plugins` to sidebar.
Change 2.0 -> 3.0 in slim files.
Update 3.0 features list.
* Fix comments
* Update float to numeric.
* Change Float to numeric.
* updated feature list and impact doc
* Change "What's new in InSpec 3.0" -> "Announcing InSpec 3.0"
* Bump VERSION to 3.0.0 (#3511)

* Remove 3.0 testing checks.

* Fix azure link.
2018-10-15 18:25:27 -04:00
Jared Quick
cccad057c2 Update the text on the generic default attribute (#3508)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-10-15 12:15:17 -04:00
Jerry Aldrich
0b0a0a4d48 Change Inspec to InSpec where appropriate (#3494)
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-10-15 12:09:46 -04:00
Jared Quick
7a52419b64
Set a static node GUID for travis. (#3497)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-10-11 21:14:30 -04:00
Clinton Wolfe
de5403d352 Plugins: Filter Plugins During Search and Install (#3458)
* Unit and functional tests for a reject list facility
* Implementation of plugin reject facility
* Initial draft of reject list
* Add option to search to hide test fixture by default
* Fix test
* PR feedback

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-10-11 14:05:57 -04:00
Jared Quick
ba37ca1875
Fix error on empty attributes yaml (#3485)
* Allow empty attributes param.
* Add warning if invalid attributes.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-10-11 09:41:36 -04:00
Jared Quick
cbb3b600d9
Fix archive with required attributes (#3468)
* Skip require check unless we are in a exec call.
* Add testing
* Update comment.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-10-05 16:24:26 -04:00
Jared Quick
cb12ada2fe
Move compliance to v2 plugin (#3423)
* Move compliance pluging to v2 system.
* Update kitchen-inspec to test.
* Add legacy require patsh.
* Fix unit test

Signed-off-by: Jared Quick <jquick@chef.io>
2018-10-04 14:31:39 -04:00
Jonathan Hartman
7451917223 Support finding larger processes on Busybox (#3446)
For larger processes, Busybox's ps displays the vsz and rss columns in
megabytes or gigabytes, with no option I've found to override the behavior.

This change updates the process regex to account for that and converts
the values to kilobytes so they can still be cast as integers.

Signed-off-by: Jonathan Hartman <j@hartman.io>
2018-10-04 14:06:17 -04:00
Jerry Aldrich
d5bb1e5fe9 Fix attribute with empty hash regression (#3454)
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-10-02 22:57:25 -07:00
Jared Quick
2490a72c39 Fix plugin gem install code when deps cannot be resolved (#3453)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-09-28 17:52:51 -04:00
Clinton Wolfe
857b9bb11c Plugins: Support for Train Plugins in InSpec (#3444)
* Unit tests passing for loading Train plugins
* detect works with a train test fixture
* Update fixture install of train-fixture-plugin
* Add functional tests for detect and shell when talking to a train plugin backend
* Update docs to reflect availability of Train plugins
* Functional test for install train plugin from path
* Working install train plugin from path, more tests for installing from odd locations
* PR Feedback

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-09-27 18:46:35 -04:00
Jerry Aldrich
20776b363d Add support for multiple descriptions for controls (#3424)
* Add support for multiple descriptions for controls

This adds the ability to specify multiple descriptions in controls.

Example:

```ruby
control 'my-control' do
  impact 1.0
  title 'My control'
  desc 'A default description'
  desc 'rational', 'I need an example'
  describe file('/tmp') do
    it { should be_directory }
  end
end
```

Many thanks to @jquick for helping me with the unit tests.
* Remove unused `descriptions` method
* Remove unused profile from test mocks
* Respond to feedback

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-09-26 13:28:57 -04:00
Jonathan Hartman
08e3b90f2b Support the Busybox variant of netstat in the port resource (#3425)
Signed-off-by: Jonathan Hartman <j@hartman.io>
2018-09-25 22:40:05 -04:00
Clinton Wolfe
c24b65d98a Plugins: Load all CLI commands on usage on empty invocation (#3428)
* Functional test for usage messaging
* Activate v2 commands on empty CLI invocation for usage messaging

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-09-25 18:51:38 -04:00
Jared Quick
39b3b7135e
Add audit-cookbook integration testing (#3431)
* Add audit integration testing.
* Add some docs and feedback changes.
* Updated integration task to use paramaters and clean it up.
* Fix unit test

Signed-off-by: Jared Quick <jquick@chef.io>
2018-09-25 15:53:26 -04:00
Alex Pop
574b04dd4f Grammar correction in error message: use "an" with attribute and unknown (#3439)
Signed-off-by: Alex Pop <apop@chef.io>
2018-09-25 11:13:56 -04:00
Clinton Wolfe
0ced18841f
CLI Plugin Manager SubCommand (#3414)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-09-25 10:29:18 -04:00
Jared Quick
92646dc5c5
Fix v2 loader appveyor issue (#3434)
* Enable appveyor testing.
* Fix inspec plugin test fixture version issue.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-09-24 17:58:28 -04:00
James Massardo
2af1535f7c Add new resource: aws_ebs_volume (#3381)
* Added support for basic AWS EBS volume testing
* Fix error in exists matcher
* Added EBS resource documentation and requested changes

Signed-off-by: James Massardo <jmassardo@chef.io>
2018-09-21 11:49:28 -04:00
Clinton Wolfe
7963131670 Plugins Installer API (#3352)
* Sketch out in comments the unit and functional tests for the installer
* Make a test fixture gem, v0.1.0
* Add a 0.2.0 version of the test fixture gem, this one with a dependency
* Add a fixture with a pre-installed gem
* Correct test-fixture 0.1.0 gem
* Moockup of installed inspec-test-fixture gems
* Uggh add gemspec files to mock installs
* Update gem fixtures, and add a script that does it for me
* Able to load from and list privately managed gems
# Conflicts:
#	lib/inspec/plugin/v2/loader.rb

* Expanded tests, starting on implementation of installer

# Conflicts:
#	test/unit/plugin/v2/loader_test.rb

* Install plugin from local gem file works
* Writes the plugins.json file; needs refactor
* Gem install works; no version pinning
* Install with pinned version works
* Install from path works
* update works
* Validation for uninstall
* Uninstall from path works
* Uninstaller works on gems
* Add search to installer API.


Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-09-19 17:38:13 -04:00
Jared Quick
15481e2320
Move artifact to v2 plugin (#3406)
* Move inspec artifact to plugins v2.
* Fix freezing statics
* Update artifact test changes.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-09-18 20:19:56 -04:00
Martin Logan
242bee9ce6 Update AWS Security Group to work with IPV6 rules. (#3394)
Add inbound_rules_count and outbound_rules_count for total variants

Signed-off-by: Martin Logan <martinloganzz@gmail.com>
2018-09-18 16:21:41 -04:00
Jared Quick
544204a44c
Move inspec init to v2 plugins (#3407)
* Move inspec init to v2 plugins.
* Revert inspec run command env change.
* Allow prefix and env for run_inspec_process.
* Update unit tests to use new functionality.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-09-18 15:54:33 -04:00
Jared Quick
94c7ef0df8
Fix gem tests from recent merge. (#3409)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-09-18 15:00:26 -04:00
Jared Quick
44c4146a92
Fix json automate render and make the unit tests work. (#3408)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-09-18 14:20:48 -04:00
Ben Abrams
0b33644819 adding versions to the gem resource (#3398)
This is useful when you have multiple versions of the same gem installed. It can be leveraged like so:
```
describe gem('rest-client') do
  its('versions') { should include /1.8\.\d+/ }
  its('versions') { should include /2.0\.\d+/ }
  its('versions.count') { should_be eq 2 }
end
```

Signed-off-by: Ben Abrams <me@benabrams.it>
2018-09-18 13:17:10 -04:00
Jared Quick
40e024fa97
Move habitat to v2 plugin. (#3404)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-09-18 13:10:07 -04:00
Clinton Wolfe
50ff9f6a24
Plugins: Add support for 'bundles' migration (#3384)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
Signed-off-by: Jared Quick <jquick@chef.io>
2018-09-18 00:00:54 -04:00
Jerry Aldrich
bbc4002b53 Fix profile vendoring on Windows (#3378)
* Fix profile vendoring on Windows

This fixes vendoring on Windows by doing the following:
  - Expanding relative paths (handles `\\`)
  - Ensuring archives after closed after reading (prevents locking)

This also does the following:
  - Removes extra file from testing tar archive
  - Ensures fetching dirs/archives in the local fetcher behaves the same

* Fix profile vendoring on Windows

This fixes vendoring on Windows by doing the following:
  - Expanding relative paths (handles `\\`)
  - Ensuring archives after closed after reading (prevents locking)

This also does the following:
  - Removes extra file from testing tar archive
  - Ensures fetching dirs/archives in the local fetcher behaves the same

* Add vendoring to fuctional testing and fix the tmp path for windows

* Add tests for relative paths and backslashes

* Remove backslashes support in filenames on Linux

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-09-13 20:19:02 -04:00
Jared Quick
927720998c
Add platforms schema command (#3346)
* Add platforms schema command.
* Add functional test.
* Update tests with sorted export.
* Bump train version.
* Fix syntax in tests.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-09-13 15:36:17 -04:00
Jared Quick
1c12a544c7
Add string impact options for controls (#3359)
* Add impact class which contains all cvss scores.
* Add testing for impact changes.
* Change symbols to strings for impact.
* Update error messages to be more clear.
* Fix test with new sha

Signed-off-by: Jared Quick <jquick@chef.io>
2018-09-13 14:14:05 -04:00
Jared Quick
3da7511d36
Fix the compliance target error checks. (#3392)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-09-13 13:06:02 -04:00
Jared Quick
527571750d
Prevent logs from showing up when running inspec json (#3391)
* Prevent logs from showing up when running inspec json.
* Update it test text.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-09-13 13:05:10 -04:00
Jared Quick
6445e2c6d5
Add windows functional tests (#3385)
* Add windows functional tests.
* Fix tests for 2012 server.
* Fix windows build script
* Add more functional tests for windows.
* Update comment with TODO.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-09-12 18:04:16 -04:00
Jared Quick
4eaf2fc540
Populate code for inspec json inheritance (#3386)
* Add a code fallback for inherited profiles.
* Add functional testing.
* Push lint fixes
* Fix inspec.lock file
* Fix lint and break from loop

Signed-off-by: Jared Quick <jquick@chef.io>
2018-09-12 18:02:24 -04:00
Jared Quick
ac106a090e
Implement InSpec global attributes (#3318)
* Add yml attribute option.
* Add type matching.
* Add testing profile for global attributes testing all types.
* Allow attributes to be called within a control block.
* Fix attribut test issues and allow value to be set at runtime.
* Allow setting attr value after creation.
* Move attributes to global namespace.
* Move attributes to a singleton object.
* Add unit and updated functional testing.
* Rename attributes to attributes_test so the testhelper picks it up.
* Add attribute object tests and error types.
* Update with feedback changes.
* Remove extra line.
* Move attribute registry class file.
* Add documentation for attributes
* Rename rspec_extensions.
* Add some failing functional tests.
* Update docs and fix typos.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-09-12 16:42:58 -04:00
Martin Logan
8e780cd912 Fixing AWS integration tests. (#3374)
Obvious fix.
2018-09-10 14:38:57 -04:00
Christoph Hartmann
0e0b808e9b enforce utf encoding for cli output (#3376)
* enforce utf encoding for cli output
* add profile with wrong character set

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2018-09-10 14:37:43 -04:00
Jared Quick
30e43c294d
Remove any inspec.lock file before testing vendoring. (#3377)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-09-10 10:15:16 -04:00
Jerry Aldrich
9d031053ea Various improvements to vendor command (#3286)
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-09-06 23:28:08 -04:00
Jared Quick
76b453eee9
Allow target-id passthrough (#3320)
* Allow uuid passthrough
* Update flag to be target-id.
* Updated to use proper formatting for header.
* Fix empty line after cli banner.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-09-05 15:07:34 -04:00
Noel Georgi
34ae5aac40 Add HTTP basic auth for URL based inspec deps (#3341)
* Add HTTP basic auth for URL based inspec deps
* Add tests

Signed-off-by: Noel Georgi <git@frezbo.com>
2018-08-30 12:57:50 -04:00
Noel Georgi
9b5aaa4f87 Support erb rendering (#3338)
* Support erb rendering

Fixes: https://github.com/inspec/inspec/issues/3337

* Add UT's and docs

Signed-off-by: Noel Georgi <git@frezbo.com>
2018-08-30 12:56:06 -04:00
Jared Quick
6120497db1
Convert legacy supports to their platform counterparts (#3333)
* Convert legacy supports to their platform counterparts.
* Fix rubocop lint.
* Update json schema for platform supports.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-08-30 09:11:55 -04:00
Josh Hudson
2d44b6e5e0 Cached profiles with Compliance Fetcher (#3221)
* Leverage existance check in Compliance::Fetcher.resolve to not re-download locally cached profiles
* Move logic from Compliance::API.exist? to Compliance::API.profiles to reuse code in cases where we need to access profiles' metadata directly.
* Declare @upstream_sha256 if target is a string
* Handle other fetchers that don't support upstream_sha256 within Inspec::CachedFetcher.initialize
* Add initialize for Compliance::Fetcher to not pollute Fetchers::Url with its logic
* Add Compliance::Fetcher.sha256 to leverage upstream_sha256 instead of relying on inherited method from Fetchers::Url
* Revert changes to cached fetcher that are unnecessary after refactor
* Pacify the god of ruby syntax
* Move Compliance::API.profiles filtering logic to end of method to leverage normalization of mapped_profiles
* Add and update unit tests to support caching with Compliance::Fetcher.upstream_sha256

Signed-off-by: Josh Hudson <jhudson@chef.io>
2018-08-28 09:11:38 -04:00
Jerry Aldrich
7098631d3e Infer --sudo when --sudo-password is used (#3313)
This does the following:
  - Adds `--sudo` if using `--sudo-password`
  - Warns the user if using `--sudo-password` without `--sudo`
  - Adds unit tests for `Inspec::BaseCLI#opts`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-08-23 13:47:26 -04:00
Jared Quick
9f3e1c33a8
Suppress logs for json-automate reporter (#3324)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-08-23 13:43:48 -04:00
Vern Burton
a7ab4b8b5f Add cloudlinux under redhat family (#2935)
* adding cloudlinux into the mocker under the redhat family as it is found inside of train, and creating tests for cloudlinux that mirror the centos/redhat tests.
* adding cloudlinux under the select_service_mgmt method so that it can be matched.

Signed-off-by: Vern Burton <me@vernburton.com>
2018-08-22 15:58:38 -04:00
Clinton Wolfe
d24e0f0ec9 Plugins V2 API: CLI Command Plugin Type, Again (#3296)
Plugins V2 API: CLI Command Plugin Type

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-08-16 20:22:28 -04:00
Clinton Wolfe
811318f2f8 Plugins API v2: Loader, Base API, and Test Harness (#3278)
* Functional tests for userdir option
* Accepts --config-dir CLI option
* Actually loads a config file from the config dir, more cases to test
* Able to load config and verify contents from config-dir
* Functional tests to ensure precedence for config options
* Enable setting config dir via env var
* .inspec, not .inspec.d
* Begin converting PluginCtl to PluginLoader/Registry
* Able to load and partially validate the plugins.json file
* More work on the plugin loader
* Break the world, move next gen stuff to plugin/
* Be sure to require base cli in bundled plugins
* Move test file
* Revert changes to v1 plugin, so we can have a separate one
* Checkpoint commit
* Move v2 plugin work to v2 area
* Move plugins v1 code into an isolated directory
* rubocop fixes
* Rip out the stuff about a user-dir config file, just use a plugin file
* Two psuedocode test file
* Working base API, moock plugin type, and loader.
* Adjust load path to be more welcoming
* Silence circular depencency warning, which was breaking a unit test
* Linting
* Fix plugin type registry, add tests to cover
* Feedback from Jerry

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-08-16 18:16:32 -04:00
Jared Quick
34ac059972
Allow the jsonAutomate report to be executed from cli (#3285)
* Allow the jsonMerged report to be executed from cli.
* Renamed reporter to json-automate and added in comments.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-08-14 20:07:59 -04:00
Miah Johnson
3a9ed68c72
Merge pull request #3267 from inspec/miah/3158-3
Update `only_if` to allow user specified messages.
2018-08-10 09:38:55 -07:00
Miah Johnson
e710b5b633 Remove conditional checks for true and reverse if conditional on
Inline if_false_message into test.

Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-08-09 12:12:47 -07:00
Robert Van Kleeck
5264cb5fdf add iis_app_pool resource (#2400)
* add iis_app_pool resource
* add sign off
* remove training whitespace
* code cleanup and simplify timeout checks
* add mock tests

Signed-off-by: Rob Van Kleeck <rvankleeck@salesforce.com>
2018-08-09 09:19:49 -04:00
Henry Muru Paenga
f605051f53 Add new resource: aws_ecs_cluster (#3213)
Signed-off-by: Henry Muru Paenga <meringu@gmail.com>
2018-08-09 09:19:27 -04:00
Jared Quick
71003cd564
Error cleanly if a reporter errors while rendering (#3280)
* Error cleanly if a reporter error while rendering.
* Add functional test for automate reporter.
* Remove authors.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-08-09 09:18:10 -04:00
Noel Georgi
9d3beb8d41 Adding docker plugin support (#3074)
* Fixing tests and squashing
* Updating as per some PR comments
* PR comments

Signed-off-by: Noel Georgi <18496730+frezbo@users.noreply.github.com>
2018-08-09 08:20:32 -04:00
Ksenia
d2ae5c0d68 Fix issue#3269. Add 17 hexadecimal characters support aws_route_table (#3277)
Add support in aws_route_table to allow 17 hexadecimal characters
2018-08-09 08:16:03 -04:00
Miah Johnson
782be81807 Allow passing a message to set_skip_rule. Previously, the value passed
to set_skip_rule could be a boolean, or a message. Now value should
always be a boolean, and if a message is needed one can be passed and
will be set.
Allow only_if to take a message during control_eval DSL.
Add test for only_if(message).

Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-08-07 11:37:59 -07:00
pete higgins
4ed7362f0c Enable inspec archive, check, and json to run as unpriveleged user (#3263)
* Add --vendor-cache flag for archive, check, and json commands.
* Remove unused ignore_supports flag for Inspec::Runner.

This flag was only set in two code paths that did not call
Inspec::Runner so setting it did not have any effect.

Signed-off-by: Pete Higgins <pete@peterhiggins.org>
2018-08-07 12:12:41 -04:00
Jared Quick
73a40139a6 Add a merged json report for A2 (#3261)
* Provide a json_merge report used by A2 that merges all child profiles.

Signed-off-by: Jared Quick <jquick@chef.io>

* Merge profile controls from child up until we find something usable.

Signed-off-by: Jared Quick <jquick@chef.io>

* Add testng for json_merged report.

Signed-off-by: Jared Quick <jquick@chef.io>

* Push the profile population to be later in the report.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-08-03 16:07:01 +02:00
Noel Georgi
b93da53237 Escaping package names for windows packages (#3259)
* Escaping package names for windows packages
* Fixing missed package_name ref
* Updating Mock SHA
* Removing unwanted file
* Linting fix

Signed-off-by: Noel Georgi <18496730+frezbo@users.noreply.github.com>
2018-08-02 14:40:14 -04:00
Jared Quick
6e59ef176b
Populate report code for merged controls (#3264)
* Populate the code section for all profiles where we merge controls.
* Fix rubocop issues.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-08-02 14:39:11 -04:00
Jerry Aldrich
f2d64938b7 windows_feature resource: Add DISM support (#3224)
* windows_feature resource: Add DISM support

This modifies the `windows_feature` resource to fallback to DISM when
the `Get-WindowsFeature` command is not available.

* Allow specifying `:dism` or `:powershell`
* Replace stacktrace with smaller error message
* Add notes/todo about raise behavior
* Remove duplicated platform check

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-07-25 16:00:06 -04:00
Jerry Aldrich
2245bba021 cli: Downcase supermarket tool name to match URL (#3242)
* cli: Downcase supermarket tool name to match URL

This downcases the user provided tool name. Without this fetching the
profile will fail because the Supermarket API downcases in the URL.

* Add another downcase
* Add handling for `supermarket://owner_but_no_name`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-07-25 15:59:19 -04:00
Jerry Aldrich
c1d7b2cfa3 alpine resource: Fix small style issues (#3238)
* Constrain RuboCop disables to single method
* Add comment to Alpine package command
* Use single quotes for Alpine package command
* Change `it` statement to be readable

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-07-25 15:57:51 -04:00
Jared Quick
faf3d1588e
Fix the unit tests by pining to a older openssl cookbook. (#3251)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-07-25 13:08:12 -04:00
Dan Webb
a0fffa5286 Add Alpine package provider (#3215)
- Add Alpine tests
- Stub apk grep command for alpine
- Resolve (disable for now) rubocop ABC/CyclomaticComplexity/PerceivedComplexity

Signed-off-by: Dan Webb <dan.webb@damacus.io>
2018-07-19 15:07:36 -04:00
James Stocks
ca833afacf Generate describe code for an array of strings (#3227)
Context:
When testing a Windows registry key with a period character in it e.g. `explorer.exe` it is not possible to use `its("explorer.exe")` because the period would be interpreted as method chaining.
In this case, you must instead use `its(["explorer", "exe"])`
See https://github.com/inspec/inspec/issues/1281

This commit fixes `to_ruby`in `Inspec::Describe` so that it produces an array in the generated Inspec code instead of a string.

Signed-off-by: James Stocks <jstocks@chef.io>
2018-07-19 15:00:21 -04:00
Miah Johnson
bfd569fe99 Ensure resources fail that target something that isn't supported (#3231)
* Use fail_resource rather than skip_resource when the platform is not
supported by the resource.

* Update tests to handle failing on unsupported platforms.
Update functional tests.

Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-07-19 08:16:54 -04:00
Jerry Aldrich
706493f2f3 command resource: Allow redacting #to_s (#3207)
* command resource: Allow redacting `#to_s`
* Respond to feedback

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-07-16 08:20:57 -04:00
Stanislav Voroniy
a16877f427 A number of bug fixes and new features for oracledb_session resource (#3170)
Signed-off-by: Stanislav Voroniy <stas@voroniy.com>
2018-07-09 13:57:45 -04:00
Clinton Wolfe
92e96ebedb Accept regexes for --controls option to inspec exec (#3179)
* Functional tests for regex control selection
* Implementation for regex-based control filtering

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-07-05 15:44:30 -04:00
Miah Johnson
a084187b21 When a profile is created with init, the last item after a / is the (#3175)
profile name. eg "with/slash" would result in a profile created in the
"with" directory named "slash"

Add test for inspec init, and updated other for new output.

Clean up profiles created during testing and place them in temporary
directories.

Describe our test a bit better.
Check that the profile was created in the right location.
Check that the profile is named correctly.

Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-07-05 15:37:18 -04:00
Noel Georgi
6fe13ce1eb Updating inspec with bastion options (#3180)
* Updating inspec with bastion options as per https://github.com/inspec/train/pull/310
* Updating train pin
* Adding --password to pass the test
* Revert "Updating train pin"
* PR changes

Signed-off-by: Noel Georgi <18496730+frezbo@users.noreply.github.com>
2018-07-05 15:37:04 -04:00
Jerry Aldrich
a56539bc62 Fix some issues with the vendor functional tests (#3196)
* Sort `Dir.entries` in functional test

Ruby's `Dir.entries` differs between OS's. This ensures the same order
is used when comparing two arrays.

* Remove unused variable `exec_out`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-07-05 14:19:41 -04:00
Miah Johnson
ef6cb0d85b This functional test was validating that a randomly named directory (#3198)
Fix vendor functional test to not validate a repo hash that can change.
2018-07-05 13:54:53 -04:00
Clinton Wolfe
2ac5581d32 Document exit codes for 'inspec exec' and add --no-distinct-exit option (#3178)
* Add long description to inspec exec command, mentioning exit codes
* Modify website doc builder code to use long description if available
* Functional test for --distinct-exit flag
* Implement --distinct-exit option
* Inspec shell also needs the option

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-06-29 08:43:34 -04:00
Jared Quick
52694d4031 Add parent_profile field in json output (#3164)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-06-26 13:04:31 -04:00
Jerry Aldrich
737df411ef apache_conf resource: Strip quotes from values (#3142)
* apache_conf resource: Strip quotes from values
* Update regex to capture all vars between quotes
* Change `x` and `y` to proper variable names

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-06-26 07:48:48 -04:00
Clinton Wolfe
ed44b34509 Add functional tests for nested attributes (#3157)
* A functional test for attributes
* Add tests for nested attrs in yaml
* remove commented-out tests

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-06-26 07:48:20 -04:00
Clinton Wolfe
44c0fd2e4f
Accept symbols and downcased criteria in aws_iam_policy have_statement matcher (#3129)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-06-21 14:19:56 -04:00
Jared Quick
12890408bb
Fix control merging when overriding child controls (#3155)
* Fix the control merging issues when overriding child controls.
* Fix rubocop issue and vendor compression.
* Add in lock file for vendor profile

Signed-off-by: Jared Quick <jquick@chef.io>
2018-06-21 13:37:47 -04:00
Jerry Aldrich
cf9ce1bfdc auditd resource: Add handling for sudo/no command (#3151)
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-06-20 21:27:53 -04:00
Jared Quick
7db83446ba
Add insecure option to the automate report json (#3124)
* Add insecure option to the automate report json.
* Add in automate and compliance json documentation.
* Fix typo.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-06-14 14:05:21 -04:00
Clinton Wolfe
7aa60852e6 Add list properties back to shadow (#3140)
* Un-deprecate plural properties on shadow; deprecate the singular versions
* Update filtertable interface to current
* A weak attempt at making the docs coherent
* Doc feedback per Jerry

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-06-14 13:42:00 -04:00
Jared Quick
4e54475cec
Fix tests for ruby 2.5 (#3125)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-06-11 11:25:16 -04:00
Clinton Wolfe
6f46d52242
Add aws_elb and aws_elbs resources (#3079)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-06-07 15:06:05 -04:00
Miah Johnson
ab32446213 Adds a aws_flow_log resource with unit and integration testing. (#2906)
Signed-off-by: Miah Johnson <miah@chia-pet.org>
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-06-07 14:41:46 -04:00
Samuel Boucher
27995f37e8 Update junit reporter to add failures attribute (#3086)
Signed-off-by: Samuel Boucher <boucher.samuel.c@gmail.com>
2018-06-06 12:14:24 -04:00
Jared Quick
06e1aa5379 Allow custom resources to access all other resources (#3108)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-06-06 11:56:51 -04:00
Clinton Wolfe
f9dd82f2f6
Add common methods to FilterTable automatically (#3104)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-06-05 22:35:09 -04:00
Clinton Wolfe
ca6556e0fe
Add lazy-loading to FilterTable (#3093)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-06-05 17:32:52 -04:00
Clinton Wolfe
4cd6cc07cc
Two fixes to FilterTable where criteria handling (#3045)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-06-05 00:46:32 -04:00
Jared Quick
06ff747cfc
Detect windows packages with trailing spaces. (#3106)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-06-01 10:39:26 -04:00
Dominik Richter
ebd1d36600 support local npm package searches (#3105)
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2018-06-01 10:52:46 +02:00
Jared Quick
924349b88b Fix the git fetcher to vendor correctly (#3097)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-05-31 13:53:14 -04:00
Tor Magnus Rakvåg
34b393ed3c mssql_session default port and local_mode (#3031)
* set port default to nil, introduce local_mode
* raise instead of warning
* restore default port, allow explicit nil

Signed-off-by: Tor Magnus Rakvåg <tm@intility.no>
2018-05-31 13:47:28 -04:00
Noel Georgi
317a6d1953 Adding YAML reporter (#3081)
* Adding YAML reporter
* Updating yaml o/p
* Removing comment
* Adding UT for YAML reporter, adding missing reporters
* This PR takes care of the following:
 - Fixes the YAML reporter UT
 - Adds the report method to YAML reporter to support code example as in #3085
 - Disables the cyclomatic complexity Metric for reporter

Signed-off-by: Noel Georgi <18496730+frezbo@users.noreply.github.com>
2018-05-31 13:42:09 -04:00
Tor Magnus Rakvåg
71ba5018d2 Enhance groups resource with members property (#3029)
* implement members property
* flatten groups entry, extract flatten helper
* lints
* more idiomatic spec, add example of members testing

Signed-off-by: Tor Magnus Rakvåg <tm@intility.no>
2018-05-31 13:37:44 -04:00
Tor Magnus Rakvåg
367f91ea31 handle nil properties in iis_site (#3040)
* return nil instead of trying to index into nil
* fix typo
* add spec for deleted site

Signed-off-by: Tor Magnus Rakvåg <tm@intility.no>
2018-05-31 13:36:15 -04:00
Julian C. Dunn
1046a77027 Remove unneeded "-a" from the RPM query for performance improvement (#3077)
Signed-off-by: Julian C. Dunn <jdunn@chef.io>
2018-05-31 12:11:41 -04:00
Jared Quick
7e95bb2765 Add job_uuid passthrough for automate report. (#3064)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-05-17 15:24:38 +02:00
Jared Quick
da203a258b Add a passthrough for report_uuid in 'automate' reporter (#3057)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-05-16 13:33:17 -04:00
Clinton Wolfe
af72574b34 Skeletal aws_ec2_instances resource (#3023)
* Add integration and unit tests for aws_ec2_instances
* Basic docs for aws_ec2_instances
* Add basic aws_ec2_instances resource

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-05-10 14:54:33 -04:00
Jared Quick
08867e2f46 Include the profile dependency data in json reporter - 2.x release (#3033)
* Add depends section back to json profiles.
Signed-off-by: Jared Quick <jquick@chef.io>
2018-05-10 13:53:37 -04:00
Tor Magnus Rakvåg
ce70c13011 Typo in integration test (#3028)
Signed-off-by: Tor Magnus Rakvåg <tm@intility.no>
2018-05-09 15:15:48 -04:00
Jared Quick
dabb1aa142
Fix the A2 vendoring with depends on the A2 server. (#3022)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-05-04 12:25:40 -04:00
Jared Quick
54c1ed62f9
Add A2 support for profile compliance depends. (#3014)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-05-03 14:07:53 -04:00
Jared Quick
7a11c51297
Fix the A2 compliance ssl flag (#3011)
* Fix the A2 compliance ssl flag.
* Add a2 fetcher tests.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-05-03 14:07:38 -04:00
Jeremy
1407e681fc #2810 - Add check if aws s3 bucket is encrypted. (#2937)
* Add check if aws s3 bucket is encrypted.
Required terraform aws provider >= 1.6
Fix indentation issue in aws_s3_bucket.rb

* Implement most changes recommended by @TrevorBramble, and refactored other methods to align with recommendations (except Terraform nitpick; preference is to keep coding style consistent until full refactor).

Signed-off-by: Jeremy Phillips <github@uranusbytes.com>
2018-05-03 09:55:29 -04:00
Jerry Aldrich
9e8724ca6e nginx_conf resource: Fix include paths with quotes (#2726)
* nginx_conf resource: Fix include paths with quotes
* Move quote removal to `NginxParser`
* Add parsers/tests for quotes in quotes

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-05-03 09:53:20 -04:00
James Stocks
b42bfeb77d cmp should recognise a string being a negative int (#3007)
Signed-off-by: James Stocks <jstocks@chef.io>
2018-05-02 10:19:57 -04:00
David McCown
23967a2849 Refactors Terraform plan to break out steps (#2996)
This change should make it easier to work with a running environment.
You may now apply changes without doing a full teardown/rebuild any time
you make a change to the terraform plan.

Adds some documenation on how to use the Terraform tooling.

Adds AZURE_LOCATION to override the default region.

Signed-off-by: David McCown <dmccown@chef.io>
2018-04-29 14:00:12 -04:00
Clinton Wolfe
1a00853cd8
Catch exceptions in control blocks and fail the control (#2987)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-04-26 15:44:16 -04:00
Omar J. Irizarry
2495fd8196 extend os_env resource to select between Machine and User vars on Windows (#2945)
Signed-off-by: Omar J Irizarry <irizarry_omar_j@network.lilly.com>
2018-04-26 15:10:14 -04:00
David Alexander
72925a7145 Makes JSON resource enumerable, despite method_missing magic (#2910)
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
2018-04-26 11:54:16 -04:00
Miah Johnson
709647c7c7 The #to_s method should return the @path rather than a hardcoded /etc/shadow. (#2978)
Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-04-26 08:53:42 -04:00
Clinton Wolfe
8934352935 Make names for AWS Config service objects optional (#2928)
* Update tests and docs to assume one recorder per region
* Config recorder supports singleton fetch
* Docs and tests for singleton mode delivery_channel
* Implementation for singleton delivery channel, and some other code cleanup
* Implement some feedback, and fix a bug in traversing the struct in looking for empty results

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-04-19 13:08:16 -04:00
Jared Quick
33fc15582a
Add A2 support to the inspec-compliance toolset (#2963)
* Add A2 support to the inspec-compliance toolset.
* Add json-config option for login.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-04-19 13:01:54 -04:00
Clinton Wolfe
340b6eb4b4 Upgrade Terraform version pins for integration testing (#2968)
* Update terrform to 0.11.7 (latest) and aws plugin to 1.14; upgrade plugins on test startup
* TF route table resource doesn't export associations or routes attributes.  Which we weren't using anyway.
* Downgrade to aws plugin 1.13 to avoid TF panic; suppress deprecation warning for aws_region
* Fix incoherent attribute combination on cloudtrail
* Add -auto-approve to suppress interactive confirmation
* Update version pinning for AWS minimal account
* Use a plan file in AWS runs
* Pin azure TF run to 0.11 and 1.3; also an autoformatter pass on the TF code.

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-04-19 13:01:27 -04:00
Henry Muru Paenga
a9e3b8d8d0 Amazon linux service mgmt detection (#2970)
Signed-off-by: Henry Muru Paenga <meringu@gmail.com>
2018-04-19 13:00:39 -04:00
Clinton Wolfe
73b7b6942c
Inline and attached policies for aws_iam_user and aws_iam_users (#2947)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-04-17 13:22:28 -04:00
Clinton Wolfe
146b60556d
Policy statement search: don't stacktrace on missing field (#2962)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-04-17 13:21:29 -04:00
Clinton Wolfe
2c9cb5d46e Fixed numerous naming errors in aws_iam_vpcs integration tests (#2961)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-04-17 11:42:36 -04:00
Clinton Wolfe
6853f232fa aws_iam_policy statement search fix for degenerate policies (#2958)
* Bug replication tests, unit and integration
* Fixes statement_count
* Fixes statement_count and have_statement
* rubocop trim whitespace

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-04-16 10:04:00 -04:00
Clinton Wolfe
745ff32c80 Basic fields for aws_vpcs (#2930)
* Update singular implementation to avoid use of inner object
* Update docs and tests for 3 new filters and properties on aws_vpcs
* Implement new filters and properties; one failing test due to odd FilterTable behavior
* changes to avoid bug 2929

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-04-12 15:48:55 -04:00
Miah Johnson
b40e553f15 Ensure @params in shadow resource always has a valid value. (#2939)
* Add tests for method chained shadow resource with readable and
unreadable shadow files.

Ensure @params always has a safe value, otherwise we may stacktrace when
unable to read /etc/shadow and invoked with method chaining.

* Wrap deprecation notices with a proc/must_output to clean up test
output.

Added some missing newlines.

Catch deprecation notice on `lines`.

* Resolve the majority of the issues pointed out by @tbramble.

Deprecate `lines`; its really only used internally but it was 'exposed'
through tests and who knows if there is external use. `lines` is not
documented as a property at least..

`#set_params` is much better now =)

Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-04-12 15:37:22 -04:00
Clinton Wolfe
7130a77c06
Policy Statement Search capability for aws_iam_policy (#2918)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-04-12 14:31:02 -04:00
Piotr Gospodarek
41c3dfccfe Add target attribute to test results for JUnit reporter. (#2839)
Signed-off-by: Piotr Gospodarek <pgospodarek@outlook.com>
2018-04-12 09:59:34 -04:00
Clinton Wolfe
4200fdd779 AWS Security Group Rules properties and matchers (#2876)
Provides low-, and mid-level properties and matchers for examining rules on aws_security_group.

* Second draft of docs for SG rules interface; need to clarify semantics of reject
* First cut at unit tests
* Cleanup test fixtures
* Implementation for allow, with plausible unit tests
* Doc updates based on reality
* Add integration tests; move allow to allow_ / out; several docs updates
* Add be_open_to_the_world and be_open_to_the_world_on_port
* Update docs to reflect adding allow_only
* Update docs to reflect use of position to allow multiple rules with 'only'
* Implement allow_only with unit tests; still need integration tests
* Add integration tests for allow_only

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-04-06 14:22:25 -04:00
Matthew Dromazos
b5a0007851 aws_cloudtrail_trail feature: test how many days ago logs were delivered (#2887)
* * Adds new property to test how many days ago the CloudTrail delivered logs to the CloudWatch Logs.

* * Changes query for selected cloud trail in unit test
* Changes uses Time.now explicitly instead of making a variable in the unit test

Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
2018-04-06 14:04:57 -04:00
Matthew Dromazos
74076bc44a aws_iam_group feature: test users in an iam group (#2888)
* Adds new property to test the users in an aws_iam_group
* Adds terraform code to add the recall_hit user to the administrator group

Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
2018-04-06 14:04:13 -04:00
Matthew Dromazos
c04a98c9f8 New Skeletal Resource aws_route_tables (#2643)
* Initial commit of skeletal resource aws_route_tables
* Fixes issues with documentation
* Renames route table terraform resources to be more conventional
* Removes tags terraform resources
* Changes aws_route_table and aws_route_tables integration tests to use new terraform names
* Removes unneeded data given in unit tests

Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
2018-04-05 12:51:22 -04:00
Matthew Dromazos
0df67fc7d0 New Skeletal Resource aws_s3_buckets (#2653)
* Initial commit of skeletal resource aws_s3_buckets
* Add fixes to documents
* Removes property 'creation_date' for there is no use case as of right now
* Rebases on master and moves aws_s3_buckets integration test to the correct location
* Adds test on unit test for false exists

Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
2018-04-05 12:49:30 -04:00
David Alexander
3b97e16b97 New Resource: Chocolatey Package (#2793)
* Adds chocolatey package resource
* Adds docs for chocolatey_package resource
* Differentiate chocolatey package from windows feature

Suggested by @frezbo

Signed-off-by: David Alexander <opensource@thelonelyghost.com>
2018-04-05 08:54:27 -04:00
Jared Quick
b246cf7d21
Add automate reporter (#2902)
* Add automate reporter.
* Add ssl flag for automate post.
* Rename ssl flag.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-04-05 08:51:51 -04:00
Jerry Aldrich
4731d95abd docs: Update example resource (#2904)
* Change `skip_resource` to use raise
* Add `supports` lines to example resource
* Change to rescue `StandardError` vs `Exception`
* Change raise to use `e.message` vs `$!`
* Remove redundant returns
* Change `File.exists?` to `File.exist?`
* Update shasum in tests

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-04-05 08:50:49 -04:00
Paul Welch
27203110cd Add AWS hardware MFA matcher (#2892)
* Add AWS hardware MFA matcher
Adding a hardware as well as a virtual MFA matcher for aws_iam_root_user
resource

* Add New AWS Root Matcher Docs
- Add documentation for new root MFA matchers
- Fix logic for checking MFA devices from feedback on PR

* Add Integration tests for MFA matchers
- Add integration tests for virtual and hardware MFA matchers
- Clean up logic for has_virtual_mfa_enabled? method

Signed-off-by: Paul Welch <pwelch@chef.io>
2018-04-03 09:13:52 -04:00
Paul Welch
d3b90a7c9f Pw/pip windows bug (#2883)
* Add python check for pip resource

When checking pip resources, we should skip resource if python is not
installed or we will fail with an error when trying to parse the path.

* Check pip command on windows

On Windows, if pip has a newer version available, it adds an error
message to stderr. Now checking if both stderr and stdout on windows
have values. If so, assume pip package is installed.

* Clean up powershell query command

- Make it easier to read what the powershell command is doing
- Make it easier to read what the cmd_successful method lokos for

Signed-off-by: Paul Welch <pwelch@chef.io>
2018-03-29 13:01:59 -04:00
Trevor Bramble
a40f857e2b Change route_table_id regexp for correctness (#2885)
Without the terminating character ($), it just accepted any characters
at all after the initial matching set.

Also add some tests to assure we're raising appropriately.

Co-authored-by: Trevor Bramble <tbramble@chef.io>
Co-authored-by: Joshua Padgett <jpadgett@chef.io>

Signed-off-by: Trevor Bramble <tbramble@chef.io>
2018-03-29 12:50:40 -04:00
Jerry Aldrich
2c4f041e9d powershell resource: Add support other OSs (#2894)
This adds `powershell` resource support for non-Windows OSs via `pwsh`
and Base64 encoded commands.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-03-29 11:57:15 -04:00
Mo Shark
fc3f1708c4 Porting over the singular rds resource from the aws-inspec git repo (#2866)
Signed-off-by: HackerShark <melsharkawi@mitre.org>
2018-03-28 11:23:44 -04:00
eramoto
53a53820cf Mitigate trivial warning output on test (#2872)
* Mitigate trivial warning on test by initializing
Also fixes passing a ambiguous argument.
* Mitigate trivial warning by removing redundant method

Signed-off-by: ERAMOTO Masaya <eramoto.masaya@jp.fujitsu.com>
2018-03-28 11:22:01 -04:00
Omar J. Irizarry
ef8da475d3 registry_key resource was returning an incorrect value (#2871)
* registry_key resource was returning an incorrect value
when key value was greater than 2147483647
* added mock
* Fix issue with default reg key
(default) key was returning nil even when a value was present.

Signed-off-by: Omar Irizarry <irizarry_omar_j@network.lilly.com>
2018-03-26 15:44:31 -04:00
Matthew Dromazos
0cbe5b60e5 New Skeletal Resource aws_config_delivery_channel (#2641)
* Initial commit of new skeletal resource aws_config_delivery_channel
* Changes delivery_frequency to be an integer and names delivery_frequency_in_hours
* Adds more documentation and clarifies descriptions
* Wraps API call in the aws_catch_errors function
* Changes config bucket name to use dashes instead of underscores
* Updates on master and changes directory location of build and integration files
* Fix integration tests to only create one ConfigRecorder

Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
2018-03-26 14:03:23 -04:00
Matthew Dromazos
603bef6f29 New Skeletal Resource aws_kms_key (#2746)
* Initial commit of skeletal resource aws_kms_key
* * Adds comments to rerun travis
* * Clarifies some parts of the doc.
* Changes matcher have_aws_key_manager to manged_by_aws
* Fixes copypasta
* Adds clarification to property names
* Fixes rescueing exceptions from the api
* raises exceptions in the unit tests

Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
2018-03-23 08:29:45 -04:00
Trevor Bramble
bd8ef9d1d8
Remove obsolete mock (#2869)
This mock was a remenant of file reading tests that became obsolete with
the centralization of that code.

Signed-off-by: Trevor Bramble <tbramble@chef.io>
2018-03-22 14:06:53 -07:00
Matthew Dromazos
9077a7b17b New Skeletal Resource aws_sns_subscription (#2697)
* Initial commit of skeletal resource aws_sns_subscription
* Fixes errors in documentation
* Clarifies documentation
* Wraps calls to aws api in catch_aws_errors metho
* Fixes integration tests

Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
2018-03-22 13:38:40 -04:00
Trevor Bramble
be83af35c5
Revise /etc/hosts for correctness and clarity (#2863)
* Clean up test data, correct parse error handling
 * Use functional pipeline to avoid need for conditional clauses and clarify the intent of the comment parsing.
 * Extract magic strings to constants
 * Remove code and tests now covered by FileReader

Co-authored-by: Trevor Bramble <tbramble@chef.io>
Co-authored-by: Paul Welch <pwelch@chef.io>

Signed-off-by: Trevor Bramble <tbramble@chef.io>
2018-03-22 09:58:22 -07:00
Matthew Dromazos
1bb565c708 New Skeletal Resource aws_sns_topics (#2696)
* Initial commit of skeletal resource aws_sns_topics
* Adds clarification in documentation
* Adds functionality for calling the next token returned from aws api.
* Wraps api calls in the catch_aws_errs method

Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
2018-03-22 12:55:23 -04:00
eramoto
c7e87ca3e3 Unify method in which file content is read across all resources (#2359)
* Create file-check functionality into utility file

There are the similar issues as PR #2302. Almost resources return false
positives when a file does not exist or is not read.

* Replace to file-check functionality
* Fix dh_params and x509_certificate resources

If a file is empty, OpenSSL::PKey::DH and OpenSSL::X509::Certificate have
raised an exception and have skipped the inspection. Thus x509_certificate
and dh_params resources are not allowed to read a empty file.

* to_s of shadow expects filters is not nil
* Remove workaround of sshd_config

Removes the workaround of sshd_config since Travis CI fails due to a bug
of dev-sec/ssh-baseline and the PR #100 will fix it.

* Use init block variable in methods

Signed-off-by: ERAMOTO Masaya <eramoto.masaya@jp.fujitsu.com>
2018-03-22 08:25:45 -04:00
Jared Quick
7045fb9193 Bump Thor to version 0.20.0. (#2843)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-03-21 10:44:28 -07:00
Matthew Dromazos
555de72912 Skelatal resource: aws_s3_bucket_object (#2620)
* Initial commit of new resource
* Makes changes to docs to match changes to the resources.
* Adds clarifications in docs and changes it to be an erb file.
* Simplifies some unit tests
* Wraps calls to the api in a aws_catch_errors method
* Removes provisioner terraform code

Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
2018-03-19 13:10:17 -04:00
Jared Quick
fafa681f5c
Set backend cache to defualt true. (#2827)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-03-15 15:08:34 -04:00
eramoto
435ad68698 Sort gotten file list on test (#2812)
When testing on a filesystem used for a long time or built on a small
sized partition, the actual file order may be different from the
expected file order as below:

    1) Failure:
  inspec keyword::inspec.profile.files#test_0002_lists all profile files when calling #files [/work/git/inspec/test/unit/dsl/other_keywords_test.rb:50]:
  --- expected
  +++ actual
  @@ -1 +1 @@
  -["a_sub_dir/sub_items.conf", "items.conf"]
  +["items.conf", "a_sub_dir/sub_items.conf"]

    2) Failure:
  SourceReaders::InspecReader::with a valid profile#test_0005_retrieves all extra files [/work/git/inspec/test/unit/source_readers/inspec_test.rb:39]:
  --- expected
  +++ actual
  @@ -1 +1 @@
  -["files/a_sub_dir/sub_items.conf", "files/items.conf"]
  +["files/items.conf", "files/a_sub_dir/sub_items.conf"]

Signed-off-by: ERAMOTO Masaya <eramoto.masaya@jp.fujitsu.com>
2018-03-14 09:35:43 -04:00
Jerry Aldrich
439fcb5993 Write version_constraints as an array for inspec.lock (#2619)
* Modify version constraints to be an Array

This will allow both old and new versions of InSpec to parse the
`inspec.lock` correctly.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-03-12 09:02:37 -04:00
Tom Hodder
eeeeda18d8 quote password when generating mysql command string (#2685)
* quote password when generating mysql command string
* added a test for mysql_session, added shellwords escaping to mysql_session resource
* changed the name of the escape method
* clarified test conditions

Signed-off-by: Tom Hodder <tom@limepepper.co.uk>
2018-03-09 08:41:21 -05:00
Miah Johnson
75f39e74f2 Refine deprecated methods to be consisten with supported fields in (#2801)
shadow file.

After much thought the deprecations from #2642 were for the wrong methods.

Plural method names feel much more natural when working with this
resource because you can have more than a single result.

Consider a match like `shadow.user(/^www/)`, this could return multiple
users, so `shadow.users` feels more natural here.

The problem is that the fields we're matching in the shadow file itself
are singular. Each entry is for a user, which has a password, and some
other fields. A user never has `passwords` in the shadow file, only a
`password`.

This is made more obvious when you use the `filter` method.

When we use this filter: `shadow.filter(min_days: 20, max_days: 30)` we
are matching fields in the shadow file and not using our matcher
methods. This means that if there is a discrepancy between our matcher
methods, and the shadow fields the user could end up confused. Like I did =)

This PR changes:

Changed matchers to match shadow fields.
Updated documentation to reflect changes.
Updated tests to reflect changes.
Re-add `filter` method, and add a test for it.
Renamed variable for FilterTable to be less confusing.
Renamed query argument for methods to be consistent.
Cleanup docs based on comments from @jerryaldrichiii
Make Rubocop happy <3

Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-03-08 17:26:08 -05:00
Miah Johnson
5fee525be8 Remove os checks from initialize as this is provided by platform (#2797)
Removes skip_resource and raise .. if InSpec.os stuff from initialize as this is covered by platform support.

Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-03-08 16:01:50 -05:00
Jared Quick
a9127d3f6c
Create reporter directory if it does not exist. (#2798)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-03-08 15:45:59 -05:00
Wei He
a3898db2fe Fix http with connection error (#2770)
* fix: http resource handle connection failed (ex. port is not open)
* add test case

Signed-off-by: Wing924 <weihe924stephen@gmail.com>
2018-03-07 23:04:26 -05:00
Christoph Hartmann
3d87d75c5a
return 1 as exit code for commands that are not available (#2792)
* return 1 as exit code for commands that are not available

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>

* update tests

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2018-03-07 16:09:22 +01:00
Miah Johnson
f6db0e345a Update shadow resource to use FilterTable (#2642)
* Change shadow resource to use FilterTable rather than custom filter
implementation.

Add tests for singluar aliased methods and other minor changes to work
with FilterTable output.
Coverage is at 100%

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* merge master

Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-03-07 15:31:30 +01:00
João Vale
3e2450e703 Host resource: use bash over netcat in Linux (#2607)
* Add support to use bash in host resource

Netcat's presence is widely regarded as a security issue, and thus not
always available. This solution first tries to use bash builtins and
timeout (from coreutils), so is less likely to require installing
additional packages.

* Darwin UDP support in host resource
* Host: use netcat first if available

Signed-off-by: João Vale <jpvale@gmail.com>
2018-03-07 08:39:27 -05:00
Jerry Aldrich
e4e907624a iptables resource: Add support for other bin paths (#2783)
* iptables resource: Add support for other bin paths
* Use `%w{}` instead of `[]`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-03-06 08:56:15 -05:00
Clinton Wolfe
89ce8514df Update name of subnet fixture, fixing 3 failing integration tests (#2765)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-03-02 13:49:33 -05:00
Richard Nixon
47e4c578e0 Fix aws-iam-users pagination (#2761)
* Fix aws-iam-users pagination

PROBLEM: aws-iam-users resource only retrieves 100 records due to pagination
in the AWS IAM list_users function.

FIX: Iterate over all the pages using the AWS pagination variables `marker`
and `is_truncated`

Signed-off-by: Richard Nixon <richard.nixon@btinternet.com>
2018-03-02 09:14:05 -05:00
Jerry Aldrich
c2dcb11f52 Move TESTING_AGAINST_AWS.md to test/aws (#2669)
* Move `TESTING_AGAINST_AWS.md` to `test/aws`
* Add link in README.md

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-03-02 09:11:56 -05:00
Noel Georgi
dd033fbf1b mssql_session - Handling cases where the data is nil (#2752)
* Fixing bug where the row data returned is nil

Signed-off-by: Noel Georgi <noel.georgi@reancloud.com>
2018-03-01 14:30:07 -05:00
Jerry Aldrich
4631306ef1 virtualization_resource: Fix NoMethodError on nil:NilClass (#2603)
* Move instance variable to avoid `NoMethodError`

Methods for `role` and `system` properties are dynamically generated and
return values from the `@virtualization_data` Mash. Therefor, we must
ensure `@virtualization_data` exists before calling these methods.

* Move supports logic to `supports platform: linux`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-02-28 14:22:55 -05:00
Matthew Dromazos
4394c5efc8 New Resource aws_config_recorder (#2635)
* Initial commit of new resource
* Removes deprecated matcher in example
* Adds a new terraform file for config resources
* Fixes and clarifies documentation
* Wraps calls to api in catch_aws_errors method
* Changes the names of two matchers

Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
2018-02-27 13:15:04 -05:00
Christian Becker
b7687765f5 http resource: Support OPTIONS method (#2742)
Signed-off-by: Christian Becker <c.becker@mediaevent.services>
2018-02-27 12:59:53 -05:00
Jared Quick
62cb6bb846
Make sure we have a proper exit code and report data. (#2747)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-26 16:50:51 -05:00
Clinton Wolfe
118b8a9fc5 Various small fixes/adjustments to the integration tests for AWS and Azure (#2745)
* Fix formatting of iam user integration tests by placing them in controls
* Fix subnet AZ test by making it an attribute; can't hardcode it
* Fix VPC ID fixture export for subnet testing
* Rename Azure integration tasks to match AWS and allow on-demand attribute dump

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-26 16:37:36 -05:00
Jerry Aldrich
d356cfc6dc Move AWS/Azure tests to integration directory (#2675)
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-02-26 11:10:04 -05:00
Jared Quick
20a0b0e025
Fix inspec check to work with platforms (#2737)
* Fix inspec check to work with platforms.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-26 11:01:23 -05:00
Jerry Aldrich
5538dc158c Reword inspec check test's it block (#2721)
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-02-23 15:28:54 -05:00
Jerry Aldrich
448eeb4637 package resource: Fix brew package detection (#2730)
* package resource: Fix `brew` package detection

This allows for package detection via `brew` to handle cases where a
particular package formula exists but is not installed.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-02-23 09:01:14 -05:00
Jared Quick
378e7c5048
Update shell detect to work with platforms (#2712)
* Update shell to use the same detect logic as cli detect.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-20 07:37:23 -05:00
Franklin Webber
b9efb1d999 Fixes the deprecation warning text for report and output. (#2694)
* Fixes the deprecation warning text for report and output.

Remove an extra 'is being' from the 'is being is being'

Signed-off-by: Franklin Webber <franklin@chef.io>
2018-02-19 11:52:56 -05:00
Jared Quick
97dd0546c0 Fix legacy reporter output to file (#2667)
* Fix legacy reporter output.

Signed-off-by: Jared Quick <jquick@chef.io>

* Wrap test in a proc to catch warnings.

Signed-off-by: Jared Quick <jquick@chef.io>

* Add output deprecation.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-18 12:17:00 +01:00
Jared Quick
2a8bd673b1 Capture ArgumentErrors from aws. (#2673)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-17 16:50:35 +01:00
Jared Quick
457a33a2b3 Fix bundle exec calls (#2670)
* Fix bundle exec calls and add test.

Signed-off-by: Jared Quick <jquick@chef.io>

* Add exit check for supermarket exec.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-17 16:49:52 +01:00
Julian C. Dunn
594a185fa7 Remove duplicated encryption key test. (#2671)
Signed-off-by: Julian C. Dunn <jdunn@chef.io>
2018-02-16 15:32:43 -05:00
Jared Quick
db96ee9e85
Prevent resources from loading if supports check fails (#2665)
* Prevent resources from loading if supports fail.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-16 15:15:53 -05:00
Miah Johnson
75fb488d2c Add example properties from azure integration tests. (#2659)
Remove trailing whitespace.
Clean up formatting and some rubocop issues.

Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-02-15 21:52:54 -05:00
Clinton Wolfe
6c0422fbf0
Improvements and matcher renaming on aws_iam_password_policy (#2638)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-14 15:59:57 -05:00
Clinton Wolfe
33787124a7 Two deprecations in aws_ec2_instance (#2637)
* Drop deprecation warning for old name of aws_ec2

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-14 15:08:34 -05:00
Jerry Aldrich
e77b99235f Update inspec detect to support APIs/Families (#2634)
This does the following to `inspec detect`:
  - Modifies it to use the `platform` resource
  - Changes the output to mention Platform and show the family hierarchy
  - Changes the JSON output by changing `family` to `families`
  - Adds better error messaging (no more stacktraces!)
  - Adds support for APIs such as AWS/Azure
  - Hides Arch from API platforms (not applicable)

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-02-14 15:06:39 -05:00
Jared Quick
59fd0e8775
Update reporter with breaking inspec 2.0 changes. (#2487)
* Update reporter with breaking inspec 2.0 changes.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-14 11:54:20 -05:00
Jared Quick
fde895f74a Merge branch 'master' into release-2.0 2018-02-13 15:11:53 -05:00
Jared Quick
e9db965176
Fix the /private/var osx issue causing functional tests to fail (#2616)
* Fix the /private/var osx issue casuing a test to fail.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-13 09:04:30 -05:00
Jared Quick
f3ee680429 Add hidden json fields to schema and add tests. (#2618)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-12 19:34:22 +01:00
Jared Quick
f5f9873bfd Allow ad-hoc runners to use rspec formats. (#2621)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-12 19:29:54 +01:00
Jared Quick
da7b7e8549
Force a default reporter for ad-hoc runners (#2610)
* Force a default reporter for ad-hoc runners if not set.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-12 10:23:34 -05:00
Jared Quick
69f6e4e735 Remove ending newline from json reports.
Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-09 13:15:18 -05:00
Jared Quick
b5b0713fe2 Fix json-config format not overriding reporter.
Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-09 11:51:49 -05:00
Jared Quick
fc99ec553d Add log format tests.
Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-09 11:19:52 -05:00
Jared Quick
145604549b This fixes the audit issue expecting a report hash output.
Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-09 10:59:39 -05:00
Clinton Wolfe
2708a73e11 Merge branch 'aws-core-onramp' into aws-merge 2018-02-09 00:56:28 -05:00
Clinton Wolfe
d696c8b83f Merge branch 'cw/rename-resources' into core-onramp 2018-02-08 17:00:49 -05:00
Clinton Wolfe
dfc73a52f0 Merge branch 'release-2.0' into aws-merge-release-merge-try
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-08 10:44:11 -05:00
Clinton Wolfe
6aaab8691c Merge branch 'aws-merge-prep' into aws-merge
Includes train aws:// targeting and some new resources

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-08 10:09:57 -05:00
Jared Quick
9bc0a5a32f Merge branch 'master' into release-2.0 2018-02-08 09:48:23 -05:00
Clinton Wolfe
532f42df89 Move files to locations for core - inspec AWS PR 219 and other new resources
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-08 09:36:20 -05:00
Clinton Wolfe
16fe52b084 Rearrange AWS files for merge into core
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-08 09:24:15 -05:00
Jerry Aldrich
84817366a1 Remove deprecations for InSpec 2.0 (#2506)
* Add `release-2.0` target branch to AppVeyor/Travis (#2510)

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* simpleconfig: Remove deprecated config keys

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* cli (exec): Remove `--cache` command line argument

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* platform: Remove lowercase os name protection

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* matcher: Remove `contain_legacy_plus` matcher

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* matcher: Remove `contain_match` matcher

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* matcher: Remove `with_version` matcher

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* matcher: Remove `belong_to_group` matcher

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* matcher: Remove `belong_to_primary_group` matcher

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* matcher: Remove `contain` matcher

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* passwd: Remove deprecated properties

This removes:
  - `passwd.count`
  - `passwd.username`
  - `passwd.usernames`
  - `passwd.uid`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* auditd_rules: Remove in favor of `auditd` resource

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* cli: Remove `login_automate` command

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Remove `resource_skipped` message method

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-02-08 11:05:21 +01:00
Jared Quick
9930e40a76 Add new "reporter" system (replacement for "formatters"), support multiple reporters per run (#2464)
* Formatter and reporter refactor.

Signed-off-by: Jared Quick <jquick@chef.io>

* Add exception and backtrace to json-min report.

Signed-off-by: Jared Quick <jquick@chef.io>

* Add sha to json-min and include generator version for json profile.

Signed-off-by: Jared Quick <jquick@chef.io>

* Fix deprecated typo and add fallback for cli resource title.

Signed-off-by: Jared Quick <jquick@chef.io>

* Update to build json report and clean up cli logic.

Signed-off-by: Jared Quick <jquick@chef.io>

* Add tests for json reporter.

Signed-off-by: Jared Quick <jquick@chef.io>

* Add cli suppress_log_output? and a fallback for invalid reporter type.

Signed-off-by: Jared Quick <jquick@chef.io>

* Update suppress_log_output? to check if we are outputting to stdout.

Signed-off-by: Jared Quick <jquick@chef.io>

* Update reporter cli optoins to work with json_config.

Signed-off-by: Jared Quick <jquick@chef.io>

* Refactor some safe-navigation and variable names.

Signed-off-by: Jared Quick <jquick@chef.io>

* Add thor banner to show reporter file output syntax.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-08 10:06:58 +01:00
Clinton Wolfe
a0b6bac87b
Use train for AWS connection (#219)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-07 23:26:37 -05:00
Clinton Wolfe
4e07508317 Rename classes and resource names in files
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-07 23:23:05 -05:00
Clinton Wolfe
162335aa60 Move files for rename
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-07 22:56:45 -05:00
Clinton Wolfe
4d8eb48855
Skeletal aws_vpc_subnets resource (#228)
Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-07 20:12:02 -05:00
Jared Quick
42779e91a7 Setup azure resources into inspec.
Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-07 16:05:58 -05:00
Clinton Wolfe
7bea049f05 Treat integration tests as core, not relying on a resource pack
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-07 12:29:27 -05:00
Clinton Wolfe
0ca012891b Rely on unit test helper to load resources, not individual AWS tests
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-07 12:09:08 -05:00
Miah Johnson
046b2ef419 Skeletal Resource: aws_route_table (#217)
Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-02-07 10:48:55 -05:00
Matthew Dromazos
16fee68c88 Skeletal Resource: aws_vpc_subnet (#209)
Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
2018-02-07 10:03:11 -05:00
Clinton Wolfe
f7a11ee2df Merge branch 'aws-merge-prep' into aws-merge
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-07 09:53:21 -05:00
Jared Quick
e0ab84b11a Merge branch 'jq/azure_merge' of /Users/jquick/Chef/inspec-azure into jq/merge_inspec_azure 2018-02-06 13:23:54 -05:00
Clinton Wolfe
f425a70f79 Rearrange AWS files for merge into core
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-05 15:58:51 -05:00
Sam Cornwell
14efd94050 Skeletal aws_iam_group resource (#221)
Signed-off-by: Sam Cornwell <14048146+samcornwell@users.noreply.github.com>
2018-02-01 15:55:53 -05:00
Sam Cornwell
d722827ebd Skeletal aws_iam_groups resource (#208)
Signed-off-by: Sam Cornwell <14048146+samcornwell@users.noreply.github.com>
2018-02-01 13:09:48 -05:00
Rony Xavier
23b57ab591 Add have_access_logging_enabled matcher to aws_s3_bucket (#212)
Signed-off-by: Rony Xavier <rx294@nyu.edu>
2018-02-01 11:50:38 -05:00
Rony Xavier
7d53056751 Password usage properties for aws_iam_users (#213)
Signed-off-by: Rony Xavier <rx294@nyu.edu>
2018-02-01 11:23:25 -05:00
Clinton Wolfe
e2e9915aa4 Skeletal aws_kms_keys resource
Signed-off-by: Rony Xavier <rx294@nyu.edu>
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-01 10:21:54 -05:00
Rony Xavier
6ae80ad6f7 skeletal aws_iam_ policies resource (#193)
Signed-off-by: Rony Xavier <rx294@nyu.edu>
2018-01-31 22:45:02 -05:00
Rony Xavier
1b170dcfb6 aws_iam_access_keys incorrectly populates created_date (#215)
Signed-off-by: Rony Xavier <rx294@nyu.edu>
2018-01-31 22:16:30 -05:00
Clinton Wolfe
032eda1063
Silence some test warnings (#140)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-01-31 21:54:47 -05:00
Clinton Wolfe
b645f093e9
Remove accidentally committed notes file (#194)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-01-31 21:52:28 -05:00
Miah Johnson
820547aa9d Ensure unique security group name while integration testing. (#218)
Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-01-31 21:51:43 -05:00
Dominik Richter
42ffd874de add Inspec::Describe for abstract describe state (#2010)
Unlike `Inspec::Test` this supports having multiple tests within one block that describes a resource. This has now been seen as an optimization problem where a resource may be computed once and tested multiple times with `it` and `its` within the body.

If successful, it requires a follow-up to deprecated Inspec::Test and remove it for 2.0 completely with a recommendation to use Inspec::Describe.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2018-01-30 16:32:56 +01:00
Rony Xavier
f09d4f5266 aws_iam_policy resource (#184)
Signed-off-by: Rony Xavier <rx294@nyu.edu>
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-01-26 15:21:49 -05:00
Jerry Aldrich
d96a6affa7 packages resource: Add architectures support (#2469)
This adds support for `architectures` to the `packages` resource.

Example:

```
describe packages(/compat-libstdc++-33/) do
  its('architectures') { should include 'x86_64' }
  its('architectures') { should include 'i686' }
end
```

This also adds documentation for the `packages` resource

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-01-25 23:57:34 -08:00
Vern Burton
55abdebdc9 filesystem resource: inspect linux filesystems (#2441)
* adding df resource

Signed-off-by: Vern Burton <me@vernburton.com>

* adding unit tests and required mocks for them, created integration test

Signed-off-by: Vern Burton <me@vernburton.com>

* cleaning up skip test to include only the filename and not full path

Signed-off-by: Vern Burton <me@vernburton.com>

* adding docs

Signed-off-by: Vern Burton <me@vernburton.com>

* size makes more sense than space

Signed-off-by: Vern Burton <me@vernburton.com>

* removing unneeded author lines

Signed-off-by: Vern Burton <me@vernburton.com>

* as the command changed, changing mock to the new sha

Signed-off-by: Vern Burton <me@vernburton.com>

* updating to address comments from #2441

* removing author lines
* using attr_reader functions
* using ruby string functions rather than pipe to sed
* adding os family detection
* using ResourceFailed as the pattern already existed for OS family detection
* using if for future case support for unix and unix-like (FreeBSD)

Signed-off-by: Vern Burton <me@vernburton.com>

* adding supports to resource metadata, and adding tests that show that resource says that it is not supported on windows/unix.

Signed-off-by: Vern Burton <me@vernburton.com>

* focusing on linux os family and removing logic for assumed future cases

Signed-off-by: Vern Burton <me@vernburton.com>

* changing df to filesystem

Signed-off-by: Vern Burton <me@vernburton.com>
2018-01-25 09:29:31 -05:00
Clinton Wolfe
2d6bb1b84a
Make cloudwatch log metric filter test fixtures more unique (#201)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-01-23 22:16:00 -05:00
Jerry Aldrich
98546984ae service resource: attempt a SysV fallback if SystemD unit file is not found (#2473)
* service resource: Fix no `.service` + systemd bug

This modifies the `enabled?` check to fallback to `sysv_service` in the
event that a `.service` file cannot be found.

For example: On Debian 8.7 the stock apache2 package does not deploy a
`.service` file but deploys a SysV style service. This causes
`systemctl is-enabled` to fail when the service is in fact enabled.

* Remove `cmd_stderr` and clean up `cmd_exit_1`
* Clean up `stderr` assignment using ternary
2018-01-23 12:34:47 -08:00
ViolentOr
3c7bace964 Update security_policy resource to return Names, not SIDs (#2462)
* Added possibility to translate SID to human-readable name (using 'translate_sid: true' switch)

Signed-off-by: ViolentOr <github@violentor.me>

* fixed errors

Signed-off-by: ViolentOr <github@violentor.me>

* changed pars to opts

* renameg temp variable

Signed-off-by: ViolentOr <github@violentor.me>

* Required tests added

Signed-off-by: ViolentOr <github@violentor.me>

* fixed mistype

Signed-off-by: ViolentOr <github@violentor.me>

* should not copy-paste.

Signed-off-by: ViolentOr <github@violentor.me>

* replaced empty call with empty file

Signed-off-by: ViolentOr <github@violentor.me>

* tests fixed.

Signed-off-by: ViolentOr <github@violentor.me>

* grouped command mocks related to the security_policy resource

Signed-off-by: ViolentOr <github@violentor.me>

* bacgitend -> backend

Signed-off-by: ViolentOr <github@violentor.me>
2018-01-23 12:31:57 -08:00
Matt Kulka
c067798fc5 Docker Swarm service resource (#2456)
This change adds the `docker_service` resource for Docker swarm mode services. This
branches off some of the common elements (id, exists) into a `DockerObject` module along
with a utility function for parsing the image/repo string. That function was implemented
separately by `docker_image` and `docker_container`, now with a third resource, it made
sense to consolidate that into an included module. I used the most comprehensive
implementation. Existing classes had to be slightly modified for the genericization.

Signed-off-by: Matt Kulka <mkulka@parchment.com>
2018-01-23 12:30:14 -08:00
Rony Xavier
0af7105eba Functional aws_cloudtrail_trail resource (#186)
Signed-off-by: Rony Xavier <rx294@nyu.edu>
2018-01-23 11:26:27 -05:00
Rony Xavier
3a786babcf Skeletal aws_cloudtrail_trails resource (#191)
Signed-off-by: Rony Xavier <rx294@nyu.edu>
2018-01-23 11:06:05 -05:00
Rony Xavier
86843320df Correct access_key detection on aws_iam_root_user (#198)
Signed-off-by: Rony Xavier <rx294@nyu.edu>
2018-01-23 11:01:51 -05:00
Clinton Wolfe
5ab68ecf03
aws_s3_bucket with modified interface (#183)
Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
    Signed-off-by: Aaron Lippold <lippold@gmail.com>
    Signed-off-by: Sam Cornwell <14048146+samcornwell@users.noreply.github.com>
    Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-01-19 11:50:08 -05:00
Jerry Aldrich
944dfdc987 grub_conf resource: fix menuentry detection (#2408)
* Fix `grub_conf` menuentry detection

This does the following:
  - Corrects Grub2 bug where last entry was always selected
  - Adds support for specifying a Grub2 menu entry by name
  - Adds support for using `GRUB_DEFAULT=saved` with Grub2
  - Adds more Unit tests

* Add error if menuentry name cannot be extracted
* Add handling for missing/unreadable grubenv
* Add defensive code for failed menuentry extraction
2018-01-18 13:20:48 -08:00
Sam Cornwell
e81937413b skeletal aws_vpcs (#182)
Signed-off-by: Sam Cornwell <14048146+samcornwell@users.noreply.github.com>
2018-01-18 10:51:06 -05:00
Adam Leff
6be9f32448 http resource: make header keys case insensitive (#2457)
* http resource: make header keys case insensitive

HTTP header keys are currently case-sensitive, and the local and remote
workers currently store the keys in different formats due to the
different tools generating them.

This change ensures the ability to fetch headers by key is
case-insensitive and adds a deprecation to inform the user that future
fetches should use all lowercase.

Signed-off-by: Adam Leff <adam@leff.co>

* Remove deprecation treatment

HTTP header keys are case insensitive anyways. There's no reason to make
things harder for our users.

Signed-off-by: Adam Leff <adam@leff.co>
2018-01-16 14:30:35 -08:00
Jerry Aldrich
7bbe99bbbd package resource: fix NilClass errors on arch linux (#2437)
* Fix `nil:NilClass` error for `package` resource

This modifies `.info` to return `{}` in cases where the package manager
cannot be determined. This matches the behavior of `@pkgman.info`.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Change `must_be_empty` to `must_equal({})`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-01-16 14:27:31 -08:00
Vern Burton
175c3e1189 xml resource: support fetching attributes (#2423)
* adding database.xml with attributes to files and mocking it in the helper.rb

Signed-off-by: Vern Burton <me@vernburton.com>

* adding logic to test class returned by XPATH and using functions from respective classes to fill a array for return, and unit and integration tests to ensure functionality

Signed-off-by: Vern Burton <me@vernburton.com>

* updating docs to show how attributes are used

Signed-off-by: Vern Burton <me@vernburton.com>

* 'and' instead of 'or' makes more sense

Signed-off-by: Vern Burton <me@vernburton.com>

* adding default else for capturing unknown classes from REXML

Signed-off-by: Vern Burton <me@vernburton.com>

* removing extra newline

Signed-off-by: Vern Burton <me@vernburton.com>

* adding fail case with enough information to debug in future case

Signed-off-by: Vern Burton <me@vernburton.com>
2018-01-16 14:26:39 -08:00
Vern Burton
9b4a276e9f firewalld resource: prepend rule string only when necessary (#2430)
* adding control statement to add rule in front of string as long as it doesn't already contain rule.

Correcting resource name in firewalld from etc_hosts_deny

adding tests for both branches of the statement created in firewalld

Signed-off-by: Vern Burton <me@vernburton.com>

* moving to unless with a start_with

Signed-off-by: Vern Burton <me@vernburton.com>

* adding documentation that states that it is not needed to add `rule` string

Signed-off-by: Vern Burton <me@vernburton.com>
2018-01-16 14:20:58 -08:00
Vern Burton
712ba520ad mssql_session resource: add port parameter (#2429)
* adding SQL 2012 SP1 for mssql_session testing

Signed-off-by: Vern Burton <me@vernburton.com>

* updating SHA to match new commands with ports in them

Signed-off-by: Vern Burton <me@vernburton.com>

* adding port, and a default value and moving from skip_resource to resource_fail

Signed-off-by: Vern Burton <me@vernburton.com>

* adding new sha for custom host

Signed-off-by: Vern Burton <me@vernburton.com>

* adding tests for hostname and migrating test that passed port in host to a dedicated port test

Signed-off-by: Vern Burton <me@vernburton.com>

* adding integration test

Signed-off-by: Vern Burton <me@vernburton.com>

* removing services as appveyor does not have integration testing running so it would be a waste of time to enable it

Signed-off-by: Vern Burton <me@vernburton.com>

* mock instance command

Signed-off-by: Vern Burton <me@vernburton.com>

* making instance readable

Signed-off-by: Vern Burton <me@vernburton.com>

* adding instance test

Signed-off-by: Vern Burton <me@vernburton.com>

* moving to ResourceSkipped as ResourceFailed is targeted for a major release

Signed-off-by: Vern Burton <me@vernburton.com>
2018-01-16 14:04:00 -08:00
Sam Cornwell
3d731a81f8 aws_vpc resource skeleton (#172)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Signed-off-by: Sam Cornwell <14048146+samcornwell@users.noreply.github.com>
2018-01-11 22:51:17 -08:00
Jared Quick
04859ee01d Update the inspec support check to warn to stderr. (#2446)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-01-05 21:17:37 +01:00
Dominik Richter
be9ece65b9 load local dependencies in inspec shell (#2438)
* add --depends to inspec shell

for loading dependencies from local folders. mainly used for development.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* lint

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* depends is not defined...

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* much nicer description for --depends

kudos @adamleff

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* add documentation for inspec shell --depends

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2018-01-04 14:39:01 -05:00
Jared Quick
839ab3eef4 Deprecate and warn when comparing against OS name with capitals/spaces (#2397)
* Testing train downcase platform names.
* Added NameCleaned tests and fixed some formatting.
* Clean up tests with helper method.
* Update to new gemfile and platform resource.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-01-04 14:15:02 -05:00
Jerry Aldrich
972f3a6486 Modify inspec json to use check_mode (#2435)
This modifies `inspec json` to make it not evaluate code inside of
`only_if` blocks.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-01-03 09:10:35 -08:00
Dominik Richter
f1f2900866
bugfix: dependency chaining in libraries (#2428)
* WIP require chaining

* add a tiny comment

* reapply fix doh

* add a deprecation warning

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* lint

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* remove deprecation warning for require in control files

as discussed with Adam Leff

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* add tests for regular ruby gem require in libs

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2018-01-02 12:41:01 -08:00
Jared Quick
10dc5621fb Add platform resource and platform supports (#2393)
* Add platform resource and platform supports.

Signed-off-by: Jared Quick <jquick@chef.io>

* Cache platform and inspec checks and implement inspec_version.

Signed-off-by: Jared Quick <jquick@chef.io>

* Deprecate current inspec support in favor of inspec_version.

Signed-off-by: Jared Quick <jquick@chef.io>

* Update resource/profile skip messages.

Signed-off-by: Jared Quick <jquick@chef.io>

* Update load_resource to use platform instead of os.

Signed-off-by: Jared Quick <jquick@chef.io>

* Update platform example.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-01-02 11:04:13 -08:00
Jerry Aldrich
491a1b9968 Fix x509_certificate integration tests (#2431)
An update to the openssl cookbook modified the defaults for `state` and
`city` in the `openssl_x509` resource. That change modified the output
of `issuer_dn` and `subject_dn` in InSpec's `x509_certificate` resource.

This modifies the expected output of the integration tests to match
these new defaults.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-01-02 12:27:30 -05:00
Miah Johnson
685ba1bc1e Update apache_conf regular expression to exclude whitespace. (#2416)
* Update apache_conf test to check for ServerAlias values.

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Add ServerAlias key and values to mock apache conf which includes
trailing whitespace.

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Updated test to reflect all ServerAlias values being put into a single
array item. This is expected as we do not override the key_values
default setting of '1' when passing the raw configuration to
SimpleConfig.

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Update the regular expression to include a conditional with positive
lookahead that checks if the line ends with one or more spaces. If the
lookahead succeeds we non-greedily capture, and when it fails we
greedily capture.

Signed-off-by: Miah Johnson <miah@chia-pet.org>
2017-12-22 17:07:46 +01:00
Eammon Hanlon
f6c7bffe78 Add bonding mode matcher to bond resource (#2414)
* Add mode method to test the value of Bonding Mode

Signed-off-by: Eammon Hanlon <eammon.hanlon@microsoft.com>

* Add test for bonding mode in bond unit test

Signed-off-by: Eammon Hanlon <eammon.hanlon@microsoft.com>

* Add documentation on mode matcher for bond resource

Signed-off-by: Eammon Hanlon <eammon.hanlon@microsoft.com>

* Update example for 'Test parameters for bond0'

Signed-off-by: Eammon Hanlon <eammon.hanlon@microsoft.com>
2017-12-22 15:02:40 +01:00
Jerry Aldrich
a3c993fe18 Fix OWCA detection for compliance login (#2401)
* Add handling for OWCA login via `compliance login`

OpsWorks Chef Automate currently returns a 200 for the
`/compliance/version` endpoint and redirects to the Chef Manage page.

This adds support to `inspec compliance login` to accept this as valid
behavior and continue with the login.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Add test case for 200 response but no Chef Manage

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Add debug info and split `determine_server_type`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Appease RuboCop

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Remove forced returns from `determine_server_type`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Add `false` code path for non-200/non-401 response

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Reword debug messages

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-12-22 15:01:18 +01:00
Dominik Richter
2f506b3c70 bugfix: default attributes for nil and false (#2410)
Traditionally those would translated DEFAULT_ATTRIBUTE. but that was wrong, it should have been nil or false or whatever the user supplied.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-12-21 14:20:59 +01:00
Aaron Lippold
9784520d83 fixed 'count' to 'entries.count' in aws_ec2_security_groups as per the docs (#142)
* * added 'count' to `aws_ec2_security_groups`

Fixes #141

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-12-20 12:20:09 -05:00
Sam Cornwell
efffcfd928 pin Terraform aws provider verson to 1.1 (#151)
Signed-off-by: Sam Cornwell <14048146+samcornwell@users.noreply.github.com>
2017-12-20 12:04:43 -05:00
Jerry Aldrich
c2a65942d9 Add support for Darwin Directory Service groups (#2403)
* Add support for Darwin Directory Service groups

This allows users to verify groups added by Chef on OS X.

The current method that `UnixGroup` uses is to check the contents of
`/etc/group`, but OS X adds groups to Directory Service and not
`/etc/group`. This modifies the `group` resource on Darwin to use
`dscacheutil` to get group info.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Clean up `select_group_manager`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Clean up DarwinGroup `groups` method

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-12-20 16:57:45 +01:00
Jerry Aldrich
b17be1a73c Enhance package resource error handling (#2388)
* Enhance `package` resource error handling

This does the following:
  - Modifies `info` to return an empty hash instead of `nil`
  - Adds a failure case if package name is not specified
  - Adds a skip case if no package manager can be found
  - Changes `skip_resource` to use the `ResourceSkipped` exception
  - Raises an error if JSON parsing fails for Windows/MacOS/Darwin

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Make RuboCop happy

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Change missing argument behavior

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Remove unnecessary boolean check

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-12-15 19:52:41 +01:00
Clinton Wolfe
c75252ae1c
Rework Integration Testing to Support Multiple Accounts (#128)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-12-15 01:37:36 -05:00
Clinton Wolfe
e00ec2df5e
Add created_with_user filter criteria to aws_iam_access_keys
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-12-15 00:07:28 -05:00
Clinton Wolfe
e317fff2ed
Move files under lib back to libraries
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-12-14 23:41:12 -05:00
Clinton Wolfe
a33146f9a4
Skeleton aws_ec2_security_group resource
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-12-14 09:28:29 -05:00
Clinton Wolfe
4229974e7d
Skeleton resource for aws_ec2_security_groups
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-12-13 22:36:23 -05:00