Commit graph

1239 commits

Author SHA1 Message Date
Jerry Aldrich
4731d95abd docs: Update example resource (#2904)
* Change `skip_resource` to use raise
* Add `supports` lines to example resource
* Change to rescue `StandardError` vs `Exception`
* Change raise to use `e.message` vs `$!`
* Remove redundant returns
* Change `File.exists?` to `File.exist?`
* Update shasum in tests

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-04-05 08:50:49 -04:00
Paul Welch
27203110cd Add AWS hardware MFA matcher (#2892)
* Add AWS hardware MFA matcher
Adding a hardware as well as a virtual MFA matcher for aws_iam_root_user
resource

* Add New AWS Root Matcher Docs
- Add documentation for new root MFA matchers
- Fix logic for checking MFA devices from feedback on PR

* Add Integration tests for MFA matchers
- Add integration tests for virtual and hardware MFA matchers
- Clean up logic for has_virtual_mfa_enabled? method

Signed-off-by: Paul Welch <pwelch@chef.io>
2018-04-03 09:13:52 -04:00
Paul Welch
d3b90a7c9f Pw/pip windows bug (#2883)
* Add python check for pip resource

When checking pip resources, we should skip resource if python is not
installed or we will fail with an error when trying to parse the path.

* Check pip command on windows

On Windows, if pip has a newer version available, it adds an error
message to stderr. Now checking if both stderr and stdout on windows
have values. If so, assume pip package is installed.

* Clean up powershell query command

- Make it easier to read what the powershell command is doing
- Make it easier to read what the cmd_successful method lokos for

Signed-off-by: Paul Welch <pwelch@chef.io>
2018-03-29 13:01:59 -04:00
Trevor Bramble
a40f857e2b Change route_table_id regexp for correctness (#2885)
Without the terminating character ($), it just accepted any characters
at all after the initial matching set.

Also add some tests to assure we're raising appropriately.

Co-authored-by: Trevor Bramble <tbramble@chef.io>
Co-authored-by: Joshua Padgett <jpadgett@chef.io>

Signed-off-by: Trevor Bramble <tbramble@chef.io>
2018-03-29 12:50:40 -04:00
Jerry Aldrich
2c4f041e9d powershell resource: Add support other OSs (#2894)
This adds `powershell` resource support for non-Windows OSs via `pwsh`
and Base64 encoded commands.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-03-29 11:57:15 -04:00
Mo Shark
fc3f1708c4 Porting over the singular rds resource from the aws-inspec git repo (#2866)
Signed-off-by: HackerShark <melsharkawi@mitre.org>
2018-03-28 11:23:44 -04:00
eramoto
53a53820cf Mitigate trivial warning output on test (#2872)
* Mitigate trivial warning on test by initializing
Also fixes passing a ambiguous argument.
* Mitigate trivial warning by removing redundant method

Signed-off-by: ERAMOTO Masaya <eramoto.masaya@jp.fujitsu.com>
2018-03-28 11:22:01 -04:00
Omar J. Irizarry
ef8da475d3 registry_key resource was returning an incorrect value (#2871)
* registry_key resource was returning an incorrect value
when key value was greater than 2147483647
* added mock
* Fix issue with default reg key
(default) key was returning nil even when a value was present.

Signed-off-by: Omar Irizarry <irizarry_omar_j@network.lilly.com>
2018-03-26 15:44:31 -04:00
Matthew Dromazos
0cbe5b60e5 New Skeletal Resource aws_config_delivery_channel (#2641)
* Initial commit of new skeletal resource aws_config_delivery_channel
* Changes delivery_frequency to be an integer and names delivery_frequency_in_hours
* Adds more documentation and clarifies descriptions
* Wraps API call in the aws_catch_errors function
* Changes config bucket name to use dashes instead of underscores
* Updates on master and changes directory location of build and integration files
* Fix integration tests to only create one ConfigRecorder

Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
2018-03-26 14:03:23 -04:00
Matthew Dromazos
603bef6f29 New Skeletal Resource aws_kms_key (#2746)
* Initial commit of skeletal resource aws_kms_key
* * Adds comments to rerun travis
* * Clarifies some parts of the doc.
* Changes matcher have_aws_key_manager to manged_by_aws
* Fixes copypasta
* Adds clarification to property names
* Fixes rescueing exceptions from the api
* raises exceptions in the unit tests

Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
2018-03-23 08:29:45 -04:00
Trevor Bramble
bd8ef9d1d8
Remove obsolete mock (#2869)
This mock was a remenant of file reading tests that became obsolete with
the centralization of that code.

Signed-off-by: Trevor Bramble <tbramble@chef.io>
2018-03-22 14:06:53 -07:00
Matthew Dromazos
9077a7b17b New Skeletal Resource aws_sns_subscription (#2697)
* Initial commit of skeletal resource aws_sns_subscription
* Fixes errors in documentation
* Clarifies documentation
* Wraps calls to aws api in catch_aws_errors metho
* Fixes integration tests

Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
2018-03-22 13:38:40 -04:00
Trevor Bramble
be83af35c5
Revise /etc/hosts for correctness and clarity (#2863)
* Clean up test data, correct parse error handling
 * Use functional pipeline to avoid need for conditional clauses and clarify the intent of the comment parsing.
 * Extract magic strings to constants
 * Remove code and tests now covered by FileReader

Co-authored-by: Trevor Bramble <tbramble@chef.io>
Co-authored-by: Paul Welch <pwelch@chef.io>

Signed-off-by: Trevor Bramble <tbramble@chef.io>
2018-03-22 09:58:22 -07:00
Matthew Dromazos
1bb565c708 New Skeletal Resource aws_sns_topics (#2696)
* Initial commit of skeletal resource aws_sns_topics
* Adds clarification in documentation
* Adds functionality for calling the next token returned from aws api.
* Wraps api calls in the catch_aws_errs method

Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
2018-03-22 12:55:23 -04:00
eramoto
c7e87ca3e3 Unify method in which file content is read across all resources (#2359)
* Create file-check functionality into utility file

There are the similar issues as PR #2302. Almost resources return false
positives when a file does not exist or is not read.

* Replace to file-check functionality
* Fix dh_params and x509_certificate resources

If a file is empty, OpenSSL::PKey::DH and OpenSSL::X509::Certificate have
raised an exception and have skipped the inspection. Thus x509_certificate
and dh_params resources are not allowed to read a empty file.

* to_s of shadow expects filters is not nil
* Remove workaround of sshd_config

Removes the workaround of sshd_config since Travis CI fails due to a bug
of dev-sec/ssh-baseline and the PR #100 will fix it.

* Use init block variable in methods

Signed-off-by: ERAMOTO Masaya <eramoto.masaya@jp.fujitsu.com>
2018-03-22 08:25:45 -04:00
Jared Quick
7045fb9193 Bump Thor to version 0.20.0. (#2843)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-03-21 10:44:28 -07:00
Matthew Dromazos
555de72912 Skelatal resource: aws_s3_bucket_object (#2620)
* Initial commit of new resource
* Makes changes to docs to match changes to the resources.
* Adds clarifications in docs and changes it to be an erb file.
* Simplifies some unit tests
* Wraps calls to the api in a aws_catch_errors method
* Removes provisioner terraform code

Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
2018-03-19 13:10:17 -04:00
Jared Quick
fafa681f5c
Set backend cache to defualt true. (#2827)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-03-15 15:08:34 -04:00
eramoto
435ad68698 Sort gotten file list on test (#2812)
When testing on a filesystem used for a long time or built on a small
sized partition, the actual file order may be different from the
expected file order as below:

    1) Failure:
  inspec keyword::inspec.profile.files#test_0002_lists all profile files when calling #files [/work/git/inspec/test/unit/dsl/other_keywords_test.rb:50]:
  --- expected
  +++ actual
  @@ -1 +1 @@
  -["a_sub_dir/sub_items.conf", "items.conf"]
  +["items.conf", "a_sub_dir/sub_items.conf"]

    2) Failure:
  SourceReaders::InspecReader::with a valid profile#test_0005_retrieves all extra files [/work/git/inspec/test/unit/source_readers/inspec_test.rb:39]:
  --- expected
  +++ actual
  @@ -1 +1 @@
  -["files/a_sub_dir/sub_items.conf", "files/items.conf"]
  +["files/items.conf", "files/a_sub_dir/sub_items.conf"]

Signed-off-by: ERAMOTO Masaya <eramoto.masaya@jp.fujitsu.com>
2018-03-14 09:35:43 -04:00
Jerry Aldrich
439fcb5993 Write version_constraints as an array for inspec.lock (#2619)
* Modify version constraints to be an Array

This will allow both old and new versions of InSpec to parse the
`inspec.lock` correctly.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-03-12 09:02:37 -04:00
Tom Hodder
eeeeda18d8 quote password when generating mysql command string (#2685)
* quote password when generating mysql command string
* added a test for mysql_session, added shellwords escaping to mysql_session resource
* changed the name of the escape method
* clarified test conditions

Signed-off-by: Tom Hodder <tom@limepepper.co.uk>
2018-03-09 08:41:21 -05:00
Miah Johnson
75f39e74f2 Refine deprecated methods to be consisten with supported fields in (#2801)
shadow file.

After much thought the deprecations from #2642 were for the wrong methods.

Plural method names feel much more natural when working with this
resource because you can have more than a single result.

Consider a match like `shadow.user(/^www/)`, this could return multiple
users, so `shadow.users` feels more natural here.

The problem is that the fields we're matching in the shadow file itself
are singular. Each entry is for a user, which has a password, and some
other fields. A user never has `passwords` in the shadow file, only a
`password`.

This is made more obvious when you use the `filter` method.

When we use this filter: `shadow.filter(min_days: 20, max_days: 30)` we
are matching fields in the shadow file and not using our matcher
methods. This means that if there is a discrepancy between our matcher
methods, and the shadow fields the user could end up confused. Like I did =)

This PR changes:

Changed matchers to match shadow fields.
Updated documentation to reflect changes.
Updated tests to reflect changes.
Re-add `filter` method, and add a test for it.
Renamed variable for FilterTable to be less confusing.
Renamed query argument for methods to be consistent.
Cleanup docs based on comments from @jerryaldrichiii
Make Rubocop happy <3

Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-03-08 17:26:08 -05:00
Miah Johnson
5fee525be8 Remove os checks from initialize as this is provided by platform (#2797)
Removes skip_resource and raise .. if InSpec.os stuff from initialize as this is covered by platform support.

Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-03-08 16:01:50 -05:00
Jared Quick
a9127d3f6c
Create reporter directory if it does not exist. (#2798)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-03-08 15:45:59 -05:00
Wei He
a3898db2fe Fix http with connection error (#2770)
* fix: http resource handle connection failed (ex. port is not open)
* add test case

Signed-off-by: Wing924 <weihe924stephen@gmail.com>
2018-03-07 23:04:26 -05:00
Christoph Hartmann
3d87d75c5a
return 1 as exit code for commands that are not available (#2792)
* return 1 as exit code for commands that are not available

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>

* update tests

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2018-03-07 16:09:22 +01:00
Miah Johnson
f6db0e345a Update shadow resource to use FilterTable (#2642)
* Change shadow resource to use FilterTable rather than custom filter
implementation.

Add tests for singluar aliased methods and other minor changes to work
with FilterTable output.
Coverage is at 100%

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* merge master

Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-03-07 15:31:30 +01:00
João Vale
3e2450e703 Host resource: use bash over netcat in Linux (#2607)
* Add support to use bash in host resource

Netcat's presence is widely regarded as a security issue, and thus not
always available. This solution first tries to use bash builtins and
timeout (from coreutils), so is less likely to require installing
additional packages.

* Darwin UDP support in host resource
* Host: use netcat first if available

Signed-off-by: João Vale <jpvale@gmail.com>
2018-03-07 08:39:27 -05:00
Jerry Aldrich
e4e907624a iptables resource: Add support for other bin paths (#2783)
* iptables resource: Add support for other bin paths
* Use `%w{}` instead of `[]`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-03-06 08:56:15 -05:00
Clinton Wolfe
89ce8514df Update name of subnet fixture, fixing 3 failing integration tests (#2765)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-03-02 13:49:33 -05:00
Richard Nixon
47e4c578e0 Fix aws-iam-users pagination (#2761)
* Fix aws-iam-users pagination

PROBLEM: aws-iam-users resource only retrieves 100 records due to pagination
in the AWS IAM list_users function.

FIX: Iterate over all the pages using the AWS pagination variables `marker`
and `is_truncated`

Signed-off-by: Richard Nixon <richard.nixon@btinternet.com>
2018-03-02 09:14:05 -05:00
Jerry Aldrich
c2dcb11f52 Move TESTING_AGAINST_AWS.md to test/aws (#2669)
* Move `TESTING_AGAINST_AWS.md` to `test/aws`
* Add link in README.md

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-03-02 09:11:56 -05:00
Noel Georgi
dd033fbf1b mssql_session - Handling cases where the data is nil (#2752)
* Fixing bug where the row data returned is nil

Signed-off-by: Noel Georgi <noel.georgi@reancloud.com>
2018-03-01 14:30:07 -05:00
Jerry Aldrich
4631306ef1 virtualization_resource: Fix NoMethodError on nil:NilClass (#2603)
* Move instance variable to avoid `NoMethodError`

Methods for `role` and `system` properties are dynamically generated and
return values from the `@virtualization_data` Mash. Therefor, we must
ensure `@virtualization_data` exists before calling these methods.

* Move supports logic to `supports platform: linux`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-02-28 14:22:55 -05:00
Matthew Dromazos
4394c5efc8 New Resource aws_config_recorder (#2635)
* Initial commit of new resource
* Removes deprecated matcher in example
* Adds a new terraform file for config resources
* Fixes and clarifies documentation
* Wraps calls to api in catch_aws_errors method
* Changes the names of two matchers

Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
2018-02-27 13:15:04 -05:00
Christian Becker
b7687765f5 http resource: Support OPTIONS method (#2742)
Signed-off-by: Christian Becker <c.becker@mediaevent.services>
2018-02-27 12:59:53 -05:00
Jared Quick
62cb6bb846
Make sure we have a proper exit code and report data. (#2747)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-26 16:50:51 -05:00
Clinton Wolfe
118b8a9fc5 Various small fixes/adjustments to the integration tests for AWS and Azure (#2745)
* Fix formatting of iam user integration tests by placing them in controls
* Fix subnet AZ test by making it an attribute; can't hardcode it
* Fix VPC ID fixture export for subnet testing
* Rename Azure integration tasks to match AWS and allow on-demand attribute dump

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-26 16:37:36 -05:00
Jerry Aldrich
d356cfc6dc Move AWS/Azure tests to integration directory (#2675)
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-02-26 11:10:04 -05:00
Jared Quick
20a0b0e025
Fix inspec check to work with platforms (#2737)
* Fix inspec check to work with platforms.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-26 11:01:23 -05:00
Jerry Aldrich
5538dc158c Reword inspec check test's it block (#2721)
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-02-23 15:28:54 -05:00
Jerry Aldrich
448eeb4637 package resource: Fix brew package detection (#2730)
* package resource: Fix `brew` package detection

This allows for package detection via `brew` to handle cases where a
particular package formula exists but is not installed.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-02-23 09:01:14 -05:00
Jared Quick
378e7c5048
Update shell detect to work with platforms (#2712)
* Update shell to use the same detect logic as cli detect.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-20 07:37:23 -05:00
Franklin Webber
b9efb1d999 Fixes the deprecation warning text for report and output. (#2694)
* Fixes the deprecation warning text for report and output.

Remove an extra 'is being' from the 'is being is being'

Signed-off-by: Franklin Webber <franklin@chef.io>
2018-02-19 11:52:56 -05:00
Jared Quick
97dd0546c0 Fix legacy reporter output to file (#2667)
* Fix legacy reporter output.

Signed-off-by: Jared Quick <jquick@chef.io>

* Wrap test in a proc to catch warnings.

Signed-off-by: Jared Quick <jquick@chef.io>

* Add output deprecation.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-18 12:17:00 +01:00
Jared Quick
2a8bd673b1 Capture ArgumentErrors from aws. (#2673)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-17 16:50:35 +01:00
Jared Quick
457a33a2b3 Fix bundle exec calls (#2670)
* Fix bundle exec calls and add test.

Signed-off-by: Jared Quick <jquick@chef.io>

* Add exit check for supermarket exec.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-17 16:49:52 +01:00
Julian C. Dunn
594a185fa7 Remove duplicated encryption key test. (#2671)
Signed-off-by: Julian C. Dunn <jdunn@chef.io>
2018-02-16 15:32:43 -05:00
Jared Quick
db96ee9e85
Prevent resources from loading if supports check fails (#2665)
* Prevent resources from loading if supports fail.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-16 15:15:53 -05:00
Miah Johnson
75fb488d2c Add example properties from azure integration tests. (#2659)
Remove trailing whitespace.
Clean up formatting and some rubocop issues.

Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-02-15 21:52:54 -05:00
Clinton Wolfe
6c0422fbf0
Improvements and matcher renaming on aws_iam_password_policy (#2638)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-14 15:59:57 -05:00
Clinton Wolfe
33787124a7 Two deprecations in aws_ec2_instance (#2637)
* Drop deprecation warning for old name of aws_ec2

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-14 15:08:34 -05:00
Jerry Aldrich
e77b99235f Update inspec detect to support APIs/Families (#2634)
This does the following to `inspec detect`:
  - Modifies it to use the `platform` resource
  - Changes the output to mention Platform and show the family hierarchy
  - Changes the JSON output by changing `family` to `families`
  - Adds better error messaging (no more stacktraces!)
  - Adds support for APIs such as AWS/Azure
  - Hides Arch from API platforms (not applicable)

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-02-14 15:06:39 -05:00
Jared Quick
59fd0e8775
Update reporter with breaking inspec 2.0 changes. (#2487)
* Update reporter with breaking inspec 2.0 changes.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-14 11:54:20 -05:00
Jared Quick
fde895f74a Merge branch 'master' into release-2.0 2018-02-13 15:11:53 -05:00
Jared Quick
e9db965176
Fix the /private/var osx issue causing functional tests to fail (#2616)
* Fix the /private/var osx issue casuing a test to fail.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-13 09:04:30 -05:00
Jared Quick
f3ee680429 Add hidden json fields to schema and add tests. (#2618)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-12 19:34:22 +01:00
Jared Quick
f5f9873bfd Allow ad-hoc runners to use rspec formats. (#2621)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-12 19:29:54 +01:00
Jared Quick
da7b7e8549
Force a default reporter for ad-hoc runners (#2610)
* Force a default reporter for ad-hoc runners if not set.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-12 10:23:34 -05:00
Jared Quick
69f6e4e735 Remove ending newline from json reports.
Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-09 13:15:18 -05:00
Jared Quick
b5b0713fe2 Fix json-config format not overriding reporter.
Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-09 11:51:49 -05:00
Jared Quick
fc99ec553d Add log format tests.
Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-09 11:19:52 -05:00
Jared Quick
145604549b This fixes the audit issue expecting a report hash output.
Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-09 10:59:39 -05:00
Clinton Wolfe
2708a73e11 Merge branch 'aws-core-onramp' into aws-merge 2018-02-09 00:56:28 -05:00
Clinton Wolfe
d696c8b83f Merge branch 'cw/rename-resources' into core-onramp 2018-02-08 17:00:49 -05:00
Clinton Wolfe
dfc73a52f0 Merge branch 'release-2.0' into aws-merge-release-merge-try
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-08 10:44:11 -05:00
Clinton Wolfe
6aaab8691c Merge branch 'aws-merge-prep' into aws-merge
Includes train aws:// targeting and some new resources

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-08 10:09:57 -05:00
Jared Quick
9bc0a5a32f Merge branch 'master' into release-2.0 2018-02-08 09:48:23 -05:00
Clinton Wolfe
532f42df89 Move files to locations for core - inspec AWS PR 219 and other new resources
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-08 09:36:20 -05:00
Clinton Wolfe
16fe52b084 Rearrange AWS files for merge into core
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-08 09:24:15 -05:00
Jerry Aldrich
84817366a1 Remove deprecations for InSpec 2.0 (#2506)
* Add `release-2.0` target branch to AppVeyor/Travis (#2510)

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* simpleconfig: Remove deprecated config keys

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* cli (exec): Remove `--cache` command line argument

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* platform: Remove lowercase os name protection

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* matcher: Remove `contain_legacy_plus` matcher

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* matcher: Remove `contain_match` matcher

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* matcher: Remove `with_version` matcher

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* matcher: Remove `belong_to_group` matcher

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* matcher: Remove `belong_to_primary_group` matcher

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* matcher: Remove `contain` matcher

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* passwd: Remove deprecated properties

This removes:
  - `passwd.count`
  - `passwd.username`
  - `passwd.usernames`
  - `passwd.uid`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* auditd_rules: Remove in favor of `auditd` resource

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* cli: Remove `login_automate` command

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Remove `resource_skipped` message method

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-02-08 11:05:21 +01:00
Jared Quick
9930e40a76 Add new "reporter" system (replacement for "formatters"), support multiple reporters per run (#2464)
* Formatter and reporter refactor.

Signed-off-by: Jared Quick <jquick@chef.io>

* Add exception and backtrace to json-min report.

Signed-off-by: Jared Quick <jquick@chef.io>

* Add sha to json-min and include generator version for json profile.

Signed-off-by: Jared Quick <jquick@chef.io>

* Fix deprecated typo and add fallback for cli resource title.

Signed-off-by: Jared Quick <jquick@chef.io>

* Update to build json report and clean up cli logic.

Signed-off-by: Jared Quick <jquick@chef.io>

* Add tests for json reporter.

Signed-off-by: Jared Quick <jquick@chef.io>

* Add cli suppress_log_output? and a fallback for invalid reporter type.

Signed-off-by: Jared Quick <jquick@chef.io>

* Update suppress_log_output? to check if we are outputting to stdout.

Signed-off-by: Jared Quick <jquick@chef.io>

* Update reporter cli optoins to work with json_config.

Signed-off-by: Jared Quick <jquick@chef.io>

* Refactor some safe-navigation and variable names.

Signed-off-by: Jared Quick <jquick@chef.io>

* Add thor banner to show reporter file output syntax.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-08 10:06:58 +01:00
Clinton Wolfe
a0b6bac87b
Use train for AWS connection (#219)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-07 23:26:37 -05:00
Clinton Wolfe
4e07508317 Rename classes and resource names in files
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-07 23:23:05 -05:00
Clinton Wolfe
162335aa60 Move files for rename
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-07 22:56:45 -05:00
Clinton Wolfe
4d8eb48855
Skeletal aws_vpc_subnets resource (#228)
Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-07 20:12:02 -05:00
Jared Quick
42779e91a7 Setup azure resources into inspec.
Signed-off-by: Jared Quick <jquick@chef.io>
2018-02-07 16:05:58 -05:00
Clinton Wolfe
7bea049f05 Treat integration tests as core, not relying on a resource pack
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-07 12:29:27 -05:00
Clinton Wolfe
0ca012891b Rely on unit test helper to load resources, not individual AWS tests
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-07 12:09:08 -05:00
Miah Johnson
046b2ef419 Skeletal Resource: aws_route_table (#217)
Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-02-07 10:48:55 -05:00
Matthew Dromazos
16fee68c88 Skeletal Resource: aws_vpc_subnet (#209)
Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
2018-02-07 10:03:11 -05:00
Clinton Wolfe
f7a11ee2df Merge branch 'aws-merge-prep' into aws-merge
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-07 09:53:21 -05:00
Jared Quick
e0ab84b11a Merge branch 'jq/azure_merge' of /Users/jquick/Chef/inspec-azure into jq/merge_inspec_azure 2018-02-06 13:23:54 -05:00
Clinton Wolfe
f425a70f79 Rearrange AWS files for merge into core
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-05 15:58:51 -05:00
Sam Cornwell
14efd94050 Skeletal aws_iam_group resource (#221)
Signed-off-by: Sam Cornwell <14048146+samcornwell@users.noreply.github.com>
2018-02-01 15:55:53 -05:00
Sam Cornwell
d722827ebd Skeletal aws_iam_groups resource (#208)
Signed-off-by: Sam Cornwell <14048146+samcornwell@users.noreply.github.com>
2018-02-01 13:09:48 -05:00
Rony Xavier
23b57ab591 Add have_access_logging_enabled matcher to aws_s3_bucket (#212)
Signed-off-by: Rony Xavier <rx294@nyu.edu>
2018-02-01 11:50:38 -05:00
Rony Xavier
7d53056751 Password usage properties for aws_iam_users (#213)
Signed-off-by: Rony Xavier <rx294@nyu.edu>
2018-02-01 11:23:25 -05:00
Clinton Wolfe
e2e9915aa4 Skeletal aws_kms_keys resource
Signed-off-by: Rony Xavier <rx294@nyu.edu>
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-02-01 10:21:54 -05:00
Rony Xavier
6ae80ad6f7 skeletal aws_iam_ policies resource (#193)
Signed-off-by: Rony Xavier <rx294@nyu.edu>
2018-01-31 22:45:02 -05:00
Rony Xavier
1b170dcfb6 aws_iam_access_keys incorrectly populates created_date (#215)
Signed-off-by: Rony Xavier <rx294@nyu.edu>
2018-01-31 22:16:30 -05:00
Clinton Wolfe
032eda1063
Silence some test warnings (#140)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-01-31 21:54:47 -05:00
Clinton Wolfe
b645f093e9
Remove accidentally committed notes file (#194)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-01-31 21:52:28 -05:00
Miah Johnson
820547aa9d Ensure unique security group name while integration testing. (#218)
Signed-off-by: Miah Johnson <miah@chia-pet.org>
2018-01-31 21:51:43 -05:00
Dominik Richter
42ffd874de add Inspec::Describe for abstract describe state (#2010)
Unlike `Inspec::Test` this supports having multiple tests within one block that describes a resource. This has now been seen as an optimization problem where a resource may be computed once and tested multiple times with `it` and `its` within the body.

If successful, it requires a follow-up to deprecated Inspec::Test and remove it for 2.0 completely with a recommendation to use Inspec::Describe.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2018-01-30 16:32:56 +01:00
Rony Xavier
f09d4f5266 aws_iam_policy resource (#184)
Signed-off-by: Rony Xavier <rx294@nyu.edu>
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-01-26 15:21:49 -05:00
Jerry Aldrich
d96a6affa7 packages resource: Add architectures support (#2469)
This adds support for `architectures` to the `packages` resource.

Example:

```
describe packages(/compat-libstdc++-33/) do
  its('architectures') { should include 'x86_64' }
  its('architectures') { should include 'i686' }
end
```

This also adds documentation for the `packages` resource

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-01-25 23:57:34 -08:00
Vern Burton
55abdebdc9 filesystem resource: inspect linux filesystems (#2441)
* adding df resource

Signed-off-by: Vern Burton <me@vernburton.com>

* adding unit tests and required mocks for them, created integration test

Signed-off-by: Vern Burton <me@vernburton.com>

* cleaning up skip test to include only the filename and not full path

Signed-off-by: Vern Burton <me@vernburton.com>

* adding docs

Signed-off-by: Vern Burton <me@vernburton.com>

* size makes more sense than space

Signed-off-by: Vern Burton <me@vernburton.com>

* removing unneeded author lines

Signed-off-by: Vern Burton <me@vernburton.com>

* as the command changed, changing mock to the new sha

Signed-off-by: Vern Burton <me@vernburton.com>

* updating to address comments from #2441

* removing author lines
* using attr_reader functions
* using ruby string functions rather than pipe to sed
* adding os family detection
* using ResourceFailed as the pattern already existed for OS family detection
* using if for future case support for unix and unix-like (FreeBSD)

Signed-off-by: Vern Burton <me@vernburton.com>

* adding supports to resource metadata, and adding tests that show that resource says that it is not supported on windows/unix.

Signed-off-by: Vern Burton <me@vernburton.com>

* focusing on linux os family and removing logic for assumed future cases

Signed-off-by: Vern Burton <me@vernburton.com>

* changing df to filesystem

Signed-off-by: Vern Burton <me@vernburton.com>
2018-01-25 09:29:31 -05:00
Clinton Wolfe
2d6bb1b84a
Make cloudwatch log metric filter test fixtures more unique (#201)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-01-23 22:16:00 -05:00
Jerry Aldrich
98546984ae service resource: attempt a SysV fallback if SystemD unit file is not found (#2473)
* service resource: Fix no `.service` + systemd bug

This modifies the `enabled?` check to fallback to `sysv_service` in the
event that a `.service` file cannot be found.

For example: On Debian 8.7 the stock apache2 package does not deploy a
`.service` file but deploys a SysV style service. This causes
`systemctl is-enabled` to fail when the service is in fact enabled.

* Remove `cmd_stderr` and clean up `cmd_exit_1`
* Clean up `stderr` assignment using ternary
2018-01-23 12:34:47 -08:00
ViolentOr
3c7bace964 Update security_policy resource to return Names, not SIDs (#2462)
* Added possibility to translate SID to human-readable name (using 'translate_sid: true' switch)

Signed-off-by: ViolentOr <github@violentor.me>

* fixed errors

Signed-off-by: ViolentOr <github@violentor.me>

* changed pars to opts

* renameg temp variable

Signed-off-by: ViolentOr <github@violentor.me>

* Required tests added

Signed-off-by: ViolentOr <github@violentor.me>

* fixed mistype

Signed-off-by: ViolentOr <github@violentor.me>

* should not copy-paste.

Signed-off-by: ViolentOr <github@violentor.me>

* replaced empty call with empty file

Signed-off-by: ViolentOr <github@violentor.me>

* tests fixed.

Signed-off-by: ViolentOr <github@violentor.me>

* grouped command mocks related to the security_policy resource

Signed-off-by: ViolentOr <github@violentor.me>

* bacgitend -> backend

Signed-off-by: ViolentOr <github@violentor.me>
2018-01-23 12:31:57 -08:00
Matt Kulka
c067798fc5 Docker Swarm service resource (#2456)
This change adds the `docker_service` resource for Docker swarm mode services. This
branches off some of the common elements (id, exists) into a `DockerObject` module along
with a utility function for parsing the image/repo string. That function was implemented
separately by `docker_image` and `docker_container`, now with a third resource, it made
sense to consolidate that into an included module. I used the most comprehensive
implementation. Existing classes had to be slightly modified for the genericization.

Signed-off-by: Matt Kulka <mkulka@parchment.com>
2018-01-23 12:30:14 -08:00
Rony Xavier
0af7105eba Functional aws_cloudtrail_trail resource (#186)
Signed-off-by: Rony Xavier <rx294@nyu.edu>
2018-01-23 11:26:27 -05:00
Rony Xavier
3a786babcf Skeletal aws_cloudtrail_trails resource (#191)
Signed-off-by: Rony Xavier <rx294@nyu.edu>
2018-01-23 11:06:05 -05:00
Rony Xavier
86843320df Correct access_key detection on aws_iam_root_user (#198)
Signed-off-by: Rony Xavier <rx294@nyu.edu>
2018-01-23 11:01:51 -05:00
Clinton Wolfe
5ab68ecf03
aws_s3_bucket with modified interface (#183)
Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
    Signed-off-by: Aaron Lippold <lippold@gmail.com>
    Signed-off-by: Sam Cornwell <14048146+samcornwell@users.noreply.github.com>
    Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-01-19 11:50:08 -05:00
Jerry Aldrich
944dfdc987 grub_conf resource: fix menuentry detection (#2408)
* Fix `grub_conf` menuentry detection

This does the following:
  - Corrects Grub2 bug where last entry was always selected
  - Adds support for specifying a Grub2 menu entry by name
  - Adds support for using `GRUB_DEFAULT=saved` with Grub2
  - Adds more Unit tests

* Add error if menuentry name cannot be extracted
* Add handling for missing/unreadable grubenv
* Add defensive code for failed menuentry extraction
2018-01-18 13:20:48 -08:00
Sam Cornwell
e81937413b skeletal aws_vpcs (#182)
Signed-off-by: Sam Cornwell <14048146+samcornwell@users.noreply.github.com>
2018-01-18 10:51:06 -05:00
Adam Leff
6be9f32448 http resource: make header keys case insensitive (#2457)
* http resource: make header keys case insensitive

HTTP header keys are currently case-sensitive, and the local and remote
workers currently store the keys in different formats due to the
different tools generating them.

This change ensures the ability to fetch headers by key is
case-insensitive and adds a deprecation to inform the user that future
fetches should use all lowercase.

Signed-off-by: Adam Leff <adam@leff.co>

* Remove deprecation treatment

HTTP header keys are case insensitive anyways. There's no reason to make
things harder for our users.

Signed-off-by: Adam Leff <adam@leff.co>
2018-01-16 14:30:35 -08:00
Jerry Aldrich
7bbe99bbbd package resource: fix NilClass errors on arch linux (#2437)
* Fix `nil:NilClass` error for `package` resource

This modifies `.info` to return `{}` in cases where the package manager
cannot be determined. This matches the behavior of `@pkgman.info`.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Change `must_be_empty` to `must_equal({})`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-01-16 14:27:31 -08:00
Vern Burton
175c3e1189 xml resource: support fetching attributes (#2423)
* adding database.xml with attributes to files and mocking it in the helper.rb

Signed-off-by: Vern Burton <me@vernburton.com>

* adding logic to test class returned by XPATH and using functions from respective classes to fill a array for return, and unit and integration tests to ensure functionality

Signed-off-by: Vern Burton <me@vernburton.com>

* updating docs to show how attributes are used

Signed-off-by: Vern Burton <me@vernburton.com>

* 'and' instead of 'or' makes more sense

Signed-off-by: Vern Burton <me@vernburton.com>

* adding default else for capturing unknown classes from REXML

Signed-off-by: Vern Burton <me@vernburton.com>

* removing extra newline

Signed-off-by: Vern Burton <me@vernburton.com>

* adding fail case with enough information to debug in future case

Signed-off-by: Vern Burton <me@vernburton.com>
2018-01-16 14:26:39 -08:00
Vern Burton
9b4a276e9f firewalld resource: prepend rule string only when necessary (#2430)
* adding control statement to add rule in front of string as long as it doesn't already contain rule.

Correcting resource name in firewalld from etc_hosts_deny

adding tests for both branches of the statement created in firewalld

Signed-off-by: Vern Burton <me@vernburton.com>

* moving to unless with a start_with

Signed-off-by: Vern Burton <me@vernburton.com>

* adding documentation that states that it is not needed to add `rule` string

Signed-off-by: Vern Burton <me@vernburton.com>
2018-01-16 14:20:58 -08:00
Vern Burton
712ba520ad mssql_session resource: add port parameter (#2429)
* adding SQL 2012 SP1 for mssql_session testing

Signed-off-by: Vern Burton <me@vernburton.com>

* updating SHA to match new commands with ports in them

Signed-off-by: Vern Burton <me@vernburton.com>

* adding port, and a default value and moving from skip_resource to resource_fail

Signed-off-by: Vern Burton <me@vernburton.com>

* adding new sha for custom host

Signed-off-by: Vern Burton <me@vernburton.com>

* adding tests for hostname and migrating test that passed port in host to a dedicated port test

Signed-off-by: Vern Burton <me@vernburton.com>

* adding integration test

Signed-off-by: Vern Burton <me@vernburton.com>

* removing services as appveyor does not have integration testing running so it would be a waste of time to enable it

Signed-off-by: Vern Burton <me@vernburton.com>

* mock instance command

Signed-off-by: Vern Burton <me@vernburton.com>

* making instance readable

Signed-off-by: Vern Burton <me@vernburton.com>

* adding instance test

Signed-off-by: Vern Burton <me@vernburton.com>

* moving to ResourceSkipped as ResourceFailed is targeted for a major release

Signed-off-by: Vern Burton <me@vernburton.com>
2018-01-16 14:04:00 -08:00
Sam Cornwell
3d731a81f8 aws_vpc resource skeleton (#172)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Signed-off-by: Sam Cornwell <14048146+samcornwell@users.noreply.github.com>
2018-01-11 22:51:17 -08:00
Jared Quick
04859ee01d Update the inspec support check to warn to stderr. (#2446)
Signed-off-by: Jared Quick <jquick@chef.io>
2018-01-05 21:17:37 +01:00
Dominik Richter
be9ece65b9 load local dependencies in inspec shell (#2438)
* add --depends to inspec shell

for loading dependencies from local folders. mainly used for development.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* lint

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* depends is not defined...

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* much nicer description for --depends

kudos @adamleff

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* add documentation for inspec shell --depends

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2018-01-04 14:39:01 -05:00
Jared Quick
839ab3eef4 Deprecate and warn when comparing against OS name with capitals/spaces (#2397)
* Testing train downcase platform names.
* Added NameCleaned tests and fixed some formatting.
* Clean up tests with helper method.
* Update to new gemfile and platform resource.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-01-04 14:15:02 -05:00
Jerry Aldrich
972f3a6486 Modify inspec json to use check_mode (#2435)
This modifies `inspec json` to make it not evaluate code inside of
`only_if` blocks.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-01-03 09:10:35 -08:00
Dominik Richter
f1f2900866
bugfix: dependency chaining in libraries (#2428)
* WIP require chaining

* add a tiny comment

* reapply fix doh

* add a deprecation warning

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* lint

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* remove deprecation warning for require in control files

as discussed with Adam Leff

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* add tests for regular ruby gem require in libs

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2018-01-02 12:41:01 -08:00
Jared Quick
10dc5621fb Add platform resource and platform supports (#2393)
* Add platform resource and platform supports.

Signed-off-by: Jared Quick <jquick@chef.io>

* Cache platform and inspec checks and implement inspec_version.

Signed-off-by: Jared Quick <jquick@chef.io>

* Deprecate current inspec support in favor of inspec_version.

Signed-off-by: Jared Quick <jquick@chef.io>

* Update resource/profile skip messages.

Signed-off-by: Jared Quick <jquick@chef.io>

* Update load_resource to use platform instead of os.

Signed-off-by: Jared Quick <jquick@chef.io>

* Update platform example.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-01-02 11:04:13 -08:00
Jerry Aldrich
491a1b9968 Fix x509_certificate integration tests (#2431)
An update to the openssl cookbook modified the defaults for `state` and
`city` in the `openssl_x509` resource. That change modified the output
of `issuer_dn` and `subject_dn` in InSpec's `x509_certificate` resource.

This modifies the expected output of the integration tests to match
these new defaults.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-01-02 12:27:30 -05:00
Miah Johnson
685ba1bc1e Update apache_conf regular expression to exclude whitespace. (#2416)
* Update apache_conf test to check for ServerAlias values.

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Add ServerAlias key and values to mock apache conf which includes
trailing whitespace.

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Updated test to reflect all ServerAlias values being put into a single
array item. This is expected as we do not override the key_values
default setting of '1' when passing the raw configuration to
SimpleConfig.

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Update the regular expression to include a conditional with positive
lookahead that checks if the line ends with one or more spaces. If the
lookahead succeeds we non-greedily capture, and when it fails we
greedily capture.

Signed-off-by: Miah Johnson <miah@chia-pet.org>
2017-12-22 17:07:46 +01:00
Eammon Hanlon
f6c7bffe78 Add bonding mode matcher to bond resource (#2414)
* Add mode method to test the value of Bonding Mode

Signed-off-by: Eammon Hanlon <eammon.hanlon@microsoft.com>

* Add test for bonding mode in bond unit test

Signed-off-by: Eammon Hanlon <eammon.hanlon@microsoft.com>

* Add documentation on mode matcher for bond resource

Signed-off-by: Eammon Hanlon <eammon.hanlon@microsoft.com>

* Update example for 'Test parameters for bond0'

Signed-off-by: Eammon Hanlon <eammon.hanlon@microsoft.com>
2017-12-22 15:02:40 +01:00
Jerry Aldrich
a3c993fe18 Fix OWCA detection for compliance login (#2401)
* Add handling for OWCA login via `compliance login`

OpsWorks Chef Automate currently returns a 200 for the
`/compliance/version` endpoint and redirects to the Chef Manage page.

This adds support to `inspec compliance login` to accept this as valid
behavior and continue with the login.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Add test case for 200 response but no Chef Manage

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Add debug info and split `determine_server_type`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Appease RuboCop

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Remove forced returns from `determine_server_type`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Add `false` code path for non-200/non-401 response

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Reword debug messages

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-12-22 15:01:18 +01:00
Dominik Richter
2f506b3c70 bugfix: default attributes for nil and false (#2410)
Traditionally those would translated DEFAULT_ATTRIBUTE. but that was wrong, it should have been nil or false or whatever the user supplied.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-12-21 14:20:59 +01:00
Aaron Lippold
9784520d83 fixed 'count' to 'entries.count' in aws_ec2_security_groups as per the docs (#142)
* * added 'count' to `aws_ec2_security_groups`

Fixes #141

Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-12-20 12:20:09 -05:00
Sam Cornwell
efffcfd928 pin Terraform aws provider verson to 1.1 (#151)
Signed-off-by: Sam Cornwell <14048146+samcornwell@users.noreply.github.com>
2017-12-20 12:04:43 -05:00
Jerry Aldrich
c2a65942d9 Add support for Darwin Directory Service groups (#2403)
* Add support for Darwin Directory Service groups

This allows users to verify groups added by Chef on OS X.

The current method that `UnixGroup` uses is to check the contents of
`/etc/group`, but OS X adds groups to Directory Service and not
`/etc/group`. This modifies the `group` resource on Darwin to use
`dscacheutil` to get group info.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Clean up `select_group_manager`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Clean up DarwinGroup `groups` method

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-12-20 16:57:45 +01:00
Jerry Aldrich
b17be1a73c Enhance package resource error handling (#2388)
* Enhance `package` resource error handling

This does the following:
  - Modifies `info` to return an empty hash instead of `nil`
  - Adds a failure case if package name is not specified
  - Adds a skip case if no package manager can be found
  - Changes `skip_resource` to use the `ResourceSkipped` exception
  - Raises an error if JSON parsing fails for Windows/MacOS/Darwin

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Make RuboCop happy

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Change missing argument behavior

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Remove unnecessary boolean check

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-12-15 19:52:41 +01:00
Clinton Wolfe
c75252ae1c
Rework Integration Testing to Support Multiple Accounts (#128)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-12-15 01:37:36 -05:00
Clinton Wolfe
e00ec2df5e
Add created_with_user filter criteria to aws_iam_access_keys
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-12-15 00:07:28 -05:00
Clinton Wolfe
e317fff2ed
Move files under lib back to libraries
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-12-14 23:41:12 -05:00
Clinton Wolfe
a33146f9a4
Skeleton aws_ec2_security_group resource
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-12-14 09:28:29 -05:00
Clinton Wolfe
4229974e7d
Skeleton resource for aws_ec2_security_groups
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-12-13 22:36:23 -05:00
Clinton Wolfe
e5dc4a1c29
Add skeleton of aws_iam_role
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-12-13 22:34:52 -05:00
Russell Seymour
cdbe8c1016 Create azure_generic_resource
* Rewrite of Inspec Azure Resource pack to allow the testing of _any_ value Azure reosurce.
Closes #36
Closes #37

This fixes #56 so that it works with the latest version of the SDK. In fact it will only work to version >= 0.15

Signed-off-by: Russell Seymour <russell.seymour@turtlesystems.co.uk>
2017-12-12 13:20:22 -05:00
Jared Quick
7c7fab9fb0 Replace exec --cache with --vendor-cache (#2390)
* Move cache cli command to vendor-cache.

Signed-off-by: Jared Quick <jquick@chef.io>

* Rename DEPRECATION to DEPRECATED for cache flag.

Signed-off-by: Jared Quick <jquick@chef.io>
2017-12-12 17:28:07 +01:00
Clinton Wolfe
f5251f3c29 Re-work unit tests for user and users (#125)
* Constructor unit tests

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Constructor tests pass, all others gutted

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Basic 'where' test in place, no criteria

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Wired up filter table to backend list users

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Unit testing for has_mfa_enabled and has_console_password

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Simple AWS client implementation for Users

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Rework resource parameters and validation; copy in code from #121

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Add constructor tests

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Add search/recall tests

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Recall unit tests pass

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Failing unit tests for username and has_console_password

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* has_console_password works in unit tests

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* has_mfa_enabled failing unit tests

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* has_mfa_enabled passes unit tests

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Failing unit tests for Access Keys

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* CLean up bad rebase commit

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Access keys property works, as an uncooked AWS response

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* De-linting

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Integration tests work

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Remove provider support libraries

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Integration tests pass for users resource

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* De-lint

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Remove aws connection load from user

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Adapt aws_iam_user to rely on AwsResourceMixin

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-12-08 19:34:09 +01:00
Miah Johnson
e33f4959e1 Allow crontab resource to read crontab at user specified paths. (#2328)
* add a emulated /etc/cron.d/crondotd file to the mocking system.

* test that we handle incoming paths correctly by rendering to_s.

* We take in both users and a path, so lets call that destination.

* To make the test pass we'll determine if we are dealing with a path or
a user and return the correct string.

* we will need the ability to determine if we are dealing with a path when either calling the crontab command or reading the file directly, so break that out into a path? method.

* remove author field.

* test contents of our crondotd file.

* we have to explicitly make @destination a String to use include?.

* when we get a path we use inspec.file to get conents, otherwise we run the crontab command.

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Add documentation for example usage with file path.

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Make path? and path_or_user private methods

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Add missing username filed to crondotd mock file

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Pass argument as a hash when testing file paths

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Expected results should include usernames when testing file paths

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Add special string `@yearly` test to crondotd mock file

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Add user to existing cron tests

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Rubocop says I need spaces after/before curly brackets

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Add user to crondotd file tests and add @yearly test

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Modify initialize to take options hash and be backwards compatible.

Change initialize default argument to create a hash by default, though
it is still possible to pass in a 'user' string argument.

@user gets set with the argument value unless its a hash, in which case
it tries to set the value of the user key, otherwise it becomes nil.

@file gets set with the value of the path key, unless it doesn't exist
in which case it becomes nil.

All hash keys are symbolized to ensure consistent access.

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Check if @path is nil to determine if we run crontab command or parse
file.

path? was removed as we're not overloading a @destination variable
anymore.

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* if @user is nil assume current user otherwise crontab for @user

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Change to complete if rather than ternary.

We have three possible cases, current user, other user, or file path.
This accounts for all of them.

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Add user to the crontab FilterTable

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Remove path? and path_or_user

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Move crontab parsing to two methods, parse_user_crontab and
parse_system_crontab

Because a command in a crontab file could have spaces we must parse user
and system crontabs differently.

When we parse user crontabs the user field will either be nil, or the requested user.

Both user and path parsers handle special strings (@yearly, @weekly,
etc). And also account for position of user in these files (or adds it
in user case)

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Update examples with user: and path:

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Add spaces after : in example docs

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Disable rubocop ClassLength check

Signed-off-by: Miah Johnson <miah@chia-pet.org>

* Moved rubocop ClassLength metric next to class instead of above the
module.

Remove unnecessary braces.

Add is_system_crontab? and is_user_crontab helper methods and use them.

Add tests to see if error conditions are raised when the resource is
invoked with missing parameters (user, or path), and on a unsupported
os.

Change initialize to group all hash functions together and raise errors
when user and path is unset. Also raise errors on unsupported operating
systems.

Change order of ternary and use is_system_crontab? rather than
@path.nil?

Signed-off-by: Miah Johnson <miah@chia-pet.org>
2017-12-07 13:50:07 +01:00
Jared Quick
72af4a96f1 Update default cli options to be per command. (#2378)
Signed-off-by: Jared Quick <jquick@chef.io>
2017-12-07 13:19:36 +01:00
Jared Quick
4c592f49c1 Resolve merge issue with json-config vs thor defaults (#2377)
* Add debug for caching and fix cli merge bug.

Signed-off-by: Jared Quick <jquick@chef.io>

* Update options merge to take cli options over json.

Signed-off-by: Jared Quick <jquick@chef.io>
2017-12-06 22:22:11 +01:00
Jared Quick
31578de5e4 Fix inspec appveyor test with the new local train transport (#2376)
* test appveyor with ruby#File

Signed-off-by: Jared Quick <jquick@chef.io>

* Update inspec train to version 0.31.1

Signed-off-by: Jared Quick <jquick@chef.io>
2017-12-06 15:18:38 -05:00
Jared Quick
578577f79a Update command resource to check for mock backend. (#2353)
Signed-off-by: Jared Quick <jquick@chef.io>
2017-12-05 14:21:31 +01:00
Jerry Aldrich III
49d36de0f3 Allow inspec check to ignore only_if (#2250)
* Allow `inspec check` to ignore `only_if`

When using `inspec check` a mock Train backend is created. This means
that the following would raise an error because `os.name` is `nil`

```
only_if { os.name.include?('anything') }
```

Since `inspec check` isn't concerned with the evaluation of `only_if`
this skips those checks if the block given raises an error.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Remove unnecessary `e` in rescue

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Modify implementation to use `check_mode`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Move `check_mode` concept to the Profile scope

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Fix lint after rubocop upgrade

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Add comment for mocked ControlEvalContext options

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-12-05 14:13:41 +01:00
Jared Quick
0dc0e3b457 Update rspec cli control summary to not uniq fails. (#2362)
Signed-off-by: Jared Quick <jquick@chef.io>
2017-12-05 13:07:31 +01:00
Jared Quick
d49f4e3fe1 Enable caching for backend calls (#2309)
* Enable caching for command and file calls to train
* Moved transport conn to connection and refactored tests
* Update caching flag to use train caching.
* Move caching flag to cli option.
* Add backed cache default from thor.
* Add hard disable for cache option and remove all cache from debug shell.
* Add comment to caching settings conditional.
* Force file cache on when caching enabled.
* Update gemspec for train 0.30.0.

Signed-off-by: Jared Quick <jquick@chef.io>
2017-12-04 16:40:14 -05:00
Jared Quick
4b1c1b041f security_policy resource: use PID for filename instead of random (#2368)
* Update security policy export to use pid instead of random.

Signed-off-by: Jared Quick <jquick@chef.io>

* Update helper for the new train.

Signed-off-by: Jared Quick <jquick@chef.io>
2017-12-04 15:31:06 -05:00
Clinton Wolfe
2955aabf7f DRY up AWS resource implementation and test backend implementations (#121)
* Standardize requires in unit tests

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Standardize requires in resources

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Move AWS connection hook into non-resource library area

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Add an AWS resource mixin, pushing constructor out to it

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Push resource param name recognition into mixin

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Push exists predicate up to mixin

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Rename base.rb to be resource_mixin for clarity

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Separate the backend from its factory, and push it out into a class mixin

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Push BackendFactory up into the resource mixin

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* De-linting

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Remove aws_conn require from LMF and CloudWatch Alarm filters

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Use resource mixin for Cloudwatch Alarm

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Rework LMF to use the resource mixin

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Rubocop.

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Remove SDK load from connection.rb; that happens in aws.rb now

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Mixin should default to allowing empty resource params

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Update LMF to enforce params being required

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-12-04 19:32:13 +01:00
Adam Leff
3ffaee91c2 docker_image resource: properly handle registries in image strings (#2356)
When supplying a docker image that contains a registry with a port number,
such as `localhost:5000/chef/inspec:1.46.3`, the docker_image resource
was unable to locate the image in question due to incorrect parsing
of the repository and tag.

Signed-off-by: Adam Leff <adam@leff.co>
2017-12-01 10:24:15 +01:00
Adam Leff
12fec238f7
json resource: ensure params is not nil in even of read/parse failure (#2354)
When the JSON resource (and those that subclass off of it) were modified
to properly throw exceptions in the event of failure, this caused the
`params` method to return nil instead of what it used to be, an empty
hash.

This is fine in the case of a describe block, but it's not okay when used
outside of a describe, as it will cause users trying to pluck from the
hash to throw a dreaded-and-unhelpful NilClass error.

This change pre-populates the params to be an empty hash, and if the
read/parse steps fail, it will still be one.

Signed-off-by: Adam Leff <adam@leff.co>
2017-11-29 16:31:06 -05:00
Jared Quick
3f14e467b3 Unique export file for security policy resource (#2350)
* Add a unique export for security policy resource.

Signed-off-by: Jared Quick <jquick@chef.io>

* Remove skip resource on empty policy file.

Signed-off-by: Jared Quick <jquick@chef.io>
2017-11-29 15:16:40 +01:00
Jerry Aldrich III
71057675de Allow skipping/failing resources in FilterTable (#2349)
* Allow skipping/failing resources in FilterTable

`FilterTable` is commonly used in the class body of a resource and is
evaluated during an `instance_eval`. This means that if you raise an
exception (e.g. SkipResource) it will halt `inspec exec` and
`inspec check`.

This adds an `ExceptionCatcher` class that will postpone evaluation
until test execution.

This allows `inspec check` and `inspec exec` to perform as intended when
skipping/failing a resource in `FilterTable`

Huge thanks to @adamleff for providing the starting code/ideas!

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Comment why `ExceptionCatcher` doesn't raise

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Remove `accessor` from `ExceptionCatcher`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Return the existing ExceptionCatcher object rather than creating new

Signed-off-by: Adam Leff <adam@leff.co>
2017-11-29 07:32:40 -05:00
David Alexander
beb326a15a wmi resource: properly escape quotes in WMI query (#2342)
* Modifies test for failing WMI string interpolation

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* Fixes #2260 (WMI string interpolation)

Signed-off-by: David Alexander <opensource@thelonelyghost.com>
2017-11-29 12:01:44 +01:00
Adam Leff
98db74a466 http resource: properly support HEAD request with remote worker (#2340)
The existing method of adding `-X HEAD` to the curl command does not
work properly and can cause timeouts because curl doesn't properly
close the connection. The correct way is to use curl's own `--head`
flag.

Signed-off-by: Adam Leff <adam@leff.co>
2017-11-27 18:17:39 +01:00
Adam Leff
6c3ab70dd1
json resource (et. al.): allow inspec check to succeed when using command (#2317)
* json resource (et. al.): allow inspec check to succeed when using command

When using the `json` resource (or any of the resources that subclass
JsonConfig), `inspec check` would fail if the content was supplied with
the `command` option. This is because the `command` resource is mocked
and an empty string would be returned for `stdout`. That content would
be blindly passed to the `parse` method would which raise an exception
and cause `inspec check` to fail.

This change refactors JsonConfig to be a bit cleaner and use some helper
methods. Additionally, we use the new Exceptions to properly raise errors
which are naturally caught by Inspec::Profile, etc.

Signed-off-by: Adam Leff <adam@leff.co>

* Make `resource_base_name` method private

Signed-off-by: Adam Leff <adam@leff.co>
2017-11-27 11:13:02 -05:00
Clinton Wolfe
245efc4230
Add aws_iam_access_keys resource (#112)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-11-22 14:17:36 -05:00
Clinton Wolfe
fdd04e31c6
Add aws_cloudwatch_alarm resource (#119)
Adds aws_cloudwatch_alarm resource.
2017-11-22 14:04:13 -05:00
ChefRycar
84b34b9a4d Updating aws_iam_user with exists? function. (#115)
* Updating aws_iam_user with exists? function. Solves #114

Signed-off-by: Nick Rycar <rycar@chef.io>

* Disabling class length rubocop rule.

Signed-off-by: Nick Rycar <rycar@chef.io>
2017-11-22 14:30:18 +01:00
Clinton Wolfe
351b200a88 Add Cloudwatch Log Metric Filter resource (#116)
* Full docs, first draft; integration tests; started on unit tests
* Integration tests pass
* Docs update 
* More consistent syntax in examples
* Alter fetch phase to perform fetch, handle results, and unpack into instance vars, more like other resources
2017-11-22 12:32:19 +01:00
eramoto
a948900f88 Remove meaningless stdout message (#2313)
Stops to output the meaningless message to standard output when testing.
Obvious fix.

Signed-off-by: ERAMOTO Masaya <eramoto.masaya@jp.fujitsu.com>
2017-11-17 15:56:36 -05:00
Clinton Wolfe
ab2170f717 Add aws_sns_topic resource (#120)
* Docs first draft, integration tests, and constructor unit tests for SNS topic

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Skeleton of SNS topic

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Constructor arg validation works

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Passing unit tests for recall

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Subscription Count property, works

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Subscription, not subscriber

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Integration tests pass; also wildard ARNs are not allowed

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Rubocop changes

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Doc updates per kagarmoe

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-11-17 01:44:43 +07:00
Seth Chisamore
396752ba26 Add basic param handling to remote HTTP worker (#2286)
http resource: Add basic param handling to remote HTTP worker
2017-11-16 12:16:23 -05:00
malovdm1
923e4abf21 sqlplus credentials could contain special symbols and need to be escaped (#2308)
Signed-off-by: Dmytro Malovany <dmytro.malovannyy@gmail.com>
2017-11-15 21:49:09 +01:00
eramoto
f9ee7596f5 Fix gid filtering for etc_group resource (#2297)
'etc_group' resource stores 'gid' as integer but the 'where' method
compares 'gid' as string.
By this fix, the 'where' method always converts the stored data to string
when comparing. And it can also look for groups without members.

Signed-off-by: ERAMOTO Masaya <eramoto.masaya@jp.fujitsu.com>
2017-11-14 05:03:50 +01:00
Adam Leff
6875e80bd8
Fix classname in JUnit formatter (#2283)
* Fix classname in JUnit formatter

The JUnit formatter currently incorrectly uses `class` instead of
`classname` as an attribute.

Signed-off-by: Adam Leff <adam@leff.co>

* Prefixing classname with profile name, fix functional tests

Signed-off-by: Adam Leff <adam@leff.co>
2017-11-13 22:41:37 -05:00
Adam Leff
18faaa42de
Bumping train to 0.29.1 (#2306)
* Bumping train to 0.29

Train 0.29 includes some bug fixes and a refactor of the File classes

Signed-off-by: Adam Leff <adam@leff.co>

* Correct unit test for undefined platform

Train requires that a hash is supplied when mocking an OS. Because
an OS of "unsupported" rather than "undefined" was chosen in a unit
test, a nil was passed to train and it caused a failure.

Signed-off-by: Adam Leff <adam@leff.co>

* Ensure 0.29.1 or later gets picked up, but 0.30 is also acceptable

Signed-off-by: Adam Leff <adam@leff.co>
2017-11-13 16:02:27 -05:00
Wei He
f20748c88f fix port resource (parse_ss_line) (#2305)
Signed-off-by: Wing924 <weihe924stephen@gmail.com>
2017-11-13 18:06:01 +01:00
Clinton Wolfe
656423d7f2 Issue warning during check if profile name contains slash (#2231)
* Add failing unit test for deprecation warning on profiles with slashes in their name

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Issue warning during validation if name contains a slash

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Slug profile names generated from target paths to prevent breaking unit tests

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Rubocop whinges

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Update functional test watching for default profile name

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Make deprecation warning more descriptive

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Rubocop whinges

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Set title with original test path if no profile name or title provided

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Rubocop whinges

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-11-09 12:32:54 +01:00
Adam Leff
86079ca3c7 Properly compare profile version strings as SemVer (#2280)
When configuring a profile dependency, if the dependent profile had a
hyphen in it, it would not properly match the default version constraint
of `>= 0`. This is because a hyphen indicates the version is a pre-release
version and proper version matching would require the constraint to also
be listed with a pre-release version string.

The proper solution is to use the `+` character instead which indicates
a build number, which is what the hyphen was meant to convey. In the
meantime, this change properly compares version strings as SemVer and
also adds tests.

Signed-off-by: Adam Leff <adam@leff.co>
2017-11-09 12:29:41 +01:00
Adam Leff
afd23444c9 Eliminate deprecation warnings on resource skipped messages (#2296)
PR #2216 introduced some new tests that use the old syntax that was
deprecated in #2235. This gets them in line and eliminates the
deprecation warnings.

Signed-off-by: Adam Leff <adam@leff.co>
2017-11-09 12:25:11 +01:00
Brett Delle Grazie
0bb318c2dc http resource: supply max-time option using read_timeout and open_timeout (#2289)
Curl doesn't distinguish between them so need to use the sum of both as
the overall timeout.

fixes #2288

Signed-off-by: Brett Delle Grazie <brett.dellegrazie@gmail.com>
2017-11-09 11:11:19 +01:00
Adam Leff
0a11280444
nginx resource: support quoted identifiers (#2292)
An nginx config may contain configuration settings that are quoted, such
as a map entry:

"~^\/opcache-api" 1;

The `nginx_conf` resource was failing to properly parse these.

Signed-off-by: Adam Leff <adam@leff.co>
2017-11-08 12:42:37 -05:00
Adam Leff
9e9025c138 Switch to tomlrb for TOML parsing (#2295)
The `toml` gem has a very strict version dependency on an old version
of parslet. This change switches us to use `tomlrb` instead which has
no direct dependencies. This will allow us to bump up to a later version
of parslet that has better error handling and insight into parser errors.

Signed-off-by: Adam Leff <adam@leff.co>
2017-11-08 11:41:00 +01:00
Jerry Aldrich III
43b71ff132 Add non-halting exception support to resources (#2235)
* Add non-halting exception support to resources

This adds two `Inspec::Exceptions` that can be used within resources to
either skip or fail a test without halting execution.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-11-06 13:28:53 -05:00
Seth Chisamore
af8443d1ea Use proper syntax in curl header option (#2285)
`curl` expects a valid header per RFC 2616 when using the
`-H`/`--header` option. RFC 2616 declares header field/values
should be separated using a colon (`:`):
https://tools.ietf.org/html/rfc2616#section-4.2

Signed-off-by: Seth Chisamore <schisamo@chef.io>
2017-11-03 14:28:54 -04:00
Wei He
71ed5ef964 service resource: properly search for SysV Init S files (#2274)
* bug fix: Service resource

Signed-off-by: Wing924 <weihe924stephen@gmail.com>

* fix test case

Signed-off-by: Wing924 <weihe924stephen@gmail.com>
2017-11-02 15:03:51 +01:00
Markus Grobelin
221db7e132 mount resource: fix for Device-/Sharenames and Mountpoints including … (#2257)
* mount resource: fix for Device-/Sharenames and Mountpoints including whitespaces

Device-/Sharenames and Mountpoints on Linux may include whitespaces (\040), e.g. /etc/fstab entry like:

```//fileserver.corp.internal/Research\040&\040Development /mnt/Research\040&\040Development cifs OTHER_OPTS```

... results in a mount line like:

```//fileserver.corp.internal/Research & Development on /mnt/Research & Development type cifs (OTHER_OPTS)```

The Linux mount command replaces \040 with whitspace automatically, so this should be tributed.

I used a control like this:

```
    describe mount('/mnt/Research & Development') do
      it { should be_mounted }
      its('device') { should eq  '//fileserver.corp.internal/Research & Development' }
    end
```

Before:

```
  ×  whitespaces-1: Mount with whitespace within sharename and mountpoint. (1 failed)
     ✔  Mount /mnt/Research & Development should be mounted
     ×  Mount /mnt/Research & Development device should eq "//fileserver.corp.internal/Research & Development"

     expected: "//fileserver.corp.internal/Research & Development"
          got: "//fileserver.corp.internal/Research"

     (compared using ==)
```

After:

```
  ✔  whitespaces-01: Mount with whitespace within sharename and mountpoint.
     ✔  Mount /mnt/Research & Development should be mounted
     ✔  Mount /mnt/Research & Development device should eq "//fileserver.corp.internal/Research & Development"
```

Signed-off-by: Markus Grobelin <grobi@koppzu.de>

* mounts_with_whitespaces: make lint happy

Signed-off-by: Markus Grobelin <grobi@koppzu.de>

* mount resource: added parentheses as suggested by https://github.com/chef/inspec/pull/2257/files

Signed-off-by: Markus Grobelin <grobi@koppzu.de>

* mount resource: fix for Device-/Sharenames and Mountpoints including whitespaces
Signed-off-by: Markus Grobelin <grobi@koppzu.de>
2017-11-01 12:01:21 +01:00
Chris Redekop
c8d4244ef4 Add has_roles to aws_ec2_instance (#90)
* Rename EC2-instance resources

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Add interim updates

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* testing for issue 82

Signed-off-by: Simon Varlow <simon.varlow@d2l.com>

* completed integration for EC2 roles

Signed-off-by: Simon Varlow <simon.varlow@d2l.com>

* adding in the beginning of the unit test for issue 82

Signed-off-by: Simon Varlow <simon.varlow@d2l.com>

* Fix unit tests

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Add has_roles? examples

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Remove redundant gsub

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* corrected OpenStruct format

Signed-off-by: Simon Varlow <simon.varlow@d2l.com>

* setting up variable for InstanceProfile

Signed-off-by: Simon Varlow <simon.varlow@d2l.com>

* Updated the unit test so all variables are at the top

Signed-off-by: Simon Varlow <simon.varlow@d2l.com>

* Fixed Rubocop issues that were detected

Signed-off-by: Simon Varlow <simon.varlow@d2l.com>

* Updating README.md to include changes to aws_ec2

Signed-off-by: Simon Varlow <simon.varlow@d2l.com>

* Add failing IT for has_roles?

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Add negative IT and fix uncovered issue

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Fix Rubocop issue

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Fix integration test

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Fix Rubocop issues and unit tests

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Pin AWS dependency to '~> 2'

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
2017-10-26 15:56:32 -04:00
Steffanie Freeman
1a31425e81 Issue #46 Lazily load attributes in aws_iam_users (#89)
* Initial Commit

Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>

* aws_iam_user uses lazy loading

Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>

* Disassociates convert call from list_users

Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>

* A real-world working AwsIamUsers (#71)

* Add aws_iam_users

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Adding Filter table and Collect User Details to aws_iam_users.rb

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Adding Filter table and Collect User Details to aws_iam_users.rb

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Adding Filter table and Collect User Details to aws_iam_users.rb

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Get an aws_iam_users integration test to pass

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Fix RuboCop issues and tests

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* Improving code based on PR feedback

Signed-off-by: Chris Redekop <chris.redekop@d2l.com>

* AWS IAM Users unit tests work with new lazy loading feature

Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>

* Fixes tests

Signed-off-by: aduric <adnan.duric@d2l.com>

* Users should only hold the returned user references, transfering responsibility to each user to fetch any details

Signed-off-by: aduric <adnan.duric@d2l.com>

* Create user details provider class

Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>

* Using details provider factory to delegate creation of detail providers, and updates tests

Signed-off-by: aduric <adnan.duric@d2l.com>

* Rubocop fixes

Signed-off-by: aduric <adnan.duric@d2l.com>

* Rename user details provider factory to initializer, and remove unnecessary instance variables

Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>
2017-10-26 15:22:15 -04:00
Jerry Aldrich III
91403d8c81 Add Chef Automate support to inspec compliance login (#2203)
* Merge `login` and `login_automate` commands

This provides a single interface for logging into either Chef Automate
or Chef Compliance servers. Server type is evaluated at run time via
HTTP responses from designated endpoints.

This also moves the login logic from `Compliance::ComplianceCLI` to a
separate set of modules in `Compliance::API`. This removes logic from
Thor and allows for more in depth Unit testing.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Remove empty line below class definition

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Add message to `raise CannotDetermineServerType`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Refactor `token_info` assignment

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Remove unnecessary rubocop disable

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Modify `Login` module namespacing

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Remove mentions of login_automate and --usertoken

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Modify `determine_server_type` to return a symbol

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Add support for `login_automate` and `--usertoken`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Fix encoding typo

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Address PR feedback

This does the following:
  - Moves `CannotDetermineServerType` error to `.login`
  - Changes methods that store configuration to return the configuration
  - Moves user output to one location in `.login`
  - Makes other small improvements

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-10-26 17:32:47 +02:00
Russell Seymour
5d720ef05a Modified to handle adding a suffix to the end of the Public IP Address domain name (#53)
Fixes #52

Signed-off-by: Russell Seymour <russell.seymour@turtlesystems.co.uk>
2017-10-26 10:50:18 +01:00
Markus Grobelin
2251270929 cran resource: check for R module installation (#2255)
* Added CRAN resource to check R modules

control 'cran-1' do
  impact 1.0
  desc '
    Ensure R module DBI is installed.
  '

  describe cpan('DBI') do
    it { should be_installed }
    its('version') { should cmp >= '3.0' }
  end
end

Signed-off-by: Markus Grobelin <grobi@koppzu.de>

* cran resource: made lint happy, added negative unit test, removed unused arg perl_lib_path

Signed-off-by: Markus Grobelin <grobi@koppzu.de>
2017-10-25 16:14:29 +02:00
Markus Grobelin
c626dfdbd9 cpan resource: check for Perl module installation (#2254)
* Added CPAN resource to check Perl modules

control 'cpan-1' do
  impact 1.0
  desc '
    Ensure Perl modules DBI and DBD::Pg are installed.
  '

  describe cpan('DBI') do
    it { should be_installed }
  end

  describe cpan('DBD::Pg') do
    it { should be_installed }
    its('version') { should cmp >= '3.0' }
  end
end

Signed-off-by: Markus Grobelin <grobi@koppzu.de>

* cpan resource: fixed unit test for non-installed module

Signed-off-by: Markus Grobelin <grobi@koppzu.de>
2017-10-25 16:01:26 +02:00
Dominik Richter
39d743b12e Include ref when writing out inspec control objects (#2259)
* support ref for inspec control objects

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* lint

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-10-24 17:50:23 -04:00
Adam Leff
8dc48533aa new resource: elasticsearch resource, test cluster/node state (#2261)
* new resource: elasticsearch resource, test cluster/node state

This is a new resource for testing an Elasticsearch cluster. It operates
by fetching the `_nodes` endpoint from a given Elasticsearch node and
collects data about each node in a cluster, even if there's only a
single node.

This work is based on inspiration from an initial PR #1956 submitted by
@rx294.

Signed-off-by: Rony Xavier <rx294@nyu.edu>
Signed-off-by: Aaron Lippold <lippold@gmail.com>
Signed-off-by: Adam Leff <adam@leff.co>

* Reduce mock data on non-default tests

Signed-off-by: Adam Leff <adam@leff.co>
2017-10-20 17:28:48 -04:00
Matt Ray
c21ce063ab Replace WMI query with PowerShell cmdlet "get-hotfix" (#2252)
Signed-off-by: Matt Ray <matthewhray@gmail.com>
2017-10-18 12:24:11 +01:00
David Alexander
6ed4068fd1 Extend Windows ACL matchers (#1744)
* Adds alias for 'ListDirectory' permission

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* Works with Ruby array of permissions as long as possible

Converts to PowerShell array just before use.

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* Abstracts user-provided permissions to router method

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* Adds FullControl as a specifiable permission

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* Adds specific permission 'modify'

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* Fixes #1743

Limits Windows' broad "read" permission to if it can read all of the
above, instead of just the first:

- File contents
- File attributes
- File extended attributes
- File permissions

This better aligns with how Windows names the permissions.

  'read' -> Read instead of 'read' -> ReadData

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* 'Execute' Windows ACL has alias of 'Traverse'

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* Adds 'Delete' permission

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* Adds `should allow('perm').by_user('me')` matcher

Provides hooks for later use with Windows ACL matching

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* Adds remaining Windows ACL hooks

Skips ReadAndExecute on intentionally since it just aliases the combo of
2 permissions into one new one.

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* [Rubocop] Reduces ABC / Cyclomatic complexity

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* Reduces global scope with `allows()` -> `be_allowed()`

RSpec inferred matchers work nicely here. This changes the `by_user()`
and `by()` chained matchers to just be an options hash on the underlying
`allowed?()` method.

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

* Fixes integration tests with rename `allows()` -> `be_allowed()`

Signed-off-by: David Alexander <opensource@thelonelyghost.com>
2017-10-17 15:01:51 +02:00
username-is-already-taken2
fd558b63ac Corrected some unit test warnings (#2242)
Signed-off-by: username-is-already-taken2 <gary.bright@niu-solutions.com>
2017-10-17 14:49:26 +02:00
Jerry Aldrich III
62dc14a09c Fix only_if behavior when used outside controls (#2216)
* Fix `only_if` behavior when used outside controls

This renames `@skip_profile` to `@skip_file` and modifies the scope of
`only_if` (used outside of a control) to only apply to the control file
that contains it instead of the entire profile.

This does this by exposing `@skip_file` from the control context so that
it can be set back to `false` between loading control files in the
profile context.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Modify `get_checks` to accept a rule index

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Modify `only_if` to work regardless of location

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Disable Cyclomatic/Perceived Complexity in Rubocop

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* Add comment for `skip_file` in `load_control_file`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-10-17 14:47:30 +02:00
narkaTee
4f005d8510 Fix port ressource ss line parsing (#2243)
Fixes the 'ss -tulpen' command parsing when multiple processes use the
same fd.

Signed-off-by: Jan Ullrich <narkat@gmail.com>
2017-10-17 14:45:37 +02:00
Christoph Hartmann
d21e2af15f rename file for aws_ec2 resource
* rename to aws_ec2_instance

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-10-11 16:18:20 -04:00
Clinton Wolfe
2f9317265b Update Terraform commands for v0.10 (#93)
* Terraform now requires init to fetch providers

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Rename env terraform command to workspace

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Pin Terraform version to reflect CLI updates

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-10-11 01:21:56 +01:00
Adam Leff
5114173e50 Support PAX-formatted tar files, standardize file lists (#2225)
* Support PAX-formatted tar files, standardize file lists

When a tar file is generated in PAX format, the files have an additional
relative path prefix added to them. For example, instead of:

inspec.yml

... the file is listed as:

./inspec.yml

And the source reader plugin looks only for a "inspec.yml" file to
determine the profile format.

This change addresses this issue by normalizing the file paths in the
TarReader and accounting for the additional "./" prefix that may exist
whenever the tar file is walked looking for a file to read its content.

Signed-off-by: Adam Leff <adam@leff.co>

* Remove pax from unit test, will move to functional

Signed-off-by: Adam Leff <adam@leff.co>

* Add function test for the pax header tar file

Signed-off-by: Adam Leff <adam@leff.co>
2017-10-10 10:36:57 +01:00
Keith Walters
2a8d6e0e91 Uses netstat to detect open ports on AIX (#2210)
* Uses netstat to detect open ports on AIX

Signed-off-by: Keith Walters <keith.walters@cattywamp.us>

* Adds unit tests for AIX port resource

Signed-off-by: Keith Walters <keith.walters@cattywamp.us>
2017-10-10 10:54:18 +02:00
Jared Quick
f9e0aaadba ssl resource: properly raise error when unable to determine if port is enabled (#2205)
* Move raise condition for host into enabled method

This is related to #1205. This will fix the ssl resource for now until
we redo the exceptions. Still looking around the code and need to build
some unit tests for the ssl resource.

My fix here is to move the raise condition till later in the flow,
specifically the enabled? method. This lets the raise get caught
accordingly without killing the other tests.

Signed-off-by: Jared Quick <jquick@chef.io>

* Remove authors from ssl resource test

Signed-off-by: Jared Quick <jquick@chef.io>
2017-10-06 19:38:22 +02:00
Adam Leff
939ee5ecfc processes resource: support busybox ps (#2222)
This change enhances the processes resource to support the busybox
ps command which is common on Alpine, for example. The way we
map ps fields to the structs needed by FilterTable have also been
refactored to be more flexible so we can support multiple formats
in the future.

Also, the processes resource now allows the grep argument to be optional
thus allowing a user to query all resources without passing in a
match-all regex.

Signed-off-by: Adam Leff <adam@leff.co>
2017-10-06 19:32:39 +02:00
Jared Quick
3d346e779d Update shell resource help to return what is defined (#2219)
This fixes #1664. I refactored the help of the resource to build the
output depending on what is available.

Signed-off-by: Jared Quick <jquick@chef.io>
2017-10-06 19:32:16 +02:00
Adam Leff
9d8c53cf31 Support symbol keys in ObjectTraverser (#2221)
As detected in #2036, it is not possible to extract values from
a YAML file if the key is a symbol. This change refactors ObjectTraverser
to support symbol keys before attempting to stringify them.

Signed-off-by: Adam Leff <adam@leff.co>
2017-10-06 19:24:31 +02:00
Jared Quick
7bb7767dae Add nil check for sshd config file (#2217)
* Add nil check for sshd config file

This fixes #1778. There was a issue where if the user did not have read
permissions on /etc/ssh/sshd_config it would error out on the empty?
check. The fix here is to also look for nil on the file content. Along
with this I refactored the inspec file empty? check as it does not exist
and was also erroring during my testing.

Signed-off-by: Jared Quick <jquick@chef.io>

* Add emptyfile test object and refactor tests

Signed-off-by: Jared Quick <jquick@chef.io>
2017-10-06 15:41:48 +02:00
Adam Leff
21ba43d6a5 http resource: properly execute tests on remote target (#2209)
Currently, the http resource always executes locally, even when scanning
a remote machine with `--target` which leads to undesireable behavior.

This change adds the ability to remotely execute tests with curl. This
behavior is currently opt-in with the `enable_remote_worker` flag, but
will become the default behavior in InSpec 2.0. Deprecation warnings
are emitted if the user is scanning a remote target but has not opted
in to the new behavior.

Signed-off-by: Adam Leff <adam@leff.co>
2017-10-04 22:44:09 +02:00