Commit graph

1853 commits

Author SHA1 Message Date
Chef Expeditor
e57977612e Bump version to 1.37.11 by Chef Expeditor 2017-09-18 19:49:26 +00:00
malovdm1
3e16a099c5 quote username and hostname in mssql_session (#2151)
Signed-off-by: Malovany, Dmytro (Ext) <dmytro.malovany@novartis.com>
2017-09-18 21:49:20 +02:00
Chef Expeditor
7ca1380ef9 Bump version to 1.37.10 by Chef Expeditor 2017-09-18 19:48:11 +00:00
Adam Leff
5297dc6ede Add deprecation warning to auditd_rules resource (#2156)
The auditd_rules resource has been replaced by the auditd resource.
We are planning on removing the auditd_rules resource in InSpec 2.0.
This change will provide a warning to any user using the old resource.

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-18 21:48:04 +02:00
Chef Expeditor
c6703af02c Bump version to 1.37.9 by Chef Expeditor 2017-09-18 19:47:26 +00:00
Jennifer Burns
ec18dce62b auditd resource: test active auditd configuration against the audit daemon (#2133)
* Added auditd resource and documentation.

Signed-off-by: Jennifer Burns <jburns@mitre.org>

* Added unit tests for auditd resource and updated auditd_rules_test to match new entries in auditctl

Signed-off-by: Jennifer Burns <jburns@mitre.org>

* Removed all legacy code for audit < 2.3. Removed parens to create consistency.

Signed-off-by: Jennifer Burns <jburns@mitre.org>

* Updated method names and removed unnecessary content based on review

Signed-off-by: Jennifer Burns <jburns@mitre.org>
2017-09-18 21:47:18 +02:00
Chef Expeditor
85c02112b5 Bump version to 1.37.8 by Chef Expeditor 2017-09-15 20:38:05 +00:00
Jerry Aldrich III
9773e1cd94 Add wildcard/multiple server support to nginx_conf resource (#2141)
* Add wildcard/multiple server support to nginx_conf

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>

* separate the merge function for maps in nginx_conf

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-09-15 16:37:57 -04:00
Chef Expeditor
48b0e6a667 Bump version to 1.37.7 by Chef Expeditor 2017-09-14 19:16:35 +00:00
Chef Expeditor
4c6877f766 Bump version to 1.37.6 by Chef Expeditor 2017-09-14 17:09:04 +00:00
Chef Expeditor
c02e359fa2 Bump version to 1.37.5 by Chef Expeditor 2017-09-13 21:52:54 +00:00
Alex Pop
cf6fdd09af Show versions for inspec compliance profiles (#2143)
Signed-off-by: Alex Pop <apop@chef.io>
2017-09-13 17:52:45 -04:00
Chef Expeditor
be7f5ccde1 Bump version to 1.37.4 by Chef Expeditor 2017-09-13 20:53:43 +00:00
Alex Pop
35becd7e0f Support profile versions for automate profiles storage (#2128)
* Support profile versions for automate profiles storage

Signed-off-by: Alex Pop <apop@chef.io>

* Add unit tests for inspec-compliance bundle

Signed-off-by: Alex Pop <apop@chef.io>

* Refactor target_url method, fix tests, fix rubocop errors

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-13 16:53:36 -04:00
Chef Expeditor
18d9b74301 Bump version to 1.37.3 by Chef Expeditor 2017-09-13 12:41:17 +00:00
Adam Leff
7810051f0a package resource: assume a default Homebrew path (#2140)
* package resource: assume a default Homebrew path

Homebrew's `brew` script is installed to /usr/local/bin by default which
is usually not in a non-interactive PATH. We will now first check to see
if `brew` is in PATH, and if not, assume a default of `/usr/local/bin/brew`

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-13 08:41:09 -04:00
Chef Expeditor
9fa47f1a9e Bump version to 1.37.2 by Chef Expeditor 2017-09-13 12:16:58 +00:00
Adam Leff
d4790f7f5a Ignore linked container names when parsing docker containers (#2134)
* Ignore linked container names when parsing docker containers

If a container is linked to another container, the normal `docker ps` output
does not include this information. However, when pulling the `.Names` field
with `docker ps --format`, the linked container is listed in the name. This
is confusing for users trying to use InSpec to audit a container.

This change strips any linked container names from the actual container name.

Signed-off-by: Adam Leff <adam@leff.co>

* Linked container names aren't guaranteed to be last depending on how they were linked

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-13 08:16:53 -04:00
Adam Leff
7a3706a023 Add clarifying docs for mysql_conf resource (#2138)
The docs did not include examples for querying settings set within a named section.

Signed-off-by: Adam Leff <adam@leff.co>
2017-09-13 08:16:35 -04:00
Chef Expeditor
48f3cdc644 Bump version to 1.37.1 by Chef Expeditor 2017-09-13 12:15:15 +00:00
Rony Xavier
7d2da0c199 nginx resource: audit the nginx binary and how it was compiled (#1958)
* nginx base resource

Signed-off-by: Aaron Lippold <lippold@gmail.com>
Signed-off-by: Rony Xavier <rx294@gmail.com>
2017-09-13 08:15:09 -04:00
Chef Expeditor
dd1d0ca553 Bump version to 1.37.0 by Chef Expeditor 2017-09-11 15:37:45 +00:00
dromazmj
70548ab754 etc_fstab resource: test contents of the /etc/fstab file (#2064)
* Adding support for fstab

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* New Resource - etc_fstab

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* New Resource - etc_fstab

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* Modifications to new resource - etc_fstab

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* Modifications to new resource - etc_fstab

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* Modifications to new resource - etc_fstab

Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>

* Modifications to docs of new resource etc_fstab

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>

* Modifications to new resource etc_fstab

Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
2017-09-11 15:55:03 +02:00
Jerry Aldrich III
a9d0d65c54 Add attributes file readability error handling (#2127)
* Add attributes file readability error handling

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2017-09-08 08:43:33 -04:00
Chef Expeditor
29c80110a8 Bump version to 1.36.1 by Chef Expeditor 2017-09-06 12:22:38 +00:00
Chef Expeditor
de2bd9aba3 Bump version to 1.35.5 by Chef Expeditor 2017-09-06 12:19:10 +00:00
Dominik Richter
19ab22f5e2 add nginx_conf accessors for http, servers, and locations (#2119)
* wip: extend nginx_conf for http+servers+locations

... well `http` entries really, but we couldnt just call it `https`.

the goal is to `nginx_conf.http` / `nginx_conf.servers` / `nginx_conf.locations` and then also have these calls cascaded down to simplify the access to these fields. the current pattern is rather tedious since we need to check for nil everywhere.

* add test for new nginx accessors

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* add docs for nginx-conf

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* fix all incorrect NGINX spellings in docs

* prevent edge-cases where nginx params are nil

for location, http, and servers

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* more descriptive to_s for nginx servers

as suggested by @adamleff, thank you!

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* add more descriptive to_s for nginx location

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
2017-09-06 08:19:04 -04:00
Chef Expeditor
e2b528db20 Bump version to 1.35.4 by Chef Expeditor 2017-09-06 10:07:39 +00:00
Trevor Vaughan
fb011c1d10 Fix deep profile chaining (#2121)
Update to fix how multiple relative profile chaining functions.

Closes #2120

Signed-off-by: Trevor Vaughan <tvaughan@onyxpoint.com>
2017-09-06 12:06:55 +02:00
Chef Expeditor
dbb4311693 Bump version to 1.35.3 by Chef Expeditor 2017-09-05 12:37:41 +00:00
ChadScott
09b145122d Modify linux regular expression to handle process names with spaces (#2117)
* Modify linux regular expression to handle process names with spaces

Signed-off-by: Chad Scott <cscott@chadikins.com>

* Add mocks, tests, etc.

Signed-off-by: Chad Scott <cscott@chadikins.com>
2017-09-05 14:36:55 +02:00
Chef Expeditor
f3c3de241e Bump version to 1.35.2 by Chef Expeditor 2017-09-03 18:43:56 +00:00
Clinton Wolfe
f284962450 File Resource: add be_setgid, be_setuid, be_sticky matchers (#2104)
* Provisioner script to setup resource tests for setgid/setuid/sticky bit tests.  This appears to be the correct mechanism per docker_run, but I don't see any other provisioner scripts, so I suspect there is a different Chef-internal mechanism at play here.

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* TDD Red for setgid/setuid/sticky File matchers

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Add documentation for file resource sgid, sticky, and suid matchers

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Add matchers to File for setgid, setuid, and sticky by aliasing existing predicates; TDD green

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Rubocop prefers alias to alias_method.

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Lint before pushing, of course

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Correct spelling of setgid and setuid matchers in docs

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Add be_setgid, be_setuid, be_sticky matcher integration tests for File.

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Revert "Provisioner script to setup resource tests for setgid/setuid/sticky bit tests.  This appears to be the correct mechanism per docker_run, but I don't see any other provisioner scripts, so I suspect there is a different Chef-internal mechanism at play here."

This reverts commit 42e672f3b1.

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Revert "TDD Red for setgid/setuid/sticky File matchers"

This reverts commit a4f891fc7e.

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2017-09-03 20:43:13 +02:00
Chef Expeditor
fd3dac23ce Bump version to 1.35.1 by Chef Expeditor 2017-08-31 13:55:32 +00:00
Chef Expeditor
1e57537f54 Bump version to 1.34.10 by Chef Expeditor 2017-08-31 13:51:44 +00:00
dromazmj
cb5b475bb1 etc_hosts resource: test the contents of the /etc/hosts file (#2065)
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
2017-08-31 09:51:39 -04:00
Chef Expeditor
e7b6c31e11 Bump version to 1.34.9 by Chef Expeditor 2017-08-31 07:56:18 +00:00
Jonathan Morley
3e7d47505c Add support for XML files (#2107)
* Add support for XML files

Signed-off-by: Morley, Jonathan <jmorley@cvent.com>

* Use REXML instead of nokogiri

Signed-off-by: Morley, Jonathan <jmorley@cvent.com>
2017-08-31 09:56:14 +02:00
Chef Expeditor
d0f2e49970 Bump version to 1.34.8 by Chef Expeditor 2017-08-31 07:53:50 +00:00
Adam Leff
e2fa0b5e73 port resource: support ss instead of netstat (#2110)
* port resource: support ss instead of netstat

`netstat` is officially deprecated and is replaced with `ss`. This PR
changes the port resource to use `ss` if it's available on the target
system.

Signed-off-by: Adam Leff <adam@leff.co>

* Disable Metrics/ClassLength cop on the LinuxPorts class

Signed-off-by: Adam Leff <adam@leff.co>
2017-08-31 09:53:08 +02:00
Chef Expeditor
0f19e40d3b Bump version to 1.34.7 by Chef Expeditor 2017-08-30 20:04:28 +00:00
Anthony Shaw
d5f33f0b99 pip resource: support non-default pip locations, such as virtualenvs (#2097)
* Update pip resource for #516 allow user to set path to pip executable

Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>

* support virtualenv path, pip file exec and better logic

Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>

* add tests for the change to the pip path and resource

Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>

* tests are case sensitive, although command line is not

Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>

* use a path verification method instead of a class method

Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>

* use guard clauses instead of conditionals

Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>

* change the control flow to return nil when commands are not available

Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>

* fix the return values when custom pip path is not valid

Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>

* Refactor pip path detection to fix unit tests

Signed-off-by: Adam Leff <adam@leff.co>
2017-08-30 22:04:22 +02:00
Chef Expeditor
d93f623934 Bump version to 1.34.6 by Chef Expeditor 2017-08-30 20:02:50 +00:00
Adam Leff
c383175417 Support mixed-case group entries (#2101)
* Support mixed-case group entries

The `group` resource downcased the input parameter unless the target
was a Windows node. However, it's completely legitimate for a Unix-y
node to have mixed case group and passwd entries.

This change does have the potential to break people that did not carefully
match their case when searching for a group, but we're currently blocking
people from using the group resource properly if they have mixed-case
entries.

Signed-off-by: Adam Leff <adam@leff.co>

* Fix unit tests

Signed-off-by: Adam Leff <adam@leff.co>
2017-08-30 22:02:45 +02:00
Chef Expeditor
151199b5fc Bump version to 1.34.5 by Chef Expeditor 2017-08-30 18:22:05 +00:00
Mark Harrison
ef42e2efd0 Use stored http resource response (if any) (#2108)
Currently, if you check two properties of a http resource, such as
status and body, two different http requests are made to the server.
However, the response is already stored in an instance variable, so this
change just checks to see if a response is already available and uses it
rather than making another http request.

Signed-off-by: Mark Harrison <mark@mivok.net>
2017-08-30 20:21:59 +02:00
Chef Expeditor
75b9ee8c39 Bump version to 1.34.4 by Chef Expeditor 2017-08-29 05:11:57 +00:00
Jennifer Burns
3b2bf52b1d auditd_rules resource: fix get_keys error on lines that have no keys (#2103)
* Added line to fix bug when no key in file rule and updated test to validate bug fix

Signed-off-by: Jennifer Burns <jburns@mitre.org>

* Updated to consider corner case

Signed-off-by: Jennifer Burns <jburns@mitre.org>
2017-08-29 07:11:14 +02:00
Chef Expeditor
7a41cec73f Bump version to 1.34.3 by Chef Expeditor 2017-08-25 20:21:54 +00:00
Kevin Formsma
94c2e8181c Add sensitive flag to resources to restrict logging output (#2017)
* Filter check output based on sensitive flag
-Updated check in formatters to filter check output during failures based on
sensitive metadata flag
-Added functional test of output filtering
-Updated documentation with blerb on usage
* Update output format for sensitive resources

Signed-off-by: Kevin Formsma <kevin.formsma@gmail.com>

* Update color output on new test

Update the color output to match the newly-expected non-color format if there are no tests that match.

Signed-off-by: Adam Leff <adam@leff.co>
2017-08-25 16:21:49 -04:00