* Full docs, first draft; integration tests; started on unit tests
* Integration tests pass
* Docs update
* More consistent syntax in examples
* Alter fetch phase to perform fetch, handle results, and unpack into instance vars, more like other resources
* Docs first draft, integration tests, and constructor unit tests for SNS topic
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Skeleton of SNS topic
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Constructor arg validation works
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Passing unit tests for recall
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Subscription Count property, works
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Subscription, not subscriber
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Integration tests pass; also wildard ARNs are not allowed
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Rubocop changes
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Doc updates per kagarmoe
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
'etc_group' resource stores 'gid' as integer but the 'where' method
compares 'gid' as string.
By this fix, the 'where' method always converts the stored data to string
when comparing. And it can also look for groups without members.
Signed-off-by: ERAMOTO Masaya <eramoto.masaya@jp.fujitsu.com>
* Bumping train to 0.29
Train 0.29 includes some bug fixes and a refactor of the File classes
Signed-off-by: Adam Leff <adam@leff.co>
* Correct unit test for undefined platform
Train requires that a hash is supplied when mocking an OS. Because
an OS of "unsupported" rather than "undefined" was chosen in a unit
test, a nil was passed to train and it caused a failure.
Signed-off-by: Adam Leff <adam@leff.co>
* Ensure 0.29.1 or later gets picked up, but 0.30 is also acceptable
Signed-off-by: Adam Leff <adam@leff.co>
* Add non-halting exception support to resources
This adds two `Inspec::Exceptions` that can be used within resources to
either skip or fail a test without halting execution.
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* mount resource: fix for Device-/Sharenames and Mountpoints including whitespaces
Device-/Sharenames and Mountpoints on Linux may include whitespaces (\040), e.g. /etc/fstab entry like:
```//fileserver.corp.internal/Research\040&\040Development /mnt/Research\040&\040Development cifs OTHER_OPTS```
... results in a mount line like:
```//fileserver.corp.internal/Research & Development on /mnt/Research & Development type cifs (OTHER_OPTS)```
The Linux mount command replaces \040 with whitspace automatically, so this should be tributed.
I used a control like this:
```
describe mount('/mnt/Research & Development') do
it { should be_mounted }
its('device') { should eq '//fileserver.corp.internal/Research & Development' }
end
```
Before:
```
× whitespaces-1: Mount with whitespace within sharename and mountpoint. (1 failed)
✔ Mount /mnt/Research & Development should be mounted
× Mount /mnt/Research & Development device should eq "//fileserver.corp.internal/Research & Development"
expected: "//fileserver.corp.internal/Research & Development"
got: "//fileserver.corp.internal/Research"
(compared using ==)
```
After:
```
✔ whitespaces-01: Mount with whitespace within sharename and mountpoint.
✔ Mount /mnt/Research & Development should be mounted
✔ Mount /mnt/Research & Development device should eq "//fileserver.corp.internal/Research & Development"
```
Signed-off-by: Markus Grobelin <grobi@koppzu.de>
* mounts_with_whitespaces: make lint happy
Signed-off-by: Markus Grobelin <grobi@koppzu.de>
* mount resource: added parentheses as suggested by https://github.com/chef/inspec/pull/2257/files
Signed-off-by: Markus Grobelin <grobi@koppzu.de>
* mount resource: fix for Device-/Sharenames and Mountpoints including whitespaces
Signed-off-by: Markus Grobelin <grobi@koppzu.de>
* Rename EC2-instance resources
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Add interim updates
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* testing for issue 82
Signed-off-by: Simon Varlow <simon.varlow@d2l.com>
* completed integration for EC2 roles
Signed-off-by: Simon Varlow <simon.varlow@d2l.com>
* adding in the beginning of the unit test for issue 82
Signed-off-by: Simon Varlow <simon.varlow@d2l.com>
* Fix unit tests
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Add has_roles? examples
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Remove redundant gsub
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* corrected OpenStruct format
Signed-off-by: Simon Varlow <simon.varlow@d2l.com>
* setting up variable for InstanceProfile
Signed-off-by: Simon Varlow <simon.varlow@d2l.com>
* Updated the unit test so all variables are at the top
Signed-off-by: Simon Varlow <simon.varlow@d2l.com>
* Fixed Rubocop issues that were detected
Signed-off-by: Simon Varlow <simon.varlow@d2l.com>
* Updating README.md to include changes to aws_ec2
Signed-off-by: Simon Varlow <simon.varlow@d2l.com>
* Add failing IT for has_roles?
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Add negative IT and fix uncovered issue
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Fix Rubocop issue
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Fix integration test
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Fix Rubocop issues and unit tests
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Pin AWS dependency to '~> 2'
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Initial Commit
Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>
* aws_iam_user uses lazy loading
Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>
* Disassociates convert call from list_users
Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>
* A real-world working AwsIamUsers (#71)
* Add aws_iam_users
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Adding Filter table and Collect User Details to aws_iam_users.rb
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Adding Filter table and Collect User Details to aws_iam_users.rb
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Adding Filter table and Collect User Details to aws_iam_users.rb
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Get an aws_iam_users integration test to pass
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Fix RuboCop issues and tests
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Improving code based on PR feedback
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* AWS IAM Users unit tests work with new lazy loading feature
Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>
* Fixes tests
Signed-off-by: aduric <adnan.duric@d2l.com>
* Users should only hold the returned user references, transfering responsibility to each user to fetch any details
Signed-off-by: aduric <adnan.duric@d2l.com>
* Create user details provider class
Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>
* Using details provider factory to delegate creation of detail providers, and updates tests
Signed-off-by: aduric <adnan.duric@d2l.com>
* Rubocop fixes
Signed-off-by: aduric <adnan.duric@d2l.com>
* Rename user details provider factory to initializer, and remove unnecessary instance variables
Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>
* Added CRAN resource to check R modules
control 'cran-1' do
impact 1.0
desc '
Ensure R module DBI is installed.
'
describe cpan('DBI') do
it { should be_installed }
its('version') { should cmp >= '3.0' }
end
end
Signed-off-by: Markus Grobelin <grobi@koppzu.de>
* cran resource: made lint happy, added negative unit test, removed unused arg perl_lib_path
Signed-off-by: Markus Grobelin <grobi@koppzu.de>
* Added CPAN resource to check Perl modules
control 'cpan-1' do
impact 1.0
desc '
Ensure Perl modules DBI and DBD::Pg are installed.
'
describe cpan('DBI') do
it { should be_installed }
end
describe cpan('DBD::Pg') do
it { should be_installed }
its('version') { should cmp >= '3.0' }
end
end
Signed-off-by: Markus Grobelin <grobi@koppzu.de>
* cpan resource: fixed unit test for non-installed module
Signed-off-by: Markus Grobelin <grobi@koppzu.de>
* new resource: elasticsearch resource, test cluster/node state
This is a new resource for testing an Elasticsearch cluster. It operates
by fetching the `_nodes` endpoint from a given Elasticsearch node and
collects data about each node in a cluster, even if there's only a
single node.
This work is based on inspiration from an initial PR #1956 submitted by
@rx294.
Signed-off-by: Rony Xavier <rx294@nyu.edu>
Signed-off-by: Aaron Lippold <lippold@gmail.com>
Signed-off-by: Adam Leff <adam@leff.co>
* Reduce mock data on non-default tests
Signed-off-by: Adam Leff <adam@leff.co>
* Adds alias for 'ListDirectory' permission
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
* Works with Ruby array of permissions as long as possible
Converts to PowerShell array just before use.
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
* Abstracts user-provided permissions to router method
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
* Adds FullControl as a specifiable permission
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
* Adds specific permission 'modify'
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
* Fixes#1743
Limits Windows' broad "read" permission to if it can read all of the
above, instead of just the first:
- File contents
- File attributes
- File extended attributes
- File permissions
This better aligns with how Windows names the permissions.
'read' -> Read instead of 'read' -> ReadData
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
* 'Execute' Windows ACL has alias of 'Traverse'
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
* Adds 'Delete' permission
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
* Adds `should allow('perm').by_user('me')` matcher
Provides hooks for later use with Windows ACL matching
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
* Adds remaining Windows ACL hooks
Skips ReadAndExecute on intentionally since it just aliases the combo of
2 permissions into one new one.
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
* [Rubocop] Reduces ABC / Cyclomatic complexity
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
* Reduces global scope with `allows()` -> `be_allowed()`
RSpec inferred matchers work nicely here. This changes the `by_user()`
and `by()` chained matchers to just be an options hash on the underlying
`allowed?()` method.
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
* Fixes integration tests with rename `allows()` -> `be_allowed()`
Signed-off-by: David Alexander <opensource@thelonelyghost.com>
* Uses netstat to detect open ports on AIX
Signed-off-by: Keith Walters <keith.walters@cattywamp.us>
* Adds unit tests for AIX port resource
Signed-off-by: Keith Walters <keith.walters@cattywamp.us>
* Move raise condition for host into enabled method
This is related to #1205. This will fix the ssl resource for now until
we redo the exceptions. Still looking around the code and need to build
some unit tests for the ssl resource.
My fix here is to move the raise condition till later in the flow,
specifically the enabled? method. This lets the raise get caught
accordingly without killing the other tests.
Signed-off-by: Jared Quick <jquick@chef.io>
* Remove authors from ssl resource test
Signed-off-by: Jared Quick <jquick@chef.io>
This change enhances the processes resource to support the busybox
ps command which is common on Alpine, for example. The way we
map ps fields to the structs needed by FilterTable have also been
refactored to be more flexible so we can support multiple formats
in the future.
Also, the processes resource now allows the grep argument to be optional
thus allowing a user to query all resources without passing in a
match-all regex.
Signed-off-by: Adam Leff <adam@leff.co>
As detected in #2036, it is not possible to extract values from
a YAML file if the key is a symbol. This change refactors ObjectTraverser
to support symbol keys before attempting to stringify them.
Signed-off-by: Adam Leff <adam@leff.co>
* Add nil check for sshd config file
This fixes#1778. There was a issue where if the user did not have read
permissions on /etc/ssh/sshd_config it would error out on the empty?
check. The fix here is to also look for nil on the file content. Along
with this I refactored the inspec file empty? check as it does not exist
and was also erroring during my testing.
Signed-off-by: Jared Quick <jquick@chef.io>
* Add emptyfile test object and refactor tests
Signed-off-by: Jared Quick <jquick@chef.io>
Currently, the http resource always executes locally, even when scanning
a remote machine with `--target` which leads to undesireable behavior.
This change adds the ability to remotely execute tests with curl. This
behavior is currently opt-in with the `enable_remote_worker` flag, but
will become the default behavior in InSpec 2.0. Deprecation warnings
are emitted if the user is scanning a remote target but has not opted
in to the new behavior.
Signed-off-by: Adam Leff <adam@leff.co>
* Added output for port/protocol for host resource.
Signed-off-by: Jared Quick <jquick@chef.io>
* refactor with explicit return
This fixes#2085. Port and protocol are now shown in output of the host
resource if defined.
Signed-off-by: Jared Quick <jquick@chef.io>
* refactor with string building return
Signed-off-by: Jared Quick <jquick@chef.io>
* New Resource - firewalld
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* New Resource - firewalld
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* New Resource - firewalld
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* New Resource - firewalld
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* Modifications to new resourec - firewalld
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* Modifications to new resource - firewalld
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* Modifications to new resource firewalld
Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
* Modifications to new resource - firewalld
Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
* Changing firewalld_command method to prepend the command with 'firewall-cmd' to reduce code reuse.
Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
* Modifications made
* installed? method now tells by checking if firewall-cmd is a command on the system
* The firewalld_command method now strips the stdout of the return
* added another test for testing multiple active zones
Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
* Fixing rake lint issue
Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
* Fixing match and returning boolean for seeing if firewalld is running
Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
* Fixing lint issues
Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
* Empty commit to rerun. Accidentally updated branch.
Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
* Rerunning test, accidentally updated branch. needs sign off commit
Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
* Add hotfix resource for Windows
Signed-off-by: Matt Ray <matthewhray@gmail.com>
* Renamed hotfix to windows_hotfix
Added additional unit test checking for KB that is not present on a box
Signed-off-by: Matt Ray <matthewhray@gmail.com>
* Integration test to spot-check for hotfixes
Queries the Windows operating system via Powershell for a list of all
installed hotfixes and spot-checks every 10th one with the
windows_hotfix resource. Checking hundreds is time-consuming. Also
checks to ensure a non-installed hotfix is not present.
Signed-off-by: Matt Ray <matthewhray@gmail.com>
Users cannot query for registry keys that have periods in them because of
how rspec-its works. This change enables Array-style syntax for the
registry_key resource so users can use that as a workaround.
Signed-off-by: Adam Leff <adam@leff.co>
* Added auditd resource and documentation.
Signed-off-by: Jennifer Burns <jburns@mitre.org>
* Added unit tests for auditd resource and updated auditd_rules_test to match new entries in auditctl
Signed-off-by: Jennifer Burns <jburns@mitre.org>
* Removed all legacy code for audit < 2.3. Removed parens to create consistency.
Signed-off-by: Jennifer Burns <jburns@mitre.org>
* Updated method names and removed unnecessary content based on review
Signed-off-by: Jennifer Burns <jburns@mitre.org>
* Add wildcard/multiple server support to nginx_conf
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* separate the merge function for maps in nginx_conf
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
* Adding support for fstab
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* New Resource - etc_fstab
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* New Resource - etc_fstab
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* Modifications to new resource - etc_fstab
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* Modifications to new resource - etc_fstab
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* Modifications to new resource - etc_fstab
Signed-off-by: dromazos <dromazmj@dukes.jmu.edu>
* Modifications to docs of new resource etc_fstab
Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
* Modifications to new resource etc_fstab
Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
* wip: extend nginx_conf for http+servers+locations
... well `http` entries really, but we couldnt just call it `https`.
the goal is to `nginx_conf.http` / `nginx_conf.servers` / `nginx_conf.locations` and then also have these calls cascaded down to simplify the access to these fields. the current pattern is rather tedious since we need to check for nil everywhere.
* add test for new nginx accessors
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
* add docs for nginx-conf
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
* fix all incorrect NGINX spellings in docs
* prevent edge-cases where nginx params are nil
for location, http, and servers
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
* more descriptive to_s for nginx servers
as suggested by @adamleff, thank you!
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
* add more descriptive to_s for nginx location
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
* Modify linux regular expression to handle process names with spaces
Signed-off-by: Chad Scott <cscott@chadikins.com>
* Add mocks, tests, etc.
Signed-off-by: Chad Scott <cscott@chadikins.com>
* Add support for XML files
Signed-off-by: Morley, Jonathan <jmorley@cvent.com>
* Use REXML instead of nokogiri
Signed-off-by: Morley, Jonathan <jmorley@cvent.com>
* port resource: support ss instead of netstat
`netstat` is officially deprecated and is replaced with `ss`. This PR
changes the port resource to use `ss` if it's available on the target
system.
Signed-off-by: Adam Leff <adam@leff.co>
* Disable Metrics/ClassLength cop on the LinuxPorts class
Signed-off-by: Adam Leff <adam@leff.co>
* Update pip resource for #516 allow user to set path to pip executable
Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>
* support virtualenv path, pip file exec and better logic
Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>
* add tests for the change to the pip path and resource
Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>
* tests are case sensitive, although command line is not
Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>
* use a path verification method instead of a class method
Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>
* use guard clauses instead of conditionals
Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>
* change the control flow to return nil when commands are not available
Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>
* fix the return values when custom pip path is not valid
Signed-off-by: Anthony Shaw <anthonyshaw@apache.org>
* Refactor pip path detection to fix unit tests
Signed-off-by: Adam Leff <adam@leff.co>
* Support mixed-case group entries
The `group` resource downcased the input parameter unless the target
was a Windows node. However, it's completely legitimate for a Unix-y
node to have mixed case group and passwd entries.
This change does have the potential to break people that did not carefully
match their case when searching for a group, but we're currently blocking
people from using the group resource properly if they have mixed-case
entries.
Signed-off-by: Adam Leff <adam@leff.co>
* Fix unit tests
Signed-off-by: Adam Leff <adam@leff.co>
* Added line to fix bug when no key in file rule and updated test to validate bug fix
Signed-off-by: Jennifer Burns <jburns@mitre.org>
* Updated to consider corner case
Signed-off-by: Jennifer Burns <jburns@mitre.org>
* Added aide_conf resource and subsequent files
* Updated to match on all selection lines
Signed-off-by: Jennifer Burns <jburns@mitre.org>
* Changed to use CommentParser and fixed typo
Signed-off-by: Jennifer Burns <jburns@mitre.org>
* Fix typo in test file
Signed-off-by: Jennifer Burns <jburns@mitre.org>
* Updated to address PR feedback
Signed-off-by: Jennifer Burns <jburns@mitre.org>
* check the proper field for dpkg installation state fixes#2006
Signed-off-by: Mathieu Sauve-Frankel <msf@kisoku.net>
* Properly handle held packages on dpkg-flavored OS
InSpec was looking at the wrong field in `dpkg -s` output to determine
whether a package was installed or not. An installed, held package was
incorrectly reported as uninstalled.
This adds the proper unit tests and also adds a `be_held` matcher.
Thanks to @kisoku for the initial work in #2007.
Signed-off-by: Adam Leff <adam@leff.co>
With last weeks tag fix, `ourorg/container` ended up having its `repo` reported as `container`.
With this it'll be `ourorg/container` again.
Signed-off-by: Stephan Renatus <srenatus@chef.io>
* Add aws_iam_users
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Adding Filter table and Collect User Details to aws_iam_users.rb
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Adding Filter table and Collect User Details to aws_iam_users.rb
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Adding Filter table and Collect User Details to aws_iam_users.rb
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Get an aws_iam_users integration test to pass
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Fix RuboCop issues and tests
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Improving code based on PR feedback
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Change host resource to use getent ahosts on Linux
In InSpec 1.31, we changed the `host` resource to use `dig` instead of `getent
hosts` for name resolution because `getent hosts` does not return all entries
(only the first v6 entry if it exists, then the first v4 entry) and we wanted to
keep the Darwin and Linux implementation as close as possible. Unfortunately,
this affected users' ability to do resolution checks for entried stored in their
/etc/hosts file.
This change goes back to using `getent` for Linux and changes to `getent ahosts`
which returns both v4 and v6 records. Additionally, the Darwin provider's dig
implementation was reordered to return v4 addresses before v6 addresses to be
consistent with how `getent ahosts` returns records.
Signed-off-by: Adam Leff <adam@leff.co>
* Update unit tests for resolve_with_getent with proper output
Signed-off-by: Adam Leff <adam@leff.co>
The logic used to determine whether a viable netcat binary exists is wrong and
prevents Linux hosts from doing TCP reachability checks.
Signed-off-by: Adam Leff <adam@leff.co>
CoreOS is considered a member of the Linux family, and the `host` resource tries
to use `nc` on Linux hosts to test TCP reachability. Unfortunately, `nc` is not
available on CoreOS, but `ncat` is.
This change attempts to use `nc` first, then `ncat` if it's available.
Signed-off-by: Adam Leff <adam@leff.co>
* Run linter on unit tests
Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>
* Bring remaining unit tests up to spec with rubocop
Signed-off-by: sfreeman <Steffanie.Freeman@d2l.com>
* Fix host resolution on Darwin, use dig wherever possible
The `host` and `dig` commands do not return non-zero if a query returns NXDOMAIN
or NOERROR, but the DarwinHostProvider was expecting it when deciding whether to
fall back to IPv4 if a IPv6 query failed. Therefore, the `host` resource would
not function properly when resolving hostnames on Darwin. The logic has been
changed to use `dig` short output and query for both v6 and v4 addresses.
Additionally, the LinuxHostProvider has been modified to prefer `dig` if it's
available to keep behavior similar between Darwin and Linux whenever possible.
This has the added benefit of providing v6 and v4 resolution if possible where
`getent hosts` only returns v6 if v6 records exist.
Signed-off-by: Adam Leff <adam@leff.co>
* Fix up methods, add command mock, do string matching in ruby instead of command
Fixes#1643Fixes#1673
Signed-off-by: Aaron Lippold <lippold@gmail.com>
* fixed a small courner case in the error detection - error: vs error
fixed resource to use 'shellwords' module to escape the query
requested chances in method architecture for testing
added unit tests
Fixes: #1814
Signed-off-by: Aaron Lippold <lippold@gmail.com>
* updated resource and tests with requested review changes
Signed-off-by: Aaron Lippold <lippold@gmail.com>
* removed unneeded call to `escaped_query` in the `create_sql_cmd`.
Signed-off-by: Aaron Lippold <lippold@gmail.com>
* removed license info
Signed-off-by: Aaron Lippold <lippold@gmail.com>
The resource itself only offers contents and params right now. It resolved
all include calls it can find and creates the aggregated config object.
This is limited in functionality. One last (set of) PR(s) is needed to
add an interface that makes querying this config file easier. It is due
to the file's inherent complexity that I want to explore which methods
are needed to be effective. In the meantime, this resource offers accessors
to the underlying data that are stable.
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
* Adding toml resource
This adds a `toml` resource that inherits from the json resource and
behaves the same way as the JSON and YAML resources.
Signed-off-by: Nolan Davidson <ndavidson@chef.io>
* s/package/service/ on service unit test descriptions
Signed-off-by: Kristian Vlaardingerbroek <kvlaardingerbroek@schubergphilis.com>
* Add support for CoreOS to the service resource
Signed-off-by: Kristian Vlaardingerbroek <kvlaardingerbroek@schubergphilis.com>
* Adding resource aws_iam_root_user
Signed-off-by: Miles Tjandrawidjaja <miles@tjandrawidjaja.com>
* Adding to_s method to class aws_iam_root_user
Signed-off-by: Miles Tjandrawidjaja <miles@tjandrawidjaja.com>
* Cleaner to_s result for aws_iam_root_user
Signed-off-by: Miles Tjandrawidjaja <miles@tjandrawidjaja.com>
* Add query for password_reuse_prevention to iam_password_policy
Signed-off-by: Miles Tjandrawidjaja <miles@tjandrawidjaja.com>
* Use mock over stub, and more concise language for tests in aws_iam_password_policy
Signed-off-by: Miles Tjandrawidjaja <miles@tjandrawidjaja.com>
* Rename method prevent_password_reuse to prevents_password_reuse
Signed-off-by: Miles Tjandrawidjaja <miles@tjandrawidjaja.com>
* Add access_keys method to aws_iam_user
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Fix unit test that accessed AWS
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Incorporate PR feedback
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Fix unit tests
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Update tests based on PR feedback
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
* Rebase to master
Signed-off-by: Chris Redekop <chris.redekop@d2l.com>
`must_equal nil` will fail in MiniTest 6. Changing those to `must_be_nil`
quiets down all the warnings we currently see and preps us for Minitest 6.
Signed-off-by: Adam Leff <adam@leff.co>
* Add TCP reachability support on Linux for host resource
This enhances the `host` resource on Linux targets by using netcat
(if installed) to perform TCP reachability checks.
Signed-off-by: Adam Leff <adam@leff.co>
* documentation updates
Signed-off-by: Adam Leff <adam@leff.co>
* Appease rubocop
Signed-off-by: Adam Leff <adam@leff.co>
Unsupported operating systems AND the mockloader when using inspec analysis tools may lead to powershell being called with the command being `nil`, because the resource skips during the initialize phase. Instead, propagate an empty string so that `command` has a valid input and then skip the resource.
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
The gem resource used to determine if a gem is installed based on the exit
status of the `gem` command, however that command will return zero
if the package was found or not. This patch checks to ensure that the
`gem list` command actually includes the gem name or is empty to
determine if the gem is in fact installed.
If the gem command returns something other than a `0` exit code, then
it'll skip the resource.
Signed-off-by: Keith Walters <keith.walters@cattywamp.us>
This adds supports for connecting to MS SQL instances using Window
authentication rather than SQL authentication. By leaving either the
user or password parameters blank causes the sqlcmd to leave off the -U
and -P params. This will cause sqlcmd to authenticate as the current
Windows user.
Signed-off-by: Nolan Davidson <ndavidson@chef.io>
Switched the oracle_session resource to take an option hash and allow
for configuring hostname, DB_SID, and sqlplus binary path.
Added unit tests.
Signed-off-by: Nolan Davidson <ndavidson@chef.io>
Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>
check for unset password expiry
Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>
pr changes
Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>
RubyGems on windows comes with a batch file that wraps the `gem` command
so it executes correctly. This change uses that batch file for windows
for our `gem` resource, and also properly handles when we receive no output
from the command.
Signed-off-by: Adam Leff <adam@leff.co>
Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>
wire up mock resource twice
Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>
cleaning up as per pr feedback
Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>
style fixes
Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>
fix indent in test
Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>
remove unneeded line
Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>
use minitest mock instead of object
Signed-off-by: Viktor Yakovlyev <Viktor.Y@D2L.com>
If a repo did not exist, running matchers against it (such as `exist`)
were failing due to a bug in `#to_s` when fetching the repo name. The
`info` method would return nil and we'd still try to treat it as a hash.
This change ensures that info is always a hash, possibly empty if the
repo doesn't exist, and uses the repo name provided by the user rather
than shortening it to be consistent with our other resources which don't
manipulate the user input in the formatter.
Also added a method_missing to allow users to interrogate repo options,
such as baseurl or gpgcheck.
Signed-off-by: Adam Leff <adam@leff.co>
Netstat will sometimes output an IPv6 address that is not
formatted correctly; the address is either truncated or uses
or implies the `::` shorthand notation twice. This yields an
invalid IPv6 address and causes IPAddr.new to choke.
This change guards against invalid IP addresses and ensures they
do not end up in the port resource's entries list.
Signed-off-by: Adam Leff <adam@leff.co>
When attempting to access array values via the `json` resource:
```
describe json('/tmp/test.json') do
its(['array',0]) { should eq "zero" }
end
```
... the resulting data would be an array of the size of the original array
with all the values replaced with nils:
```
expected: "zero"
got: [nil, nil, nil]
```
This was due to a bug in the ObjectTraverser mixin that mapped array values
back through `extract_value` rather than properly handling the passed-in
key(s). This worked fine for the specific data format created by the `csv`
resource but did not work `json` or any other resource that subclassed the
`JsonConfig` resource.
This change fixes the logic when dealing with an array when it's encountered,
and fixes up the `csv` resource with its own `value` method.
This change also adds tests for ObjectTraverser.
Signed-off-by: Adam Leff <adam@leff.co>
On Linux, netstat may show a tcp6/udp6 protocol line but include a
v4 address. This happens with AF_INET6 sockets that can accept
both v4 and v6 traffic. The port check was not properly handling
this situation and trying to pass a v4 address to URI bracketed as
if it was a v6 address.
Signed-off-by: Adam Leff <adam@leff.co>
The following new resources have been added; however, they
presently only support FreeBSD and similar.
* `zfs_dataset`: tests if a named ZFS dataset is present
and/or has certain properties.
* `zfs_pool`: tests if a named ZFS pool is present and/or
has certain properties.
Additionally, the `mount` resource has been reworked to
include support for FreeBSD; while the existing class
was renamed to LinuxMountParser.
Unit-tests were added for all of the above.
Signed-off-by: Joseph Benden <joe@benden.us>
The crontab resource parses a particular user's crontab file into
individual entries and allows the user to assert information about
each entry as needed.
Signed-off-by: Adam Leff <adam@leff.co>
This pull request adds a packages resource so that we can check for pattern matches against all the packages on a system. This initially implements only dpkg support for debian-based platforms so we can cover this use case:
```ruby
describe packages(/^xserver-xorg.*/) do
its("list") { should be_empty }
end
```
This uses FilterTable so we can supply additional queries, too.
```ruby
describe packages(/vi.+/).where { status != 'installed' } do
its('statuses') { should be_empty }
end
```
Users can specify the name as a string or a regular expression. If it is a string, we will escape it and convert it to a regular expression to use in matching against the full returned list of packages. If it is a regular expression, we take that as is and use it to filter the results.
While some package management systems such as `dpkg` can take a shell glob argument to filter their results, we eschew this and require a regular expression to match multiple package names because we will need this to work across other platforms in the future. This means that the following:
```ruby
packages("vim")
```
Will return *all* the "vim" packages on the system. The `packages` resource will take `"vim"`, turn it into `/vim/`, and greedily match anything with "vim" in the name. To match only a single package named `vim`, it needs to be an anchored regular expression.
```ruby
packages(/^vim$/)
```
Signed-off-by: Joshua Timberman <joshua@chef.io>
Use entries instead of list
Added a few more tests and non installed package in output
Signed-off-by: Alex Pop <apop@chef.io>
fix lint
Signed-off-by: Alex Pop <apop@chef.io>
Signed-off-by: Joshua Timberman <joshua@chef.io>
This allows the user to write:
describe port(22) do
it { should be_listening }
end
as well as
describe port('22') do
it { should be_listening }
end
without hitting an error.
Fixes#867
Signed-off-by: Steven Danna <steve@chef.io>
Bugfix: there were services that would get matched because of the way the regex was constructed, i.e. if the user inserted `.` or `*` or anything regexy. Even if the service only had part of the name you were interested in, it would match (e.g. `sshd` would find `my_sshdaemon`).
Apart from this, runlevels are now detected for SystemV. This is exposed in `#info`
NB I've just added default duplicates to one instance (i.e., there's
only one `systemd_service`), since there's no os-specific magic in them.
Also these tests only verify that the default choice is equivalent to
`service` on the tested distribution.
Package release info (e.g. '19.el7') is often required to determine if
a system has been properly patched.
Lines like the following from rpm are messing up the version returned
by the package resource:
"...\nVersion : 1.8.6p3 Vendor: Red Hat, Inc.\n..."
Correcting this with a new conditional check.
Currently, #readable?, #writeable?, and #executable? will incorrectly
return true if the file does not exist.
In addition, I took the opportunity to refactor the File resource to
make it easier to write unit tests and supplied a full unit test
suite for this resource.
processes('bash').user does not actually make much sense for a resource
that is a list -- different entries can belong to different users.
Analogous for processes('bash').state.
The attributes 'users' and 'states' expose the unique values
corresponding to that property of entries in the process list.
Fixes#295.
before, the resource would throw an exception when include_files
returned nil (i.e., [].flatten!)
added basic unit tests capturing the include_files behaviour