* Updated exec option to allow unsigned profiles run
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Added method to verify signed profile and to check for signed profile
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Invoked logic on each run to verify profiles if signed else raise sig req error
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Tests cases added to validate behaviour of inspec exec with signed and unsigned profiles with --chef-allow-unsigned flag
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Refactored and moved delete_signing_keys to common helper library for tests
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Updated code comments for more information and clarity on security update of signed profiles inspec exec
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Test cases to validate inspec run with combination of signed and unsigned profiles
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Documented usage of flag --chef-allow-unsigned
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Renamed the flag to run unsigned profiles to --allow-unsigned
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Refactored logic on profile level for profile signing verification
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Renaming the argument variable - from runner_call to silent
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Added profile mandate check for other inspec commands running profile evaluation
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Updated error message for profile sign requirement
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Updated test helper to fix inspec json test
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Fixed inspec json ability to use cli options successfully
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Documentation added for signed profiles mandatory usage with CLI commands
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Flow changes of raising exception when unsigned instead of direct exit
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Renamed unsigned profile flags
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Extracted out allow unsigned condition to config and modified comment info
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Doc update on consent of using signed and unsigned profiles
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Fix in signing mandatin check and added additional check on runner for better error UI for exec command
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Removed repeated allow-unsigned-profile defination from exec_options
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Test fixes
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Enabled feature preview flag for mandatory signing
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Test fixes after feature flag usage for mandatory signing
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Doc changes using feature preview flag for mandatory signing feature
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Inspec exec tests fixes for ENV values and parallel test fix using default option --allow-unsigned-profile false
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Kitchen fix while using signed profiles with inspec
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Unit test fix for profile resource exception
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Virtual profile detection improved
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Move mandatory profile sigining info to sigining page
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Renamed flag from --allow-unsigned-profile to --allow-unsigned-profiles
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Typo fix in signing doc
Signed-off-by: Nik08 <nikita.mathur@progress.com>
* Trim note in cli.md about mandatory profile signing
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Docs changes
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
* Correct docs regarding exit code 5
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
---------
Signed-off-by: Nik08 <nikita.mathur@progress.com>
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Signed-off-by: Ian Maddaus <ian.maddaus@progress.com>
Co-authored-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Co-authored-by: Ian Maddaus <ian.maddaus@progress.com>
* Convenience method skeleton
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Basic support for a config file
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Add features() array method
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Accept config as an option to with_feature
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Accept logger as an option to with_feature
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Refactor to push code into its own files
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Basic logger integration
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Crude validation of feature names, simply issues a warning log message
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Linting
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Add basic tamperproofing to feature config
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Convenience method skeleton
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Basic support for a config file
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Add features() array method
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Accept config as an option to with_feature
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Accept logger as an option to with_feature
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Refactor to push code into its own files
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Basic logger integration
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Crude validation of feature names, simply issues a warning log message
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Linting
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Add basic tamperproofing to feature config
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* CFINSPEC-464 CLI commands declaration using with_feature functionality (#6263)
* Declared inspec cli commands within feature_with function
Signed-off-by: Nikita Mathur <nikita.mathur@chef.io>
* Added enhanced outcomes, waivers, reporters and streaming reporters within with_feature block
Signed-off-by: Nikita Mathur <nikita.mathur@chef.io>
* Added with_feature declaration for attestations
Signed-off-by: Nikita Mathur <nikita.mathur@chef.io>
Signed-off-by: Nikita Mathur <nikita.mathur@chef.io>
* Update features.yaml signature after adding in new feature flags
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Fix lint
Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
* Resolved undefined method with_feature in reporters.rb
Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
* Fix for features tampered file test failing
Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
* Fixed the failing functional test for junit2: Missing the entry in the features.yaml
Added progress-bar reporter entry in features.yaml
Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
Signed-off-by: Nikita Mathur <nikita.mathur@chef.io>
Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
Co-authored-by: Nikita Mathur <Nik08@users.noreply.github.com>
Co-authored-by: Vasu1105 <vasundhara.jagdale@chef.io>
It's included as a dep in the scaffolding itself, and the multiple
dependencies cause failures when building (ty @smacfarlane <3)
`jq` is also no longer needed, it was an artifact of legacy testing
Signed-off-by: Josh Brand <jbrand@chef.io>
This should get windows tests running again? Hopefully? They're
running SO slowly on my vagrant box that I'm just pushing for now.
They're clean on the mac side.
Signed-off-by: Ryan Davis <zenspider@chef.io>
Skip most everything.
After some digging, in those tests that didn't have 100% failures, of
the ~10+% passing, those tests weren't checking enough. So I skip them
too in the hopes that we improve testing across the board.
At this point, we need appveyor to be green more than we need these
tests to be fixed. If that means we skip them, so be it.
These tests will time-bomb at the end of July.
Signed-off-by: Ryan Davis <zenspider@chef.io>
+ Turn off verbosity in Rakefile by default. Use `rake V=1` to turn back on.
+ MiniTest -> Minitest everywhere.
+ MiniTest::Unit::TestCase -> Minitest::Test everywhere.
+ Updated minitest doco urls to official and up-to-date site.
+ Normalize requires. Only needs "minitest/autorun" and "minitest/pride".
Signed-off-by: Ryan Davis <zenspider@chef.io>
This updates the Habitat plugin by doing the following:
- Removing `settings.sh` in favor of Habitat config TOMLs
- Changing deprecated `--format` to `--reporter`
- Cleaning up plan.sh in several ways
- Adding handling for different exit codes
- Removing unnecessary runtime deps
- Vendoring the InSpec archive during build
- Using shebangs that reference Habitat's bash
- Adding error handling for `hab studio enter`/`build` from `habitat/`
- Making `pkg_svc_user` use default `hab` and not `root`
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
