* Formatter and reporter refactor.
Signed-off-by: Jared Quick <jquick@chef.io>
* Add exception and backtrace to json-min report.
Signed-off-by: Jared Quick <jquick@chef.io>
* Add sha to json-min and include generator version for json profile.
Signed-off-by: Jared Quick <jquick@chef.io>
* Fix deprecated typo and add fallback for cli resource title.
Signed-off-by: Jared Quick <jquick@chef.io>
* Update to build json report and clean up cli logic.
Signed-off-by: Jared Quick <jquick@chef.io>
* Add tests for json reporter.
Signed-off-by: Jared Quick <jquick@chef.io>
* Add cli suppress_log_output? and a fallback for invalid reporter type.
Signed-off-by: Jared Quick <jquick@chef.io>
* Update suppress_log_output? to check if we are outputting to stdout.
Signed-off-by: Jared Quick <jquick@chef.io>
* Update reporter cli optoins to work with json_config.
Signed-off-by: Jared Quick <jquick@chef.io>
* Refactor some safe-navigation and variable names.
Signed-off-by: Jared Quick <jquick@chef.io>
* Add thor banner to show reporter file output syntax.
Signed-off-by: Jared Quick <jquick@chef.io>
Unlike `Inspec::Test` this supports having multiple tests within one block that describes a resource. This has now been seen as an optimization problem where a resource may be computed once and tested multiple times with `it` and `its` within the body.
If successful, it requires a follow-up to deprecated Inspec::Test and remove it for 2.0 completely with a recommendation to use Inspec::Describe.
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
This adds support for `architectures` to the `packages` resource.
Example:
```
describe packages(/compat-libstdc++-33/) do
its('architectures') { should include 'x86_64' }
its('architectures') { should include 'i686' }
end
```
This also adds documentation for the `packages` resource
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* adding df resource
Signed-off-by: Vern Burton <me@vernburton.com>
* adding unit tests and required mocks for them, created integration test
Signed-off-by: Vern Burton <me@vernburton.com>
* cleaning up skip test to include only the filename and not full path
Signed-off-by: Vern Burton <me@vernburton.com>
* adding docs
Signed-off-by: Vern Burton <me@vernburton.com>
* size makes more sense than space
Signed-off-by: Vern Burton <me@vernburton.com>
* removing unneeded author lines
Signed-off-by: Vern Burton <me@vernburton.com>
* as the command changed, changing mock to the new sha
Signed-off-by: Vern Burton <me@vernburton.com>
* updating to address comments from #2441
* removing author lines
* using attr_reader functions
* using ruby string functions rather than pipe to sed
* adding os family detection
* using ResourceFailed as the pattern already existed for OS family detection
* using if for future case support for unix and unix-like (FreeBSD)
Signed-off-by: Vern Burton <me@vernburton.com>
* adding supports to resource metadata, and adding tests that show that resource says that it is not supported on windows/unix.
Signed-off-by: Vern Burton <me@vernburton.com>
* focusing on linux os family and removing logic for assumed future cases
Signed-off-by: Vern Burton <me@vernburton.com>
* changing df to filesystem
Signed-off-by: Vern Burton <me@vernburton.com>
* service resource: Fix no `.service` + systemd bug
This modifies the `enabled?` check to fallback to `sysv_service` in the
event that a `.service` file cannot be found.
For example: On Debian 8.7 the stock apache2 package does not deploy a
`.service` file but deploys a SysV style service. This causes
`systemctl is-enabled` to fail when the service is in fact enabled.
* Remove `cmd_stderr` and clean up `cmd_exit_1`
* Clean up `stderr` assignment using ternary
This change adds the `docker_service` resource for Docker swarm mode services. This
branches off some of the common elements (id, exists) into a `DockerObject` module along
with a utility function for parsing the image/repo string. That function was implemented
separately by `docker_image` and `docker_container`, now with a third resource, it made
sense to consolidate that into an included module. I used the most comprehensive
implementation. Existing classes had to be slightly modified for the genericization.
Signed-off-by: Matt Kulka <mkulka@parchment.com>
* Fix `grub_conf` menuentry detection
This does the following:
- Corrects Grub2 bug where last entry was always selected
- Adds support for specifying a Grub2 menu entry by name
- Adds support for using `GRUB_DEFAULT=saved` with Grub2
- Adds more Unit tests
* Add error if menuentry name cannot be extracted
* Add handling for missing/unreadable grubenv
* Add defensive code for failed menuentry extraction
* http resource: make header keys case insensitive
HTTP header keys are currently case-sensitive, and the local and remote
workers currently store the keys in different formats due to the
different tools generating them.
This change ensures the ability to fetch headers by key is
case-insensitive and adds a deprecation to inform the user that future
fetches should use all lowercase.
Signed-off-by: Adam Leff <adam@leff.co>
* Remove deprecation treatment
HTTP header keys are case insensitive anyways. There's no reason to make
things harder for our users.
Signed-off-by: Adam Leff <adam@leff.co>
* Fix `nil:NilClass` error for `package` resource
This modifies `.info` to return `{}` in cases where the package manager
cannot be determined. This matches the behavior of `@pkgman.info`.
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Change `must_be_empty` to `must_equal({})`
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* adding database.xml with attributes to files and mocking it in the helper.rb
Signed-off-by: Vern Burton <me@vernburton.com>
* adding logic to test class returned by XPATH and using functions from respective classes to fill a array for return, and unit and integration tests to ensure functionality
Signed-off-by: Vern Burton <me@vernburton.com>
* updating docs to show how attributes are used
Signed-off-by: Vern Burton <me@vernburton.com>
* 'and' instead of 'or' makes more sense
Signed-off-by: Vern Burton <me@vernburton.com>
* adding default else for capturing unknown classes from REXML
Signed-off-by: Vern Burton <me@vernburton.com>
* removing extra newline
Signed-off-by: Vern Burton <me@vernburton.com>
* adding fail case with enough information to debug in future case
Signed-off-by: Vern Burton <me@vernburton.com>
* adding control statement to add rule in front of string as long as it doesn't already contain rule.
Correcting resource name in firewalld from etc_hosts_deny
adding tests for both branches of the statement created in firewalld
Signed-off-by: Vern Burton <me@vernburton.com>
* moving to unless with a start_with
Signed-off-by: Vern Burton <me@vernburton.com>
* adding documentation that states that it is not needed to add `rule` string
Signed-off-by: Vern Burton <me@vernburton.com>
* adding SQL 2012 SP1 for mssql_session testing
Signed-off-by: Vern Burton <me@vernburton.com>
* updating SHA to match new commands with ports in them
Signed-off-by: Vern Burton <me@vernburton.com>
* adding port, and a default value and moving from skip_resource to resource_fail
Signed-off-by: Vern Burton <me@vernburton.com>
* adding new sha for custom host
Signed-off-by: Vern Burton <me@vernburton.com>
* adding tests for hostname and migrating test that passed port in host to a dedicated port test
Signed-off-by: Vern Burton <me@vernburton.com>
* adding integration test
Signed-off-by: Vern Burton <me@vernburton.com>
* removing services as appveyor does not have integration testing running so it would be a waste of time to enable it
Signed-off-by: Vern Burton <me@vernburton.com>
* mock instance command
Signed-off-by: Vern Burton <me@vernburton.com>
* making instance readable
Signed-off-by: Vern Burton <me@vernburton.com>
* adding instance test
Signed-off-by: Vern Burton <me@vernburton.com>
* moving to ResourceSkipped as ResourceFailed is targeted for a major release
Signed-off-by: Vern Burton <me@vernburton.com>
* Testing train downcase platform names.
* Added NameCleaned tests and fixed some formatting.
* Clean up tests with helper method.
* Update to new gemfile and platform resource.
Signed-off-by: Jared Quick <jquick@chef.io>
* Add platform resource and platform supports.
Signed-off-by: Jared Quick <jquick@chef.io>
* Cache platform and inspec checks and implement inspec_version.
Signed-off-by: Jared Quick <jquick@chef.io>
* Deprecate current inspec support in favor of inspec_version.
Signed-off-by: Jared Quick <jquick@chef.io>
* Update resource/profile skip messages.
Signed-off-by: Jared Quick <jquick@chef.io>
* Update load_resource to use platform instead of os.
Signed-off-by: Jared Quick <jquick@chef.io>
* Update platform example.
Signed-off-by: Jared Quick <jquick@chef.io>
* Update apache_conf test to check for ServerAlias values.
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Add ServerAlias key and values to mock apache conf which includes
trailing whitespace.
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Updated test to reflect all ServerAlias values being put into a single
array item. This is expected as we do not override the key_values
default setting of '1' when passing the raw configuration to
SimpleConfig.
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Update the regular expression to include a conditional with positive
lookahead that checks if the line ends with one or more spaces. If the
lookahead succeeds we non-greedily capture, and when it fails we
greedily capture.
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Add mode method to test the value of Bonding Mode
Signed-off-by: Eammon Hanlon <eammon.hanlon@microsoft.com>
* Add test for bonding mode in bond unit test
Signed-off-by: Eammon Hanlon <eammon.hanlon@microsoft.com>
* Add documentation on mode matcher for bond resource
Signed-off-by: Eammon Hanlon <eammon.hanlon@microsoft.com>
* Update example for 'Test parameters for bond0'
Signed-off-by: Eammon Hanlon <eammon.hanlon@microsoft.com>
* Add handling for OWCA login via `compliance login`
OpsWorks Chef Automate currently returns a 200 for the
`/compliance/version` endpoint and redirects to the Chef Manage page.
This adds support to `inspec compliance login` to accept this as valid
behavior and continue with the login.
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Add test case for 200 response but no Chef Manage
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Add debug info and split `determine_server_type`
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Appease RuboCop
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Remove forced returns from `determine_server_type`
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Add `false` code path for non-200/non-401 response
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Reword debug messages
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
Traditionally those would translated DEFAULT_ATTRIBUTE. but that was wrong, it should have been nil or false or whatever the user supplied.
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
* Add support for Darwin Directory Service groups
This allows users to verify groups added by Chef on OS X.
The current method that `UnixGroup` uses is to check the contents of
`/etc/group`, but OS X adds groups to Directory Service and not
`/etc/group`. This modifies the `group` resource on Darwin to use
`dscacheutil` to get group info.
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Clean up `select_group_manager`
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Clean up DarwinGroup `groups` method
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Enhance `package` resource error handling
This does the following:
- Modifies `info` to return an empty hash instead of `nil`
- Adds a failure case if package name is not specified
- Adds a skip case if no package manager can be found
- Changes `skip_resource` to use the `ResourceSkipped` exception
- Raises an error if JSON parsing fails for Windows/MacOS/Darwin
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Make RuboCop happy
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Change missing argument behavior
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Remove unnecessary boolean check
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* add a emulated /etc/cron.d/crondotd file to the mocking system.
* test that we handle incoming paths correctly by rendering to_s.
* We take in both users and a path, so lets call that destination.
* To make the test pass we'll determine if we are dealing with a path or
a user and return the correct string.
* we will need the ability to determine if we are dealing with a path when either calling the crontab command or reading the file directly, so break that out into a path? method.
* remove author field.
* test contents of our crondotd file.
* we have to explicitly make @destination a String to use include?.
* when we get a path we use inspec.file to get conents, otherwise we run the crontab command.
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Add documentation for example usage with file path.
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Make path? and path_or_user private methods
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Add missing username filed to crondotd mock file
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Pass argument as a hash when testing file paths
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Expected results should include usernames when testing file paths
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Add special string `@yearly` test to crondotd mock file
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Add user to existing cron tests
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Rubocop says I need spaces after/before curly brackets
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Add user to crondotd file tests and add @yearly test
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Modify initialize to take options hash and be backwards compatible.
Change initialize default argument to create a hash by default, though
it is still possible to pass in a 'user' string argument.
@user gets set with the argument value unless its a hash, in which case
it tries to set the value of the user key, otherwise it becomes nil.
@file gets set with the value of the path key, unless it doesn't exist
in which case it becomes nil.
All hash keys are symbolized to ensure consistent access.
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Check if @path is nil to determine if we run crontab command or parse
file.
path? was removed as we're not overloading a @destination variable
anymore.
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* if @user is nil assume current user otherwise crontab for @user
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Change to complete if rather than ternary.
We have three possible cases, current user, other user, or file path.
This accounts for all of them.
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Add user to the crontab FilterTable
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Remove path? and path_or_user
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Move crontab parsing to two methods, parse_user_crontab and
parse_system_crontab
Because a command in a crontab file could have spaces we must parse user
and system crontabs differently.
When we parse user crontabs the user field will either be nil, or the requested user.
Both user and path parsers handle special strings (@yearly, @weekly,
etc). And also account for position of user in these files (or adds it
in user case)
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Update examples with user: and path:
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Add spaces after : in example docs
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Disable rubocop ClassLength check
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Moved rubocop ClassLength metric next to class instead of above the
module.
Remove unnecessary braces.
Add is_system_crontab? and is_user_crontab helper methods and use them.
Add tests to see if error conditions are raised when the resource is
invoked with missing parameters (user, or path), and on a unsupported
os.
Change initialize to group all hash functions together and raise errors
when user and path is unset. Also raise errors on unsupported operating
systems.
Change order of ternary and use is_system_crontab? rather than
@path.nil?
Signed-off-by: Miah Johnson <miah@chia-pet.org>
* Add debug for caching and fix cli merge bug.
Signed-off-by: Jared Quick <jquick@chef.io>
* Update options merge to take cli options over json.
Signed-off-by: Jared Quick <jquick@chef.io>
* test appveyor with ruby#File
Signed-off-by: Jared Quick <jquick@chef.io>
* Update inspec train to version 0.31.1
Signed-off-by: Jared Quick <jquick@chef.io>
* Allow `inspec check` to ignore `only_if`
When using `inspec check` a mock Train backend is created. This means
that the following would raise an error because `os.name` is `nil`
```
only_if { os.name.include?('anything') }
```
Since `inspec check` isn't concerned with the evaluation of `only_if`
this skips those checks if the block given raises an error.
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Remove unnecessary `e` in rescue
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Modify implementation to use `check_mode`
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Move `check_mode` concept to the Profile scope
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Fix lint after rubocop upgrade
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Add comment for mocked ControlEvalContext options
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Enable caching for command and file calls to train
* Moved transport conn to connection and refactored tests
* Update caching flag to use train caching.
* Move caching flag to cli option.
* Add backed cache default from thor.
* Add hard disable for cache option and remove all cache from debug shell.
* Add comment to caching settings conditional.
* Force file cache on when caching enabled.
* Update gemspec for train 0.30.0.
Signed-off-by: Jared Quick <jquick@chef.io>
* Update security policy export to use pid instead of random.
Signed-off-by: Jared Quick <jquick@chef.io>
* Update helper for the new train.
Signed-off-by: Jared Quick <jquick@chef.io>
When supplying a docker image that contains a registry with a port number,
such as `localhost:5000/chef/inspec:1.46.3`, the docker_image resource
was unable to locate the image in question due to incorrect parsing
of the repository and tag.
Signed-off-by: Adam Leff <adam@leff.co>
When the JSON resource (and those that subclass off of it) were modified
to properly throw exceptions in the event of failure, this caused the
`params` method to return nil instead of what it used to be, an empty
hash.
This is fine in the case of a describe block, but it's not okay when used
outside of a describe, as it will cause users trying to pluck from the
hash to throw a dreaded-and-unhelpful NilClass error.
This change pre-populates the params to be an empty hash, and if the
read/parse steps fail, it will still be one.
Signed-off-by: Adam Leff <adam@leff.co>
* Add a unique export for security policy resource.
Signed-off-by: Jared Quick <jquick@chef.io>
* Remove skip resource on empty policy file.
Signed-off-by: Jared Quick <jquick@chef.io>
* Allow skipping/failing resources in FilterTable
`FilterTable` is commonly used in the class body of a resource and is
evaluated during an `instance_eval`. This means that if you raise an
exception (e.g. SkipResource) it will halt `inspec exec` and
`inspec check`.
This adds an `ExceptionCatcher` class that will postpone evaluation
until test execution.
This allows `inspec check` and `inspec exec` to perform as intended when
skipping/failing a resource in `FilterTable`
Huge thanks to @adamleff for providing the starting code/ideas!
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Comment why `ExceptionCatcher` doesn't raise
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Remove `accessor` from `ExceptionCatcher`
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
* Return the existing ExceptionCatcher object rather than creating new
Signed-off-by: Adam Leff <adam@leff.co>
The existing method of adding `-X HEAD` to the curl command does not
work properly and can cause timeouts because curl doesn't properly
close the connection. The correct way is to use curl's own `--head`
flag.
Signed-off-by: Adam Leff <adam@leff.co>
* json resource (et. al.): allow inspec check to succeed when using command
When using the `json` resource (or any of the resources that subclass
JsonConfig), `inspec check` would fail if the content was supplied with
the `command` option. This is because the `command` resource is mocked
and an empty string would be returned for `stdout`. That content would
be blindly passed to the `parse` method would which raise an exception
and cause `inspec check` to fail.
This change refactors JsonConfig to be a bit cleaner and use some helper
methods. Additionally, we use the new Exceptions to properly raise errors
which are naturally caught by Inspec::Profile, etc.
Signed-off-by: Adam Leff <adam@leff.co>
* Make `resource_base_name` method private
Signed-off-by: Adam Leff <adam@leff.co>
'etc_group' resource stores 'gid' as integer but the 'where' method
compares 'gid' as string.
By this fix, the 'where' method always converts the stored data to string
when comparing. And it can also look for groups without members.
Signed-off-by: ERAMOTO Masaya <eramoto.masaya@jp.fujitsu.com>
* Bumping train to 0.29
Train 0.29 includes some bug fixes and a refactor of the File classes
Signed-off-by: Adam Leff <adam@leff.co>
* Correct unit test for undefined platform
Train requires that a hash is supplied when mocking an OS. Because
an OS of "unsupported" rather than "undefined" was chosen in a unit
test, a nil was passed to train and it caused a failure.
Signed-off-by: Adam Leff <adam@leff.co>
* Ensure 0.29.1 or later gets picked up, but 0.30 is also acceptable
Signed-off-by: Adam Leff <adam@leff.co>
* Add failing unit test for deprecation warning on profiles with slashes in their name
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Issue warning during validation if name contains a slash
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Slug profile names generated from target paths to prevent breaking unit tests
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Rubocop whinges
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Update functional test watching for default profile name
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Make deprecation warning more descriptive
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Rubocop whinges
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Set title with original test path if no profile name or title provided
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
* Rubocop whinges
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
When configuring a profile dependency, if the dependent profile had a
hyphen in it, it would not properly match the default version constraint
of `>= 0`. This is because a hyphen indicates the version is a pre-release
version and proper version matching would require the constraint to also
be listed with a pre-release version string.
The proper solution is to use the `+` character instead which indicates
a build number, which is what the hyphen was meant to convey. In the
meantime, this change properly compares version strings as SemVer and
also adds tests.
Signed-off-by: Adam Leff <adam@leff.co>
PR #2216 introduced some new tests that use the old syntax that was
deprecated in #2235. This gets them in line and eliminates the
deprecation warnings.
Signed-off-by: Adam Leff <adam@leff.co>
An nginx config may contain configuration settings that are quoted, such
as a map entry:
"~^\/opcache-api" 1;
The `nginx_conf` resource was failing to properly parse these.
Signed-off-by: Adam Leff <adam@leff.co>
The `toml` gem has a very strict version dependency on an old version
of parslet. This change switches us to use `tomlrb` instead which has
no direct dependencies. This will allow us to bump up to a later version
of parslet that has better error handling and insight into parser errors.
Signed-off-by: Adam Leff <adam@leff.co>
* Add non-halting exception support to resources
This adds two `Inspec::Exceptions` that can be used within resources to
either skip or fail a test without halting execution.
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>