inspec

mirror of https://github.com/inspec/inspec synced 2024-11-10 07:04:15 +00:00

Author	SHA1	Message	Date
Nikita Mathur	fd4e6d97a6	CHEF-6439 Mandatory Profile Signing (Preview) (#6705 ) * Updated exec option to allow unsigned profiles run Signed-off-by: Nik08 <nikita.mathur@progress.com> * Added method to verify signed profile and to check for signed profile Signed-off-by: Nik08 <nikita.mathur@progress.com> * Invoked logic on each run to verify profiles if signed else raise sig req error Signed-off-by: Nik08 <nikita.mathur@progress.com> * Tests cases added to validate behaviour of inspec exec with signed and unsigned profiles with --chef-allow-unsigned flag Signed-off-by: Nik08 <nikita.mathur@progress.com> * Refactored and moved delete_signing_keys to common helper library for tests Signed-off-by: Nik08 <nikita.mathur@progress.com> * Updated code comments for more information and clarity on security update of signed profiles inspec exec Signed-off-by: Nik08 <nikita.mathur@progress.com> * Test cases to validate inspec run with combination of signed and unsigned profiles Signed-off-by: Nik08 <nikita.mathur@progress.com> * Documented usage of flag --chef-allow-unsigned Signed-off-by: Nik08 <nikita.mathur@progress.com> * Renamed the flag to run unsigned profiles to --allow-unsigned Signed-off-by: Nik08 <nikita.mathur@progress.com> * Refactored logic on profile level for profile signing verification Signed-off-by: Nik08 <nikita.mathur@progress.com> * Renaming the argument variable - from runner_call to silent Signed-off-by: Nik08 <nikita.mathur@progress.com> * Added profile mandate check for other inspec commands running profile evaluation Signed-off-by: Nik08 <nikita.mathur@progress.com> * Updated error message for profile sign requirement Signed-off-by: Nik08 <nikita.mathur@progress.com> * Updated test helper to fix inspec json test Signed-off-by: Nik08 <nikita.mathur@progress.com> * Fixed inspec json ability to use cli options successfully Signed-off-by: Nik08 <nikita.mathur@progress.com> * Documentation added for signed profiles mandatory usage with CLI commands Signed-off-by: Nik08 <nikita.mathur@progress.com> * Flow changes of raising exception when unsigned instead of direct exit Signed-off-by: Nik08 <nikita.mathur@progress.com> * Renamed unsigned profile flags Signed-off-by: Nik08 <nikita.mathur@progress.com> * Extracted out allow unsigned condition to config and modified comment info Signed-off-by: Nik08 <nikita.mathur@progress.com> * Doc update on consent of using signed and unsigned profiles Signed-off-by: Nik08 <nikita.mathur@progress.com> * Fix in signing mandatin check and added additional check on runner for better error UI for exec command Signed-off-by: Nik08 <nikita.mathur@progress.com> * Removed repeated allow-unsigned-profile defination from exec_options Signed-off-by: Nik08 <nikita.mathur@progress.com> * Test fixes Signed-off-by: Nik08 <nikita.mathur@progress.com> * Enabled feature preview flag for mandatory signing Signed-off-by: Nik08 <nikita.mathur@progress.com> * Test fixes after feature flag usage for mandatory signing Signed-off-by: Nik08 <nikita.mathur@progress.com> * Doc changes using feature preview flag for mandatory signing feature Signed-off-by: Nik08 <nikita.mathur@progress.com> * Inspec exec tests fixes for ENV values and parallel test fix using default option --allow-unsigned-profile false Signed-off-by: Nik08 <nikita.mathur@progress.com> * Kitchen fix while using signed profiles with inspec Signed-off-by: Nik08 <nikita.mathur@progress.com> * Unit test fix for profile resource exception Signed-off-by: Nik08 <nikita.mathur@progress.com> * Virtual profile detection improved Signed-off-by: Nik08 <nikita.mathur@progress.com> * Move mandatory profile sigining info to sigining page Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Renamed flag from --allow-unsigned-profile to --allow-unsigned-profiles Signed-off-by: Nik08 <nikita.mathur@progress.com> * Typo fix in signing doc Signed-off-by: Nik08 <nikita.mathur@progress.com> * Trim note in cli.md about mandatory profile signing Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Docs changes Signed-off-by: Ian Maddaus <ian.maddaus@progress.com> * Correct docs regarding exit code 5 Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> --------- Signed-off-by: Nik08 <nikita.mathur@progress.com> Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> Signed-off-by: Ian Maddaus <ian.maddaus@progress.com> Co-authored-by: Clinton Wolfe <clintoncwolfe@gmail.com> Co-authored-by: Ian Maddaus <ian.maddaus@progress.com>	2023-11-09 08:20:43 -05:00
Sathish Babu	4ec735d09d	CHEF 83 Revert attestations changes (#47 ) * revert attestation related files Signed-off-by: Sathish <sbabu@progress.com> * revert attestation changes to existing files Signed-off-by: Sathish <sbabu@progress.com> * update signature Signed-off-by: Sathish <sbabu@progress.com> --------- Signed-off-by: Sathish <sbabu@progress.com>	2023-05-30 20:09:29 +05:30
Nikita Mathur	5647e16d65	Added child-status reporter in features.yaml Signed-off-by: Nikita Mathur <nikita.mathur@chef.io>	2022-10-21 17:09:37 +05:30
Clinton Wolfe	393b8072e8	Feature Config File and Logger Support (#6260 ) * Convenience method skeleton Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Basic support for a config file Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Add features() array method Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Accept config as an option to with_feature Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Accept logger as an option to with_feature Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Refactor to push code into its own files Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Basic logger integration Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Crude validation of feature names, simply issues a warning log message Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Linting Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Add basic tamperproofing to feature config Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Convenience method skeleton Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Basic support for a config file Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Add features() array method Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Accept config as an option to with_feature Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Accept logger as an option to with_feature Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Refactor to push code into its own files Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Basic logger integration Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Crude validation of feature names, simply issues a warning log message Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Linting Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Add basic tamperproofing to feature config Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * CFINSPEC-464 CLI commands declaration using with_feature functionality (#6263) * Declared inspec cli commands within feature_with function Signed-off-by: Nikita Mathur <nikita.mathur@chef.io> * Added enhanced outcomes, waivers, reporters and streaming reporters within with_feature block Signed-off-by: Nikita Mathur <nikita.mathur@chef.io> * Added with_feature declaration for attestations Signed-off-by: Nikita Mathur <nikita.mathur@chef.io> Signed-off-by: Nikita Mathur <nikita.mathur@chef.io> * Update features.yaml signature after adding in new feature flags Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Fix lint Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io> * Resolved undefined method with_feature in reporters.rb Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io> * Fix for features tampered file test failing Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io> * Fixed the failing functional test for junit2: Missing the entry in the features.yaml Added progress-bar reporter entry in features.yaml Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io> Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> Signed-off-by: Nikita Mathur <nikita.mathur@chef.io> Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io> Co-authored-by: Nikita Mathur <Nik08@users.noreply.github.com> Co-authored-by: Vasu1105 <vasundhara.jagdale@chef.io>	2022-10-19 19:17:56 +05:30
Vasu1105	b64857358a	CFINSPEC-192: Alias inspec json command to inspec export --format json Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>	2022-05-13 00:31:32 +05:30
Clinton Wolfe	f584fbef9e	Add a sample validation key, to be used in testing key fetching Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>	2022-05-04 20:14:03 -04:00
Sonu Saha	dfb1ef817e	CFINSPEC-82: Remove ppa resource deprecation for backward compatibility Signed-off-by: Sonu Saha <sonu.saha@progress.com>	2022-03-17 22:59:16 +05:30
Vasu1105	8e85e2005b	CFINSPEC-137: Deprecate --target-id option Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>	2022-03-11 15:47:50 +05:30
Clinton Wolfe	b327615b85	Edit deprecation warning Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>	2022-03-10 12:14:17 -05:00
Nikita Mathur	7f4271e216	Error handling for deprecated aws and azure resources Signed-off-by: Nikita Mathur <nikita.mathur@chef.io>	2022-03-10 19:24:52 +05:30
Dan Webb	450ab79064	Change the deprecation warning to mention inputs Attributes are now referred to as Inputs Signed-off-by: Dan Webb <dan.webb@damacus.io>	2021-09-20 14:22:45 +01:00
Vasu1105	6a45164e87	Updated to use Inspec.deprecate instead of log to deprecate the --hook option Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>	2021-05-24 18:05:18 +05:30
Bryan McLellan	3670500701	Deprecate inspec/object/* classes The classes in inspec/object have been moved to the inspec-objects library. They aren't used directly by Inspec and will be removed in the next major release. Signed-off-by: Bryan McLellan <btm@loftninjas.org>	2019-11-08 15:09:09 -05:00
Clinton Wolfe	019cf6e590	Remove inspec-vault from the plugin exclusion list Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>	2019-08-22 15:25:52 -04:00
Clinton Wolfe	43f7fe52f1	Implementation and some light refactoring of bind_inputs_from_metadata Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>	2019-06-12 19:02:34 -04:00
Clinton Wolfe	ec91ac9ee0	Rename 'attribute' DSL method to 'input' (#4008 ) Rename 'attribute' DSL method to 'input'	2019-05-06 15:58:09 -04:00
Clinton Wolfe	1d201ee56c	Add inspec-*-bin to the plugin filter list Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>	2019-05-01 23:33:29 -04:00
Clinton Wolfe	3bfc0cec68	Add input() DSL method, could use some DRY up Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>	2019-04-30 23:56:17 -04:00
Clinton Wolfe	8c9d76134f	Enable warnings for AWS resources Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>	2019-04-25 15:41:10 -04:00
Miah Johnson	ea3323c269	Revert "Change inspec_ui_methods from ignore -> warn" This reverts commit `656406b8f6`.	2019-04-24 13:29:59 -07:00
Miah Johnson	5a51e06186	Change file_resource_be_mounted_matchers from warn -> fail_control Signed-off-by: Miah Johnson <miah@chia-pet.org>	2019-04-24 12:24:48 -07:00
Miah Johnson	225b167ea3	Change host_resource_proto_usage from warn -> fail_control Signed-off-by: Miah Johnson <miah@chia-pet.org>	2019-04-23 22:31:49 -07:00
Miah Johnson	656406b8f6	Change inspec_ui_methods from ignore -> warn Signed-off-by: Miah Johnson <miah@chia-pet.org>	2019-04-23 21:59:14 -07:00
Miah Johnson	fe8a591d6d	Change mssql_session_pass_option from warn -> exit Signed-off-by: Miah Johnson <miah@chia-pet.org>	2019-04-23 21:28:20 -07:00
Miah Johnson	2a3e8e15a8	Change oracledb_session_pass_option from warn -> exit Signed-off-by: Miah Johnson <miah@chia-pet.org>	2019-04-23 21:17:45 -07:00
Miah Johnson	cd10086481	Change property_filesystem_size from ignore -> warn Signed-off-by: Miah Johnson <miah@chia-pet.org>	2019-04-23 21:16:25 -07:00
Miah Johnson	c4979ced6e	Change property_process_list from warn -> fail_control Signed-off-by: Miah Johnson <miah@chia-pet.org>	2019-04-23 20:33:02 -07:00
Miah Johnson	585ce3b26f	Change properties_aws_iam_user from warn -> fail_control Signed-off-by: Miah Johnson <miah@chia-pet.org>	2019-04-23 20:26:31 -07:00
Miah Johnson	7f00e54495	Change properties_shadow from warn -> fail_control Signed-off-by: Miah Johnson <miah@chia-pet.org>	2019-04-23 19:30:21 -07:00
Miah Johnson	a00520d8b3	Change rename_attributes_to_inputs from ignore to warn. Signed-off-by: Miah Johnson <miah@chia-pet.org>	2019-04-23 19:18:55 -07:00
Miah Johnson	a8c2544e72	Change resource_apache from warn -> exit Signed-off-by: Miah Johnson <miah@chia-pet.org>	2019-04-23 18:47:12 -07:00
Miah Johnson	1c9cccb1e3	Change resource_iis_website from warn -> exit Signed-off-by: Miah Johnson <miah@chia-pet.org>	2019-04-23 18:09:18 -07:00
Miah Johnson	b508cb7aa5	Change resource_linux_kernel_parameter from warn -> exit Signed-off-by: Miah Johnson <miah@chia-pet.org>	2019-04-23 17:37:46 -07:00
Miah Johnson	d9d7e351a3	Change resource_ppa from warn -> exit Signed-off-by: Miah Johnson <miah@chia-pet.org>	2019-04-23 17:08:52 -07:00
Miah Johnson	82b705aa9f	Change resource_script from warn -> exit Signed-off-by: Miah Johnson <miah@chia-pet.org>	2019-04-23 16:36:09 -07:00
Miah Johnson	080c882322	Change resource_user_serverspec_compat from warn -> fail_control Signed-off-by: Miah Johnson <miah@chia-pet.org>	2019-04-23 16:13:13 -07:00
Miah Johnson	620bd44976	Change resource_windows_registry_key from warn -> exit Signed-off-by: Miah Johnson <miah@chia-pet.org>	2019-04-23 15:51:04 -07:00
Miah Johnson	a10a62a505	mount_parser_serverspec_compat warn -> fail_control Signed-off-by: Miah Johnson <miah@chia-pet.org>	2019-04-23 15:30:51 -07:00
Miah Johnson	5b3a24407f	Change wmi_non_hash_usage from warn to fail_control Signed-off-by: Miah Johnson <miah@chia-pet.org>	2019-04-23 15:11:12 -07:00
Clinton Wolfe	f7b01093a4	Warn on using default with attributes Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>	2019-04-23 11:46:13 -04:00
Clinton Wolfe	201c52594d	Correct deprecation message on shadows property Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>	2019-04-16 17:32:29 -04:00
Clinton Wolfe	fc1bc75358	Adjust deprecations somewhat Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>	2019-04-12 10:55:36 -04:00
Jerry Aldrich	40031a9b83	Use deprecation facility throughout code This converts all current deprecation warnings/TODOs to use the `Inspec.deprecate()` deprecation facility. This also modifies `Inspec.deprecate()` to only require 1 argument. Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>	2019-04-11 19:15:01 -04:00
Clinton Wolfe	fc7f3a65b4	Add a deprecation grouup for core AWS resources Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>	2019-02-20 18:02:02 -05:00
Clinton Wolfe	d52d497aac	Add deprecation group for renaming attributes Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>	2019-02-14 13:48:47 -05:00
Clinton Wolfe	dd3d3cbd2f	Add deprecation hook for size() Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>	2019-02-06 14:02:17 -05:00
Clinton Wolfe	a5fbeccf68	Add deprecation hook for --json-config Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>	2019-02-01 14:29:34 -05:00
Clinton Wolfe	7ac2f6433a	Add deprecation hook for attribute 'default' option Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>	2019-01-28 00:42:27 -05:00
Clinton Wolfe	f5ab0d9125	Config file validation in place Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>	2019-01-10 23:54:50 -08:00
Clinton Wolfe	2121667e31	Starting implementation, global method is wired up Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>	2019-01-10 23:54:50 -08:00

1 2

53 commits