Commit graph

214 commits

Author SHA1 Message Date
Miah Johnson
e298f0f44b move find_files inspec policy to kitchen directory
Signed-off-by: Miah Johnson <miah@chia-pet.org>
2019-10-16 22:41:03 -07:00
Miah Johnson
e8ae9012ea Move inspec-verify kitchen tests into more obvious directory
Signed-off-by: Miah Johnson <miah@chia-pet.org>
2019-10-16 22:41:03 -07:00
mhackethal
7ac468df5b first test. Signed-off-by: mhackethal <mh@it31.de> 2019-09-12 21:44:13 +02:00
Lance Albertson
3263d76627 Add ip6tables resource
This should resolve #1011 which provides an ip6tables resource to test IPv6
iptables rules. This is essentially a copy of the iptables resource with a few
renames.

In addition, I've pulled in the integration tests for iptables into ip6tables
and enabled it on docker so that it properly gets tested regularly. The test
cookbook recipe has been updated to support all of the current platforms that
are being tested.

Signed-off-by: Lance Albertson <lance@osuosl.org>
2019-06-24 17:01:34 -07:00
Clinton Wolfe
00d497fd09 Remove kitchen-inspec testing code - it is tested in that project, not here
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-06-12 12:17:19 -04:00
Clinton Wolfe
46624396c7 Bulk edit of test files to use input() in DSL
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-06-12 12:17:19 -04:00
Ryan Davis
a5309ea392 blindly applied chefstyle -a
Signed-off-by: Ryan Davis <zenspider@chef.io>
2019-06-11 18:52:03 -07:00
Miah Johnson
2a1b1d8e88 Remove all leading newlines.
Signed-off-by: Miah Johnson <miah@chia-pet.org>
2019-05-31 11:43:44 -07:00
Ryan Davis
ec248217a7 Extra fix for utils move
Signed-off-by: Ryan Davis <zenspider@chef.io>
2019-05-29 17:58:02 -07:00
Miah Johnson
6c19e81a06 Remove authors tags from source files.
Signed-off-by: Miah Johnson <miah@chia-pet.org>
2019-05-28 12:47:39 -07:00
Ryan Davis
9b7c292d4c Use IO globals instead of IO constants.
Helps testing and lots of other things if we only use $stdout/$stderr.

STDOUT/STDERR should only be used to restore the globals.

Signed-off-by: Ryan Davis <zenspider@chef.io>
2019-05-18 12:48:18 -07:00
Ryan Davis
80cfc419f8 Use Inspec::VERSION directly to decouple from bundler.
Can also try to use the bundler version first and then fall back to
VERSION... but VERSION is absolutely free.

Happy to push an edit to this to remove the comment or fold it in.

Signed-off-by: Ryan Davis <zenspider@chef.io>
2019-05-17 02:26:06 -07:00
Tim Smith
0122ee8e60 Remove the deprecated linux_kernel_parameter resource test
This was testing serverspec compatibility, but those days are long past us and this is a deprecated resource now. This will quiet our tests up a bit.

Signed-off-by: Tim Smith <tsmith@chef.io>
2019-05-15 16:39:29 -07:00
Miah Johnson
659b4b373a Remove # encoding: utf8 magic comments
Signed-off-by: Miah Johnson <miah@chia-pet.org>
2019-05-07 16:06:23 -07:00
Clinton Wolfe
07ee1c3bb5
Merge pull request #3814 from inspec/tas50/kitchen
Update the integration tests to use dokken-images and newer Chef technologies
2019-02-27 14:43:21 -05:00
Clinton Wolfe
f7d58ad92c Replace most mentions of attribute with input in test/
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-02-20 20:41:10 -05:00
Tim Smith
68ff8d8b43 Update what we expect for the x509 request
The new built in chef resource creates it a bit differently than the legacy cookbook resource did

Signed-off-by: Tim Smith <tsmith@chef.io>
2019-02-13 22:00:00 -08:00
Amit Saha
bbc07f5f11 aws_sqs_queue - new resource (#3674)
Signed-off-by: Amit Saha <amitsaha.in@gmail.com>
2018-12-20 14:33:21 -05:00
Clinton Wolfe
b3fafab1e6 Add aws_eks_cluster resource (#3582)
* add aws_eks_cluster

Signed-off-by: Timothy van Zadelhoff
timothy.inspec@theothersolution.nl

* disable ABC check on fetch_from_api

Signed-off-by: Timothy van Zadelhoff <timothy.inspec@theothersolution.nl>

* add status predicates

* Change docs for status attribute

Signed-off-by: Timothy van Zadelhoff <timothy.inspec@theothersolution.nl>

*     Add integration tests

    Signed-off-by: Timothy van Zadelhoff <timothy.inspec@theothersolution.nl>

* Adjust EKS build code to almost work

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* EKS only uses private subnets - integration tests pass

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Correct AWS Exception class for resource search miss in unit test

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>

* Update unit test to reflect AWS resource-standard miss behavior, returning nil for most properties

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-11-27 16:54:47 -05:00
mhackethal
86cf55382b filesystem: improve Windows support (#3606)
* Improve filesystem.rb to support windows

improve filesystem.rb to support windows.
Split into 2 classes LinuxFileSystemResource / WindowsFileSystemResource
Add filesystem to verify a FS-type ( currently not for linux because missing test server )
Size on Windows is converted to GB - discussion about this welcome

update to reflect also windows os

* Create get-wmiobject-filesystem
* Delete get-wmiobject-filesystem

* Fix the testing code for filesystem.
Change its 'filesystem' to 'type' according to recommendation from @miah
Signed-off-by: Markus Hackethal <mh@it31.de>
2018-11-19 13:32:59 -05:00
Timothy van Zadelhoff
5739cb2d6b aws_security_group: Query against other security group ids in allow_* matchers (#3576)
* add security-group to security-group rules
* update docs
* Add integration tests for security-group to security-group rules
* rubocop fix
*     Add one security group rule, with position.
* make control fit description

Signed-off-by: Timothy van Zadelhoff <timothy.inspec@theothersolution.nl
2018-11-13 13:25:33 -05:00
James Stocks
7c58285eb6 New resource to work with Windows security identifiers (SIDs) (#3405)
* Resource for a Windows Security Identifier (SID)
* Integration tests for security_identifier resource
* Address rubocop violations
* Improve security_identifier from PR feedback
* Update security_identifier tests
* Improve security_identifier unit tests
* Fix unit tests fpr security_identifier resource
* More security_identifier unit tests
* Add docs page for security_identifier resource
* Fix issues with documentation
* Improve docs
Link to Microsoft reference page, and use their term 'trustee' instead of 'entity' where applicable.

* Change exists to exist
* Test appveyor file changes.

Signed-off-by: Jared Quick <jquick@chef.io>
2018-10-19 09:01:00 -04:00
Jerry Aldrich
0b0a0a4d48 Change Inspec to InSpec where appropriate (#3494)
Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
2018-10-15 12:09:46 -04:00
Jared Quick
39b3b7135e
Add audit-cookbook integration testing (#3431)
* Add audit integration testing.
* Add some docs and feedback changes.
* Updated integration task to use paramaters and clean it up.
* Fix unit test

Signed-off-by: Jared Quick <jquick@chef.io>
2018-09-25 15:53:26 -04:00
Martin Logan
242bee9ce6 Update AWS Security Group to work with IPV6 rules. (#3394)
Add inbound_rules_count and outbound_rules_count for total variants

Signed-off-by: Martin Logan <martinloganzz@gmail.com>
2018-09-18 16:21:41 -04:00
Martin Logan
8e780cd912 Fixing AWS integration tests. (#3374)
Obvious fix.
2018-09-10 14:38:57 -04:00
Clinton Wolfe
6f46d52242
Add aws_elb and aws_elbs resources (#3079)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-06-07 15:06:05 -04:00
Miah Johnson
ab32446213 Adds a aws_flow_log resource with unit and integration testing. (#2906)
Signed-off-by: Miah Johnson <miah@chia-pet.org>
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-06-07 14:41:46 -04:00
Clinton Wolfe
f9dd82f2f6
Add common methods to FilterTable automatically (#3104)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-06-05 22:35:09 -04:00
Tor Magnus Rakvåg
71ba5018d2 Enhance groups resource with members property (#3029)
* implement members property
* flatten groups entry, extract flatten helper
* lints
* more idiomatic spec, add example of members testing

Signed-off-by: Tor Magnus Rakvåg <tm@intility.no>
2018-05-31 13:37:44 -04:00
Tor Magnus Rakvåg
367f91ea31 handle nil properties in iis_site (#3040)
* return nil instead of trying to index into nil
* fix typo
* add spec for deleted site

Signed-off-by: Tor Magnus Rakvåg <tm@intility.no>
2018-05-31 13:36:15 -04:00
Clinton Wolfe
af72574b34 Skeletal aws_ec2_instances resource (#3023)
* Add integration and unit tests for aws_ec2_instances
* Basic docs for aws_ec2_instances
* Add basic aws_ec2_instances resource

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-05-10 14:54:33 -04:00
Tor Magnus Rakvåg
ce70c13011 Typo in integration test (#3028)
Signed-off-by: Tor Magnus Rakvåg <tm@intility.no>
2018-05-09 15:15:48 -04:00
Jeremy
1407e681fc #2810 - Add check if aws s3 bucket is encrypted. (#2937)
* Add check if aws s3 bucket is encrypted.
Required terraform aws provider >= 1.6
Fix indentation issue in aws_s3_bucket.rb

* Implement most changes recommended by @TrevorBramble, and refactored other methods to align with recommendations (except Terraform nitpick; preference is to keep coding style consistent until full refactor).

Signed-off-by: Jeremy Phillips <github@uranusbytes.com>
2018-05-03 09:55:29 -04:00
James Stocks
b42bfeb77d cmp should recognise a string being a negative int (#3007)
Signed-off-by: James Stocks <jstocks@chef.io>
2018-05-02 10:19:57 -04:00
David McCown
23967a2849 Refactors Terraform plan to break out steps (#2996)
This change should make it easier to work with a running environment.
You may now apply changes without doing a full teardown/rebuild any time
you make a change to the terraform plan.

Adds some documenation on how to use the Terraform tooling.

Adds AZURE_LOCATION to override the default region.

Signed-off-by: David McCown <dmccown@chef.io>
2018-04-29 14:00:12 -04:00
Omar J. Irizarry
2495fd8196 extend os_env resource to select between Machine and User vars on Windows (#2945)
Signed-off-by: Omar J Irizarry <irizarry_omar_j@network.lilly.com>
2018-04-26 15:10:14 -04:00
Clinton Wolfe
8934352935 Make names for AWS Config service objects optional (#2928)
* Update tests and docs to assume one recorder per region
* Config recorder supports singleton fetch
* Docs and tests for singleton mode delivery_channel
* Implementation for singleton delivery channel, and some other code cleanup
* Implement some feedback, and fix a bug in traversing the struct in looking for empty results

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-04-19 13:08:16 -04:00
Clinton Wolfe
340b6eb4b4 Upgrade Terraform version pins for integration testing (#2968)
* Update terrform to 0.11.7 (latest) and aws plugin to 1.14; upgrade plugins on test startup
* TF route table resource doesn't export associations or routes attributes.  Which we weren't using anyway.
* Downgrade to aws plugin 1.13 to avoid TF panic; suppress deprecation warning for aws_region
* Fix incoherent attribute combination on cloudtrail
* Add -auto-approve to suppress interactive confirmation
* Update version pinning for AWS minimal account
* Use a plan file in AWS runs
* Pin azure TF run to 0.11 and 1.3; also an autoformatter pass on the TF code.

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-04-19 13:01:27 -04:00
Clinton Wolfe
73b7b6942c
Inline and attached policies for aws_iam_user and aws_iam_users (#2947)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-04-17 13:22:28 -04:00
Clinton Wolfe
146b60556d
Policy statement search: don't stacktrace on missing field (#2962)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-04-17 13:21:29 -04:00
Clinton Wolfe
2c9cb5d46e Fixed numerous naming errors in aws_iam_vpcs integration tests (#2961)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-04-17 11:42:36 -04:00
Clinton Wolfe
6853f232fa aws_iam_policy statement search fix for degenerate policies (#2958)
* Bug replication tests, unit and integration
* Fixes statement_count
* Fixes statement_count and have_statement
* rubocop trim whitespace

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-04-16 10:04:00 -04:00
Clinton Wolfe
745ff32c80 Basic fields for aws_vpcs (#2930)
* Update singular implementation to avoid use of inner object
* Update docs and tests for 3 new filters and properties on aws_vpcs
* Implement new filters and properties; one failing test due to odd FilterTable behavior
* changes to avoid bug 2929

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-04-12 15:48:55 -04:00
Clinton Wolfe
7130a77c06
Policy Statement Search capability for aws_iam_policy (#2918)
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-04-12 14:31:02 -04:00
Clinton Wolfe
4200fdd779 AWS Security Group Rules properties and matchers (#2876)
Provides low-, and mid-level properties and matchers for examining rules on aws_security_group.

* Second draft of docs for SG rules interface; need to clarify semantics of reject
* First cut at unit tests
* Cleanup test fixtures
* Implementation for allow, with plausible unit tests
* Doc updates based on reality
* Add integration tests; move allow to allow_ / out; several docs updates
* Add be_open_to_the_world and be_open_to_the_world_on_port
* Update docs to reflect adding allow_only
* Update docs to reflect use of position to allow multiple rules with 'only'
* Implement allow_only with unit tests; still need integration tests
* Add integration tests for allow_only

Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-04-06 14:22:25 -04:00
Matthew Dromazos
b5a0007851 aws_cloudtrail_trail feature: test how many days ago logs were delivered (#2887)
* * Adds new property to test how many days ago the CloudTrail delivered logs to the CloudWatch Logs.

* * Changes query for selected cloud trail in unit test
* Changes uses Time.now explicitly instead of making a variable in the unit test

Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
2018-04-06 14:04:57 -04:00
Matthew Dromazos
74076bc44a aws_iam_group feature: test users in an iam group (#2888)
* Adds new property to test the users in an aws_iam_group
* Adds terraform code to add the recall_hit user to the administrator group

Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
2018-04-06 14:04:13 -04:00
Matthew Dromazos
c04a98c9f8 New Skeletal Resource aws_route_tables (#2643)
* Initial commit of skeletal resource aws_route_tables
* Fixes issues with documentation
* Renames route table terraform resources to be more conventional
* Removes tags terraform resources
* Changes aws_route_table and aws_route_tables integration tests to use new terraform names
* Removes unneeded data given in unit tests

Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
2018-04-05 12:51:22 -04:00
Matthew Dromazos
0df67fc7d0 New Skeletal Resource aws_s3_buckets (#2653)
* Initial commit of skeletal resource aws_s3_buckets
* Add fixes to documents
* Removes property 'creation_date' for there is no use case as of right now
* Rebases on master and moves aws_s3_buckets integration test to the correct location
* Adds test on unit test for false exists

Signed-off-by: Matthew Dromazos <dromazmj@dukes.jmu.edu>
2018-04-05 12:49:30 -04:00