mirror of
https://github.com/inspec/inspec
synced 2024-11-10 07:04:15 +00:00
fd4e6d97a6
* Updated exec option to allow unsigned profiles run Signed-off-by: Nik08 <nikita.mathur@progress.com> * Added method to verify signed profile and to check for signed profile Signed-off-by: Nik08 <nikita.mathur@progress.com> * Invoked logic on each run to verify profiles if signed else raise sig req error Signed-off-by: Nik08 <nikita.mathur@progress.com> * Tests cases added to validate behaviour of inspec exec with signed and unsigned profiles with --chef-allow-unsigned flag Signed-off-by: Nik08 <nikita.mathur@progress.com> * Refactored and moved delete_signing_keys to common helper library for tests Signed-off-by: Nik08 <nikita.mathur@progress.com> * Updated code comments for more information and clarity on security update of signed profiles inspec exec Signed-off-by: Nik08 <nikita.mathur@progress.com> * Test cases to validate inspec run with combination of signed and unsigned profiles Signed-off-by: Nik08 <nikita.mathur@progress.com> * Documented usage of flag --chef-allow-unsigned Signed-off-by: Nik08 <nikita.mathur@progress.com> * Renamed the flag to run unsigned profiles to --allow-unsigned Signed-off-by: Nik08 <nikita.mathur@progress.com> * Refactored logic on profile level for profile signing verification Signed-off-by: Nik08 <nikita.mathur@progress.com> * Renaming the argument variable - from runner_call to silent Signed-off-by: Nik08 <nikita.mathur@progress.com> * Added profile mandate check for other inspec commands running profile evaluation Signed-off-by: Nik08 <nikita.mathur@progress.com> * Updated error message for profile sign requirement Signed-off-by: Nik08 <nikita.mathur@progress.com> * Updated test helper to fix inspec json test Signed-off-by: Nik08 <nikita.mathur@progress.com> * Fixed inspec json ability to use cli options successfully Signed-off-by: Nik08 <nikita.mathur@progress.com> * Documentation added for signed profiles mandatory usage with CLI commands Signed-off-by: Nik08 <nikita.mathur@progress.com> * Flow changes of raising exception when unsigned instead of direct exit Signed-off-by: Nik08 <nikita.mathur@progress.com> * Renamed unsigned profile flags Signed-off-by: Nik08 <nikita.mathur@progress.com> * Extracted out allow unsigned condition to config and modified comment info Signed-off-by: Nik08 <nikita.mathur@progress.com> * Doc update on consent of using signed and unsigned profiles Signed-off-by: Nik08 <nikita.mathur@progress.com> * Fix in signing mandatin check and added additional check on runner for better error UI for exec command Signed-off-by: Nik08 <nikita.mathur@progress.com> * Removed repeated allow-unsigned-profile defination from exec_options Signed-off-by: Nik08 <nikita.mathur@progress.com> * Test fixes Signed-off-by: Nik08 <nikita.mathur@progress.com> * Enabled feature preview flag for mandatory signing Signed-off-by: Nik08 <nikita.mathur@progress.com> * Test fixes after feature flag usage for mandatory signing Signed-off-by: Nik08 <nikita.mathur@progress.com> * Doc changes using feature preview flag for mandatory signing feature Signed-off-by: Nik08 <nikita.mathur@progress.com> * Inspec exec tests fixes for ENV values and parallel test fix using default option --allow-unsigned-profile false Signed-off-by: Nik08 <nikita.mathur@progress.com> * Kitchen fix while using signed profiles with inspec Signed-off-by: Nik08 <nikita.mathur@progress.com> * Unit test fix for profile resource exception Signed-off-by: Nik08 <nikita.mathur@progress.com> * Virtual profile detection improved Signed-off-by: Nik08 <nikita.mathur@progress.com> * Move mandatory profile sigining info to sigining page Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Renamed flag from --allow-unsigned-profile to --allow-unsigned-profiles Signed-off-by: Nik08 <nikita.mathur@progress.com> * Typo fix in signing doc Signed-off-by: Nik08 <nikita.mathur@progress.com> * Trim note in cli.md about mandatory profile signing Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Docs changes Signed-off-by: Ian Maddaus <ian.maddaus@progress.com> * Correct docs regarding exit code 5 Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> --------- Signed-off-by: Nik08 <nikita.mathur@progress.com> Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> Signed-off-by: Ian Maddaus <ian.maddaus@progress.com> Co-authored-by: Clinton Wolfe <clintoncwolfe@gmail.com> Co-authored-by: Ian Maddaus <ian.maddaus@progress.com>
91 lines
No EOL
3.8 KiB
YAML
91 lines
No EOL
3.8 KiB
YAML
---
|
|
features:
|
|
inspec-cli-exec:
|
|
description: Run InSpec profile code at the command line.
|
|
inspec-cli-shell:
|
|
description: Experiment with InSpec Language interactively.
|
|
inspec-cli-check:
|
|
description: Examine a profile for problems.
|
|
inspec-cli-json:
|
|
description: Generate JSON summary for inspec profile/s.
|
|
inspec-cli-export:
|
|
description: Generate summary in specified formats for profile/s.
|
|
inspec-cli-vendor:
|
|
description: Download all profile dependencies and generate a lockfile in vendor directory.
|
|
inspec-cli-archive:
|
|
description: Archive a profile to tar.gz (default) or zip.
|
|
inspec-cli-detect:
|
|
description: Detect the target OS.
|
|
inspec-cli-env:
|
|
description: Output shell-appropriate completion configuration.
|
|
inspec-cli-schema:
|
|
description: Print the JSON schema.
|
|
inspec-cli-run-context:
|
|
description: Test run-context detection.
|
|
inspec-cli-version:
|
|
description: Print the version of InSpec.
|
|
inspec-cli-clear-cache:
|
|
description: Clear InSpec cache stored in ~/.inspec/cache or specific vendor cache path.
|
|
inspec-cli-compliance-login:
|
|
description: Login to Automate Server using InSpec.
|
|
inspec-cli-compliance-profiles:
|
|
description: Lists all uploaded profiles from automate server.
|
|
inspec-cli-compliance-exec:
|
|
description: Run InSpec profile from a list of profiles in automate server.
|
|
inspec-cli-compliance-download:
|
|
description: Download the InSpec profile from automate server.
|
|
inspec-cli-compliance-upload:
|
|
description: Upload InSpec profile to automate server.
|
|
inspec-cli-compliance-version:
|
|
description: Print the version of Automate Server.
|
|
inspec-cli-compliance-logout:
|
|
description: Logout from Automate Server.
|
|
inspec-cli-habitat-profile-create:
|
|
description: Create Habitat Artifact for the InSpec profile.
|
|
inspec-cli-habitat-profile-setup:
|
|
description: Configure Habitat Artifact.
|
|
inspec-cli-habitat-profile-upload:
|
|
description: Upload Habitat Artifact for the InSpec profile to Habitat Builder Depot.
|
|
inspec-cli-init-profile:
|
|
description: Generate a new InSpec profile.
|
|
inspec-cli-init-plugin:
|
|
description: Generate a new InSpec plugin.
|
|
inspec-cli-init-resource:
|
|
description: Generate a new InSpec resource.
|
|
inspec-cli-parallel-exec:
|
|
description: Run list of InSpec exec operations parallely.
|
|
inspec-cli-sign-generate-keys:
|
|
description: Generate a RSA key pair for signing and verification.
|
|
inspec-cli-sign-profile:
|
|
description: Sign InSpec profile and generate .iaf artifact.
|
|
inspec-cli-sign-verify:
|
|
description: Verify a signed profile .iaf artifact.
|
|
inspec-enhanced-outcomes:
|
|
description: Use enhanced outcomes in reporters
|
|
inspec-waivers:
|
|
description: Use waivers mechanism with one or more waiver files.
|
|
inspec-reporter-cli:
|
|
description: Use CLI reporter.
|
|
inspec-reporter-json:
|
|
description: Use JSON reporter.
|
|
inspec-reporter-json-automate:
|
|
description: Use JSON automate reporter.
|
|
inspec-reporter-automate:
|
|
description: Use automate reporter.
|
|
inspec-reporter-yaml:
|
|
description: Use YAML reporter.
|
|
inspec-reporter-json-min:
|
|
description: Use JSON min reporter for minimal JSON output.
|
|
inspec-reporter-junit:
|
|
description: Use JUnit reporter.
|
|
inspec-reporter-junit2:
|
|
description: Use JUnit2 reporter.
|
|
inspec-reporter-html2:
|
|
description: Use HTML reporter.
|
|
inspec-reporter-progress-bar:
|
|
description: Use progress bar streaming reporter
|
|
inspec-reporter-child-status:
|
|
description: Child status reporter used in inspec parallel reporting.
|
|
inspec-mandatory-profile-signing:
|
|
description: Required to use a signed Inspec profile by default with inspec commands
|
|
env_preview: true |