chef 17.3.48-universal-mingw32 → 17.6.15-universal-mingw32

data/lib/chef/secret_fetcher.rb

@@ -21,7 +21,7 @@ require_relative "exceptions"
 class Chef
   class SecretFetcher
 
-    SECRET_FETCHERS = %i{example aws_secrets_manager azure_key_vault}.freeze
+    SECRET_FETCHERS = %i{example aws_secrets_manager azure_key_vault hashi_vault akeyless_vault}.freeze
 
     # Returns a configured and validated instance
     # of a [Chef::SecretFetcher::Base]  for the given
@@ -30,21 +30,28 @@ class Chef
     # @param service [Symbol] the identifier for the service that will support this request. Must be in
     #                         SECRET_FETCHERS
     # @param config [Hash] configuration that the secrets service requires
-    def self.for_service(service, config)
+    # @param run_context [Chef::RunContext] the run context this is being invoked from
+    def self.for_service(service, config, run_context)
       fetcher = case service
                 when :example
                   require_relative "secret_fetcher/example"
-                  Chef::SecretFetcher::Example.new(config)
+                  Chef::SecretFetcher::Example.new(config, run_context)
                 when :aws_secrets_manager
                   require_relative "secret_fetcher/aws_secrets_manager"
-                  Chef::SecretFetcher::AWSSecretsManager.new(config)
+                  Chef::SecretFetcher::AWSSecretsManager.new(config, run_context)
                 when :azure_key_vault
                   require_relative "secret_fetcher/azure_key_vault"
-                  Chef::SecretFetcher::AzureKeyVault.new(config)
+                  Chef::SecretFetcher::AzureKeyVault.new(config, run_context)
+                when :hashi_vault
+                  require_relative "secret_fetcher/hashi_vault"
+                  Chef::SecretFetcher::HashiVault.new(config, run_context)
+                when :akeyless_vault
+                  require_relative "secret_fetcher/akeyless_vault"
+                  Chef::SecretFetcher::AKeylessVault.new(config, run_context)
                 when nil, ""
                   raise Chef::Exceptions::Secret::MissingFetcher.new(SECRET_FETCHERS)
                 else
-                  raise Chef::Exceptions::Secret::InvalidFetcherService.new("Unsupported secret service: #{service}", SECRET_FETCHERS)
+                  raise Chef::Exceptions::Secret::InvalidFetcherService.new("Unsupported secret service: '#{service}'", SECRET_FETCHERS)
                 end
       fetcher.validate!
       fetcher

data/lib/chef/version.rb

@@ -23,7 +23,7 @@ require_relative "version_string"
 
 class Chef
   CHEF_ROOT = File.expand_path("..", __dir__)
-  VERSION = Chef::VersionString.new("17.3.48")
+  VERSION = Chef::VersionString.new("17.6.15")
 end
 
 #

data/lib/chef/win32/version.rb

@@ -49,7 +49,8 @@ class Chef
       private_class_method :method_name_from_marketing_name
 
       WIN_VERSIONS = {
-        "Windows Server 2019" => { major: 10, minor: 0, callable: lambda { |product_type, suite_mask, build_number| product_type != VER_NT_WORKSTATION && build_number >= 17763 } },
+        "Windows Server 2022" => { major: 10, minor: 0, callable: lambda { |product_type, suite_mask, build_number| product_type != VER_NT_WORKSTATION && build_number >= 20348 } },
+        "Windows Server 2019" => { major: 10, minor: 0, callable: lambda { |product_type, suite_mask, build_number| product_type != VER_NT_WORKSTATION && build_number >= 17763 && build_number < 20348 } },
         "Windows 10" => { major: 10, minor: 0, callable: lambda { |product_type, suite_mask, build_number| product_type == VER_NT_WORKSTATION } },
         "Windows Server 2016" => { major: 10, minor: 0, callable: lambda { |product_type, suite_mask, build_number| product_type != VER_NT_WORKSTATION && build_number <= 14393 } },
         "Windows 8.1" => { major: 6, minor: 3, callable: lambda { |product_type, suite_mask, build_number| product_type == VER_NT_WORKSTATION } },

data/spec/functional/resource/archive_file_spec.rb

@@ -0,0 +1,87 @@
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+require "tmpdir"
+
+# Exclude this test on platforms where ffi-libarchive loading is broken
+describe Chef::Resource::ArchiveFile, :libarchive_loading_broken do
+  include RecipeDSLHelper
+
+  let(:tmp_path) { Dir.mktmpdir }
+  let(:extract_destination) { "#{tmp_path}/extract_here" }
+  let(:test_archive_path) { File.expand_path("archive_file/test_archive.tar.gz", CHEF_SPEC_DATA) }
+
+  after do
+    FileUtils.remove_entry_secure(extract_destination) if File.exist?(extract_destination)
+  end
+
+  context "when strip_components is 0" do
+    it "extracts archive to destination" do
+      af = archive_file test_archive_path do
+        destination extract_destination
+      end
+      af.should_be_updated
+
+      expect(af.strip_components).to eq(0) # Validate defaults haven't changed here
+      expect(Dir.glob("#{extract_destination}/**/*").length).to eq(4)
+      expect(Dir.exist?("#{extract_destination}/folder-1")).to eq(true)
+      expect(File.exist?("#{extract_destination}/folder-1/file-1.txt")).to eq(true)
+      expect(Dir.exist?("#{extract_destination}/folder-1/folder-2")).to eq(true)
+      expect(File.exist?("#{extract_destination}/folder-1/folder-2/file-2.txt")).to eq(true)
+    end
+  end
+
+  context "when strip_components is 1" do
+    it "extracts archive to destination, with 1 component stripped" do
+      archive_file test_archive_path do
+        destination extract_destination
+        strip_components 1
+      end.should_be_updated
+
+      expect(Dir.exist?("#{extract_destination}/folder-1")).to eq(false)
+      expect(File.exist?("#{extract_destination}/folder-1/file-1.txt")).to eq(false)
+      expect(Dir.exist?("#{extract_destination}/folder-1/folder-2")).to eq(false)
+      expect(File.exist?("#{extract_destination}/folder-1/folder-2/file-2.txt")).to eq(false)
+
+      expect(Dir.glob("#{extract_destination}/**/*").length).to eq(3)
+      expect(File.exist?("#{extract_destination}/file-1.txt")).to eq(true)
+      expect(Dir.exist?("#{extract_destination}/folder-2")).to eq(true)
+      expect(File.exist?("#{extract_destination}/folder-2/file-2.txt")).to eq(true)
+    end
+  end
+
+  context "when strip_components is 2" do
+    it "extracts archive to destination, with 2 components stripped" do
+      archive_file test_archive_path do
+        destination extract_destination
+        strip_components 2
+      end.should_be_updated
+
+      expect(Dir.exist?("#{extract_destination}/folder-1")).to eq(false)
+      expect(File.exist?("#{extract_destination}/folder-1/file-1.txt")).to eq(false)
+      expect(Dir.exist?("#{extract_destination}/folder-1/folder-2")).to eq(false)
+      expect(File.exist?("#{extract_destination}/folder-1/folder-2/file-2.txt")).to eq(false)
+      expect(File.exist?("#{extract_destination}/file-1.txt")).to eq(false)
+      expect(Dir.exist?("#{extract_destination}/folder-2")).to eq(false)
+      expect(File.exist?("#{extract_destination}/folder-2/file-2.txt")).to eq(false)
+
+      expect(Dir.glob("#{extract_destination}/**/*").length).to eq(1)
+      expect(File.exist?("#{extract_destination}/file-2.txt")).to eq(true)
+    end
+  end
+end

data/spec/functional/resource/group_spec.rb

@@ -44,6 +44,10 @@ describe Chef::Resource::Group, :requires_root_or_running_windows do
       members.shift # Get rid of GroupMembership: string
       members.include?(user)
     else
+      # TODO For some reason our temporary AIX 7.2 system does not correctly report group membership immediately after changes have been made.
+      # Adding a 2 second delay for this platform is enough to get correct results.
+      # We hope to remove this delay after we get more permanent AIX 7.2 systems in our CI pipeline. reference: https://github.com/chef/release-engineering/issues/1617
+      sleep 2 if aix? && (ohai[:platform_version] == "7.2")
       Etc.getgrnam(group_name).mem.include?(user)
     end
   end
@@ -181,7 +185,7 @@ describe Chef::Resource::Group, :requires_root_or_running_windows do
 
     describe "when the users exist" do
       before do
-        high_uid = 30000
+        high_uid = 40000
         (spec_members).each do |member|
           remove_user(member)
           create_user(member, high_uid)

data/spec/functional/resource/link_spec.rb

@@ -345,9 +345,17 @@ describe Chef::Resource::Link do
             let(:test_user) { "test-link-user" }
             before do
               user(test_user).run_action(:create)
+              # TODO For some reason our temporary AIX 7.2 system does not correctly report user existence immediately after changes have been made.
+              # Adding a 2 second delay for this platform is enough to get correct results.
+              # We hope to remove this delay after we get more permanent AIX 7.2 systems in our CI pipeline. reference: https://github.com/chef/release-engineering/issues/1617
+              sleep 2 if aix? && (ohai[:platform_version] == "7.2")
             end
             after do
               user(test_user).run_action(:remove)
+              # TODO For some reason our temporary AIX 7.2 system does not correctly report user existence immediately after changes have been made.
+              # Adding a 2 second delay for this platform is enough to get correct results.
+              # We hope to remove this delay after we get more permanent AIX 7.2 systems in our CI pipeline. reference: https://github.com/chef/release-engineering/issues/1617
+              sleep 2 if aix? && (ohai[:platform_version] == "7.2")
             end
             before(:each) do
               resource.owner(test_user)

data/spec/functional/resource/powershell_package_source_spec.rb

@@ -22,7 +22,7 @@ describe Chef::Resource::PowershellPackageSource, :windows_gte_10 do
   include Chef::Mixin::PowershellExec
 
   let(:source_name) { "fake" }
-  let(:url) { "https://www.nuget.org/api/v2" }
+  let(:source_location) { "https://www.nuget.org/api/v2" }
   let(:trusted) { true }
 
   let(:run_context) do
@@ -32,7 +32,7 @@ describe Chef::Resource::PowershellPackageSource, :windows_gte_10 do
   subject do
     new_resource = Chef::Resource::PowershellPackageSource.new("test powershell package source", run_context)
     new_resource.source_name source_name
-    new_resource.url url
+    new_resource.source_location source_location
     new_resource.trusted trusted
     new_resource.provider_name provider_name
     new_resource
@@ -61,7 +61,7 @@ describe Chef::Resource::PowershellPackageSource, :windows_gte_10 do
       it "updates an existing package source if changed" do
         subject.run_action(:register)
         subject.trusted !trusted
-        subject.run_action(:register)
+        subject.run_action(:set)
         expect(subject).to be_updated_by_last_action
       end
     end
@@ -73,9 +73,8 @@ describe Chef::Resource::PowershellPackageSource, :windows_gte_10 do
         expect(get_installed_package_source_name).to be_empty
       end
 
-      it "does not unregister the package source if not already installed" do
-        subject.run_action(:unregister)
-        expect(subject).not_to be_updated_by_last_action
+      it "does not unregister the package source if not installed" do
+        expect { subject.run_action(:unregister) }.to_not raise_error
       end
     end
   end

data/spec/integration/compliance/compliance_spec.rb

@@ -47,6 +47,7 @@ describe "chef-client with compliance phase" do
         {
           "audit": {
             "compliance_phase": true,
+            "reporter": "json-file",
             "json_file": {
               "location": "#{report_file}"
             },
@@ -79,4 +80,64 @@ describe "chef-client with compliance phase" do
       expect(result["status"]).to eq("passed")
     end
   end
+
+  when_the_repository "has a compliance segment" do
+    let(:report_file) { path_to("report_file.json") }
+
+    before do
+      directory "cookbooks/x" do
+        directory "compliance" do
+          directory "profiles/my_profile" do
+            file "inspec.yml", <<~FILE
+              ---
+              name: my-profile
+            FILE
+
+            directory "controls" do
+              file "my_control.rb", <<~FILE
+                control "my control" do
+                  describe Dir.home do
+                    it { should be_kind_of String }
+                  end
+                end
+              FILE
+            end
+          end
+        end
+        file "attributes/default.rb", <<~FILE
+        default['audit']['reporter'] = "json-file"
+        default['audit']['json_file'] = {
+              "location" => "#{report_file}"
+            }
+        FILE
+        file "recipes/default.rb", <<~FILE
+          include_profile ".*::.*"
+        FILE
+      end
+      file "config/client.rb", <<~EOM
+        local_mode true
+        cookbook_path "#{path_to("cookbooks")}"
+        log_level :warn
+      EOM
+    end
+
+    it "should complete with success" do
+      result = shell_out!("#{chef_client} -c \"#{path_to("config/client.rb")}\" -r 'recipe[x]'", cwd: chef_dir)
+      result.error!
+
+      inspec_report = JSON.parse(File.read(report_file))
+      expect(inspec_report["profiles"].length).to eq(1)
+
+      profile = inspec_report["profiles"].first
+      expect(profile["name"]).to eq("my-profile")
+      expect(profile["controls"].length).to eq(1)
+
+      control = profile["controls"].first
+      expect(control["id"]).to eq("my control")
+      expect(control["results"].length).to eq(1)
+
+      result = control["results"].first
+      expect(result["status"]).to eq("passed")
+    end
+  end
 end

data/spec/integration/recipes/resource_action_spec.rb

@@ -354,8 +354,8 @@ module ResourceActionSpec
         end
 
         it "allows overridden action to have a description separate from the action defined in the base resource" do
-          expect(ActionJackson.action_description(:test1)).to eql "Original description"
-          expect(ActionJackalope.action_description(:test1)).to eql "An old action with a new description"
+          expect(ActionJackson.new("ActionJackson", nil).action_description(:test1)).to eql "Original description"
+          expect(ActionJackalope.new("ActionJackalope", nil).action_description(:test1)).to eql "An old action with a new description"
         end
 
         it "non-overridden actions run and can access overridden and non-overridden variables (but not necessarily new ones)" do

data/spec/spec_helper.rb

@@ -68,6 +68,7 @@ end
 require "spec/support/local_gems" if File.exist?(File.join(File.dirname(__FILE__), "support", "local_gems.rb"))
 
 # Explicitly require spec helpers that need to load first
+require "spec/support/ruby_installer"
 require "spec/support/platform_helpers"
 require "spec/support/shared/unit/mock_shellout"
 
@@ -186,6 +187,8 @@ RSpec.configure do |config|
   config.filter_run_excluding not_rhel7: true if rhel7?
   config.filter_run_excluding not_intel_64bit: true if intel_64bit?
 
+  config.filter_run_excluding libarchive_loading_broken: true if aix? || amazon_linux? || rhel7?
+
   # these let us use chef: ">= 13" or ruby: "~> 2.0.0" or any other Gem::Dependency-style constraint
   config.filter_run_excluding chef: DependencyProc.with(Chef::VERSION)
   config.filter_run_excluding ruby: DependencyProc.with(RUBY_VERSION)

data/spec/support/platform_helpers.rb

@@ -163,6 +163,10 @@ def aix?
   RUBY_PLATFORM.include?("aix")
 end
 
+def amazon_linux?
+  ohai[:platform_family] == "amazon"
+end
+
 def wpar?
   !((ohai[:virtualization] || {})[:wpar_no].nil?)
 end

data/spec/support/ruby_installer.rb

@@ -0,0 +1,51 @@
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+def add_libarchive_dll_directory
+  require "ruby_installer"
+  libarchive_paths = Dir.glob("{#{Gem.dir},C:/hab}/**/libarchive.dll").map { |f| File.expand_path(f) }
+  if libarchive_paths.empty?
+    $stderr.puts <<~EOL
+      !!!!
+        We couldn't find a libarchive.dll in #{Gem.dir} or C:/hab
+
+        If this is running in a CI/CD environment, this may end up causing failures
+        in the tests for archive_file. If this is not running in a CI/CD
+        environment then it may be safe to ignore this. That is especially true if
+        you're not using the Ruby Installer as your Ruby runtime.
+      !!!!
+    EOL
+    return
+  end
+
+  $stderr.puts "\nFound the following libarchive paths:\n\n#{libarchive_paths.map { |f| "- #{f}\n" }.join}\n\n"
+  libarchive_path = libarchive_paths.first
+  libarchive_dir = File.dirname(libarchive_path)
+
+  if defined?(RubyInstaller::Build) && RubyInstaller::Build.methods.include?(:add_dll_directory)
+    $stderr.puts "Adding #{libarchive_dir} as a DLL load path using RubyInstaller::Build#add_dll_directory"
+    RubyInstaller::Build.add_dll_directory(libarchive_dir)
+  elsif defined?(RubyInstaller::Runtime) && RubyInstaller::Runtime.methods.include?(:add_dll_directory)
+    $stderr.puts "Adding #{libarchive_dir} as a DLL load path using RubyInstaller::Runtime#add_dll_directory"
+    RubyInstaller::Runtime.add_dll_directory(libarchive_dir)
+  else
+    $stderr.puts "Unable to find the right namespace to call #add_dll_directory! Please raise an issue on [GitHub](https://github.com/chef/chef/issues/new/choose)."
+  end
+rescue LoadError
+  $stderr.puts "Failed to load ruby_installer. Assuming Ruby Installer is not being used."
+end
+
+add_libarchive_dll_directory if RUBY_PLATFORM =~ /mswin|mingw32|windows/

data/spec/unit/compliance/input_spec.rb

@@ -0,0 +1,104 @@
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+require "tempfile"
+
+describe Chef::Compliance::Input do
+  let(:events) { Chef::EventDispatch::Dispatcher.new }
+  let(:data) { { "ssh-01" => { "expiration_date" => Date.jd(2463810), "justification" => "waived, yo", "run" => false } } }
+  let(:path) { "/var/chef/cache/cookbooks/acme_compliance/compliance/inputs/default.yml" }
+  let(:cookbook_name) { "acme_compliance" }
+  let(:input) { Chef::Compliance::Input.new(events, data, path, cookbook_name) }
+
+  it "has a cookbook_name" do
+    expect(input.cookbook_name).to eql(cookbook_name)
+  end
+
+  it "has a path" do
+    expect(input.path).to eql(path)
+  end
+
+  it "has a pathname based on the path" do
+    expect(input.pathname).to eql("default")
+  end
+
+  it "is disabled" do
+    expect(input.enabled).to eql(false)
+    expect(input.enabled?).to eql(false)
+  end
+
+  it "has an event handler" do
+    expect(input.events).to eql(events)
+  end
+
+  it "can be enabled by enable!" do
+    input.enable!
+    expect(input.enabled).to eql(true)
+    expect(input.enabled?).to eql(true)
+  end
+
+  it "enabling sends an event" do
+    expect(events).to receive(:compliance_input_enabled).with(input)
+    input.enable!
+  end
+
+  it "can be disabled by disable!" do
+    input.enable!
+    input.disable!
+    expect(input.enabled).to eql(false)
+    expect(input.enabled?).to eql(false)
+  end
+
+  it "has a #inspec_data method that renders the data" do
+    expect(input.inspec_data).to eql(data)
+  end
+
+  it "doesn't render the events in the inspect output" do
+    expect(input.inspect).not_to include("events")
+  end
+
+  it "inflates objects from YAML" do
+    string = <<~EOH
+ssh-01:
+  expiration_date: 2033-07-31
+  run: false
+  justification: "waived, yo"
+    EOH
+    newinput = Chef::Compliance::Input.from_yaml(events, string, path, cookbook_name)
+    expect(newinput.data).to eql(data)
+  end
+
+  it "inflates objects from files" do
+    string = <<~EOH
+ssh-01:
+  expiration_date: 2033-07-31
+  run: false
+  justification: "waived, yo"
+    EOH
+    tempfile = Tempfile.new("chef-compliance-test")
+    tempfile.write string
+    tempfile.close
+    newinput = Chef::Compliance::Input.from_file(events, tempfile.path, cookbook_name)
+    expect(newinput.data).to eql(data)
+  end
+
+  it "inflates objects from hashes" do
+    newinput = Chef::Compliance::Input.from_hash(events, data, path, cookbook_name)
+    expect(newinput.data).to eql(data)
+  end
+end

data/spec/unit/compliance/profile_spec.rb

@@ -0,0 +1,120 @@
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+require "tempfile"
+
+describe Chef::Compliance::Profile do
+  let(:events) { Chef::EventDispatch::Dispatcher.new }
+  let(:data) { { "copyright" => "DevSec Hardening Framework Team", "copyright_email" => "hello@dev-sec.io", "license" => "Apache-2.0", "maintainer" => "DevSec Hardening Framework Team", "name" => "ssh-baseline", "summary" => "Test-suite for best-practice SSH hardening", "supports" => [{ "os-family" => "unix" }], "title" => "DevSec SSH Baseline", "version" => "2.6.4" } }
+  let(:path) { "/var/chef/cache/cookbooks/acme_compliance/compliance/profiles/thisdirectoryisnotthename/inspec.yml" }
+  let(:cookbook_name) { "acme_compliance" }
+  let(:profile) { Chef::Compliance::Profile.new(events, data, path, cookbook_name) }
+
+  it "has a cookbook_name" do
+    expect(profile.cookbook_name).to eql(cookbook_name)
+  end
+
+  it "has a path" do
+    expect(profile.path).to eql(path)
+  end
+
+  it "has a name based on the yml" do
+    expect(profile.name).to eql("ssh-baseline")
+  end
+
+  it "has a pathname based on the path" do
+    expect(profile.pathname).to eql("thisdirectoryisnotthename")
+  end
+
+  it "is disabled" do
+    expect(profile.enabled).to eql(false)
+    expect(profile.enabled?).to eql(false)
+  end
+
+  it "has an event handler" do
+    expect(profile.events).to eql(events)
+  end
+
+  it "can be enabled by enable!" do
+    profile.enable!
+    expect(profile.enabled).to eql(true)
+    expect(profile.enabled?).to eql(true)
+  end
+
+  it "enabling sends an event" do
+    expect(events).to receive(:compliance_profile_enabled).with(profile)
+    profile.enable!
+  end
+
+  it "can be disabled by disable!" do
+    profile.enable!
+    profile.disable!
+    expect(profile.enabled).to eql(false)
+    expect(profile.enabled?).to eql(false)
+  end
+
+  it "has a #inspec_data method that renders the path" do
+    expect(profile.inspec_data).to eql( { name: "ssh-baseline", path: "/var/chef/cache/cookbooks/acme_compliance/compliance/profiles/thisdirectoryisnotthename" } )
+  end
+
+  it "doesn't render the events in the inspect output" do
+    expect(profile.inspect).not_to include("events")
+  end
+
+  it "inflates objects from YAML" do
+    string = <<~EOH
+name: ssh-baseline#{" "}
+title: DevSec SSH Baseline#{" "}
+maintainer: DevSec Hardening Framework Team#{" "}
+copyright: DevSec Hardening Framework Team#{" "}
+copyright_email: hello@dev-sec.io#{" "}
+license: Apache-2.0#{" "}
+summary: Test-suite for best-practice SSH hardening#{" "}
+version: 2.6.4#{" "}
+supports:#{"     "}
+  - os-family: unix
+    EOH
+    newprofile = Chef::Compliance::Profile.from_yaml(events, string, path, cookbook_name)
+    expect(newprofile.data).to eql(data)
+  end
+
+  it "inflates objects from files" do
+    string = <<~EOH
+name: ssh-baseline#{" "}
+title: DevSec SSH Baseline#{" "}
+maintainer: DevSec Hardening Framework Team#{" "}
+copyright: DevSec Hardening Framework Team#{" "}
+copyright_email: hello@dev-sec.io#{" "}
+license: Apache-2.0#{" "}
+summary: Test-suite for best-practice SSH hardening#{" "}
+version: 2.6.4#{" "}
+supports:#{"     "}
+  - os-family: unix
+    EOH
+    tempfile = Tempfile.new("chef-compliance-test")
+    tempfile.write string
+    tempfile.close
+    newprofile = Chef::Compliance::Profile.from_file(events, tempfile.path, cookbook_name)
+    expect(newprofile.data).to eql(data)
+  end
+
+  it "inflates objects from hashes" do
+    newprofile = Chef::Compliance::Profile.from_hash(events, data, path, cookbook_name)
+    expect(newprofile.data).to eql(data)
+  end
+end