inspec-core 2.2.55 → 2.2.61

data/docs/resources/vbscript.md.erb

@@ -9,6 +9,16 @@ Use the `vbscript` InSpec audit resource to test a VBScript on the Windows platf
 
 <br>
 
+## Availability
+
+### Installation
+
+This resource is distributed along with InSpec itself. You can use it automatically.
+
+### Version
+
+This resource first became available in v1.0.0 of InSpec.
+
 ## Syntax
 
 A `vbscript` resource block tests the output of a VBScript on the Windows platform:

data/docs/resources/virtualization.md.erb

@@ -9,6 +9,16 @@ Use the `virtualization` InSpec audit resource to test the virtualization platfo
 
 <br>
 
+## Availability
+
+### Installation
+
+This resource is distributed along with InSpec itself. You can use it automatically.
+
+### Version
+
+This resource first became available in v1.28.0 of InSpec.
+
 ## Syntax
 
 An `virtualization` resource block declares the virtualization platform that should be tested:

data/docs/resources/windows_feature.md.erb

@@ -9,6 +9,16 @@ Use the `windows_feature` InSpec audit resource to test features on Windows via
 
 <br>
 
+## Availability
+
+### Installation
+
+This resource is distributed along with InSpec itself. You can use it automatically.
+
+### Version
+
+This resource first became available in v1.0.0 of InSpec.
+
 ## Syntax
 
 A `windows_feature` resource block declares the name of the Windows feature, tests if that feature is installed, and then returns information about that feature:

data/docs/resources/windows_hotfix.md.erb

@@ -9,6 +9,16 @@ Use the `windows_hotfix` InSpec audit resource to test if the hotfix has been in
 
 <br>
 
+## Availability
+
+### Installation
+
+This resource is distributed along with InSpec itself. You can use it automatically.
+
+### Version
+
+This resource first became available in v1.39.1 of InSpec.
+
 ## Syntax
 
 A `windows_hotfix` resource block declares a hotfix to validate:

data/docs/resources/windows_task.md.erb

@@ -10,6 +10,16 @@ Microsoft and application vendors use scheduled tasks to perform a variety of sy
 
 <br>
 
+## Availability
+
+### Installation
+
+This resource is distributed along with InSpec itself. You can use it automatically.
+
+### Version
+
+This resource first became available in v1.10.0 of InSpec.
+
 ## Syntax
 
 A `windows_task` resource block declares the name of the task (as its full path) and tests its configuration:

data/docs/resources/wmi.md.erb

@@ -9,6 +9,16 @@ Use the `wmi` InSpec audit resource to test WMI settings on the Windows platform
 
 <br>
 
+## Availability
+
+### Installation
+
+This resource is distributed along with InSpec itself. You can use it automatically.
+
+### Version
+
+This resource first became available in v1.0.0 of InSpec.
+
 ## Syntax
 
 A `wmi` resource block tests WMI settings on the Windows platform:

data/docs/resources/x509_certificate.md.erb

@@ -15,6 +15,16 @@ certificates.
 
 <br>
 
+## Availability
+
+### Installation
+
+This resource is distributed along with InSpec itself. You can use it automatically.
+
+### Version
+
+This resource first became available in v1.18.0 of InSpec.
+
 ## Syntax
 
 An `x509_certificate` resource block declares a certificate `key file` to be tested.

data/docs/resources/xinetd_conf.md.erb

@@ -9,6 +9,16 @@ Use the `xinetd_conf` InSpec audit resource to test services under `/etc/xinet.d
 
 <br>
 
+## Availability
+
+### Installation
+
+This resource is distributed along with InSpec itself. You can use it automatically.
+
+### Version
+
+This resource first became available in v1.0.0 of InSpec.
+
 ## Syntax
 
 An `xinetd_conf` resource block declares settings found in a `xinetd.conf` file for the named service:

data/docs/resources/xml.md.erb

@@ -9,6 +9,16 @@ Use the `xml` InSpec audit resource to test data in an XML file.
 
 <br>
 
+## Availability
+
+### Installation
+
+This resource is distributed along with InSpec itself. You can use it automatically.
+
+### Version
+
+This resource first became available in v1.37.6 of InSpec.
+
 ## Syntax
 
 An `xml` resource block declares the data to be tested. Assume the following XML file:

data/docs/resources/yaml.md.erb

@@ -9,6 +9,16 @@ Use the `yaml` InSpec audit resource to test configuration data in a Yaml file.
 
 <br>
 
+## Availability
+
+### Installation
+
+This resource is distributed along with InSpec itself. You can use it automatically.
+
+### Version
+
+This resource first became available in v1.0.0 of InSpec.
+
 ## Syntax
 
 A `yaml` resource block declares the configuration data to be tested. Assume the following Yaml file:

data/docs/resources/yum.md.erb

@@ -9,6 +9,16 @@ Use the `yum` InSpec audit resource to test packages in the Yum repository.
 
 <br>
 
+## Availability
+
+### Installation
+
+This resource is distributed along with InSpec itself. You can use it automatically.
+
+### Version
+
+This resource first became available in v1.0.0 of InSpec.
+
 ## Syntax
 
 A `yum` resource block declares a package repo, tests if the package repository is present, and if it that package repository is a valid package source (i.e. "is enabled"):

data/docs/resources/zfs_dataset.md.erb

@@ -9,6 +9,16 @@ Use the `zfs_dataset` InSpec audit resource to test the ZFS datasets on FreeBSD
 
 <br>
 
+## Availability
+
+### Installation
+
+This resource is distributed along with InSpec itself. You can use it automatically.
+
+### Version
+
+This resource first became available in v1.16.0 of InSpec.
+
 ## Syntax
 
 A `zfs_dataset` resource block declares the ZFS dataset properties that should be tested:

data/docs/resources/zfs_pool.md.erb

@@ -9,6 +9,16 @@ Use the `zfs_pool` InSpec audit resource to test the ZFS pools on FreeBSD system
 
 <br>
 
+## Availability
+
+### Installation
+
+This resource is distributed along with InSpec itself. You can use it automatically.
+
+### Version
+
+This resource first became available in v1.16.0 of InSpec.
+
 ## Syntax
 
 A `zfs_pool` resource block declares the ZFS pool properties that should be tested:

data/lib/inspec/base_cli.rb

@@ -67,6 +67,8 @@ module Inspec
     def self.profile_options
       option :profiles_path, type: :string,
         desc: 'Folder which contains referenced profiles.'
+      option :vendor_cache, type: :string,
+        desc: 'Use the given path for caching dependencies. (default: ~/.inspec/cache)'
     end
 
     def self.exec_options
@@ -83,8 +85,6 @@ module Inspec
         desc: 'Use colors in output.'
       option :attrs, type: :array,
         desc: 'Load attributes file (experimental)'
-      option :vendor_cache, type: :string,
-        desc: 'Use the given path for caching dependencies. (default: ~/.inspec/cache)'
       option :create_lockfile, type: :boolean,
         desc: 'Write out a lockfile based on this execution (unless one already exists)'
       option :backend_cache, type: :boolean,

data/lib/inspec/cli.rb

@@ -34,9 +34,9 @@ class Inspec::InspecCLI < Inspec::BaseCLI
   def json(target)
     o = opts.dup
     diagnose(o)
-    o[:ignore_supports] = true
     o[:backend] = Inspec::Backend.create(target: 'mock://')
     o[:check_mode] = true
+    o[:vendor_cache] = Inspec::Cache.new(o[:vendor_cache])
 
     profile = Inspec::Profile.for_target(target, o)
     info = profile.info
@@ -67,9 +67,9 @@ class Inspec::InspecCLI < Inspec::BaseCLI
   def check(path) # rubocop:disable Metrics/AbcSize
     o = opts.dup
     diagnose(o)
-    o[:ignore_supports] = true # we check for integrity only
     o[:backend] = Inspec::Backend.create(target: 'mock://')
     o[:check_mode] = true
+    o[:vendor_cache] = Inspec::Cache.new(o[:vendor_cache])
 
     # run check
     profile = Inspec::Profile.for_target(path, o)
@@ -140,6 +140,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
     o[:logger] = Logger.new(STDOUT)
     o[:logger].level = get_log_level(o.log_level)
     o[:backend] = Inspec::Backend.create(target: 'mock://')
+    o[:vendor_cache] = Inspec::Cache.new(o[:vendor_cache])
 
     profile = Inspec::Profile.for_target(path, o)
     result = profile.check

data/lib/inspec/resource.rb

@@ -128,6 +128,7 @@ require 'resources/directory'
 require 'resources/docker'
 require 'resources/docker_container'
 require 'resources/docker_image'
+require 'resources/docker_plugin'
 require 'resources/docker_service'
 require 'resources/elasticsearch'
 require 'resources/etc_fstab'
@@ -143,6 +144,7 @@ require 'resources/grub_conf'
 require 'resources/host'
 require 'resources/http'
 require 'resources/iis_app'
+require 'resources/iis_app_pool'
 require 'resources/iis_site'
 require 'resources/inetd_conf'
 require 'resources/interface'

data/lib/inspec/runner.rb

@@ -39,7 +39,6 @@ module Inspec
       @target_profiles = []
       @controls = @conf[:controls] || []
       @depends = @conf[:depends] || []
-      @ignore_supports = @conf[:ignore_supports]
       @create_lockfile = @conf[:create_lockfile]
       @cache = Inspec::Cache.new(@conf[:vendor_cache])
 
@@ -108,7 +107,8 @@ module Inspec
       return if @conf['reporter'].nil?
 
       @conf['reporter'].each do |reporter|
-        Inspec::Reporters.render(reporter, run_data)
+        result = Inspec::Reporters.render(reporter, run_data)
+        raise Inspec::ReporterError, "Error generating reporter '#{reporter[0]}'" if result == false
       end
     end
 
@@ -196,8 +196,6 @@ module Inspec
     end
 
     def supports_profile?(profile)
-      return true if @ignore_supports
-
       if !profile.supports_runtime?
         raise 'This profile requires InSpec version '\
              "#{profile.metadata.inspec_requirement}. You are running "\

data/lib/inspec/version.rb

@@ -4,5 +4,5 @@
 # author: Christoph Hartmann
 
 module Inspec
-  VERSION = '2.2.55'
+  VERSION = '2.2.61'
 end

data/lib/resources/docker.rb

@@ -52,6 +52,20 @@ module Inspec::Resources
     end
   end
 
+  class DockerPluginFilter
+    filter = FilterTable.create
+    filter.add(:ids,              field: 'id')
+          .add(:names,            field: 'name')
+          .add(:versions,         field: 'version')
+          .add(:enabled,          field: 'enabled')
+    filter.connect(self, :plugins)
+
+    attr_reader :plugins
+    def initialize(plugins)
+      @plugins = plugins
+    end
+  end
+
   class DockerServiceFilter
     filter = FilterTable.create
     filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
@@ -89,6 +103,10 @@ module Inspec::Resources
         its('repositories') { should_not include 'inssecure_image' }
       end
 
+      describe docker.plugins.where { name == 'rexray/ebs' } do
+        it { should exist }
+      end
+
       describe docker.services do
         its('images') { should_not include 'inssecure_image' }
       end
@@ -119,6 +137,10 @@ module Inspec::Resources
       DockerImageFilter.new(parse_images)
     end
 
+    def plugins
+      DockerPluginFilter.new(parse_plugins)
+    end
+
     def services
       DockerServiceFilter.new(parse_services)
     end
@@ -226,5 +248,17 @@ module Inspec::Resources
       warn 'Could not parse `docker images` output'
       []
     end
+
+    def parse_plugins
+      plugins = inspec.command('docker plugin ls --format \'{"id": {{json .ID}}, "name": "{{ with split .Name ":"}}{{index . 0}}{{end}}", "version": "{{ with split .Name ":"}}{{index . 1}}{{end}}", "enabled": {{json .Enabled}} }\'').stdout
+      c_plugins = []
+      plugins.each_line { |entry|
+        c_plugins.push(JSON.parse(entry))
+      }
+      c_plugins
+    rescue JSON::ParserError => _e
+      warn 'Could not parse `docker plugin ls` output'
+      []
+    end
   end
 end

data/lib/resources/docker_plugin.rb

@@ -0,0 +1,63 @@
+# encoding: utf-8
+
+module Inspec::Resources
+  class DockerPlugin < Inspec.resource(1)
+    name 'docker_plugin'
+    supports platform: 'unix'
+    desc 'Retrieves info about docker plugins'
+    example "
+      describe docker_plugin('rexray/ebs') do
+        it { should exist }
+        its('id') { should_not eq '0ac30b93ad40' }
+        its('version') { should eq '0.11.1' }
+        it { should be_enabled }
+      end
+
+      describe docker_plugin('alpine:latest') do
+        it { should exist }
+      end
+
+      describe docker_plugin(id: '4a415e366388') do
+        it { should exist }
+      end
+    "
+
+    def initialize(opts = {})
+      # do sanitizion of input values
+      o = opts.dup
+      o = { name: opts } if opts.is_a?(String)
+      @opts = o
+    end
+
+    def exist?
+      object_info.entries.size == 1
+    end
+
+    def enabled?
+      object_info.enabled[0]
+    end
+
+    def id
+      object_info.ids[0] if object_info.entries.size == 1
+    end
+
+    def version
+      object_info.versions[0] if object_info.entries.size == 1
+    end
+
+    def to_s
+      plugin = @opts[:name] || @opts[:id]
+      "Docker plugin #{plugin}"
+    end
+
+    private
+
+    def object_info
+      return @info if defined?(@info)
+      opts = @opts
+      @info = inspec.docker.plugins.where {
+        (name == opts[:name]) || (!id.nil? && !opts[:id].nil? && (id == opts[:id]))
+      }
+    end
+  end
+end