inspec-core 4.18.51 → 4.18.85
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +61 -0
- data/README.md +3 -3
- data/inspec-core.gemspec +51 -0
- data/lib/bundles/inspec-supermarket/cli.rb +1 -0
- data/lib/inspec/backend.rb +49 -47
- data/lib/inspec/base_cli.rb +2 -2
- data/lib/inspec/cached_fetcher.rb +4 -0
- data/lib/inspec/cli.rb +5 -0
- data/lib/inspec/config.rb +1 -1
- data/lib/inspec/control_eval_context.rb +131 -199
- data/lib/inspec/dependencies/requirement.rb +1 -1
- data/lib/inspec/dependencies/resolver.rb +46 -0
- data/lib/inspec/dsl_shared.rb +25 -3
- data/lib/inspec/fetcher.rb +0 -3
- data/lib/inspec/fetcher/git.rb +4 -0
- data/lib/inspec/fetcher/url.rb +1 -2
- data/lib/inspec/file_provider.rb +4 -2
- data/lib/inspec/library_eval_context.rb +37 -37
- data/lib/inspec/plugin/v1/plugin_types/fetcher.rb +27 -0
- data/lib/inspec/plugin/v1/plugins.rb +0 -1
- data/lib/inspec/profile.rb +8 -6
- data/lib/inspec/profile_context.rb +74 -9
- data/lib/inspec/profile_vendor.rb +48 -3
- data/lib/inspec/resource.rb +192 -41
- data/lib/inspec/resources/aide_conf.rb +1 -1
- data/lib/inspec/resources/apache_conf.rb +15 -31
- data/lib/inspec/resources/command.rb +1 -1
- data/lib/inspec/resources/crontab.rb +56 -56
- data/lib/inspec/resources/etc_fstab.rb +1 -1
- data/lib/inspec/resources/etc_group.rb +1 -1
- data/lib/inspec/resources/etc_hosts.rb +2 -3
- data/lib/inspec/resources/etc_hosts_allow_deny.rb +1 -1
- data/lib/inspec/resources/file.rb +2 -2
- data/lib/inspec/resources/filesystem.rb +4 -4
- data/lib/inspec/resources/groups.rb +16 -2
- data/lib/inspec/resources/iis_app.rb +1 -1
- data/lib/inspec/resources/ini.rb +1 -2
- data/lib/inspec/resources/mount.rb +2 -2
- data/lib/inspec/resources/oracledb_session.rb +1 -1
- data/lib/inspec/resources/package.rb +22 -0
- data/lib/inspec/resources/passwd.rb +1 -1
- data/lib/inspec/resources/platform.rb +36 -36
- data/lib/inspec/resources/port.rb +1 -1
- data/lib/inspec/resources/postfix_conf.rb +1 -1
- data/lib/inspec/resources/service.rb +23 -15
- data/lib/inspec/resources/users.rb +3 -3
- data/lib/inspec/resources/virtualization.rb +15 -11
- data/lib/inspec/resources/x509_certificate.rb +18 -4
- data/lib/inspec/resources/xinetd_conf.rb +1 -1
- data/lib/inspec/resources/xml.rb +1 -2
- data/lib/inspec/rspec_extensions.rb +12 -0
- data/lib/inspec/rule.rb +63 -22
- data/lib/inspec/utils/filter.rb +2 -0
- data/lib/inspec/utils/parser.rb +244 -240
- data/lib/inspec/utils/simpleconfig.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +11 -10
- data/lib/plugins/inspec-compliance/lib/inspec-compliance.rb +3 -0
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +2 -2
- data/lib/plugins/inspec-init/templates/profiles/aws/README.md +192 -0
- data/lib/plugins/inspec-init/templates/profiles/aws/attributes.yml +2 -0
- data/lib/plugins/inspec-init/templates/profiles/aws/controls/example.rb +39 -0
- data/lib/plugins/inspec-init/templates/profiles/aws/inspec.yml +22 -0
- data/lib/plugins/inspec-init/templates/profiles/azure/README.md +56 -0
- data/lib/plugins/inspec-init/templates/profiles/azure/controls/example.rb +14 -0
- data/lib/plugins/inspec-init/templates/profiles/azure/inspec.yml +14 -0
- data/lib/plugins/inspec-init/templates/profiles/gcp/README.md +66 -0
- data/lib/plugins/inspec-init/templates/profiles/gcp/attributes.yml +2 -0
- data/lib/plugins/inspec-init/templates/profiles/gcp/controls/example.rb +27 -0
- data/lib/plugins/inspec-init/templates/profiles/gcp/inspec.yml +19 -0
- data/lib/source_readers/inspec.rb +1 -1
- metadata +87 -74
- data/lib/inspec/plugin/v1/plugin_types/resource.rb +0 -176
- data/lib/plugins/inspec-init/templates/profiles/os/libraries/.gitkeep +0 -0
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
# copyright: 2018, The Authors
|
|
2
|
+
|
|
3
|
+
title "Sample Section"
|
|
4
|
+
|
|
5
|
+
gcp_project_id = attribute("gcp_project_id")
|
|
6
|
+
|
|
7
|
+
# you add controls here
|
|
8
|
+
control "gcp-single-region-1.0" do # A unique ID for this control
|
|
9
|
+
impact 1.0 # The criticality, if this control fails.
|
|
10
|
+
title "Ensure single region has the correct properties." # A human-readable title
|
|
11
|
+
desc "An optional description..."
|
|
12
|
+
describe google_compute_region(project: gcp_project_id, name: "europe-west2") do # The actual test
|
|
13
|
+
its("zone_names") { should include "europe-west2-a" }
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
# plural resources can be leveraged to loop across many resources
|
|
18
|
+
control "gcp-regions-loop-1.0" do # A unique ID for this control
|
|
19
|
+
impact 1.0 # The criticality, if this control fails.
|
|
20
|
+
title "Ensure regions have the correct properties in bulk." # A human-readable title
|
|
21
|
+
desc "An optional description..."
|
|
22
|
+
google_compute_regions(project: gcp_project_id).region_names.each do |region_name| # Loop across all regions by name
|
|
23
|
+
describe google_compute_region(project: gcp_project_id, name: region_name) do # The test for a single region
|
|
24
|
+
it { should be_up }
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
name: <%= name %>
|
|
2
|
+
title: GCP InSpec Profile
|
|
3
|
+
maintainer: The Authors
|
|
4
|
+
copyright: The Authors
|
|
5
|
+
copyright_email: you@example.com
|
|
6
|
+
license: Apache-2.0
|
|
7
|
+
summary: An InSpec Compliance Profile For GCP
|
|
8
|
+
version: 0.1.0
|
|
9
|
+
inspec_version: '>= 2.3.5'
|
|
10
|
+
attributes:
|
|
11
|
+
- name: gcp_project_id
|
|
12
|
+
required: true
|
|
13
|
+
description: 'The GCP project identifier.'
|
|
14
|
+
type: string
|
|
15
|
+
depends:
|
|
16
|
+
- name: inspec-gcp
|
|
17
|
+
url: https://github.com/inspec/inspec-gcp/archive/master.tar.gz
|
|
18
|
+
supports:
|
|
19
|
+
- platform: gcp
|
metadata
CHANGED
|
@@ -1,29 +1,15 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: inspec-core
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.18.
|
|
4
|
+
version: 4.18.85
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
|
-
-
|
|
7
|
+
- Chef InSpec Team
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2020-02-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
|
-
- !ruby/object:Gem::Dependency
|
|
14
|
-
name: train-core
|
|
15
|
-
requirement: !ruby/object:Gem::Requirement
|
|
16
|
-
requirements:
|
|
17
|
-
- - "~>"
|
|
18
|
-
- !ruby/object:Gem::Version
|
|
19
|
-
version: '3.0'
|
|
20
|
-
type: :runtime
|
|
21
|
-
prerelease: false
|
|
22
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
-
requirements:
|
|
24
|
-
- - "~>"
|
|
25
|
-
- !ruby/object:Gem::Version
|
|
26
|
-
version: '3.0'
|
|
27
13
|
- !ruby/object:Gem::Dependency
|
|
28
14
|
name: chef-telemetry
|
|
29
15
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -62,16 +48,22 @@ dependencies:
|
|
|
62
48
|
name: thor
|
|
63
49
|
requirement: !ruby/object:Gem::Requirement
|
|
64
50
|
requirements:
|
|
65
|
-
- - "
|
|
51
|
+
- - ">="
|
|
66
52
|
- !ruby/object:Gem::Version
|
|
67
53
|
version: '0.20'
|
|
54
|
+
- - "<"
|
|
55
|
+
- !ruby/object:Gem::Version
|
|
56
|
+
version: '2.0'
|
|
68
57
|
type: :runtime
|
|
69
58
|
prerelease: false
|
|
70
59
|
version_requirements: !ruby/object:Gem::Requirement
|
|
71
60
|
requirements:
|
|
72
|
-
- - "
|
|
61
|
+
- - ">="
|
|
73
62
|
- !ruby/object:Gem::Version
|
|
74
63
|
version: '0.20'
|
|
64
|
+
- - "<"
|
|
65
|
+
- !ruby/object:Gem::Version
|
|
66
|
+
version: '2.0'
|
|
75
67
|
- !ruby/object:Gem::Dependency
|
|
76
68
|
name: json-schema
|
|
77
69
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -106,14 +98,20 @@ dependencies:
|
|
|
106
98
|
requirements:
|
|
107
99
|
- - "~>"
|
|
108
100
|
- !ruby/object:Gem::Version
|
|
109
|
-
version: '1.
|
|
101
|
+
version: '1.2'
|
|
102
|
+
- - ">="
|
|
103
|
+
- !ruby/object:Gem::Version
|
|
104
|
+
version: 1.2.2
|
|
110
105
|
type: :runtime
|
|
111
106
|
prerelease: false
|
|
112
107
|
version_requirements: !ruby/object:Gem::Requirement
|
|
113
108
|
requirements:
|
|
114
109
|
- - "~>"
|
|
115
110
|
- !ruby/object:Gem::Version
|
|
116
|
-
version: '1.
|
|
111
|
+
version: '1.2'
|
|
112
|
+
- - ">="
|
|
113
|
+
- !ruby/object:Gem::Version
|
|
114
|
+
version: 1.2.2
|
|
117
115
|
- !ruby/object:Gem::Dependency
|
|
118
116
|
name: rspec
|
|
119
117
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -143,47 +141,47 @@ dependencies:
|
|
|
143
141
|
- !ruby/object:Gem::Version
|
|
144
142
|
version: '1.2'
|
|
145
143
|
- !ruby/object:Gem::Dependency
|
|
146
|
-
name:
|
|
144
|
+
name: pry
|
|
147
145
|
requirement: !ruby/object:Gem::Requirement
|
|
148
146
|
requirements:
|
|
149
147
|
- - "~>"
|
|
150
148
|
- !ruby/object:Gem::Version
|
|
151
|
-
version: '
|
|
149
|
+
version: '0'
|
|
152
150
|
type: :runtime
|
|
153
151
|
prerelease: false
|
|
154
152
|
version_requirements: !ruby/object:Gem::Requirement
|
|
155
153
|
requirements:
|
|
156
154
|
- - "~>"
|
|
157
155
|
- !ruby/object:Gem::Version
|
|
158
|
-
version: '
|
|
156
|
+
version: '0'
|
|
159
157
|
- !ruby/object:Gem::Dependency
|
|
160
|
-
name:
|
|
158
|
+
name: hashie
|
|
161
159
|
requirement: !ruby/object:Gem::Requirement
|
|
162
160
|
requirements:
|
|
163
|
-
- - "
|
|
161
|
+
- - "~>"
|
|
164
162
|
- !ruby/object:Gem::Version
|
|
165
|
-
version: '
|
|
163
|
+
version: '3.4'
|
|
166
164
|
type: :runtime
|
|
167
165
|
prerelease: false
|
|
168
166
|
version_requirements: !ruby/object:Gem::Requirement
|
|
169
167
|
requirements:
|
|
170
|
-
- - "
|
|
168
|
+
- - "~>"
|
|
171
169
|
- !ruby/object:Gem::Version
|
|
172
|
-
version: '
|
|
170
|
+
version: '3.4'
|
|
173
171
|
- !ruby/object:Gem::Dependency
|
|
174
|
-
name:
|
|
172
|
+
name: mixlib-log
|
|
175
173
|
requirement: !ruby/object:Gem::Requirement
|
|
176
174
|
requirements:
|
|
177
175
|
- - "~>"
|
|
178
176
|
- !ruby/object:Gem::Version
|
|
179
|
-
version: '0'
|
|
177
|
+
version: '3.0'
|
|
180
178
|
type: :runtime
|
|
181
179
|
prerelease: false
|
|
182
180
|
version_requirements: !ruby/object:Gem::Requirement
|
|
183
181
|
requirements:
|
|
184
182
|
- - "~>"
|
|
185
183
|
- !ruby/object:Gem::Version
|
|
186
|
-
version: '0'
|
|
184
|
+
version: '3.0'
|
|
187
185
|
- !ruby/object:Gem::Dependency
|
|
188
186
|
name: sslshake
|
|
189
187
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -227,19 +225,33 @@ dependencies:
|
|
|
227
225
|
- !ruby/object:Gem::Version
|
|
228
226
|
version: 0.9.0
|
|
229
227
|
- !ruby/object:Gem::Dependency
|
|
230
|
-
name:
|
|
228
|
+
name: tty-table
|
|
229
|
+
requirement: !ruby/object:Gem::Requirement
|
|
230
|
+
requirements:
|
|
231
|
+
- - "~>"
|
|
232
|
+
- !ruby/object:Gem::Version
|
|
233
|
+
version: '0.10'
|
|
234
|
+
type: :runtime
|
|
235
|
+
prerelease: false
|
|
236
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
237
|
+
requirements:
|
|
238
|
+
- - "~>"
|
|
239
|
+
- !ruby/object:Gem::Version
|
|
240
|
+
version: '0.10'
|
|
241
|
+
- !ruby/object:Gem::Dependency
|
|
242
|
+
name: tty-prompt
|
|
231
243
|
requirement: !ruby/object:Gem::Requirement
|
|
232
244
|
requirements:
|
|
233
245
|
- - "~>"
|
|
234
246
|
- !ruby/object:Gem::Version
|
|
235
|
-
version: 0.
|
|
247
|
+
version: '0.17'
|
|
236
248
|
type: :runtime
|
|
237
249
|
prerelease: false
|
|
238
250
|
version_requirements: !ruby/object:Gem::Requirement
|
|
239
251
|
requirements:
|
|
240
252
|
- - "~>"
|
|
241
253
|
- !ruby/object:Gem::Version
|
|
242
|
-
version: 0.
|
|
254
|
+
version: '0.17'
|
|
243
255
|
- !ruby/object:Gem::Dependency
|
|
244
256
|
name: tomlrb
|
|
245
257
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -286,97 +298,89 @@ dependencies:
|
|
|
286
298
|
name: semverse
|
|
287
299
|
requirement: !ruby/object:Gem::Requirement
|
|
288
300
|
requirements:
|
|
289
|
-
- - "
|
|
301
|
+
- - "~>"
|
|
290
302
|
- !ruby/object:Gem::Version
|
|
291
|
-
version: '0'
|
|
303
|
+
version: '3.0'
|
|
292
304
|
type: :runtime
|
|
293
305
|
prerelease: false
|
|
294
306
|
version_requirements: !ruby/object:Gem::Requirement
|
|
295
307
|
requirements:
|
|
296
|
-
- - "
|
|
308
|
+
- - "~>"
|
|
297
309
|
- !ruby/object:Gem::Version
|
|
298
|
-
version: '0'
|
|
310
|
+
version: '3.0'
|
|
299
311
|
- !ruby/object:Gem::Dependency
|
|
300
312
|
name: htmlentities
|
|
301
313
|
requirement: !ruby/object:Gem::Requirement
|
|
302
314
|
requirements:
|
|
303
|
-
- - "
|
|
315
|
+
- - "~>"
|
|
304
316
|
- !ruby/object:Gem::Version
|
|
305
|
-
version: '
|
|
317
|
+
version: '4.3'
|
|
306
318
|
type: :runtime
|
|
307
319
|
prerelease: false
|
|
308
320
|
version_requirements: !ruby/object:Gem::Requirement
|
|
309
321
|
requirements:
|
|
310
|
-
- - "
|
|
322
|
+
- - "~>"
|
|
311
323
|
- !ruby/object:Gem::Version
|
|
312
|
-
version: '
|
|
324
|
+
version: '4.3'
|
|
313
325
|
- !ruby/object:Gem::Dependency
|
|
314
326
|
name: multipart-post
|
|
315
|
-
requirement: !ruby/object:Gem::Requirement
|
|
316
|
-
requirements:
|
|
317
|
-
- - ">="
|
|
318
|
-
- !ruby/object:Gem::Version
|
|
319
|
-
version: '0'
|
|
320
|
-
type: :runtime
|
|
321
|
-
prerelease: false
|
|
322
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
323
|
-
requirements:
|
|
324
|
-
- - ">="
|
|
325
|
-
- !ruby/object:Gem::Version
|
|
326
|
-
version: '0'
|
|
327
|
-
- !ruby/object:Gem::Dependency
|
|
328
|
-
name: tty-table
|
|
329
327
|
requirement: !ruby/object:Gem::Requirement
|
|
330
328
|
requirements:
|
|
331
329
|
- - "~>"
|
|
332
330
|
- !ruby/object:Gem::Version
|
|
333
|
-
version: '0
|
|
331
|
+
version: '2.0'
|
|
334
332
|
type: :runtime
|
|
335
333
|
prerelease: false
|
|
336
334
|
version_requirements: !ruby/object:Gem::Requirement
|
|
337
335
|
requirements:
|
|
338
336
|
- - "~>"
|
|
339
337
|
- !ruby/object:Gem::Version
|
|
340
|
-
version: '0
|
|
338
|
+
version: '2.0'
|
|
341
339
|
- !ruby/object:Gem::Dependency
|
|
342
|
-
name:
|
|
340
|
+
name: term-ansicolor
|
|
343
341
|
requirement: !ruby/object:Gem::Requirement
|
|
344
342
|
requirements:
|
|
345
343
|
- - "~>"
|
|
346
344
|
- !ruby/object:Gem::Version
|
|
347
|
-
version: '
|
|
345
|
+
version: '1.7'
|
|
348
346
|
type: :runtime
|
|
349
347
|
prerelease: false
|
|
350
348
|
version_requirements: !ruby/object:Gem::Requirement
|
|
351
349
|
requirements:
|
|
352
350
|
- - "~>"
|
|
353
351
|
- !ruby/object:Gem::Version
|
|
354
|
-
version: '
|
|
352
|
+
version: '1.7'
|
|
355
353
|
- !ruby/object:Gem::Dependency
|
|
356
|
-
name:
|
|
354
|
+
name: train-core
|
|
357
355
|
requirement: !ruby/object:Gem::Requirement
|
|
358
356
|
requirements:
|
|
359
|
-
- - "
|
|
357
|
+
- - "~>"
|
|
360
358
|
- !ruby/object:Gem::Version
|
|
361
|
-
version: '0'
|
|
359
|
+
version: '3.0'
|
|
362
360
|
type: :runtime
|
|
363
361
|
prerelease: false
|
|
364
362
|
version_requirements: !ruby/object:Gem::Requirement
|
|
365
363
|
requirements:
|
|
366
|
-
- - "
|
|
364
|
+
- - "~>"
|
|
367
365
|
- !ruby/object:Gem::Version
|
|
368
|
-
version: '0'
|
|
369
|
-
description:
|
|
366
|
+
version: '3.0'
|
|
367
|
+
description: InSpec provides a framework for creating end-to-end infrastructure tests.
|
|
368
|
+
You can use it for integration or even compliance testing. Create fully portable
|
|
369
|
+
test profiles and use them in your workflow to ensure stability and security. Integrate
|
|
370
|
+
InSpec in your change lifecycle for local testing, CI/CD, and deployment verification.
|
|
371
|
+
This has local support only. See the `inspec` gem for full support.
|
|
370
372
|
email:
|
|
371
|
-
-
|
|
373
|
+
- inspec@chef.io
|
|
372
374
|
executables: []
|
|
373
375
|
extensions: []
|
|
374
376
|
extra_rdoc_files: []
|
|
375
377
|
files:
|
|
378
|
+
- Gemfile
|
|
376
379
|
- LICENSE
|
|
377
380
|
- README.md
|
|
378
381
|
- etc/deprecations.json
|
|
379
382
|
- etc/plugin_filters.json
|
|
383
|
+
- inspec-core.gemspec
|
|
380
384
|
- lib/bundles/README.md
|
|
381
385
|
- lib/bundles/inspec-compliance/api.rb
|
|
382
386
|
- lib/bundles/inspec-compliance/configuration.rb
|
|
@@ -446,7 +450,6 @@ files:
|
|
|
446
450
|
- lib/inspec/plugin/v1.rb
|
|
447
451
|
- lib/inspec/plugin/v1/plugin_types/cli.rb
|
|
448
452
|
- lib/inspec/plugin/v1/plugin_types/fetcher.rb
|
|
449
|
-
- lib/inspec/plugin/v1/plugin_types/resource.rb
|
|
450
453
|
- lib/inspec/plugin/v1/plugin_types/secret.rb
|
|
451
454
|
- lib/inspec/plugin/v1/plugin_types/source_reader.rb
|
|
452
455
|
- lib/inspec/plugin/v1/plugins.rb
|
|
@@ -682,10 +685,20 @@ files:
|
|
|
682
685
|
- lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/cli_command.rb
|
|
683
686
|
- lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/plugin.rb
|
|
684
687
|
- lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/version.rb
|
|
688
|
+
- lib/plugins/inspec-init/templates/profiles/aws/README.md
|
|
689
|
+
- lib/plugins/inspec-init/templates/profiles/aws/attributes.yml
|
|
690
|
+
- lib/plugins/inspec-init/templates/profiles/aws/controls/example.rb
|
|
691
|
+
- lib/plugins/inspec-init/templates/profiles/aws/inspec.yml
|
|
692
|
+
- lib/plugins/inspec-init/templates/profiles/azure/README.md
|
|
693
|
+
- lib/plugins/inspec-init/templates/profiles/azure/controls/example.rb
|
|
694
|
+
- lib/plugins/inspec-init/templates/profiles/azure/inspec.yml
|
|
695
|
+
- lib/plugins/inspec-init/templates/profiles/gcp/README.md
|
|
696
|
+
- lib/plugins/inspec-init/templates/profiles/gcp/attributes.yml
|
|
697
|
+
- lib/plugins/inspec-init/templates/profiles/gcp/controls/example.rb
|
|
698
|
+
- lib/plugins/inspec-init/templates/profiles/gcp/inspec.yml
|
|
685
699
|
- lib/plugins/inspec-init/templates/profiles/os/README.md
|
|
686
700
|
- lib/plugins/inspec-init/templates/profiles/os/controls/example.rb
|
|
687
701
|
- lib/plugins/inspec-init/templates/profiles/os/inspec.yml
|
|
688
|
-
- lib/plugins/inspec-init/templates/profiles/os/libraries/.gitkeep
|
|
689
702
|
- lib/plugins/inspec-plugin-manager-cli/README.md
|
|
690
703
|
- lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli.rb
|
|
691
704
|
- lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb
|
|
@@ -694,7 +707,7 @@ files:
|
|
|
694
707
|
- lib/plugins/things-for-train-integration.rb
|
|
695
708
|
- lib/source_readers/flat.rb
|
|
696
709
|
- lib/source_readers/inspec.rb
|
|
697
|
-
homepage: https://github.com/
|
|
710
|
+
homepage: https://github.com/inspec/inspec
|
|
698
711
|
licenses:
|
|
699
712
|
- Apache-2.0
|
|
700
713
|
metadata: {}
|
|
@@ -704,7 +717,7 @@ require_paths:
|
|
|
704
717
|
- lib
|
|
705
718
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
706
719
|
requirements:
|
|
707
|
-
- - "
|
|
720
|
+
- - "~>"
|
|
708
721
|
- !ruby/object:Gem::Version
|
|
709
722
|
version: '2.4'
|
|
710
723
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
@@ -716,5 +729,5 @@ requirements: []
|
|
|
716
729
|
rubygems_version: 3.0.3
|
|
717
730
|
signing_key:
|
|
718
731
|
specification_version: 4
|
|
719
|
-
summary:
|
|
732
|
+
summary: Infrastructure and compliance testing. Core library.
|
|
720
733
|
test_files: []
|
|
@@ -1,176 +0,0 @@
|
|
|
1
|
-
require "inspec/exceptions"
|
|
2
|
-
|
|
3
|
-
module Inspec
|
|
4
|
-
module ResourceBehaviors
|
|
5
|
-
def to_s
|
|
6
|
-
@__resource_name__
|
|
7
|
-
end
|
|
8
|
-
|
|
9
|
-
# Overwrite inspect to provide better output to RSpec results.
|
|
10
|
-
#
|
|
11
|
-
# @return [String] full name of the resource
|
|
12
|
-
def inspect
|
|
13
|
-
to_s
|
|
14
|
-
end
|
|
15
|
-
end
|
|
16
|
-
|
|
17
|
-
module ResourceDSL
|
|
18
|
-
def name(name = nil)
|
|
19
|
-
return @name if name.nil?
|
|
20
|
-
|
|
21
|
-
@name = name
|
|
22
|
-
__register(name, self)
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
def desc(description = nil)
|
|
26
|
-
return if description.nil?
|
|
27
|
-
|
|
28
|
-
__resource_registry[@name].desc(description)
|
|
29
|
-
end
|
|
30
|
-
|
|
31
|
-
def supports(criteria = nil)
|
|
32
|
-
return if criteria.nil?
|
|
33
|
-
|
|
34
|
-
key = @name.to_sym
|
|
35
|
-
|
|
36
|
-
Inspec::Resource.supports[key] ||= []
|
|
37
|
-
Inspec::Resource.supports[key].push(criteria)
|
|
38
|
-
end
|
|
39
|
-
|
|
40
|
-
def example(example = nil)
|
|
41
|
-
return if example.nil?
|
|
42
|
-
|
|
43
|
-
__resource_registry[@name].example(example)
|
|
44
|
-
end
|
|
45
|
-
|
|
46
|
-
# Support for Resource DSL plugins.
|
|
47
|
-
# This is called when an unknown method is encountered
|
|
48
|
-
# within a resource class definition.
|
|
49
|
-
# Even tho this is defined as an instance method, it gets added to
|
|
50
|
-
# Inspec::Plugins::Resource via `extend`, so this is actually a class defintion.
|
|
51
|
-
def method_missing(method_name, *arguments, &block)
|
|
52
|
-
require "inspec/plugin/v2"
|
|
53
|
-
# Check to see if there is a resource_dsl plugin activator hook with the method name
|
|
54
|
-
registry = Inspec::Plugin::V2::Registry.instance
|
|
55
|
-
hook = registry.find_activators(plugin_type: :resource_dsl, activator_name: method_name).first
|
|
56
|
-
if hook
|
|
57
|
-
# OK, load the hook if it hasn't been already. We'll then know a module,
|
|
58
|
-
# which we can then inject into the resource
|
|
59
|
-
hook.activate
|
|
60
|
-
# Inject the module's methods into the resource as class methods.
|
|
61
|
-
# implementation_class is the field name, but this is actually a module.
|
|
62
|
-
extend(hook.implementation_class)
|
|
63
|
-
# Now that the module is loaded, it defined one or more methods
|
|
64
|
-
# (presumably the one we were looking for.)
|
|
65
|
-
# We still haven't called it, so do so now.
|
|
66
|
-
send(method_name, *arguments, &block)
|
|
67
|
-
else
|
|
68
|
-
# If we couldn't find a plugin to match, maybe something up above has it,
|
|
69
|
-
# or maybe it is just a unknown method error.
|
|
70
|
-
super
|
|
71
|
-
end
|
|
72
|
-
end
|
|
73
|
-
|
|
74
|
-
def __resource_registry
|
|
75
|
-
Inspec::Resource.registry
|
|
76
|
-
end
|
|
77
|
-
|
|
78
|
-
def __register(name, obj) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
|
|
79
|
-
cl = Class.new(obj) do # rubocop:disable Metrics/BlockLength
|
|
80
|
-
attr_reader :resource_exception_message
|
|
81
|
-
|
|
82
|
-
def initialize(backend, name, *args)
|
|
83
|
-
@resource_skipped = false
|
|
84
|
-
@resource_failed = false
|
|
85
|
-
@supports = Inspec::Resource.supports[name.to_sym]
|
|
86
|
-
@resource_exception_message = nil
|
|
87
|
-
|
|
88
|
-
# attach the backend to this instance
|
|
89
|
-
@__backend_runner__ = backend
|
|
90
|
-
@__resource_name__ = name
|
|
91
|
-
|
|
92
|
-
# check resource supports
|
|
93
|
-
supported = @supports ? check_supports : true # check_supports has side effects!
|
|
94
|
-
test_backend = defined?(Train::Transports::Mock::Connection) && backend.backend.class == Train::Transports::Mock::Connection
|
|
95
|
-
# raise unless we are supported or in test
|
|
96
|
-
unless supported || test_backend
|
|
97
|
-
msg = "Unsupported resource/backend combination: %s / %s. Exiting." %
|
|
98
|
-
[name, backend.platform.name]
|
|
99
|
-
raise ArgumentError, msg
|
|
100
|
-
end
|
|
101
|
-
|
|
102
|
-
# call the resource initializer
|
|
103
|
-
begin
|
|
104
|
-
super(*args)
|
|
105
|
-
rescue Inspec::Exceptions::ResourceSkipped => e
|
|
106
|
-
skip_resource(e.message)
|
|
107
|
-
rescue Inspec::Exceptions::ResourceFailed => e
|
|
108
|
-
fail_resource(e.message)
|
|
109
|
-
rescue NotImplementedError => e
|
|
110
|
-
fail_resource(e.message) unless @resource_failed
|
|
111
|
-
rescue NoMethodError => e
|
|
112
|
-
skip_resource(e.message) unless @resource_failed
|
|
113
|
-
end
|
|
114
|
-
end
|
|
115
|
-
|
|
116
|
-
def self.desc(description = nil)
|
|
117
|
-
return @description if description.nil?
|
|
118
|
-
|
|
119
|
-
@description = description
|
|
120
|
-
end
|
|
121
|
-
|
|
122
|
-
def self.example(example = nil)
|
|
123
|
-
return @example if example.nil?
|
|
124
|
-
|
|
125
|
-
@example = example
|
|
126
|
-
end
|
|
127
|
-
|
|
128
|
-
def check_supports
|
|
129
|
-
require "inspec/resources/platform"
|
|
130
|
-
status = inspec.platform.supported?(@supports)
|
|
131
|
-
fail_msg = "Resource `#{@__resource_name__}` is not supported on platform #{inspec.platform.name}/#{inspec.platform.release}."
|
|
132
|
-
fail_resource(fail_msg) unless status
|
|
133
|
-
status
|
|
134
|
-
end
|
|
135
|
-
|
|
136
|
-
def skip_resource(message)
|
|
137
|
-
@resource_skipped = true
|
|
138
|
-
@resource_exception_message = message
|
|
139
|
-
end
|
|
140
|
-
|
|
141
|
-
def resource_skipped?
|
|
142
|
-
@resource_skipped
|
|
143
|
-
end
|
|
144
|
-
|
|
145
|
-
def fail_resource(message)
|
|
146
|
-
@resource_failed = true
|
|
147
|
-
@resource_exception_message = message
|
|
148
|
-
end
|
|
149
|
-
|
|
150
|
-
def resource_failed?
|
|
151
|
-
@resource_failed
|
|
152
|
-
end
|
|
153
|
-
|
|
154
|
-
def inspec
|
|
155
|
-
@__backend_runner__
|
|
156
|
-
end
|
|
157
|
-
end
|
|
158
|
-
|
|
159
|
-
# rubocop:enable Lint/NestedMethodDefinition
|
|
160
|
-
|
|
161
|
-
# Warn if a resource pack is overwriting a core resource.
|
|
162
|
-
# Suppress warning if the resource is an AWS resource, see #3822
|
|
163
|
-
if __resource_registry.key?(name) && !name.start_with?("aws_")
|
|
164
|
-
Inspec::Log.warn("Overwriting resource #{name}. To reference a specific version of #{name} use the resource() method")
|
|
165
|
-
end
|
|
166
|
-
__resource_registry[name] = cl
|
|
167
|
-
end
|
|
168
|
-
end
|
|
169
|
-
|
|
170
|
-
module Plugins
|
|
171
|
-
class Resource # TODO: possibly push up to inspec/resource.rb
|
|
172
|
-
extend Inspec::ResourceDSL
|
|
173
|
-
include Inspec::ResourceBehaviors
|
|
174
|
-
end
|
|
175
|
-
end
|
|
176
|
-
end
|