inspec-core 4.22.8 → 4.23.15

data/lib/inspec/version.rb

@@ -1,3 +1,3 @@
 module Inspec
-  VERSION = "4.22.8".freeze
+  VERSION = "4.23.15".freeze
 end

data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb

@@ -22,7 +22,7 @@ module InspecPlugins
       # return all compliance profiles available for the user
       # the user is either specified in the options hash or by default
       # the username of the account is used that is logged in
-      def self.profiles(config, profile_filter = nil) # rubocop:disable PerceivedComplexity, Metrics/CyclomaticComplexity, Metrics/AbcSize, Metrics/MethodLength
+      def self.profiles(config, profile_filter = nil) # rubocop:disable Metrics/PerceivedComplexity, Metrics/CyclomaticComplexity, Metrics/AbcSize, Metrics/MethodLength
         owner = config["owner"] || config["user"]
 
         # Chef Compliance
@@ -81,13 +81,13 @@ module InspecPlugins
           mapped_profiles.select! do |p|
             (!ver || p["version"] == ver) && (!id || p["name"] == id)
           end
-          return msg, mapped_profiles
+          [msg, mapped_profiles]
         when "401"
           msg = "401 Unauthorized. Please check your token."
-          return msg, []
+          [msg, []]
         else
           msg = "An unexpected error occurred (HTTP #{response_code}): #{response.message}"
-          return msg, []
+          [msg, []]
         end
       end
 

data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb

@@ -126,7 +126,7 @@ module InspecPlugins
         desc: "Overwrite existing profile on Server."
       option :owner, type: :string, required: false,
         desc: "Owner that should own the profile"
-      def upload(path) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize, PerceivedComplexity, Metrics/CyclomaticComplexity
+      def upload(path) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metrics/PerceivedComplexity, Metrics/CyclomaticComplexity
         config = InspecPlugins::Compliance::Configuration.new
         return unless loggedin(config)
 

data/lib/plugins/inspec-init/templates/profiles/aws/README.md

@@ -26,7 +26,7 @@ Creating new profile at /Users/spaterson/my-profile
 aws_vpc_id: 'custom-vpc-id'
 ```
 
-The related control will simply be skipped if this is not provided.  See the [InSpec DSL documentation](https://www.inspec.io/docs/reference/dsl_inspec/) for more details on conditional execution using `only_if`.
+The related control will simply be skipped if this is not provided.  See the [InSpec DSL documentation](https://docs.chef.io/inspec/dsl_inspec/) for more details on conditional execution using `only_if`.
 
 ## Run the tests
 

data/lib/plugins/inspec-reporter-html2/README.md

@@ -24,7 +24,7 @@ Note the `2` in the reporter name. If you omit it and run `--reporter html` inst
 
 ## Configuring the Plugin
 
-The `html2` reporter requires no configuration to function. However, two options--`alternate_css_file` and `alternate_js_file`--are available for customization. The options are set in the JSON-formatted configuration file that Chef InSpec consumes. For details, see [our configuration file documentation](https://www.inspec.io/docs/reference/config/).
+The `html2` reporter requires no configuration to function. However, two options--`alternate_css_file` and `alternate_js_file`--are available for customization. The options are set in the JSON-formatted configuration file that Chef InSpec consumes. For details, see [our configuration file documentation](https://docs.chef.io/inspec/config/).
 
 For example:
 

data/lib/plugins/inspec-reporter-junit/README.md

@@ -0,0 +1,17 @@
+# junit and junit2 reporters
+
+This is the implementation of the junit and junit2 XML reporters.
+
+## Installation
+
+This plugin ships with Chef InSpec and requires no additional installation.
+
+## What These Plugins Do
+
+`junit` is the legacy Chef InSpec JUnit reporter, which is retained for backwards compatibility. It generates an XML report in Apache Ant JUnit format. The output format is considered nonstandard in several ways. New users are advised to use `junit2`.
+
+`junit2` is an updated reporter that provides JUnit output according to the schema published by [Windy Road](https://github.com/windyroad/JUnit-Schema).
+
+## Implementation Note
+
+This reporter uses the REXML XML generator at runtime, but uses Nokogiri, a more heavyweight XML library, for testing. This design keeps packaging requirements lightweight and free of compiled dependencies.

data/lib/plugins/inspec-reporter-junit/lib/inspec-reporter-junit.rb

@@ -0,0 +1,21 @@
+require_relative "inspec-reporter-junit/version"
+module InspecPlugins
+  module JUnitReporter
+    class Plugin < ::Inspec.plugin(2)
+      plugin_name :'inspec-reporter-junit'
+
+      # Legacy JUnit reporter, which generates subtly incorrect XML.
+      reporter :junit do
+        require_relative "inspec-reporter-junit/reporter"
+        InspecPlugins::JUnitReporter::ReporterV1
+      end
+
+      # v2 reporter, which generates valid JUnit XML.
+      reporter :junit2 do
+        require_relative "inspec-reporter-junit/reporter"
+        InspecPlugins::JUnitReporter::ReporterV2
+      end
+
+    end
+  end
+end

data/lib/plugins/inspec-reporter-junit/lib/inspec-reporter-junit/reporter.rb

@@ -0,0 +1,155 @@
+module InspecPlugins::JUnitReporter
+  class Reporter < Inspec.plugin(2, :reporter)
+    def self.run_data_schema_constraints
+      "~> 0.0"
+    end
+
+    def render
+      require "rexml/document"
+      xml_output = REXML::Document.new
+      xml_output.add(REXML::XMLDecl.new)
+
+      testsuites = REXML::Element.new("testsuites")
+      xml_output.add(testsuites)
+
+      run_data.profiles.each_with_index do |profile, idx|
+        testsuites.add(build_profile_xml(profile, idx))
+      end
+
+      formatter = REXML::Formatters::Pretty.new
+      formatter.compact = true
+      output(formatter.write(xml_output.xml_decl, ""))
+      output(formatter.write(xml_output.root, ""))
+    end
+
+    def count_profile_tests(profile)
+      profile.controls.reduce(0) do |acc, elem|
+        acc + elem.results.count
+      end
+    end
+
+    def count_profile_failed_tests(profile)
+      profile.controls.reduce(0) do |acc, elem|
+        acc + elem.results.reduce(0) do |fail_test_total, test_case|
+          test_case.status == "failed" ? fail_test_total + 1 : fail_test_total
+        end
+      end
+    end
+
+    def count_profile_skipped_tests(profile)
+      profile.controls.reduce(0) do |acc, elem|
+        acc + elem.results.reduce(0) do |skip_test_total, test_case|
+          test_case.status == "skipped" ? skip_test_total + 1 : skip_test_total
+        end
+      end
+    end
+
+    def count_profile_errored_tests(profile)
+      profile.controls.reduce(0) do |acc, elem|
+        acc + elem.results.reduce(0) do |err_test_total, test_case|
+          test_case.backtrace.nil? ? err_test_total : err_test_total + 1
+        end
+      end
+    end
+  end
+
+  # This is the "Legacy" JUnit reporter. It produces XML which is not
+  # correct according to the JUnit standard. It is retained for backwards
+  # compatibility.
+  class ReporterV1 < Reporter
+    def build_profile_xml(profile, _idx)
+      profile_xml = REXML::Element.new("testsuite")
+      profile_xml.add_attribute("name", profile.name)
+      profile_xml.add_attribute("tests", count_profile_tests(profile))
+      profile_xml.add_attribute("failed", count_profile_failed_tests(profile))
+      profile_xml.add_attribute("failures", count_profile_failed_tests(profile))
+
+      profile.controls.each do |control|
+        control.results.each do |result|
+          profile_xml.add(build_result_xml(profile.name, control, result))
+        end
+      end
+
+      profile_xml
+    end
+
+    def build_result_xml(profile_name, control, result)
+      result_xml = REXML::Element.new("testcase")
+      result_xml.add_attribute("name", result.code_desc)
+      result_xml.add_attribute("classname", control.title.nil? ? "#{profile_name}.Anonymous" : "#{profile_name}.#{control.id}")
+      result_xml.add_attribute("target", run_data.platform.target.nil? ? "" : run_data.platform.target.to_s)
+      result_xml.add_attribute("time", result.run_time)
+
+      if result.status == "failed"
+        failure_element = REXML::Element.new("failure")
+        failure_element.add_attribute("message", result[:message])
+        result_xml.add(failure_element)
+      elsif result.status == "skipped"
+        result_xml.add_element("skipped")
+      end
+
+      result_xml
+    end
+  end
+
+  # This is the "Corrected" JUnit reporter. It produces XML which is intended
+  # to be valid. It should be used whenever possible.
+  class ReporterV2 < Reporter
+    def build_profile_xml(profile, idx)
+      profile_xml = REXML::Element.new("testsuite")
+      profile_xml.add_attribute("name", profile.name)
+      profile_xml.add_attribute("tests", count_profile_tests(profile))
+      profile_xml.add_attribute("id", idx + 1)
+
+      # junit2 counts failures and errors separately
+      errors = count_profile_errored_tests(profile)
+      profile_xml.add_attribute("errors", errors)
+      profile_xml.add_attribute("failures", count_profile_failed_tests(profile) - errors)
+      profile_xml.add_attribute("skipped", count_profile_skipped_tests(profile))
+
+      profile_xml.add_attribute("hostname", run_data.platform.target.nil? ? "" : run_data.platform.target.to_s)
+      # Author of the schema specified 8601, then went on to add
+      # a regex that requires no TZ
+      profile_xml.add_attribute("timestamp", Time.now.iso8601.slice(0, 19))
+
+      # These are empty but are just here to satisfy the schema
+      profile_xml.add_attribute("package", "")
+      profile_xml.add(REXML::Element.new("properties"))
+
+      profile_time = 0.0
+      profile.controls.each do |control|
+        control.results.each do |result|
+          profile_time += result.run_time
+          profile_xml.add(build_result_xml(profile.name, control, result))
+        end
+      end
+      profile_xml.add_attribute("time", "%.6f" % profile_time)
+
+      profile_xml.add(REXML::Element.new("system-out"))
+      profile_xml.add(REXML::Element.new("system-err"))
+
+      profile_xml
+    end
+
+    def build_result_xml(profile_name, control, result)
+      result_xml = REXML::Element.new("testcase")
+      result_xml.add_attribute("name", result.code_desc)
+      result_xml.add_attribute("classname", control.title.nil? ? "#{profile_name}.Anonymous" : "#{profile_name}.#{control.id}")
+
+      # <Nokogiri::XML::SyntaxError: 20:0: ERROR: Element 'testcase', attribute 'time': '4.9e-05' is not a valid value of the atomic type 'xs:decimal'.
+      # So, we format it.
+      result_xml.add_attribute("time", "%.6f" % result.run_time)
+
+      if result.status == "failed"
+        failure_element = REXML::Element.new("failure")
+        failure_element.add_attribute("message", result.message)
+        failure_element.add_attribute("type", result.resource_title&.to_s || "")
+        result_xml.add(failure_element)
+      elsif result.status == "skipped"
+        result_xml.add_element("skipped")
+      end
+
+      result_xml
+    end
+  end
+end

data/lib/plugins/inspec-reporter-junit/lib/inspec-reporter-junit/version.rb

@@ -0,0 +1,5 @@
+module InspecPlugins
+  module JUnitReporter
+    VERSION = "0.1.0".freeze
+  end
+end

data/lib/plugins/shared/core_plugin_test_helper.rb

@@ -50,22 +50,6 @@ module CorePluginFunctionalHelper
   include CorePluginBaseHelper
   include FunctionalHelper
 
-  # TODO: so much duplication! Remove everything we can!
-  require "train"
-  TRAIN_CONNECTION = Train.create("local", command_runner: :generic).connection
-
-  # TODO: remove me! it's in test/functional/helper.rb
-  def run_inspec_process(command_line, opts = {})
-    prefix = ""
-    if opts.key?(:prefix)
-      prefix = opts[:prefix]
-    elsif opts.key?(:env)
-      prefix = assemble_env_prefix opts[:env]
-    end
-
-    TRAIN_CONNECTION.run_command("#{prefix} #{exec_inspec} #{command_line}")
-  end
-
   # This helper does some fancy footwork to make InSpec think a plugin
   # under development is temporarily installed.
   # @param String command_line Invocation, without the word 'inspec'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec-core
 version: !ruby/object:Gem::Version
-  version: 4.22.8
+  version: 4.23.15
 platform: ruby
 authors:
 - Chef InSpec Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-08-04 00:00:00.000000000 Z
+date: 2020-10-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-telemetry
@@ -33,7 +33,7 @@ dependencies:
         version: 0.2.13
     - - "<"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -43,7 +43,7 @@ dependencies:
         version: 0.2.13
     - - "<"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
@@ -229,6 +229,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 0.9.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '1.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -236,6 +239,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 0.9.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '1.1'
 - !ruby/object:Gem::Dependency
   name: tty-table
   requirement: !ruby/object:Gem::Requirement
@@ -320,20 +326,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
-- !ruby/object:Gem::Dependency
-  name: htmlentities
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '4.3'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '4.3'
 - !ruby/object:Gem::Dependency
   name: multipart-post
   requirement: !ruby/object:Gem::Requirement
@@ -348,20 +340,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
-- !ruby/object:Gem::Dependency
-  name: term-ansicolor
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.7'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.7'
 - !ruby/object:Gem::Dependency
   name: train-core
   requirement: !ruby/object:Gem::Requirement
@@ -389,7 +367,6 @@ extra_rdoc_files: []
 files:
 - Gemfile
 - LICENSE
-- README.md
 - etc/deprecations.json
 - etc/plugin_filters.json
 - inspec-core.gemspec
@@ -489,7 +466,6 @@ files:
 - lib/inspec/reporters/cli.rb
 - lib/inspec/reporters/json.rb
 - lib/inspec/reporters/json_automate.rb
-- lib/inspec/reporters/junit.rb
 - lib/inspec/reporters/yaml.rb
 - lib/inspec/require_loader.rb
 - lib/inspec/resource.rb
@@ -607,6 +583,8 @@ files:
 - lib/inspec/resources/vbscript.rb
 - lib/inspec/resources/virtualization.rb
 - lib/inspec/resources/windows_feature.rb
+- lib/inspec/resources/windows_firewall.rb
+- lib/inspec/resources/windows_firewall_rule.rb
 - lib/inspec/resources/windows_hotfix.rb
 - lib/inspec/resources/windows_registry_key.rb
 - lib/inspec/resources/windows_task.rb
@@ -666,6 +644,7 @@ files:
 - lib/inspec/utils/object_traversal.rb
 - lib/inspec/utils/parser.rb
 - lib/inspec/utils/pkey_reader.rb
+- lib/inspec/utils/run_data_filters.rb
 - lib/inspec/utils/simpleconfig.rb
 - lib/inspec/utils/spdx.rb
 - lib/inspec/utils/spdx.txt
@@ -746,6 +725,10 @@ files:
 - lib/plugins/inspec-reporter-json-min/lib/inspec-reporter-json-min.rb
 - lib/plugins/inspec-reporter-json-min/lib/inspec-reporter-json-min/reporter.rb
 - lib/plugins/inspec-reporter-json-min/lib/inspec-reporter-json-min/version.rb
+- lib/plugins/inspec-reporter-junit/README.md
+- lib/plugins/inspec-reporter-junit/lib/inspec-reporter-junit.rb
+- lib/plugins/inspec-reporter-junit/lib/inspec-reporter-junit/reporter.rb
+- lib/plugins/inspec-reporter-junit/lib/inspec-reporter-junit/version.rb
 - lib/plugins/shared/core_plugin_test_helper.rb
 - lib/plugins/things-for-train-integration.rb
 - lib/source_readers/flat.rb

data/README.md

@@ -1,474 +0,0 @@
-# Chef InSpec: Inspect Your Infrastructure
-
-* **Project State: Active**
-* **Issues Response SLA: 14 business days**
-* **Pull Request Response SLA: 14 business days**
-
-For more information on project states and SLAs, see [this documentation](https://github.com/chef/chef-oss-practices/blob/master/repo-management/repo-states.md).
-
-[![Slack](https://community-slack.chef.io/badge.svg)](https://community-slack.chef.io/)
-[![Build status](https://badge.buildkite.com/bf4c5fdc3858cc9f8c8bab8376e8e40d625ad046df9d4d8619.svg?branch=master)](https://buildkite.com/chef-oss/inspec-inspec-master-verify)
-[![Coverage Status](https://coveralls.io/repos/github/inspec/inspec/badge.svg?branch=master)](https://coveralls.io/github/inspec/inspec?branch=master)
-
-Chef InSpec is an open-source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security and policy requirements.
-
-```ruby
-# Disallow insecure protocols by testing
-
-describe package('telnetd') do
-  it { should_not be_installed }
-end
-
-describe inetd_conf do
-  its("telnet") { should eq nil }
-end
-```
-
-Chef InSpec makes it easy to run your tests wherever you need. More options are found in our [CLI docs](https://www.inspec.io/docs/reference/cli/).
-
-```bash
-# run test locally
-inspec exec test.rb
-
-# run test on remote host via SSH
-inspec exec test.rb -t ssh://user@hostname -i /path/to/key
-
-# run test on remote host using SSH agent private key authentication. Requires Chef InSpec 1.7.1
-inspec exec test.rb -t ssh://user@hostname
-
-# run test on remote windows host via WinRM
-inspec exec test.rb -t winrm://Administrator@windowshost --password 'your-password'
-
-# run test on remote windows host via WinRM as a domain user
-inspec exec test.rb -t winrm://windowshost --user 'UserName@domain' --password 'your-password'
-
-# run test on docker container
-inspec exec test.rb -t docker://container_id
-```
-
-# Features
-
-- Built-in Compliance: Compliance no longer occurs at the end of the release cycle
-- Targeted Tests: Chef InSpec writes tests that specifically target compliance issues
-- Metadata: Includes the metadata required by security and compliance pros
-- Easy Testing: Includes a command-line interface to run tests quickly
-
-## Installation
-
-Chef InSpec requires Ruby ( >= 2.4 ).
-
-Note: Versions of Chef InSpec 4.0 and later require accepting the EULA to use. Please visit the [license acceptance page](https://docs.chef.io/chef_license_accept.html) on the Chef docs site for more information.
-
-### Install as package
-
-The Chef InSpec package is available for MacOS, RedHat, Ubuntu and Windows. Download the latest package at [Chef InSpec Downloads](https://downloads.chef.io/inspec) or install Chef InSpec via script:
-
-```
-# RedHat, Ubuntu, and macOS
-curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P inspec
-
-# Windows
-. { iwr -useb https://omnitruck.chef.io/install.ps1 } | iex; install -project inspec
-```
-
-### Install it via rubygems.org
-
-When installing from source, gem dependencies may require ruby build tools to be installed.
-
-For CentOS/RedHat/Fedora:
-
-```bash
-yum -y install ruby ruby-devel make gcc gcc-c++
-```
-
-For Ubuntu:
-
-```bash
-apt-get -y install ruby ruby-dev gcc g++ make
-```
-
-To install the `inspec` executable, which requires accepting the [Chef License](https://docs.chef.io/chef_license_accept.html), run:
-
-```bash
-gem install inspec-bin
-```
-
-You may also use `inspec` as a library, with no executable. This does not require accepting the license. To install the library as a gem, run:
-
-```bash
-gem install inspec
-```
-
-
-### Usage via Docker
-
-Download the image and define a function for convenience:
-
-For Linux:
-
-```
-docker pull chef/inspec
-function inspec { docker run -it --rm -v $(pwd):/share chef/inspec "$@"; }
-```
-
-For Windows (PowerShell):
-
-```
-docker pull chef/inspec
-function inspec { docker run -it --rm -v "$(pwd):/share" chef/inspec $args; }
-```
-
-If you call `inspec` from your shell, it automatically mounts the current directory into the Docker container. Therefore you can easily use local tests and key files. Note: Only files in the current directory and sub-directories are available within the container.
-
-```
-$ ls -1
-vagrant
-test.rb
-
-$ inspec exec test.rb -t ssh://root@192.168.64.2:11022 -i vagrant
-..
-
-Finished in 0.04321 seconds (files took 0.54917 seconds to load)
-2 examples, 0 failures
-```
-
-
-### Install it from source
-
-Note that installing from OS packages from [the download page](https://downloads.chef.io) is the preferred method.
-
-That requires [bundler](http://bundler.io/):
-
-```bash
-bundle install
-bundle exec inspec help
-```
-
-To install it as a gem locally, run:
-
-```bash
-gem build inspec.gemspec
-gem install inspec-*.gem
-```
-
-On Windows, you need to install [Ruby](http://rubyinstaller.org/downloads/) with [Ruby Development Kit](https://github.com/oneclick/rubyinstaller/wiki/Development-Kit) to build dependencies with its native extensions.
-
-### Install via Chef Habitat
-
-Currently, this method of installation only supports Linux. See the [Chef Habitat site](https://www.habitat.sh/) for more information.
-
-Download the `hab` binary from the [Chef Habitat](https://www.habitat.sh/docs/get-habitat/) site.
-
-```bash
-hab pkg install chef/inspec --binlink
-
-inspec
-```
-
-### Run Chef InSpec
-
-You should now be able to run:
-
-```bash
-$ inspec --help
-Commands:
-  inspec archive PATH                # archive a profile to tar.gz (default) ...
-  inspec check PATH                  # verify all tests at the specified PATH
-  inspec compliance SUBCOMMAND ...   # Chef Compliance commands
-  inspec detect                      # detect the target OS
-  inspec exec PATH(S)                # run all test files at the specified PATH.
-  inspec help [COMMAND]              # Describe available commands or one spe...
-  inspec init TEMPLATE ...           # Scaffolds a new project
-  inspec json PATH                   # read all tests in PATH and generate a ...
-  inspec shell                       # open an interactive debugging shell
-  inspec supermarket SUBCOMMAND ...  # Supermarket commands
-  inspec version                     # prints the version of this tool
-
-Options:
-  [--diagnose], [--no-diagnose]  # Show diagnostics (versions, configurations)
-```
-
-# Examples
-
-* Only accept requests on secure ports - This test ensures that a web server is only listening on well-secured ports.
-
-```ruby
-describe port(80) do
-  it { should_not be_listening }
-end
-
-describe port(443) do
-  it { should be_listening }
-  its('protocols') {should include 'tcp'}
-end
-```
-
-* Use approved strong ciphers - This test ensures that only enterprise-compliant ciphers are used for SSH servers.
-
-```ruby
-describe sshd_config do
-   its('Ciphers') { should eq('chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr') }
-end
-```
-
-* Test your `kitchen.yml` file to verify that only Vagrant is configured as the driver.  The %w() formatting will
-pass rubocop linting and allow you to access nested mappings.
-
-```ruby
-describe yaml('.kitchen.yml') do
-  its(%w(driver name)) { should eq('vagrant') }
-end
-```
-
-Also have a look at our examples for:
-- [Using Chef InSpec with Test Kitchen & Chef Infra](https://github.com/chef/inspec/tree/master/examples/kitchen-chef)
-- [Using Chef InSpec with Test Kitchen & Puppet](https://github.com/chef/inspec/tree/master/examples/kitchen-puppet)
-- [Using Chef InSpec with Test Kitchen & Ansible](https://github.com/chef/inspec/tree/master/examples/kitchen-ansible)
-- [Implementing an Chef InSpec profile](https://github.com/chef/inspec/tree/master/examples/profile)
-
-## Or tests: Testing for a OR b
-
-* Using describe.one, you can test for a or b.  The control will be marked as passing if EITHER condition is met.
-
-```ruby
-control 'or-test' do
-  impact 1.0
-  title 'This is a OR test'
-  describe.one do
-    describe ssh_config do
-      its('Protocol') { should eq('3') }
-    end
-    describe ssh_config do
-      its('Protocol') { should eq('2') }
-    end
-  end
-end
-```
-
-## Command Line Usage
-
-### exec
-
-Run tests against different targets:
-
-```bash
-# run test locally
-inspec exec test.rb
-
-# run test on remote host on SSH
-inspec exec test.rb -t ssh://user@hostname
-
-# run test on remote windows host on WinRM
-inspec exec test.rb -t winrm://Administrator@windowshost --password 'your-password'
-
-# run test on docker container
-inspec exec test.rb -t docker://container_id
-
-# run with sudo
-inspec exec test.rb --sudo [--sudo-password ...] [--sudo-options ...] [--sudo_command ...]
-
-# run in a subshell
-inspec exec test.rb --shell [--shell-options ...] [--shell-command ...]
-
-# run a profile targeting AWS using env vars
-inspec exec test.rb -t aws://
-
-# or store your AWS credentials in your ~/.aws/credentials profiles file
-inspec exec test.rb -t aws://us-east-2/my-profile
-
-# run a profile targeting Azure using env vars
-inspec exec test.rb -t azure://
-
-# or store your Azure credentials in your ~/.azure/credentials profiles file
-inspec exec test.rb -t azure://subscription_id
-```
-
-### detect
-
-Verify your configuration and detect
-
-```bash
-id=$( docker run -dti ubuntu:14.04 /bin/bash )
-inspec detect -t docker://$id
-```
-
-Which will provide you with:
-
-```
-{"family":"ubuntu","release":"14.04","arch":null}
-```
-
-## Supported OS
-
-Remote Targets
-
-| Platform                     | Versions                                         | Architectures |
-| ---------------------------- | ------------------------------------------------ | ------------- |
-| AIX                          | 6.1, 7.1, 7.2                                    | ppc64         |
-| CentOS                       | 5, 6, 7                                          | i386, x86_64  |
-| Debian                       | 7, 8, 9                                          | i386, x86_64  |
-| FreeBSD                      | 9, 10, 11                                        | i386, amd64   |
-| Mac OS X                     | 10.9, 10.10, 10.11, 10.12, 10.13, 10.14          | x86_64        |
-| Oracle Enterprise Linux      | 5, 6, 7                                          | i386, x86_64  |
-| Red Hat Enterprise Linux     | 5, 6, 7                                          | i386, x86_64  |
-| Solaris                      | 10, 11                                           | sparc, x86    |
-| Windows\*                    | 8, 8.1, 10, 2012, 2012R2, 2016                   | x86, x86_64   |
-| Ubuntu Linux                 |                                                  | x86, x86_64   |
-| SUSE Linux Enterprise Server | 11, 12                                           | x86_64        |
-| Scientific Linux             | 5.x, 6.x and 7.x                                 | i386, x86_64  |
-| Fedora                       |                                                  | x86_64        |
-| OpenSUSE                     | 13, 42                                           | x86_64        |
-| OmniOS                       |                                                  | x86_64        |
-| Gentoo Linux                 |                                                  | x86_64        |
-| Arch Linux                   |                                                  | x86_64        |
-| HP-UX                        | 11.31                                            | ia64          |
-
-\**For Windows, PowerShell 5.0 or above is required.*
-
-In addition, runtime support is provided for:
-
-| Platform | Versions | Arch   |
-| -------- | -------- | ------ |
-| Debian   | 8, 9     | x86_64 |
-| RHEL     | 6, 7     | x86_64 |
-| Ubuntu   | 12.04+   | x86_64 |
-| Windows  | 8+       | x86_64 |
-| Windows  | 2012+    | x86_64 |
-
-## Documentation
-
-Documentation
-
- * https://www.inspec.io/docs/
- * https://www.inspec.io/docs/reference/resources/
- * https://github.com/chef/inspec/tree/master/docs
-
-Tutorials/Blogs/Podcasts:
-
- * https://www.inspec.io/tutorials/
-
-Relationship to other tools (RSpec, Serverspec):
-
- * https://www.inspec.io/docs/reference/inspec_and_friends/
-
-## Share your Profiles
-
-You may share your Chef InSpec Profiles in the [Tools & Plugins section](https://supermarket.chef.io/tools-directory) of the [Chef Supermarket](https://supermarket.chef.io/). [Sign in](https://supermarket.chef.io/sign-in) and [add the details of your profile](https://supermarket.chef.io/tools/new).
-
-You may also [browse the Supermarket for shared Compliance Profiles](https://supermarket.chef.io/tools?type=compliance_profile).
-
-## Kudos
-
-Chef InSpec is inspired by the wonderful [Serverspec](http://serverspec.org) project. Kudos to [mizzy](https://github.com/mizzy) and [all contributors](https://github.com/mizzy/serverspec/graphs/contributors)!
-
-The AWS resources were inspired by [inspec-aws](https://github.com/arothian/inspec-aws) from [arothian](https://github.com/arothian).
-
-## Contribute
-
-1. Fork it
-1. Create your feature branch (git checkout -b my-new-feature)
-1. Commit your changes (git commit -am 'Add some feature')
-1. Push to the branch (git push origin my-new-feature)
-1. Create new Pull Request
-
-The Chef InSpec community and maintainers are very active and helpful. This project benefits greatly from this activity.
-
-If you'd like to chat with the community and maintainers directly join us in the `#inspec` channel on the [Chef Community Slack](http://community-slack.chef.io/).
-
-As a reminder, all participants are expected to follow the [Code of Conduct](https://github.com/inspec/inspec/blob/master/CODE_OF_CONDUCT.md).
-
-[![Slack](https://community-slack.chef.io/badge.svg)](https://community-slack.chef.io/)
-
-## Testing Chef InSpec
-
-We offer `unit`, `integration`, and `aws` tests.
-
-- `unit` tests ensure the intended behaviour of the implementation
-- `integration` tests run against Docker-based VMs via test-kitchen and [kitchen-inspec](https://github.com/chef/kitchen-inspec)
-- `aws` tests exercise the AWS resources against real AWS accounts
-
-### Unit tests
-
-```bash
-bundle exec rake test
-```
-
-If you like to run only one test file:
-
-```bash
-bundle exec m test/unit/resources/user_test.rb
-```
-
-You may also run a single test within a file by line number:
-
-```bash
-bundle exec m test/unit/resources/user_test.rb -l 123
-```
-
-### Integration tests
-
-These tests download various virtual machines, to ensure Chef InSpec is working as expected across different operating systems.
-
-These tests require the following gems:
-
-- test-kitchen
-- kitchen-dokken
-- kitchen-inspec
-
-These gems are provided via the `integration` group in the project's Gemfile.
-
-In addition, these test require Docker to be available on your machine or a remote Docker machine configured via the standard Docker environment variables.
-
-#### Running Integration tests
-
-List the various test instances available:
-
-```bash
-bundle exec kitchen list
-```
-
-The platforms and test suites are configured in the `.kitchen.yml` file. Once you know which instance you wish to test, test that instance:
-
-```bash
-bundle exec kitchen test <INSTANCE_NAME>
-```
-
-You may test all instances in parallel with:
-
-```bash
-bundle exec kitchen test -c
-```
-
-### AWS Tests
-
-Use the rake task `bundle exec rake test:aws` to test the AWS resources against a pair of real AWS accounts.
-
-Please see [TESTING_AGAINST_AWS.md](./test/integration/aws/TESTING_AGAINST_AWS.md) for details on how to setup the needed AWS accounts to perform testing.
-
-### Azure Tests
-
-Use the rake task `bundle exec rake test:azure` to test the Azure resources against an Azure account.
-
-Please see [TESTING_AGAINST_AZURE.md](./test/integration/azure/TESTING_AGAINST_AZURE.md) for details on how to setup the needed Azure accounts to perform testing.
-
-## License
-
-|                |                                           |
-| -------------- | ----------------------------------------- |
-| **Author:**    | Dominik Richter (<drichter@chef.io>)      |
-| **Author:**    | Christoph Hartmann (<chartmann@chef.io>)  |
-| **Copyright:** | Copyright (c) 2015 Vulcano Security GmbH. |
-| **Copyright:** | Copyright (c) 2017-2018 Chef Software Inc.|
-| **License:**   | Apache License, Version 2.0               |
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.