inspec-core 4.25.1 → 4.31.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4db76b09c46f02e91dca61f334693d773d0c0c470104ef8d28b89a443b1b6c55
-  data.tar.gz: 9834a18148bf8f2851f7a030e3766b3932f6592e7a3fdfb5a354daf7c8cdfff1
+  metadata.gz: de259f902d4d891726e44204083a9fa2ab6b2b7507914036cc1af230e82dbc6b
+  data.tar.gz: 16d2ce9dbe236411f8169b378c51bedd5e2fc87ee84429b14de8e7312f6576cd
 SHA512:
-  metadata.gz: 2c8330268f60a8b8d895e33ee3fb75b3076b81be5c3e8816250ad8775ea00d76332796181aba8da27c15c251c0b6ce8379279c693158c969bbe1003e0985bd7a
-  data.tar.gz: 3e6e5096e98c3198a650bfa4c6f88a66db84fdbf366d451bae21e38a1e430e0cb77b9d1ebe5a85d03c354390e8eb884bddb586ef28d5ece4d9a57d7830838bb9
+  metadata.gz: 6f6646ab26611a0d49bce5bb8dd927ac678cb1ab032d5c5de055e5e769ef667f4147f4bae82613450c21c9ca0ebcd99302f33741ba51c95094b45714a6f69303
+  data.tar.gz: c19721ef5d63cedae91fe69103f7f4ec4237ce4e16ab563895eff655b2ff32ec1ba15daf412cf23ed11966a9d94b5941b5c74ac6ba47c4c209f82a5db1240641

data/Gemfile

@@ -28,10 +28,10 @@ group :omnibus do
 end
 
 group :test do
-  gem "chefstyle", "~> 1.5.7"
+  gem "chefstyle", "~> 1.7.1"
   gem "concurrent-ruby", "~> 1.0"
   gem "html-proofer", platforms: :ruby # do not attempt to run proofer on windows
-  gem "json_schemer", ">= 0.2.1", "< 0.2.18"
+  gem "json_schemer", ">= 0.2.1", "< 0.2.19"
   gem "m"
   gem "minitest-sprint", "~> 1.0"
   gem "minitest", "~> 5.5"

data/inspec-core.gemspec

@@ -36,11 +36,12 @@ Gem::Specification.new do |spec|
   spec.add_dependency "sslshake",           "~> 1.2"
   spec.add_dependency "parallel",           "~> 1.9"
   spec.add_dependency "faraday",            ">= 0.9.0", "< 1.4"
+  spec.add_dependency "faraday_middleware", "~> 1.0"
   spec.add_dependency "tty-table",          "~> 0.10"
   spec.add_dependency "tty-prompt",         "~> 0.17"
   spec.add_dependency "tomlrb",             ">= 1.2", "< 2.1"
   spec.add_dependency "addressable",        "~> 2.4"
-  spec.add_dependency "parslet",            ">= 1.5", "< 3.0"
+  spec.add_dependency "parslet",            ">= 1.5", "< 2.0" # Pinned < 2.0, see #5389
   spec.add_dependency "semverse",           "~> 3.0"
   spec.add_dependency "multipart-post",     "~> 2.0"
 

data/lib/inspec/base_cli.rb

@@ -118,6 +118,10 @@ module Inspec
         desc: "Disable SSL verification on select targets"
       option :target_id, type: :string,
         desc: "Provide a ID which will be included on reports"
+      option :winrm_shell_type, type: :string, default: "powershell",
+        desc: "Specify a shell type for winrm (eg. 'elevated' or 'powershell')"
+      option :docker_url, type: :string,
+        desc: "Provides path to Docker API endpoint (Docker)"
     end
 
     def self.profile_options
@@ -162,6 +166,11 @@ module Inspec
         desc: "Use --no-diff to suppress 'diff' output of failed textual test results."
       option :sort_results_by, type: :string, default: "file", banner: "--sort-results-by=none|control|file|random",
         desc: "After normal execution order, results are sorted by control ID, or by file (default), or randomly. None uses legacy unsorted mode."
+      option :filter_empty_profiles, type: :boolean, default: false,
+        desc: "Filter empty profiles (profiles without controls) from the report."
+      option :command_timeout, type: :numeric, default: 3600,
+        desc: "Maximum seconds to allow commands to run during execution. Default 3600.",
+        long_desc: "Maximum seconds to allow commands to run during execution. Default 3600. A timed out command is considered an error."
     end
 
     def self.help(*args)

data/lib/inspec/cli.rb

@@ -321,6 +321,9 @@ class Inspec::InspecCLI < Inspec::BaseCLI
     desc: "A space-delimited list of local folders containing profiles whose libraries and resources will be loaded into the new shell"
   option :distinct_exit, type: :boolean, default: true,
     desc: "Exit with code 100 if any tests fail, and 101 if any are skipped but none failed (default).  If disabled, exit 0 on skips and 1 for failures."
+  option :command_timeout, type: :numeric, default: 3600,
+      desc: "Maximum seconds to allow a command to run. Default 3600.",
+      long_desc: "Maximum seconds to allow commands to run. Default 3600. A timed out command is considered an error."
   option :inspect, type: :boolean, default: false, desc: "Use verbose/debugging output for resources."
   def shell_func
     o = config
@@ -395,6 +398,20 @@ class Inspec::InspecCLI < Inspec::BaseCLI
   end
   map %w{-v --version} => :version
 
+  desc "clear_cache", "clears the InSpec cache. Useful for debugging."
+  option :vendor_cache, type: :string,
+    desc: "Use the given path for caching dependencies. (default: ~/.inspec/cache)"
+  def clear_cache
+    o = config
+    configure_logger(o)
+    cache_path = o[:vendor_cache] || "~/.inspec/cache"
+    FileUtils.rm_r Dir.glob(File.expand_path(cache_path))
+
+    o[:logger] = Logger.new($stdout)
+    o[:logger].level = get_log_level(o[:log_level])
+    o[:logger].info "== InSpec cache cleared successfully =="
+  end
+
   private
 
   def run_command(opts)

data/lib/inspec/config.rb

@@ -128,12 +128,25 @@ module Inspec
     end
 
     #-----------------------------------------------------------------------#
-    #                      Fetching Plugin Data
+    #                      Handling Plugin Data
     #-----------------------------------------------------------------------#
     def fetch_plugin_config(plugin_name)
       Thor::CoreExt::HashWithIndifferentAccess.new(@plugin_cfg[plugin_name] || {})
     end
 
+    def set_plugin_config(plugin_name, plugin_config)
+      plugin_name = plugin_name.to_s unless plugin_name.is_a? String
+
+      @plugin_cfg[plugin_name] = plugin_config
+    end
+
+    def merge_plugin_config(plugin_name, additional_plugin_config)
+      plugin_name = plugin_name.to_s unless plugin_name.is_a? String
+
+      @plugin_cfg[plugin_name] = {} if @plugin_cfg[plugin_name].nil?
+      @plugin_cfg[plugin_name].merge!(additional_plugin_config)
+    end
+
     # clear the cached config
     def self.__reset
       @cached_config = nil

data/lib/inspec/control_eval_context.rb

@@ -53,8 +53,9 @@ module Inspec
 
     def control(id, opts = {}, &block)
       opts[:skip_only_if_eval] = @skip_only_if_eval
-
-      register_control(Inspec::Rule.new(id, profile_id, resources_dsl, opts, &block))
+      if control_exist_in_controls_list?(id) || controls_list_empty?
+        register_control(Inspec::Rule.new(id, profile_id, resources_dsl, opts, &block))
+      end
     end
     alias rule control
 
@@ -68,10 +69,14 @@ module Inspec
       id = "(generated from #{loc} #{SecureRandom.hex})"
 
       res = nil
+
       rule = Inspec::Rule.new(id, profile_id, resources_dsl, {}) do
         res = describe(*args, &block)
       end
-      register_control(rule, &block)
+
+      if control_exist_in_controls_list?(id) || controls_list_empty?
+        register_control(rule, &block)
+      end
 
       res
     end
@@ -176,5 +181,26 @@ module Inspec
         "#{File.basename(path)}:#{line}"
       end
     end
+
+    # Returns true if configuration hash is not empty and it contains the list of controls is not empty
+    def profile_config_exist?
+      !@conf.empty? && @conf.key?("profile") && !@conf["profile"].include_controls_list.empty?
+    end
+
+    # Returns true if configuration hash is empty or configuration hash does not have the list of controls that needs to be included
+    def controls_list_empty?
+      !@conf.empty? && @conf.key?("profile") && @conf["profile"].include_controls_list.empty? || @conf.empty?
+    end
+
+    # Check if the given control exist in the --controls option
+    def control_exist_in_controls_list?(id)
+      if profile_config_exist?
+        id_exist_in_list = @conf["profile"].include_controls_list.any? do |inclusion|
+          # Try to see if the inclusion is a regex, and if it matches
+          inclusion == id || (inclusion.is_a?(Regexp) && inclusion =~ id)
+        end
+      end
+      id_exist_in_list
+    end
   end
 end

data/lib/inspec/fetcher/git.rb

@@ -62,7 +62,6 @@ module Inspec::Fetcher
     def fetch(destination_path)
       @repo_directory = destination_path # Might be the cache, or vendoring, or something else
       FileUtils.mkdir_p(destination_path) unless Dir.exist?(destination_path)
-
       if cloned?
         checkout
       else
@@ -126,10 +125,25 @@ module Inspec::Fetcher
                         elsif @tag
                           resolve_ref(@tag)
                         else
-                          resolve_ref("master")
+                          resolve_ref(default_ref)
                         end
     end
 
+    def default_ref
+      command_string = "git remote show #{@remote_url}"
+      cmd = shellout(command_string)
+      unless cmd.exitstatus == 0
+        raise(Inspec::FetcherFailure, "Profile git dependency failed with default reference - #{@remote_url} - error running '#{command_string}': #{cmd.stderr}")
+      else
+        ref = cmd.stdout.lines.detect { |l| l.include? "HEAD branch:" }&.split(":")&.last&.strip
+        unless ref
+          raise(Inspec::FetcherFailure, "Profile git dependency failed with default reference - #{@remote_url} - error running '#{command_string}': NULL reference")
+        end
+
+        ref
+      end
+    end
+
     def resolve_ref(ref_name)
       command_string = "git ls-remote \"#{@remote_url}\" \"#{ref_name}*\""
       cmd = shellout(command_string)

data/lib/inspec/input_registry.rb

@@ -82,6 +82,7 @@ module Inspec
     def find_or_register_input(input_name, profile_name, options = {})
       input_name = input_name.to_s
       profile_name = profile_name.to_s
+      options[:event].value = Thor::CoreExt::HashWithIndifferentAccess.new(options[:event].value) if options[:event]&.value.is_a?(Hash)
 
       if profile_alias?(profile_name) && !profile_aliases[profile_name].nil?
         alias_name = profile_name

data/lib/inspec/profile.rb

@@ -225,14 +225,17 @@ module Inspec
         end
         @tests_collected = true
       end
-      filter_controls(@runner_context.all_rules, include_list)
+      @runner_context.all_rules
     end
 
-    def filter_controls(controls_array, include_list)
-      return controls_array if include_list.nil? || include_list.empty?
+    # This creates the list of controls provided in the --controls options which need to be include
+    # for evaluation.
+    def include_controls_list
+      return [] if @controls.nil? || @controls.empty?
 
+      included_controls = @controls
       # Check for anything that might be a regex in the list, and make it official
-      include_list.each_with_index do |inclusion, index|
+      included_controls.each_with_index do |inclusion, index|
         next if inclusion.is_a?(Regexp)
         # Insist the user wrap the regex in slashes to demarcate it as a regex
         next unless inclusion.start_with?("/") && inclusion.end_with?("/")
@@ -240,21 +243,14 @@ module Inspec
         inclusion = inclusion[1..-2] # Trim slashes
         begin
           re = Regexp.new(inclusion)
-          include_list[index] = re
+          included_controls[index] = re
         rescue RegexpError => e
           warn "Ignoring unparseable regex '/#{inclusion}/' in --control CLI option: #{e.message}"
-          include_list[index] = nil
-        end
-      end
-      include_list.compact!
-
-      controls_array.select do |c|
-        id = ::Inspec::Rule.rule_id(c)
-        include_list.any? do |inclusion|
-          # Try to see if the inclusion is a regex, and if it matches
-          inclusion == id || (inclusion.is_a?(Regexp) && inclusion =~ id)
+          included_controls[index] = nil
         end
       end
+      included_controls.compact!
+      included_controls
     end
 
     def load_libraries

data/lib/inspec/profile_context.rb

@@ -173,6 +173,9 @@ module Inspec
 
     def unregister_rule(id)
       @rules.delete(full_id(@profile_id, id))
+      @control_subcontexts.each do |c|
+        c.unregister_rule(id)
+      end
     end
 
     attr_reader :current_load

data/lib/inspec/reporters/cli.rb

@@ -170,7 +170,7 @@ module Inspec::Reporters
     end
 
     def all_unique_controls
-      @unique_controls ||= begin
+      @unique_controls ||= begin # rubocop:disable Style/RedundantBegin
                              run_data[:profiles].flat_map do |profile|
                                profile[:controls]
                              end.uniq

data/lib/inspec/reporters/json.rb

@@ -8,7 +8,7 @@ module Inspec::Reporters
     end
 
     def report
-      {
+      output = {
         platform: platform,
         profiles: profiles,
         statistics: {
@@ -16,6 +16,11 @@ module Inspec::Reporters
         },
         version: run_data[:version],
       }
+
+      %w{passthrough}.each do |option|
+        output[option.to_sym] = @config[option] unless @config[option].nil?
+      end
+      output
     end
 
     private

data/lib/inspec/reporters/json_automate.rb

@@ -24,7 +24,7 @@ module Inspec::Reporters
         version: run_data[:version],
       }
 
-      # optional json-config passthrough options
+      # optional jsonconfig passthrough options
       %w{node_name environment roles job_uuid passthrough}.each do |option|
         output[option.to_sym] = @config[option] unless @config[option].nil?
       end

data/lib/inspec/resources/apt.rb

@@ -78,7 +78,7 @@ module Inspec::Resources
       return @repo_cache if defined?(@repo_cache)
 
       # load all lists
-      cmd = inspec.command("find /etc/apt/ -name \*.list -exec sh -c 'cat {} || echo -n' \\;")
+      cmd = inspec.command("find /etc/apt/ -name \"*.list\" -exec sh -c 'cat {} || echo -n' \\;")
 
       # @see https://help.ubuntu.com/community/Repositories/CommandLine#Explanation_of_the_Repository_Format
       @repo_cache = cmd.stdout.lines.map do |raw_line|

data/lib/inspec/resources/auditd_conf.rb

@@ -16,6 +16,8 @@ module Inspec::Resources
 
     include FileReader
 
+    attr_reader :conf_path, :content, :params
+
     def initialize(path = nil)
       @conf_path = path || "/etc/audit/auditd.conf"
       @content = read_file_content(@conf_path)

data/lib/inspec/resources/command.rb

@@ -32,6 +32,16 @@ module Inspec::Resources
 
       @command = cmd
 
+      cli_timeout = Inspec::Config.cached["command_timeout"].to_i
+      # Can access this via Inspec::InspecCLI.commands["exec"].options[:command_timeout].default,
+      # but that may not be loaded for kitchen-inspec and other pure gem consumers
+      default_cli_timeout = 3600
+      if cli_timeout != default_cli_timeout
+        @timeout = cli_timeout
+      else
+        @timeout = options[:timeout]&.to_i || default_cli_timeout
+      end
+
       if options[:redact_regex]
         unless options[:redact_regex].is_a?(Regexp)
           # Make sure command is replaced so sensitive output isn't shown
@@ -44,7 +54,15 @@ module Inspec::Resources
     end
 
     def result
-      @result ||= inspec.backend.run_command(@command)
+      @result ||= begin
+        inspec.backend.run_command(@command, timeout: @timeout)
+                  rescue Train::CommandTimeoutReached
+                    # Without a small sleep, the train connection gets broken
+                    # We've already timed out, so a small sleep is not likely to be painful here.
+                    sleep 0.1
+                    raise Inspec::Exceptions::ResourceFailed,
+                          "Command `#{@command}` timed out after #{@timeout} seconds"
+      end
     end
 
     def stdout

data/lib/inspec/resources/crontab.rb

@@ -67,8 +67,14 @@ module Inspec::Resources
     end
 
     def crontab_cmd
-      # TODO: the -u scenario needs to be able to do sudo
-      @user.nil? ? "crontab -l" : "crontab -l -u #{@user}"
+      if @user.nil?
+        "crontab -l"
+      elsif inspec.os.aix?
+        "crontab -l #{@user}"
+      else
+        # TODO: the -u scenario needs to be able to do sudo
+        "crontab -l -u #{@user}"
+      end
     end
 
     filter = FilterTable.create

data/lib/inspec/resources/nginx_conf.rb

@@ -54,6 +54,21 @@ module Inspec::Resources
       "nginx_conf #{@conf_path}"
     end
 
+    def method_missing(name)
+      return super if name.to_s.match?(/^to_/)
+
+      v = params[name.to_s]
+      return v.flatten unless v.nil?
+
+      nil
+    end
+
+    def respond_to_missing?(name, include_all = false)
+      return super if name.to_s.match?(/^to_/)
+
+      true
+    end
+
     private
 
     def read_content(path)
@@ -175,6 +190,18 @@ module Inspec::Resources
     end
     alias inspect to_s
 
+    def method_missing(name)
+      return super if name.to_s.match?(/^to_/)
+
+      (@params[name.to_s] || []).flatten
+    end
+
+    def respond_to_missing?(name, include_all = false)
+      return super if name.to_s.match?(/^to_/)
+
+      true
+    end
+
     private
 
     def server_table
@@ -207,6 +234,18 @@ module Inspec::Resources
     end
     alias inspect to_s
 
+    def method_missing(name)
+      return super if name.to_s.match?(/^to_/)
+
+      (@params[name.to_s] || []).flatten
+    end
+
+    def respond_to_missing?(name, include_all = false)
+      return super if name.to_s.match?(/^to_/)
+
+      true
+    end
+
     private
 
     def location_table

data/lib/inspec/resources/oracledb_session.rb

@@ -48,7 +48,7 @@ module Inspec::Resources
         format_options = "set sqlformat csv\nSET FEEDBACK OFF"
       else
         @bin = "#{@sqlplus_bin} -S"
-        format_options = "SET MARKUP CSV ON\nSET PAGESIZE 32000\nSET FEEDBACK OFF"
+        format_options = "SET PAGESIZE 32000\nSET FEEDBACK OFF\nSET UNDERLINE OFF"
       end
 
       command = command_builder(format_options, sql)

data/lib/inspec/resources/ssh_config.rb

@@ -39,7 +39,7 @@ module Inspec::Resources
     def convert_hash(hash)
       new_hash = {}
       hash.each do |k, v|
-        new_hash[k.downcase] = v
+        new_hash[k.downcase] ||= v
       end
       new_hash
     end

data/lib/inspec/runner_rspec.rb

@@ -5,7 +5,7 @@ require "matchers/matchers"
 require "inspec/rspec_extensions"
 
 # There be dragons!! Or borgs, or something...
-# This file and all its contents cannot be unit-tested. both test-suits
+# This file and all its contents cannot be unit-tested. both test-suites
 # collide and disable all unit tests that have been added.
 
 module Inspec

data/lib/inspec/utils/filter.rb

@@ -36,14 +36,20 @@ module FilterTable
     # RSpec will check the object returned to see if it responds to a method
     # before calling it. We need to fake it out and tell it that it does. This
     # allows it to skip past that check and fall through to #method_missing
-    def respond_to?(_method)
+    def respond_to?(_method, include_all = false)
       true
     end
 
     def to_s
-      @original_resource.to_s
+      "#{@original_resource} (#{@original_exception.message})"
     end
     alias inspect to_s
+
+    # Rspec is not able to convert FilterTable::ExceptionCatcher issue https://github.com/inspec/inspec/issues/5369
+    # which result into not showing actual exception message this allows to convert it properly.
+    def to_ary
+      [ to_s ]
+    end
   end
 
   class Trace

data/lib/inspec/utils/run_data_filters.rb

@@ -13,6 +13,7 @@ module Inspec
       def apply_run_data_filters_to_hash
         @config[:runtime_config] = Inspec::Config.cached || {}
         apply_report_resize_options
+        filter_empty_profiles
         redact_sensitive_inputs
         suppress_diff_output
         sort_controls
@@ -36,6 +37,14 @@ module Inspec
         end
       end
 
+      # Filters profiles from report which don't have controls in it.
+      def filter_empty_profiles
+        runtime_config = @config[:runtime_config]
+        if runtime_config[:filter_empty_profiles] && @run_data[:profiles].count > 1
+          @run_data[:profiles].delete_if { |p| p[:controls].empty? }
+        end
+      end
+
       # Find any inputs with :sensitive = true and replace their values with "***"
       def redact_sensitive_inputs
         @run_data[:profiles]&.each do |p|

data/lib/inspec/version.rb

@@ -1,3 +1,3 @@
 module Inspec
-  VERSION = "4.25.1".freeze
+  VERSION = "4.31.0".freeze
 end

data/lib/matchers/matchers.rb

@@ -287,7 +287,7 @@ RSpec::Matchers.define :cmp do |first_expected| # rubocop:disable Metrics/BlockL
   end
 
   def format_actual(actual)
-    actual = "0%o" % actual if octal?(@expected)
+    actual = "0%o" % actual if octal?(@expected) && !actual.nil?
     "\n%s\n     got: %s\n\n(compared using `cmp` matcher)\n" % [format_expectation(false), actual]
   end
 

data/lib/plugins/inspec-init/templates/profiles/aws/README.md

@@ -2,7 +2,7 @@
 
 This example shows the implementation of an InSpec profile for AWS.
 
-##  Create a profile 
+##  Create a profile
 
 ```
 $ inspec init profile --platform aws my-profile
@@ -15,12 +15,12 @@ Creating new profile at /Users/spaterson/my-profile
  • Creating directory controls
  • Creating file controls/example.rb
  • Creating file inspec.yml
- • Creating file attributes.yml
+ • Creating file inputs.yml
  • Creating file libraries/.gitkeep
- 
+
 ```
 
-## Optionally update `attributes.yml` to point to your custom VPC
+## Optionally update `inputs.yml` to point to your custom VPC
 
 ```
 aws_vpc_id: 'custom-vpc-id'
@@ -32,11 +32,11 @@ The related control will simply be skipped if this is not provided.  See the [In
 
 ### With a VPC Identifier
 
-With a supplied VPC identifier in `attributes.yml` both of the example controls will run.  The 'aws-single-vpc-exists-check' control will only check for a VPC identifier in the currently configured AWS SDK region e.g. `eu-west-2` in the below:
+With a supplied VPC identifier in `inputs.yml` both of the example controls will run.  The 'aws-single-vpc-exists-check' control will only check for a VPC identifier in the currently configured AWS SDK region e.g. `eu-west-2` in the below:
 
 ```
 $ cd my-profile/
-$ inspec exec . -t aws://  --attrs attributes.yml
+$ inspec exec . -t aws://  --input-file=inputs.yml
 
 Profile: AWS InSpec Profile (my-profile)
 Version: 0.1.0
@@ -111,13 +111,13 @@ Test Summary: 53 successful, 0 failures, 0 skipped
 ```
 
 
-### Without Supplying a VPC Identifier 
+### Without Supplying a VPC Identifier
 
-If no VPC identifier is supplied, the 'aws-single-vpc-exists-check' control is skipped and the other control runs.  The `attributes.yml` file does not have to be specified to InSpec in this case.
+If no VPC identifier is supplied, the 'aws-single-vpc-exists-check' control is skipped and the other control runs.  The `inputs.yml` file does not have to be specified to InSpec in this case.
 
 ```
 $ cd my-profile/
-$ inspec exec . -t aws://  
+$ inspec exec . -t aws://
 
 Profile: AWS InSpec Profile (my-profile)
 Version: 0.1.0
@@ -189,4 +189,4 @@ Target:  aws://eu-west-2
 
 Profile Summary: 2 successful controls, 0 control failures, 1 control skipped
 Test Summary: 52 successful, 0 failures, 1 skipped
-```
+```

data/lib/plugins/inspec-init/templates/profiles/aws/controls/example.rb

@@ -2,11 +2,11 @@
 
 title "Sample Section"
 
-aws_vpc_id = attribute("aws_vpc_id", default: "", description: "Optional AWS VPC identifier.")
+aws_vpc_id = input("aws_vpc_id")
 
 # You add controls here
-control "aws-single-vpc-exists-check" do # A unique ID for this control.
-  only_if { aws_vpc_id != "" } # Only run this control if the `aws_vpc_id` attribute is provided.
+control "aws-single-vpc-exists-check" do                                    # A unique ID for this control.
+  only_if { aws_vpc_id != "" }                                              # Only run this control if the `aws_vpc_id` input is provided.
   impact 1.0                                                                # The criticality, if this control fails.
   title "Check to see if custom VPC exists."                                # A human-readable title.
   describe aws_vpc(aws_vpc_id) do                                           # The test itself.

data/lib/plugins/inspec-init/templates/profiles/aws/inspec.yml

@@ -7,14 +7,13 @@ license: Apache-2.0
 summary: An InSpec Compliance Profile For AWS
 version: 0.1.0
 inspec_version: '~> 4'
-attributes:
+inputs:
 - name: aws_vpc_id
   required: false
   # Below is deliberately left as a default empty string to allow the profile to run when this is not provided.
   # Please see the README for more details.
-  default: ''
+  value: ''
   description: 'Optional Custom AWS VPC Id'
-  type: string
 depends:
   - name: inspec-aws
     url: https://github.com/inspec/inspec-aws/archive/master.tar.gz

data/lib/plugins/inspec-init/templates/profiles/gcp/README.md

@@ -2,7 +2,7 @@
 
 This example shows the implementation of an InSpec profile for GCP that depends on the [InSpec GCP Resource Pack](https://github.com/inspec/inspec-gcp).  See the [README](https://github.com/inspec/inspec-gcp) for instructions on setting up appropriate GCP credentials.
 
-##  Create a profile 
+##  Create a profile
 
 ```
 $ inspec init profile --platform gcp my-profile
@@ -12,12 +12,12 @@ Create new profile at /Users/spaterson/my-profile
  * Create directory controls
  * Create file controls/example.rb
  * Create file inspec.yml
- * Create file attributes.yml
- * Create file libraries/.gitkeep 
- 
+ * Create file inputs.yml
+ * Create file libraries/.gitkeep
+
 ```
 
-## Update `attributes.yml` to point to your project
+## Update `inputs.yml` to point to your project
 
 ```
 gcp_project_id: 'my-gcp-project'
@@ -27,7 +27,7 @@ gcp_project_id: 'my-gcp-project'
 
 ```
 $ cd gcp-profile/
-$ inspec exec . -t gcp:// --attrs attributes.yml
+$ inspec exec . -t gcp:// --input-file=inputs.yml
 
 Profile: GCP InSpec Profile (my-profile)
 Version: 0.1.0
@@ -63,4 +63,4 @@ Target:  gcp://local-service-account@my-gcp-project.iam.gserviceaccount.com
 
 Profile Summary: 2 successful controls, 0 control failures, 0 controls skipped
 Test Summary: 18 successful, 0 failures, 0 skipped
-```
+```

data/lib/plugins/inspec-init/templates/profiles/gcp/controls/example.rb

@@ -2,7 +2,7 @@
 
 title "Sample Section"
 
-gcp_project_id = attribute("gcp_project_id")
+gcp_project_id = input("gcp_project_id")
 
 # you add controls here
 control "gcp-single-region-1.0" do                                                    # A unique ID for this control

data/lib/plugins/inspec-init/templates/profiles/gcp/inspec.yml

@@ -6,14 +6,13 @@ copyright_email: you@example.com
 license: Apache-2.0
 summary: An InSpec Compliance Profile For GCP
 version: 0.1.0
-inspec_version: '>= 2.3.5'
-attributes:
+inspec_version: '>= 4'
+inputs:
 - name: gcp_project_id
   required: true
   description: 'The GCP project identifier.'
-  type: string
 depends:
 - name: inspec-gcp
   url: https://github.com/inspec/inspec-gcp/archive/master.tar.gz
 supports:
-- platform: gcp
+- platform: gcp

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec-core
 version: !ruby/object:Gem::Version
-  version: 4.25.1
+  version: 4.31.0
 platform: ruby
 authors:
 - Chef InSpec Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-01-20 00:00:00.000000000 Z
+date: 2021-04-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-telemetry
@@ -234,6 +234,20 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '1.4'
+- !ruby/object:Gem::Dependency
+  name: faraday_middleware
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: tty-table
   requirement: !ruby/object:Gem::Requirement
@@ -305,7 +319,7 @@ dependencies:
         version: '1.5'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -315,7 +329,7 @@ dependencies:
         version: '1.5'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: semverse
   requirement: !ruby/object:Gem::Requirement
@@ -697,15 +711,15 @@ files:
 - lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/reporter.rb
 - lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/version.rb
 - lib/plugins/inspec-init/templates/profiles/aws/README.md
-- lib/plugins/inspec-init/templates/profiles/aws/attributes.yml
 - lib/plugins/inspec-init/templates/profiles/aws/controls/example.rb
+- lib/plugins/inspec-init/templates/profiles/aws/inputs.yml
 - lib/plugins/inspec-init/templates/profiles/aws/inspec.yml
 - lib/plugins/inspec-init/templates/profiles/azure/README.md
 - lib/plugins/inspec-init/templates/profiles/azure/controls/example.rb
 - lib/plugins/inspec-init/templates/profiles/azure/inspec.yml
 - lib/plugins/inspec-init/templates/profiles/gcp/README.md
-- lib/plugins/inspec-init/templates/profiles/gcp/attributes.yml
 - lib/plugins/inspec-init/templates/profiles/gcp/controls/example.rb
+- lib/plugins/inspec-init/templates/profiles/gcp/inputs.yml
 - lib/plugins/inspec-init/templates/profiles/gcp/inspec.yml
 - lib/plugins/inspec-init/templates/profiles/os/README.md
 - lib/plugins/inspec-init/templates/profiles/os/controls/example.rb