inspec-core 4.3.2 → 4.6.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a8a2ad37fec927c5277645005285178479229d1d9e4b27eac72017e76fe148d6
-  data.tar.gz: c273fc61ad231069fde8d7fac64283b1598cd02da1630ce5305d3d1533af213e
+  metadata.gz: a1351e4c5e9234d0ca3b130fbe26164740664f824d5ec6d47b92cff852d85581
+  data.tar.gz: 11f2e2b519e46df3d9e6029ec739fb4af344efe83890673a08b16cada8469cbc
 SHA512:
-  metadata.gz: 347841dadf8b6f8b91a0d61190b8095e6adf218308d17e5cee66e1ec615cde84ed6bdfa060362df9fc7cf3b0b93ffccd7275a83d54387797cae504f378ae7ef6
-  data.tar.gz: c042b3def3f7a0cd52c782b197dd35fd38e7d19a1cbb82b0928a8e9b04e7c08076a08540dac8473b8768cc4cc6e079134845e6049c334c3ecf4320ec428af368
+  metadata.gz: 8b06543170f47bef790cd2cfeac502a9ac8bc43fcea41ae363b4f7193890a24de52a9a4da464eb08c9b1671a87659d5e7b94adc3eeca821701e685210d0d23da
+  data.tar.gz: 0c5e6ec5a1b125d64d3e4c589b4bf46e072d19b6c9fe3d4a29448c9c34be580a68c8240360b83b52b659a77c8a3d8463597dace2b24f280648c755cb4940a132

data/README.md

@@ -1,10 +1,17 @@
-# InSpec: Inspect Your Infrastructure
+# Chef InSpec: Inspect Your Infrastructure
+
+* **Project State: Active**
+* **Issues Response SLA: 3 business days**
+* **Pull Request Response SLA: 3 business days**
+
+For more information on project states and SLAs, see [this documentation](https://github.com/chef/chef-oss-practices/blob/master/repo-management/repo-states.md).
 
 [![Slack](https://community-slack.chef.io/badge.svg)](https://community-slack.chef.io/)
 [![Build Status Master](https://travis-ci.org/inspec/inspec.svg?branch=master)](https://travis-ci.org/inspec/inspec)
 [![Build Status Master](https://ci.appveyor.com/api/projects/status/github/inspec/inspec?branch=master&svg=true&passingText=master%20-%20Ok&pendingText=master%20-%20Pending&failingText=master%20-%20Failing)](https://ci.appveyor.com/project/Chef/inspec/branch/master)
+[![Coverage Status](https://coveralls.io/repos/github/inspec/inspec/badge.svg?branch=master)](https://coveralls.io/github/inspec/inspec?branch=master)
 
-InSpec is an open-source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security and policy requirements.
+Chef InSpec is an open-source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security and policy requirements.
 
 ```ruby
 # Disallow insecure protocols by testing
@@ -18,7 +25,7 @@ describe inetd_conf do
 end
 ```
 
-InSpec makes it easy to run your tests wherever you need. More options are found in our [CLI docs](https://www.inspec.io/docs/reference/cli/).
+Chef InSpec makes it easy to run your tests wherever you need. More options are found in our [CLI docs](https://www.inspec.io/docs/reference/cli/).
 
 ```bash
 # run test locally
@@ -27,7 +34,7 @@ inspec exec test.rb
 # run test on remote host on SSH
 inspec exec test.rb -t ssh://user@hostname -i /path/to/key
 
-# run test on remote host using SSH agent private key authentication. Requires InSpec 1.7.1
+# run test on remote host using SSH agent private key authentication. Requires Chef InSpec 1.7.1
 inspec exec test.rb -t ssh://user@hostname
 
 # run test on remote windows host on WinRM
@@ -40,17 +47,19 @@ inspec exec test.rb -t docker://container_id
 # Features
 
 - Built-in Compliance: Compliance no longer occurs at the end of the release cycle
-- Targeted Tests: InSpec writes tests that specifically target compliance issues
+- Targeted Tests: Chef InSpec writes tests that specifically target compliance issues
 - Metadata: Includes the metadata required by security and compliance pros
 - Easy Testing: Includes a command-line interface to run tests quickly
 
 ## Installation
 
-InSpec requires Ruby ( >= 2.4 ).
+Chef InSpec requires Ruby ( >= 2.4 ).
+
+Note: Versions of Chef InSpec 4.0 and later require accepting the EULA to use. Please visit the [license acceptance page](https://docs.chef.io/chef_license_accept.html) on the Chef docs site for more information.
 
 ### Install as package
 
-The InSpec package is available for MacOS, RedHat, Ubuntu and Windows. Download the latest package at [InSpec Downloads](https://downloads.chef.io/inspec) or install InSpec via script:
+The Chef InSpec package is available for MacOS, RedHat, Ubuntu and Windows. Download the latest package at [Chef InSpec Downloads](https://downloads.chef.io/inspec) or install Chef InSpec via script:
 
 ```
 # RedHat, Ubuntu, and macOS
@@ -76,12 +85,19 @@ For Ubuntu:
 apt-get -y install ruby ruby-dev gcc g++ make
 ```
 
-To install inspec from [rubygems](https://rubygems.org/):
+To install the `inspec` executable, which requires accepting the [Chef License](https://docs.chef.io/chef_license_accept.html), run:
+
+```bash
+gem install inspec-bin
+```
+
+You may also use `inspec` as a library, with no executable. This does not require accepting the license. To install the library as a gem, run:
 
 ```bash
 gem install inspec
 ```
 
+
 ### Usage via Docker
 
 Download the image and define a function for convenience:
@@ -135,11 +151,11 @@ gem install inspec-*.gem
 
 On Windows, you need to install [Ruby](http://rubyinstaller.org/downloads/) with [Ruby Development Kit](https://github.com/oneclick/rubyinstaller/wiki/Development-Kit) to build dependencies with its native extensions.
 
-### Install via Habitat
+### Install via Chef Habitat
 
-Currently, this method of installation only supports Linux. See the [Habitat site](https://www.habitat.sh/) for more information.
+Currently, this method of installation only supports Linux. See the [Chef Habitat site](https://www.habitat.sh/) for more information.
 
-Download the `hab` binary from the [Habitat](https://www.habitat.sh/docs/get-habitat/) site.
+Download the `hab` binary from the [Chef Habitat](https://www.habitat.sh/docs/get-habitat/) site.
 
 ```bash
 hab pkg install chef/inspec --binlink
@@ -147,7 +163,7 @@ hab pkg install chef/inspec --binlink
 inspec
 ```
 
-### Run InSpec
+### Run Chef InSpec
 
 You should now be able to run:
 
@@ -203,10 +219,10 @@ end
 ```
 
 Also have a look at our examples for:
-- [Using InSpec with Test Kitchen & Chef](https://github.com/chef/inspec/tree/master/examples/kitchen-chef)
-- [Using InSpec with Test Kitchen & Puppet](https://github.com/chef/inspec/tree/master/examples/kitchen-puppet)
-- [Using InSpec with Test Kitchen & Ansible](https://github.com/chef/inspec/tree/master/examples/kitchen-ansible)
-- [Implementing an InSpec profile](https://github.com/chef/inspec/tree/master/examples/profile)
+- [Using Chef InSpec with Test Kitchen & Chef Infra](https://github.com/chef/inspec/tree/master/examples/kitchen-chef)
+- [Using Chef InSpec with Test Kitchen & Puppet](https://github.com/chef/inspec/tree/master/examples/kitchen-puppet)
+- [Using Chef InSpec with Test Kitchen & Ansible](https://github.com/chef/inspec/tree/master/examples/kitchen-ansible)
+- [Implementing an Chef InSpec profile](https://github.com/chef/inspec/tree/master/examples/profile)
 
 ## Or tests: Testing for a OR b
 
@@ -335,13 +351,13 @@ Relationship to other tools (RSpec, Serverspec):
 
 ## Share your Profiles
 
-You may share your InSpec Profiles in the [Tools & Plugins section](https://supermarket.chef.io/tools-directory) of the [Chef Supermarket](https://supermarket.chef.io/).  [Sign in](https://supermarket.chef.io/sign-in) and [add the details of your profile](https://supermarket.chef.io/tools/new).
+You may share your Chef InSpec Profiles in the [Tools & Plugins section](https://supermarket.chef.io/tools-directory) of the [Chef Supermarket](https://supermarket.chef.io/). [Sign in](https://supermarket.chef.io/sign-in) and [add the details of your profile](https://supermarket.chef.io/tools/new).
 
 You may also [browse the Supermarket for shared Compliance Profiles](https://supermarket.chef.io/tools?type=compliance_profile).
 
 ## Kudos
 
-InSpec is inspired by the wonderful [Serverspec](http://serverspec.org) project. Kudos to [mizzy](https://github.com/mizzy) and [all contributors](https://github.com/mizzy/serverspec/graphs/contributors)!
+Chef InSpec is inspired by the wonderful [Serverspec](http://serverspec.org) project. Kudos to [mizzy](https://github.com/mizzy) and [all contributors](https://github.com/mizzy/serverspec/graphs/contributors)!
 
 The AWS resources were inspired by [inspec-aws](https://github.com/arothian/inspec-aws) from [arothian](https://github.com/arothian).
 
@@ -353,7 +369,7 @@ The AWS resources were inspired by [inspec-aws](https://github.com/arothian/insp
 1. Push to the branch (git push origin my-new-feature)
 1. Create new Pull Request
 
-The InSpec community and maintainers are very active and helpful. This project benefits greatly from this activity.
+The Chef InSpec community and maintainers are very active and helpful. This project benefits greatly from this activity.
 
 If you'd like to chat with the community and maintainers directly join us in the `#inspec` channel on the [Chef Community Slack](http://community-slack.chef.io/).
 
@@ -361,7 +377,7 @@ As a reminder, all participants are expected to follow the [Code of Conduct](htt
 
 [![Slack](https://community-slack.chef.io/badge.svg)](https://community-slack.chef.io/)
 
-## Testing InSpec
+## Testing Chef InSpec
 
 We offer `unit`, `integration`, and `aws` tests.
 
@@ -389,7 +405,7 @@ bundle exec m test/unit/resources/user_test.rb -l 123
 
 ### Integration tests
 
-These tests download various virtual machines, to ensure InSpec is working as expected across different operating systems.
+These tests download various virtual machines, to ensure Chef InSpec is working as expected across different operating systems.
 
 These tests require the following gems:
 

data/etc/deprecations.json

@@ -6,6 +6,16 @@
       "action": "warn",
       "prefix": "The 'default' option for attributes is being replaced by 'value' - please use it instead."
     },
+    "attrs_dsl": {
+      "action": "ignore",
+      "comment": "See #3853",
+      "prefix": "The 'attribute' DSL keyword is being replaced by 'input' - please use it instead."
+    },
+    "attrs_rename_in_metadata": {
+      "action": "ignore",
+      "comment": "See 3854",
+      "prefix": "Inputs should be specified by using the 'inputs' key in profile metadata, not 'attributes'."
+    },
     "aws_resources_in_resource_pack": {
       "comment": "See #3822",
       "action": "warn",

data/etc/plugin_filters.json

@@ -5,6 +5,14 @@
       "plugin_name": "inspec-core",
       "rationale": "This gem is a stripped-down alternate packaging of InSpec. It is not a plugin."
     },
+    {
+      "plugin_name": "inspec-bin",
+      "rationale": "This gem contains the executable for Chef InSpec.  It is not a plugin."
+    },
+    {
+      "plugin_name": "inspec-core-bin",
+      "rationale": "This gem contains the executable for a lightweight version of Chef InSpec. It is not a plugin."
+    },
     {
       "plugin_name": "inspec-k8s",
       "rationale": "This gem is currently only a placeholder, waiting to be built."

data/lib/bundles/inspec-compliance/api.rb

@@ -1,7 +1,7 @@
 # This file has been moved to the v2.0 plugins. This redirect allows for legacy use.
 # TODO: Remove in inspec 4.0
 
-require 'plugins/inspec-compliance/lib/inspec-compliance/api'
+require "plugins/inspec-compliance/lib/inspec-compliance/api"
 
 # Backport old namespace
 Compliance = InspecPlugins::Compliance unless defined?(Compliance)

data/lib/bundles/inspec-compliance/configuration.rb

@@ -1,7 +1,7 @@
 # This file has been moved to the v2.0 plugins. This redirect allows for legacy use.
 # TODO: Remove in inspec 4.0
 
-require 'plugins/inspec-compliance/lib/inspec-compliance/configuration'
+require "plugins/inspec-compliance/lib/inspec-compliance/configuration"
 
 # Backport old namespace
 Compliance = InspecPlugins::Compliance unless defined?(Compliance)

data/lib/bundles/inspec-compliance/http.rb

@@ -1,7 +1,7 @@
 # This file has been moved to the v2.0 plugins. This redirect allows for legacy use.
 # TODO: Remove in inspec 4.0
 
-require 'plugins/inspec-compliance/lib/inspec-compliance/http'
+require "plugins/inspec-compliance/lib/inspec-compliance/http"
 
 # Backport old namespace
 Compliance = InspecPlugins::Compliance unless defined?(Compliance)

data/lib/bundles/inspec-compliance/support.rb

@@ -1,7 +1,7 @@
 # This file has been moved to the v2.0 plugins. This redirect allows for legacy use.
 # TODO: Remove in inspec 4.0
 
-require 'plugins/inspec-compliance/lib/inspec-compliance/support'
+require "plugins/inspec-compliance/lib/inspec-compliance/support"
 
 # Backport old namespace
 Compliance = InspecPlugins::Compliance unless defined?(Compliance)

data/lib/bundles/inspec-compliance/target.rb

@@ -1,7 +1,7 @@
 # This file has been moved to the v2.0 plugins. This redirect allows for legacy use.
 # TODO: Remove in inspec 4.0
 
-require 'plugins/inspec-compliance/lib/inspec-compliance/target'
+require "plugins/inspec-compliance/lib/inspec-compliance/target"
 
 # Backport old namespace
 Compliance = InspecPlugins::Compliance unless defined?(Compliance)

data/lib/bundles/inspec-supermarket.rb

@@ -1,13 +1,9 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Richter
-
 libdir = File.dirname(__FILE__)
 $LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
 
 module Supermarket
-  autoload :API, 'inspec-supermarket/api'
+  autoload :API, "inspec-supermarket/api"
 end
 
-require 'inspec-supermarket/cli'
-require 'inspec-supermarket/target'
+require "inspec-supermarket/cli"
+require "inspec-supermarket/target"

data/lib/bundles/inspec-supermarket/api.rb

@@ -1,26 +1,23 @@
-# encoding: utf-8
 # frozen_string_literal: true
-# author: Christoph Hartmann
-# author: Dominik Richter
 
-require 'net/http'
-require 'addressable/uri'
+require "net/http"
+require "addressable/uri"
 
 module Supermarket
   class API
-    SUPERMARKET_URL = 'https://supermarket.chef.io'
+    SUPERMARKET_URL = "https://supermarket.chef.io"
 
     # displays a list of profiles
     def self.profiles(supermarket_url = SUPERMARKET_URL)
       url = "#{supermarket_url}/api/v1/tools-search"
-      _success, data = get(url, { type: 'compliance_profile', items: 100 })
+      _success, data = get(url, { type: "compliance_profile", items: 100 })
       if !data.nil?
         profiles = JSON.parse(data)
-        profiles['items'].map { |x|
-          m = %r{^#{supermarket_url}/api/v1/tools/(?<slug>[\w-]+)(/)?$}.match(x['tool'])
-          x['slug'] = m[:slug]
+        profiles["items"].map do |x|
+          m = %r{^#{supermarket_url}/api/v1/tools/(?<slug>[\w-]+)(/)?$}.match(x["tool"])
+          x["slug"] = m[:slug]
           x
-        }
+        end
       else
         []
       end
@@ -54,7 +51,7 @@ module Supermarket
 
       # Tool name in Supermarket URL is downcased so we need to downcase
       tool = "#{supermarket_url}/api/v1/tools/#{tool_name.downcase}"
-      supermarket_tool['tool_owner'] == tool_owner && supermarket_tool['tool'] == tool
+      supermarket_tool["tool_owner"] == tool_owner && supermarket_tool["tool"] == tool
     end
 
     def self.find(profile, supermarket_url = SUPERMARKET_URL)
@@ -80,7 +77,7 @@ module Supermarket
 
     def self.send_request(uri, req)
       # send request
-      res = Net::HTTP.start(uri.host, uri.port, use_ssl: uri.scheme == 'https') do |http|
+      res = Net::HTTP.start(uri.host, uri.port, use_ssl: uri.scheme == "https") do |http|
         http.request(req)
       end
       [res.is_a?(Net::HTTPSuccess), res.body]

data/lib/bundles/inspec-supermarket/cli.rb

@@ -1,11 +1,8 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Richter
-require 'inspec/base_cli'
+require "inspec/base_cli"
 
 module Supermarket
   class SupermarketCLI < Inspec::BaseCLI
-    namespace 'supermarket'
+    namespace "supermarket"
 
     # TODO: find another solution, once https://github.com/erikhuda/thor/issues/261 is fixed
     def self.banner(command, _namespace = nil, _subcommand = false)
@@ -16,18 +13,18 @@ module Supermarket
       namespace
     end
 
-    desc 'profiles', 'list all available profiles in Chef Supermarket'
+    desc "profiles", "list all available profiles in Chef Supermarket"
     def profiles
       # display profiles in format user/profile
       supermarket_profiles = Supermarket::API.profiles
 
-      headline('Available profiles:')
-      supermarket_profiles.each { |p|
+      headline("Available profiles:")
+      supermarket_profiles.each do |p|
         li("#{p['tool_name']} #{mark_text(p['tool_owner'] + '/' + p['slug'])}")
-      }
+      end
     end
 
-    desc 'exec PROFILE', 'execute a Supermarket profile'
+    desc "exec PROFILE", "execute a Supermarket profile"
     exec_options
     def exec(*tests)
       o = config
@@ -35,7 +32,7 @@ module Supermarket
       configure_logger(o)
 
       # iterate over tests and add compliance scheme
-      tests = tests.map { |t| 'supermarket://' + t }
+      tests = tests.map { |t| "supermarket://" + t }
 
       runner = Inspec::Runner.new(o)
       tests.each { |target| runner.add_target(target) }
@@ -46,13 +43,13 @@ module Supermarket
       exit 1
     end
 
-    desc 'info PROFILE', 'display Supermarket profile details'
+    desc "info PROFILE", "display Supermarket profile details"
     def info(profile)
       # check that the profile is available
       supermarket_profiles = Supermarket::API.profiles
-      found = supermarket_profiles.select { |p|
+      found = supermarket_profiles.select do |p|
         profile == "#{p['tool_owner']}/#{p['slug']}"
-      }
+      end
 
       if found.empty?
         puts "#{mark_text(profile)} is not available on Supermarket"
@@ -70,5 +67,5 @@ module Supermarket
   end
 
   # register the subcommand to InSpec CLI registry
-  Inspec::Plugins::CLI.add_subcommand(SupermarketCLI, 'supermarket', 'supermarket SUBCOMMAND ...', 'Supermarket commands', {})
+  Inspec::Plugins::CLI.add_subcommand(SupermarketCLI, "supermarket", "supermarket SUBCOMMAND ...", "Supermarket commands", {})
 end

data/lib/bundles/inspec-supermarket/target.rb

@@ -1,19 +1,15 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Richter
-
-require 'uri'
-require 'inspec/fetcher'
-require 'fetchers/url'
+require "uri"
+require "inspec/fetcher"
+require "fetchers/url"
 
 # InSpec Target Helper for Supermarket
 module Supermarket
   class Fetcher < Inspec.fetcher(1)
-    name 'supermarket'
+    name "supermarket"
     priority 500
 
     def self.resolve(target, opts = {})
-      supermarket_uri, supermarket_server = if target.is_a?(String) && URI(target).scheme == 'supermarket'
+      supermarket_uri, supermarket_server = if target.is_a?(String) && URI(target).scheme == "supermarket"
                                               [target, Supermarket::API::SUPERMARKET_URL]
                                             elsif target.respond_to?(:key?) && target.key?(:supermarket)
                                               supermarket_server = target[:supermarket_url] || Supermarket::API::SUPERMARKET_URL
@@ -22,13 +18,13 @@ module Supermarket
       return nil unless supermarket_uri
       return nil unless Supermarket::API.exist?(supermarket_uri, supermarket_server)
       tool_info = Supermarket::API.find(supermarket_uri, supermarket_server)
-      resolve_next(tool_info['tool_source_url'], opts)
+      resolve_next(tool_info["tool_source_url"], opts)
     rescue URI::Error
       nil
     end
 
     def to_s
-      'Chef Compliance Profile Loader'
+      "Chef Compliance Profile Loader"
     end
   end
 end

data/lib/fetchers/git.rb

@@ -1,8 +1,7 @@
-# encoding: utf-8
-require 'tmpdir'
-require 'fileutils'
-require 'mixlib/shellout'
-require 'inspec/log'
+require "tmpdir"
+require "fileutils"
+require "mixlib/shellout"
+require "inspec/log"
 
 module Fetchers
   #
@@ -25,12 +24,12 @@ module Fetchers
   # omnibus source for hints.
   #
   class Git < Inspec.fetcher(1)
-    name 'git'
+    name "git"
     priority 200
 
     def self.resolve(target, opts = {})
       if target.is_a?(String)
-        new(target, opts) if target.start_with?('git@') || target.end_with?('.git')
+        new(target, opts) if target.start_with?("git@") || target.end_with?(".git")
       elsif target.respond_to?(:has_key?) && target.key?(:git)
         new(target[:git], opts.merge(target))
       end
@@ -54,7 +53,7 @@ module Fetchers
         Dir.mktmpdir do |tmpdir|
           checkout(tmpdir)
           Inspec::Log.debug("Checkout of #{resolved_ref} successful. Moving checkout to #{dir}")
-          FileUtils.cp_r(tmpdir + '/.', @repo_directory)
+          FileUtils.cp_r(tmpdir + "/.", @repo_directory)
         end
       end
       @repo_directory
@@ -82,7 +81,7 @@ module Fetchers
                         elsif @tag
                           resolve_ref(@tag)
                         else
-                          resolve_ref('master')
+                          resolve_ref("master")
                         end
     end
 
@@ -130,7 +129,7 @@ module Fetchers
     end
 
     def cloned?
-      File.directory?(File.join(@repo_directory, '.git'))
+      File.directory?(File.join(@repo_directory, ".git"))
     end
 
     def clone(dir = @repo_directory)
@@ -149,7 +148,7 @@ module Fetchers
       cmd.error!
       cmd.status
     rescue Errno::ENOENT
-      raise 'To use git sources, you must have git installed.'
+      raise "To use git sources, you must have git installed."
     end
 
     def shellout(cmd, opts = {})
@@ -157,12 +156,12 @@ module Fetchers
       cmd = Mixlib::ShellOut.new(cmd, opts)
       cmd.run_command
       Inspec::Log.debug("External command: completed with exit status: #{cmd.exitstatus}")
-      Inspec::Log.debug('External command: STDOUT BEGIN')
+      Inspec::Log.debug("External command: STDOUT BEGIN")
       Inspec::Log.debug(cmd.stdout)
-      Inspec::Log.debug('External command: STDOUT END')
-      Inspec::Log.debug('External command: STDERR BEGIN')
+      Inspec::Log.debug("External command: STDOUT END")
+      Inspec::Log.debug("External command: STDERR BEGIN")
       Inspec::Log.debug(cmd.stderr)
-      Inspec::Log.debug('External command: STDERR END')
+      Inspec::Log.debug("External command: STDERR END")
       cmd
     end
   end