inspec 0.14.3 → 0.14.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7a5fe5ef68c859de078978c41fac03fa6164c5ff
-  data.tar.gz: e9a4ad5bb3a9808801ad153d50843eeb8f6fbcee
+  metadata.gz: b08bf257cb8949cae2b2a72aa26ba4e992724ca9
+  data.tar.gz: 6e8c50d7a6025d2714d012c7fe262b4be1087860
 SHA512:
-  metadata.gz: 4bd1406a6eccaf2fe72cdab36d4e8b467653f14767a6006ea01e9768d5d7e1329b7a81e65308d404f8df61b900e5a4280addd849e5c8fa673a204e79ae2c9e37
-  data.tar.gz: 2226db16772df0467cca929a0ee68c5b3925450831f15630b0ac09003dacf55579a1cc67acdd252de04d44846e557d70b4959a3f795ad5ea2226d3ce2c9bbb42
+  metadata.gz: c58d8262678198e8c88647dbf1e8f204f1a9c9da268ecc439b76d234c346f403b717ca4d0c7e54941848fa64341ec3af85c86167b7250adcec6200dbbed9b43d
+  data.tar.gz: 5505c2d86085b0cb45e4d6c9562fb44b462354e45e001265681cba5d48d6c3f1950573470ce25b59c6c56c1413c90f8a5c5bfd6f3b3603298d754b1af0136334

data/CHANGELOG.md

@@ -1,16 +1,32 @@
 # Change Log
 
-## [0.14.3](https://github.com/chef/inspec/tree/0.14.3) (2016-02-24)
-[Full Changelog](https://github.com/chef/inspec/compare/v0.14.2...0.14.3)
+## [0.14.4](https://github.com/chef/inspec/tree/0.14.4) (2016-02-26)
+[Full Changelog](https://github.com/chef/inspec/compare/v0.14.3...0.14.4)
 
 **Implemented enhancements:**
 
-- cmp matcher should compare expected string == number [\#487](https://github.com/chef/inspec/pull/487) ([chris-rock](https://github.com/chris-rock))
+- add `describe.one`: collection of tests with at least one passing [\#497](https://github.com/chef/inspec/pull/497) ([arlimus](https://github.com/arlimus))
 
 **Merged pull requests:**
 
+- don't crash on empty metadata during finalize [\#500](https://github.com/chef/inspec/pull/500) ([arlimus](https://github.com/arlimus))
+- add xinetd\_conf resource [\#499](https://github.com/chef/inspec/pull/499) ([arlimus](https://github.com/arlimus))
+
+## [v0.14.3](https://github.com/chef/inspec/tree/v0.14.3) (2016-02-24)
+[Full Changelog](https://github.com/chef/inspec/compare/v0.14.2...v0.14.3)
+
+**Implemented enhancements:**
+
+- cmp matcher should compare expected string == number [\#487](https://github.com/chef/inspec/pull/487) ([chris-rock](https://github.com/chris-rock))
+
+**Fixed bugs:**
+
 - expose inspec errors during profile read [\#492](https://github.com/chef/inspec/pull/492) ([arlimus](https://github.com/arlimus))
 
+**Merged pull requests:**
+
+- 0.14.3 [\#493](https://github.com/chef/inspec/pull/493) ([arlimus](https://github.com/arlimus))
+
 ## [v0.14.2](https://github.com/chef/inspec/tree/v0.14.2) (2016-02-22)
 [Full Changelog](https://github.com/chef/inspec/compare/v0.14.1...v0.14.2)
 

data/docs/dsl_inspec.rst

@@ -45,9 +45,22 @@ where
 * ``its('Port')`` is the matcher; ``{ should eq('22') }`` is the test. A ``describe`` block must contain at least one matcher, but may contain as many as required
 
 
-Author Tests
------------------------------------------------------
-It is recommended that test files are located in the ``/tests`` directory. When writing controls, the ``impact``, ``title``, ``desc`` metadata are _optional_, but are highly recommended.
+Advanced concepts
+=====================================================
+
+With inspec it is possible to check if at least one of a collection of checks is true. For example: If a setting is configured in two different locations, you may want to test if either configuration A or configuration B have been set. This is accomplished via ``describe.one``. It defines a block of tests with at least one valid check.
+
+.. code-block:: ruby
+
+   describe.one do
+     describe ConfigurationA do
+       its('setting_1') { should eq true }
+     end
+
+     describe ConfigurationB do
+       its('setting_2') { should eq true }
+     end
+   end
 
 Examples
 =====================================================

data/lib/inspec/describe.rb

@@ -0,0 +1,27 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+
+module Inspec
+  class DescribeBase
+    def initialize(action)
+      @action = action
+      @checks = []
+    end
+
+    # Evaluate the given block and collect all checks. These will be registered
+    # with the callback function under the 'describe.one' name.
+    #
+    # @param [Proc] ruby block containing checks (e.g. via describe)
+    # @return [nil]
+    def one(&block)
+      return unless block_given?
+      instance_eval(&block)
+      @action.call('describe.one', @checks, nil)
+    end
+
+    def describe(*args, &block)
+      @checks.push(['describe', args, block])
+    end
+  end
+end

data/lib/inspec/expect.rb

@@ -0,0 +1,45 @@
+# encoding: utf-8
+# copyright: 2016, Chef Software Inc.
+# author: Dominik Richter
+# author: Christoph Hartmann
+
+require 'rspec/expectations'
+
+module Inspec
+  class Expect
+    attr_reader :calls, :value, :block
+    def initialize(value, &block)
+      @value = value
+      @block = block
+      @calls = []
+    end
+
+    def to(*args, &block)
+      @calls.push([:to, args, block, caller])
+    end
+
+    def not_to(*args, &block)
+      @calls.push([:not_to, args, block, caller])
+    end
+
+    def example_group
+      that = self
+
+      opts = { 'caller' => calls[0][3] }
+      if !calls[0][3].nil? && !calls[0][3].empty? &&
+         (m = calls[0][3][0].match(/^([^:]*):(\d+):/))
+        opts['file_path'] = m[0]
+        opts['line_number'] = m[1]
+      end
+
+      RSpec::Core::ExampleGroup.describe(that.value, opts) do
+        that.calls.each do |method, args, block, clr|
+          it(nil, caller: clr) do
+            x = expect(that.value, &that.block).method(method)
+            x.call(*args, &block)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/inspec/metadata.rb

@@ -140,6 +140,7 @@ module Inspec
     end
 
     def self.finalize(metadata, profile_id)
+      return nil if metadata.nil?
       param = metadata.params || {}
       param['name'] = profile_id.to_s unless profile_id.to_s.empty?
       param['version'] = param['version'].to_s unless param['version'].nil?

data/lib/inspec/profile_context.rb

@@ -85,7 +85,7 @@ module Inspec
     #
     # @param outer_dsl [OuterDSLClass]
     # @return [ProfileContextClass]
-    def create_context(resources_dsl, rule_class)
+    def create_context(resources_dsl, rule_class) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
       profile_context_owner = self
 
       # rubocop:disable Lint/NestedMethodDefinition
@@ -117,13 +117,15 @@ module Inspec
         alias_method :rule, :control
 
         define_method :describe do |*args, &block|
-          path = block.source_location[0]
-          line = block.source_location[1]
-          id = "(generated from #{File.basename(path)}:#{line} #{SecureRandom.hex})"
+          loc = block_location(block, caller[0])
+          id = "(generated from #{loc} #{SecureRandom.hex})"
+
+          res = nil
           rule = rule_class.new(id, {}) do
-            describe(*args, &block)
+            res = describe(*args, &block)
           end
           profile_context_owner.register_rule(rule, &block)
+          res
         end
 
         # TODO: mock method for attributes; import attribute handling
@@ -141,6 +143,17 @@ module Inspec
           return unless block_given?
           @skip_profile = !yield
         end
+
+        private
+
+        def block_location(block, alternate_caller)
+          if block.nil?
+            alternate_caller[/^(.+:\d+):in .+$/, 1] || 'unknown'
+          else
+            path, line = block.source_location
+            "#{File.basename(path)}:#{line}"
+          end
+        end
       end
       # rubocop:enable all
     end

data/lib/inspec/resource.rb

@@ -93,6 +93,7 @@ require 'resources/shadow'
 require 'resources/ssh_conf'
 require 'resources/user'
 require 'resources/windows_feature'
+require 'resources/xinetd'
 require 'resources/yum'
 
 # file formats, depend on json implementation

data/lib/inspec/rule.rb

@@ -4,47 +4,11 @@
 # author: Dominik Richter
 # author: Christoph Hartmann
 
-require 'rspec/expectations'
 require 'method_source'
+require 'inspec/describe'
+require 'inspec/expect'
 
 module Inspec
-  class ExpectationTarget
-    attr_reader :calls, :value, :block
-    def initialize(value, &block)
-      @value = value
-      @block = block
-      @calls = []
-    end
-
-    def to(*args, &block)
-      @calls.push([:to, args, block, caller])
-    end
-
-    def not_to(*args, &block)
-      @calls.push([:not_to, args, block, caller])
-    end
-
-    def example_group
-      that = self
-
-      opts = { 'caller' => calls[0][3] }
-      if !calls[0][3].nil? && !calls[0][3].empty? &&
-         (m = calls[0][3][0].match(/^([^:]*):(\d+):/))
-        opts['file_path'] = m[0]
-        opts['line_number'] = m[1]
-      end
-
-      RSpec::Core::ExampleGroup.describe(that.value, opts) do
-        that.calls.each do |method, args, block, clr|
-          it(nil, caller: clr) do
-            x = expect(that.value, &that.block).method(method)
-            x.call(*args, &block)
-          end
-        end
-      end
-    end
-  end
-
   class Rule
     include ::RSpec::Matchers
 
@@ -83,13 +47,32 @@ module Inspec
       @desc
     end
 
-    def describe(value, &block)
-      @checks.push(['describe', [value], block])
+    # Describe will add one or more tests to this control. There is 2 ways
+    # of calling it:
+    #
+    #   describe resource do ... end
+    #
+    # or
+    #
+    #   describe.one do ... end
+    #
+    # @param [any] Resource to be describe, string, or nil
+    # @param [Proc] An optional block containing tests for the described resource
+    # @return [nil|DescribeBase] if called without arguments, returns DescribeBase
+    def describe(*values, &block)
+      if values.empty? && !block_given?
+        dsl = self.class.ancestors[1]
+        Class.new(DescribeBase) do
+          include dsl
+        end.new(method(:add_check))
+      else
+        add_check('describe', values, block)
+      end
     end
 
     def expect(value, &block)
-      target = ExpectationTarget.new(value, &block)
-      @checks.push(['expect', [value], target])
+      target = Inspec::Expect.new(value, &block)
+      add_check('expect', [value], target)
       target
     end
 
@@ -148,6 +131,10 @@ module Inspec
 
     private
 
+    def add_check(describe_or_expect, values, block)
+      @checks.push([describe_or_expect, values, block])
+    end
+
     # Idio(ma)tic unindent
     # TODO: replace this
     #

data/lib/inspec/runner.rb

@@ -13,7 +13,7 @@ require 'inspec/metadata'
 # spec requirements
 
 module Inspec
-  class Runner
+  class Runner # rubocop:disable Metrics/ClassLength
     extend Forwardable
     attr_reader :backend, :rules
     def initialize(conf = {})
@@ -96,13 +96,17 @@ module Inspec
 
     private
 
-    def get_check_example(method_name, arg, block)
+    def block_source_info(block)
+      return {} if block.nil? || !block.respond_to?(:source_location)
       opts = {}
-      if !block.nil? && block.respond_to?(:source_location)
-        file_path, line = block.source_location
-        opts['file_path'] = file_path
-        opts['line_number'] = line
-      end
+      file_path, line = block.source_location
+      opts['file_path'] = file_path
+      opts['line_number'] = line
+      opts
+    end
+
+    def get_check_example(method_name, arg, block)
+      opts = block_source_info(block)
 
       if !arg.empty? &&
          arg[0].respond_to?(:resource_skipped) &&
@@ -117,6 +121,16 @@ module Inspec
           return @test_collector.example_group(*arg, opts, &block)
         when 'expect'
           return block.example_group
+        when 'describe.one'
+          tests = arg.map do |x|
+            @test_collector.example_group(x[1][0], block_source_info(x[2]), &x[2])
+          end
+          return nil if tests.empty?
+          ok_tests = tests.find_all(&:run)
+          # return all tests if none succeeds; we will just report full failure
+          return tests if ok_tests.empty?
+          # otherwise return all working tests
+          return ok_tests
         else
           fail "A rule was registered with #{method_name.inspect}, "\
                "which isn't understood and cannot be processed."
@@ -128,10 +142,11 @@ module Inspec
     def register_rule(rule_id, rule)
       @rules[rule_id] = rule
       checks = rule.instance_variable_get(:@checks)
-      checks.each do |m, a, b|
-        # resource skipping
-        example = get_check_example(m, a, b)
+      examples = checks.map do |m, a, b|
+        get_check_example(m, a, b)
+      end.flatten.compact
 
+      examples.each do |example|
         # TODO: Remove this!! It is very dangerous to do this here.
         # The goal of this is to make the audit DSL available to all
         # describe blocks. Right now, these blocks are executed outside
@@ -140,7 +155,6 @@ module Inspec
         # scope.
         dsl = Inspec::Resource.create_dsl(backend)
         example.send(:include, dsl)
-
         @test_collector.add_test(example, rule_id)
       end
     end

data/lib/inspec/version.rb

@@ -3,5 +3,5 @@
 # author: Christoph Hartmann
 
 module Inspec
-  VERSION = '0.14.3'.freeze
+  VERSION = '0.14.4'.freeze
 end

data/lib/resources/xinetd.rb

@@ -0,0 +1,142 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+require 'utils/parser'
+
+class XinetdConf < Inspec.resource(1) # rubocop:disable Metrics/ClassLength
+  name 'xinetd_conf'
+  desc 'Xinetd services configuration.'
+  example "
+    describe xinetd_conf.services('chargen') do
+      its('socket_types') { should include 'dgram' }
+    end
+
+    describe xinetd_conf.services('chargen').socket_types('dgram') do
+      it { should be_disabled }
+    end
+  "
+
+  include XinetdParser
+
+  def initialize(conf_path = '/etc/xinetd.conf', opts = {})
+    @conf_path = conf_path
+    @params = opts[:params] unless opts[:params].nil?
+    @filters = opts[:filters] || ''
+    @contents = {}
+  end
+
+  def to_s
+    "Xinetd config #{@conf_path}"
+  end
+
+  def services(condition = nil)
+    condition.nil? ? params['services'].keys : filter(service: condition)
+  end
+
+  def ids(condition = nil)
+    condition.nil? ? services_field('id') : filter(id: condition)
+  end
+
+  def socket_types(condition = nil)
+    condition.nil? ? services_field('socket_type') : filter(socket_type: condition)
+  end
+
+  def types(condition = nil)
+    condition.nil? ? services_field('type') : filter(type: condition)
+  end
+
+  def wait(condition = nil)
+    condition.nil? ? services_field('wait') : filter(wait: condition)
+  end
+
+  def disabled?
+    filter(disable: 'no').services.empty?
+  end
+
+  def enabled?
+    filter(disable: 'yes').services.empty?
+  end
+
+  def params
+    return @params if defined?(@params)
+    return @params = {} if read_content.nil?
+    flat_params = parse_xinetd(read_content)
+    @params = { 'services' => {} }
+    flat_params.each do |k, v|
+      name = k[/^service (.+)$/, 1]
+      if name.nil?
+        @params[k] = v
+      else
+        @params['services'][name] = v
+      end
+    end
+    @params
+  end
+
+  def filter(conditions = {})
+    res = params.dup
+    filters = ''
+    conditions.each do |k, v|
+      v = v.to_s if v.is_a? Integer
+      filters += " #{k} = #{v.inspect}"
+      res['services'] = filter_by(res['services'], k.to_s, v)
+    end
+    XinetdConf.new(@conf_path, params: res, filters: filters)
+  end
+
+  private
+
+  # Retrieve the provided field from all configured services.
+  #
+  # @param [String] field name, e.g. `socket_type`
+  # @return [Array[String]] all values of this field across services
+  def services_field(field)
+    params['services'].values.compact.flatten
+                      .map { |x| x.params[field] }.flatten.compact
+  end
+
+  def match_condition(sth, condition)
+    case sth
+    # this does Regex-matching as well as string comparison
+    when condition
+      true
+    else
+      false
+    end
+  end
+
+  # Filter services by a criteria. This allows for search queries for
+  # certain values.
+  #
+  # @param [Hash] service collection
+  # @param [String] search key you want to query
+  # @param [Any] search value that the key should match
+  # @return [Hash] filtered service collection
+  def filter_by(services, k, v)
+    if k == 'service'
+      return Hash[services.find_all { |name, _| match_condition(v, name) }]
+    end
+    Hash[services.map { |name, service_arr|
+      found = service_arr.find_all { |service|
+        match_condition(service.params[k], v)
+      }
+      found.empty? ? nil : [name, found]
+    }.compact]
+  end
+
+  def read_content(path = @conf_path)
+    return @contents[path] if @contents.key?(path)
+    file = inspec.file(path)
+    if !file.file?
+      return skip_resource "Can't find file \"#{path}\""
+    end
+
+    @contents[path] = file.content
+    if @contents[path].empty? && file.size > 0
+      return skip_resource "Can't read file \"#{path}\""
+    end
+
+    @contents[path]
+  end
+end

data/lib/utils/parser.rb

@@ -177,3 +177,56 @@ module SolarisNetstatParser
     line.match(Regexp.new(arr.join))
   end
 end
+
+module XinetdParser
+  def xinetd_include_dir(dir)
+    return [] if dir.nil?
+
+    unless inspec.file(dir).directory?
+      return skip_resource "Cannot read folder in #{dir}"
+    end
+
+    files = inspec.command("find #{dir} -type f").stdout.split("\n")
+    files.map { |file| parse_xinetd(read_content(file)) }
+  end
+
+  def parse_xinetd(raw) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+    return {} if raw.nil?
+    res = {}
+    cur_group = nil
+    simple_conf = []
+    rest = raw
+    until rest.empty?
+      nl = rest.index("\n") || (rest.length-1)
+      comment = rest.index('#') || (rest.length-1)
+      dst_idx = (comment < nl) ? comment : nl
+      inner_line = (dst_idx == 0) ? '' : rest[0..dst_idx-1].strip
+      rest = rest[nl+1..-1]
+      next if inner_line.empty?
+
+      if inner_line == '}'
+        res[cur_group] = SimpleConfig.new(simple_conf.join("\n"))
+        cur_group = nil
+      elsif rest.lstrip[0] == '{'
+        cur_group = inner_line
+        simple_conf = []
+        rest = rest[rest.index("\n")+1..-1]
+      elsif cur_group.nil?
+        others = xinetd_include_dir(inner_line[/includedir (.+)/, 1])
+
+        # complex merging of included configurations, as multiple services
+        # may be defined with the same name but different configuration
+        others.each { |ores|
+          ores.each { |k, v|
+            res[k] ||= []
+            res[k].push(v)
+          }
+        }
+      else
+        simple_conf.push(inner_line)
+      end
+    end
+
+    res
+  end
+end

data/test/helper.rb

@@ -111,6 +111,10 @@ class MockLoader
       '/etc/apache2/apache2.conf' => mockfile.call('apache2.conf'),
       '/etc/apache2/ports.conf' => mockfile.call('ports.conf'),
       '/etc/apache2/conf-enabled/serve-cgi-bin.conf' => mockfile.call('serve-cgi-bin.conf'),
+      '/etc/xinetd.conf' => mockfile.call('xinetd.conf'),
+      '/etc/xinetd.d' => mockfile.call('xinetd.d'),
+      '/etc/xinetd.d/chargen-stream' => mockfile.call('xinetd.d_chargen-stream'),
+      '/etc/xinetd.d/chargen-dgram' => mockfile.call('xinetd.d_chargen-dgram'),
     }
 
     # create all mock commands
@@ -225,6 +229,8 @@ class MockLoader
       'pkg info system/file-system/zfs' => cmd.call('pkg-info-system-file-system-zfs'),
       # port netstat on solaris 10 & 11
       'netstat -an -f inet -f inet6' => cmd.call('s11-netstat-an-finet-finet6'),
+      # xinetd configuration
+      'find /etc/xinetd.d -type f' => cmd.call('find-xinetd.d'),
     }
 
     @backend

data/test/unit/mock/cmd/find-xinetd.d

@@ -0,0 +1,2 @@
+/etc/xinetd.d/chargen-stream
+/etc/xinetd.d/chargen-dgram

data/test/unit/mock/files/xinetd.conf

@@ -0,0 +1,9 @@
+defaults
+{
+# comments...
+#	enabled		=
+	log_type	= SYSLOG daemon info
+	instances	= 50
+}
+
+includedir /etc/xinetd.d

data/test/unit/mock/files/xinetd.d_chargen-dgram

@@ -0,0 +1,9 @@
+service chargen
+{
+    disable		= no
+    # comment
+    id		= chargen-dgram
+    type		= INTERNAL
+  	wait		= yes
+  	socket_type	= dgram
+}

data/test/unit/mock/files/xinetd.d_chargen-stream

@@ -0,0 +1,9 @@
+service chargen
+{
+    disable		= yes
+    # disable = no
+    id		= chargen-stream
+    type		= INTERNAL
+  	wait		= yes
+  	socket_type	= stream
+}

data/test/unit/profile_context_test.rb

@@ -5,10 +5,64 @@
 require 'helper'
 require 'inspec/profile_context'
 
+class Module
+  include Minitest::Spec::DSL
+end
+
+module DescribeOneTest
+  it 'loads an empty describe.one' do
+    profile.load(format(context_format, 'describe.one'))
+    get_checks.must_equal([])
+  end
+
+  it 'loads an empty describe.one block' do
+    profile.load(format(context_format, 'describe.one do; end'))
+    get_checks.must_equal([['describe.one', [], nil]])
+  end
+
+  it 'loads a simple describe.one block' do
+    profile.load(format(context_format, '
+      describe.one do
+        describe true do; it { should eq true }; end
+      end'))
+    c = get_checks[0]
+    c[0].must_equal 'describe.one'
+    childs = c[1]
+    childs.length.must_equal 1
+    childs[0][0].must_equal 'describe'
+    childs[0][1].must_equal [true]
+  end
+
+  it 'loads a complex describe.one block' do
+    profile.load(format(context_format, '
+      describe.one do
+        describe 0 do; it { should eq true }; end
+        describe 1 do; it { should eq true }; end
+        describe 2 do; it { should eq true }; end
+      end'))
+    c = get_checks[0]
+    c[0].must_equal 'describe.one'
+    childs = c[1]
+    childs.length.must_equal 3
+    childs.each_with_index do |ci, idx|
+      ci[0].must_equal 'describe'
+      ci[1].must_equal [idx]
+    end
+  end
+end
+
 describe Inspec::ProfileContext do
   let(:backend) { MockLoader.new.backend }
   let(:profile) { Inspec::ProfileContext.new(nil, backend) }
 
+  def get_rule
+    profile.rules.values[0]
+  end
+
+  def get_checks
+    get_rule.instance_variable_get(:@checks)
+  end
+
   it 'must be able to load empty content' do
     profile.load('', 'dummy', 1).must_be_nil
   end
@@ -18,6 +72,10 @@ describe Inspec::ProfileContext do
       proc { profile.load(call) }
     end
 
+    let(:context_format) { '%s' }
+
+    include DescribeOneTest
+
     it 'must provide os resource' do
       load('print os[:family]').must_output 'ubuntu'
     end
@@ -30,6 +88,13 @@ describe Inspec::ProfileContext do
       load('print command("").stdout').must_output ''
     end
 
+    it 'supports empty describe calls' do
+      load('describe').must_output ''
+      profile.rules.keys.length.must_equal 1
+      profile.rules.keys[0].must_match /^\(generated from unknown:1 [0-9a-f]+\)$/
+      profile.rules.values[0].must_be_kind_of Inspec::Rule
+    end
+
     it 'provides the describe keyword in the global DSL' do
       load('describe true do; it { should_eq true }; end')
         .must_output ''
@@ -61,6 +126,13 @@ describe Inspec::ProfileContext do
 
   describe 'rule DSL' do
     let(:rule_id) { rand.to_s }
+    let(:context_format) { "rule #{rule_id.inspect} do\n%s\nend" }
+
+    def get_rule
+      profile.rules[rule_id]
+    end
+
+    include DescribeOneTest
 
     it 'doesnt add any checks if none are provided' do
       profile.load("rule #{rule_id.inspect}")
@@ -68,17 +140,20 @@ describe Inspec::ProfileContext do
       rule.instance_variable_get(:@checks).must_equal([])
     end
 
+    describe 'supports empty describe blocks' do
+      it 'doesnt crash, but doesnt add anything either' do
+        profile.load(format(context_format, 'describe'))
+        profile.rules.keys.must_include(rule_id)
+        get_checks.must_equal([])
+      end
+    end
+
     describe 'adds a check via describe' do
-      let(:cmd) {<<-EOF
-        rule #{rule_id.inspect} do
-          describe os[:family] { it { must_equal 'ubuntu' } }
-        end
-      EOF
-      }
       let(:check) {
-        profile.load(cmd)
-        rule = profile.rules[rule_id]
-        rule.instance_variable_get(:@checks)[0]
+        profile.load(format(context_format,
+          "describe os[:family] { it { must_equal 'ubuntu' } }"
+          ))
+        get_checks[0]
       }
 
       it 'registers the check with describe' do
@@ -95,16 +170,11 @@ describe Inspec::ProfileContext do
     end
 
     describe 'adds a check via expect' do
-      let(:cmd) {<<-EOF
-        rule #{rule_id.inspect} do
-          expect(os[:family]).to eq('ubuntu')
-        end
-      EOF
-      }
       let(:check) {
-        profile.load(cmd)
-        rule = profile.rules[rule_id]
-        rule.instance_variable_get(:@checks)[0]
+        profile.load(format(context_format,
+          "expect(os[:family]).to eq('ubuntu')"
+          ))
+        get_checks[0]
       }
 
       it 'registers the check with describe' do
@@ -116,23 +186,18 @@ describe Inspec::ProfileContext do
       end
 
       it 'registers the check with the provided proc' do
-        check[2].must_be_kind_of Inspec::ExpectationTarget
+        check[2].must_be_kind_of Inspec::Expect
       end
     end
 
     describe 'adds a check via describe + expect' do
-      let(:cmd) {<<-EOF
-        rule #{rule_id.inspect} do
-          describe 'the actual test' do
-            expect(os[:family]).to eq('ubuntu')
-          end
-        end
-      EOF
-      }
       let(:check) {
-        profile.load(cmd)
-        rule = profile.rules[rule_id]
-        rule.instance_variable_get(:@checks)[0]
+        profile.load(format(context_format,
+          "describe 'the actual test' do
+            expect(os[:family]).to eq('ubuntu')
+          end"
+          ))
+        get_checks[0]
       }
 
       it 'registers the check with describe' do

data/test/unit/resources/xinetd_test.rb

@@ -0,0 +1,60 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+require 'helper'
+require 'inspec/resource'
+
+describe 'Inspec::Resources::XinetdConf' do
+  let(:resource) { load_resource('xinetd_conf') }
+  it 'reads default params' do
+    d = resource.params['defaults']
+    _(d).must_be_kind_of SimpleConfig
+    _(d.params['instances']).must_equal '50'
+    _(d.params['log_type']).must_equal 'SYSLOG daemon info'
+    _(d.params.length).must_equal 2
+  end
+
+  describe 'with services from child configs' do
+    it 'has one service name' do
+      _(resource.services).must_equal %w{chargen}
+    end
+
+    it 'has multiple service definitions' do
+      _(resource.ids).must_equal %w{chargen-stream chargen-dgram}
+    end
+
+    it 'can filter by name' do
+      _(resource.services('not here').params['services']).must_be_empty
+    end
+
+    it 'can chain filters' do
+      one = resource.services('chargen').socket_types('dgram')
+      _(one.params['services'].length).must_equal 1
+      _(one.ids).must_equal %w{chargen-dgram}
+    end
+
+    it 'checks if all are disabled on one disabled service' do
+      one = resource.ids('chargen-stream')
+      _(one.disabled?).must_equal true
+    end
+
+    it 'checks if all are disabled on multiple mixed' do
+      _(resource.disabled?).must_equal false
+    end
+
+    it 'checks if all are enabled on one enabled service' do
+      one = resource.ids(/dgram$/)
+      _(one.enabled?).must_equal true
+    end
+
+    it 'checks if all are enabled on one enabled service' do
+      one = resource.ids(/stream$/)
+      _(one.enabled?).must_equal false
+    end
+
+    it 'checks if all are enabled on multiple mixed' do
+      _(resource.enabled?).must_equal false
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec
 version: !ruby/object:Gem::Version
-  version: 0.14.3
+  version: 0.14.4
 platform: ruby
 authors:
 - Dominik Richter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-02-24 00:00:00.000000000 Z
+date: 2016-02-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: r-train
@@ -237,7 +237,9 @@ files:
 - lib/inspec/archive/tar.rb
 - lib/inspec/archive/zip.rb
 - lib/inspec/backend.rb
+- lib/inspec/describe.rb
 - lib/inspec/dsl.rb
+- lib/inspec/expect.rb
 - lib/inspec/fetcher.rb
 - lib/inspec/log.rb
 - lib/inspec/metadata.rb
@@ -309,6 +311,7 @@ files:
 - lib/resources/ssh_conf.rb
 - lib/resources/user.rb
 - lib/resources/windows_feature.rb
+- lib/resources/xinetd.rb
 - lib/resources/yaml.rb
 - lib/resources/yum.rb
 - lib/source_readers/flat.rb
@@ -409,6 +412,7 @@ files:
 - test/unit/mock/cmd/find-apache2-ports-conf
 - test/unit/mock/cmd/find-etc-rc-d-name-S
 - test/unit/mock/cmd/find-net-interface
+- test/unit/mock/cmd/find-xinetd.d
 - test/unit/mock/cmd/gem-list-local-a-q-rubocop
 - test/unit/mock/cmd/get-net-tcpconnection
 - test/unit/mock/cmd/get-netadapter-binding-bridge
@@ -475,6 +479,10 @@ files:
 - test/unit/mock/files/shadow
 - test/unit/mock/files/ssh_config
 - test/unit/mock/files/sshd_config
+- test/unit/mock/files/xinetd.conf
+- test/unit/mock/files/xinetd.d/.gitkeep
+- test/unit/mock/files/xinetd.d_chargen-dgram
+- test/unit/mock/files/xinetd.d_chargen-stream
 - test/unit/mock/profiles/complete-metadata/inspec.yml
 - test/unit/mock/profiles/complete-profile/controls/filesystem_spec.rb
 - test/unit/mock/profiles/complete-profile/inspec.yml
@@ -533,6 +541,7 @@ files:
 - test/unit/resources/ssh_conf_test.rb
 - test/unit/resources/user_test.rb
 - test/unit/resources/windows_feature.rb
+- test/unit/resources/xinetd_test.rb
 - test/unit/resources/yaml_test.rb
 - test/unit/resources/yum_test.rb
 - test/unit/source_reader_test.rb
@@ -652,6 +661,7 @@ test_files:
 - test/unit/mock/cmd/find-apache2-ports-conf
 - test/unit/mock/cmd/find-etc-rc-d-name-S
 - test/unit/mock/cmd/find-net-interface
+- test/unit/mock/cmd/find-xinetd.d
 - test/unit/mock/cmd/gem-list-local-a-q-rubocop
 - test/unit/mock/cmd/get-net-tcpconnection
 - test/unit/mock/cmd/get-netadapter-binding-bridge
@@ -718,6 +728,10 @@ test_files:
 - test/unit/mock/files/shadow
 - test/unit/mock/files/ssh_config
 - test/unit/mock/files/sshd_config
+- test/unit/mock/files/xinetd.conf
+- test/unit/mock/files/xinetd.d/.gitkeep
+- test/unit/mock/files/xinetd.d_chargen-dgram
+- test/unit/mock/files/xinetd.d_chargen-stream
 - test/unit/mock/profiles/complete-metadata/inspec.yml
 - test/unit/mock/profiles/complete-profile/controls/filesystem_spec.rb
 - test/unit/mock/profiles/complete-profile/inspec.yml
@@ -776,6 +790,7 @@ test_files:
 - test/unit/resources/ssh_conf_test.rb
 - test/unit/resources/user_test.rb
 - test/unit/resources/windows_feature.rb
+- test/unit/resources/xinetd_test.rb
 - test/unit/resources/yaml_test.rb
 - test/unit/resources/yum_test.rb
 - test/unit/source_reader_test.rb