inspec 0.14.8 → 0.15.0

data/lib/resources/file.rb

@@ -5,7 +5,7 @@
 # license: All rights reserved
 
 module Inspec::Resources
-  class File < Inspec.resource(1) # rubocop:disable Metrics/ClassLength
+  class FileResource < Inspec.resource(1) # rubocop:disable Metrics/ClassLength
     name 'file'
     desc 'Use the file InSpec audit resource to test all system file types, including files, directories, symbolic links, named pipes, sockets, character devices, block devices, and doors.'
     example "

data/lib/resources/gem.rb

@@ -2,47 +2,49 @@
 # author: Christoph Hartmann
 # author: Dominik Richter
 
-class GemPackage < Inspec.resource(1)
-  name 'gem'
-  desc 'Use the gem InSpec audit resource to test if a global gem package is installed.'
-  example "
-    describe gem('rubocop') do
-      it { should be_installed }
+module Inspec::Resources
+  class GemPackage < Inspec.resource(1)
+    name 'gem'
+    desc 'Use the gem InSpec audit resource to test if a global gem package is installed.'
+    example "
+      describe gem('rubocop') do
+        it { should be_installed }
+      end
+    "
+
+    def initialize(package_name)
+      @package_name = package_name
     end
-  "
 
-  def initialize(package_name)
-    @package_name = package_name
-  end
-
-  def info
-    return @info if defined?(@info)
-
-    cmd = inspec.command("gem list --local -a -q \^#{@package_name}\$")
-    @info = {
-      installed: cmd.exit_status == 0,
-      type: 'gem',
-    }
-    return @info unless @info[:installed]
-
-    # extract package name and version
-    # parses data like winrm (1.3.4, 1.3.3)
-    params = /^\s*([^\(]*?)\s*\((.*?)\)\s*$/.match(cmd.stdout.chomp)
-    versions = params[2].split(',')
-    @info[:name] = params[1]
-    @info[:version] = versions[0]
-    @info
-  end
+    def info
+      return @info if defined?(@info)
+
+      cmd = inspec.command("gem list --local -a -q \^#{@package_name}\$")
+      @info = {
+        installed: cmd.exit_status == 0,
+        type: 'gem',
+      }
+      return @info unless @info[:installed]
+
+      # extract package name and version
+      # parses data like winrm (1.3.4, 1.3.3)
+      params = /^\s*([^\(]*?)\s*\((.*?)\)\s*$/.match(cmd.stdout.chomp)
+      versions = params[2].split(',')
+      @info[:name] = params[1]
+      @info[:version] = versions[0]
+      @info
+    end
 
-  def installed?
-    info[:installed] == true
-  end
+    def installed?
+      info[:installed] == true
+    end
 
-  def version
-    info[:version]
-  end
+    def version
+      info[:version]
+    end
 
-  def to_s
-    "gem package #{@package_name}"
+    def to_s
+      "gem package #{@package_name}"
+    end
   end
 end

data/lib/resources/group.rb

@@ -13,123 +13,125 @@
 #  it { should have_gid 0 }
 # end
 
-class Group < Inspec.resource(1)
-  name 'group'
-  desc 'Use the group InSpec audit resource to test groups on the system.'
-  example "
-    describe group('root') do
-      it { should exist }
-      its('gid') { should eq 0 }
+module Inspec::Resources
+  class Group < Inspec.resource(1)
+    name 'group'
+    desc 'Use the group InSpec audit resource to test groups on the system.'
+    example "
+      describe group('root') do
+        it { should exist }
+        its('gid') { should eq 0 }
+      end
+    "
+
+    def initialize(groupname, domain = nil)
+      @group = groupname.downcase
+      @domain = domain
+      @domain = @domain.downcase unless @domain.nil?
+
+      @cache = nil
+
+      # select group manager
+      @group_provider = nil
+      if inspec.os.unix?
+        @group_provider = UnixGroup.new(inspec)
+      elsif inspec.os.windows?
+        @group_provider = WindowsGroup.new(inspec)
+      else
+        return skip_resource 'The `group` resource is not supported on your OS yet.'
+      end
     end
-  "
-
-  def initialize(groupname, domain = nil)
-    @group = groupname.downcase
-    @domain = domain
-    @domain = @domain.downcase unless @domain.nil?
-
-    @cache = nil
-
-    # select group manager
-    @group_provider = nil
-    if inspec.os.unix?
-      @group_provider = UnixGroup.new(inspec)
-    elsif inspec.os.windows?
-      @group_provider = WindowsGroup.new(inspec)
-    else
-      return skip_resource 'The `group` resource is not supported on your OS yet.'
-    end
-  end
 
-  # verifies if a group exists
-  def exists?
-    # ensure that we found one group
-    !group_info.nil? && group_info.size > 0
-  end
+    # verifies if a group exists
+    def exists?
+      # ensure that we found one group
+      !group_info.nil? && group_info.size > 0
+    end
 
-  def gid
-    return nil if group_info.nil? || group_info.size == 0
+    def gid
+      return nil if group_info.nil? || group_info.size == 0
 
-    # the default case should be one group
-    return group_info[0][:gid] if group_info.size == 1
+      # the default case should be one group
+      return group_info[0][:gid] if group_info.size == 1
 
-    # return array if we got multiple gids
-    group_info.map { |grp| grp[:gid] }
-  end
+      # return array if we got multiple gids
+      group_info.map { |grp| grp[:gid] }
+    end
 
-  # implements rspec has matcher, to be compatible with serverspec
-  def has_gid?(compare_gid)
-    gid == compare_gid
-  end
+    # implements rspec has matcher, to be compatible with serverspec
+    def has_gid?(compare_gid)
+      gid == compare_gid
+    end
 
-  def local
-    return nil if group_info.nil? || group_info.size == 0
+    def local
+      return nil if group_info.nil? || group_info.size == 0
 
-    # the default case should be one group
-    return group_info[0][:local] if group_info.size == 1
+      # the default case should be one group
+      return group_info[0][:local] if group_info.size == 1
 
-    # return array if we got multiple gids
-    group_info.map { |grp| grp[:local] }
-  end
+      # return array if we got multiple gids
+      group_info.map { |grp| grp[:local] }
+    end
 
-  def to_s
-    "Group #{@group}"
-  end
+    def to_s
+      "Group #{@group}"
+    end
 
-  private
+    private
 
-  def group_info
-    return @cache if !@cache.nil?
-    @cache = @group_provider.group_info(@group, @domain) if !@group_provider.nil?
+    def group_info
+      return @cache if !@cache.nil?
+      @cache = @group_provider.group_info(@group, @domain) if !@group_provider.nil?
+    end
   end
-end
 
-class GroupInfo
-  attr_reader :inspec
-  def initialize(inspec)
-    @inspec = inspec
+  class GroupInfo
+    attr_reader :inspec
+    def initialize(inspec)
+      @inspec = inspec
+    end
   end
-end
 
-# implements generic unix groups via /etc/group
-class UnixGroup < GroupInfo
-  def group_info(group, _domain = nil)
-    inspec.etc_group.where(name: group).entries.map { |grp|
-      {
-        name: grp['name'],
-        gid: grp['gid'],
+  # implements generic unix groups via /etc/group
+  class UnixGroup < GroupInfo
+    def group_info(group, _domain = nil)
+      inspec.etc_group.where(name: group).entries.map { |grp|
+        {
+          name: grp['name'],
+          gid: grp['gid'],
+        }
       }
-    }
-  end
-end
-
-class WindowsGroup < GroupInfo
-  def group_info(compare_group, compare_domain = nil)
-    cmd = inspec.command('Get-WmiObject Win32_Group | Select-Object -Property Caption, Domain, Name, SID, LocalAccount | ConvertTo-Json')
-
-    # cannot rely on exit code for now, successful command returns exit code 1
-    # return nil if cmd.exit_status != 0, try to parse json
-    begin
-      groups = JSON.parse(cmd.stdout)
-    rescue JSON::ParserError => _e
-      return nil
     end
+  end
 
-    # ensure we have an array of groups
-    groups = [groups] if !groups.is_a?(Array)
-
-    # reduce list
-    groups.each_with_object([]) do |grp, grp_collection|
-      # map object
-      grp_info = {
-        name: grp['Name'],
-        domain: grp['Domain'],
-        caption: grp['Caption'],
-        gid: nil,
-        sid: grp['SID'],
-        local: grp['LocalAccount'],
-      }
-      return grp_collection.push(grp_info) if grp_info[:name].casecmp(compare_group) == 0 && (compare_domain.nil? || grp_info[:domain].casecmp(compare_domain) == 0)
+  class WindowsGroup < GroupInfo
+    def group_info(compare_group, compare_domain = nil)
+      cmd = inspec.command('Get-WmiObject Win32_Group | Select-Object -Property Caption, Domain, Name, SID, LocalAccount | ConvertTo-Json')
+
+      # cannot rely on exit code for now, successful command returns exit code 1
+      # return nil if cmd.exit_status != 0, try to parse json
+      begin
+        groups = JSON.parse(cmd.stdout)
+      rescue JSON::ParserError => _e
+        return nil
+      end
+
+      # ensure we have an array of groups
+      groups = [groups] if !groups.is_a?(Array)
+
+      # reduce list
+      groups.each_with_object([]) do |grp, grp_collection|
+        # map object
+        grp_info = {
+          name: grp['Name'],
+          domain: grp['Domain'],
+          caption: grp['Caption'],
+          gid: nil,
+          sid: grp['SID'],
+          local: grp['LocalAccount'],
+        }
+        return grp_collection.push(grp_info) if grp_info[:name].casecmp(compare_group) == 0 && (compare_domain.nil? || grp_info[:domain].casecmp(compare_domain) == 0)
+      end
     end
   end
 end

data/lib/resources/host.rb

@@ -24,126 +24,128 @@
 #   it { should be_resolvable.by('dns') }
 # end
 
-class Host < Inspec.resource(1)
-  name 'host'
-  desc 'Use the host InSpec audit resource to test the name used to refer to a specific host and its availability, including the Internet protocols and ports over which that host name should be available.'
-  example "
-    describe host('example.com') do
-      it { should be_reachable }
+module Inspec::Resources
+  class Host < Inspec.resource(1)
+    name 'host'
+    desc 'Use the host InSpec audit resource to test the name used to refer to a specific host and its availability, including the Internet protocols and ports over which that host name should be available.'
+    example "
+      describe host('example.com') do
+        it { should be_reachable }
+      end
+    "
+
+    def initialize(hostname, params = {})
+      @hostname = hostname
+      @port = params[:port]   || nil
+      @proto = params[:proto] || nil
+
+      @host_provider = nil
+      if inspec.os.linux?
+        @host_provider = LinuxHostProvider.new(inspec)
+      elsif inspec.os.windows?
+        @host_provider = WindowsHostProvider.new(inspec)
+      else
+        return skip_resource 'The `host` resource is not supported on your OS yet.'
+      end
     end
-  "
-
-  def initialize(hostname, params = {})
-    @hostname = hostname
-    @port = params[:port]   || nil
-    @proto = params[:proto] || nil
-
-    @host_provider = nil
-    if inspec.os.linux?
-      @host_provider = LinuxHostProvider.new(inspec)
-    elsif inspec.os.windows?
-      @host_provider = WindowsHostProvider.new(inspec)
-    else
-      return skip_resource 'The `host` resource is not supported on your OS yet.'
-    end
-  end
 
-  # if we get the IP adress, the host is resolvable
-  def resolvable?(type = nil)
-    warn "The `host` resource ignores #{type} parameters. Continue to resolve host." if !type.nil?
-    resolve.nil? || resolve.empty? ? false : true
-  end
+    # if we get the IP adress, the host is resolvable
+    def resolvable?(type = nil)
+      warn "The `host` resource ignores #{type} parameters. Continue to resolve host." if !type.nil?
+      resolve.nil? || resolve.empty? ? false : true
+    end
 
-  def reachable?(port = nil, proto = nil, timeout = nil)
-    fail "Use `host` resource with host('#{@hostname}', port: #{port}, proto: '#{proto}') parameters." if !port.nil? || !proto.nil? || !timeout.nil?
-    ping.nil? ? false : ping
-  end
+    def reachable?(port = nil, proto = nil, timeout = nil)
+      fail "Use `host` resource with host('#{@hostname}', port: #{port}, proto: '#{proto}') parameters." if !port.nil? || !proto.nil? || !timeout.nil?
+      ping.nil? ? false : ping
+    end
 
-  # returns all A records of the IP adress, will return an array
-  def ipaddress
-    resolve.nil? || resolve.empty? ? nil : resolve
-  end
+    # returns all A records of the IP adress, will return an array
+    def ipaddress
+      resolve.nil? || resolve.empty? ? nil : resolve
+    end
 
-  def to_s
-    "Host #{@hostname}"
-  end
+    def to_s
+      "Host #{@hostname}"
+    end
 
-  private
+    private
 
-  def ping
-    return @ping_cache if defined?(@ping_cache)
-    @ping_cache = @host_provider.ping(@hostname, @port, @proto) if !@host_provider.nil?
-  end
+    def ping
+      return @ping_cache if defined?(@ping_cache)
+      @ping_cache = @host_provider.ping(@hostname, @port, @proto) if !@host_provider.nil?
+    end
 
-  def resolve
-    return @ip_cache if defined?(@ip_cache)
-    @ip_cache = @host_provider.resolve(@hostname) if !@host_provider.nil?
+    def resolve
+      return @ip_cache if defined?(@ip_cache)
+      @ip_cache = @host_provider.resolve(@hostname) if !@host_provider.nil?
+    end
   end
-end
 
-class HostProvider
-  attr_reader :inspec
-  def initialize(inspec)
-    @inspec = inspec
+  class HostProvider
+    attr_reader :inspec
+    def initialize(inspec)
+      @inspec = inspec
+    end
   end
-end
 
-class LinuxHostProvider < HostProvider
-  # ping is difficult to achieve, since we are not sure
-  def ping(hostname, _port = nil, _proto = nil)
-    # fall back to ping, but we can only test ICMP packages with ping
-    # therefore we have to skip the test, if we do not have everything on the node to run the test
-    ping = inspec.command("ping -w 1 -c 1 #{hostname}")
-    ping.exit_status.to_i != 0 ? false : true
-  end
+  class LinuxHostProvider < HostProvider
+    # ping is difficult to achieve, since we are not sure
+    def ping(hostname, _port = nil, _proto = nil)
+      # fall back to ping, but we can only test ICMP packages with ping
+      # therefore we have to skip the test, if we do not have everything on the node to run the test
+      ping = inspec.command("ping -w 1 -c 1 #{hostname}")
+      ping.exit_status.to_i != 0 ? false : true
+    end
 
-  def resolve(hostname)
-    # TODO: we rely on getent hosts for now, but it prefers to return IPv6, only then IPv4
-    cmd = inspec.command("getent hosts #{hostname}")
-    return nil if cmd.exit_status.to_i != 0
+    def resolve(hostname)
+      # TODO: we rely on getent hosts for now, but it prefers to return IPv6, only then IPv4
+      cmd = inspec.command("getent hosts #{hostname}")
+      return nil if cmd.exit_status.to_i != 0
 
-    # extract ip adress
-    resolve = /^\s*(?<ip>\S+)\s+(.*)\s*$/.match(cmd.stdout.chomp)
-    [resolve[1]] if resolve
+      # extract ip adress
+      resolve = /^\s*(?<ip>\S+)\s+(.*)\s*$/.match(cmd.stdout.chomp)
+      [resolve[1]] if resolve
+    end
   end
-end
 
-# Windows
-# TODO: UDP is not supported yey, we need a custom ps1 script to add udp support
-# @see http://blogs.technet.com/b/josebda/archive/2015/04/18/windows-powershell-equivalents-for-common-networking-commands-ipconfig-ping-nslookup.aspx
-# @see http://blogs.technet.com/b/heyscriptingguy/archive/2014/03/19/creating-a-port-scanner-with-windows-powershell.aspx
-class WindowsHostProvider < HostProvider
-  def ping(hostname, port = nil, proto = nil)
-    # TODO: abort if we cannot run it via udp
-    return nil if proto == 'udp'
-
-    # ICMP: Test-NetConnection www.microsoft.com
-    # TCP and port: Test-NetConnection -ComputerName www.microsoft.com -RemotePort 80
-    request = "Test-NetConnection -ComputerName #{hostname}"
-    request += " -RemotePort #{port}" unless port.nil?
-    request += '| Select-Object -Property ComputerName, RemoteAddress, RemotePort, SourceAddress, PingSucceeded | ConvertTo-Json'
-    p request
-    request += '| Select-Object -Property ComputerName, PingSucceeded | ConvertTo-Json'
-    cmd = inspec.command(request)
-
-    begin
-      ping = JSON.parse(cmd.stdout)
-    rescue JSON::ParserError => _e
-      return nil
+  # Windows
+  # TODO: UDP is not supported yey, we need a custom ps1 script to add udp support
+  # @see http://blogs.technet.com/b/josebda/archive/2015/04/18/windows-powershell-equivalents-for-common-networking-commands-ipconfig-ping-nslookup.aspx
+  # @see http://blogs.technet.com/b/heyscriptingguy/archive/2014/03/19/creating-a-port-scanner-with-windows-powershell.aspx
+  class WindowsHostProvider < HostProvider
+    def ping(hostname, port = nil, proto = nil)
+      # TODO: abort if we cannot run it via udp
+      return nil if proto == 'udp'
+
+      # ICMP: Test-NetConnection www.microsoft.com
+      # TCP and port: Test-NetConnection -ComputerName www.microsoft.com -RemotePort 80
+      request = "Test-NetConnection -ComputerName #{hostname}"
+      request += " -RemotePort #{port}" unless port.nil?
+      request += '| Select-Object -Property ComputerName, RemoteAddress, RemotePort, SourceAddress, PingSucceeded | ConvertTo-Json'
+      p request
+      request += '| Select-Object -Property ComputerName, PingSucceeded | ConvertTo-Json'
+      cmd = inspec.command(request)
+
+      begin
+        ping = JSON.parse(cmd.stdout)
+      rescue JSON::ParserError => _e
+        return nil
+      end
+
+      ping['PingSucceeded']
     end
 
-    ping['PingSucceeded']
-  end
+    def resolve(hostname)
+      cmd = inspec.command("Resolve-DnsName –Type A #{hostname} | ConvertTo-Json")
+      begin
+        resolv = JSON.parse(cmd.stdout)
+      rescue JSON::ParserError => _e
+        return nil
+      end
 
-  def resolve(hostname)
-    cmd = inspec.command("Resolve-DnsName –Type A #{hostname} | ConvertTo-Json")
-    begin
-      resolv = JSON.parse(cmd.stdout)
-    rescue JSON::ParserError => _e
-      return nil
+      resolv = [resolv] unless resolv.is_a?(Array)
+      resolv.map { |entry| entry['IPAddress'] }
     end
-
-    resolv = [resolv] unless resolv.is_a?(Array)
-    resolv.map { |entry| entry['IPAddress'] }
   end
 end