RubyGems - inspec - Versions diffs - 0.15.0 → 0.16.0 - Mend

inspec 0.15.0 → 0.16.0

Files changed (79) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6ca71e169ffd037a7a61f99fc09188424a137168
-  data.tar.gz: 1aa83936f8b464a2044a7fae20cb14ddce1bdb87
+  metadata.gz: 243a577f37796094ac8a136876c11d14ded819c2
+  data.tar.gz: 7a95c3d207666f7d91c7ccb10316432d1ba70dd6
 SHA512:
-  metadata.gz: 774c8531d3bfdcab1c0a0587f670c09ab39099e89ff07a79e68c37bb3798e1a1a75e0b613c80a7bc7f8fb492c797ec26b04a12298a0493ddfd0d7784059cfb99
-  data.tar.gz: 4335e3fa250d9b6e3b54e25c82289fb3f232452ced7ad0d1a781349b2ae415d8b9533824c4ffda2f53340a96da0cea3720dd630637b59a6286511021672c3945
+  metadata.gz: 4d66e309baed6ba892f9b5fc4c03f488afc7886dc67c88bcf4a9d97e32e2a5cdbbb4e475e792e3f6d4199ea034177fd8a3698063a0d8b4d36d60b626eecfa993
+  data.tar.gz: 03d6a852e3d9e3d629e1e1d44555973ea69f66d78d630ebd80bbdcddcff6035a96a03416a58c02fcc757cbc01f838ef36e6b44ef17a41692204d6120d17426e8

data/CHANGELOG.md CHANGED Viewed

@@ -1,7 +1,44 @@
 # Change Log
-## [0.15.0](https://github.com/chef/inspec/tree/0.15.0) (2016-03-09)
-[Full Changelog](https://github.com/chef/inspec/compare/v0.14.8...0.15.0)
+## [0.16.0](https://github.com/chef/inspec/tree/0.16.0) (2016-03-19)
+[Full Changelog](https://github.com/chef/inspec/compare/v0.15.0...0.16.0)
+**Implemented enhancements:**
+- Read Chef attributes within the tests ? [\#541](https://github.com/chef/inspec/issues/541)
+- A resource to test http GET calls [\#538](https://github.com/chef/inspec/issues/538)
+- rename `script` resource to `powershell` resource [\#553](https://github.com/chef/inspec/pull/553) ([chris-rock](https://github.com/chris-rock))
+- add fulljson formatter [\#552](https://github.com/chef/inspec/pull/552) ([arlimus](https://github.com/arlimus))
+- feature: add tags and refs [\#551](https://github.com/chef/inspec/pull/551) ([arlimus](https://github.com/arlimus))
+- fix detect + add output option to archive command [\#546](https://github.com/chef/inspec/pull/546) ([arlimus](https://github.com/arlimus))
+- adding named resource registry classes [\#540](https://github.com/chef/inspec/pull/540) ([adamleff](https://github.com/adamleff))
+- add output stream to rspec configuration [\#529](https://github.com/chef/inspec/pull/529) ([vjeffrey](https://github.com/vjeffrey))
+- Move integration tests to test/integration [\#468](https://github.com/chef/inspec/pull/468) ([chris-rock](https://github.com/chris-rock))
+**Fixed bugs:**
+- fix inspec shell and continuously test it [\#556](https://github.com/chef/inspec/pull/556) ([arlimus](https://github.com/arlimus))
+- bugfix: prevent duplicate loading of library files [\#547](https://github.com/chef/inspec/pull/547) ([arlimus](https://github.com/arlimus))
+- fix detect + add output option to archive command [\#546](https://github.com/chef/inspec/pull/546) ([arlimus](https://github.com/arlimus))
+- bugfix: archive command with inheritance-based profiles [\#545](https://github.com/chef/inspec/pull/545) ([arlimus](https://github.com/arlimus))
+**Closed issues:**
+- Add additional metadata to the control definition to allow for more complete mapping to security guidance documents [\#536](https://github.com/chef/inspec/issues/536)
+- CLI: Specifying --profiles-path on check succeeds but displays usage error on archive [\#535](https://github.com/chef/inspec/issues/535)
+- inspec failing to connect to Compliance \(SSL certificate error\) [\#531](https://github.com/chef/inspec/issues/531)
+**Merged pull requests:**
+- mock fetcher [\#550](https://github.com/chef/inspec/pull/550) ([arlimus](https://github.com/arlimus))
+- testing: add inspec exec tests with json formatter [\#549](https://github.com/chef/inspec/pull/549) ([arlimus](https://github.com/arlimus))
+- dont generate pretty json by default [\#548](https://github.com/chef/inspec/pull/548) ([arlimus](https://github.com/arlimus))
+- Add title, description, code, and source\_location to example metadata [\#543](https://github.com/chef/inspec/pull/543) ([vjeffrey](https://github.com/vjeffrey))
+- add functional tests for cli [\#542](https://github.com/chef/inspec/pull/542) ([arlimus](https://github.com/arlimus))
+- Add a Gitter chat badge to README.md [\#530](https://github.com/chef/inspec/pull/530) ([gitter-badger](https://github.com/gitter-badger))
+## [v0.15.0](https://github.com/chef/inspec/tree/v0.15.0) (2016-03-09)
+[Full Changelog](https://github.com/chef/inspec/compare/v0.14.8...v0.15.0)
 **Implemented enhancements:**
@@ -20,6 +57,7 @@
 **Merged pull requests:**
+- 0.15.0 [\#528](https://github.com/chef/inspec/pull/528) ([arlimus](https://github.com/arlimus))
 - 0.14.9 [\#525](https://github.com/chef/inspec/pull/525) ([arlimus](https://github.com/arlimus))
 ## [v0.14.8](https://github.com/chef/inspec/tree/v0.14.8) (2016-03-04)

data/Gemfile CHANGED Viewed

@@ -19,10 +19,9 @@ end
 group :integration do
   gem 'berkshelf', '~> 4.0'
-  gem 'test-kitchen'
+  gem 'test-kitchen', '~> 1.6'
   gem 'kitchen-vagrant'
-  gem 'kitchen-inspec'
-  gem 'winrm-transport', '~> 1.0'
+  gem 'kitchen-inspec', '0.12.5'
   gem 'kitchen-ec2'
 end

data/README.md CHANGED Viewed

@@ -1,5 +1,7 @@
 # InSpec: Inspect Your Infrastructure
+[![Join the chat at https://gitter.im/chef/inspec](https://badges.gitter.im/chef/inspec.svg)](https://gitter.im/chef/inspec?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
 InSpec is an open-source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security and policy requirements.
 ```ruby

data/Rakefile CHANGED Viewed

@@ -35,6 +35,14 @@ namespace :test do
     end or fail 'Failures'
   end
+  Rake::TestTask.new(:functional) do |t|
+    t.libs << 'test'
+    t.pattern = 'test/functional/**/*_test.rb'
+    t.warning = true
+    t.verbose = true
+    t.ruby_opts = ['--dev'] if defined?(JRUBY_VERSION)
+  end
   task :resources do
     tests = Dir['test/resource/*_test.rb']
     return if tests.empty?

data/bin/inspec CHANGED Viewed

@@ -4,162 +4,6 @@
 # author: Dominik Richter
 # author: Christoph Hartmann
-require 'thor'
-require 'json'
-require 'pp'
-require_relative '../lib/utils/base_cli'
 require_relative '../lib/inspec'
-require_relative '../lib/utils/json_log'
-class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
-  class_option :diagnose, type: :boolean,
-    desc: 'Show diagnostics (versions, configurations)'
-  desc 'json PATH', 'read all tests in PATH and generate a JSON summary'
-  option :id, type: :string,
-    desc: 'Attach a profile ID to all test results'
-  option :output, aliases: :o, type: :string,
-    desc: 'Save the created profile to a path'
-  profile_options
-  def json(target)
-    diagnose
-    o = opts.dup
-    o[:ignore_supports] = true
-    profile = Inspec::Profile.for_target(target, o)
-    dst = o[:output].to_s
-    if dst.empty?
-      puts JSON.pretty_generate(profile.info)
-    else
-      if File.exist? dst
-        puts "----> updating #{dst}"
-      else
-        puts "----> creating #{dst}"
-      end
-      fdst = File.expand_path(dst)
-      File.write(fdst, JSON.dump(profile.info))
-    end
-  end
-  desc 'check PATH', 'verify all tests at the specified PATH'
-  option :format, type: :string
-  profile_options
-  def check(path) # rubocop:disable Metrics/AbcSize
-    diagnose
-    o = opts.dup
-    # configure_logger(o) # we do not need a logger for check yet
-    o[:ignore_supports] = true # we check for integrity only
-    # run check
-    profile = Inspec::Profile.for_target(path, o)
-    result = profile.check
-    if opts['format'] == 'json'
-      puts JSON.generate(result)
-    else
-      headline('Summary')
-      %w{location profile controls timestamp valid}.each { |item|
-        puts "#{mark_text(item.to_s.capitalize + ':')} #{result[:summary][item.to_sym]}"
-      }
-      puts
-      %w{errors warnings}.each { |list|
-        headline(list.to_s.capitalize)
-        result[list.to_sym].each { |item|
-          puts "#{item[:file]}:#{item[:line]}:#{item[:column]}: #{item[:msg]} "
-        }
-        puts
-      }
-    end
-    exit 1 unless result[:summary][:valid]
-  end
-  desc 'archive PATH', 'archive a profile to tar.gz (default) or zip'
-  option :zip, type: :boolean, default: false,
-    desc: 'Generates a zip archive.'
-  option :tar, type: :boolean, default: false,
-    desc: 'Generates a tar.gz archive.'
-  option :overwrite, type: :boolean, default: false,
-    desc: 'Overwrite existing archive.'
-  option :ignore_errors, type: :boolean, default: false,
-    desc: 'Ignore profile warnings.'
-  def archive(path)
-    diagnose
-    o = opts.dup
-    o[:logger] = Logger.new(STDOUT)
-    o[:logger].level = get_log_level(o.log_level)
-    profile = Inspec::Profile.for_target(path, o)
-    result = profile.check
-    if result && !opts[:ignore_errors] == false
-      @logger.info 'Profile check failed. Please fix the profile before generating an archive.'
-      return exit 1
-    end
-    # generate archive
-    exit 1 unless profile.archive(opts)
-  end
-  desc 'exec PATHS', 'run all test files at the specified PATH.'
-  exec_options
-  def exec(*targets)
-    diagnose
-    run_tests(targets, opts)
-  end
-  desc 'detect', 'detect the target OS'
-  target_options
-  def detect
-    diagnose
-    rel = File.join(File.dirname(__FILE__), *%w{.. lib utils detect.rb})
-    detect_util = File.expand_path(rel)
-    # exits on execution:
-    runner = Inspec::Runner.new(opts)
-    profile = Inspec::Profile.for_target(detect_util, opts)
-    runner.add_profile(profile)
-    exit runner.run
-  rescue RuntimeError => e
-    puts e.message
-  end
-  desc 'shell', 'open an interactive debugging shell'
-  target_options
-  option :format, type: :string, default: Inspec::NoSummaryFormatter, hide: true
-  def shell_func
-    diagnose
-    o = opts.dup
-    o[:logger] = Logger.new(STDOUT)
-    o[:logger].level = get_log_level(o.log_level)
-    runner = Inspec::Runner.new(o)
-    Inspec::Shell.new(runner).start
-  rescue RuntimeError => e
-    puts e.message
-  end
-  desc 'version', 'prints the version of this tool'
-  def version
-    puts Inspec::VERSION
-  end
-end
-# Load all plugins on startup
-ctl = Inspec::PluginCtl.new
-ctl.list.each { |x| ctl.load(x) }
-# load CLI plugins before the Inspec CLI has been started
-Inspec::Plugins::CLI.subcommands.each { |_subcommand, params|
-  Inspec::InspecCLI.register(
-    params[:klass],
-    params[:subcommand_name],
-    params[:usage],
-    params[:description],
-    params[:options],
-  )
-}
-# start the CLI
+require_relative '../lib/inspec/cli'
 Inspec::InspecCLI.start(ARGV)

data/docs/resources.rst CHANGED Viewed

@@ -42,9 +42,9 @@ The following InSpec audit resources are available:
 * `port`_
 * `postgres_conf`_
 * `postgres_session`_
+* `powershell`_
 * `processes`_
 * `registry_key`_
-* `script`_
 * `security_policy`_
 * `service`_
 * `ssh_config`_
@@ -3525,6 +3525,84 @@ The following examples show how to use this InSpec audit resource.
+powershell
+=====================================================
+Use the ``powershell`` |inspec resource| to test a |powershell| script on the |windows| platform.
+**Stability: Experimental**
+Syntax
+-----------------------------------------------------
+A ``powershell`` |inspec resource| block declares a script to be tested, and then a command that should be part of that script:
+.. code-block:: ruby
+   script = <<-EOH
+     # you powershell script
+   EOH
+   describe powershell(script) do
+     its('matcher') { should eq 'output' }
+   end
+where
+* ``'script'`` must specify a Powershell script to be run
+* ``'matcher'`` is one of ``exit_status``, ``stderr``, or ``stdout``
+* ``'output'`` tests the output of the command run on the system versus the output value stated in the test
+Matchers
+-----------------------------------------------------
+This InSpec audit resource has the following matchers.
+exit_status
++++++++++++++++++++++++++++++++++++++++++++++++++++++
+The ``exit_status`` matcher tests the exit status for the command:
+.. code-block:: ruby
+   its('exit_status') { should eq 123 }
+stderr
++++++++++++++++++++++++++++++++++++++++++++++++++++++
+The ``stderr`` matcher tests results of the command as returned in standard error (stderr):
+.. code-block:: ruby
+   its('stderr') { should eq 'error' }
+stdout
++++++++++++++++++++++++++++++++++++++++++++++++++++++
+The ``stdout`` matcher tests results of the command as returned in standard output (stdout):
+.. code-block:: ruby
+   its('stdout') { should eq '/^1$/' }
+Examples
+-----------------------------------------------------
+The following examples show how to use this InSpec audit resource.
+**Get all groups of Administrator user**
+.. code-block:: ruby
+   myscript = <<-EOH
+     # find user
+     $user = Get-WmiObject Win32_UserAccount -filter "Name = 'Administrator'"
+     # get related groups
+     $groups = $user.GetRelated('Win32_Group') | Select-Object -Property Caption, Domain, Name, LocalAccount, SID, SIDType, Status
+     $groups | ConvertTo-Json
+   EOH
+   describe script(myscript) do
+     its('stdout') { should_not eq '' }
+   end
 processes
 =====================================================
 Use the ``processes`` |inspec resource| to test properties for programs that are running on the system.
@@ -3651,83 +3729,6 @@ The following examples show how to use this InSpec audit resource.
 where ``'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule'`` is the full path to the setting.
-script
-=====================================================
-Use the ``script`` |inspec resource| to test a |powershell| script on the |windows| platform.
-**Stability: Experimental**
-Syntax
------------------------------------------------------
-A ``script`` |inspec resource| block declares a script to be tested, and then a command that should be part of that script:
-.. code-block:: ruby
-   script = <<-EOH
-     # you powershell script
-   EOH
-   describe script(script) do
-     its('matcher') { should eq 'output' }
-   end
-where
-* ``'script'`` must specify a Powershell script to be run
-* ``'matcher'`` is one of ``exit_status``, ``stderr``, or ``stdout``
-* ``'output'`` tests the output of the command run on the system versus the output value stated in the test
-Matchers
------------------------------------------------------
-This InSpec audit resource has the following matchers.
-exit_status
-+++++++++++++++++++++++++++++++++++++++++++++++++++++
-The ``exit_status`` matcher tests the exit status for the command:
-.. code-block:: ruby
-   its('exit_status') { should eq 123 }
-stderr
-+++++++++++++++++++++++++++++++++++++++++++++++++++++
-The ``stderr`` matcher tests results of the command as returned in standard error (stderr):
-.. code-block:: ruby
-   its('stderr') { should eq 'error' }
-stdout
-+++++++++++++++++++++++++++++++++++++++++++++++++++++
-The ``stdout`` matcher tests results of the command as returned in standard output (stdout):
-.. code-block:: ruby
-   its('stdout') { should eq '/^1$/' }
-Examples
------------------------------------------------------
-The following examples show how to use this InSpec audit resource.
-**Get all groups of Administrator user**
-.. code-block:: ruby
-   myscript = <<-EOH
-     # find user
-     $user = Get-WmiObject Win32_UserAccount -filter "Name = 'Administrator'"
-     # get related groups
-     $groups = $user.GetRelated('Win32_Group') | Select-Object -Property Caption, Domain, Name, LocalAccount, SID, SIDType, Status
-     $groups | ConvertTo-Json
-   EOH
-   describe script(myscript) do
-     its('stdout') { should_not eq '' }
-   end
 security_policy
 =====================================================
 Use the ``security_policy`` |inspec resource| to test security policies on the |windows| platform.