inspec 0.21.6 → 0.22.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (35) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +18 -2
  3. data/Gemfile +1 -0
  4. data/README.md +1 -1
  5. data/Rakefile +15 -4
  6. data/docs/ctl_inspec.rst +3 -0
  7. data/docs/resources.rst +7 -7
  8. data/inspec.gemspec +1 -1
  9. data/lib/inspec/version.rb +1 -1
  10. data/lib/resources/command.rb +5 -1
  11. data/lib/utils/base_cli.rb +2 -0
  12. data/test/cookbooks/os_prepare/attributes/default.rb +2 -0
  13. data/test/cookbooks/os_prepare/recipes/default.rb +10 -8
  14. data/test/integration/default/apache_conf_spec.rb +11 -10
  15. data/test/integration/default/compare_matcher_spec.rb +5 -5
  16. data/test/integration/default/etc_group_spec.rb +4 -0
  17. data/test/integration/default/file_spec.rb +5 -2
  18. data/test/integration/default/iptables_spec.rb +3 -0
  19. data/test/integration/default/kernel_module_spec.rb +12 -11
  20. data/test/integration/default/kernel_parameter_spec.rb +3 -0
  21. data/test/integration/default/mount_spec.rb +11 -9
  22. data/test/integration/default/port_spec.rb +3 -0
  23. data/test/integration/default/postgres_session_spec.rb +3 -0
  24. data/test/integration/default/powershell_spec.rb +3 -0
  25. data/test/integration/default/registry_key_spec.rb +55 -56
  26. data/test/integration/default/secpol_spec.rb +5 -5
  27. data/test/integration/default/service_spec.rb +5 -2
  28. data/test/integration/default/user_spec.rb +2 -1
  29. data/test/integration/default/vbscript_spec.rb +2 -0
  30. data/test/integration/default/wmi_spec.rb +2 -0
  31. data/test/unit/resources/file_test.rb +2 -2
  32. metadata +7 -10
  33. data/lib/utils/hash_map.rb +0 -37
  34. data/test/unit/mock/profiles/resource-tiny/inspec.yml +0 -10
  35. data/test/unit/mock/profiles/resource-tiny/libraries/resource.rb +0 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: da9f3db002552f64882b3f669bd4ea12fe180c7e
4
- data.tar.gz: 9b9f3c267f0c3fc0c86d700d4ccd4bbfae9cee04
3
+ metadata.gz: b6b3a430a61c900227107401eb2d22aea396695a
4
+ data.tar.gz: cb34fe4dbbc66c5aecf5ac9496d201032de28c7c
5
5
  SHA512:
6
- metadata.gz: 372c1b6d4d415859870ec095aab279428e63dab35a3b5b28525c69817d24f71c9d20aad5ca83d45d4df376cfa9281925de6a84346c968283b9006d7b65520069
7
- data.tar.gz: d14b81b748f0a54bf74511ec5633fefdc09f2d83ae0dc9b82a6cc078c6cf932b5d1eacc3b25dec994eb0321f711d6229b942dfad6fd46f3ba787432e7267c590
6
+ metadata.gz: 6db2835d8e1d4cae685034570388f40c94ecb81ad6a8a03af2c8014d5950c3453de43603cb02f01b0379022c86ac247ce2fecdab5b89b5e69cf480330d24589b
7
+ data.tar.gz: 086ad5000a51bc657ed0e5bffe41736228c2bc3671a343c34995fc27953d7565cb66095b6b35b4bd6bde60ce7146888af6b67d4fb2911a86d278d42cd47edf56
@@ -1,7 +1,23 @@
1
1
  # Change Log
2
2
 
3
- ## [0.21.6](https://github.com/chef/inspec/tree/0.21.6) (2016-05-13)
4
- [Full Changelog](https://github.com/chef/inspec/compare/v0.21.5...0.21.6)
3
+ ## [0.22.0](https://github.com/chef/inspec/tree/0.22.0) (2016-05-16)
4
+ [Full Changelog](https://github.com/chef/inspec/compare/v0.21.6...0.22.0)
5
+
6
+ **Implemented enhancements:**
7
+
8
+ - update train dependency to 0.12.0 [\#757](https://github.com/chef/inspec/pull/757) ([chris-rock](https://github.com/chris-rock))
9
+ - run integration tests in docker [\#732](https://github.com/chef/inspec/pull/732) ([chris-rock](https://github.com/chris-rock))
10
+
11
+ **Merged pull requests:**
12
+
13
+ - fixed 'it' statements under file\_test [\#758](https://github.com/chef/inspec/pull/758) ([Anirudh-Gupta](https://github.com/Anirudh-Gupta))
14
+ - modification in command resource example [\#756](https://github.com/chef/inspec/pull/756) ([Anirudh-Gupta](https://github.com/Anirudh-Gupta))
15
+ - add sudo\_command option [\#754](https://github.com/chef/inspec/pull/754) ([jeremymv2](https://github.com/jeremymv2))
16
+ - remove string quotes around regexp \(docfix\) [\#750](https://github.com/chef/inspec/pull/750) ([lamont-granquist](https://github.com/lamont-granquist))
17
+ - rake release\_docker + smaller image builds [\#745](https://github.com/chef/inspec/pull/745) ([arlimus](https://github.com/arlimus))
18
+
19
+ ## [v0.21.6](https://github.com/chef/inspec/tree/v0.21.6) (2016-05-13)
20
+ [Full Changelog](https://github.com/chef/inspec/compare/v0.21.5...v0.21.6)
5
21
 
6
22
  **Fixed bugs:**
7
23
 
data/Gemfile CHANGED
@@ -23,6 +23,7 @@ group :integration do
23
23
  gem 'kitchen-vagrant'
24
24
  gem 'kitchen-inspec', '0.12.5'
25
25
  gem 'kitchen-ec2'
26
+ gem 'kitchen-dokken'
26
27
  end
27
28
 
28
29
  group :tools do
data/README.md CHANGED
@@ -190,7 +190,7 @@ inspec exec test.rb -t winrm://Administrator@windowshost --password 'your-passwo
190
190
  inspec exec test.rb -t docker://container_id
191
191
 
192
192
  # run with sudo
193
- inspec exec test.rb --sudo [--sudo-password ...] [--sudo-options ...]
193
+ inspec exec test.rb --sudo [--sudo-password ...] [--sudo-options ...] [--sudo_command ...]
194
194
  ```
195
195
 
196
196
  ### detect
data/Rakefile CHANGED
@@ -49,10 +49,10 @@ namespace :test do
49
49
  sh(Gem.ruby, 'test/docker_test.rb', *tests)
50
50
  end
51
51
 
52
- task :vm do
53
- concurrency = ENV['CONCURRENCY'] || 4
54
- path = File.join(File.dirname(__FILE__), 'test', 'integration')
55
- sh('sh', '-c', "cd #{path} && bundle exec kitchen test -c #{concurrency} -t .")
52
+ task :integration do
53
+ concurrency = ENV['CONCURRENCY'] || 1
54
+ os = ENV['OS'] || ''
55
+ sh('sh', '-c', "bundle exec kitchen test -c #{concurrency} #{os}")
56
56
  end
57
57
 
58
58
  task :ssh, [:target] do |_t, args|
@@ -146,3 +146,14 @@ task :bump_version, [:version] do |_, args|
146
146
  inspec_version(v)
147
147
  Rake::Task['changelog'].invoke
148
148
  end
149
+
150
+ desc 'Release a new docker image'
151
+ task :release_docker do
152
+ version = Inspec::VERSION
153
+ cmd = "rm *.gem; gem build *gemspec && "\
154
+ "mv *.gem inspec.gem && "\
155
+ "docker build -t chef/inspec:#{version} . && "\
156
+ "docker push chef/inspec:#{version}"
157
+ puts "--> #{cmd}"
158
+ sh('sh', '-c', cmd)
159
+ end
@@ -41,6 +41,9 @@ The following options may be used with any of the InSpec CLI subcommands:
41
41
  ``--sudo_password``
42
42
  The sudo password, if required.
43
43
 
44
+ ``--sudo_command``
45
+ Alternate sudo command, if required.
46
+
44
47
  ``-t``, ``--target``
45
48
  The URI for the target of a remote scan, preceded by the target's backend. For example: ``backend://user:pass@host:port``, where ``backend`` is one of ``docker``, ``local``, ``ssh``, or ``winrm``.
46
49
 
@@ -1107,16 +1107,16 @@ The ``content`` matcher tests if contents in the file match the value specified
1107
1107
 
1108
1108
  .. code-block:: ruby
1109
1109
 
1110
- its('content') { should match 'value' }
1110
+ its('content') { should match REGEX }
1111
1111
 
1112
1112
  The following complete example tests the ``pg_hba.conf`` file in |postgresql| for |md5| requirements. The tests look at all ``host`` and ``local`` settings in that file, and then compare the |md5| checksums against the values in the test:
1113
1113
 
1114
1114
  .. code-block:: bash
1115
1115
 
1116
1116
  describe file(hba_config_file) do
1117
- its('content') { should match '/local\s.*?all\s.*?all\s.*?md5/' }
1118
- its('content') { should match '%r{/host\s.*?all\s.*?all\s.*?127.0.0.1\/32\s.*?md5/}' }
1119
- its('content') { should match '%r{/host\s.*?all\s.*?all\s.*?::1\/128\s.*?md5/}' }
1117
+ its('content') { should match /local\s.*?all\s.*?all\s.*?md5/ }
1118
+ its('content') { should match %r{/host\s.*?all\s.*?all\s.*?127.0.0.1\/32\s.*?md5/} }
1119
+ its('content') { should match %r{/host\s.*?all\s.*?all\s.*?::1\/128\s.*?md5/} }
1120
1120
  end
1121
1121
 
1122
1122
  exist
@@ -1286,9 +1286,9 @@ The following examples show how to use this InSpec audit resource.
1286
1286
  .. code-block:: bash
1287
1287
 
1288
1288
  describe file(hba_config_file) do
1289
- its('content') { should match '/local\s.*?all\s.*?all\s.*?md5/' }
1290
- its('content') { should match '%r{/host\s.*?all\s.*?all\s.*?127.0.0.1\/32\s.*?md5/}' }
1291
- its('content') { should match '%r{/host\s.*?all\s.*?all\s.*?::1\/128\s.*?md5/}' }
1289
+ its('content') { should match /local\s.*?all\s.*?all\s.*?md5/ }
1290
+ its('content') { should match %r{/host\s.*?all\s.*?all\s.*?127.0.0.1\/32\s.*?md5/} }
1291
+ its('content') { should match %r{/host\s.*?all\s.*?all\s.*?::1\/128\s.*?md5/} }
1292
1292
  end
1293
1293
 
1294
1294
  **Test if a file exists**
@@ -24,7 +24,7 @@ Gem::Specification.new do |spec|
24
24
  spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
25
25
  spec.require_paths = ['lib']
26
26
 
27
- spec.add_dependency 'r-train', '~> 0.11'
27
+ spec.add_dependency 'r-train', '~> 0.12'
28
28
  spec.add_dependency 'thor', '~> 0.19'
29
29
  spec.add_dependency 'json', '~> 1.8'
30
30
  spec.add_dependency 'rainbow', '~> 2'
@@ -3,5 +3,5 @@
3
3
  # author: Christoph Hartmann
4
4
 
5
5
  module Inspec
6
- VERSION = '0.21.6'.freeze
6
+ VERSION = '0.22.0'.freeze
7
7
  end
@@ -10,11 +10,15 @@ module Inspec::Resources
10
10
  desc 'Use the command InSpec audit resource to test an arbitrary command that is run on the system.'
11
11
  example "
12
12
  describe command('ls -al /') do
13
- it { should exist }
14
13
  its('stdout') { should match /bin/ }
15
14
  its('stderr') { should eq '' }
16
15
  its('exit_status') { should eq 0 }
17
16
  end
17
+
18
+ command('ls -al /').exist? will return false. Existence of command should be checked this way.
19
+ describe command('ls') do
20
+ it { should exist }
21
+ end
18
22
  "
19
23
 
20
24
  attr_reader :command
@@ -29,6 +29,8 @@ module Inspec
29
29
  desc: 'Specify a sudo password, if it is required.'
30
30
  option :sudo_options, type: :string,
31
31
  desc: 'Additional sudo options for a remote scan.'
32
+ option :sudo_command, type: :string,
33
+ desc: 'Alternate command for sudo.'
32
34
  option :ssl, type: :boolean,
33
35
  desc: 'Use SSL for transport layer encryption (WinRM).'
34
36
  option :self_signed, type: :boolean,
@@ -0,0 +1,2 @@
1
+ default['osprepare']['docker'] = false
2
+ default['osprepare']['application'] = true
@@ -7,19 +7,21 @@
7
7
 
8
8
  # basic tests
9
9
  include_recipe('os_prepare::file')
10
- include_recipe('os_prepare::mount')
10
+ include_recipe('os_prepare::mount') unless node['osprepare']['docker']
11
11
  include_recipe('os_prepare::service')
12
12
  include_recipe('os_prepare::package')
13
13
  include_recipe('os_prepare::registry_key')
14
- include_recipe('os_prepare::iptables')
14
+ include_recipe('os_prepare::iptables') unless node['osprepare']['docker']
15
+
16
+ # config file parsing
17
+ include_recipe('os_prepare::json_yaml_csv_ini')
15
18
 
16
19
  # configure repos, eg. nginx
17
20
  include_recipe('os_prepare::apt')
18
21
 
19
22
  # application configuration
20
- include_recipe('os_prepare::postgres')
21
- include_recipe('os_prepare::auditctl')
22
- include_recipe('os_prepare::apache')
23
-
24
- # config file parsing
25
- include_recipe('os_prepare::json_yaml_csv_ini')
23
+ if node['osprepare']['application']
24
+ include_recipe('os_prepare::postgres')
25
+ include_recipe('os_prepare::auditctl') unless node['osprepare']['docker']
26
+ include_recipe('os_prepare::apache')
27
+ end
@@ -1,15 +1,16 @@
1
1
  # encoding: utf-8
2
2
 
3
- if os.linux?
3
+ # TODO: do not run those tests on docker yet
4
+ return if ENV['DOCKER']
5
+ return unless os.linux?
4
6
 
5
- # direct access to params of apache conf
6
- describe apache_conf do
7
- its('LogLevel') { should eq 'warn' }
8
- its('MaxKeepAliveRequests') { should eq '100' }
9
- end
7
+ # direct access to params of apache conf
8
+ describe apache_conf do
9
+ its('LogLevel') { should cmp 'warn' }
10
+ its('MaxKeepAliveRequests') { should cmp 100 }
11
+ end
10
12
 
11
- # only read one param
12
- describe apache_conf.params('LogLevel') do
13
- it { should include 'warn' }
14
- end
13
+ # only read one param
14
+ describe apache_conf.params('LogLevel') do
15
+ it { should include 'warn' }
15
16
  end
@@ -11,12 +11,12 @@ if os.linux?
11
11
  its('Port') { should cmp 22.0 }
12
12
  its('Port') { should_not cmp 22.1 }
13
13
 
14
- its('LogLevel') { should eq 'INFO' }
15
- its('LogLevel') { should_not eq 'info'}
14
+ its('LogLevel') { should eq 'VERBOSE' }
15
+ its('LogLevel') { should_not eq 'verbose'}
16
16
 
17
- its('LogLevel') { should cmp 'INFO' }
18
- its('LogLevel') { should cmp 'info' }
19
- its('LogLevel') { should cmp 'InfO' }
17
+ its('LogLevel') { should cmp 'VERBOSE' }
18
+ its('LogLevel') { should cmp 'verbose' }
19
+ its('LogLevel') { should cmp 'VerBose' }
20
20
  end
21
21
 
22
22
  describe passwd.passwords.uniq do
@@ -1,5 +1,9 @@
1
1
  # encoding: utf-8
2
2
 
3
+ # TODO: do not run those tests on docker yet
4
+ return if ENV['DOCKER']
5
+
6
+ # lets define our own group
3
7
  root_group = 'root'
4
8
 
5
9
  if os[:family] == 'aix'
@@ -1,5 +1,8 @@
1
1
  # encoding: utf-8
2
2
 
3
+ # TODO: do not run those tests on docker yet
4
+ return if ENV['DOCKER']
5
+
3
6
  if os[:family] == 'freebsd'
4
7
  filedata = {
5
8
  user: 'root',
@@ -56,8 +59,8 @@ if os.unix?
56
59
  # it { should have_mode }
57
60
  its('mode') { should eq 00765 }
58
61
  it { should be_mode 00765 }
59
- its('mode') { should cmp '0765' }
60
- its('mode') { should_not cmp '0777' }
62
+ its('mode') { should cmp 0765 }
63
+ its('mode') { should_not cmp 0777 }
61
64
 
62
65
  it { should be_readable }
63
66
  it { should be_readable.by('owner') }
@@ -1,5 +1,8 @@
1
1
  # encoding: utf-8
2
2
 
3
+ # TODO: do not run those tests on docker yet
4
+ return if ENV['DOCKER']
5
+
3
6
  case os[:family]
4
7
  when 'ubuntu', 'fedora'
5
8
  describe iptables do
@@ -1,17 +1,18 @@
1
1
  # encoding: utf-8
2
2
 
3
- # Test kernel modules on all linux systems
4
- if os.linux?
3
+ # TODO: do not run those tests on docker yet
4
+ return if ENV['DOCKER']
5
+ return unless os.linux?
5
6
 
6
- describe kernel_module('video') do
7
- it { should be_loaded }
8
- end
7
+ # Test kernel modules on all linux systems
8
+ describe kernel_module('video') do
9
+ it { should be_loaded }
10
+ end
9
11
 
10
- describe kernel_module('bridge') do
11
- it { should_not be_loaded }
12
- end
12
+ describe kernel_module('bridge') do
13
+ it { should_not be_loaded }
14
+ end
13
15
 
14
- describe kernel_module('dhcp') do
15
- it { should_not be_loaded }
16
- end
16
+ describe kernel_module('dhcp') do
17
+ it { should_not be_loaded }
17
18
  end
@@ -1,5 +1,8 @@
1
1
  # encoding: utf-8
2
2
 
3
+ # TODO: do not run those tests on docker yet
4
+ return if ENV['DOCKER']
5
+
3
6
  # prepare values
4
7
  if ['ubuntu', 'centos', 'fedora', 'opensuse', 'debian'].include?(os[:family])
5
8
  test_values = {
@@ -1,12 +1,14 @@
1
1
  # encoding: utf-8
2
2
 
3
- if os.linux?
4
- # instead of `.with` or `.only_with` we recommend to use the `mount` resource
5
- describe mount '/mnt/iso-disk' do
6
- it { should be_mounted }
7
- its('count') { should eq 1 }
8
- its('device') { should eq '/tmp/empty.iso' }
9
- its('type') { should eq 'iso9660' }
10
- its('options') { should eq ['ro'] }
11
- end
3
+ # TODO: do not run those tests on docker yet
4
+ return if ENV['DOCKER']
5
+ return unless os.linux?
6
+
7
+ # instead of `.with` or `.only_with` we recommend to use the `mount` resource
8
+ describe mount '/mnt/iso-disk' do
9
+ it { should be_mounted }
10
+ its('count') { should eq 1 }
11
+ its('device') { should eq '/tmp/empty.iso' }
12
+ its('type') { should eq 'iso9660' }
13
+ its('options') { should eq ['ro'] }
12
14
  end
@@ -1,5 +1,8 @@
1
1
  # encoding: utf-8
2
2
 
3
+ # TODO: do not run those tests on docker yet
4
+ return if ENV['DOCKER']
5
+
3
6
  # check that ssh runs
4
7
  if os.unix?
5
8
  describe port(22) do
@@ -1,5 +1,8 @@
1
1
  # encoding: utf-8
2
2
 
3
+ # TODO: do not run those tests on docker yet
4
+ return if ENV['DOCKER']
5
+
3
6
  # postgres-server is installed on these platforms
4
7
  if ['ubuntu', 'centos'].include? os['family']
5
8
  postgres = postgres_session('postgres', 'inspec')
@@ -1,4 +1,7 @@
1
1
  # encoding: utf-8
2
+
3
+ return unless os.windows?
4
+
2
5
  script = <<-EOH
3
6
  Write-Output 'hello'
4
7
  EOH
@@ -1,67 +1,66 @@
1
1
  # encoding: utf-8
2
2
 
3
- if os.windows?
3
+ return unless os.windows?
4
4
 
5
- describe registry_key('HKLM\System\Test') do
6
- it { should exist }
7
- it { should have_value('test') }
8
- it { should have_property('binary value', :binary) }
9
- it { should have_property('Binary value', :binary) }
10
- it { should have_property('string value') }
11
- it { should have_property('String value') }
12
- it { should have_property('dword value', :dword) }
13
- it { should have_property_value('multistring value', :multi_string, ['test', 'multi','string','data']) }
14
- it { should have_property_value('Multistring Value', :multi_string, ['test', 'multi','string','data']) }
15
- it { should have_property_value('qword value', :qword, 0) }
16
- it { should have_property_value('Qword value', :qword, 0) }
17
- it { should have_property_value('binary value', :binary, 'dfa0f066') }
18
- it { should have_property_value('Binary value', :binary, 'dfa0f066') }
19
- end
5
+ describe registry_key('HKLM\System\Test') do
6
+ it { should exist }
7
+ it { should have_value('test') }
8
+ it { should have_property('binary value', :binary) }
9
+ it { should have_property('Binary value', :binary) }
10
+ it { should have_property('string value') }
11
+ it { should have_property('String value') }
12
+ it { should have_property('dword value', :dword) }
13
+ it { should have_property_value('multistring value', :multi_string, ['test', 'multi','string','data']) }
14
+ it { should have_property_value('Multistring Value', :multi_string, ['test', 'multi','string','data']) }
15
+ it { should have_property_value('qword value', :qword, 0) }
16
+ it { should have_property_value('Qword value', :qword, 0) }
17
+ it { should have_property_value('binary value', :binary, 'dfa0f066') }
18
+ it { should have_property_value('Binary value', :binary, 'dfa0f066') }
19
+ end
20
20
 
21
- # serverspec compatability
22
- describe windows_registry_key('HKLM\System\Test') do
23
- it { should exist }
24
- it { should have_value('test') }
25
- it { should have_property('string value') }
26
- it { should have_property('binary value', :type_binary) }
27
- it { should have_property('dword value', :type_dword) }
28
- it { should have_property_value('multistring value', :type_multistring, ['test', 'multi','string','data']) }
29
- it { should have_property_value('qword value', :type_qword, 0) }
30
- it { should have_property_value('binary value', :type_binary, 'dfa0f066') }
31
- end
21
+ # serverspec compatability
22
+ describe windows_registry_key('HKLM\System\Test') do
23
+ it { should exist }
24
+ it { should have_value('test') }
25
+ it { should have_property('string value') }
26
+ it { should have_property('binary value', :type_binary) }
27
+ it { should have_property('dword value', :type_dword) }
28
+ it { should have_property_value('multistring value', :type_multistring, ['test', 'multi','string','data']) }
29
+ it { should have_property_value('qword value', :type_qword, 0) }
30
+ it { should have_property_value('binary value', :type_binary, 'dfa0f066') }
31
+ end
32
32
 
33
- describe registry_key('HKLM\Software\Policies\Microsoft\Windows\EventLog\System') do
34
- it { should exist }
35
- its('MaxSize') { should_not eq nil }
36
- end
33
+ describe registry_key('HKLM\Software\Policies\Microsoft\Windows\EventLog\System') do
34
+ it { should exist }
35
+ its('MaxSize') { should_not eq nil }
36
+ end
37
37
 
38
- describe registry_key('HKLM\System\CurrentControlSet\Control\Session Manager') do
39
- it { should exist }
40
- it { should_not have_property_value('SafeDllSearchMode', :type_dword, 0) }
41
- # case-insensitive test
42
- it { should_not have_property_value('safedllsearchmode', :type_dword, 0) }
43
- end
38
+ describe registry_key('HKLM\System\CurrentControlSet\Control\Session Manager') do
39
+ it { should exist }
40
+ it { should_not have_property_value('SafeDllSearchMode', :type_dword, 0) }
41
+ # case-insensitive test
42
+ it { should_not have_property_value('safedllsearchmode', :type_dword, 0) }
43
+ end
44
44
 
45
- describe registry_key('HKLM\System\CurrentControlSet\Services\LanManServer\Parameters') do
46
- it { should exist }
47
- its('NullSessionShares') { should eq [''] }
48
- end
45
+ describe registry_key('HKLM\System\CurrentControlSet\Services\LanManServer\Parameters') do
46
+ it { should exist }
47
+ its('NullSessionShares') { should eq [''] }
48
+ end
49
49
 
50
- describe registry_key('HKLM\Software\Policies\Microsoft\Internet Explorer\Main') do
51
- it { should exist }
52
- its('Isolation64Bit') { should eq 1 }
53
- # check that its is case-insensitive
54
- its('isolation64bit') { should eq 1 }
55
- end
50
+ describe registry_key('HKLM\Software\Policies\Microsoft\Internet Explorer\Main') do
51
+ it { should exist }
52
+ its('Isolation64Bit') { should eq 1 }
53
+ # check that its is case-insensitive
54
+ its('isolation64bit') { should eq 1 }
55
+ end
56
56
 
57
- describe registry_key('HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services') do
58
- it { should exist }
59
- its('MinEncryptionLevel') { should eq 3 }
60
- end
57
+ describe registry_key('HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services') do
58
+ it { should exist }
59
+ its('MinEncryptionLevel') { should eq 3 }
60
+ end
61
61
 
62
- describe registry_key('HKLM\System\CurrentControlSet\Control\Lsa\MSV1_0') do
63
- it { should exist }
64
- its('NTLMMinServerSec') { should eq 537_395_200 }
65
- its('NtlmMinServerSec') { should eq 537_395_200 }
66
- end
62
+ describe registry_key('HKLM\System\CurrentControlSet\Control\Lsa\MSV1_0') do
63
+ it { should exist }
64
+ its('NTLMMinServerSec') { should eq 537_395_200 }
65
+ its('NtlmMinServerSec') { should eq 537_395_200 }
67
66
  end
@@ -1,8 +1,8 @@
1
1
  # encoding: utf-8
2
2
 
3
- if os.windows?
4
- describe security_policy do
5
- its('EnableAdminAccount') { should eq 1 }
6
- its('EnableGuestAccount') { should eq 0 }
7
- end
3
+ return unless os.windows?
4
+
5
+ describe security_policy do
6
+ its('EnableAdminAccount') { should eq 1 }
7
+ its('EnableGuestAccount') { should eq 0 }
8
8
  end
@@ -1,5 +1,8 @@
1
1
  # encoding: utf-8
2
2
 
3
+ # TODO: do not run those tests on docker yet
4
+ return if ENV['DOCKER']
5
+
3
6
  # based on operating system we select the available service
4
7
  if ['centos', 'fedora', 'freebsd', 'opensuse'].include?(os[:family])
5
8
  # CentOS, Fedora
@@ -38,8 +41,8 @@ describe service(available_service) do
38
41
  end
39
42
 
40
43
  # extra test for ubuntu upstart with systemv service
41
- if os[:family] == 'ubuntu'
42
- describe service('ntp') do
44
+ if os[:family] == 'ubuntu' && os[:release] == '12.04'
45
+ describe upstart_service('ssh') do
43
46
  it { should be_enabled }
44
47
  it { should be_installed }
45
48
  it { should be_running }
@@ -85,7 +85,8 @@ else
85
85
 
86
86
  # check that the user is part of the groups
87
87
  if k.to_s == 'groups'
88
- its(k) { should include v }
88
+ # TODO: do not run those tests on docker yet
89
+ its(k) { should include v } unless ENV['DOCKER']
89
90
  # default eq comparison
90
91
  else
91
92
  its(k) { should eq v }
@@ -1,5 +1,7 @@
1
1
  # encoding: utf-8
2
2
 
3
+ return unless os.windows?
4
+
3
5
  # script that may have multiple lines
4
6
  vbscript = <<-EOH
5
7
  WScript.Echo "hello"
@@ -1,5 +1,7 @@
1
1
  # encoding: utf-8
2
2
 
3
+ return unless os.windows?
4
+
3
5
  # Get-WmiObject win32_service
4
6
  # Get-WmiObject -class win32_service
5
7
  # returns an array of service objects
@@ -123,7 +123,7 @@ describe Inspec::Resources::FileResource do
123
123
  resource.send(:check_file_permission_by_user, 'user', 'flag').must_equal(true)
124
124
  end
125
125
 
126
- it 'returns true when the cmd exits non-zero' do
126
+ it 'returns false when the cmd exits non-zero' do
127
127
  MockLoader.mock_command(resource, 'su -s /bin/sh -c "test -flag /fakepath/fakefile" user', exit_status: 1)
128
128
  resource.send(:check_file_permission_by_user, 'user', 'flag').must_equal(false)
129
129
  end
@@ -144,7 +144,7 @@ describe Inspec::Resources::FileResource do
144
144
  resource.send(:check_file_permission_by_user, 'user', 'flag').must_equal(true)
145
145
  end
146
146
 
147
- it 'returns true when the cmd exits non-zero' do
147
+ it 'returns false when the cmd exits non-zero' do
148
148
  MockLoader.mock_command(resource, 'sudo -u user test -flag /fakepath/fakefile', exit_status: 1)
149
149
  resource.send(:check_file_permission_by_user, 'user', 'flag').must_equal(false)
150
150
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: inspec
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.21.6
4
+ version: 0.22.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dominik Richter
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-05-13 00:00:00.000000000 Z
11
+ date: 2016-05-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: r-train
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: '0.11'
19
+ version: '0.12'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: '0.11'
26
+ version: '0.12'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: thor
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -359,7 +359,6 @@ files:
359
359
  - lib/utils/filter_array.rb
360
360
  - lib/utils/find_files.rb
361
361
  - lib/utils/hash.rb
362
- - lib/utils/hash_map.rb
363
362
  - lib/utils/json_log.rb
364
363
  - lib/utils/modulator.rb
365
364
  - lib/utils/object_traversal.rb
@@ -367,6 +366,7 @@ files:
367
366
  - lib/utils/plugin_registry.rb
368
367
  - lib/utils/simpleconfig.rb
369
368
  - tasks/maintainers.rb
369
+ - test/cookbooks/os_prepare/attributes/default.rb
370
370
  - test/cookbooks/os_prepare/files/empty.iso
371
371
  - test/cookbooks/os_prepare/files/example.csv
372
372
  - test/cookbooks/os_prepare/files/example.ini
@@ -551,8 +551,6 @@ files:
551
551
  - test/unit/mock/profiles/legacy-empty-metadata/metadata.rb
552
552
  - test/unit/mock/profiles/legacy-simple-metadata/metadata.rb
553
553
  - test/unit/mock/profiles/legacy-simple-metadata/test/.gitkeep
554
- - test/unit/mock/profiles/resource-tiny/inspec.yml
555
- - test/unit/mock/profiles/resource-tiny/libraries/resource.rb
556
554
  - test/unit/mock/profiles/simple-metadata/inspec.yml
557
555
  - test/unit/mock/profiles/skippy-profile-os/controls/one.rb
558
556
  - test/unit/mock/profiles/skippy-profile-os/inspec.yml
@@ -640,11 +638,12 @@ required_rubygems_version: !ruby/object:Gem::Requirement
640
638
  version: '0'
641
639
  requirements: []
642
640
  rubyforge_project:
643
- rubygems_version: 2.5.1
641
+ rubygems_version: 2.4.6
644
642
  signing_key:
645
643
  specification_version: 4
646
644
  summary: Infrastructure and compliance testing.
647
645
  test_files:
646
+ - test/cookbooks/os_prepare/attributes/default.rb
648
647
  - test/cookbooks/os_prepare/files/empty.iso
649
648
  - test/cookbooks/os_prepare/files/example.csv
650
649
  - test/cookbooks/os_prepare/files/example.ini
@@ -829,8 +828,6 @@ test_files:
829
828
  - test/unit/mock/profiles/legacy-empty-metadata/metadata.rb
830
829
  - test/unit/mock/profiles/legacy-simple-metadata/metadata.rb
831
830
  - test/unit/mock/profiles/legacy-simple-metadata/test/.gitkeep
832
- - test/unit/mock/profiles/resource-tiny/inspec.yml
833
- - test/unit/mock/profiles/resource-tiny/libraries/resource.rb
834
831
  - test/unit/mock/profiles/simple-metadata/inspec.yml
835
832
  - test/unit/mock/profiles/skippy-profile-os/controls/one.rb
836
833
  - test/unit/mock/profiles/skippy-profile-os/inspec.yml
@@ -1,37 +0,0 @@
1
- # encoding: utf-8
2
- # author: Dominik Richter
3
- # author: Christoph Hartmann
4
-
5
- class HashMap
6
- class << self
7
- def [](hash, *keys)
8
- return hash if keys.empty? || hash.nil?
9
- key = keys.shift
10
- if hash.is_a?(Array)
11
- map = hash.map { |i| [i, key] }
12
- else
13
- map = hash[key]
14
- end
15
- [map, *keys]
16
- rescue NoMethodError => _
17
- nil
18
- end
19
- end
20
- end
21
-
22
- class StringMap
23
- class << self
24
- def [](hash, *keys)
25
- return hash if keys.empty? || hash.nil?
26
- key = keys.shift
27
- if hash.is_a?(Array)
28
- map = hash.map { |i| [i, key] }
29
- else
30
- map = hash[key]
31
- end
32
- [map, *keys]
33
- rescue NoMethodError => _
34
- nil
35
- end
36
- end
37
- end
@@ -1,10 +0,0 @@
1
- name: complete
2
- title: complete example profile
3
- maintainer: Chef Software, Inc.
4
- copyright: Chef Software, Inc.
5
- copyright_email: support@chef.io
6
- license: Proprietary, All rights reserved
7
- summary: Testing stub
8
- version: 1.0.0
9
- supports:
10
- - os-family: linux
@@ -1,3 +0,0 @@
1
- class Tiny < Inspec.resource(1)
2
- name 'tiny'
3
- end