inspec 0.21.6 → 0.22.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +18 -2
- data/Gemfile +1 -0
- data/README.md +1 -1
- data/Rakefile +15 -4
- data/docs/ctl_inspec.rst +3 -0
- data/docs/resources.rst +7 -7
- data/inspec.gemspec +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/resources/command.rb +5 -1
- data/lib/utils/base_cli.rb +2 -0
- data/test/cookbooks/os_prepare/attributes/default.rb +2 -0
- data/test/cookbooks/os_prepare/recipes/default.rb +10 -8
- data/test/integration/default/apache_conf_spec.rb +11 -10
- data/test/integration/default/compare_matcher_spec.rb +5 -5
- data/test/integration/default/etc_group_spec.rb +4 -0
- data/test/integration/default/file_spec.rb +5 -2
- data/test/integration/default/iptables_spec.rb +3 -0
- data/test/integration/default/kernel_module_spec.rb +12 -11
- data/test/integration/default/kernel_parameter_spec.rb +3 -0
- data/test/integration/default/mount_spec.rb +11 -9
- data/test/integration/default/port_spec.rb +3 -0
- data/test/integration/default/postgres_session_spec.rb +3 -0
- data/test/integration/default/powershell_spec.rb +3 -0
- data/test/integration/default/registry_key_spec.rb +55 -56
- data/test/integration/default/secpol_spec.rb +5 -5
- data/test/integration/default/service_spec.rb +5 -2
- data/test/integration/default/user_spec.rb +2 -1
- data/test/integration/default/vbscript_spec.rb +2 -0
- data/test/integration/default/wmi_spec.rb +2 -0
- data/test/unit/resources/file_test.rb +2 -2
- metadata +7 -10
- data/lib/utils/hash_map.rb +0 -37
- data/test/unit/mock/profiles/resource-tiny/inspec.yml +0 -10
- data/test/unit/mock/profiles/resource-tiny/libraries/resource.rb +0 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b6b3a430a61c900227107401eb2d22aea396695a
|
4
|
+
data.tar.gz: cb34fe4dbbc66c5aecf5ac9496d201032de28c7c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6db2835d8e1d4cae685034570388f40c94ecb81ad6a8a03af2c8014d5950c3453de43603cb02f01b0379022c86ac247ce2fecdab5b89b5e69cf480330d24589b
|
7
|
+
data.tar.gz: 086ad5000a51bc657ed0e5bffe41736228c2bc3671a343c34995fc27953d7565cb66095b6b35b4bd6bde60ce7146888af6b67d4fb2911a86d278d42cd47edf56
|
data/CHANGELOG.md
CHANGED
@@ -1,7 +1,23 @@
|
|
1
1
|
# Change Log
|
2
2
|
|
3
|
-
## [0.
|
4
|
-
[Full Changelog](https://github.com/chef/inspec/compare/v0.21.
|
3
|
+
## [0.22.0](https://github.com/chef/inspec/tree/0.22.0) (2016-05-16)
|
4
|
+
[Full Changelog](https://github.com/chef/inspec/compare/v0.21.6...0.22.0)
|
5
|
+
|
6
|
+
**Implemented enhancements:**
|
7
|
+
|
8
|
+
- update train dependency to 0.12.0 [\#757](https://github.com/chef/inspec/pull/757) ([chris-rock](https://github.com/chris-rock))
|
9
|
+
- run integration tests in docker [\#732](https://github.com/chef/inspec/pull/732) ([chris-rock](https://github.com/chris-rock))
|
10
|
+
|
11
|
+
**Merged pull requests:**
|
12
|
+
|
13
|
+
- fixed 'it' statements under file\_test [\#758](https://github.com/chef/inspec/pull/758) ([Anirudh-Gupta](https://github.com/Anirudh-Gupta))
|
14
|
+
- modification in command resource example [\#756](https://github.com/chef/inspec/pull/756) ([Anirudh-Gupta](https://github.com/Anirudh-Gupta))
|
15
|
+
- add sudo\_command option [\#754](https://github.com/chef/inspec/pull/754) ([jeremymv2](https://github.com/jeremymv2))
|
16
|
+
- remove string quotes around regexp \(docfix\) [\#750](https://github.com/chef/inspec/pull/750) ([lamont-granquist](https://github.com/lamont-granquist))
|
17
|
+
- rake release\_docker + smaller image builds [\#745](https://github.com/chef/inspec/pull/745) ([arlimus](https://github.com/arlimus))
|
18
|
+
|
19
|
+
## [v0.21.6](https://github.com/chef/inspec/tree/v0.21.6) (2016-05-13)
|
20
|
+
[Full Changelog](https://github.com/chef/inspec/compare/v0.21.5...v0.21.6)
|
5
21
|
|
6
22
|
**Fixed bugs:**
|
7
23
|
|
data/Gemfile
CHANGED
data/README.md
CHANGED
@@ -190,7 +190,7 @@ inspec exec test.rb -t winrm://Administrator@windowshost --password 'your-passwo
|
|
190
190
|
inspec exec test.rb -t docker://container_id
|
191
191
|
|
192
192
|
# run with sudo
|
193
|
-
inspec exec test.rb --sudo [--sudo-password ...] [--sudo-options ...]
|
193
|
+
inspec exec test.rb --sudo [--sudo-password ...] [--sudo-options ...] [--sudo_command ...]
|
194
194
|
```
|
195
195
|
|
196
196
|
### detect
|
data/Rakefile
CHANGED
@@ -49,10 +49,10 @@ namespace :test do
|
|
49
49
|
sh(Gem.ruby, 'test/docker_test.rb', *tests)
|
50
50
|
end
|
51
51
|
|
52
|
-
task :
|
53
|
-
concurrency = ENV['CONCURRENCY'] ||
|
54
|
-
|
55
|
-
sh('sh', '-c', "
|
52
|
+
task :integration do
|
53
|
+
concurrency = ENV['CONCURRENCY'] || 1
|
54
|
+
os = ENV['OS'] || ''
|
55
|
+
sh('sh', '-c', "bundle exec kitchen test -c #{concurrency} #{os}")
|
56
56
|
end
|
57
57
|
|
58
58
|
task :ssh, [:target] do |_t, args|
|
@@ -146,3 +146,14 @@ task :bump_version, [:version] do |_, args|
|
|
146
146
|
inspec_version(v)
|
147
147
|
Rake::Task['changelog'].invoke
|
148
148
|
end
|
149
|
+
|
150
|
+
desc 'Release a new docker image'
|
151
|
+
task :release_docker do
|
152
|
+
version = Inspec::VERSION
|
153
|
+
cmd = "rm *.gem; gem build *gemspec && "\
|
154
|
+
"mv *.gem inspec.gem && "\
|
155
|
+
"docker build -t chef/inspec:#{version} . && "\
|
156
|
+
"docker push chef/inspec:#{version}"
|
157
|
+
puts "--> #{cmd}"
|
158
|
+
sh('sh', '-c', cmd)
|
159
|
+
end
|
data/docs/ctl_inspec.rst
CHANGED
@@ -41,6 +41,9 @@ The following options may be used with any of the InSpec CLI subcommands:
|
|
41
41
|
``--sudo_password``
|
42
42
|
The sudo password, if required.
|
43
43
|
|
44
|
+
``--sudo_command``
|
45
|
+
Alternate sudo command, if required.
|
46
|
+
|
44
47
|
``-t``, ``--target``
|
45
48
|
The URI for the target of a remote scan, preceded by the target's backend. For example: ``backend://user:pass@host:port``, where ``backend`` is one of ``docker``, ``local``, ``ssh``, or ``winrm``.
|
46
49
|
|
data/docs/resources.rst
CHANGED
@@ -1107,16 +1107,16 @@ The ``content`` matcher tests if contents in the file match the value specified
|
|
1107
1107
|
|
1108
1108
|
.. code-block:: ruby
|
1109
1109
|
|
1110
|
-
its('content') { should match
|
1110
|
+
its('content') { should match REGEX }
|
1111
1111
|
|
1112
1112
|
The following complete example tests the ``pg_hba.conf`` file in |postgresql| for |md5| requirements. The tests look at all ``host`` and ``local`` settings in that file, and then compare the |md5| checksums against the values in the test:
|
1113
1113
|
|
1114
1114
|
.. code-block:: bash
|
1115
1115
|
|
1116
1116
|
describe file(hba_config_file) do
|
1117
|
-
its('content') { should match
|
1118
|
-
its('content') { should match
|
1119
|
-
its('content') { should match
|
1117
|
+
its('content') { should match /local\s.*?all\s.*?all\s.*?md5/ }
|
1118
|
+
its('content') { should match %r{/host\s.*?all\s.*?all\s.*?127.0.0.1\/32\s.*?md5/} }
|
1119
|
+
its('content') { should match %r{/host\s.*?all\s.*?all\s.*?::1\/128\s.*?md5/} }
|
1120
1120
|
end
|
1121
1121
|
|
1122
1122
|
exist
|
@@ -1286,9 +1286,9 @@ The following examples show how to use this InSpec audit resource.
|
|
1286
1286
|
.. code-block:: bash
|
1287
1287
|
|
1288
1288
|
describe file(hba_config_file) do
|
1289
|
-
its('content') { should match
|
1290
|
-
its('content') { should match
|
1291
|
-
its('content') { should match
|
1289
|
+
its('content') { should match /local\s.*?all\s.*?all\s.*?md5/ }
|
1290
|
+
its('content') { should match %r{/host\s.*?all\s.*?all\s.*?127.0.0.1\/32\s.*?md5/} }
|
1291
|
+
its('content') { should match %r{/host\s.*?all\s.*?all\s.*?::1\/128\s.*?md5/} }
|
1292
1292
|
end
|
1293
1293
|
|
1294
1294
|
**Test if a file exists**
|
data/inspec.gemspec
CHANGED
@@ -24,7 +24,7 @@ Gem::Specification.new do |spec|
|
|
24
24
|
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
25
25
|
spec.require_paths = ['lib']
|
26
26
|
|
27
|
-
spec.add_dependency 'r-train', '~> 0.
|
27
|
+
spec.add_dependency 'r-train', '~> 0.12'
|
28
28
|
spec.add_dependency 'thor', '~> 0.19'
|
29
29
|
spec.add_dependency 'json', '~> 1.8'
|
30
30
|
spec.add_dependency 'rainbow', '~> 2'
|
data/lib/inspec/version.rb
CHANGED
data/lib/resources/command.rb
CHANGED
@@ -10,11 +10,15 @@ module Inspec::Resources
|
|
10
10
|
desc 'Use the command InSpec audit resource to test an arbitrary command that is run on the system.'
|
11
11
|
example "
|
12
12
|
describe command('ls -al /') do
|
13
|
-
it { should exist }
|
14
13
|
its('stdout') { should match /bin/ }
|
15
14
|
its('stderr') { should eq '' }
|
16
15
|
its('exit_status') { should eq 0 }
|
17
16
|
end
|
17
|
+
|
18
|
+
command('ls -al /').exist? will return false. Existence of command should be checked this way.
|
19
|
+
describe command('ls') do
|
20
|
+
it { should exist }
|
21
|
+
end
|
18
22
|
"
|
19
23
|
|
20
24
|
attr_reader :command
|
data/lib/utils/base_cli.rb
CHANGED
@@ -29,6 +29,8 @@ module Inspec
|
|
29
29
|
desc: 'Specify a sudo password, if it is required.'
|
30
30
|
option :sudo_options, type: :string,
|
31
31
|
desc: 'Additional sudo options for a remote scan.'
|
32
|
+
option :sudo_command, type: :string,
|
33
|
+
desc: 'Alternate command for sudo.'
|
32
34
|
option :ssl, type: :boolean,
|
33
35
|
desc: 'Use SSL for transport layer encryption (WinRM).'
|
34
36
|
option :self_signed, type: :boolean,
|
@@ -7,19 +7,21 @@
|
|
7
7
|
|
8
8
|
# basic tests
|
9
9
|
include_recipe('os_prepare::file')
|
10
|
-
include_recipe('os_prepare::mount')
|
10
|
+
include_recipe('os_prepare::mount') unless node['osprepare']['docker']
|
11
11
|
include_recipe('os_prepare::service')
|
12
12
|
include_recipe('os_prepare::package')
|
13
13
|
include_recipe('os_prepare::registry_key')
|
14
|
-
include_recipe('os_prepare::iptables')
|
14
|
+
include_recipe('os_prepare::iptables') unless node['osprepare']['docker']
|
15
|
+
|
16
|
+
# config file parsing
|
17
|
+
include_recipe('os_prepare::json_yaml_csv_ini')
|
15
18
|
|
16
19
|
# configure repos, eg. nginx
|
17
20
|
include_recipe('os_prepare::apt')
|
18
21
|
|
19
22
|
# application configuration
|
20
|
-
|
21
|
-
include_recipe('os_prepare::
|
22
|
-
include_recipe('os_prepare::
|
23
|
-
|
24
|
-
|
25
|
-
include_recipe('os_prepare::json_yaml_csv_ini')
|
23
|
+
if node['osprepare']['application']
|
24
|
+
include_recipe('os_prepare::postgres')
|
25
|
+
include_recipe('os_prepare::auditctl') unless node['osprepare']['docker']
|
26
|
+
include_recipe('os_prepare::apache')
|
27
|
+
end
|
@@ -1,15 +1,16 @@
|
|
1
1
|
# encoding: utf-8
|
2
2
|
|
3
|
-
|
3
|
+
# TODO: do not run those tests on docker yet
|
4
|
+
return if ENV['DOCKER']
|
5
|
+
return unless os.linux?
|
4
6
|
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
7
|
+
# direct access to params of apache conf
|
8
|
+
describe apache_conf do
|
9
|
+
its('LogLevel') { should cmp 'warn' }
|
10
|
+
its('MaxKeepAliveRequests') { should cmp 100 }
|
11
|
+
end
|
10
12
|
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
end
|
13
|
+
# only read one param
|
14
|
+
describe apache_conf.params('LogLevel') do
|
15
|
+
it { should include 'warn' }
|
15
16
|
end
|
@@ -11,12 +11,12 @@ if os.linux?
|
|
11
11
|
its('Port') { should cmp 22.0 }
|
12
12
|
its('Port') { should_not cmp 22.1 }
|
13
13
|
|
14
|
-
its('LogLevel') { should eq '
|
15
|
-
its('LogLevel') { should_not eq '
|
14
|
+
its('LogLevel') { should eq 'VERBOSE' }
|
15
|
+
its('LogLevel') { should_not eq 'verbose'}
|
16
16
|
|
17
|
-
its('LogLevel') { should cmp '
|
18
|
-
its('LogLevel') { should cmp '
|
19
|
-
its('LogLevel') { should cmp '
|
17
|
+
its('LogLevel') { should cmp 'VERBOSE' }
|
18
|
+
its('LogLevel') { should cmp 'verbose' }
|
19
|
+
its('LogLevel') { should cmp 'VerBose' }
|
20
20
|
end
|
21
21
|
|
22
22
|
describe passwd.passwords.uniq do
|
@@ -1,5 +1,8 @@
|
|
1
1
|
# encoding: utf-8
|
2
2
|
|
3
|
+
# TODO: do not run those tests on docker yet
|
4
|
+
return if ENV['DOCKER']
|
5
|
+
|
3
6
|
if os[:family] == 'freebsd'
|
4
7
|
filedata = {
|
5
8
|
user: 'root',
|
@@ -56,8 +59,8 @@ if os.unix?
|
|
56
59
|
# it { should have_mode }
|
57
60
|
its('mode') { should eq 00765 }
|
58
61
|
it { should be_mode 00765 }
|
59
|
-
its('mode') { should cmp
|
60
|
-
its('mode') { should_not cmp
|
62
|
+
its('mode') { should cmp 0765 }
|
63
|
+
its('mode') { should_not cmp 0777 }
|
61
64
|
|
62
65
|
it { should be_readable }
|
63
66
|
it { should be_readable.by('owner') }
|
@@ -1,17 +1,18 @@
|
|
1
1
|
# encoding: utf-8
|
2
2
|
|
3
|
-
#
|
4
|
-
if
|
3
|
+
# TODO: do not run those tests on docker yet
|
4
|
+
return if ENV['DOCKER']
|
5
|
+
return unless os.linux?
|
5
6
|
|
6
|
-
|
7
|
-
|
8
|
-
|
7
|
+
# Test kernel modules on all linux systems
|
8
|
+
describe kernel_module('video') do
|
9
|
+
it { should be_loaded }
|
10
|
+
end
|
9
11
|
|
10
|
-
|
11
|
-
|
12
|
-
|
12
|
+
describe kernel_module('bridge') do
|
13
|
+
it { should_not be_loaded }
|
14
|
+
end
|
13
15
|
|
14
|
-
|
15
|
-
|
16
|
-
end
|
16
|
+
describe kernel_module('dhcp') do
|
17
|
+
it { should_not be_loaded }
|
17
18
|
end
|
@@ -1,12 +1,14 @@
|
|
1
1
|
# encoding: utf-8
|
2
2
|
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
3
|
+
# TODO: do not run those tests on docker yet
|
4
|
+
return if ENV['DOCKER']
|
5
|
+
return unless os.linux?
|
6
|
+
|
7
|
+
# instead of `.with` or `.only_with` we recommend to use the `mount` resource
|
8
|
+
describe mount '/mnt/iso-disk' do
|
9
|
+
it { should be_mounted }
|
10
|
+
its('count') { should eq 1 }
|
11
|
+
its('device') { should eq '/tmp/empty.iso' }
|
12
|
+
its('type') { should eq 'iso9660' }
|
13
|
+
its('options') { should eq ['ro'] }
|
12
14
|
end
|
@@ -1,67 +1,66 @@
|
|
1
1
|
# encoding: utf-8
|
2
2
|
|
3
|
-
|
3
|
+
return unless os.windows?
|
4
4
|
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
5
|
+
describe registry_key('HKLM\System\Test') do
|
6
|
+
it { should exist }
|
7
|
+
it { should have_value('test') }
|
8
|
+
it { should have_property('binary value', :binary) }
|
9
|
+
it { should have_property('Binary value', :binary) }
|
10
|
+
it { should have_property('string value') }
|
11
|
+
it { should have_property('String value') }
|
12
|
+
it { should have_property('dword value', :dword) }
|
13
|
+
it { should have_property_value('multistring value', :multi_string, ['test', 'multi','string','data']) }
|
14
|
+
it { should have_property_value('Multistring Value', :multi_string, ['test', 'multi','string','data']) }
|
15
|
+
it { should have_property_value('qword value', :qword, 0) }
|
16
|
+
it { should have_property_value('Qword value', :qword, 0) }
|
17
|
+
it { should have_property_value('binary value', :binary, 'dfa0f066') }
|
18
|
+
it { should have_property_value('Binary value', :binary, 'dfa0f066') }
|
19
|
+
end
|
20
20
|
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
21
|
+
# serverspec compatability
|
22
|
+
describe windows_registry_key('HKLM\System\Test') do
|
23
|
+
it { should exist }
|
24
|
+
it { should have_value('test') }
|
25
|
+
it { should have_property('string value') }
|
26
|
+
it { should have_property('binary value', :type_binary) }
|
27
|
+
it { should have_property('dword value', :type_dword) }
|
28
|
+
it { should have_property_value('multistring value', :type_multistring, ['test', 'multi','string','data']) }
|
29
|
+
it { should have_property_value('qword value', :type_qword, 0) }
|
30
|
+
it { should have_property_value('binary value', :type_binary, 'dfa0f066') }
|
31
|
+
end
|
32
32
|
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
33
|
+
describe registry_key('HKLM\Software\Policies\Microsoft\Windows\EventLog\System') do
|
34
|
+
it { should exist }
|
35
|
+
its('MaxSize') { should_not eq nil }
|
36
|
+
end
|
37
37
|
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
38
|
+
describe registry_key('HKLM\System\CurrentControlSet\Control\Session Manager') do
|
39
|
+
it { should exist }
|
40
|
+
it { should_not have_property_value('SafeDllSearchMode', :type_dword, 0) }
|
41
|
+
# case-insensitive test
|
42
|
+
it { should_not have_property_value('safedllsearchmode', :type_dword, 0) }
|
43
|
+
end
|
44
44
|
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
45
|
+
describe registry_key('HKLM\System\CurrentControlSet\Services\LanManServer\Parameters') do
|
46
|
+
it { should exist }
|
47
|
+
its('NullSessionShares') { should eq [''] }
|
48
|
+
end
|
49
49
|
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
50
|
+
describe registry_key('HKLM\Software\Policies\Microsoft\Internet Explorer\Main') do
|
51
|
+
it { should exist }
|
52
|
+
its('Isolation64Bit') { should eq 1 }
|
53
|
+
# check that its is case-insensitive
|
54
|
+
its('isolation64bit') { should eq 1 }
|
55
|
+
end
|
56
56
|
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
57
|
+
describe registry_key('HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services') do
|
58
|
+
it { should exist }
|
59
|
+
its('MinEncryptionLevel') { should eq 3 }
|
60
|
+
end
|
61
61
|
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
end
|
62
|
+
describe registry_key('HKLM\System\CurrentControlSet\Control\Lsa\MSV1_0') do
|
63
|
+
it { should exist }
|
64
|
+
its('NTLMMinServerSec') { should eq 537_395_200 }
|
65
|
+
its('NtlmMinServerSec') { should eq 537_395_200 }
|
67
66
|
end
|
@@ -1,8 +1,8 @@
|
|
1
1
|
# encoding: utf-8
|
2
2
|
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
3
|
+
return unless os.windows?
|
4
|
+
|
5
|
+
describe security_policy do
|
6
|
+
its('EnableAdminAccount') { should eq 1 }
|
7
|
+
its('EnableGuestAccount') { should eq 0 }
|
8
8
|
end
|
@@ -1,5 +1,8 @@
|
|
1
1
|
# encoding: utf-8
|
2
2
|
|
3
|
+
# TODO: do not run those tests on docker yet
|
4
|
+
return if ENV['DOCKER']
|
5
|
+
|
3
6
|
# based on operating system we select the available service
|
4
7
|
if ['centos', 'fedora', 'freebsd', 'opensuse'].include?(os[:family])
|
5
8
|
# CentOS, Fedora
|
@@ -38,8 +41,8 @@ describe service(available_service) do
|
|
38
41
|
end
|
39
42
|
|
40
43
|
# extra test for ubuntu upstart with systemv service
|
41
|
-
if os[:family] == 'ubuntu'
|
42
|
-
describe
|
44
|
+
if os[:family] == 'ubuntu' && os[:release] == '12.04'
|
45
|
+
describe upstart_service('ssh') do
|
43
46
|
it { should be_enabled }
|
44
47
|
it { should be_installed }
|
45
48
|
it { should be_running }
|
@@ -85,7 +85,8 @@ else
|
|
85
85
|
|
86
86
|
# check that the user is part of the groups
|
87
87
|
if k.to_s == 'groups'
|
88
|
-
|
88
|
+
# TODO: do not run those tests on docker yet
|
89
|
+
its(k) { should include v } unless ENV['DOCKER']
|
89
90
|
# default eq comparison
|
90
91
|
else
|
91
92
|
its(k) { should eq v }
|
@@ -123,7 +123,7 @@ describe Inspec::Resources::FileResource do
|
|
123
123
|
resource.send(:check_file_permission_by_user, 'user', 'flag').must_equal(true)
|
124
124
|
end
|
125
125
|
|
126
|
-
it 'returns
|
126
|
+
it 'returns false when the cmd exits non-zero' do
|
127
127
|
MockLoader.mock_command(resource, 'su -s /bin/sh -c "test -flag /fakepath/fakefile" user', exit_status: 1)
|
128
128
|
resource.send(:check_file_permission_by_user, 'user', 'flag').must_equal(false)
|
129
129
|
end
|
@@ -144,7 +144,7 @@ describe Inspec::Resources::FileResource do
|
|
144
144
|
resource.send(:check_file_permission_by_user, 'user', 'flag').must_equal(true)
|
145
145
|
end
|
146
146
|
|
147
|
-
it 'returns
|
147
|
+
it 'returns false when the cmd exits non-zero' do
|
148
148
|
MockLoader.mock_command(resource, 'sudo -u user test -flag /fakepath/fakefile', exit_status: 1)
|
149
149
|
resource.send(:check_file_permission_by_user, 'user', 'flag').must_equal(false)
|
150
150
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: inspec
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.22.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dominik Richter
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-05-
|
11
|
+
date: 2016-05-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: r-train
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: '0.
|
19
|
+
version: '0.12'
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: '0.
|
26
|
+
version: '0.12'
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: thor
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -359,7 +359,6 @@ files:
|
|
359
359
|
- lib/utils/filter_array.rb
|
360
360
|
- lib/utils/find_files.rb
|
361
361
|
- lib/utils/hash.rb
|
362
|
-
- lib/utils/hash_map.rb
|
363
362
|
- lib/utils/json_log.rb
|
364
363
|
- lib/utils/modulator.rb
|
365
364
|
- lib/utils/object_traversal.rb
|
@@ -367,6 +366,7 @@ files:
|
|
367
366
|
- lib/utils/plugin_registry.rb
|
368
367
|
- lib/utils/simpleconfig.rb
|
369
368
|
- tasks/maintainers.rb
|
369
|
+
- test/cookbooks/os_prepare/attributes/default.rb
|
370
370
|
- test/cookbooks/os_prepare/files/empty.iso
|
371
371
|
- test/cookbooks/os_prepare/files/example.csv
|
372
372
|
- test/cookbooks/os_prepare/files/example.ini
|
@@ -551,8 +551,6 @@ files:
|
|
551
551
|
- test/unit/mock/profiles/legacy-empty-metadata/metadata.rb
|
552
552
|
- test/unit/mock/profiles/legacy-simple-metadata/metadata.rb
|
553
553
|
- test/unit/mock/profiles/legacy-simple-metadata/test/.gitkeep
|
554
|
-
- test/unit/mock/profiles/resource-tiny/inspec.yml
|
555
|
-
- test/unit/mock/profiles/resource-tiny/libraries/resource.rb
|
556
554
|
- test/unit/mock/profiles/simple-metadata/inspec.yml
|
557
555
|
- test/unit/mock/profiles/skippy-profile-os/controls/one.rb
|
558
556
|
- test/unit/mock/profiles/skippy-profile-os/inspec.yml
|
@@ -640,11 +638,12 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
640
638
|
version: '0'
|
641
639
|
requirements: []
|
642
640
|
rubyforge_project:
|
643
|
-
rubygems_version: 2.
|
641
|
+
rubygems_version: 2.4.6
|
644
642
|
signing_key:
|
645
643
|
specification_version: 4
|
646
644
|
summary: Infrastructure and compliance testing.
|
647
645
|
test_files:
|
646
|
+
- test/cookbooks/os_prepare/attributes/default.rb
|
648
647
|
- test/cookbooks/os_prepare/files/empty.iso
|
649
648
|
- test/cookbooks/os_prepare/files/example.csv
|
650
649
|
- test/cookbooks/os_prepare/files/example.ini
|
@@ -829,8 +828,6 @@ test_files:
|
|
829
828
|
- test/unit/mock/profiles/legacy-empty-metadata/metadata.rb
|
830
829
|
- test/unit/mock/profiles/legacy-simple-metadata/metadata.rb
|
831
830
|
- test/unit/mock/profiles/legacy-simple-metadata/test/.gitkeep
|
832
|
-
- test/unit/mock/profiles/resource-tiny/inspec.yml
|
833
|
-
- test/unit/mock/profiles/resource-tiny/libraries/resource.rb
|
834
831
|
- test/unit/mock/profiles/simple-metadata/inspec.yml
|
835
832
|
- test/unit/mock/profiles/skippy-profile-os/controls/one.rb
|
836
833
|
- test/unit/mock/profiles/skippy-profile-os/inspec.yml
|
data/lib/utils/hash_map.rb
DELETED
@@ -1,37 +0,0 @@
|
|
1
|
-
# encoding: utf-8
|
2
|
-
# author: Dominik Richter
|
3
|
-
# author: Christoph Hartmann
|
4
|
-
|
5
|
-
class HashMap
|
6
|
-
class << self
|
7
|
-
def [](hash, *keys)
|
8
|
-
return hash if keys.empty? || hash.nil?
|
9
|
-
key = keys.shift
|
10
|
-
if hash.is_a?(Array)
|
11
|
-
map = hash.map { |i| [i, key] }
|
12
|
-
else
|
13
|
-
map = hash[key]
|
14
|
-
end
|
15
|
-
[map, *keys]
|
16
|
-
rescue NoMethodError => _
|
17
|
-
nil
|
18
|
-
end
|
19
|
-
end
|
20
|
-
end
|
21
|
-
|
22
|
-
class StringMap
|
23
|
-
class << self
|
24
|
-
def [](hash, *keys)
|
25
|
-
return hash if keys.empty? || hash.nil?
|
26
|
-
key = keys.shift
|
27
|
-
if hash.is_a?(Array)
|
28
|
-
map = hash.map { |i| [i, key] }
|
29
|
-
else
|
30
|
-
map = hash[key]
|
31
|
-
end
|
32
|
-
[map, *keys]
|
33
|
-
rescue NoMethodError => _
|
34
|
-
nil
|
35
|
-
end
|
36
|
-
end
|
37
|
-
end
|
@@ -1,10 +0,0 @@
|
|
1
|
-
name: complete
|
2
|
-
title: complete example profile
|
3
|
-
maintainer: Chef Software, Inc.
|
4
|
-
copyright: Chef Software, Inc.
|
5
|
-
copyright_email: support@chef.io
|
6
|
-
license: Proprietary, All rights reserved
|
7
|
-
summary: Testing stub
|
8
|
-
version: 1.0.0
|
9
|
-
supports:
|
10
|
-
- os-family: linux
|