inspec 0.21.6 → 0.22.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (35) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +18 -2
  3. data/Gemfile +1 -0
  4. data/README.md +1 -1
  5. data/Rakefile +15 -4
  6. data/docs/ctl_inspec.rst +3 -0
  7. data/docs/resources.rst +7 -7
  8. data/inspec.gemspec +1 -1
  9. data/lib/inspec/version.rb +1 -1
  10. data/lib/resources/command.rb +5 -1
  11. data/lib/utils/base_cli.rb +2 -0
  12. data/test/cookbooks/os_prepare/attributes/default.rb +2 -0
  13. data/test/cookbooks/os_prepare/recipes/default.rb +10 -8
  14. data/test/integration/default/apache_conf_spec.rb +11 -10
  15. data/test/integration/default/compare_matcher_spec.rb +5 -5
  16. data/test/integration/default/etc_group_spec.rb +4 -0
  17. data/test/integration/default/file_spec.rb +5 -2
  18. data/test/integration/default/iptables_spec.rb +3 -0
  19. data/test/integration/default/kernel_module_spec.rb +12 -11
  20. data/test/integration/default/kernel_parameter_spec.rb +3 -0
  21. data/test/integration/default/mount_spec.rb +11 -9
  22. data/test/integration/default/port_spec.rb +3 -0
  23. data/test/integration/default/postgres_session_spec.rb +3 -0
  24. data/test/integration/default/powershell_spec.rb +3 -0
  25. data/test/integration/default/registry_key_spec.rb +55 -56
  26. data/test/integration/default/secpol_spec.rb +5 -5
  27. data/test/integration/default/service_spec.rb +5 -2
  28. data/test/integration/default/user_spec.rb +2 -1
  29. data/test/integration/default/vbscript_spec.rb +2 -0
  30. data/test/integration/default/wmi_spec.rb +2 -0
  31. data/test/unit/resources/file_test.rb +2 -2
  32. metadata +7 -10
  33. data/lib/utils/hash_map.rb +0 -37
  34. data/test/unit/mock/profiles/resource-tiny/inspec.yml +0 -10
  35. data/test/unit/mock/profiles/resource-tiny/libraries/resource.rb +0 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: da9f3db002552f64882b3f669bd4ea12fe180c7e
4
- data.tar.gz: 9b9f3c267f0c3fc0c86d700d4ccd4bbfae9cee04
3
+ metadata.gz: b6b3a430a61c900227107401eb2d22aea396695a
4
+ data.tar.gz: cb34fe4dbbc66c5aecf5ac9496d201032de28c7c
5
5
  SHA512:
6
- metadata.gz: 372c1b6d4d415859870ec095aab279428e63dab35a3b5b28525c69817d24f71c9d20aad5ca83d45d4df376cfa9281925de6a84346c968283b9006d7b65520069
7
- data.tar.gz: d14b81b748f0a54bf74511ec5633fefdc09f2d83ae0dc9b82a6cc078c6cf932b5d1eacc3b25dec994eb0321f711d6229b942dfad6fd46f3ba787432e7267c590
6
+ metadata.gz: 6db2835d8e1d4cae685034570388f40c94ecb81ad6a8a03af2c8014d5950c3453de43603cb02f01b0379022c86ac247ce2fecdab5b89b5e69cf480330d24589b
7
+ data.tar.gz: 086ad5000a51bc657ed0e5bffe41736228c2bc3671a343c34995fc27953d7565cb66095b6b35b4bd6bde60ce7146888af6b67d4fb2911a86d278d42cd47edf56
@@ -1,7 +1,23 @@
1
1
  # Change Log
2
2
 
3
- ## [0.21.6](https://github.com/chef/inspec/tree/0.21.6) (2016-05-13)
4
- [Full Changelog](https://github.com/chef/inspec/compare/v0.21.5...0.21.6)
3
+ ## [0.22.0](https://github.com/chef/inspec/tree/0.22.0) (2016-05-16)
4
+ [Full Changelog](https://github.com/chef/inspec/compare/v0.21.6...0.22.0)
5
+
6
+ **Implemented enhancements:**
7
+
8
+ - update train dependency to 0.12.0 [\#757](https://github.com/chef/inspec/pull/757) ([chris-rock](https://github.com/chris-rock))
9
+ - run integration tests in docker [\#732](https://github.com/chef/inspec/pull/732) ([chris-rock](https://github.com/chris-rock))
10
+
11
+ **Merged pull requests:**
12
+
13
+ - fixed 'it' statements under file\_test [\#758](https://github.com/chef/inspec/pull/758) ([Anirudh-Gupta](https://github.com/Anirudh-Gupta))
14
+ - modification in command resource example [\#756](https://github.com/chef/inspec/pull/756) ([Anirudh-Gupta](https://github.com/Anirudh-Gupta))
15
+ - add sudo\_command option [\#754](https://github.com/chef/inspec/pull/754) ([jeremymv2](https://github.com/jeremymv2))
16
+ - remove string quotes around regexp \(docfix\) [\#750](https://github.com/chef/inspec/pull/750) ([lamont-granquist](https://github.com/lamont-granquist))
17
+ - rake release\_docker + smaller image builds [\#745](https://github.com/chef/inspec/pull/745) ([arlimus](https://github.com/arlimus))
18
+
19
+ ## [v0.21.6](https://github.com/chef/inspec/tree/v0.21.6) (2016-05-13)
20
+ [Full Changelog](https://github.com/chef/inspec/compare/v0.21.5...v0.21.6)
5
21
 
6
22
  **Fixed bugs:**
7
23
 
data/Gemfile CHANGED
@@ -23,6 +23,7 @@ group :integration do
23
23
  gem 'kitchen-vagrant'
24
24
  gem 'kitchen-inspec', '0.12.5'
25
25
  gem 'kitchen-ec2'
26
+ gem 'kitchen-dokken'
26
27
  end
27
28
 
28
29
  group :tools do
data/README.md CHANGED
@@ -190,7 +190,7 @@ inspec exec test.rb -t winrm://Administrator@windowshost --password 'your-passwo
190
190
  inspec exec test.rb -t docker://container_id
191
191
 
192
192
  # run with sudo
193
- inspec exec test.rb --sudo [--sudo-password ...] [--sudo-options ...]
193
+ inspec exec test.rb --sudo [--sudo-password ...] [--sudo-options ...] [--sudo_command ...]
194
194
  ```
195
195
 
196
196
  ### detect
data/Rakefile CHANGED
@@ -49,10 +49,10 @@ namespace :test do
49
49
  sh(Gem.ruby, 'test/docker_test.rb', *tests)
50
50
  end
51
51
 
52
- task :vm do
53
- concurrency = ENV['CONCURRENCY'] || 4
54
- path = File.join(File.dirname(__FILE__), 'test', 'integration')
55
- sh('sh', '-c', "cd #{path} && bundle exec kitchen test -c #{concurrency} -t .")
52
+ task :integration do
53
+ concurrency = ENV['CONCURRENCY'] || 1
54
+ os = ENV['OS'] || ''
55
+ sh('sh', '-c', "bundle exec kitchen test -c #{concurrency} #{os}")
56
56
  end
57
57
 
58
58
  task :ssh, [:target] do |_t, args|
@@ -146,3 +146,14 @@ task :bump_version, [:version] do |_, args|
146
146
  inspec_version(v)
147
147
  Rake::Task['changelog'].invoke
148
148
  end
149
+
150
+ desc 'Release a new docker image'
151
+ task :release_docker do
152
+ version = Inspec::VERSION
153
+ cmd = "rm *.gem; gem build *gemspec && "\
154
+ "mv *.gem inspec.gem && "\
155
+ "docker build -t chef/inspec:#{version} . && "\
156
+ "docker push chef/inspec:#{version}"
157
+ puts "--> #{cmd}"
158
+ sh('sh', '-c', cmd)
159
+ end
@@ -41,6 +41,9 @@ The following options may be used with any of the InSpec CLI subcommands:
41
41
  ``--sudo_password``
42
42
  The sudo password, if required.
43
43
 
44
+ ``--sudo_command``
45
+ Alternate sudo command, if required.
46
+
44
47
  ``-t``, ``--target``
45
48
  The URI for the target of a remote scan, preceded by the target's backend. For example: ``backend://user:pass@host:port``, where ``backend`` is one of ``docker``, ``local``, ``ssh``, or ``winrm``.
46
49
 
@@ -1107,16 +1107,16 @@ The ``content`` matcher tests if contents in the file match the value specified
1107
1107
 
1108
1108
  .. code-block:: ruby
1109
1109
 
1110
- its('content') { should match 'value' }
1110
+ its('content') { should match REGEX }
1111
1111
 
1112
1112
  The following complete example tests the ``pg_hba.conf`` file in |postgresql| for |md5| requirements. The tests look at all ``host`` and ``local`` settings in that file, and then compare the |md5| checksums against the values in the test:
1113
1113
 
1114
1114
  .. code-block:: bash
1115
1115
 
1116
1116
  describe file(hba_config_file) do
1117
- its('content') { should match '/local\s.*?all\s.*?all\s.*?md5/' }
1118
- its('content') { should match '%r{/host\s.*?all\s.*?all\s.*?127.0.0.1\/32\s.*?md5/}' }
1119
- its('content') { should match '%r{/host\s.*?all\s.*?all\s.*?::1\/128\s.*?md5/}' }
1117
+ its('content') { should match /local\s.*?all\s.*?all\s.*?md5/ }
1118
+ its('content') { should match %r{/host\s.*?all\s.*?all\s.*?127.0.0.1\/32\s.*?md5/} }
1119
+ its('content') { should match %r{/host\s.*?all\s.*?all\s.*?::1\/128\s.*?md5/} }
1120
1120
  end
1121
1121
 
1122
1122
  exist
@@ -1286,9 +1286,9 @@ The following examples show how to use this InSpec audit resource.
1286
1286
  .. code-block:: bash
1287
1287
 
1288
1288
  describe file(hba_config_file) do
1289
- its('content') { should match '/local\s.*?all\s.*?all\s.*?md5/' }
1290
- its('content') { should match '%r{/host\s.*?all\s.*?all\s.*?127.0.0.1\/32\s.*?md5/}' }
1291
- its('content') { should match '%r{/host\s.*?all\s.*?all\s.*?::1\/128\s.*?md5/}' }
1289
+ its('content') { should match /local\s.*?all\s.*?all\s.*?md5/ }
1290
+ its('content') { should match %r{/host\s.*?all\s.*?all\s.*?127.0.0.1\/32\s.*?md5/} }
1291
+ its('content') { should match %r{/host\s.*?all\s.*?all\s.*?::1\/128\s.*?md5/} }
1292
1292
  end
1293
1293
 
1294
1294
  **Test if a file exists**
@@ -24,7 +24,7 @@ Gem::Specification.new do |spec|
24
24
  spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
25
25
  spec.require_paths = ['lib']
26
26
 
27
- spec.add_dependency 'r-train', '~> 0.11'
27
+ spec.add_dependency 'r-train', '~> 0.12'
28
28
  spec.add_dependency 'thor', '~> 0.19'
29
29
  spec.add_dependency 'json', '~> 1.8'
30
30
  spec.add_dependency 'rainbow', '~> 2'
@@ -3,5 +3,5 @@
3
3
  # author: Christoph Hartmann
4
4
 
5
5
  module Inspec
6
- VERSION = '0.21.6'.freeze
6
+ VERSION = '0.22.0'.freeze
7
7
  end
@@ -10,11 +10,15 @@ module Inspec::Resources
10
10
  desc 'Use the command InSpec audit resource to test an arbitrary command that is run on the system.'
11
11
  example "
12
12
  describe command('ls -al /') do
13
- it { should exist }
14
13
  its('stdout') { should match /bin/ }
15
14
  its('stderr') { should eq '' }
16
15
  its('exit_status') { should eq 0 }
17
16
  end
17
+
18
+ command('ls -al /').exist? will return false. Existence of command should be checked this way.
19
+ describe command('ls') do
20
+ it { should exist }
21
+ end
18
22
  "
19
23
 
20
24
  attr_reader :command
@@ -29,6 +29,8 @@ module Inspec
29
29
  desc: 'Specify a sudo password, if it is required.'
30
30
  option :sudo_options, type: :string,
31
31
  desc: 'Additional sudo options for a remote scan.'
32
+ option :sudo_command, type: :string,
33
+ desc: 'Alternate command for sudo.'
32
34
  option :ssl, type: :boolean,
33
35
  desc: 'Use SSL for transport layer encryption (WinRM).'
34
36
  option :self_signed, type: :boolean,
@@ -0,0 +1,2 @@
1
+ default['osprepare']['docker'] = false
2
+ default['osprepare']['application'] = true
@@ -7,19 +7,21 @@
7
7
 
8
8
  # basic tests
9
9
  include_recipe('os_prepare::file')
10
- include_recipe('os_prepare::mount')
10
+ include_recipe('os_prepare::mount') unless node['osprepare']['docker']
11
11
  include_recipe('os_prepare::service')
12
12
  include_recipe('os_prepare::package')
13
13
  include_recipe('os_prepare::registry_key')
14
- include_recipe('os_prepare::iptables')
14
+ include_recipe('os_prepare::iptables') unless node['osprepare']['docker']
15
+
16
+ # config file parsing
17
+ include_recipe('os_prepare::json_yaml_csv_ini')
15
18
 
16
19
  # configure repos, eg. nginx
17
20
  include_recipe('os_prepare::apt')
18
21
 
19
22
  # application configuration
20
- include_recipe('os_prepare::postgres')
21
- include_recipe('os_prepare::auditctl')
22
- include_recipe('os_prepare::apache')
23
-
24
- # config file parsing
25
- include_recipe('os_prepare::json_yaml_csv_ini')
23
+ if node['osprepare']['application']
24
+ include_recipe('os_prepare::postgres')
25
+ include_recipe('os_prepare::auditctl') unless node['osprepare']['docker']
26
+ include_recipe('os_prepare::apache')
27
+ end
@@ -1,15 +1,16 @@
1
1
  # encoding: utf-8
2
2
 
3
- if os.linux?
3
+ # TODO: do not run those tests on docker yet
4
+ return if ENV['DOCKER']
5
+ return unless os.linux?
4
6
 
5
- # direct access to params of apache conf
6
- describe apache_conf do
7
- its('LogLevel') { should eq 'warn' }
8
- its('MaxKeepAliveRequests') { should eq '100' }
9
- end
7
+ # direct access to params of apache conf
8
+ describe apache_conf do
9
+ its('LogLevel') { should cmp 'warn' }
10
+ its('MaxKeepAliveRequests') { should cmp 100 }
11
+ end
10
12
 
11
- # only read one param
12
- describe apache_conf.params('LogLevel') do
13
- it { should include 'warn' }
14
- end
13
+ # only read one param
14
+ describe apache_conf.params('LogLevel') do
15
+ it { should include 'warn' }
15
16
  end
@@ -11,12 +11,12 @@ if os.linux?
11
11
  its('Port') { should cmp 22.0 }
12
12
  its('Port') { should_not cmp 22.1 }
13
13
 
14
- its('LogLevel') { should eq 'INFO' }
15
- its('LogLevel') { should_not eq 'info'}
14
+ its('LogLevel') { should eq 'VERBOSE' }
15
+ its('LogLevel') { should_not eq 'verbose'}
16
16
 
17
- its('LogLevel') { should cmp 'INFO' }
18
- its('LogLevel') { should cmp 'info' }
19
- its('LogLevel') { should cmp 'InfO' }
17
+ its('LogLevel') { should cmp 'VERBOSE' }
18
+ its('LogLevel') { should cmp 'verbose' }
19
+ its('LogLevel') { should cmp 'VerBose' }
20
20
  end
21
21
 
22
22
  describe passwd.passwords.uniq do
@@ -1,5 +1,9 @@
1
1
  # encoding: utf-8
2
2
 
3
+ # TODO: do not run those tests on docker yet
4
+ return if ENV['DOCKER']
5
+
6
+ # lets define our own group
3
7
  root_group = 'root'
4
8
 
5
9
  if os[:family] == 'aix'
@@ -1,5 +1,8 @@
1
1
  # encoding: utf-8
2
2
 
3
+ # TODO: do not run those tests on docker yet
4
+ return if ENV['DOCKER']
5
+
3
6
  if os[:family] == 'freebsd'
4
7
  filedata = {
5
8
  user: 'root',
@@ -56,8 +59,8 @@ if os.unix?
56
59
  # it { should have_mode }
57
60
  its('mode') { should eq 00765 }
58
61
  it { should be_mode 00765 }
59
- its('mode') { should cmp '0765' }
60
- its('mode') { should_not cmp '0777' }
62
+ its('mode') { should cmp 0765 }
63
+ its('mode') { should_not cmp 0777 }
61
64
 
62
65
  it { should be_readable }
63
66
  it { should be_readable.by('owner') }
@@ -1,5 +1,8 @@
1
1
  # encoding: utf-8
2
2
 
3
+ # TODO: do not run those tests on docker yet
4
+ return if ENV['DOCKER']
5
+
3
6
  case os[:family]
4
7
  when 'ubuntu', 'fedora'
5
8
  describe iptables do
@@ -1,17 +1,18 @@
1
1
  # encoding: utf-8
2
2
 
3
- # Test kernel modules on all linux systems
4
- if os.linux?
3
+ # TODO: do not run those tests on docker yet
4
+ return if ENV['DOCKER']
5
+ return unless os.linux?
5
6
 
6
- describe kernel_module('video') do
7
- it { should be_loaded }
8
- end
7
+ # Test kernel modules on all linux systems
8
+ describe kernel_module('video') do
9
+ it { should be_loaded }
10
+ end
9
11
 
10
- describe kernel_module('bridge') do
11
- it { should_not be_loaded }
12
- end
12
+ describe kernel_module('bridge') do
13
+ it { should_not be_loaded }
14
+ end
13
15
 
14
- describe kernel_module('dhcp') do
15
- it { should_not be_loaded }
16
- end
16
+ describe kernel_module('dhcp') do
17
+ it { should_not be_loaded }
17
18
  end
@@ -1,5 +1,8 @@
1
1
  # encoding: utf-8
2
2
 
3
+ # TODO: do not run those tests on docker yet
4
+ return if ENV['DOCKER']
5
+
3
6
  # prepare values
4
7
  if ['ubuntu', 'centos', 'fedora', 'opensuse', 'debian'].include?(os[:family])
5
8
  test_values = {
@@ -1,12 +1,14 @@
1
1
  # encoding: utf-8
2
2
 
3
- if os.linux?
4
- # instead of `.with` or `.only_with` we recommend to use the `mount` resource
5
- describe mount '/mnt/iso-disk' do
6
- it { should be_mounted }
7
- its('count') { should eq 1 }
8
- its('device') { should eq '/tmp/empty.iso' }
9
- its('type') { should eq 'iso9660' }
10
- its('options') { should eq ['ro'] }
11
- end
3
+ # TODO: do not run those tests on docker yet
4
+ return if ENV['DOCKER']
5
+ return unless os.linux?
6
+
7
+ # instead of `.with` or `.only_with` we recommend to use the `mount` resource
8
+ describe mount '/mnt/iso-disk' do
9
+ it { should be_mounted }
10
+ its('count') { should eq 1 }
11
+ its('device') { should eq '/tmp/empty.iso' }
12
+ its('type') { should eq 'iso9660' }
13
+ its('options') { should eq ['ro'] }
12
14
  end
@@ -1,5 +1,8 @@
1
1
  # encoding: utf-8
2
2
 
3
+ # TODO: do not run those tests on docker yet
4
+ return if ENV['DOCKER']
5
+
3
6
  # check that ssh runs
4
7
  if os.unix?
5
8
  describe port(22) do
@@ -1,5 +1,8 @@
1
1
  # encoding: utf-8
2
2
 
3
+ # TODO: do not run those tests on docker yet
4
+ return if ENV['DOCKER']
5
+
3
6
  # postgres-server is installed on these platforms
4
7
  if ['ubuntu', 'centos'].include? os['family']
5
8
  postgres = postgres_session('postgres', 'inspec')
@@ -1,4 +1,7 @@
1
1
  # encoding: utf-8
2
+
3
+ return unless os.windows?
4
+
2
5
  script = <<-EOH
3
6
  Write-Output 'hello'
4
7
  EOH
@@ -1,67 +1,66 @@
1
1
  # encoding: utf-8
2
2
 
3
- if os.windows?
3
+ return unless os.windows?
4
4
 
5
- describe registry_key('HKLM\System\Test') do
6
- it { should exist }
7
- it { should have_value('test') }
8
- it { should have_property('binary value', :binary) }
9
- it { should have_property('Binary value', :binary) }
10
- it { should have_property('string value') }
11
- it { should have_property('String value') }
12
- it { should have_property('dword value', :dword) }
13
- it { should have_property_value('multistring value', :multi_string, ['test', 'multi','string','data']) }
14
- it { should have_property_value('Multistring Value', :multi_string, ['test', 'multi','string','data']) }
15
- it { should have_property_value('qword value', :qword, 0) }
16
- it { should have_property_value('Qword value', :qword, 0) }
17
- it { should have_property_value('binary value', :binary, 'dfa0f066') }
18
- it { should have_property_value('Binary value', :binary, 'dfa0f066') }
19
- end
5
+ describe registry_key('HKLM\System\Test') do
6
+ it { should exist }
7
+ it { should have_value('test') }
8
+ it { should have_property('binary value', :binary) }
9
+ it { should have_property('Binary value', :binary) }
10
+ it { should have_property('string value') }
11
+ it { should have_property('String value') }
12
+ it { should have_property('dword value', :dword) }
13
+ it { should have_property_value('multistring value', :multi_string, ['test', 'multi','string','data']) }
14
+ it { should have_property_value('Multistring Value', :multi_string, ['test', 'multi','string','data']) }
15
+ it { should have_property_value('qword value', :qword, 0) }
16
+ it { should have_property_value('Qword value', :qword, 0) }
17
+ it { should have_property_value('binary value', :binary, 'dfa0f066') }
18
+ it { should have_property_value('Binary value', :binary, 'dfa0f066') }
19
+ end
20
20
 
21
- # serverspec compatability
22
- describe windows_registry_key('HKLM\System\Test') do
23
- it { should exist }
24
- it { should have_value('test') }
25
- it { should have_property('string value') }
26
- it { should have_property('binary value', :type_binary) }
27
- it { should have_property('dword value', :type_dword) }
28
- it { should have_property_value('multistring value', :type_multistring, ['test', 'multi','string','data']) }
29
- it { should have_property_value('qword value', :type_qword, 0) }
30
- it { should have_property_value('binary value', :type_binary, 'dfa0f066') }
31
- end
21
+ # serverspec compatability
22
+ describe windows_registry_key('HKLM\System\Test') do
23
+ it { should exist }
24
+ it { should have_value('test') }
25
+ it { should have_property('string value') }
26
+ it { should have_property('binary value', :type_binary) }
27
+ it { should have_property('dword value', :type_dword) }
28
+ it { should have_property_value('multistring value', :type_multistring, ['test', 'multi','string','data']) }
29
+ it { should have_property_value('qword value', :type_qword, 0) }
30
+ it { should have_property_value('binary value', :type_binary, 'dfa0f066') }
31
+ end
32
32
 
33
- describe registry_key('HKLM\Software\Policies\Microsoft\Windows\EventLog\System') do
34
- it { should exist }
35
- its('MaxSize') { should_not eq nil }
36
- end
33
+ describe registry_key('HKLM\Software\Policies\Microsoft\Windows\EventLog\System') do
34
+ it { should exist }
35
+ its('MaxSize') { should_not eq nil }
36
+ end
37
37
 
38
- describe registry_key('HKLM\System\CurrentControlSet\Control\Session Manager') do
39
- it { should exist }
40
- it { should_not have_property_value('SafeDllSearchMode', :type_dword, 0) }
41
- # case-insensitive test
42
- it { should_not have_property_value('safedllsearchmode', :type_dword, 0) }
43
- end
38
+ describe registry_key('HKLM\System\CurrentControlSet\Control\Session Manager') do
39
+ it { should exist }
40
+ it { should_not have_property_value('SafeDllSearchMode', :type_dword, 0) }
41
+ # case-insensitive test
42
+ it { should_not have_property_value('safedllsearchmode', :type_dword, 0) }
43
+ end
44
44
 
45
- describe registry_key('HKLM\System\CurrentControlSet\Services\LanManServer\Parameters') do
46
- it { should exist }
47
- its('NullSessionShares') { should eq [''] }
48
- end
45
+ describe registry_key('HKLM\System\CurrentControlSet\Services\LanManServer\Parameters') do
46
+ it { should exist }
47
+ its('NullSessionShares') { should eq [''] }
48
+ end
49
49
 
50
- describe registry_key('HKLM\Software\Policies\Microsoft\Internet Explorer\Main') do
51
- it { should exist }
52
- its('Isolation64Bit') { should eq 1 }
53
- # check that its is case-insensitive
54
- its('isolation64bit') { should eq 1 }
55
- end
50
+ describe registry_key('HKLM\Software\Policies\Microsoft\Internet Explorer\Main') do
51
+ it { should exist }
52
+ its('Isolation64Bit') { should eq 1 }
53
+ # check that its is case-insensitive
54
+ its('isolation64bit') { should eq 1 }
55
+ end
56
56
 
57
- describe registry_key('HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services') do
58
- it { should exist }
59
- its('MinEncryptionLevel') { should eq 3 }
60
- end
57
+ describe registry_key('HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services') do
58
+ it { should exist }
59
+ its('MinEncryptionLevel') { should eq 3 }
60
+ end
61
61
 
62
- describe registry_key('HKLM\System\CurrentControlSet\Control\Lsa\MSV1_0') do
63
- it { should exist }
64
- its('NTLMMinServerSec') { should eq 537_395_200 }
65
- its('NtlmMinServerSec') { should eq 537_395_200 }
66
- end
62
+ describe registry_key('HKLM\System\CurrentControlSet\Control\Lsa\MSV1_0') do
63
+ it { should exist }
64
+ its('NTLMMinServerSec') { should eq 537_395_200 }
65
+ its('NtlmMinServerSec') { should eq 537_395_200 }
67
66
  end
@@ -1,8 +1,8 @@
1
1
  # encoding: utf-8
2
2
 
3
- if os.windows?
4
- describe security_policy do
5
- its('EnableAdminAccount') { should eq 1 }
6
- its('EnableGuestAccount') { should eq 0 }
7
- end
3
+ return unless os.windows?
4
+
5
+ describe security_policy do
6
+ its('EnableAdminAccount') { should eq 1 }
7
+ its('EnableGuestAccount') { should eq 0 }
8
8
  end
@@ -1,5 +1,8 @@
1
1
  # encoding: utf-8
2
2
 
3
+ # TODO: do not run those tests on docker yet
4
+ return if ENV['DOCKER']
5
+
3
6
  # based on operating system we select the available service
4
7
  if ['centos', 'fedora', 'freebsd', 'opensuse'].include?(os[:family])
5
8
  # CentOS, Fedora
@@ -38,8 +41,8 @@ describe service(available_service) do
38
41
  end
39
42
 
40
43
  # extra test for ubuntu upstart with systemv service
41
- if os[:family] == 'ubuntu'
42
- describe service('ntp') do
44
+ if os[:family] == 'ubuntu' && os[:release] == '12.04'
45
+ describe upstart_service('ssh') do
43
46
  it { should be_enabled }
44
47
  it { should be_installed }
45
48
  it { should be_running }
@@ -85,7 +85,8 @@ else
85
85
 
86
86
  # check that the user is part of the groups
87
87
  if k.to_s == 'groups'
88
- its(k) { should include v }
88
+ # TODO: do not run those tests on docker yet
89
+ its(k) { should include v } unless ENV['DOCKER']
89
90
  # default eq comparison
90
91
  else
91
92
  its(k) { should eq v }
@@ -1,5 +1,7 @@
1
1
  # encoding: utf-8
2
2
 
3
+ return unless os.windows?
4
+
3
5
  # script that may have multiple lines
4
6
  vbscript = <<-EOH
5
7
  WScript.Echo "hello"
@@ -1,5 +1,7 @@
1
1
  # encoding: utf-8
2
2
 
3
+ return unless os.windows?
4
+
3
5
  # Get-WmiObject win32_service
4
6
  # Get-WmiObject -class win32_service
5
7
  # returns an array of service objects
@@ -123,7 +123,7 @@ describe Inspec::Resources::FileResource do
123
123
  resource.send(:check_file_permission_by_user, 'user', 'flag').must_equal(true)
124
124
  end
125
125
 
126
- it 'returns true when the cmd exits non-zero' do
126
+ it 'returns false when the cmd exits non-zero' do
127
127
  MockLoader.mock_command(resource, 'su -s /bin/sh -c "test -flag /fakepath/fakefile" user', exit_status: 1)
128
128
  resource.send(:check_file_permission_by_user, 'user', 'flag').must_equal(false)
129
129
  end
@@ -144,7 +144,7 @@ describe Inspec::Resources::FileResource do
144
144
  resource.send(:check_file_permission_by_user, 'user', 'flag').must_equal(true)
145
145
  end
146
146
 
147
- it 'returns true when the cmd exits non-zero' do
147
+ it 'returns false when the cmd exits non-zero' do
148
148
  MockLoader.mock_command(resource, 'sudo -u user test -flag /fakepath/fakefile', exit_status: 1)
149
149
  resource.send(:check_file_permission_by_user, 'user', 'flag').must_equal(false)
150
150
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: inspec
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.21.6
4
+ version: 0.22.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dominik Richter
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-05-13 00:00:00.000000000 Z
11
+ date: 2016-05-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: r-train
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: '0.11'
19
+ version: '0.12'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: '0.11'
26
+ version: '0.12'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: thor
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -359,7 +359,6 @@ files:
359
359
  - lib/utils/filter_array.rb
360
360
  - lib/utils/find_files.rb
361
361
  - lib/utils/hash.rb
362
- - lib/utils/hash_map.rb
363
362
  - lib/utils/json_log.rb
364
363
  - lib/utils/modulator.rb
365
364
  - lib/utils/object_traversal.rb
@@ -367,6 +366,7 @@ files:
367
366
  - lib/utils/plugin_registry.rb
368
367
  - lib/utils/simpleconfig.rb
369
368
  - tasks/maintainers.rb
369
+ - test/cookbooks/os_prepare/attributes/default.rb
370
370
  - test/cookbooks/os_prepare/files/empty.iso
371
371
  - test/cookbooks/os_prepare/files/example.csv
372
372
  - test/cookbooks/os_prepare/files/example.ini
@@ -551,8 +551,6 @@ files:
551
551
  - test/unit/mock/profiles/legacy-empty-metadata/metadata.rb
552
552
  - test/unit/mock/profiles/legacy-simple-metadata/metadata.rb
553
553
  - test/unit/mock/profiles/legacy-simple-metadata/test/.gitkeep
554
- - test/unit/mock/profiles/resource-tiny/inspec.yml
555
- - test/unit/mock/profiles/resource-tiny/libraries/resource.rb
556
554
  - test/unit/mock/profiles/simple-metadata/inspec.yml
557
555
  - test/unit/mock/profiles/skippy-profile-os/controls/one.rb
558
556
  - test/unit/mock/profiles/skippy-profile-os/inspec.yml
@@ -640,11 +638,12 @@ required_rubygems_version: !ruby/object:Gem::Requirement
640
638
  version: '0'
641
639
  requirements: []
642
640
  rubyforge_project:
643
- rubygems_version: 2.5.1
641
+ rubygems_version: 2.4.6
644
642
  signing_key:
645
643
  specification_version: 4
646
644
  summary: Infrastructure and compliance testing.
647
645
  test_files:
646
+ - test/cookbooks/os_prepare/attributes/default.rb
648
647
  - test/cookbooks/os_prepare/files/empty.iso
649
648
  - test/cookbooks/os_prepare/files/example.csv
650
649
  - test/cookbooks/os_prepare/files/example.ini
@@ -829,8 +828,6 @@ test_files:
829
828
  - test/unit/mock/profiles/legacy-empty-metadata/metadata.rb
830
829
  - test/unit/mock/profiles/legacy-simple-metadata/metadata.rb
831
830
  - test/unit/mock/profiles/legacy-simple-metadata/test/.gitkeep
832
- - test/unit/mock/profiles/resource-tiny/inspec.yml
833
- - test/unit/mock/profiles/resource-tiny/libraries/resource.rb
834
831
  - test/unit/mock/profiles/simple-metadata/inspec.yml
835
832
  - test/unit/mock/profiles/skippy-profile-os/controls/one.rb
836
833
  - test/unit/mock/profiles/skippy-profile-os/inspec.yml
@@ -1,37 +0,0 @@
1
- # encoding: utf-8
2
- # author: Dominik Richter
3
- # author: Christoph Hartmann
4
-
5
- class HashMap
6
- class << self
7
- def [](hash, *keys)
8
- return hash if keys.empty? || hash.nil?
9
- key = keys.shift
10
- if hash.is_a?(Array)
11
- map = hash.map { |i| [i, key] }
12
- else
13
- map = hash[key]
14
- end
15
- [map, *keys]
16
- rescue NoMethodError => _
17
- nil
18
- end
19
- end
20
- end
21
-
22
- class StringMap
23
- class << self
24
- def [](hash, *keys)
25
- return hash if keys.empty? || hash.nil?
26
- key = keys.shift
27
- if hash.is_a?(Array)
28
- map = hash.map { |i| [i, key] }
29
- else
30
- map = hash[key]
31
- end
32
- [map, *keys]
33
- rescue NoMethodError => _
34
- nil
35
- end
36
- end
37
- end
@@ -1,10 +0,0 @@
1
- name: complete
2
- title: complete example profile
3
- maintainer: Chef Software, Inc.
4
- copyright: Chef Software, Inc.
5
- copyright_email: support@chef.io
6
- license: Proprietary, All rights reserved
7
- summary: Testing stub
8
- version: 1.0.0
9
- supports:
10
- - os-family: linux
@@ -1,3 +0,0 @@
1
- class Tiny < Inspec.resource(1)
2
- name 'tiny'
3
- end