inspec 0.22.1 → 0.23

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4b5f2bef15c7f0f158ae2491912c6d61cb0b55f6
-  data.tar.gz: 1f27bbc177e50b663f76d4a48cfb87c8bd513bfe
+  metadata.gz: 8531472157b9bbcf1f5cfae47afb58e26768955d
+  data.tar.gz: e11d0a1081f017dedb9a5c207790d6c599286058
 SHA512:
-  metadata.gz: 4c07f9a7e558f6e3491b348179d7f867e04d723b5ec5fc40c60293d0b1f61e39e17c52f607c1856c8c1258f344084b10f5452c3569b41205d8c4bf37e2149130
-  data.tar.gz: b3d4af5f18744254ff7f88ae755c438e04c62b93b5fc7eefb4d7475e99bc11e16d3216453496d4464334ff6fbce0ef6aec5cb86a3b2979f8367255cceba8f780
+  metadata.gz: ba616285cc0d78bd09a257367933ec1b16ce53c4ef8db770cf5a8a3885ff7fd885589d1b568982bfa0d5fe76d30cacebece6f40622a9e6d66e116759b608b0ad
+  data.tar.gz: 91e3dfc02e260cef1c4d0b518717b40c6068b225748bb8a26f263a709cfd4ea9d60ec5d9e52fcd11e608a31dafe389888ab94cb15ff3838edaef6030693364cd

data/CHANGELOG.md

@@ -1,7 +1,26 @@
 # Change Log
 
-## [0.22.1](https://github.com/chef/inspec/tree/0.22.1) (2016-05-18)
-[Full Changelog](https://github.com/chef/inspec/compare/v0.22.0...0.22.1)
+## [0.23](https://github.com/chef/inspec/tree/0.23) (2016-05-31)
+[Full Changelog](https://github.com/chef/inspec/compare/v0.22.1...0.23)
+
+**Implemented enhancements:**
+
+- connect `port` and filter table [\#776](https://github.com/chef/inspec/pull/776) ([arlimus](https://github.com/arlimus))
+- add resource to filter table blocks [\#775](https://github.com/chef/inspec/pull/775) ([arlimus](https://github.com/arlimus))
+- add helper methods for os resource [\#774](https://github.com/chef/inspec/pull/774) ([chris-rock](https://github.com/chris-rock))
+
+**Closed issues:**
+
+- inspec hangs on command\('ausearch -k docker'\).stdout [\#768](https://github.com/chef/inspec/issues/768)
+- registry\_key test failing on Windows 2008 R2 [\#767](https://github.com/chef/inspec/issues/767)
+- InSpec login successful with wrong username [\#766](https://github.com/chef/inspec/issues/766)
+
+**Merged pull requests:**
+
+- update readme with blogs [\#769](https://github.com/chef/inspec/pull/769) ([chris-rock](https://github.com/chris-rock))
+
+## [v0.22.1](https://github.com/chef/inspec/tree/v0.22.1) (2016-05-18)
+[Full Changelog](https://github.com/chef/inspec/compare/v0.22.0...v0.22.1)
 
 **Fixed bugs:**
 

data/README.md

@@ -210,7 +210,26 @@ Which will provide you with:
 
 ## Documentation
 
-Documentation is available: https://github.com/chef/inspec/tree/master/docs
+Documentation
+
+ * https://github.com/chef/inspec/tree/master/docs
+
+Blogs:
+
+ * [The Road to InSpec](https://www.chef.io/blog/2015/11/04/the-road-to-inspec/)
+ * [Introduction to InSpec](http://tfitch.com/automation-tools-bootcamp/inspec.html)
+ * [InSpec Tutorial: Day 1 - Hello World](http://www.anniehedgie.com/inspec-basics-1)
+ * [InSpec Tutorial: Day 2 - Command Resource Blog Logo](http://www.anniehedgie.com/inspec-basics-2)
+ * [InSpec Tutorial: Day 3 - File Resource](http://www.anniehedgie.com/inspec-basics-3)
+ * [InSpec Tutorial: Day 4 - Custom Matchers](http://www.anniehedgie.com/inspec-basics-4)
+ * [Windows infrastructure testing using InSpec – Part I](http://datatomix.com/?p=236)
+ * [Windows infrastructure testing using InSpec and Profiles – Part II](http://datatomix.com/?p=238)
+ * [Testing Ansible with Inspec](http://scienceofficersblog.blogspot.de/2016/02/testing-ansible-with-inspec.html)
+
+Podcasts:
+
+ * [InSpec Foodfight](http://foodfightshow.org/2016/02/inspec.html)
+ * [Test Driven Infrastructure With Arthur Maltson And Michael Goetz](https://www.arresteddevops.com/tdi/)
 
 ## Share your Profiles
 

data/lib/inspec/version.rb

@@ -3,5 +3,5 @@
 # author: Christoph Hartmann
 
 module Inspec
-  VERSION = '0.22.1'.freeze
+  VERSION = '0.23'.freeze
 end

data/lib/resources/os.rb

@@ -7,9 +7,17 @@ module Inspec::Resources
     name 'os'
     desc 'Use the os InSpec audit resource to test the platform on which the system is running.'
     example "
-      describe os[:family] do
+      describe os.family do
         it { should eq 'redhat' }
       end
+
+      describe os.redhat? do
+        it { should eq true }
+      end
+
+      describe os.linux? do
+        it { should eq true }
+      end
     "
 
     # reuse helper methods from backend
@@ -25,6 +33,15 @@ module Inspec::Resources
       inspec.backend.os[name]
     end
 
+    # add helper methods for easy access of properties
+    # allows users to use os.name, os.family, os.release, os.arch
+    %w{name family release arch}.each do |property|
+      define_method(property.to_sym) do
+        inspec.backend.os[property.to_sym]
+      end
+    end
+
+    # helper to collect a hash object easily
     def params
       {
         name: inspec.backend.os[:name],

data/lib/resources/port.rb

@@ -3,6 +3,8 @@
 # author: Dominik Richter
 
 require 'utils/parser'
+require 'utils/filter'
+
 # Usage:
 # describe port(80) do
 #   it { should be_listening }
@@ -25,11 +27,17 @@ module Inspec::Resources
         it { should be_listening }
         its('protocols') {should eq ['tcp']}
       end
+
+      describe port.where { protocol =~ /tcp/ && port > 80 } do
+        it { should_not be_listening }
+      end
     "
 
-    def initialize(ip = nil, port) # rubocop:disable OptionalArguments
-      @ip = ip
-      @port = port
+    def initialize(*args)
+      args.unshift(nil) if args.length <= 1 # add the ip address to the front
+      @ip = args[0]
+      @port = args[1]
+
       @port_manager = nil
       @cache = nil
       os = inspec.os
@@ -53,32 +61,19 @@ module Inspec::Resources
       end
     end
 
-    def listening?(_protocol = nil, _local_address = nil)
-      info.size > 0
-    end
-
-    def protocols
-      res = info.map { |x| x[:protocol] }.uniq.compact
-      res.size > 0 ? res : []
-    end
-
-    def processes
-      res = info.map { |x| x[:process] }.uniq.compact
-      res.size > 0 ? res : []
-    end
-
-    def addresses
-      res = info.map { |x| x[:address] }.uniq.compact
-      res.size > 0 ? res : []
-    end
-
-    def pids
-      res = info.map { |x| x[:pid] }.uniq.compact
-      res.size > 0 ? res : []
-    end
+    filter = FilterTable.create
+    filter.add_accessor(:where)
+          .add_accessor(:entries)
+          .add(:ports,     field: 'port', style: :simple)
+          .add(:addresses, field: 'address', style: :simple)
+          .add(:protocols, field: 'protocol', style: :simple)
+          .add(:processes, field: 'process', style: :simple)
+          .add(:pids,      field: 'pid', style: :simple)
+          .add(:listening?) { |x| x.entries.length > 0 }
+    filter.connect(self, :info)
 
     def to_s
-      "Port  #{@port}"
+      "Port #{@port}"
     end
 
     private
@@ -88,22 +83,24 @@ module Inspec::Resources
       # abort if os detection has not worked
       return @cache = [] if @port_manager.nil?
       # query ports
-      ports = @port_manager.info || []
-      @cache = ports.select { |p| p[:port] == @port && (!@ip || p[:address] == @ip) }
+      cache = @port_manager.info || []
+      cache.select! { |x| x['port'] == @port } unless @port.nil?
+      cache.select! { |x| x['address'] == @ip } unless @ip.nil?
+      @cache = cache
     end
   end
 
   # implements an info method and returns all ip adresses and protocols for
   # each port
   # [{
-  #   port: 22,
-  #   address: '0.0.0.0'
-  #   protocol: 'tcp'
+  #   'port' => 22,
+  #   'address' => '0.0.0.0'
+  #   'protocol' => 'tcp'
   # },
   # {
-  #   port: 22,
-  #   address: '::'
-  #   protocol: 'tcp6'
+  #   'port' => 22,
+  #   'address' => '::'
+  #   'protocol' => 'tcp6'
   # }]
   class PortsInfo
     attr_reader :inspec
@@ -132,11 +129,9 @@ module Inspec::Resources
 
       ports.map { |x|
         {
-          port: x['LocalPort'],
-          address: x['LocalAddress'],
-          protocol: 'tcp',
-          process: nil,
-          pid: nil,
+          'port'     => x['LocalPort'],
+          'address'  => x['LocalAddress'],
+          'protocol' => 'tcp',
         }
       }
     end
@@ -168,11 +163,11 @@ module Inspec::Resources
         port_ids.each do |port_str|
           # should not break on ipv6 addresses
           ipv, proto, port, host = port_str.split(':', 4)
-          ports.push({ port:  port.to_i,
-                       address:  host,
-                       protocol: ipv == 'ipv6' ? proto + '6' : proto,
-                       process:  cmd,
-                       pid:      pid.to_i })
+          ports.push({ 'port'     => port.to_i,
+                       'address'  => host,
+                       'protocol' => ipv == 'ipv6' ? proto + '6' : proto,
+                       'process'  => cmd,
+                       'pid'      => pid.to_i })
         end
       end
 
@@ -260,7 +255,7 @@ module Inspec::Resources
         port_info = parse_netstat_line(line)
 
         # only push protocols we are interested in
-        next unless %w{tcp tcp6 udp udp6}.include?(port_info[:protocol])
+        next unless %w{tcp tcp6 udp udp6}.include?(port_info['protocol'])
         ports.push(port_info)
       end
       ports
@@ -310,13 +305,12 @@ module Inspec::Resources
       pid = pid.to_i if pid =~ /^\d+$/
       process = process[1]
 
-      # map data
       {
-        port: port,
-        address: host,
-        protocol: protocol,
-        process: process,
-        pid: pid,
+        'port'     => port,
+        'address'  => host,
+        'protocol' => protocol,
+        'process'  => process,
+        'pid'      => pid,
       }
     end
   end
@@ -333,7 +327,7 @@ module Inspec::Resources
         port_info = parse_sockstat_line(line)
 
         # push data, if not headerfile
-        next unless %w{tcp tcp6 udp udp6}.include?(port_info[:protocol])
+        next unless %w{tcp tcp6 udp udp6}.include?(port_info['protocol'])
         ports.push(port_info)
       end
       ports
@@ -386,13 +380,12 @@ module Inspec::Resources
       protocol = 'tcp' if protocol.eql?('tcp4')
       protocol = 'udp' if protocol.eql?('udp4')
 
-      # map data
       {
-        port: port,
-        address: host,
-        protocol: protocol,
-        process: process,
-        pid: pid,
+        'port'     => port,
+        'address'  => host,
+        'protocol' => protocol,
+        'process'  => process,
+        'pid'      => pid,
       }
     end
   end
@@ -423,11 +416,9 @@ module Inspec::Resources
         local_addr[local_addr.rindex('.')] = ':'
         host, port = parse_net_address(local_addr, protocol)
         {
-          port: port,
-          address: host,
-          protocol: protocol,
-          process: nil, # we do not have pid on solaris
-          pid: nil, # we do not have pid on solaris
+          'port'     => port,
+          'address'  => host,
+          'protocol' => protocol,
         }
       }
       ports
@@ -447,11 +438,11 @@ module Inspec::Resources
       # parse all lines
       cmd.each_line do |line|
         port_info = parse_netstat_line(line)
-        next unless %w{tcp tcp6 udp udp6}.include?(port_info[:protocol])
+        next unless %w{tcp tcp6 udp udp6}.include?(port_info['protocol'])
         ports.push(port_info)
       end
       # select all ports, where we `listen`
-      ports.select { |val| val if 'listen'.casecmp(val[:state]) == 0 }
+      ports.select { |val| val if 'listen'.casecmp(val['state']) == 0 }
     end
 
     def parse_netstat_line(line)
@@ -468,12 +459,10 @@ module Inspec::Resources
       host, port = parse_net_address(local_addr, protocol)
       # map data
       {
-        port: port,
-        address: host,
-        protocol: protocol,
-        state: state,
-        process: nil,
-        pid: nil,
+        'port'     => port,
+        'address'  => host,
+        'protocol' => protocol,
+        'state'    => state,
       }
     end
   end

data/lib/utils/filter.rb

@@ -40,7 +40,7 @@ module FilterTable
   end
 
   class Table
-    attr_reader :params
+    attr_reader :params, :resource
     def initialize(resource, params, filters)
       @resource = resource
       @params = params
@@ -81,10 +81,10 @@ module FilterTable
       end
     end
 
-    def get_fields(*fields)
+    def get_field(field)
       @params.map do |line|
-        fields.map { |f| line[f] }
-      end.flatten
+        line[field]
+      end
     end
 
     def to_s
@@ -132,17 +132,20 @@ module FilterTable
   end
 
   class Factory
+    Connector = Struct.new(:field_name, :block, :opts)
+
     def initialize
       @accessors = []
-      @fields = {}
-      @blocks = {}
+      @connectors = {}
     end
 
-    def connect(resource, table_accessor) # rubocop:disable Metrics/AbcSize
+    def connect(resource, table_accessor)
       # create the table structure
-      fields = @fields
-      blocks = @blocks
-      struct_fields = fields.values
+      connectors = @connectors
+      struct_fields = connectors.values.map(&:field_name)
+      connector_blocks = connectors.map do |method, c|
+        [method.to_sym, create_connector(c)]
+      end
 
       # the struct to hold single items from the #entries method
       entry_struct = Struct.new(*struct_fields.map(&:to_sym)) do
@@ -154,13 +157,8 @@ module FilterTable
 
       # the main filter table
       table = Class.new(Table) {
-        fields.each do |method, field_name|
-          block = blocks[method]
-          define_method method.to_sym do |condition = Show, &cond_block|
-            return block.call(self, condition) unless block.nil?
-            return where(nil).get_fields(field_name) if condition == Show && !block_given?
-            where({ field_name => condition }, &cond_block)
-          end
+        connector_blocks.each do |x|
+          define_method x[0], &x[1]
         end
 
         define_method :new_entry do |hashmap, filter = ''|
@@ -172,7 +170,7 @@ module FilterTable
       }
 
       # define all access methods with the parent resource
-      accessors = @accessors + @fields.keys
+      accessors = @accessors + @connectors.keys
       accessors.each do |method_name|
         resource.send(:define_method, method_name.to_sym) do |*args, &block|
           filter = table.new(self, method(table_accessor).call, ' with')
@@ -194,11 +192,26 @@ module FilterTable
         throw RuntimeError, "Called filter.add for resource #{@resource} with method name nil!"
       end
 
-      field_name = opts[:field] || method_name
-      @fields[method_name.to_sym] = field_name
-      @blocks[method_name.to_sym] = block
+      @connectors[method_name.to_sym] =
+        Connector.new(opts[:field] || method_name, block, opts)
       self
     end
+
+    private
+
+    def create_connector(c)
+      return ->(cond = Show) { c.block.call(self, cond) } if !c.block.nil?
+
+      lambda { |condition = Show, &cond_block|
+        if condition == Show && !block_given?
+          r = where(nil).get_field(c.field_name)
+          r = r.flatten.uniq.compact if c.opts[:style] == :simple
+          r
+        else
+          where({ c.field_name => condition }, &cond_block)
+        end
+      }
+    end
   end
 
   def self.create

data/test/helper.rb

@@ -51,7 +51,7 @@ class MockLoader
     ubuntu1204: { family: 'ubuntu', release: '12.04', arch: 'x86_64' },
     ubuntu1404: { family: 'ubuntu', release: '14.04', arch: 'x86_64' },
     ubuntu1504: { family: 'ubuntu', release: '15.04', arch: 'x86_64' },
-    windows:    { family: 'windows', release: nil, arch: nil },
+    windows:    { family: 'windows', release: '6.2.9200', arch: 'x86_64' },
     wrlinux:    { family: 'wrlinux', release: '7.0(3)I2(2)', arch: 'x86_64' },
     solaris11:  { family: "solaris", release: '11', arch: 'i386'},
     solaris10:  { family: "solaris", release: '10', arch: 'i386'},

data/test/unit/resources/os_test.rb

@@ -0,0 +1,40 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+require 'helper'
+require 'inspec/resource'
+
+describe 'Inspec::Resources::Os' do
+  it 'verify os parsing on CentOS' do
+    resource = MockLoader.new(:centos7).load_resource('os')
+    _(resource.name).must_equal nil
+    _(resource.family).must_equal 'redhat'
+    _(resource.release).must_equal '7.1.1503'
+    _(resource.arch).must_equal 'x86_64'
+  end
+
+  it 'read env variable on Windows' do
+    resource = MockLoader.new(:windows).load_resource('os')
+    _(resource.name).must_equal nil
+    _(resource.family).must_equal 'windows'
+    _(resource.release).must_equal '6.2.9200'
+    _(resource.arch).must_equal 'x86_64'
+  end
+
+  it 'verify os parsing on Debian' do
+    resource = MockLoader.new(:debian8).load_resource('os')
+    _(resource.name).must_equal nil
+    _(resource.family).must_equal 'debian'
+    _(resource.release).must_equal '8'
+    _(resource.arch).must_equal 'x86_64'
+  end
+
+  it 'verify os parsing on Ubuntu' do
+    resource = MockLoader.new(:ubuntu1504).load_resource('os')
+    _(resource.name).must_equal nil
+    _(resource.family).must_equal 'ubuntu'
+    _(resource.release).must_equal '15.04'
+    _(resource.arch).must_equal 'x86_64'
+  end
+end

data/test/unit/resources/port_test.rb

@@ -15,6 +15,26 @@ describe 'Inspec::Resources::Port' do
     _(resource.addresses).must_equal ["0.0.0.0", "::"]
   end
 
+  it 'lists all ports' do
+    resource = MockLoader.new(:ubuntu1404).load_resource('port')
+    _(resource.entries.length).must_equal 4
+    _(resource.listening?).must_equal true
+    _(resource.protocols).must_equal %w{ tcp tcp6 udp }
+    _(resource.pids).must_equal [1, 2043, 545]
+    _(resource.processes).must_equal ['sshd', 'pidgin', 'rpcbind']
+    _(resource.addresses).must_equal ['0.0.0.0', '::']
+  end
+
+  it 'filter ports by conditions' do
+    resource = MockLoader.new(:ubuntu1404).load_resource('port').where { protocol =~ /udp/i }
+    _(resource.entries.length).must_equal 1
+    _(resource.listening?).must_equal true
+    _(resource.protocols).must_equal ['udp']
+    _(resource.pids).must_equal [545]
+    _(resource.processes).must_equal ['rpcbind']
+    _(resource.addresses).must_equal ['0.0.0.0']
+  end
+
   it 'verify UDP port on Ubuntu 14.04' do
     resource = MockLoader.new(:ubuntu1404).load_resource('port', 111)
     _(resource.listening?).must_equal true

data/test/unit/utils/filter_table_test.rb

@@ -28,6 +28,13 @@ describe FilterTable do
     factory.must_be_kind_of FilterTable::Factory
   end
 
+  it 'retrieves the resource from all entries' do
+    factory.add_accessor(:where)
+           .add(:baz?) { |x| x.resource }
+           .connect(resource, :data)
+    instance.baz?.must_equal instance
+  end
+
   describe 'when calling add_accessor' do
     it 'is chainable' do
       factory.add_accessor(:sth).must_equal factory
@@ -62,6 +69,19 @@ describe FilterTable do
       factory.add(:baz).connect(resource, :data)
       instance.baz(123).must_be_kind_of(FilterTable::Table)
     end
+
+    it 'retrieves all entries' do
+      factory.add(:foo).connect(resource, :data)
+      instance.foo.must_equal([3, 2, 2])
+    end
+
+    it 'retrieves entries with simple style' do
+      factory.add(:foo, style: :simple)
+             .add(:num, style: :simple)
+             .connect(resource, :data)
+      instance.foo.must_equal([3, 2])
+      instance.num.must_equal([1, 2])
+    end
   end
 
   describe 'when calling entries' do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec
 version: !ruby/object:Gem::Version
-  version: 0.22.1
+  version: '0.23'
 platform: ruby
 authors:
 - Dominik Richter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-05-18 00:00:00.000000000 Z
+date: 2016-05-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: r-train
@@ -591,6 +591,7 @@ files:
 - test/unit/resources/ntp_conf_test.rb
 - test/unit/resources/oneget_test.rb
 - test/unit/resources/os_env_test.rb
+- test/unit/resources/os_test.rb
 - test/unit/resources/package_test.rb
 - test/unit/resources/passwd_test.rb
 - test/unit/resources/pip_test.rb
@@ -868,6 +869,7 @@ test_files:
 - test/unit/resources/ntp_conf_test.rb
 - test/unit/resources/oneget_test.rb
 - test/unit/resources/os_env_test.rb
+- test/unit/resources/os_test.rb
 - test/unit/resources/package_test.rb
 - test/unit/resources/passwd_test.rb
 - test/unit/resources/pip_test.rb