inspec 0.28.1 → 0.29.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: fbc602e532d70e273d3c5162760c2c56385d88bd
-  data.tar.gz: 92c2a0e52fa5467ddf5122dc626badb134c772ec
+  metadata.gz: 5774f3ee48a607acb703378f30751ca137f73baa
+  data.tar.gz: ac25e0e4c2033ed592d167979b5be81c23d7b5ea
 SHA512:
-  metadata.gz: 59099bee832bef950756e6b8e57ce147ef1ae07d1935390638c47f857898718cee0e7a6a29c166197791b824a85022a23bec76351d8c5617736098dd0bf63eb9
-  data.tar.gz: 37a5e300e5095d01b6663d0cc00ec8ba81c83b2aaf254dcf05e9e7c349878e5b7435af5de5877e3e9266432830b2aaeb2c7c6845c94f6125fbd16a8e880480ce
+  metadata.gz: 8967dac4b642852dee7ea3c21d3b80e54ea33be10a7e517e8a17fbbc93fc8d0e26f014651bf1d1bdf66f2fc9d66eb7a1f1e3fbfd93a904096078229932215da9
+  data.tar.gz: 5ed1b7a369277b8de9c9f2c5742efb202f3b974519b8ac2575aa69642bbf372ac00c54f4bafcb4d6ccab462a41222cce311f9715a453945c08ce39a3347982fc

data/CHANGELOG.md

@@ -1,7 +1,51 @@
 # Change Log
 
-## [0.28.1](https://github.com/chef/inspec/tree/0.28.1) (2016-08-03)
-[Full Changelog](https://github.com/chef/inspec/compare/v0.28.0...0.28.1)
+## [0.29.0](https://github.com/chef/inspec/tree/0.29.0) (2016-08-08)
+[Full Changelog](https://github.com/chef/inspec/compare/v0.28.1...0.29.0)
+
+**Implemented enhancements:**
+
+- port\(\) could convert string parameter to integer [\#867](https://github.com/chef/inspec/issues/867)
+- add params and content method to parse\_config [\#876](https://github.com/chef/inspec/pull/876) ([chris-rock](https://github.com/chris-rock))
+- Activate centos, debian and oracle linux in our travis tests [\#869](https://github.com/chef/inspec/pull/869) ([chris-rock](https://github.com/chris-rock))
+
+**Fixed bugs:**
+
+- 1.10.2 missing a space in failed test output [\#872](https://github.com/chef/inspec/issues/872)
+- inspec fails to determine file\_version for a file on a windows 2012R2 [\#858](https://github.com/chef/inspec/issues/858)
+- os\[:family\] returns "centos" rather than "redhat" on my Centos 7.2 box [\#847](https://github.com/chef/inspec/issues/847)
+- Inspec exec output when multiple matchers are used [\#812](https://github.com/chef/inspec/issues/812)
+- Inspec Detect Issues [\#772](https://github.com/chef/inspec/issues/772)
+- systemd is-enabled check does not handle backcompat with sysv-init scripts \(e.g. ntp on Ubuntu 16.04\) [\#749](https://github.com/chef/inspec/issues/749)
+- Update inspec for os\[:family\] change in Train [\#865](https://github.com/chef/inspec/pull/865) ([stevendanna](https://github.com/stevendanna))
+- Use systemctl's helper command to determine enabled & active status [\#863](https://github.com/chef/inspec/pull/863) ([stevendanna](https://github.com/stevendanna))
+
+**Closed issues:**
+
+- bump train dependency [\#870](https://github.com/chef/inspec/issues/870)
+- parse\_config error when searching for fs.suid\_dumpable [\#866](https://github.com/chef/inspec/issues/866)
+- Improve integration tests [\#861](https://github.com/chef/inspec/issues/861)
+- Adapt InSpec to work with latest train OS updates [\#855](https://github.com/chef/inspec/issues/855)
+
+**Merged pull requests:**
+
+- revert control\_summary field in output [\#887](https://github.com/chef/inspec/pull/887) ([arlimus](https://github.com/arlimus))
+- Remove some platforms from travis config [\#883](https://github.com/chef/inspec/pull/883) ([stevendanna](https://github.com/stevendanna))
+- Explicitly require docker transport to avoid autoload bug [\#882](https://github.com/chef/inspec/pull/882) ([stevendanna](https://github.com/stevendanna))
+- Require train 0.16 [\#881](https://github.com/chef/inspec/pull/881) ([chris-rock](https://github.com/chris-rock))
+- Generate test labels for multi-test controls [\#879](https://github.com/chef/inspec/pull/879) ([ksubrama](https://github.com/ksubrama))
+- Allow port to be specified as a string [\#878](https://github.com/chef/inspec/pull/878) ([stevendanna](https://github.com/stevendanna))
+- improve code style for parse\_config thanks @stevendanna [\#877](https://github.com/chef/inspec/pull/877) ([chris-rock](https://github.com/chris-rock))
+- remote target supported OS also includes hp-ux [\#873](https://github.com/chef/inspec/pull/873) ([Anirudh-Gupta](https://github.com/Anirudh-Gupta))
+- Be a bit louder when skipping an entire integration suite [\#864](https://github.com/chef/inspec/pull/864) ([stevendanna](https://github.com/stevendanna))
+- Count controls in the summary output. Fix \#852 [\#860](https://github.com/chef/inspec/pull/860) ([vjeffrey](https://github.com/vjeffrey))
+
+## [v0.28.1](https://github.com/chef/inspec/tree/v0.28.1) (2016-08-03)
+[Full Changelog](https://github.com/chef/inspec/compare/v0.28.0...v0.28.1)
+
+**Implemented enhancements:**
+
+- InSpec output for summary needs to count controls [\#852](https://github.com/chef/inspec/issues/852)
 
 **Fixed bugs:**
 

data/README.md

@@ -231,6 +231,7 @@ OpenSUSE | 13.1/13.2/42.1 | x86_64
 OmniOS | | x86_64
 Gentoo Linux | | x86_64
 Arch Linux | | x86_64
+HP-UX | 11.31 | ia64 
 
 * For Windows 2008 and 2008 R2 an updated Powershell (Windows Management Framework 5.0) is required.
 
@@ -338,7 +339,7 @@ You will require:
 **Run `integration` tests with vagrant:**
 
 ```bash
-bundle exec kitchen test
+KITCHEN_YAML=.kitchen.vagrant.yml bundle exec kitchen test
 ```
 
 **Run `integration` tests with AWS EC2:**
@@ -348,8 +349,7 @@ export AWS_ACCESS_KEY_ID=enteryouryourkey
 export AWS_SECRET_ACCESS_KEY=enteryoursecreykey
 export AWS_KEYPAIR_NAME=enteryoursshkeyid
 export EC2_SSH_KEY_PATH=~/.ssh/id_aws.pem
-cd test/integration
-KITCHEN_LOCAL_YAML=.kitchen.ec2.yml bundle exec kitchen test
+KITCHEN_YAML=.kitchen.ec2.yml bundle exec kitchen test
 ```
 
 In addition you may need to add your ssh key to `.kitchen.ec2.yml`

data/inspec.gemspec

@@ -24,7 +24,7 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ['lib']
 
-  spec.add_dependency 'train', '>=0.15.1', '<1.0'
+  spec.add_dependency 'train', '>=0.16.0', '<1.0'
   spec.add_dependency 'thor', '~> 0.19'
   spec.add_dependency 'json', '~> 1.8'
   spec.add_dependency 'rainbow', '~> 2'

data/lib/inspec/rspec_json_formatter.rb

@@ -8,10 +8,17 @@ require 'rspec/core/formatters/json_formatter'
 # Vanilla RSpec JSON formatter with a slight extension to show example IDs.
 # TODO: Remove these lines when RSpec includes the ID natively
 class InspecRspecVanilla < RSpec::Core::Formatters::JsonFormatter
-  RSpec::Core::Formatters.register self, :message, :dump_summary, :dump_profile, :stop, :close
+  RSpec::Core::Formatters.register self
 
   private
 
+  # We are cheating and overriding a private method in RSpec's core JsonFormatter.
+  # This is to avoid having to repeat this id functionality in both dump_summary
+  # and dump_profile (both of which call format_example).
+  # See https://github.com/rspec/rspec-core/blob/master/lib/rspec/core/formatters/json_formatter.rb
+  #
+  # rspec's example id here corresponds to an inspec test's control name -
+  # either explicitly specified or auto-generated by rspec itself.
   def format_example(example)
     res = super(example)
     res[:id] = example.metadata[:id]
@@ -22,8 +29,11 @@ end
 # Minimal JSON formatter for inspec. Only contains limited information about
 # examples without any extras.
 class InspecRspecMiniJson < RSpec::Core::Formatters::JsonFormatter
-  RSpec::Core::Formatters.register self, :message, :dump_summary, :dump_profile, :stop, :close
+  # Don't re-register all the call-backs over and over - we automatically
+  # inherit all callbacks registered by the parent class.
+  RSpec::Core::Formatters.register self, :dump_summary, :stop
 
+  # Called after stop has been called and the run is complete.
   def dump_summary(summary)
     @output_hash[:version] = Inspec::VERSION
     @output_hash[:summary] = {
@@ -34,7 +44,12 @@ class InspecRspecMiniJson < RSpec::Core::Formatters::JsonFormatter
     }
   end
 
+  # Called at the end of a complete RSpec run.
   def stop(notification)
+    # This might be a bit confusing. The results are not actually organized
+    # by control. It is organized by test. So if a control has 3 tests, the
+    # output will have 3 control entries, each one with the same control id
+    # and different test results. An rspec example maps to an inspec test.
     @output_hash[:controls] = notification.examples.map do |example|
       format_example(example).tap do |hash|
         e = example.exception
@@ -72,19 +87,30 @@ class InspecRspecMiniJson < RSpec::Core::Formatters::JsonFormatter
 end
 
 class InspecRspecJson < InspecRspecMiniJson
-  RSpec::Core::Formatters.register self, :message, :dump_summary, :dump_profile, :stop, :close
+  RSpec::Core::Formatters.register self, :start, :stop, :dump_summary
   attr_writer :backend
 
   def initialize(*args)
     super(*args)
     @profiles = []
+    # Will be valid after "start" state is reached.
+    @profiles_info = nil
     @backend = nil
   end
 
+  # Called by the runner during example collection.
   def add_profile(profile)
     @profiles.push(profile)
   end
 
+  # Called after all examples have been collected but before rspec
+  # test execution has begun.
+  def start(_notification)
+    # Note that the default profile may have no name - therefore
+    # the hash may have a valid nil => entry.
+    @profiles_info ||= Hash[@profiles.map { |x| profile_info(x) }]
+  end
+
   def dump_one_example(example, control)
     control[:results] ||= []
     example.delete(:id)
@@ -92,29 +118,52 @@ class InspecRspecJson < InspecRspecMiniJson
     control[:results].push(example)
   end
 
-  def profile_info(profile)
-    info = profile.info.dup
-    [info[:name], info]
-  end
-
-  def dump_summary(summary)
-    super(summary)
+  def stop(notification)
+    super(notification)
     examples = @output_hash.delete(:controls)
-    profiles = Hash[@profiles.map { |x| profile_info(x) }]
     missing = []
 
     examples.each do |example|
-      control = example2control(example, profiles)
+      control = example2control(example, @profiles_info)
       next missing.push(example) if control.nil?
       dump_one_example(example, control)
     end
 
-    @output_hash[:profiles] = profiles
+    @output_hash[:profiles] = @profiles_info
     @output_hash[:other_checks] = missing
   end
 
+  def dump_summary(summary)
+    super(summary)
+    total = 0
+    failed = 0
+    skipped = 0
+    passed = 0
+
+    @profiles_info.each do |_name, profile|
+      total += profile[:controls].length
+      profile[:controls].each do |_control_name, control|
+        next unless control[:results]
+        if control[:results].any? { |r| r[:status] == 'failed' }
+          failed += 1
+        elsif control[:results].any? { |r| r[:status] == 'skipped' }
+          skipped += 1
+        else
+          passed += 1
+        end
+      end
+    end
+
+    # TODO: provide this information in the output
+  end
+
   private
 
+  def profile_info(profile)
+    info = profile.info.dup
+    [info[:name], info]
+  end
+
   def example2control(example, profiles)
     profile = profiles[example[:profile_id]]
     return nil if profile.nil? || profile[:controls].nil?
@@ -130,7 +179,7 @@ class InspecRspecJson < InspecRspecMiniJson
 end
 
 class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
-  RSpec::Core::Formatters.register self, :message, :dump_summary, :dump_profile, :stop, :close
+  RSpec::Core::Formatters.register self, :close
 
   STATUS_TYPES = {
     'unknown'  => -3,
@@ -169,6 +218,8 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
     'empty'    => '     ',
   }.freeze
 
+  MULTI_TEST_CONTROL_SUMMARY_MAX_LEN = 60
+
   def initialize(*args)
     @colors = COLORS
     @indicators = INDICATORS
@@ -181,10 +232,6 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
     super(*args)
   end
 
-  def start(_notification)
-    @profiles_info ||= Hash[@profiles.map { |x| profile_info(x) }]
-  end
-
   def close(_notification)
     flush_current_control
     output.puts('') unless @current_control.nil?
@@ -236,24 +283,50 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
     [fails, skips, STATUS_TYPES.key(summary_status)]
   end
 
-  def current_control_summary(fails, skips)
-    sum_info = [
-      (fails.length > 0) ? "#{fails.length} failed" : nil,
-      (skips.length > 0) ? "#{skips.length} skipped" : nil,
-    ].compact
-
-    summary = @current_control[:title]
-    unless summary.nil?
-      return summary + ' (' + sum_info.join(' ') + ')' unless sum_info.empty?
-      return summary
+  def current_control_title
+    title = @current_control[:title]
+    res = @current_control[:results]
+    if title
+      title
+    elsif res.length == 1
+      # If it's an anonymous control, just go with the only description
+      # available for the underlying test.
+      res[0][:code_desc].to_s
+    elsif res.length == 0
+      # Empty control block - if it's anonymous, there's nothing we can do.
+      # Is this case even possible?
+      'Empty anonymous control'
+    else
+      # Multiple tests - but no title. Do our best and generate some form of
+      # identifier or label or name.
+      title = (res.map { |r| r[:code_desc] }).join('; ')
+      max_len = MULTI_TEST_CONTROL_SUMMARY_MAX_LEN
+      title = title[0..(max_len-1)] + '...' if title.length > max_len
+      title
     end
+  end
 
-    return sum_info.join(' ') if @current_control[:results].length != 1
-
-    fails.clear
-    skips.clear
-    c = @current_control[:results][0]
-    c[:code_desc].to_s + c[:message].to_s
+  def current_control_summary(fails, skips)
+    title = current_control_title
+    res = @current_control[:results]
+    suffix =
+      if res.length == 1
+        # Single test - be nice and just print the exception message if the test
+        # failed. No need to say "1 failed".
+        fails.clear
+        skips.clear
+        res[0][:message].to_s
+      else
+        [
+          (fails.length > 0) ? "#{fails.length} failed" : nil,
+          (skips.length > 0) ? "#{skips.length} skipped" : nil,
+        ].compact.join(' ')
+      end
+    if suffix == ''
+      title
+    else
+      title + ' (' + suffix + ')'
+    end
   end
 
   def format_line(fields)

data/lib/inspec/runner.rb

@@ -82,7 +82,7 @@ module Inspec
       end
 
       if !profile.metadata.supports_transport?(@backend)
-        os_info = @backend.os[:family].to_s
+        os_info = @backend.os[:name].to_s
         fail "This OS/platform (#{os_info}) is not supported by this profile."
       end
 

data/lib/inspec/version.rb

@@ -3,5 +3,5 @@
 # author: Christoph Hartmann
 
 module Inspec
-  VERSION = '0.28.1'.freeze
+  VERSION = '0.29.0'.freeze
 end

data/lib/resources/apache.rb

@@ -10,8 +10,7 @@ module Inspec::Resources
 
     attr_reader :service, :conf_dir, :conf_path, :user
     def initialize
-      case inspec.os[:family]
-      when 'ubuntu', 'debian'
+      if inspec.os.debian?
         @service = 'apache2'
         @conf_dir = '/etc/apache2/'
         @conf_path = File.join @conf_dir, 'apache2.conf'

data/lib/resources/auditd_rules.rb

@@ -80,7 +80,7 @@ module Inspec::Resources
 
       if @content =~ /^LIST_RULES:/
         # do not warn on centos 5
-        unless inspec.os[:family] == 'centos' && inspec.os[:release].to_i == 5
+        unless inspec.os[:name] == 'centos' && inspec.os[:release].to_i == 5
           warn '[WARN] this version of auditd is outdated. Updating it allows for using more precise matchers.'
         end
         @legacy = AuditdRulesLegacy.new(@content)

data/lib/resources/command.rb

@@ -45,7 +45,7 @@ module Inspec::Resources
 
     def exist?
       # silent for mock resources
-      return false if inspec.os[:family].to_s == 'unknown'
+      return false if inspec.os[:name].to_s == 'unknown'
 
       if inspec.os.linux?
         res = inspec.backend.run_command("bash -c 'type \"#{@command}\"'")
@@ -54,7 +54,7 @@ module Inspec::Resources
       elsif inspec.os.unix?
         res = inspec.backend.run_command("type \"#{@command}\"")
       else
-        warn "`command(#{@command}).exist?` is not suported on your OS: #{inspec.os[:family]}"
+        warn "`command(#{@command}).exist?` is not suported on your OS: #{inspec.os[:name]}"
         return false
       end
       res.exit_status.to_i == 0

data/lib/resources/grub_conf.rb

@@ -21,28 +21,40 @@ class GrubConfig < Inspec.resource(1) # rubocop:disable Metrics/ClassLength
     end
   "
 
+  class UnknownGrubConfig < StandardError; end
+
   def initialize(path = nil, kernel = nil)
-    family = inspec.os[:family]
-    case family
-    when 'redhat', 'fedora', 'centos'
-      release = inspec.os[:release].to_f
-      supported = true
-      if release < 7
-        @conf_path = path || '/etc/grub.conf'
-        @version = 'legacy'
-      else
-        @conf_path = path || '/boot/grub/grub.cfg'
-        @defaults_path = '/etc/default/grub'
-        @version = 'grub2'
-      end
-    when 'ubuntu'
+    config_for_platform(path)
+    @kernel = kernel || 'default'
+  rescue UnknownGrubConfig
+    return skip_resource 'The `grub_config` resource is not supported on your OS yet.'
+  end
+
+  def config_for_platform(path)
+    os = inspec.os
+    if os.redhat? || os[:name] == 'fedora'
+      config_for_redhatish(path)
+    elsif os.debian?
+      @conf_path = path || '/boot/grub/grub.cfg'
+      @defaults_path = '/etc/default/grub'
+      @version = 'grub2'
+    elsif os[:name] == 'amazon' # rubocop:disable Style/GuardClause
+      @conf_path = path || '/etc/grub.conf'
+      @version = 'legacy'
+    else
+      fail UnknownGrubConfig
+    end
+  end
+
+  def config_for_redhatish(path)
+    if inspec.os[:release].to_f < 7
+      @conf_path = path || '/etc/grub.conf'
+      @version = 'legacy'
+    else
       @conf_path = path || '/boot/grub/grub.cfg'
       @defaults_path = '/etc/default/grub'
       @version = 'grub2'
-      supported = true
     end
-    @kernel = kernel || 'default'
-    return skip_resource 'The `grub_config` resource is not supported on your OS yet.' if supported.nil?
   end
 
   def method_missing(name)