inspec 0.28.1 → 0.29.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (50) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +46 -2
  3. data/README.md +3 -3
  4. data/inspec.gemspec +1 -1
  5. data/lib/inspec/rspec_json_formatter.rb +107 -34
  6. data/lib/inspec/runner.rb +1 -1
  7. data/lib/inspec/version.rb +1 -1
  8. data/lib/resources/apache.rb +1 -2
  9. data/lib/resources/auditd_rules.rb +1 -1
  10. data/lib/resources/command.rb +2 -2
  11. data/lib/resources/grub_conf.rb +29 -17
  12. data/lib/resources/kernel_module.rb +1 -1
  13. data/lib/resources/mysql.rb +1 -1
  14. data/lib/resources/oneget.rb +1 -1
  15. data/lib/resources/os_env.rb +1 -1
  16. data/lib/resources/package.rb +1 -1
  17. data/lib/resources/parse_config.rb +22 -13
  18. data/lib/resources/pip.rb +1 -3
  19. data/lib/resources/port.rb +27 -21
  20. data/lib/resources/postgres.rb +9 -15
  21. data/lib/resources/service.rb +27 -26
  22. data/lib/resources/windows_feature.rb +1 -1
  23. data/test/cookbooks/os_prepare/recipes/apt.rb +2 -2
  24. data/test/cookbooks/os_prepare/recipes/default.rb +2 -0
  25. data/test/cookbooks/os_prepare/recipes/package.rb +1 -2
  26. data/test/cookbooks/os_prepare/recipes/postgres.rb +2 -0
  27. data/test/cookbooks/os_prepare/recipes/prep_container.rb +15 -0
  28. data/test/cookbooks/os_prepare/recipes/service.rb +3 -3
  29. data/test/docker_test.rb +8 -0
  30. data/test/functional/inspec_exec_test.rb +4 -3
  31. data/test/helper.rb +20 -19
  32. data/test/integration/default/_debug_spec.rb +8 -1
  33. data/test/integration/default/apache_conf_spec.rb +8 -3
  34. data/test/integration/default/apt_spec.rb +1 -6
  35. data/test/integration/default/etc_group_spec.rb +4 -2
  36. data/test/integration/default/file_spec.rb +4 -3
  37. data/test/integration/default/iptables_spec.rb +4 -3
  38. data/test/integration/default/kernel_module_spec.rb +8 -3
  39. data/test/integration/default/kernel_parameter_spec.rb +4 -3
  40. data/test/integration/default/mount_spec.rb +8 -3
  41. data/test/integration/default/package_spec.rb +0 -3
  42. data/test/integration/default/port_spec.rb +4 -3
  43. data/test/integration/default/postgres_session_spec.rb +4 -3
  44. data/test/integration/default/service_spec.rb +4 -3
  45. data/test/unit/mock/files/sysctl.conf +7 -0
  46. data/test/unit/profile_context_test.rb +6 -6
  47. data/test/unit/resources/os_test.rb +5 -5
  48. data/test/unit/resources/parse_config_test.rb +26 -0
  49. data/test/unit/resources/port_test.rb +9 -0
  50. metadata +10 -4
@@ -24,7 +24,7 @@ module Inspec::Resources
24
24
  # default lsmod command
25
25
  lsmod_cmd = 'lsmod'
26
26
  # special care for CentOS 5 and sudo
27
- lsmod_cmd = '/sbin/lsmod' if inspec.os[:family] == 'centos' && inspec.os[:release].to_i == 5
27
+ lsmod_cmd = '/sbin/lsmod' if inspec.os[:name] == 'centos' && inspec.os[:release].to_i == 5
28
28
 
29
29
  # get list of all modules
30
30
  cmd = inspec.command(lsmod_cmd)
@@ -12,7 +12,7 @@ module Inspec::Resources
12
12
  def initialize
13
13
  # set OS-dependent filenames and paths
14
14
  case inspec.os[:family]
15
- when 'ubuntu', 'debian'
15
+ when 'debian'
16
16
  init_ubuntu
17
17
  when 'redhat', 'fedora'
18
18
  init_redhat
@@ -23,7 +23,7 @@ module Inspec::Resources
23
23
  @package_name = package_name
24
24
 
25
25
  # verify that this resource is only supported on Windows
26
- return skip_resource 'The `oneget` resource is not supported on your OS.' if inspec.os[:family] != 'windows'
26
+ return skip_resource 'The `oneget` resource is not supported on your OS.' if !inspec.os.windows?
27
27
  end
28
28
 
29
29
  def info
@@ -59,7 +59,7 @@ module Inspec::Resources
59
59
  out = inspec.command(command)
60
60
 
61
61
  unless out.exit_status == 0
62
- skip_resource "Can't read environment variables on #{os[:family]}. "\
62
+ skip_resource "Can't read environment variables on #{os[:name]}. "\
63
63
  "Tried `#{command}` which returned #{out.exit_status}"
64
64
  end
65
65
 
@@ -29,7 +29,7 @@ module Inspec::Resources
29
29
  os = inspec.os
30
30
  if os.debian?
31
31
  @pkgman = Deb.new(inspec)
32
- elsif os.redhat? || os.suse?
32
+ elsif %w{redhat suse amazon fedora}.include?(os[:family])
33
33
  @pkgman = Rpm.new(inspec)
34
34
  elsif ['arch'].include?(os[:family])
35
35
  @pkgman = Pacman.new(inspec)
@@ -25,21 +25,32 @@ module Inspec::Resources
25
25
  end
26
26
  "
27
27
 
28
+ attr_reader :content
28
29
  def initialize(content = nil, useropts = nil)
29
30
  @opts = {}
30
31
  @opts = useropts.dup unless useropts.nil?
31
32
  @files_contents = {}
32
- @params = nil
33
33
 
34
34
  @content = content
35
- read_content if @content.nil?
35
+ read_params unless @content.nil?
36
36
  end
37
37
 
38
38
  def method_missing(name)
39
- @params || read_content
40
- @params[name.to_s]
39
+ read_params[name.to_s]
41
40
  end
42
41
 
42
+ def params(*opts)
43
+ opts.inject(read_params) do |res, nxt|
44
+ res.respond_to?(:key) ? res[nxt] : nil
45
+ end
46
+ end
47
+
48
+ def to_s
49
+ "Parse Config #{@conf_path}"
50
+ end
51
+
52
+ private
53
+
43
54
  def parse_file(conf_path)
44
55
  @conf_path = conf_path
45
56
 
@@ -52,21 +63,19 @@ module Inspec::Resources
52
63
  return skip_resource "Can't read file \"#{conf_path}\""
53
64
  end
54
65
 
55
- read_content
66
+ read_params
56
67
  end
57
68
 
58
69
  def read_file(path)
59
70
  @files_contents[path] ||= inspec.file(path).content
60
71
  end
61
72
 
62
- def read_content
63
- # parse the file
64
- @params = SimpleConfig.new(@content, @opts).params
65
- @content
66
- end
67
-
68
- def to_s
69
- "Parse Config #{@conf_path}"
73
+ def read_params
74
+ @params ||= if content.nil?
75
+ {}
76
+ else
77
+ SimpleConfig.new(content, @opts).params
78
+ end
70
79
  end
71
80
  end
72
81
 
data/lib/resources/pip.rb CHANGED
@@ -57,9 +57,7 @@ module Inspec::Resources
57
57
  def pip_cmd
58
58
  # Pip is not on the default path for Windows, therefore we do some logic
59
59
  # to find the binary on Windows
60
- family = inspec.os[:family]
61
- case family
62
- when 'windows'
60
+ if inspec.os.windows?
63
61
  # we need to detect the pip command on Windows
64
62
  cmd = inspec.command('New-Object -Type PSObject | Add-Member -MemberType NoteProperty -Name Pip -Value (Invoke-Command -ScriptBlock {where.exe pip}) -PassThru | Add-Member -MemberType NoteProperty -Name Python -Value (Invoke-Command -ScriptBlock {where.exe python}) -PassThru | ConvertTo-Json')
65
63
  begin
@@ -36,29 +36,15 @@ module Inspec::Resources
36
36
  def initialize(*args)
37
37
  args.unshift(nil) if args.length <= 1 # add the ip address to the front
38
38
  @ip = args[0]
39
- @port = args[1]
39
+ @port = if args[1].nil?
40
+ nil
41
+ else
42
+ args[1].to_i
43
+ end
40
44
 
41
- @port_manager = nil
42
45
  @cache = nil
43
- os = inspec.os
44
- if os.linux?
45
- @port_manager = LinuxPorts.new(inspec)
46
- elsif %w{darwin aix}.include?(os[:family])
47
- # AIX: see http://www.ibm.com/developerworks/aix/library/au-lsof.html#resources
48
- # and https://www-01.ibm.com/marketing/iwm/iwm/web/reg/pick.do?source=aixbp
49
- # Darwin: https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man8/lsof.8.html
50
- @port_manager = LsofPorts.new(inspec)
51
- elsif os.windows?
52
- @port_manager = WindowsPorts.new(inspec)
53
- elsif ['freebsd'].include?(os[:family])
54
- @port_manager = FreeBsdPorts.new(inspec)
55
- elsif os.solaris?
56
- @port_manager = SolarisPorts.new(inspec)
57
- elsif os.hpux?
58
- @port_manager = HpuxPorts.new(inspec)
59
- else
60
- return skip_resource 'The `port` resource is not supported on your OS yet.'
61
- end
46
+ @port_manager = port_manager_for_os
47
+ return skip_resource 'The `port` resource is not supported on your OS yet.' if @port_manager.nil?
62
48
  end
63
49
 
64
50
  filter = FilterTable.create
@@ -78,6 +64,26 @@ module Inspec::Resources
78
64
 
79
65
  private
80
66
 
67
+ def port_manager_for_os
68
+ os = inspec.os
69
+ if os.linux?
70
+ LinuxPorts.new(inspec)
71
+ elsif %w{darwin aix}.include?(os[:family])
72
+ # AIX: see http://www.ibm.com/developerworks/aix/library/au-lsof.html#resources
73
+ # and https://www-01.ibm.com/marketing/iwm/iwm/web/reg/pick.do?source=aixbp
74
+ # Darwin: https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man8/lsof.8.html
75
+ LsofPorts.new(inspec)
76
+ elsif os.windows?
77
+ WindowsPorts.new(inspec)
78
+ elsif ['freebsd'].include?(os[:family])
79
+ FreeBsdPorts.new(inspec)
80
+ elsif os.solaris?
81
+ SolarisPorts.new(inspec)
82
+ elsif os.hpux?
83
+ HpuxPorts.new(inspec)
84
+ end
85
+ end
86
+
81
87
  def info
82
88
  return @cache if !@cache.nil?
83
89
  # abort if os detection has not worked
@@ -10,33 +10,27 @@ module Inspec::Resources
10
10
 
11
11
  attr_reader :service, :data_dir, :conf_dir, :conf_path
12
12
  def initialize
13
- case inspec.os[:family]
14
- when 'ubuntu', 'debian'
13
+ os = inspec.os
14
+ if os.debian?
15
15
  @service = 'postgresql'
16
16
  @data_dir = '/var/lib/postgresql'
17
17
  @version = inspec.command('ls /etc/postgresql/').stdout.chomp
18
18
  @conf_dir = "/etc/postgresql/#{@version}/main"
19
- @conf_path = File.join @conf_dir, 'postgresql.conf'
20
-
21
- when 'arch'
22
- @service = 'postgresql'
23
- @data_dir = '/var/lib/postgres/data'
24
- @conf_dir = '/var/lib/postgres/data'
25
- @conf_path = File.join @conf_dir, 'postgresql.conf'
26
-
27
- when 'centos', 'redhat'
19
+ elsif os.redhat?
28
20
  @service = 'postgresql'
29
21
  @version = inspec.command('ls /var/lib/pgsql/').stdout.chomp
30
22
  @data_dir = "/var/lib/pgsql/#{@version}/data"
31
- @conf_dir = "/var/lib/pgsql/#{@version}/data"
32
- @conf_path = File.join @conf_dir, 'postgresql.conf'
33
-
23
+ elsif os[:name] == 'arch'
24
+ @service = 'postgresql'
25
+ @data_dir = '/var/lib/postgres/data'
26
+ @conf_dir = '/var/lib/postgres/data'
34
27
  else
35
28
  @service = 'postgresql'
36
29
  @data_dir = '/var/lib/postgresql'
37
30
  @conf_dir = '/var/lib/pgsql/data'
38
- @conf_path = File.join @conf_dir, 'postgresql.conf'
39
31
  end
32
+
33
+ @conf_path = File.join @conf_dir, 'postgresql.conf'
40
34
  end
41
35
 
42
36
  def to_s
@@ -102,7 +102,7 @@ module Inspec::Resources
102
102
 
103
103
  def select_service_mgmt # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/MethodLength
104
104
  os = inspec.os
105
- family = os[:family]
105
+ platform = os[:name]
106
106
 
107
107
  # Ubuntu
108
108
  # @see: https://wiki.ubuntu.com/SystemdForUpstartUsers
@@ -112,46 +112,46 @@ module Inspec::Resources
112
112
  # Ubuntu < 15.04 : Upstart
113
113
  # Upstart runs with PID 1 as /sbin/init.
114
114
  # Systemd runs with PID 1 as /lib/systemd/systemd.
115
- if %w{ubuntu}.include?(family)
116
- version = inspec.os[:release].to_f
115
+ if %w{ubuntu}.include?(platform)
116
+ version = os[:release].to_f
117
117
  if version < 15.04
118
118
  Upstart.new(inspec, service_ctl)
119
119
  else
120
120
  Systemd.new(inspec, service_ctl)
121
121
  end
122
- elsif %w{debian}.include?(family)
123
- version = inspec.os[:release].to_i
122
+ elsif %w{debian}.include?(platform)
123
+ version = os[:release].to_i
124
124
  if version > 7
125
125
  Systemd.new(inspec, service_ctl)
126
126
  else
127
127
  SysV.new(inspec, service_ctl || '/usr/sbin/service')
128
128
  end
129
- elsif %w{redhat fedora centos}.include?(family)
130
- version = inspec.os[:release].to_i
131
- if (%w{ redhat centos }.include?(family) && version >= 7) || (family == 'fedora' && version >= 15)
129
+ elsif %w{redhat fedora centos}.include?(platform)
130
+ version = os[:release].to_i
131
+ if (%w{ redhat centos }.include?(platform) && version >= 7) || (platform == 'fedora' && version >= 15)
132
132
  Systemd.new(inspec, service_ctl)
133
133
  else
134
134
  SysV.new(inspec, service_ctl || '/sbin/service')
135
135
  end
136
- elsif %w{wrlinux}.include?(family)
136
+ elsif %w{wrlinux}.include?(platform)
137
137
  SysV.new(inspec, service_ctl)
138
- elsif %w{darwin}.include?(family)
138
+ elsif %w{mac_os_x}.include?(platform)
139
139
  LaunchCtl.new(inspec, service_ctl)
140
140
  elsif os.windows?
141
141
  WindowsSrv.new(inspec)
142
- elsif %w{freebsd}.include?(family)
142
+ elsif %w{freebsd}.include?(platform)
143
143
  BSDInit.new(inspec, service_ctl)
144
- elsif %w{arch}.include?(family)
144
+ elsif %w{arch}.include?(platform)
145
145
  Systemd.new(inspec, service_ctl)
146
- elsif %w{suse opensuse}.include?(family)
147
- if inspec.os[:release].to_i >= 12
146
+ elsif %w{suse opensuse}.include?(platform)
147
+ if os[:release].to_i >= 12
148
148
  Systemd.new(inspec, service_ctl)
149
149
  else
150
150
  SysV.new(inspec, service_ctl || '/sbin/service')
151
151
  end
152
- elsif %w{aix}.include?(family)
152
+ elsif %w{aix}.include?(platform)
153
153
  SrcMstr.new(inspec)
154
- elsif %w{amazon}.include?(family)
154
+ elsif %w{amazon}.include?(platform)
155
155
  Upstart.new(inspec, service_ctl)
156
156
  elsif os.solaris?
157
157
  Svcs.new(inspec)
@@ -233,6 +233,14 @@ module Inspec::Resources
233
233
  super
234
234
  end
235
235
 
236
+ def is_enabled?(service_name)
237
+ inspec.command("#{service_ctl} is-enabled #{service_name} --quiet").exit_status == 0
238
+ end
239
+
240
+ def is_active?(service_name)
241
+ inspec.command("#{service_ctl} is-active #{service_name} --quiet").exit_status == 0
242
+ end
243
+
236
244
  def info(service_name)
237
245
  cmd = inspec.command("#{service_ctl} show --all #{service_name}")
238
246
  return nil if cmd.exit_status.to_i != 0
@@ -246,20 +254,13 @@ module Inspec::Resources
246
254
 
247
255
  # LoadState values eg. loaded, not-found
248
256
  installed = params['LoadState'] == 'loaded'
249
- # test via 'systemctl is-active service'
250
- # SubState values running
251
- running = (params['ActiveState'] == 'active') ||
252
- (params['SubState'] == 'running')
253
- # test via systemctl --quiet is-enabled
254
- # ActiveState values eg.g inactive, active
255
- enabled = %w{enabled static}.include? params['UnitFileState']
256
257
 
257
258
  {
258
259
  name: params['Id'],
259
260
  description: params['Description'],
260
261
  installed: installed,
261
- running: running,
262
- enabled: enabled,
262
+ running: is_active?(service_name),
263
+ enabled: is_enabled?(service_name),
263
264
  type: 'systemd',
264
265
  params: params,
265
266
  }
@@ -358,7 +359,7 @@ module Inspec::Resources
358
359
  enabled = !config[/^\s*start on/].nil?
359
360
 
360
361
  # implement fallback for Ubuntu 10.04
361
- if inspec.os[:family] == 'ubuntu' &&
362
+ if inspec.os[:name] == 'ubuntu' &&
362
363
  inspec.os[:release].to_f >= 10.04 &&
363
364
  inspec.os[:release].to_f < 12.04 &&
364
365
  status.exit_status == 0
@@ -42,7 +42,7 @@ module Inspec::Resources
42
42
  @cache = nil
43
43
 
44
44
  # verify that this resource is only supported on Windows
45
- return skip_resource 'The `windows_feature` resource is not supported on your OS.' if inspec.os[:family] != 'windows'
45
+ return skip_resource 'The `windows_feature` resource is not supported on your OS.' if !inspec.os.windows?
46
46
  end
47
47
 
48
48
  # returns true if the package is installed
@@ -5,13 +5,13 @@
5
5
  # add nginx apt repository
6
6
  case node['platform']
7
7
  when 'ubuntu'
8
- include_recipe('apt')
8
+ # use ppa
9
9
  apt_repository 'nginx' do
10
10
  uri 'ppa:nginx/stable'
11
11
  distribution node['lsb']['codename']
12
12
  end
13
13
  when 'debian'
14
- include_recipe('apt')
14
+ # use plain repo
15
15
  apt_repository 'nginx' do
16
16
  uri 'http://nginx.org/packages/debian'
17
17
  distribution node['lsb']['codename']
@@ -4,6 +4,8 @@
4
4
  #
5
5
  # prepare all operating systems with the required configuration
6
6
 
7
+ # container preparation
8
+ include_recipe('os_prepare::prep_container')
7
9
 
8
10
  # basic tests
9
11
  include_recipe('os_prepare::file')
@@ -5,9 +5,8 @@
5
5
  # installs everything to do the package test
6
6
 
7
7
  case node['platform']
8
- when 'ubuntu'
8
+ when 'ubuntu', 'debian'
9
9
  include_recipe('apt')
10
-
11
10
  package 'curl'
12
11
  when 'rhel', 'centos', 'fedora'
13
12
  include_recipe('yum')
@@ -10,6 +10,8 @@ when 'ubuntu', 'centos'
10
10
  # also skip it on ubuntu 15.10, because the cookbook is not supported
11
11
  # with `enable_pgdg_apt` yet
12
12
  return if node['platform_version'] == "15.10"
13
+ # skip it on centos 5, because ca-certificates is not available
14
+ return if node['platform_version'] == "5"
13
15
 
14
16
  node.default['postgresql']['enable_pgdg_apt'] = true
15
17
  node.default['postgresql']['config']['listen_addresses'] = 'localhost'
@@ -0,0 +1,15 @@
1
+ # encoding: utf-8
2
+ # author: Christoph Hartmann
3
+ # author: Dominik Richter
4
+ #
5
+ # prepares container for normal use :-)
6
+
7
+ # install docker pre-conditions
8
+ if ['ubuntu', 'debian'].include?(node['platform'])
9
+ include_recipe('apt')
10
+
11
+ # if package lsb-release & procps is not installed
12
+ # chef returns an empty node['lsb']['codename']
13
+ package("lsb-release")
14
+ package("procps")
15
+ end
@@ -12,8 +12,8 @@ when 'ubuntu'
12
12
 
13
13
  when 'centos'
14
14
  # install runit for alternative service mgmt
15
- if node['platform_version'].to_i >= 6
16
- include_recipe 'os_prepare::_runit_service_centos'
17
- include_recipe 'os_prepare::_upstart_service_centos'
15
+ if node['platform_version'].to_i == 6
16
+ include_recipe 'os_prepare::_runit_service_centos' unless node['osprepare']['docker']
17
+ include_recipe 'os_prepare::_upstart_service_centos' unless node['osprepare']['docker']
18
18
  end
19
19
  end
data/test/docker_test.rb CHANGED
@@ -3,6 +3,14 @@
3
3
 
4
4
  require_relative 'docker_run'
5
5
  require_relative '../lib/inspec'
6
+ #
7
+ # BUGON: These requires are to get around concurrency issues with
8
+ # autoloading in Ruby
9
+ #
10
+ require 'train'
11
+ require 'train/plugins'
12
+ require 'train/plugins/transport'
13
+ require 'train/transports/docker'
6
14
 
7
15
  tests = ARGV
8
16
  if tests.empty?