inspec 0.28.1 → 0.29.0

data/lib/resources/kernel_module.rb

@@ -24,7 +24,7 @@ module Inspec::Resources
       # default lsmod command
       lsmod_cmd = 'lsmod'
       # special care for CentOS 5 and sudo
-      lsmod_cmd = '/sbin/lsmod' if inspec.os[:family] == 'centos' && inspec.os[:release].to_i == 5
+      lsmod_cmd = '/sbin/lsmod' if inspec.os[:name] == 'centos' && inspec.os[:release].to_i == 5
 
       # get list of all modules
       cmd = inspec.command(lsmod_cmd)

data/lib/resources/mysql.rb

@@ -12,7 +12,7 @@ module Inspec::Resources
     def initialize
       # set OS-dependent filenames and paths
       case inspec.os[:family]
-      when 'ubuntu', 'debian'
+      when 'debian'
         init_ubuntu
       when 'redhat', 'fedora'
         init_redhat

data/lib/resources/oneget.rb

@@ -23,7 +23,7 @@ module Inspec::Resources
       @package_name = package_name
 
       # verify that this resource is only supported on Windows
-      return skip_resource 'The `oneget` resource is not supported on your OS.' if inspec.os[:family] != 'windows'
+      return skip_resource 'The `oneget` resource is not supported on your OS.' if !inspec.os.windows?
     end
 
     def info

data/lib/resources/os_env.rb

@@ -59,7 +59,7 @@ module Inspec::Resources
       out = inspec.command(command)
 
       unless out.exit_status == 0
-        skip_resource "Can't read environment variables on #{os[:family]}. "\
+        skip_resource "Can't read environment variables on #{os[:name]}. "\
           "Tried `#{command}` which returned #{out.exit_status}"
       end
 

data/lib/resources/package.rb

@@ -29,7 +29,7 @@ module Inspec::Resources
       os = inspec.os
       if os.debian?
         @pkgman = Deb.new(inspec)
-      elsif os.redhat? || os.suse?
+      elsif %w{redhat suse amazon fedora}.include?(os[:family])
         @pkgman = Rpm.new(inspec)
       elsif ['arch'].include?(os[:family])
         @pkgman = Pacman.new(inspec)

data/lib/resources/parse_config.rb

@@ -25,21 +25,32 @@ module Inspec::Resources
       end
     "
 
+    attr_reader :content
     def initialize(content = nil, useropts = nil)
       @opts = {}
       @opts = useropts.dup unless useropts.nil?
       @files_contents = {}
-      @params = nil
 
       @content = content
-      read_content if @content.nil?
+      read_params unless @content.nil?
     end
 
     def method_missing(name)
-      @params || read_content
-      @params[name.to_s]
+      read_params[name.to_s]
     end
 
+    def params(*opts)
+      opts.inject(read_params) do |res, nxt|
+        res.respond_to?(:key) ? res[nxt] : nil
+      end
+    end
+
+    def to_s
+      "Parse Config #{@conf_path}"
+    end
+
+    private
+
     def parse_file(conf_path)
       @conf_path = conf_path
 
@@ -52,21 +63,19 @@ module Inspec::Resources
         return skip_resource "Can't read file \"#{conf_path}\""
       end
 
-      read_content
+      read_params
     end
 
     def read_file(path)
       @files_contents[path] ||= inspec.file(path).content
     end
 
-    def read_content
-      # parse the file
-      @params = SimpleConfig.new(@content, @opts).params
-      @content
-    end
-
-    def to_s
-      "Parse Config #{@conf_path}"
+    def read_params
+      @params ||= if content.nil?
+                    {}
+                  else
+                    SimpleConfig.new(content, @opts).params
+                  end
     end
   end
 

data/lib/resources/pip.rb

@@ -57,9 +57,7 @@ module Inspec::Resources
     def pip_cmd
       # Pip is not on the default path for Windows, therefore we do some logic
       # to find the binary on Windows
-      family = inspec.os[:family]
-      case family
-      when 'windows'
+      if inspec.os.windows?
         # we need to detect the pip command on Windows
         cmd = inspec.command('New-Object -Type PSObject | Add-Member -MemberType NoteProperty -Name Pip -Value (Invoke-Command -ScriptBlock {where.exe pip}) -PassThru | Add-Member -MemberType NoteProperty -Name Python -Value (Invoke-Command -ScriptBlock {where.exe python}) -PassThru | ConvertTo-Json')
         begin

data/lib/resources/port.rb

@@ -36,29 +36,15 @@ module Inspec::Resources
     def initialize(*args)
       args.unshift(nil) if args.length <= 1 # add the ip address to the front
       @ip = args[0]
-      @port = args[1]
+      @port = if args[1].nil?
+                nil
+              else
+                args[1].to_i
+              end
 
-      @port_manager = nil
       @cache = nil
-      os = inspec.os
-      if os.linux?
-        @port_manager = LinuxPorts.new(inspec)
-      elsif %w{darwin aix}.include?(os[:family])
-        # AIX: see http://www.ibm.com/developerworks/aix/library/au-lsof.html#resources
-        #      and https://www-01.ibm.com/marketing/iwm/iwm/web/reg/pick.do?source=aixbp
-        # Darwin: https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man8/lsof.8.html
-        @port_manager = LsofPorts.new(inspec)
-      elsif os.windows?
-        @port_manager = WindowsPorts.new(inspec)
-      elsif ['freebsd'].include?(os[:family])
-        @port_manager = FreeBsdPorts.new(inspec)
-      elsif os.solaris?
-        @port_manager = SolarisPorts.new(inspec)
-      elsif os.hpux?
-        @port_manager = HpuxPorts.new(inspec)
-      else
-        return skip_resource 'The `port` resource is not supported on your OS yet.'
-      end
+      @port_manager = port_manager_for_os
+      return skip_resource 'The `port` resource is not supported on your OS yet.' if @port_manager.nil?
     end
 
     filter = FilterTable.create
@@ -78,6 +64,26 @@ module Inspec::Resources
 
     private
 
+    def port_manager_for_os
+      os = inspec.os
+      if os.linux?
+        LinuxPorts.new(inspec)
+      elsif %w{darwin aix}.include?(os[:family])
+        # AIX: see http://www.ibm.com/developerworks/aix/library/au-lsof.html#resources
+        #      and https://www-01.ibm.com/marketing/iwm/iwm/web/reg/pick.do?source=aixbp
+        # Darwin: https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man8/lsof.8.html
+        LsofPorts.new(inspec)
+      elsif os.windows?
+        WindowsPorts.new(inspec)
+      elsif ['freebsd'].include?(os[:family])
+        FreeBsdPorts.new(inspec)
+      elsif os.solaris?
+        SolarisPorts.new(inspec)
+      elsif os.hpux?
+        HpuxPorts.new(inspec)
+      end
+    end
+
     def info
       return @cache if !@cache.nil?
       # abort if os detection has not worked

data/lib/resources/postgres.rb

@@ -10,33 +10,27 @@ module Inspec::Resources
 
     attr_reader :service, :data_dir, :conf_dir, :conf_path
     def initialize
-      case inspec.os[:family]
-      when 'ubuntu', 'debian'
+      os = inspec.os
+      if os.debian?
         @service = 'postgresql'
         @data_dir = '/var/lib/postgresql'
         @version = inspec.command('ls /etc/postgresql/').stdout.chomp
         @conf_dir = "/etc/postgresql/#{@version}/main"
-        @conf_path = File.join @conf_dir, 'postgresql.conf'
-
-      when 'arch'
-        @service = 'postgresql'
-        @data_dir = '/var/lib/postgres/data'
-        @conf_dir = '/var/lib/postgres/data'
-        @conf_path = File.join @conf_dir, 'postgresql.conf'
-
-      when 'centos', 'redhat'
+      elsif os.redhat?
         @service = 'postgresql'
         @version = inspec.command('ls /var/lib/pgsql/').stdout.chomp
         @data_dir = "/var/lib/pgsql/#{@version}/data"
-        @conf_dir = "/var/lib/pgsql/#{@version}/data"
-        @conf_path = File.join @conf_dir, 'postgresql.conf'
-
+      elsif os[:name] == 'arch'
+        @service = 'postgresql'
+        @data_dir = '/var/lib/postgres/data'
+        @conf_dir = '/var/lib/postgres/data'
       else
         @service = 'postgresql'
         @data_dir = '/var/lib/postgresql'
         @conf_dir = '/var/lib/pgsql/data'
-        @conf_path = File.join @conf_dir, 'postgresql.conf'
       end
+
+      @conf_path = File.join @conf_dir, 'postgresql.conf'
     end
 
     def to_s

data/lib/resources/service.rb

@@ -102,7 +102,7 @@ module Inspec::Resources
 
     def select_service_mgmt # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/MethodLength
       os = inspec.os
-      family = os[:family]
+      platform = os[:name]
 
       # Ubuntu
       # @see: https://wiki.ubuntu.com/SystemdForUpstartUsers
@@ -112,46 +112,46 @@ module Inspec::Resources
       # Ubuntu < 15.04 : Upstart
       # Upstart runs with PID 1 as /sbin/init.
       # Systemd runs with PID 1 as /lib/systemd/systemd.
-      if %w{ubuntu}.include?(family)
-        version = inspec.os[:release].to_f
+      if %w{ubuntu}.include?(platform)
+        version = os[:release].to_f
         if version < 15.04
           Upstart.new(inspec, service_ctl)
         else
           Systemd.new(inspec, service_ctl)
         end
-      elsif %w{debian}.include?(family)
-        version = inspec.os[:release].to_i
+      elsif %w{debian}.include?(platform)
+        version = os[:release].to_i
         if version > 7
           Systemd.new(inspec, service_ctl)
         else
           SysV.new(inspec, service_ctl || '/usr/sbin/service')
         end
-      elsif %w{redhat fedora centos}.include?(family)
-        version = inspec.os[:release].to_i
-        if (%w{ redhat centos }.include?(family) && version >= 7) || (family == 'fedora' && version >= 15)
+      elsif %w{redhat fedora centos}.include?(platform)
+        version = os[:release].to_i
+        if (%w{ redhat centos }.include?(platform) && version >= 7) || (platform == 'fedora' && version >= 15)
           Systemd.new(inspec, service_ctl)
         else
           SysV.new(inspec, service_ctl || '/sbin/service')
         end
-      elsif %w{wrlinux}.include?(family)
+      elsif %w{wrlinux}.include?(platform)
         SysV.new(inspec, service_ctl)
-      elsif %w{darwin}.include?(family)
+      elsif %w{mac_os_x}.include?(platform)
         LaunchCtl.new(inspec, service_ctl)
       elsif os.windows?
         WindowsSrv.new(inspec)
-      elsif %w{freebsd}.include?(family)
+      elsif %w{freebsd}.include?(platform)
         BSDInit.new(inspec, service_ctl)
-      elsif %w{arch}.include?(family)
+      elsif %w{arch}.include?(platform)
         Systemd.new(inspec, service_ctl)
-      elsif %w{suse opensuse}.include?(family)
-        if inspec.os[:release].to_i >= 12
+      elsif %w{suse opensuse}.include?(platform)
+        if os[:release].to_i >= 12
           Systemd.new(inspec, service_ctl)
         else
           SysV.new(inspec, service_ctl || '/sbin/service')
         end
-      elsif %w{aix}.include?(family)
+      elsif %w{aix}.include?(platform)
         SrcMstr.new(inspec)
-      elsif %w{amazon}.include?(family)
+      elsif %w{amazon}.include?(platform)
         Upstart.new(inspec, service_ctl)
       elsif os.solaris?
         Svcs.new(inspec)
@@ -233,6 +233,14 @@ module Inspec::Resources
       super
     end
 
+    def is_enabled?(service_name)
+      inspec.command("#{service_ctl} is-enabled #{service_name} --quiet").exit_status == 0
+    end
+
+    def is_active?(service_name)
+      inspec.command("#{service_ctl} is-active #{service_name} --quiet").exit_status == 0
+    end
+
     def info(service_name)
       cmd = inspec.command("#{service_ctl} show --all #{service_name}")
       return nil if cmd.exit_status.to_i != 0
@@ -246,20 +254,13 @@ module Inspec::Resources
 
       # LoadState values eg. loaded, not-found
       installed = params['LoadState'] == 'loaded'
-      # test via 'systemctl is-active service'
-      # SubState values running
-      running = (params['ActiveState'] == 'active') ||
-                (params['SubState'] == 'running')
-      # test via systemctl --quiet is-enabled
-      # ActiveState values eg.g inactive, active
-      enabled = %w{enabled static}.include? params['UnitFileState']
 
       {
         name: params['Id'],
         description: params['Description'],
         installed: installed,
-        running: running,
-        enabled: enabled,
+        running: is_active?(service_name),
+        enabled: is_enabled?(service_name),
         type: 'systemd',
         params: params,
       }
@@ -358,7 +359,7 @@ module Inspec::Resources
       enabled = !config[/^\s*start on/].nil?
 
       # implement fallback for Ubuntu 10.04
-      if inspec.os[:family] == 'ubuntu' &&
+      if inspec.os[:name] == 'ubuntu' &&
          inspec.os[:release].to_f >= 10.04 &&
          inspec.os[:release].to_f < 12.04 &&
          status.exit_status == 0

data/lib/resources/windows_feature.rb

@@ -42,7 +42,7 @@ module Inspec::Resources
       @cache = nil
 
       # verify that this resource is only supported on Windows
-      return skip_resource 'The `windows_feature` resource is not supported on your OS.' if inspec.os[:family] != 'windows'
+      return skip_resource 'The `windows_feature` resource is not supported on your OS.' if !inspec.os.windows?
     end
 
     # returns true if the package is installed

data/test/cookbooks/os_prepare/recipes/apt.rb

@@ -5,13 +5,13 @@
 # add nginx apt repository
 case node['platform']
 when 'ubuntu'
-  include_recipe('apt')
+  # use ppa
   apt_repository 'nginx' do
     uri 'ppa:nginx/stable'
     distribution node['lsb']['codename']
   end
 when 'debian'
-  include_recipe('apt')
+  # use plain repo
   apt_repository 'nginx' do
     uri 'http://nginx.org/packages/debian'
     distribution node['lsb']['codename']

data/test/cookbooks/os_prepare/recipes/default.rb

@@ -4,6 +4,8 @@
 #
 # prepare all operating systems with the required configuration
 
+# container preparation
+include_recipe('os_prepare::prep_container')
 
 # basic tests
 include_recipe('os_prepare::file')

data/test/cookbooks/os_prepare/recipes/package.rb

@@ -5,9 +5,8 @@
 # installs everything to do the package test
 
 case node['platform']
-when 'ubuntu'
+when 'ubuntu', 'debian'
   include_recipe('apt')
-
   package 'curl'
 when 'rhel', 'centos', 'fedora'
   include_recipe('yum')

data/test/cookbooks/os_prepare/recipes/postgres.rb

@@ -10,6 +10,8 @@ when 'ubuntu', 'centos'
   # also skip it on ubuntu 15.10, because the cookbook is not supported
   # with `enable_pgdg_apt` yet
   return if node['platform_version'] == "15.10"
+  # skip it on centos 5, because ca-certificates is not available
+  return if node['platform_version'] == "5"
 
   node.default['postgresql']['enable_pgdg_apt'] = true
   node.default['postgresql']['config']['listen_addresses'] = 'localhost'

data/test/cookbooks/os_prepare/recipes/prep_container.rb

@@ -0,0 +1,15 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+#
+# prepares container for normal use :-)
+
+# install docker pre-conditions
+if ['ubuntu', 'debian'].include?(node['platform'])
+  include_recipe('apt')
+
+  # if package lsb-release & procps is not installed
+  # chef returns an empty node['lsb']['codename']
+  package("lsb-release")
+  package("procps")
+end

data/test/cookbooks/os_prepare/recipes/service.rb

@@ -12,8 +12,8 @@ when 'ubuntu'
 
 when 'centos'
   # install runit for alternative service mgmt
-  if node['platform_version'].to_i >= 6
-    include_recipe 'os_prepare::_runit_service_centos'
-    include_recipe 'os_prepare::_upstart_service_centos'
+  if node['platform_version'].to_i == 6
+    include_recipe 'os_prepare::_runit_service_centos' unless node['osprepare']['docker']
+    include_recipe 'os_prepare::_upstart_service_centos' unless node['osprepare']['docker']
   end
 end

data/test/docker_test.rb

@@ -3,6 +3,14 @@
 
 require_relative 'docker_run'
 require_relative '../lib/inspec'
+#
+# BUGON: These requires are to get around concurrency issues with
+# autoloading in Ruby
+#
+require 'train'
+require 'train/plugins'
+require 'train/plugins/transport'
+require 'train/transports/docker'
 
 tests = ARGV
 if tests.empty?