inspec 0.30.0 → 0.31.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (316) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +50 -2
  3. data/Gemfile +2 -1
  4. data/docs/cli.rst +1 -17
  5. data/docs/resources.rst +128 -0
  6. data/docs/shell.rst +130 -0
  7. data/inspec.gemspec +3 -4
  8. data/lib/bundles/inspec-compliance/.kitchen.yml +0 -1
  9. data/lib/bundles/inspec-compliance/README.md +8 -3
  10. data/lib/bundles/inspec-compliance/api.rb +21 -6
  11. data/lib/bundles/inspec-compliance/bootstrap.sh +13 -9
  12. data/lib/bundles/inspec-compliance/cli.rb +23 -19
  13. data/lib/bundles/inspec-compliance/target.rb +1 -0
  14. data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +42 -5
  15. data/lib/bundles/inspec-init/cli.rb +9 -0
  16. data/lib/bundles/inspec-supermarket/cli.rb +9 -0
  17. data/lib/bundles/inspec-supermarket/target.rb +2 -1
  18. data/lib/fetchers/local.rb +5 -2
  19. data/lib/fetchers/url.rb +1 -0
  20. data/lib/inspec/base_cli.rb +2 -1
  21. data/lib/inspec/cli.rb +14 -5
  22. data/lib/inspec/dependencies/dependency_set.rb +38 -0
  23. data/lib/inspec/dependencies/requirement.rb +103 -0
  24. data/lib/inspec/{dependencies.rb → dependencies/resolver.rb} +13 -132
  25. data/lib/inspec/dependencies/vendor_index.rb +98 -0
  26. data/lib/inspec/plugins/source_reader.rb +4 -0
  27. data/lib/inspec/profile.rb +2 -2
  28. data/lib/inspec/resource.rb +2 -0
  29. data/lib/inspec/runner.rb +13 -1
  30. data/lib/inspec/runner_mock.rb +4 -0
  31. data/lib/inspec/runner_rspec.rb +6 -2
  32. data/lib/inspec/shell.rb +22 -1
  33. data/lib/inspec/version.rb +1 -1
  34. data/lib/resources/iis_site.rb +107 -0
  35. data/lib/resources/port.rb +11 -4
  36. data/lib/resources/ssh_conf.rb +10 -2
  37. data/lib/resources/ssl.rb +94 -0
  38. data/lib/resources/xinetd.rb +11 -2
  39. data/lib/utils/parser.rb +6 -1
  40. metadata +17 -561
  41. data/lib/utils/hash_map.rb +0 -37
  42. data/tasks/maintainers.rb +0 -213
  43. data/test/bench/startup/startup.flat.txt +0 -1005
  44. data/test/bench/startup/startup.graph.html +0 -71958
  45. data/test/bench/startup/startup.grind.dat +0 -101602
  46. data/test/bench/startup/startup.stack.html +0 -24516
  47. data/test/bench/startup.flat.txt +0 -998
  48. data/test/bench/startup.graph.html +0 -71420
  49. data/test/bench/startup.grind.dat +0 -103554
  50. data/test/bench/startup.stack.html +0 -25015
  51. data/test/cookbooks/os_prepare/attributes/default.rb +0 -2
  52. data/test/cookbooks/os_prepare/files/empty.iso +0 -0
  53. data/test/cookbooks/os_prepare/files/example.csv +0 -7
  54. data/test/cookbooks/os_prepare/files/example.ini +0 -6
  55. data/test/cookbooks/os_prepare/files/example.json +0 -12
  56. data/test/cookbooks/os_prepare/files/example.yml +0 -7
  57. data/test/cookbooks/os_prepare/metadata.rb +0 -13
  58. data/test/cookbooks/os_prepare/recipes/_runit_service_centos.rb +0 -34
  59. data/test/cookbooks/os_prepare/recipes/_upstart_service_centos.rb +0 -25
  60. data/test/cookbooks/os_prepare/recipes/apache.rb +0 -14
  61. data/test/cookbooks/os_prepare/recipes/apt.rb +0 -20
  62. data/test/cookbooks/os_prepare/recipes/auditctl.rb +0 -8
  63. data/test/cookbooks/os_prepare/recipes/default.rb +0 -29
  64. data/test/cookbooks/os_prepare/recipes/file.rb +0 -46
  65. data/test/cookbooks/os_prepare/recipes/iptables.rb +0 -13
  66. data/test/cookbooks/os_prepare/recipes/json_yaml_csv_ini.rb +0 -34
  67. data/test/cookbooks/os_prepare/recipes/mount.rb +0 -33
  68. data/test/cookbooks/os_prepare/recipes/package.rb +0 -25
  69. data/test/cookbooks/os_prepare/recipes/postgres.rb +0 -20
  70. data/test/cookbooks/os_prepare/recipes/prep_container.rb +0 -15
  71. data/test/cookbooks/os_prepare/recipes/registry_key.rb +0 -87
  72. data/test/cookbooks/os_prepare/recipes/service.rb +0 -19
  73. data/test/cookbooks/os_prepare/templates/default/sv-default-svlog-run.erb +0 -2
  74. data/test/docker_run.rb +0 -162
  75. data/test/docker_test.rb +0 -58
  76. data/test/functional/helper.rb +0 -37
  77. data/test/functional/inheritance_test.rb +0 -62
  78. data/test/functional/inspec_archive_test.rb +0 -80
  79. data/test/functional/inspec_compliance_test.rb +0 -61
  80. data/test/functional/inspec_exec_json_test.rb +0 -122
  81. data/test/functional/inspec_exec_jsonmin_test.rb +0 -59
  82. data/test/functional/inspec_exec_test.rb +0 -123
  83. data/test/functional/inspec_json_profile_test.rb +0 -103
  84. data/test/functional/inspec_test.rb +0 -91
  85. data/test/helper.rb +0 -329
  86. data/test/integration/default/_debug_spec.rb +0 -8
  87. data/test/integration/default/apache_conf_spec.rb +0 -21
  88. data/test/integration/default/apt_spec.rb +0 -37
  89. data/test/integration/default/auditd_rules_spec.rb +0 -32
  90. data/test/integration/default/cmp_matcher_spec.rb +0 -115
  91. data/test/integration/default/csv_spec.rb +0 -11
  92. data/test/integration/default/etc_group_spec.rb +0 -29
  93. data/test/integration/default/file_spec.rb +0 -195
  94. data/test/integration/default/group_spec.rb +0 -59
  95. data/test/integration/default/ini_spec.rb +0 -11
  96. data/test/integration/default/iptables_spec.rb +0 -29
  97. data/test/integration/default/json_spec.rb +0 -11
  98. data/test/integration/default/kernel_module_spec.rb +0 -23
  99. data/test/integration/default/kernel_parameter_spec.rb +0 -60
  100. data/test/integration/default/mount_spec.rb +0 -19
  101. data/test/integration/default/os_spec.rb +0 -13
  102. data/test/integration/default/package_spec.rb +0 -30
  103. data/test/integration/default/port_spec.rb +0 -27
  104. data/test/integration/default/postgres_session_spec.rb +0 -13
  105. data/test/integration/default/powershell_spec.rb +0 -42
  106. data/test/integration/default/registry_key_spec.rb +0 -109
  107. data/test/integration/default/secpol_spec.rb +0 -11
  108. data/test/integration/default/service_spec.rb +0 -128
  109. data/test/integration/default/user_spec.rb +0 -96
  110. data/test/integration/default/vbscript_spec.rb +0 -22
  111. data/test/integration/default/wmi_spec.rb +0 -66
  112. data/test/integration/default/yaml_spec.rb +0 -11
  113. data/test/resource/command_test.rb +0 -33
  114. data/test/resource/dsl_test.rb +0 -45
  115. data/test/resource/file_test.rb +0 -146
  116. data/test/resource/ssh_config.rb +0 -9
  117. data/test/resource/sshd_config.rb +0 -9
  118. data/test/test-extra.yaml +0 -11
  119. data/test/test.yaml +0 -11
  120. data/test/unit/control_test.rb +0 -58
  121. data/test/unit/fetchers/local_test.rb +0 -67
  122. data/test/unit/fetchers/mock_test.rb +0 -43
  123. data/test/unit/fetchers/tar_test.rb +0 -36
  124. data/test/unit/fetchers/url_test.rb +0 -152
  125. data/test/unit/fetchers/zip_test.rb +0 -36
  126. data/test/unit/fetchers_test.rb +0 -65
  127. data/test/unit/metadata_test.rb +0 -137
  128. data/test/unit/mock/cmd/$env-PATH +0 -1
  129. data/test/unit/mock/cmd/Get-NetAdapter +0 -24
  130. data/test/unit/mock/cmd/GetUserAccount +0 -33
  131. data/test/unit/mock/cmd/GetWin32Group +0 -23
  132. data/test/unit/mock/cmd/Resolve-DnsName +0 -26
  133. data/test/unit/mock/cmd/Test-NetConnection +0 -4
  134. data/test/unit/mock/cmd/auditctl +0 -3
  135. data/test/unit/mock/cmd/auditctl-legacy +0 -7
  136. data/test/unit/mock/cmd/auditctl-s +0 -8
  137. data/test/unit/mock/cmd/auditpol +0 -2
  138. data/test/unit/mock/cmd/brew-info-jq +0 -1
  139. data/test/unit/mock/cmd/chage-l-root +0 -7
  140. data/test/unit/mock/cmd/dpkg-s-curl +0 -21
  141. data/test/unit/mock/cmd/dscl +0 -5
  142. data/test/unit/mock/cmd/env +0 -1
  143. data/test/unit/mock/cmd/etc-apt +0 -7
  144. data/test/unit/mock/cmd/find-apache2-conf-enabled +0 -1
  145. data/test/unit/mock/cmd/find-apache2-ports-conf +0 -1
  146. data/test/unit/mock/cmd/find-etc-rc-d-name-S +0 -12
  147. data/test/unit/mock/cmd/find-net-interface +0 -9
  148. data/test/unit/mock/cmd/find-xinetd.d +0 -2
  149. data/test/unit/mock/cmd/gem-list-local-a-q-rubocop +0 -1
  150. data/test/unit/mock/cmd/get-net-tcpconnection +0 -24
  151. data/test/unit/mock/cmd/get-netadapter-binding-bridge +0 -4
  152. data/test/unit/mock/cmd/get-package-firefox +0 -30
  153. data/test/unit/mock/cmd/get-package-ruby +0 -18
  154. data/test/unit/mock/cmd/get-service-dhcp +0 -10
  155. data/test/unit/mock/cmd/get-windows-feature +0 -7
  156. data/test/unit/mock/cmd/get-wmiobject +0 -9
  157. data/test/unit/mock/cmd/getent-hosts-example.com +0 -1
  158. data/test/unit/mock/cmd/getent-passwd-jfolmer +0 -1
  159. data/test/unit/mock/cmd/getent-passwd-root +0 -1
  160. data/test/unit/mock/cmd/hpux-netstat-inet +0 -10
  161. data/test/unit/mock/cmd/hpux-netstat-inet6 +0 -11
  162. data/test/unit/mock/cmd/id-chartmann +0 -1
  163. data/test/unit/mock/cmd/id-jfolmer +0 -1
  164. data/test/unit/mock/cmd/id-root +0 -1
  165. data/test/unit/mock/cmd/initctl--version +0 -5
  166. data/test/unit/mock/cmd/initctl-show-config-ssh +0 -3
  167. data/test/unit/mock/cmd/initctl-status-ssh +0 -1
  168. data/test/unit/mock/cmd/iptables-s +0 -6
  169. data/test/unit/mock/cmd/launchctl-list +0 -3
  170. data/test/unit/mock/cmd/logins-x +0 -4
  171. data/test/unit/mock/cmd/ls-1-etc-init.d +0 -2
  172. data/test/unit/mock/cmd/ls-sys-class-net-br +0 -2
  173. data/test/unit/mock/cmd/lsmod +0 -2
  174. data/test/unit/mock/cmd/lsof-nP-i-FpctPn +0 -63
  175. data/test/unit/mock/cmd/mount +0 -1
  176. data/test/unit/mock/cmd/mount-multiple +0 -2
  177. data/test/unit/mock/cmd/netstat-an.utf8 +0 -13
  178. data/test/unit/mock/cmd/netstat-tulpen +0 -6
  179. data/test/unit/mock/cmd/npm-ls-g--json-bower +0 -9
  180. data/test/unit/mock/cmd/pacman-qi-curl +0 -21
  181. data/test/unit/mock/cmd/ping-example.com +0 -6
  182. data/test/unit/mock/cmd/pip-show-jinja2 +0 -11
  183. data/test/unit/mock/cmd/pkg-info-system-file-system-zfs +0 -8
  184. data/test/unit/mock/cmd/pkginfo-l-SUNWzfsr +0 -7
  185. data/test/unit/mock/cmd/ps-aux +0 -5
  186. data/test/unit/mock/cmd/ps-auxZ +0 -3
  187. data/test/unit/mock/cmd/pw-usershow-root-7 +0 -1
  188. data/test/unit/mock/cmd/reg_schedule +0 -6
  189. data/test/unit/mock/cmd/rpm-qia-curl +0 -24
  190. data/test/unit/mock/cmd/s11-netstat-an-finet-finet6 +0 -32
  191. data/test/unit/mock/cmd/sbin_sysctl +0 -1
  192. data/test/unit/mock/cmd/secedit-export +0 -7
  193. data/test/unit/mock/cmd/service-e +0 -2
  194. data/test/unit/mock/cmd/service-sendmail-onestatus +0 -3
  195. data/test/unit/mock/cmd/service-sshd-status +0 -1
  196. data/test/unit/mock/cmd/sockstat +0 -5
  197. data/test/unit/mock/cmd/success +0 -0
  198. data/test/unit/mock/cmd/swlist-l-product +0 -1
  199. data/test/unit/mock/cmd/systemctl-show-all-dbus +0 -6
  200. data/test/unit/mock/cmd/systemctl-show-all-sshd +0 -7
  201. data/test/unit/mock/cmd/win32_product +0 -8
  202. data/test/unit/mock/cmd/yum-repolist-all +0 -52
  203. data/test/unit/mock/files/apache2.conf +0 -14
  204. data/test/unit/mock/files/auditd.conf +0 -4
  205. data/test/unit/mock/files/bond0 +0 -37
  206. data/test/unit/mock/files/etcgroup +0 -3
  207. data/test/unit/mock/files/example.csv +0 -6
  208. data/test/unit/mock/files/grub.conf +0 -21
  209. data/test/unit/mock/files/inetd.conf +0 -2
  210. data/test/unit/mock/files/kitchen.yml +0 -7
  211. data/test/unit/mock/files/limits.conf +0 -5
  212. data/test/unit/mock/files/login.defs +0 -5
  213. data/test/unit/mock/files/mysql.conf +0 -8
  214. data/test/unit/mock/files/mysql2.conf +0 -2
  215. data/test/unit/mock/files/ntp.conf +0 -5
  216. data/test/unit/mock/files/passwd +0 -2
  217. data/test/unit/mock/files/policyfile.lock.json +0 -12
  218. data/test/unit/mock/files/ports.conf +0 -6
  219. data/test/unit/mock/files/rootwrap.conf +0 -7
  220. data/test/unit/mock/files/serve-cgi-bin.conf +0 -20
  221. data/test/unit/mock/files/shadow +0 -2
  222. data/test/unit/mock/files/ssh_config +0 -5
  223. data/test/unit/mock/files/sshd_config +0 -7
  224. data/test/unit/mock/files/sysctl.conf +0 -7
  225. data/test/unit/mock/files/xinetd.conf +0 -9
  226. data/test/unit/mock/files/xinetd.d/.gitkeep +0 -0
  227. data/test/unit/mock/files/xinetd.d_chargen-dgram +0 -9
  228. data/test/unit/mock/files/xinetd.d_chargen-stream +0 -9
  229. data/test/unit/mock/profiles/complete-metadata/inspec.yml +0 -7
  230. data/test/unit/mock/profiles/complete-profile/controls/filesystem_spec.rb +0 -16
  231. data/test/unit/mock/profiles/complete-profile/inspec.yml +0 -10
  232. data/test/unit/mock/profiles/complete-profile/libraries/testlib.rb +0 -1
  233. data/test/unit/mock/profiles/empty-metadata/inspec.yml +0 -0
  234. data/test/unit/mock/profiles/legacy-complete-metadata/metadata.rb +0 -7
  235. data/test/unit/mock/profiles/legacy-complete-metadata/test/.gitkeep +0 -0
  236. data/test/unit/mock/profiles/legacy-empty-metadata/controls/.gitkeep +0 -0
  237. data/test/unit/mock/profiles/legacy-empty-metadata/metadata.rb +0 -0
  238. data/test/unit/mock/profiles/legacy-simple-metadata/metadata.rb +0 -1
  239. data/test/unit/mock/profiles/legacy-simple-metadata/test/.gitkeep +0 -0
  240. data/test/unit/mock/profiles/library/controls/filesystem_spec.rb +0 -7
  241. data/test/unit/mock/profiles/library/inspec.yml +0 -10
  242. data/test/unit/mock/profiles/library/libraries/gordonlib.rb +0 -2
  243. data/test/unit/mock/profiles/library/libraries/testlib.rb +0 -12
  244. data/test/unit/mock/profiles/resource-tiny/inspec.yml +0 -10
  245. data/test/unit/mock/profiles/resource-tiny/libraries/resource.rb +0 -3
  246. data/test/unit/mock/profiles/simple-metadata/inspec.yml +0 -1
  247. data/test/unit/mock/profiles/skippy-profile-os/controls/one.rb +0 -3
  248. data/test/unit/mock/profiles/skippy-profile-os/inspec.yml +0 -5
  249. data/test/unit/mock/profiles/spec_only/specfile.rb +0 -11
  250. data/test/unit/mock/profiles/supported_inspec/inspec.yml +0 -2
  251. data/test/unit/mock/profiles/unsupported_inspec/inspec.yml +0 -2
  252. data/test/unit/objects_test.rb +0 -65
  253. data/test/unit/plugin_test.rb +0 -44
  254. data/test/unit/plugins/resource_test.rb +0 -60
  255. data/test/unit/profile_context_test.rb +0 -345
  256. data/test/unit/profile_test.rb +0 -252
  257. data/test/unit/resources/apache_conf_test.rb +0 -31
  258. data/test/unit/resources/apt_test.rb +0 -46
  259. data/test/unit/resources/audit_policy_test.rb +0 -13
  260. data/test/unit/resources/auditd_conf_test.rb +0 -15
  261. data/test/unit/resources/auditd_rules_test.rb +0 -91
  262. data/test/unit/resources/bash_test.rb +0 -29
  263. data/test/unit/resources/bond_test.rb +0 -24
  264. data/test/unit/resources/bridge_test.rb +0 -56
  265. data/test/unit/resources/csv_test.rb +0 -35
  266. data/test/unit/resources/etc_group_test.rb +0 -37
  267. data/test/unit/resources/file_test.rb +0 -202
  268. data/test/unit/resources/gem_test.rb +0 -20
  269. data/test/unit/resources/group_test.rb +0 -96
  270. data/test/unit/resources/grub_conf_test.rb +0 -29
  271. data/test/unit/resources/host_test.rb +0 -38
  272. data/test/unit/resources/inetd_conf_test.rb +0 -15
  273. data/test/unit/resources/ini_test.rb +0 -16
  274. data/test/unit/resources/interface_test.rb +0 -54
  275. data/test/unit/resources/iptables_test.rb +0 -35
  276. data/test/unit/resources/json_test.rb +0 -36
  277. data/test/unit/resources/kernel_module_test.rb +0 -23
  278. data/test/unit/resources/kernel_parameter_test.rb +0 -13
  279. data/test/unit/resources/limits_conf_test.rb +0 -14
  280. data/test/unit/resources/login_def_test.rb +0 -16
  281. data/test/unit/resources/mount_test.rb +0 -26
  282. data/test/unit/resources/mysql_conf_test.rb +0 -14
  283. data/test/unit/resources/npm_test.rb +0 -20
  284. data/test/unit/resources/ntp_conf_test.rb +0 -16
  285. data/test/unit/resources/oneget_test.rb +0 -45
  286. data/test/unit/resources/os_env_test.rb +0 -18
  287. data/test/unit/resources/os_test.rb +0 -40
  288. data/test/unit/resources/package_test.rb +0 -87
  289. data/test/unit/resources/parse_config_test.rb +0 -26
  290. data/test/unit/resources/passwd_test.rb +0 -111
  291. data/test/unit/resources/pip_test.rb +0 -15
  292. data/test/unit/resources/port_test.rb +0 -165
  293. data/test/unit/resources/powershell_test.rb +0 -32
  294. data/test/unit/resources/processes_test.rb +0 -72
  295. data/test/unit/resources/registry_key_test.rb +0 -18
  296. data/test/unit/resources/security_policy_test.rb +0 -16
  297. data/test/unit/resources/service_test.rb +0 -305
  298. data/test/unit/resources/shadow_test.rb +0 -67
  299. data/test/unit/resources/ssh_conf_test.rb +0 -33
  300. data/test/unit/resources/user_test.rb +0 -124
  301. data/test/unit/resources/vbscript_test.rb +0 -18
  302. data/test/unit/resources/windows_feature.rb +0 -17
  303. data/test/unit/resources/wmi_test.rb +0 -42
  304. data/test/unit/resources/xinetd_test.rb +0 -60
  305. data/test/unit/resources/yaml_test.rb +0 -34
  306. data/test/unit/resources/yum_test.rb +0 -68
  307. data/test/unit/shell_detector_test.rb +0 -78
  308. data/test/unit/source_reader_test.rb +0 -17
  309. data/test/unit/source_readers/flat_test.rb +0 -61
  310. data/test/unit/source_readers/inspec_test.rb +0 -38
  311. data/test/unit/utils/filter_array_test.rb +0 -59
  312. data/test/unit/utils/filter_table_test.rb +0 -177
  313. data/test/unit/utils/find_files_test.rb +0 -23
  314. data/test/unit/utils/passwd_parser_test.rb +0 -32
  315. data/test/unit/utils/simpleconfig_test.rb +0 -80
  316. data/test/unit/utils/solaris_netstat_parser.rb +0 -124
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 445532339f2a7c592cd2386791ec6dad4423b7cf
4
- data.tar.gz: c9199103ea5e588100d2c8137e0dd4a4d8fab5d8
3
+ metadata.gz: 7863d5430d9891f4ec8895d615bb134047a237ee
4
+ data.tar.gz: 7b8b6d69f358812cd69aa40042f4a6bd0a2d52b7
5
5
  SHA512:
6
- metadata.gz: f5cc4f2ed37f9a4797e5c44b9e478719c2b870dc80eeb4a63f8bda27268e19f885580f0e38f62a241d406e3459cbe7855b7db50bb9e7a524d6f9405b35372261
7
- data.tar.gz: e68180568b488a72fff183bfb477d92a977c168817f5b0085420816f79e8f716bedb176bc39013abbe1b85ec53b29b855a0ae5d16a154224ddffb83e73cbb7fd
6
+ metadata.gz: 37d29c938cc8e6d234d27aaf92bf438eff4be4d4394469468ccf7b570f91165bb1d262e0c4c0594672e6b6d520cf8fe785fe883468a74d0553eb015ab181953f
7
+ data.tar.gz: 72ab6035eddcb9e64bed98d64fd9f38e3e6e30839786a073b08bf3fb9c4e4728e943753c353b4b31cbc745d60096e28fee4944c10f3d4a6685ad977294119d16
data/CHANGELOG.md CHANGED
@@ -1,7 +1,55 @@
1
1
  # Change Log
2
2
 
3
- ## [0.30.0](https://github.com/chef/inspec/tree/0.30.0) (2016-08-12)
4
- [Full Changelog](https://github.com/chef/inspec/compare/v0.29.0...0.30.0)
3
+ ## [0.31.0](https://github.com/chef/inspec/tree/0.31.0) (2016-08-19)
4
+ [Full Changelog](https://github.com/chef/inspec/compare/v0.30.0...0.31.0)
5
+
6
+ **Implemented enhancements:**
7
+
8
+ - Support writing full tests in inspec shell [\#240](https://github.com/chef/inspec/issues/240)
9
+ - inspec shell documentation - Fix \#805 [\#925](https://github.com/chef/inspec/pull/925) ([ksubrama](https://github.com/ksubrama))
10
+ - Windows ports with pid and process name [\#912](https://github.com/chef/inspec/pull/912) ([alexpop](https://github.com/alexpop))
11
+ - Improve inspec shell by having it evaluate describe/control blocks. [\#909](https://github.com/chef/inspec/pull/909) ([ksubrama](https://github.com/ksubrama))
12
+
13
+ **Fixed bugs:**
14
+
15
+ - `inspec login help` help text inconsistent with `inspec` CLI usage [\#905](https://github.com/chef/inspec/issues/905)
16
+ - Subcommand help outputs incorrect usage line [\#895](https://github.com/chef/inspec/issues/895)
17
+ - `inspec compliance version` fails with stacktrace if no compliance URL is configured [\#894](https://github.com/chef/inspec/issues/894)
18
+ - `inspec` binary occasionally exits zero on SSH failures [\#840](https://github.com/chef/inspec/issues/840)
19
+ - inspec login fails [\#793](https://github.com/chef/inspec/issues/793)
20
+ - ssh\_config and sshd\_config matchers should be case-insensitive [\#759](https://github.com/chef/inspec/issues/759)
21
+ - Login succeeds but later commands fail [\#731](https://github.com/chef/inspec/issues/731)
22
+ - passwd resource does not ignore comments [\#725](https://github.com/chef/inspec/issues/725)
23
+ - remove tests and dev dependencies from released gem [\#924](https://github.com/chef/inspec/pull/924) ([arlimus](https://github.com/arlimus))
24
+ - update dependencies and loosen molinillo [\#917](https://github.com/chef/inspec/pull/917) ([arlimus](https://github.com/arlimus))
25
+ - Handle xinetd config with only one entry [\#846](https://github.com/chef/inspec/pull/846) ([chris-rock](https://github.com/chris-rock))
26
+
27
+ **Closed issues:**
28
+
29
+ - Document InSpec Shell [\#805](https://github.com/chef/inspec/issues/805)
30
+
31
+ **Merged pull requests:**
32
+
33
+ - fix functional test for compliance plugin [\#941](https://github.com/chef/inspec/pull/941) ([chris-rock](https://github.com/chris-rock))
34
+ - give accurate information for inspec compliance login --help [\#938](https://github.com/chef/inspec/pull/938) ([vjeffrey](https://github.com/vjeffrey))
35
+ - Document awesome where syntax for port [\#937](https://github.com/chef/inspec/pull/937) ([pburkholder](https://github.com/pburkholder))
36
+ - Fetch deps based on urls [\#935](https://github.com/chef/inspec/pull/935) ([stevendanna](https://github.com/stevendanna))
37
+ - Ease testing of compliance integration tests [\#934](https://github.com/chef/inspec/pull/934) ([chris-rock](https://github.com/chris-rock))
38
+ - restructure unit tests [\#933](https://github.com/chef/inspec/pull/933) ([chris-rock](https://github.com/chris-rock))
39
+ - return token stored message on login [\#932](https://github.com/chef/inspec/pull/932) ([vjeffrey](https://github.com/vjeffrey))
40
+ - fail gracefully on inspec compliance profiles when bad token is provided [\#930](https://github.com/chef/inspec/pull/930) ([vjeffrey](https://github.com/vjeffrey))
41
+ - Fix recursive deps for path-based deps [\#929](https://github.com/chef/inspec/pull/929) ([stevendanna](https://github.com/stevendanna))
42
+ - fix integration tests for Chef Compliance [\#928](https://github.com/chef/inspec/pull/928) ([chris-rock](https://github.com/chris-rock))
43
+ - Remove false username/passwd msg from inspec compliance login [\#927](https://github.com/chef/inspec/pull/927) ([vjeffrey](https://github.com/vjeffrey))
44
+ - inspec compliance version fails gracefully when no server config [\#926](https://github.com/chef/inspec/pull/926) ([vjeffrey](https://github.com/vjeffrey))
45
+ - add kitchen.yml for non-public kitchen boxes [\#922](https://github.com/chef/inspec/pull/922) ([chris-rock](https://github.com/chris-rock))
46
+ - Ignore comment lines in /etc/passwd [\#920](https://github.com/chef/inspec/pull/920) ([stevendanna](https://github.com/stevendanna))
47
+ - ssh\_config parse should be case insensitive [\#919](https://github.com/chef/inspec/pull/919) ([vjeffrey](https://github.com/vjeffrey))
48
+ - add ssl resource \(early access\) [\#914](https://github.com/chef/inspec/pull/914) ([arlimus](https://github.com/arlimus))
49
+ - Add iis\_site resource [\#907](https://github.com/chef/inspec/pull/907) ([chrisevett](https://github.com/chrisevett))
50
+
51
+ ## [v0.30.0](https://github.com/chef/inspec/tree/v0.30.0) (2016-08-12)
52
+ [Full Changelog](https://github.com/chef/inspec/compare/v0.29.0...v0.30.0)
5
53
 
6
54
  **Implemented enhancements:**
7
55
 
data/Gemfile CHANGED
@@ -18,10 +18,11 @@ group :test do
18
18
  gem 'rubocop', '~> 0.36.0'
19
19
  gem 'simplecov', '~> 0.10'
20
20
  gem 'concurrent-ruby', '~> 0.9'
21
+ gem 'mocha', '~> 1.1'
21
22
  end
22
23
 
23
24
  group :integration do
24
- gem 'berkshelf', '~> 4.0'
25
+ gem 'berkshelf', '~> 4.3'
25
26
  gem 'test-kitchen', '~> 1.6'
26
27
  gem 'kitchen-vagrant'
27
28
  gem 'kitchen-inspec', '0.12.5'
data/docs/cli.rst CHANGED
@@ -320,22 +320,6 @@ This subcommand has additional options:
320
320
 
321
321
 
322
322
 
323
- scap
324
- =====================================================
325
-
326
- Scap commands
327
-
328
- Syntax
329
- -----------------------------------------------------
330
-
331
- This subcommand has the following syntax:
332
-
333
- .. code-block:: bash
334
-
335
- $ inspec scap SUBCOMMAND ...
336
-
337
-
338
-
339
323
  shell
340
324
  =====================================================
341
325
 
@@ -359,7 +343,7 @@ This subcommand has additional options:
359
343
  Choose a backend: local, ssh, winrm, docker.
360
344
 
361
345
  ``-c``, ``--command=COMMAND``
362
-
346
+ A single command string to run instead of launching the shell
363
347
 
364
348
  ``--host=HOST``
365
349
  Specify a remote host which is tested.
data/docs/resources.rst CHANGED
@@ -21,6 +21,7 @@ The following InSpec audit resources are available:
21
21
  * `group <https://github.com/chef/inspec/blob/master/docs/resources.rst#group-1/>`_
22
22
  * `grub_conf`_
23
23
  * `host`_
24
+ * `iis_site`_
24
25
  * `inetd_conf`_
25
26
  * `interface`_
26
27
  * `iptables`_
@@ -1799,6 +1800,107 @@ The following examples show how to use this InSpec audit resource.
1799
1800
  end
1800
1801
 
1801
1802
 
1803
+ iis_site
1804
+ =====================================================
1805
+ Tests the status, path, bindings, and application pool of an IIS website. Supported in windows 2012 and higher.
1806
+
1807
+ **Stability: Experimental**
1808
+
1809
+ Syntax
1810
+ -----------------------------------------------------
1811
+ An ``iis_site`` |inspec resource| block declares the IIS web site properties to be tested:
1812
+
1813
+ .. code-block:: ruby
1814
+ describe iis_site('website') do
1815
+ it { should exist }
1816
+ it { should be_running }
1817
+ it { should have_app_pool('app_pool') }
1818
+ it { should have_binding('https :443:www.contoso.com sslFlags=0') }
1819
+ it { should have_path('C:\\inetpub\\wwwroot') }
1820
+ end
1821
+
1822
+ where
1823
+
1824
+ * ``iis_site()`` must specify a web site name
1825
+ * ``'website'`` is the web site name
1826
+ * ``have_app_pool('my_app_pool')`` tests that our site belongs to the 'my_app_pool' application pool
1827
+ * ``have_binding('my_binding')`` tests that our site has the specified binding. my_binding should be in the format of the default output from the Get-Website powershell cmdlet
1828
+
1829
+ Matchers
1830
+ -----------------------------------------------------
1831
+ This InSpec audit resource has the following matchers.
1832
+
1833
+ exist
1834
+ +++++++++++++++++++++++++++++++++++++++++++++++++++++
1835
+ The ``exist`` matcher tests if the website exists in IIS:
1836
+
1837
+ .. code-block:: ruby
1838
+
1839
+ it { should exist }
1840
+
1841
+ be_running
1842
+ +++++++++++++++++++++++++++++++++++++++++++++++++++++
1843
+ The ``be_running`` matcher tests if the IIS site is running
1844
+
1845
+ .. code-block:: ruby
1846
+
1847
+ it { should be_running }
1848
+
1849
+ have_app_pool
1850
+ +++++++++++++++++++++++++++++++++++++++++++++++++++++
1851
+ The ``have_app_pool`` matcher tests if the IIS site belongs in the specified application pool
1852
+
1853
+ .. code-block:: ruby
1854
+
1855
+ it { should have_app_pool('Default App Pool') }
1856
+
1857
+ have_binding
1858
+ +++++++++++++++++++++++++++++++++++++++++++++++++++++
1859
+ The ``have_binding`` matcher tests if the IIS site has the specified binding
1860
+
1861
+ .. code-block:: ruby
1862
+
1863
+ it { should have_binding('http :80:*' ) }
1864
+
1865
+ have_path
1866
+ +++++++++++++++++++++++++++++++++++++++++++++++++++++
1867
+ The ``have_path`` matcher tests if the IIS site is located in the specified path
1868
+
1869
+ .. code-block:: ruby
1870
+
1871
+ it { should have_path('c:\\inetpub\\wwwroot\\my_site') }
1872
+
1873
+
1874
+ Examples
1875
+ -----------------------------------------------------
1876
+ The following examples show how to use this InSpec audit resource.
1877
+
1878
+ **Test if a web site 'My Site' is running and is located on disk at c:\\mysite**
1879
+
1880
+ .. code-block:: ruby
1881
+
1882
+ describe iis_site('My Site') do
1883
+ it { should be_running }
1884
+ it { should have_path('c:\\mysite') }
1885
+ end
1886
+
1887
+ **Test to see if 'Default Web Site' has been removed**
1888
+
1889
+ .. code-block:: ruby
1890
+
1891
+ describe iis_site('Default Web Site') do
1892
+ it { should_not exist }
1893
+ end
1894
+
1895
+ **Test 'New Website' is running in Default App Pool and listening on port 80 via http**
1896
+
1897
+ .. code-block:: ruby
1898
+
1899
+ describe iis_site('New Website') do
1900
+ it { should have_app_pool('app_pool') }
1901
+ it { should have_binding('http :80:*') }
1902
+ end
1903
+
1802
1904
 
1803
1905
 
1804
1906
  inetd_conf
@@ -3462,6 +3564,18 @@ A ``port`` |inspec resource| block declares a port, and then depending on what n
3462
3564
 
3463
3565
  where the ``processes`` returns the processes listening on port 514.
3464
3566
 
3567
+ or:
3568
+
3569
+ .. code-block:: ruby
3570
+
3571
+ describe port.where { protocol =~ /tcp/ && port > 22 && port < 80 } do
3572
+ it { should_not be_listening }
3573
+ end
3574
+
3575
+ where
3576
+
3577
+ * ``.where{}`` may specify a block to filter on attributes: port, address, protocol, process, pid, listening?
3578
+
3465
3579
  Matchers
3466
3580
  -----------------------------------------------------
3467
3581
  This InSpec audit resource has the following matchers.
@@ -3554,6 +3668,20 @@ This check can be implemented in two equivalent ways:
3554
3668
  it { should be_listening }
3555
3669
  end
3556
3670
 
3671
+ **Test that no ports above 80 are listening**
3672
+
3673
+ .. code-block:: ruby
3674
+
3675
+ describe port.where { protocol =~ /tcp/ && port > 80 } do
3676
+ it { should_not be_listening }
3677
+ end
3678
+
3679
+ **Tests that only httpd and sshd are listening**
3680
+
3681
+ describe port.where { listening? } do
3682
+ its('processes') { should contain_exactly('sshd','httpd') }
3683
+ end
3684
+
3557
3685
  postgres_conf
3558
3686
  =====================================================
3559
3687
  Use the ``postgres_conf`` |inspec resource| to test the contents of the configuration file for |postgresql|, typically located at ``/etc/postgresql/<version>/main/postgresql.conf`` or ``/var/lib/postgres/data/postgresql.conf``, depending on the platform.
data/docs/shell.rst ADDED
@@ -0,0 +1,130 @@
1
+ =====================================================
2
+ InSpec Shell Usage
3
+ =====================================================
4
+
5
+ The InSpec interactive shell is a pry based REPL that can be used to quickly run InSpec controls and tests without having to write it to a file. Its functionality is similar to ``chef shell`` - it provides a way to exercise the InSpec DSL, its resources, tests and plugins without having to create a profile or write a test file. See http://pryrepl.org/ for an introduction to what pry is and what it can do.
6
+
7
+
8
+ Launching the shell
9
+ -----------------------------------------------------
10
+
11
+ If you are using InSpec from a platform-specific package (rpm, msi, etc.) or from a chef prepared shell in ChefDK, you can directly launch InSpec shell against your local machine using the following. See https://docs.chef.io/install_dk.html#set-system-ruby for details.
12
+
13
+ .. code-block:: bash
14
+
15
+ $ inspec shell
16
+ $ inspec help shell # This will describe inspec shell usage
17
+
18
+ If you wish to connect to a remote machine (called a target within InSpec), you can use the ``-t`` flag. We support connecting using ssh, WinRm and docker. If no target is provided, we implicitly support the "local" target - i.e. tests running on the current machine running InSpec. For an ssh connection, use ``-i`` for specifying ssh key files, and the ``--sudo*`` commands for requesting a privelege escalation after logging in. For a WinRM connection, use ``--path`` to change the login path, ``--ssl`` to use SSL for transport layer encryption.
19
+
20
+ .. code-block:: bash
21
+
22
+ $ inspec shell -t ssh://root@192.168.64.2:11022 # Login to remote machine using ssh as root.
23
+ $ inspec shell -t ssh://user@hostname:1234 -i /path/to/user_key # Login to hostname on port 1234 as user using given ssh key.
24
+ $ inspec shell -t winrm://UserName:Password@windowsmachine:1234 # Login to windowsmachine over WinRM as UserName.
25
+ $ inspec shell -t docker://container_id # Login to a docker container.
26
+
27
+
28
+ Using Ruby in InSpec shell
29
+ -----------------------------------------------------
30
+
31
+ Since InSpec shell is pry based, you may treat the shell as an interactive Ruby session. You may write Ruby expressions and evaluate them. Source high-lighting, automatic indentation and command history (using the up and down arrow keys) are available to make your experience more delightful. You can exit the shell using ``exit``.
32
+
33
+ .. code-block:: bash
34
+
35
+ $ inspec shell
36
+ Welcome to the interactive InSpec Shell
37
+ To find out how to use it, type: help
38
+
39
+ inspec> 1 + 2
40
+ => 3
41
+ inspec> exit
42
+
43
+
44
+ Using InSpec DSL in InSpec shell
45
+ -----------------------------------------------------
46
+
47
+ InSpec shell will automatically evaluate the result of every command as if it were a test file. If you type in a Ruby command that is not an InSpec control or test, the shell will evaluate it as if it were a regular ruby command.
48
+
49
+ Bare InSpec resources are instantiated and their help text is presented. You may also access the resource contents or other matchers that they define. Run ``help <resource>`` to get more help on using a particular resource or see the InSpec resources documentation online.
50
+
51
+ .. code-block:: bash
52
+
53
+ $ inspec shell
54
+ Welcome to the interactive InSpec Shell
55
+ To find out how to use it, type: help
56
+
57
+ inspec> file('/Users/ksubramanian').directory?
58
+ => true
59
+ inspec> os_env('HOME')
60
+ => Environment variable HOME
61
+ inspec> os_env('HOME').content
62
+ => /Users/ksubramanian
63
+ inspec> exit
64
+
65
+ InSpec tests are immediately executed.
66
+
67
+
68
+ .. code-block:: bash
69
+
70
+ inspec> describe file('/Users') # Empty test.
71
+ Summary: 0 successful, 0 failures, 0 skipped
72
+ inspec> describe file('/Users') do # Test with one check.
73
+ inspec> it { should exist }
74
+ inspec> end
75
+ ✔ File /Users should exist
76
+
77
+ Summary: 1 successful, 0 failures, 0 skipped
78
+
79
+
80
+ All tests in a control are immediately executed as well. If a control is redefined in the shell, the old control's tests are destroyed and replaced with the redefinition and the control is re-run.
81
+
82
+ .. code-block:: bash
83
+
84
+ inspec> control 'my_control' do
85
+ inspec> describe os_env('HOME') do
86
+ inspec> its('content') { should eq '/Users/ksubramanian' }
87
+ inspec> end
88
+ inspec> end
89
+ ✔ my_control: Environment variable HOME content should eq "/Users/ksubramanian"
90
+
91
+ Summary: 1 successful, 0 failures, 0 skipped
92
+
93
+ Syntax errors are illegal tests are also detected and reported.
94
+
95
+
96
+ .. code-block:: bash
97
+
98
+ inspec> control 'foo' do
99
+ inspec> thisisnonsense
100
+ inspec> end
101
+ NameError: undefined local variable or method `thisisnonsense' for #<#<Class:0x007fd63b571f98>:0x007fd639825cc8>
102
+ from /usr/local/lib/ruby/gems/2.3.0/gems/rspec-expectations-3.5.0/lib/rspec/matchers.rb:967:in `method_missing'
103
+ inspec> control 'foo' do
104
+ inspec> describe file('wut') do
105
+ inspec> its('thismakesnosense') { should cmp 'fail' }
106
+ inspec> end
107
+ inspec> end
108
+ ✖ foo: File wut thismakesnosense (undefined method `thismakesnosense' for File wut:Inspec::Resource::Registry::File)
109
+
110
+ Summary: 0 successful, 1 failures, 0 skipped
111
+
112
+
113
+ Running a single InSpec command
114
+ -----------------------------------------------------
115
+
116
+ If you wish to run a single InSpec command and fetch its results, you may use the ``-c`` flag. This is similar to using ``bash -c``.
117
+
118
+ .. code-block:: bash
119
+ $ inspec shell -c 'describe file("/Users/ksubramanian") do it { should exist } end'
120
+
121
+ Target: local://
122
+
123
+ ✔ File /Users/ksubramanian should exist
124
+
125
+ Summary: 1 successful, 0 failures, 0 skipped
126
+
127
+
128
+ .. code-block:: bash
129
+ $ inspec shell --format json -c 'describe file("/Users/ksubramanian") do it { should exist } end'
130
+ {"version":"0.30.0","profiles":{"":{"supports":[],"controls":{"(generated from in_memory.rb:1 5aab65c33fb1f133d9244017958eef64)":{"title":null,"desc":null,"impact":0.5,"refs":[],"tags":{},"code":" rule = rule_class.new(id, profile_id, {}) do\n res = describe(*args, &block)\n end\n","source_location":{"ref":"/Users/ksubramanian/repo/chef/inspec/lib/inspec/profile_context.rb","line":184},"results":[{"status":"passed","code_desc":"File /Users/ksubramanian should exist","run_time":0.000747,"start_time":"2016-08-16 11:41:40 -0400"}]}},"groups":{"in_memory.rb":{"title":null,"controls":["(generated from in_memory.rb:1 5aab65c33fb1f133d9244017958eef64)"]}},"attributes":[]}},"other_checks":[],"summary":{"duration":0.001078,"example_count":1,"failure_count":0,"skip_count":0}}
data/inspec.gemspec CHANGED
@@ -17,7 +17,7 @@ Gem::Specification.new do |spec|
17
17
  README.md Rakefile MAINTAINERS.toml MAINTAINERS.md LICENSE inspec.gemspec
18
18
  Gemfile CHANGELOG.md .rubocop.yml
19
19
  } + Dir.glob(
20
- '{bin,docs,examples,lib,tasks,test}/**/*', File::FNM_DOTMATCH
20
+ '{bin,docs,examples,lib}/**/*', File::FNM_DOTMATCH
21
21
  ).reject { |f| File.directory?(f) }
22
22
 
23
23
  spec.executables = %w{ inspec }
@@ -34,7 +34,6 @@ Gem::Specification.new do |spec|
34
34
  spec.add_dependency 'rspec-its', '~> 1.2'
35
35
  spec.add_dependency 'pry', '~> 0'
36
36
  spec.add_dependency 'hashie', '~> 3.4'
37
- spec.add_dependency 'molinillo', '~> 0.5'
38
-
39
- spec.add_development_dependency 'mocha', '~> 1.1'
37
+ spec.add_dependency 'molinillo', '~> 0'
38
+ spec.add_dependency 'sslshake', '~> 1'
40
39
  end
@@ -11,7 +11,6 @@ provisioner:
11
11
 
12
12
  verifier:
13
13
  name: inspec
14
- sudo: true
15
14
 
16
15
  platforms:
17
16
  - name: ubuntu-14.04
@@ -117,8 +117,10 @@ Pending: (Failures listed here are expected and do not affect your suite's statu
117
117
 
118
118
  Finished in 0.02862 seconds (files took 0.62628 seconds to load)
119
119
  5 examples, 0 failures, 1 pending
120
+ ```
121
+
122
+ # Logout from Chef Compliance
120
123
 
121
- # logout from Chef Compliance
122
124
  ```
123
125
  $ inspec compliance logout
124
126
  Successfully logged out
@@ -130,11 +132,14 @@ At this point of time, InSpec is not able to pick up the token directly, therefo
130
132
 
131
133
  * run `kitchen converge`
132
134
  * open https://192.168.251.2 and log in with user `admin` and password `admin`
133
- * click on user->about and obtain the refresh token
135
+ * click on user->about and obtain the access token and the refresh token
134
136
  * run `kitchen verify` with the required env variables:
135
137
 
136
138
  ```
137
- COMPLIANCE_REFRESH_TOKEN=myrefreshtoken COMPLIANCE_ACCESS_TOKEN=mycompliancetoken b kitchen verify
139
+ # both token need to be set, since the test suite runs for each token type
140
+ export COMPLIANCE_ACCESSTOKEN='mycompliancetoken'
141
+ export COMPLIANCE_REFRESHTOKEN='myrefreshtoken'
142
+ kitchen verify
138
143
  -----> Starting Kitchen (v1.7.3)
139
144
  -----> Verifying <default-ubuntu-1404>...
140
145
  Search `/Users/chartmann/Development/compliance/inspec/lib/bundles/inspec-compliance/test/integration/default` for tests
@@ -27,16 +27,24 @@ module Compliance
27
27
  # TODO, api should not be dependent on .supported?
28
28
  response = Compliance::HTTP.get(url, config['token'], config['insecure'], !config.supported?(:oidc))
29
29
  data = response.body
30
- if !data.nil?
30
+ response_code = response.code
31
+ case response_code
32
+ when '200'
33
+ msg = 'success'
31
34
  profiles = JSON.parse(data)
32
35
  # iterate over profiles
33
- profiles.map do |owner, ps|
36
+ mapped_profiles = profiles.map do |owner, ps|
34
37
  ps.keys.map do |name|
35
38
  { org: owner, name: name }
36
39
  end
37
40
  end.flatten
41
+ return msg, mapped_profiles
42
+ when '401'
43
+ msg = '401 Unauthorized. Please check your token.'
44
+ return msg, []
38
45
  else
39
- []
46
+ msg = "An unexpected error occurred (HTTP #{response_code}): #{response.message}"
47
+ return msg, []
40
48
  end
41
49
  end
42
50
 
@@ -44,8 +52,15 @@ module Compliance
44
52
  # NB this method does not use Compliance::Configuration to allow for using
45
53
  # it before we know the version (e.g. oidc or not)
46
54
  def self.version(url, insecure)
47
- response = Compliance::HTTP.get(url+'/version', nil, insecure)
48
- data = response.body
55
+ if url.nil?
56
+ puts "
57
+ Server configuration information is missing.
58
+ Please login using `inspec compliance login https://compliance.test --user admin --insecure --token 'PASTE TOKEN HERE' `
59
+ "
60
+ else
61
+ response = Compliance::HTTP.get(url+'/version', nil, insecure)
62
+ data = response.body
63
+ end
49
64
  if !data.nil?
50
65
  JSON.parse(data)
51
66
  else
@@ -55,7 +70,7 @@ module Compliance
55
70
 
56
71
  # verifies that a profile
57
72
  def self.exist?(config, profile)
58
- profiles = Compliance::API.profiles(config)
73
+ _msg, profiles = Compliance::API.profiles(config)
59
74
  if !profiles.empty?
60
75
  index = profiles.index { |p| "#{p[:org]}/#{p[:name]}" == profile }
61
76
  !index.nil? && index >= 0
@@ -20,18 +20,22 @@ sudo apt-get install chef-compliance
20
20
  sudo chef-compliance-ctl reconfigure --accept-license
21
21
  sudo chef-compliance-ctl restart
22
22
 
23
- # build master version of inspec
24
- sudo /opt/chef-compliance/embedded/bin/gem list inspec
25
-
26
- cd /inspec
27
- sudo /opt/chef-compliance/embedded/bin/gem build *.gemspec
28
- sudo /opt/chef-compliance/embedded/bin/gem install inspec*.gem
29
- sudo /opt/chef-compliance/embedded/bin/inspec version
30
- sudo /opt/chef-compliance/embedded/bin/gem list inspec
31
-
32
23
  # finalize setup
33
24
  cd /
34
25
  /opt/chef-compliance/embedded/service/core/bin/core setup --endpoint "http://127.0.0.1:10500/setup" --login "admin" --password "admin" --name "John Doe" --accept-eula
35
26
 
36
27
  # wget --no-check-certificate http://127.0.0.1/api/version
37
28
  # cat version
29
+
30
+ # install ruby 2.3
31
+ sudo apt-get install -y software-properties-common
32
+ sudo apt-add-repository -y ppa:brightbox/ruby-ng
33
+ sudo apt-get update
34
+ sudo apt-get install -y ruby2.3 ruby2.3-dev
35
+ ruby2.3 -v
36
+
37
+ # prepare the usage of bundler
38
+ sudo gem install bundler
39
+ cd /inspec
40
+ bundle install
41
+ BUNDLE_GEMFILE=/inspec/Gemfile bundle exec inspec version
@@ -9,8 +9,16 @@ module Compliance
9
9
  class ComplianceCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
10
10
  namespace 'compliance'
11
11
 
12
- desc 'login SERVER', 'Log in to a Chef Compliance SERVER'
13
- option :server, type: :string, desc: 'Chef Compliance Server URL'
12
+ # TODO: find another solution, once https://github.com/erikhuda/thor/issues/261 is fixed
13
+ def self.banner(command, _namespace = nil, _subcommand = false)
14
+ "#{basename} #{subcommand_prefix} #{command.usage}"
15
+ end
16
+
17
+ def self.subcommand_prefix
18
+ namespace
19
+ end
20
+
21
+ desc "login SERVER --insecure --user='USER' --token='TOKEN'", 'Log in to a Chef Compliance SERVER'
14
22
  option :insecure, aliases: :k, type: :boolean,
15
23
  desc: 'Explicitly allows InSpec to perform "insecure" SSL connections and transfers'
16
24
  option :user, type: :string, required: false,
@@ -23,36 +31,29 @@ module Compliance
23
31
  desc: 'Chef Compliance access token'
24
32
  option :refresh_token, type: :string, required: false,
25
33
  desc: 'Chef Compliance refresh token'
26
- def login(server) # rubocop:disable Metrics/AbcSize, PerceivedComplexity
34
+ def login(server) # rubocop:disable Metrics/AbcSize
27
35
  # show warning if the Compliance Server does not support
28
- if !Compliance::Configuration.new.supported?(:oidc)
29
- puts 'Your server supports --user and --password only'
30
- end
31
36
 
32
37
  options['server'] = server
33
38
  url = options['server'] + options['apipath']
34
39
  if !options['user'].nil? && !options['password'].nil?
35
40
  # username / password
36
- success, msg = login_legacy(url, options['user'], options['password'], options['insecure'])
41
+ _success, msg = login_legacy(url, options['user'], options['password'], options['insecure'])
37
42
  elsif !options['user'].nil? && !options['token'].nil?
38
43
  # access token
39
- success, msg = store_access_token(url, options['user'], options['token'], options['insecure'])
44
+ _success, msg = store_access_token(url, options['user'], options['token'], options['insecure'])
40
45
  elsif !options['refresh_token'].nil? && !options['user'].nil?
41
46
  # refresh token
42
- success, msg = store_refresh_token(url, options['refresh_token'], true, options['user'], options['insecure'])
47
+ _success, msg = store_refresh_token(url, options['refresh_token'], true, options['user'], options['insecure'])
43
48
  # TODO: we should login with the refreshtoken here
44
49
  elsif !options['refresh_token'].nil?
45
- success, msg = login_refreshtoken(url, options)
50
+ _success, msg = login_refreshtoken(url, options)
46
51
  else
47
- puts 'Please run `inspec compliance login` with options --token or --refresh_token and --user'
52
+ puts 'Please run `inspec compliance login SERVER` with options --token or --refresh_token, --user, and --insecure or --not-insecure'
48
53
  exit 1
49
54
  end
50
55
 
51
- if success
52
- puts 'Successfully authenticated'
53
- else
54
- puts msg
55
- end
56
+ puts '', msg
56
57
  end
57
58
 
58
59
  desc 'profiles', 'list all available profiles in Chef Compliance'
@@ -60,7 +61,7 @@ module Compliance
60
61
  config = Compliance::Configuration.new
61
62
  return if !loggedin(config)
62
63
 
63
- profiles = Compliance::API.profiles(config)
64
+ msg, profiles = Compliance::API.profiles(config)
64
65
  if !profiles.empty?
65
66
  # iterate over profiles
66
67
  headline('Available profiles:')
@@ -68,7 +69,8 @@ module Compliance
68
69
  li("#{profile[:org]}/#{profile[:name]}")
69
70
  }
70
71
  else
71
- puts 'Could not find any profiles'
72
+ puts msg, 'Could not find any profiles'
73
+ exit 1
72
74
  end
73
75
  end
74
76
 
@@ -160,6 +162,7 @@ module Compliance
160
162
  else
161
163
  puts 'Error during profile upload:'
162
164
  puts msg
165
+ exit 1
163
166
  end
164
167
  end
165
168
 
@@ -171,6 +174,7 @@ module Compliance
171
174
  puts "Chef Compliance version: #{info['version']}"
172
175
  else
173
176
  puts 'Could not determine server version.'
177
+ exit 1
174
178
  end
175
179
  end
176
180
 
@@ -223,7 +227,7 @@ module Compliance
223
227
  success = true
224
228
  msg = 'Successfully authenticated'
225
229
  else
226
- msg = 'Reponse does not include a token'
230
+ msg = 'Response does not include a token'
227
231
  end
228
232
  else
229
233
  msg = "Authentication failed for Server: #{url}"
@@ -15,6 +15,7 @@ module Compliance
15
15
  priority 500
16
16
 
17
17
  def self.resolve(target, _opts = {})
18
+ return nil unless target.is_a?(String)
18
19
  # check for local scheme compliance://
19
20
  uri = URI(target)
20
21
  return nil unless URI(uri).scheme == 'compliance'