inspec 0.30.0 → 0.31.0

data/test/cookbooks/os_prepare/attributes/default.rb

@@ -1,2 +0,0 @@
-default['osprepare']['docker'] = false
-default['osprepare']['application'] = true

data/test/cookbooks/os_prepare/files/example.csv

@@ -1,7 +0,0 @@
-name,version,license,title,description
-addressable,2.3.6,Apache 2.0,URI Implementation,"Addressable is a replacement for the URI implementation that is part of
-Ruby's standard library. It more closely conforms to the relevant RFCs and
-adds support for IRIs and URI templates."
-ast,2.0.0,MIT,A library for working with Abstract Syntax Trees.,A library for working with Abstract Syntax Trees.
-astrolabe,1.3.0,MIT,An object-oriented AST extension for Parser,An object-oriented AST extension for Parser
-berkshelf,3.2.3,Apache 2.0,"Manages a Cookbook's, or an Application's, Cookbook dependencies","Manages a Cookbook's, or an Application's, Cookbook dependencies"

data/test/cookbooks/os_prepare/files/example.ini

@@ -1,6 +0,0 @@
-# a comment...
-[client]
-port		= 3306
-
-[mysqld]
-user		= mysql

data/test/cookbooks/os_prepare/files/example.json

@@ -1,12 +0,0 @@
-{
-  "name": "demo",
-  "run_list": [
-    "apache2",
-    "omnibus"
-  ],
-  "cookbook_locks": {
-    "omnibus": {
-      "version": "2.2.0"
-    }
-  }
-}

data/test/cookbooks/os_prepare/files/example.yml

@@ -1,7 +0,0 @@
-driver:
-  name: vagrant
-  customize:
-    memory: 1024
-platforms:
-  - name: centos-5.11
-  - name: centos-6.7

data/test/cookbooks/os_prepare/metadata.rb

@@ -1,13 +0,0 @@
-# encoding: utf-8
-name 'os_prepare'
-maintainer 'Chef Software, Inc.'
-maintainer_email 'support@chef.io'
-description 'This cookbook prepares the test operating systems'
-version '1.0.0'
-
-depends 'apt'
-depends 'yum'
-depends 'runit'
-depends 'postgresql'
-depends 'httpd', '~> 0.2'
-depends 'windows'

data/test/cookbooks/os_prepare/recipes/_runit_service_centos.rb

@@ -1,34 +0,0 @@
-# encoding: utf-8
-# author: Stephan Renatus
-
-include_recipe 'runit::default'
-
-# put ctl in alt location
-directory '/opt/chef/embedded/sbin' do
-  recursive true
-  action :create
-end
-
-link '/opt/chef/embedded/sbin/sv' do
-  to '/sbin/sv' # default location
-end
-
-runit_service 'running-runit-service' do
-  default_logger true
-  run_template_name 'default-svlog'
-end
-
-runit_service 'not-enabled-runit-service' do
-  default_logger true
-  run_template_name 'default-svlog'
-  start_down true
-  action :enable
-end
-
-runit_service 'not-running-runit-service' do
-  default_logger true
-  run_template_name 'default-svlog'
-  action :create
-end
-
-execute 'sv down not-running-runit-service'

data/test/cookbooks/os_prepare/recipes/_upstart_service_centos.rb

@@ -1,25 +0,0 @@
-# encoding: utf-8
-# author: Stephan Renatus
-
-directory '/etc/init' do
-  action :create
-end
-
-file "/etc/init/upstart-running.conf" do
-  content "exec tail -f /dev/null"
-end
-
-file "/etc/init/upstart-enabled-not-running.conf" do
-  content "exec tail -f /dev/null\nstart on networking"
-end
-
-file "/etc/init/upstart-enabled-and-running.conf" do
-  content "exec tail -f /dev/null\nstart on networking"
-end
-
-%w{ enabled-and-running running }.each do |srv|
-  service "upstart-#{srv}" do
-    provider Chef::Provider::Service::Upstart
-    action :start
-  end
-end

data/test/cookbooks/os_prepare/recipes/apache.rb

@@ -1,14 +0,0 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-
-# install apache service
-case node['platform']
-when 'ubuntu', 'centos', 'amazon', 'fedora'
-
-  return if node['platform_version'] == "15.10"
-
-  httpd_service 'default' do
-    action :create
-  end
-
-end

data/test/cookbooks/os_prepare/recipes/apt.rb

@@ -1,20 +0,0 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Richter
-
-# add nginx apt repository
-case node['platform']
-when 'ubuntu'
-  # use ppa
-  apt_repository 'nginx' do
-    uri 'ppa:nginx/stable'
-    distribution node['lsb']['codename']
-  end
-when 'debian'
-  # use plain repo
-  apt_repository 'nginx' do
-    uri 'http://nginx.org/packages/debian'
-    distribution node['lsb']['codename']
-    components ['nginx']
-  end
-end

data/test/cookbooks/os_prepare/recipes/auditctl.rb

@@ -1,8 +0,0 @@
-# encoding: utf-8
-# author: Stephan Renatus
-
-case node['platform']
-when 'centos'
-  execute 'auditctl -a always,exit -F arch=b32 -S open -S openat -F exit=-EACCES -k access'
-  execute 'auditctl -w /etc/ssh/sshd_config -p rwxa -k sshd_config'
-end

data/test/cookbooks/os_prepare/recipes/default.rb

@@ -1,29 +0,0 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Richter
-#
-# prepare all operating systems with the required configuration
-
-# container preparation
-include_recipe('os_prepare::prep_container')
-
-# basic tests
-include_recipe('os_prepare::file')
-include_recipe('os_prepare::mount') unless node['osprepare']['docker']
-include_recipe('os_prepare::service')
-include_recipe('os_prepare::package')
-include_recipe('os_prepare::registry_key')
-include_recipe('os_prepare::iptables') unless node['osprepare']['docker']
-
-# config file parsing
-include_recipe('os_prepare::json_yaml_csv_ini')
-
-# configure repos, eg. nginx
-include_recipe('os_prepare::apt')
-
-# application configuration
-if node['osprepare']['application']
-  include_recipe('os_prepare::postgres')
-  include_recipe('os_prepare::auditctl') unless node['osprepare']['docker']
-  include_recipe('os_prepare::apache')
-end

data/test/cookbooks/os_prepare/recipes/file.rb

@@ -1,46 +0,0 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Richter
-#
-# prepares a sample file for verification
-
-if node['platform_family'] != 'windows'
-
-  gid = case node['platform_family']
-        when 'aix'
-          'system'
-        when 'freebsd'
-          'wheel'
-        when 'solaris', 'solaris2'
-          'sys'
-        else
-          'root'
-        end
-
-
-  file '/tmp/file' do
-    mode '0765'
-    owner 'root'
-    group gid
-    content 'hello world'
-  end
-
-  file '/tmp/sfile' do
-    mode '7765'
-    owner 'root'
-    group gid
-    content 'hello suid/sgid/sticky'
-  end
-
-  directory '/tmp/folder' do
-    mode '0567'
-    owner 'root'
-    group gid
-  end
-
-else
-
-  directory 'C:\Test Directory'
-  file 'C:\Test Directory\test file.txt'
-
-end

data/test/cookbooks/os_prepare/recipes/iptables.rb

@@ -1,13 +0,0 @@
-# encoding: utf-8
-# author: Stephan Renatus
-
-case node['platform']
-when 'ubuntu', 'rhel', 'centos', 'fedora'
-  execute 'iptables -A INPUT -i eth0 -p tcp -m tcp '\
-          '--dport 80 -m state --state NEW -m comment '\
-          '--comment "http on 80" -j ACCEPT'
-  execute 'iptables -N derby-cognos-web'
-  execute 'iptables -A INPUT -j derby-cognos-web'
-  execute 'iptables -A derby-cognos-web -p tcp -m tcp --dport 80 '\
-          '-m comment --comment "derby-cognos-web" -j ACCEPT'
-end

data/test/cookbooks/os_prepare/recipes/json_yaml_csv_ini.rb

@@ -1,34 +0,0 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Richter
-#
-# adds a yaml file
-
-gid = case node['platform_family']
-      when 'aix'
-        'system'
-      when 'freebsd'
-        'wheel'
-      when 'solaris', 'solaris2'
-        'sys'
-      else
-        'root'
-      end
-
-['yml', 'json', 'csv', 'ini'].each { |filetype|
-
-  if node['platform_family'] != 'windows'
-    cookbook_file "/tmp/example.#{filetype}" do
-      source "example.#{filetype}"
-      owner 'root'
-      group gid
-      mode '0755'
-      action :create
-    end
-  else
-    cookbook_file "C:/windows/temp/example.#{filetype}" do
-      source "example.#{filetype}"
-      action :create
-    end
-  end
-}

data/test/cookbooks/os_prepare/recipes/mount.rb

@@ -1,33 +0,0 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Richter
-#
-# file mount tests
-
-case node['platform']
-when 'ubuntu', 'rhel', 'centos', 'fedora'
-
-  # copy iso file for mount tests
-  # NB created using `mkdir empty; mkisofs -o empty.iso empty/`
-  cookbook_file '/tmp/empty.iso' do
-    owner 'root'
-    group 'root'
-    mode '0755'
-    action :create
-  end
-
-  # create mount directory
-  directory '/mnt/iso-disk' do
-    owner 'root'
-    group 'root'
-    mode '0755'
-    action :create
-  end
-
-  # mount -o loop /root/empty.iso /mnt/iso-disk
-  mount '/mnt/iso-disk' do
-    device '/tmp/empty.iso'
-    options 'loop'
-    action [:mount, :enable]
-  end
-end

data/test/cookbooks/os_prepare/recipes/package.rb

@@ -1,25 +0,0 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Richter
-#
-# installs everything to do the package test
-
-case node['platform']
-when 'ubuntu', 'debian'
-  include_recipe('apt')
-  package 'curl'
-when 'rhel', 'centos', 'fedora'
-  include_recipe('yum')
-
-  # TODO: support DNF natively
-  # Special care for fedora 22, since dnf is not officially supported yet
-  # https://github.com/chef/chef/issues/3201
-  if node['platform_version'] == '22'
-    execute 'dnf install -y yum'
-  end
-
-  package 'curl'
-when 'freebsd'
-  # do nothing
-  # TODO: implement Freebsd packages
-end

data/test/cookbooks/os_prepare/recipes/postgres.rb

@@ -1,20 +0,0 @@
-# encoding: utf-8
-# author: Stephan Renatus
-#
-# installs everyting for the postgres tests
-
-# hw-cookbooks/postgresql is tested on these platforms
-case node['platform']
-when 'ubuntu', 'centos'
-
-  # also skip it on ubuntu 15.10, because the cookbook is not supported
-  # with `enable_pgdg_apt` yet
-  return if node['platform_version'] == "15.10"
-  # skip it on centos 5, because ca-certificates is not available
-  return if node['platform_version'] == "5"
-
-  node.default['postgresql']['enable_pgdg_apt'] = true
-  node.default['postgresql']['config']['listen_addresses'] = 'localhost'
-  node.default['postgresql']['password']['postgres'] = 'md506be11be01439cb4abd537e454df34ea' # "inspec"
-  include_recipe 'postgresql::server'
-end

data/test/cookbooks/os_prepare/recipes/prep_container.rb

@@ -1,15 +0,0 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Richter
-#
-# prepares container for normal use :-)
-
-# install docker pre-conditions
-if ['ubuntu', 'debian'].include?(node['platform'])
-  include_recipe('apt')
-
-  # if package lsb-release & procps is not installed
-  # chef returns an empty node['lsb']['codename']
-  package("lsb-release")
-  package("procps")
-end

data/test/cookbooks/os_prepare/recipes/registry_key.rb

@@ -1,87 +0,0 @@
-# encoding: utf-8
-# author: Alex Pop
-# author: Christoph Hartmann
-#
-# change a few Windows registry keys for testing purposes
-
-if node['platform_family'] == 'windows'
-
-  registry_key 'HKLM\System\Test' do
-    values [{
-      :name => '',
-      :type => :string,
-      :data => 'test'
-    },{
-      :name => 'string value',
-      :type => :string,
-      :data => nil
-    },{
-      :name => 'binary value',
-      :type => :binary,
-      :data => 'dfa0f066'
-    },{
-      :name => 'dword value',
-      :type => :dword,
-      :data => 0
-    },{
-      :name => 'qword value',
-      :type => :qword,
-      :data => 0
-    },{
-      :name => 'multistring value',
-      :type => :multi_string,
-      :data => ['test', 'multi','string','data']
-    }]
-    recursive true
-    action :create
-  end
-
-  registry_key 'HKLM\Software\Policies\Microsoft\Windows\EventLog\System' do
-    values [{ name: 'MaxSize', type: :dword, data: 67_108_864 }]
-    recursive true
-    action :create
-  end
-
-  registry_key 'HKLM\System\CurrentControlSet\Control\Session Manager' do
-    values [{ name: 'SafeDllSearchMode', type: :dword, data: 1 }]
-    recursive true
-    action :create
-  end
-
-  registry_key 'HKLM\System\CurrentControlSet\Services\LanManServer\Parameters' do
-    values [{ name: 'NullSessionShares', type: :multi_string, data: [] }]
-    recursive true
-    action :create
-  end
-
-  registry_key 'HKLM\Software\Policies\Microsoft\Internet Explorer\Main' do
-    values [{ name: 'Isolation64Bit', type: :dword, data: 1 }]
-    recursive true
-    action :create
-  end
-
-  registry_key 'HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' do
-    values [{ name: 'MinEncryptionLevel', type: :dword, data: 3 }]
-    recursive true
-    action :create
-  end
-
-  registry_key 'HKLM\System\CurrentControlSet\Control\Lsa\MSV1_0' do
-    values [{ name: 'NTLMMinServerSec', type: :dword, data: 537_395_200 }]
-    recursive true
-    action :create
-  end
-
-  # used to verify pattern test
-  ::Chef::Recipe.send(:include, Chef::Mixin::PowershellOut)
-  cmd = powershell_out!('Get-WmiObject -Class Win32_UserAccount | % { $_.SID } | ConvertTo-Json')
-  sids = JSON.parse(cmd.stdout)
-  sids.each { |sid|
-    registry_key "HKEY_USERS\\#{sid}\\Software\\Policies\\Microsoft\\Windows\\Installer" do
-      values [{ name: 'AlwaysInstallElevated', type: :dword, data: 0 }]
-      recursive true
-      ignore_failure true # ignore users that have not been logged in
-      action :create
-    end
-  }
-end

data/test/cookbooks/os_prepare/recipes/service.rb

@@ -1,19 +0,0 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Richter
-#
-# prepares services
-
-case node['platform']
-when 'ubuntu'
-  # install ntp as a service
-  include_recipe 'apt::default'
-  package 'ntp'
-
-when 'centos'
-  # install runit for alternative service mgmt
-  if node['platform_version'].to_i == 6
-    include_recipe 'os_prepare::_runit_service_centos' unless node['osprepare']['docker']
-    include_recipe 'os_prepare::_upstart_service_centos' unless node['osprepare']['docker']
-  end
-end

data/test/cookbooks/os_prepare/templates/default/sv-default-svlog-run.erb

@@ -1,2 +0,0 @@
-#!/bin/sh
-exec tail -f /dev/null

data/test/docker_run.rb

@@ -1,162 +0,0 @@
-# encoding: utf-8
-# author: Dominik Richter
-
-require 'docker'
-require 'yaml'
-require 'concurrent'
-
-class DockerRunner
-  def initialize(conf_path = nil)
-    @conf_path = conf_path ||
-                 ENV['config']
-
-    docker_run_concurrency = (ENV['N'] || 5).to_i
-
-    if @conf_path.nil?
-      fail "You must provide a configuration file with docker boxes"
-    end
-
-    unless File.file?(@conf_path)
-      fail "Can't find configuration in #{@conf_path}"
-    end
-
-    @conf = YAML.load_file(@conf_path)
-    if @conf.nil? or @conf.empty?
-      fail "Can't read coniguration in #{@conf_path}"
-    end
-    if @conf['images'].nil?
-      fail "You must configure test images in your #{@conf_path}"
-    end
-
-    @images = docker_images_by_tag
-    @image_pull_tickets = Concurrent::Semaphore.new(2)
-    @docker_run_tickets = Concurrent::Semaphore.new(docker_run_concurrency)
-  end
-
-  def run_all(&block)
-    fail 'You must provide a block for run_all' unless block_given?
-
-    promises = @conf['images'].map do |id|
-      run_on_target(id, &block)
-    end
-
-    # wait for all tests to be finished
-    sleep(0.1) until promises.all?(&:fulfilled?)
-
-    # return resulting values
-    promises.map(&:value)
-  end
-
-  def run_on_target(name, &block)
-    pr = Concurrent::Promise.new {
-      begin
-        container = start_container(name)
-        res = block.call(name, container)
-      # special rescue block to handle not implemented error
-      rescue NotImplementedError => err
-        stop_container(container)
-        raise err.message + "\n" + err.backtrace.join("\n")
-      rescue StandardError => err
-        stop_container(container)
-        raise err.message + "\n" + err.backtrace.join("\n")
-      end
-      # always stop the container
-      stop_container(container)
-      res
-    }.execute
-
-    # failure handling
-    pr.rescue do |err|
-      msg = "\033[31;1m#{err.message}\033[0m"
-      puts msg
-      msg + "\n" + err.backtrace.join("\n")
-    end
-  end
-
-  def provision_image(image, prov, files)
-    return image if prov['script'].nil?
-    path = File.join(File.dirname(@conf_path), prov['script'])
-    unless File.file?(path)
-      puts "Can't find script file #{path}"
-      return image
-    end
-    puts "    script #{path}"
-    dst = "/bootstrap#{files.length}.sh"
-    files.push(dst)
-    image.insert_local('localPath' => path, 'outputPath' => dst)
-  end
-
-  def bootstrap_image(name, image)
-    files = []
-    provisions = Array(@conf['provision'])
-    puts "--> provision docker #{name}" unless provisions.empty?
-    provisions.each do |prov|
-      image = provision_image(image, prov, files)
-    end
-    [image, files]
-  end
-
-  def start_container(name, version = nil)
-    unless name.include?(':')
-      version ||= 'latest'
-      name = "#{name}:#{version}"
-    end
-    puts "--> schedule docker #{name}"
-
-    image = @images[name]
-    if image.nil?
-      puts "\033[35;1m--> pull docker images #{name} "\
-           "(this may take a while)\033[0m"
-
-      @image_pull_tickets.acquire(1)
-      puts "... start pull image #{name}"
-      image = Docker::Image.create('fromImage' => name)
-      @image_pull_tickets.release(1)
-
-      unless image.nil?
-        puts "\033[35;1m--> pull docker images finished for #{name}\033[0m"
-      end
-    end
-
-    fail "Can't find nor pull docker image #{name}" if image.nil?
-
-    image, scripts = bootstrap_image(name, image)
-
-    @docker_run_tickets.acquire(1)
-
-    puts "--> start docker #{name}"
-    container = Docker::Container.create(
-      'Cmd' => %w{sleep 3600},
-      'Image' => image.id,
-      'OpenStdin' => true,
-    )
-    container.start
-
-    scripts.each do |script|
-      container.exec(%w{chmod +x}.push(script))
-      container.exec(%w{sh -c}.push(script))
-    end
-
-    container
-  end
-
-  def stop_container(container)
-    @docker_run_tickets.release(1)
-    puts "--> killrm docker #{container.id}"
-    container.kill
-    container.delete(force: true)
-  end
-
-  private
-
-  # get all docker image tags
-  def docker_images_by_tag
-    images = {}
-    Docker::Image.all.map do |img|
-      Array(img.info['RepoTags']).each do |tag|
-        images[tag] = img
-      end
-    end
-    images
-  end
-end