inspec 0.32.0 → 0.33.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 0d4137116907e9d6bee7f88e2a1ec7c16372ee1c
-  data.tar.gz: 0c88924d165b05a9765a940197c3b3e779ba09f1
+  metadata.gz: 42f6886e62266384a0c80c87121f10fd132465b7
+  data.tar.gz: 438402a4b269d0cd6a686eac3dc1a1b549d0333a
 SHA512:
-  metadata.gz: e1016672adc6e043a2896ff1e78304f244d8f9ca7af64f8d85164e19c938916e0792df984f6c26d63d364ee03da385078d045235d42d4900704c19bec465bd25
-  data.tar.gz: 894d6fd605277f8608296b3ff0afc2f9510e8e4a6b57dde9ed5cf740d4adaf3114e89a2efd54c734792382036b1a32417bb5bb496c126fe61a47a3e88d87ea18
+  metadata.gz: 0008350a540830d34d52e9ab650b82db771936613204b6c885a615b5398d5ce2f74ca7bf4500084d3b824ab71b8eb6d6b24a3e9d13f7e45daa933b6d84c55d6c
+  data.tar.gz: b333ca0a11b1ab87b357ac3e1294141f779cf1bc02e18a695d6002b52c1437e8b497cb3ccaa23e78600542d378b952ea01f4375c7122afc7f6e29d67bc2c1162

data/CHANGELOG.md

@@ -1,7 +1,51 @@
 # Change Log
 
-## [0.32.0](https://github.com/chef/inspec/tree/0.32.0) (2016-08-26)
-[Full Changelog](https://github.com/chef/inspec/compare/v0.31.0...0.32.0)
+## [0.33.0](https://github.com/chef/inspec/tree/0.33.0) (2016-09-05)
+[Full Changelog](https://github.com/chef/inspec/compare/v0.32.0...0.33.0)
+
+**Implemented enhancements:**
+
+- Introduce scoping to the ProfileContext which has a view of all of its dependencies  [\#958](https://github.com/chef/inspec/issues/958)
+- Create Help for Subcommands [\#305](https://github.com/chef/inspec/issues/305)
+- Allow service resource to accept Windows service name with spaces [\#1003](https://github.com/chef/inspec/pull/1003) ([martinheg](https://github.com/martinheg))
+
+**Fixed bugs:**
+
+- Error output not informative [\#1016](https://github.com/chef/inspec/issues/1016)
+- Suse Linux Enterprise Server 11 SPX is failing for describe service resource. [\#997](https://github.com/chef/inspec/issues/997)
+- Inspec Docker directory test fails [\#996](https://github.com/chef/inspec/issues/996)
+- package\(\) 'version' {should match\(pattern\)} does not return failed control, but shows as failed test [\#898](https://github.com/chef/inspec/issues/898)
+- Raise error when an invalid URI is received [\#1019](https://github.com/chef/inspec/pull/1019) ([alexpop](https://github.com/alexpop))
+- Fix os exception in mysql resource [\#1012](https://github.com/chef/inspec/pull/1012) ([alexpop](https://github.com/alexpop))
+- cmp not treating 0 as integer only as string [\#991](https://github.com/chef/inspec/pull/991) ([jeremymv2](https://github.com/jeremymv2))
+
+**Closed issues:**
+
+- apache\_conf resource seems to be using incorrect paths to amalgamate apache config \(only Centos/RHEL?\) [\#1013](https://github.com/chef/inspec/issues/1013)
+- More options link in Readme.md doesn't work \(404\) - need updating? [\#1001](https://github.com/chef/inspec/issues/1001)
+- Chef compliance breaks after updating inspec gem 0.32 [\#992](https://github.com/chef/inspec/issues/992)
+- Improve CLI report [\#984](https://github.com/chef/inspec/issues/984)
+- record inspec + in-browser playback for online demo [\#956](https://github.com/chef/inspec/issues/956)
+- UX & UI design for the interactive HTML demo [\#953](https://github.com/chef/inspec/issues/953)
+
+**Merged pull requests:**
+
+- use winrm v2 [\#1018](https://github.com/chef/inspec/pull/1018) ([chris-rock](https://github.com/chris-rock))
+- always display error message [\#1017](https://github.com/chef/inspec/pull/1017) ([chris-rock](https://github.com/chris-rock))
+- Fix apache conf [\#1014](https://github.com/chef/inspec/pull/1014) ([jeremymv2](https://github.com/jeremymv2))
+- fix cli inherited profiles [\#1008](https://github.com/chef/inspec/pull/1008) ([vjeffrey](https://github.com/vjeffrey))
+- improve suse 11 support for service resource [\#1007](https://github.com/chef/inspec/pull/1007) ([chris-rock](https://github.com/chris-rock))
+- Extend Inspec DSL docs [\#1006](https://github.com/chef/inspec/pull/1006) ([nvtkaszpir](https://github.com/nvtkaszpir))
+- vj/fix cli report [\#1004](https://github.com/chef/inspec/pull/1004) ([vjeffrey](https://github.com/vjeffrey))
+- fix cli link to docs [\#1002](https://github.com/chef/inspec/pull/1002) ([chris-rock](https://github.com/chris-rock))
+- Promote cmp usage as it provides results with octal mode [\#999](https://github.com/chef/inspec/pull/999) ([alexpop](https://github.com/alexpop))
+- Initial attempt at isolating resources between dependencies [\#994](https://github.com/chef/inspec/pull/994) ([stevendanna](https://github.com/stevendanna))
+- inspec demo [\#989](https://github.com/chef/inspec/pull/989) ([vjeffrey](https://github.com/vjeffrey))
+- Allow functional tests to pass on OSX [\#988](https://github.com/chef/inspec/pull/988) ([stevendanna](https://github.com/stevendanna))
+- Minor refactor and explanatory comments [\#987](https://github.com/chef/inspec/pull/987) ([stevendanna](https://github.com/stevendanna))
+
+## [v0.32.0](https://github.com/chef/inspec/tree/v0.32.0) (2016-08-26)
+[Full Changelog](https://github.com/chef/inspec/compare/v0.31.0...v0.32.0)
 
 **Implemented enhancements:**
 

data/Gemfile

@@ -29,7 +29,8 @@ group :integration do
   gem 'berkshelf', '~> 4.3'
   gem 'test-kitchen', '~> 1.6'
   gem 'kitchen-vagrant'
-  gem 'kitchen-inspec', '0.12.5'
+  # we need winrm v2 support >= 0.15.1
+  gem 'kitchen-inspec', '>= 0.15.1'
   gem 'kitchen-ec2'
   gem 'kitchen-dokken'
 end

data/README.md

@@ -18,7 +18,7 @@ describe inetd_conf do
 end
 ```
 
-InSpec makes it easy to run your tests wherever you need. More options listed here: https://github.com/chef/inspec/blob/master/docs/ctl_inspec.rst
+InSpec makes it easy to run your tests wherever you need. More options listed here: https://github.com/chef/inspec/blob/master/docs/cli.rst
 
 ```bash
 # run test locally

data/docs/dsl_inspec.rst

@@ -192,7 +192,28 @@ The following test shows how to audit machines to ensure Safe DLL Seach Mode is
     end
   end
 
+Exclude specific test
+-----------------------------------------------------
+This shows how to allow skipping certain tests if conditions are not met, by using ``only_if``.
+In this example the test will not be performed if ``redis-cli`` command does not exist, because for example package on remote host was not installed.
+
+.. code-block:: ruby
+
+  control 'nutcracker-connect-redis-001' do
+    impact 1.0
+    title 'Check if nutcracker can pass commands to redis'
+    desc 'execute redis-cli set key command, to check connectivity of the service'
+
+    only_if do
+      command('redis-cli').exist?
+    end
+
+    describe command('redis-cli SET test_inspec "HELLO"') do
+      its(:stdout) { should match(/OK/) }
+    end
+  end
 
+Mixing this with other conditionals (like checking existence of the files etc.) can help to test different test paths using inspec. This way you can skip certain tests which would 100% fail due to the way servers are prepared, but you know that the same test suites are reused later in different circumstances by different teams.
 
 Additional metadata for controls
 -----------------------------------------------------

data/docs/resources.rst

@@ -1308,7 +1308,7 @@ The ``mode`` matcher tests if the mode assigned to the file matches the specifie
 
 .. code-block:: ruby
 
-   its('mode') { should eq 0644 }
+   its('mode') { should cmp '0644' }
 
 mtime
 +++++++++++++++++++++++++++++++++++++++++++++++++++++
@@ -1491,7 +1491,7 @@ The following examples show how to use this InSpec audit resource.
 .. code-block:: bash
 
    describe file('/dev') do
-    its('mode') { should eq 00755 }
+    its('mode') { should cmp '00755' }
    end
 
 **Test the owner of a file**
@@ -4331,7 +4331,7 @@ The following examples show how to use this InSpec audit resource.
 
    describe ssh_config do
      its('owner') { should eq 'root' }
-     its('mode') { should eq 644 }
+     its('mode') { should cmp '0644' }
    end
 
 **Test SSH configuration**

data/docs/ruby_usage.rst

@@ -38,7 +38,7 @@ The following example shows how you can use pure |ruby| code(variables, loops, c
           # check key file owners and permissions
           describe file(intern['key']) do
             it { should be_owned_by username }
-            its('mode') { should eq 0600 }
+            its('mode') { should cmp '0600' }
           end
         end
       end

data/inspec.gemspec

@@ -24,7 +24,7 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ['lib']
 
-  spec.add_dependency 'train', '>=0.16.0', '<1.0'
+  spec.add_dependency 'train', '>=0.19.0', '<1.0'
   spec.add_dependency 'thor', '~> 0.19'
   spec.add_dependency 'json', '>= 1.8', '< 3.0'
   spec.add_dependency 'rainbow', '~> 2'

data/lib/bundles/inspec-compliance/http.rb

@@ -41,6 +41,7 @@ module Compliance
     # post a file
     def self.post_file(url, token, file_path, insecure, basic_auth = false)
       uri = URI.parse(url)
+      fail "Unable to parse URL: #{url}" if uri.nil? || uri.host.nil?
       http = Net::HTTP.new(uri.host, uri.port)
 
       # set connection flags
@@ -71,6 +72,7 @@ module Compliance
       }
       opts[:verify_mode] = OpenSSL::SSL::VERIFY_NONE if insecure
 
+      fail "Unable to parse URI: #{uri}" if uri.nil? || uri.host.nil?
       res = Net::HTTP.start(uri.host, uri.port, opts) {|http|
         http.request(req)
       }

data/lib/inspec/base_cli.rb

@@ -70,7 +70,7 @@ module Inspec
       o[:logger].level = get_log_level(o.log_level)
 
       runner = Inspec::Runner.new(o)
-      targets.each { |target| runner.add_target(target, opts) }
+      targets.each { |target| runner.add_target(target) }
       exit runner.run
     rescue RuntimeError, Train::UserError => e
       $stderr.puts e.message

data/lib/inspec/control_eval_context.rb

@@ -0,0 +1,145 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+require 'inspec/dsl'
+require 'inspec/dsl_shared'
+
+module Inspec
+  #
+  # ControlEvalContext constructs an anonymous class that control
+  # files will be instance_exec'd against.
+  #
+  # The anonymous class includes the given passed resource_dsl as well
+  # as the basic DSL of the control files (describe, control, title,
+  # etc).
+  #
+  class ControlEvalContext
+    # Create the context for controls. This includes all components of the DSL,
+    # including matchers and resources.
+    #
+    # @param [ResourcesDSL] resources_dsl which has all resources to attach
+    # @return [RuleContext] the inner context of rules
+    def self.rule_context(resources_dsl)
+      require 'rspec/core/dsl'
+      Class.new(Inspec::Rule) do
+        include RSpec::Core::DSL
+        include resources_dsl
+      end
+    end
+
+    # Creates the heart of the control eval context:
+    #
+    # An instantiated object which has all resources registered to it
+    # and exposes them to the a test file.
+    #
+    # @param profile_context [Inspec::ProfileContext]
+    # @param outer_dsl [OuterDSLClass]
+    # @return [ProfileContextClass]
+    #
+    # rubocop:disable Lint/NestedMethodDefinition
+    def self.create(profile_context, resources_dsl) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
+      rule_class = rule_context(resources_dsl)
+      profile_context_owner = profile_context
+      profile_id = profile_context.profile_id
+
+      Class.new do
+        include Inspec::DSL
+        include Inspec::DSL::RequireOverride
+        include resources_dsl
+
+        def initialize(backend, conf, dependencies, require_loader)
+          @backend = backend
+          @conf = conf
+          @dependencies = dependencies
+          @require_loader = require_loader
+          @skip_profile = false
+        end
+
+        define_method :title do |arg|
+          profile_context_owner.set_header(:title, arg)
+        end
+
+        def to_s
+          "Control Evaluation Context (#{profile_name})"
+        end
+
+        define_method :profile_name do
+          profile_id
+        end
+
+        define_method :control do |*args, &block|
+          id = args[0]
+          opts = args[1] || {}
+          register_control(rule_class.new(id, profile_id, opts, &block))
+        end
+
+        #
+        # Describe allows users to write rspec-like bare describe
+        # blocks without declaring an inclosing control. Here, we
+        # generate a control for them automatically and then execute
+        # the describe block in the context of that control.
+        #
+        define_method :describe do |*args, &block|
+          loc = block_location(block, caller[0])
+          id = "(generated from #{loc} #{SecureRandom.hex})"
+
+          res = nil
+          rule = rule_class.new(id, profile_id, {}) do
+            res = describe(*args, &block)
+          end
+          register_control(rule, &block)
+
+          res
+        end
+
+        define_method :add_resources do |context|
+          self.class.class_eval do
+            include context.to_resources_dsl
+          end
+
+          rule_class.class_eval do
+            include context.to_resources_dsl
+          end
+        end
+
+        define_method :add_subcontext do |context|
+          profile_context_owner.add_subcontext(context)
+        end
+
+        define_method :register_control do |control, &block|
+          ::Inspec::Rule.set_skip_rule(control, true) if @skip_profile
+
+          profile_context_owner.register_rule(control, &block) unless control.nil?
+        end
+
+        # method for attributes; import attribute handling
+        define_method :attribute do |name, options|
+          profile_context_owner.register_attribute(name, options)
+        end
+
+        define_method :skip_control do |id|
+          profile_context_owner.unregister_rule(id)
+        end
+
+        def only_if
+          return unless block_given?
+          @skip_profile ||= !yield
+        end
+
+        alias_method :rule, :control
+        alias_method :skip_rule, :skip_control
+
+        private
+
+        def block_location(block, alternate_caller)
+          if block.nil?
+            alternate_caller[/^(.+:\d+):in .+$/, 1] || 'unknown'
+          else
+            path, line = block.source_location
+            "#{File.basename(path)}:#{line}"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/inspec/dependencies/dependency_set.rb

@@ -18,14 +18,22 @@ module Inspec
     # @param cwd [String] Current working directory for relative path includes
     # @param vendor_path [String] Path to the vendor directory
     #
-    def self.from_lockfile(lockfile, cwd, vendor_path)
+    def self.from_lockfile(lockfile, cwd, vendor_path, backend)
       vendor_index = VendorIndex.new(vendor_path)
       dep_tree = lockfile.deps.map do |dep|
-        Inspec::Requirement.from_lock_entry(dep, cwd, vendor_index)
+        Inspec::Requirement.from_lock_entry(dep, cwd, vendor_index, backend)
       end
 
       dep_list = flatten_dep_tree(dep_tree)
-      new(cwd, vendor_path, dep_list)
+      new(cwd, vendor_path, dep_list, backend)
+    end
+
+    def self.from_array(dependencies, cwd, vendor_path, backend)
+      dep_list = {}
+      dependencies.each do |d|
+        dep_list[d.name] = d
+      end
+      new(cwd, vendor_path, dep_list, backend)
     end
 
     # This is experimental code to test the working of the
@@ -50,14 +58,21 @@ module Inspec
     # @param cwd [String] current working directory for relative path includes
     # @param vendor_path [String] path which contains vendored dependencies
     # @return [dependencies] this
-    def initialize(cwd, vendor_path, dep_list = nil)
+    def initialize(cwd, vendor_path, dep_list, backend)
       @cwd = cwd
       @vendor_path = vendor_path
       @dep_list = dep_list
+      @backend = backend
+    end
+
+    def each
+      @dep_list.each do |_k, v|
+        yield v.profile
+      end
     end
 
     def list
-      @dep_list
+      @dep_list || {}
     end
 
     def to_array
@@ -77,7 +92,7 @@ module Inspec
     def vendor(dependencies)
       return nil if dependencies.nil? || dependencies.empty?
       @vendor_index ||= VendorIndex.new(@vendor_path)
-      @dep_list = Resolver.resolve(dependencies, @vendor_index, @cwd)
+      @dep_list = Resolver.resolve(dependencies, @vendor_index, @cwd, @backend)
     end
   end
 end

data/lib/inspec/dependencies/requirement.rb

@@ -1,5 +1,6 @@
 # encoding: utf-8
 require 'inspec/fetcher'
+require 'inspec/dependencies/dependency_set'
 require 'digest'
 
 module Inspec
@@ -18,17 +19,18 @@ module Inspec
       new(name, version, vendor_index, opts[:cwd], opts.merge(dep))
     end
 
-    def self.from_lock_entry(entry, cwd, vendor_index)
+    def self.from_lock_entry(entry, cwd, vendor_index, backend)
       req = new(entry['name'],
                 entry['version_constraints'],
                 vendor_index,
-                cwd, { url: entry['resolved_source'] })
+                cwd,
+                { url: entry['resolved_source'],
+                  backend: backend })
 
       locked_deps = []
       Array(entry['dependencies']).each do |dep_entry|
-        locked_deps << Inspec::Requirement.from_lock_entry(dep_entry, cwd, vendor_index)
+        locked_deps << Inspec::Requirement.from_lock_entry(dep_entry, cwd, vendor_index, backend)
       end
-
       req.lock_deps(locked_deps)
       req
     end
@@ -38,6 +40,7 @@ module Inspec
       @version_requirement = Gem::Requirement.new(Array(version_constraints))
       @dep = Gem::Dependency.new(name, @version_requirement, :runtime)
       @vendor_index = vendor_index
+      @backend = opts[:backend]
       @opts = opts
       @cwd = cwd
     end
@@ -123,7 +126,7 @@ module Inspec
 
     def dependencies
       @dependencies ||= profile.metadata.dependencies.map do |r|
-        Inspec::Requirement.from_metadata(r, @vendor_index, cwd: @cwd)
+        Inspec::Requirement.from_metadata(r, @vendor_index, cwd: @cwd, backend: @backend)
       end
     end
 
@@ -137,7 +140,11 @@ module Inspec
 
     def profile
       return nil if path.nil?
-      @profile ||= Inspec::Profile.for_target(path, {})
+      opts = { backend: @backend }
+      if !@dependencies.nil?
+        opts[:dependencies] = Inspec::DependencySet.from_array(@dependencies, @cwd, @vendor_index, @backend)
+      end
+      @profile ||= Inspec::Profile.for_target(path, opts)
     end
   end
 end