inspec 0.35.0 → 1.0.0.beta2

data/docs/readme.rst

@@ -1,105 +0,0 @@
-=====================================================
-InSpec Documentation
-=====================================================
-
-InSpec a collection of resources and matchers to test the compliance of your nodes. This documentation provides an introduction to this mechanism and shows how to write custom tests.
-
-Introduction
------------------------------------------------------
-
-At first, we add our tests to the ``test`` folder. Each test file must end with ``_spec.rb``:
-
-.. code-block:: bash
-
-    mkdir test
-    touch test/example_spec.rb
-
-We add a control to this file, to check the ``/tmp`` path in our system:
-
-.. code-block:: ruby
-
-  # encoding: utf-8
-
-  control "cis-fs-2.1" do                     # A unique ID for this control
-    impact 0.7                                # The criticality, if this control fails.
-    title "Create separate /tmp partition"    # A human-readable title
-    desc "An optional description..."
-    tag mygroup: "tag"                        # A tag can be a simple value or
-    tag "tag"                                 # can have a more complex key/value pair.
-    ref "name", url: "http://..."              # A reference to a document, uri: is optional
-    describe file('/tmp') do                  # The actual test
-      it { should be_mounted }
-    end
-  end
-
-
-Let's add another spec for checking the SSH server configuration:
-
-.. code-block:: bash
-
-    touch test/sshd_spec.rb
-
-It will contain:
-
-.. code-block:: ruby
-
-  # encoding: utf-8
-
-  # Skip all controls, if SSH doesn't exist on the system
-  only_if do
-    command('sshd').exist?
-  end
-
-  control "sshd-11" do
-    impact 1.0
-    title "Server: Set protocol version to SSHv2"
-    desc "Set the SSH protocol version to 2. Don't use legacy
-          insecure SSHv1 connections anymore."
-    tag security: "openssh-server"
-    ref "Document A-12"
-
-    describe sshd_config do
-      its('Protocol') { should eq('2') }
-    end
-  end
-
-  control "sshd-7" do
-    impact 1.0
-    title "Server: Do not permit root-based login with password."
-    desc "To reduce the potential to gain full privileges
-          of a system in the course of an attack (by either misconfiguration
-          or vulnerabilities), do not allow login as root with password"
-    tag security: "openssh-server"
-    ref "Document A-12"
-
-    describe sshd_config do
-      its('PermitRootLogin') { should match(/no|without-password/) }
-    end
-  end
-
-
-Now, we are ready to run the tests locally:
-
-bundle exec bin/inspec exec demo/test/example_spec.rb
-
-.. code-block:: bash
-
-  # run tests individually
-  $ inspec exec test/example_spec.rb
-  $ inspec exec test/sshd_spec.rb
-
-  # if you want to run all test located within the directory
-  $ inspec exec ./test
-
-
-Stability Index
------------------------------------------------------
-
-Every available InSpec resource will indicate its stability. As InSpec matures, certain parts are more reliable than others. Brand new features are likely to be redesigned and marked as such.
-
-The stability indices are as follows:
-
-* ``Stability: Deprecated`` - This features will be removed in future versions, because its known for being problematic. Do not rely on it.
-* ``Stability: Experimental`` - New features may change or are removed in future versions
-* ``Stability: Stable`` - API is well established and proofed. Maintaining compatibility is a high priority
-* ``Stability: Locked`` - Only security and performance fixes are allowed

data/docs/shell.rst

@@ -1,130 +0,0 @@
-=====================================================
-InSpec Shell Usage
-=====================================================
-
-The InSpec interactive shell is a pry based REPL that can be used to quickly run InSpec controls and tests without having to write it to a file.  Its functionality is similar to ``chef shell`` - it provides a way to exercise the InSpec DSL, its resources, tests and plugins without having to create a profile or write a test file.  See http://pryrepl.org/ for an introduction to what pry is and what it can do.
-
-
-Launching the shell
------------------------------------------------------
-
-If you are using InSpec from a platform-specific package (rpm, msi, etc.) or from a chef prepared shell in ChefDK, you can directly launch InSpec shell against your local machine using the following.  See https://docs.chef.io/install_dk.html#set-system-ruby for details.
-
-.. code-block:: bash
-
-    $ inspec shell
-    $ inspec help shell # This will describe inspec shell usage
-
-If you wish to connect to a remote machine (called a target within InSpec), you can use the ``-t`` flag.  We support connecting using ssh, WinRm and docker.  If no target is provided, we implicitly support the "local" target - i.e. tests running on the current machine running InSpec.  For an ssh connection, use ``-i`` for specifying ssh key files, and the ``--sudo*`` commands for requesting a privelege escalation after logging in.  For a WinRM connection, use ``--path`` to change the login path, ``--ssl`` to use SSL for transport layer encryption.
-
-.. code-block:: bash
-
-    $ inspec shell -t ssh://root@192.168.64.2:11022  # Login to remote machine using ssh as root.
-    $ inspec shell -t ssh://user@hostname:1234 -i /path/to/user_key  # Login to hostname on port 1234 as user using given ssh key.
-    $ inspec shell -t winrm://UserName:Password@windowsmachine:1234  # Login to windowsmachine over WinRM as UserName.
-    $ inspec shell -t docker://container_id # Login to a docker container.
-
-
-Using Ruby in InSpec shell
------------------------------------------------------
-
-Since InSpec shell is pry based, you may treat the shell as an interactive Ruby session.  You may write Ruby expressions and evaluate them.  Source high-lighting, automatic indentation and command history (using the up and down arrow keys) are available to make your experience more delightful.  You can exit the shell using ``exit``.
-
-.. code-block:: bash
-
-    $ inspec shell
-    Welcome to the interactive InSpec Shell
-    To find out how to use it, type: help
-
-    inspec> 1 + 2
-    => 3
-    inspec> exit
-
-
-Using InSpec DSL in InSpec shell
------------------------------------------------------
-
-InSpec shell will automatically evaluate the result of every command as if it were a test file.  If you type in a Ruby command that is not an InSpec control or test, the shell will evaluate it as if it were a regular ruby command.
-
-Bare InSpec resources are instantiated and their help text is presented.  You may also access the resource contents or other matchers that they define.  Run ``help <resource>`` to get more help on using a particular resource or see the InSpec resources documentation online.
-
-.. code-block:: bash
-
-    $ inspec shell
-    Welcome to the interactive InSpec Shell
-    To find out how to use it, type: help
-
-    inspec> file('/Users/ksubramanian').directory?
-    => true
-    inspec> os_env('HOME')
-    => Environment variable HOME
-    inspec> os_env('HOME').content
-    => /Users/ksubramanian
-    inspec> exit
-
-InSpec tests are immediately executed.
-
-
-.. code-block:: bash
-
-    inspec> describe file('/Users')     # Empty test.
-    Summary: 0 successful, 0 failures, 0 skipped
-    inspec> describe file('/Users') do  # Test with one check.
-    inspec>   it { should exist }
-    inspec> end
-      ✔  File /Users should exist
-
-    Summary: 1 successful, 0 failures, 0 skipped
-
-
-All tests in a control are immediately executed as well.  If a control is redefined in the shell, the old control's tests are destroyed and replaced with the redefinition and the control is re-run.
-
-.. code-block:: bash
-
-    inspec> control 'my_control' do
-    inspec>   describe os_env('HOME') do
-    inspec>     its('content') { should eq '/Users/ksubramanian' }
-    inspec>   end
-    inspec> end
-      ✔  my_control: Environment variable HOME content should eq "/Users/ksubramanian"
-
-      Summary: 1 successful, 0 failures, 0 skipped
-
-Syntax errors are illegal tests are also detected and reported.
-
-
-.. code-block:: bash
-
-    inspec> control 'foo' do
-    inspec>   thisisnonsense
-    inspec> end
-    NameError: undefined local variable or method `thisisnonsense' for #<#<Class:0x007fd63b571f98>:0x007fd639825cc8>
-    from /usr/local/lib/ruby/gems/2.3.0/gems/rspec-expectations-3.5.0/lib/rspec/matchers.rb:967:in `method_missing'
-    inspec> control 'foo' do
-    inspec>   describe file('wut') do
-    inspec>     its('thismakesnosense') { should cmp 'fail' }
-    inspec>   end
-    inspec> end
-      ✖  foo: File wut thismakesnosense  (undefined method `thismakesnosense' for File wut:Inspec::Resource::Registry::File)
-
-      Summary: 0 successful, 1 failures, 0 skipped
-
-
-Running a single InSpec command
------------------------------------------------------
-
-If you wish to run a single InSpec command and fetch its results, you may use the ``-c`` flag.  This is similar to using ``bash -c``.
-
-.. code-block:: bash
-    $ inspec shell -c 'describe file("/Users/ksubramanian") do it { should exist } end'
-
-    Target:  local://
-
-      ✔  File /Users/ksubramanian should exist
-
-    Summary: 1 successful, 0 failures, 0 skipped
-
-
-.. code-block:: bash
-    $ inspec shell --format json -c 'describe file("/Users/ksubramanian") do it { should exist } end'
-    {"version":"0.30.0","profiles":{"":{"supports":[],"controls":{"(generated from in_memory.rb:1 5aab65c33fb1f133d9244017958eef64)":{"title":null,"desc":null,"impact":0.5,"refs":[],"tags":{},"code":"          rule = rule_class.new(id, profile_id, {}) do\n            res = describe(*args, &block)\n          end\n","source_location":{"ref":"/Users/ksubramanian/repo/chef/inspec/lib/inspec/profile_context.rb","line":184},"results":[{"status":"passed","code_desc":"File /Users/ksubramanian should exist","run_time":0.000747,"start_time":"2016-08-16 11:41:40 -0400"}]}},"groups":{"in_memory.rb":{"title":null,"controls":["(generated from in_memory.rb:1 5aab65c33fb1f133d9244017958eef64)"]}},"attributes":[]}},"other_checks":[],"summary":{"duration":0.001078,"example_count":1,"failure_count":0,"skip_count":0}}

data/docs/template.rst

@@ -1,51 +0,0 @@
-resource_name
-=====================================================
-Use the ``resource_name`` audit resource to xxxxx.
-
-Syntax
------------------------------------------------------
-A ``resource_name`` audit resource block declares xxxxx. For example:
-
-.. code-block:: ruby
-
-   describe xxxxx(xxxxx) do
-     it { should xxxxx }
-   end
-
-where
-
-* ``xxxxx`` must specify xxxxx
-* xxxxx
-* ``xxxxx`` is a valid matcher for this audit resource
-
-Matchers
------------------------------------------------------
-This audit resource has the following matchers.
-
-xxxxx
-+++++++++++++++++++++++++++++++++++++++++++++++++++++
-The ``xxxxx`` matcher tests if xxxxx. For example:
-
-.. code-block:: ruby
-
-   it { should xxxxx }
-
-xxxxx
-+++++++++++++++++++++++++++++++++++++++++++++++++++++
-The ``xxxxx`` matcher tests if xxxxx. For example:
-
-.. code-block:: ruby
-
-   it { should xxxxx }
-
-Examples
------------------------------------------------------
-The following examples show how to use this audit resource in a recipe.
-
-**xxxxx**
-
-xxxxx
-
-**xxxxx**
-
-xxxxx