RubyGems - inspec - Versions diffs - 0.9.0 - Mend

inspec 0.9.0

Files changed (247) hide show

checksums.yaml +7 -0
data/.gitignore +8 -0
data/.rubocop.yml +65 -0
data/.travis.yml +23 -0
data/CHANGELOG.md +38 -0
data/Gemfile +33 -0
data/LICENSE +201 -0
data/MAINTAINERS.md +28 -0
data/MAINTAINERS.toml +42 -0
data/README.md +257 -0
data/Rakefile +47 -0
data/bin/inspec +109 -0
data/docs/ctl_inspec.rst +195 -0
data/docs/dsl_inspec.rst +182 -0
data/docs/readme.rst +100 -0
data/docs/resources.rst +4319 -0
data/docs/template.rst +51 -0
data/examples/test-kitchen/.kitchen.yml +20 -0
data/examples/test-kitchen/Berksfile +3 -0
data/examples/test-kitchen/Gemfile +21 -0
data/examples/test-kitchen/README.md +27 -0
data/examples/test-kitchen/metadata.rb +7 -0
data/examples/test-kitchen/recipes/default.rb +6 -0
data/examples/test-kitchen/recipes/nginx.rb +30 -0
data/examples/test-kitchen/test/integration/default/web_spec.rb +28 -0
data/inspec.gemspec +30 -0
data/lib/inspec.rb +20 -0
data/lib/inspec/backend.rb +42 -0
data/lib/inspec/dsl.rb +151 -0
data/lib/inspec/log.rb +34 -0
data/lib/inspec/metadata.rb +79 -0
data/lib/inspec/plugins.rb +9 -0
data/lib/inspec/plugins/resource.rb +62 -0
data/lib/inspec/profile.rb +138 -0
data/lib/inspec/profile_context.rb +170 -0
data/lib/inspec/resource.rb +76 -0
data/lib/inspec/rspec_json_formatter.rb +27 -0
data/lib/inspec/rule.rb +170 -0
data/lib/inspec/runner.rb +154 -0
data/lib/inspec/shell.rb +66 -0
data/lib/inspec/targets.rb +9 -0
data/lib/inspec/targets/core.rb +27 -0
data/lib/inspec/targets/dir.rb +67 -0
data/lib/inspec/targets/file.rb +29 -0
data/lib/inspec/targets/folder.rb +43 -0
data/lib/inspec/targets/tar.rb +34 -0
data/lib/inspec/targets/url.rb +39 -0
data/lib/inspec/targets/zip.rb +47 -0
data/lib/inspec/version.rb +7 -0
data/lib/matchers/matchers.rb +221 -0
data/lib/resources/apache.rb +29 -0
data/lib/resources/apache_conf.rb +113 -0
data/lib/resources/apt.rb +140 -0
data/lib/resources/audit_policy.rb +63 -0
data/lib/resources/auditd_conf.rb +56 -0
data/lib/resources/auditd_rules.rb +53 -0
data/lib/resources/bond.rb +65 -0
data/lib/resources/bridge.rb +114 -0
data/lib/resources/command.rb +57 -0
data/lib/resources/csv.rb +32 -0
data/lib/resources/directory.rb +15 -0
data/lib/resources/etc_group.rb +150 -0
data/lib/resources/file.rb +110 -0
data/lib/resources/gem.rb +46 -0
data/lib/resources/group.rb +132 -0
data/lib/resources/host.rb +143 -0
data/lib/resources/inetd_conf.rb +56 -0
data/lib/resources/interface.rb +127 -0
data/lib/resources/iptables.rb +65 -0
data/lib/resources/json.rb +64 -0
data/lib/resources/kernel_module.rb +40 -0
data/lib/resources/kernel_parameter.rb +55 -0
data/lib/resources/limits_conf.rb +55 -0
data/lib/resources/login_def.rb +60 -0
data/lib/resources/mysql.rb +81 -0
data/lib/resources/mysql_conf.rb +116 -0
data/lib/resources/mysql_session.rb +52 -0
data/lib/resources/npm.rb +44 -0
data/lib/resources/ntp_conf.rb +58 -0
data/lib/resources/oneget.rb +63 -0
data/lib/resources/os.rb +22 -0
data/lib/resources/os_env.rb +34 -0
data/lib/resources/package.rb +169 -0
data/lib/resources/parse_config.rb +75 -0
data/lib/resources/passwd.rb +93 -0
data/lib/resources/pip.rb +75 -0
data/lib/resources/port.rb +296 -0
data/lib/resources/postgres.rb +37 -0
data/lib/resources/postgres_conf.rb +87 -0
data/lib/resources/postgres_session.rb +59 -0
data/lib/resources/processes.rb +57 -0
data/lib/resources/registry_key.rb +54 -0
data/lib/resources/script.rb +34 -0
data/lib/resources/security_policy.rb +73 -0
data/lib/resources/service.rb +379 -0
data/lib/resources/ssh_conf.rb +75 -0
data/lib/resources/user.rb +374 -0
data/lib/resources/windows_feature.rb +77 -0
data/lib/resources/yaml.rb +23 -0
data/lib/resources/yum.rb +154 -0
data/lib/utils/convert.rb +12 -0
data/lib/utils/detect.rb +15 -0
data/lib/utils/find_files.rb +36 -0
data/lib/utils/hash.rb +13 -0
data/lib/utils/modulator.rb +12 -0
data/lib/utils/parser.rb +61 -0
data/lib/utils/simpleconfig.rb +115 -0
data/tasks/maintainers.rb +213 -0
data/test/docker_run.rb +156 -0
data/test/docker_test.rb +51 -0
data/test/helper.rb +200 -0
data/test/integration/.kitchen.yml +42 -0
data/test/integration/Berksfile +4 -0
data/test/integration/cookbooks/os_prepare/metadata.rb +8 -0
data/test/integration/cookbooks/os_prepare/recipes/apt.rb +20 -0
data/test/integration/cookbooks/os_prepare/recipes/default.rb +9 -0
data/test/integration/cookbooks/os_prepare/recipes/file.rb +21 -0
data/test/integration/cookbooks/os_prepare/recipes/package.rb +26 -0
data/test/integration/default/_debug_spec.rb +1 -0
data/test/integration/default/apt_spec.rb +42 -0
data/test/integration/default/file_spec.rb +109 -0
data/test/integration/default/group_spec.rb +32 -0
data/test/integration/default/kernel_module_spec.rb +17 -0
data/test/integration/default/kernel_parameter_spec.rb +56 -0
data/test/integration/default/package_spec.rb +11 -0
data/test/integration/default/service_spec.rb +28 -0
data/test/integration/default/user_spec.rb +44 -0
data/test/resource/command_test.rb +33 -0
data/test/resource/dsl_test.rb +45 -0
data/test/resource/file_test.rb +130 -0
data/test/resource/ssh_config.rb +9 -0
data/test/resource/sshd_config.rb +9 -0
data/test/test-extra.yaml +11 -0
data/test/test.yaml +11 -0
data/test/unit/mock/cmd/Get-NetAdapter +24 -0
data/test/unit/mock/cmd/GetUserAccount +33 -0
data/test/unit/mock/cmd/GetWin32Group +23 -0
data/test/unit/mock/cmd/PATH +1 -0
data/test/unit/mock/cmd/Resolve-DnsName +26 -0
data/test/unit/mock/cmd/Test-NetConnection +4 -0
data/test/unit/mock/cmd/auditctl +7 -0
data/test/unit/mock/cmd/auditpol +2 -0
data/test/unit/mock/cmd/brew-info-jq +1 -0
data/test/unit/mock/cmd/chage-l-root +7 -0
data/test/unit/mock/cmd/dpkg-s-curl +21 -0
data/test/unit/mock/cmd/dscl +5 -0
data/test/unit/mock/cmd/etc-apt +7 -0
data/test/unit/mock/cmd/find-etc-rc-d-name-S +12 -0
data/test/unit/mock/cmd/find-net-interface +9 -0
data/test/unit/mock/cmd/gem-list-local-a-q-rubocop +1 -0
data/test/unit/mock/cmd/get-net-tcpconnection +24 -0
data/test/unit/mock/cmd/get-netadapter-binding-bridge +4 -0
data/test/unit/mock/cmd/get-package-firefox +30 -0
data/test/unit/mock/cmd/get-package-ruby +18 -0
data/test/unit/mock/cmd/get-service-dhcp +10 -0
data/test/unit/mock/cmd/get-windows-feature +7 -0
data/test/unit/mock/cmd/getent-hosts-example.com +1 -0
data/test/unit/mock/cmd/getent-passwd-root +1 -0
data/test/unit/mock/cmd/id-chartmann +1 -0
data/test/unit/mock/cmd/id-root +1 -0
data/test/unit/mock/cmd/initctl-show-config-ssh +3 -0
data/test/unit/mock/cmd/initctl-status-ssh +1 -0
data/test/unit/mock/cmd/iptables-s +6 -0
data/test/unit/mock/cmd/launchctl-list +3 -0
data/test/unit/mock/cmd/ls-1-etc-init.d +2 -0
data/test/unit/mock/cmd/ls-sys-class-net-br +2 -0
data/test/unit/mock/cmd/lsmod +2 -0
data/test/unit/mock/cmd/lsof-np-itcp +4 -0
data/test/unit/mock/cmd/netstat-tulpen +5 -0
data/test/unit/mock/cmd/npm-ls-g--json-bower +9 -0
data/test/unit/mock/cmd/pacman-qi-curl +21 -0
data/test/unit/mock/cmd/ping-example.com +6 -0
data/test/unit/mock/cmd/pip-show-jinja2 +11 -0
data/test/unit/mock/cmd/ps-aux +3 -0
data/test/unit/mock/cmd/pw-usershow-root-7 +1 -0
data/test/unit/mock/cmd/reg_schedule +1 -0
data/test/unit/mock/cmd/rpm-qia-curl +24 -0
data/test/unit/mock/cmd/sbin_sysctl +1 -0
data/test/unit/mock/cmd/secedit-export +7 -0
data/test/unit/mock/cmd/service-e +2 -0
data/test/unit/mock/cmd/service-sendmail-onestatus +3 -0
data/test/unit/mock/cmd/service-sshd-status +1 -0
data/test/unit/mock/cmd/sockstat +5 -0
data/test/unit/mock/cmd/success +0 -0
data/test/unit/mock/cmd/systemctl-show-all-sshd +6 -0
data/test/unit/mock/cmd/win32_product +8 -0
data/test/unit/mock/cmd/yum-repolist-all +52 -0
data/test/unit/mock/files/auditd.conf +4 -0
data/test/unit/mock/files/bond0 +37 -0
data/test/unit/mock/files/etcgroup +3 -0
data/test/unit/mock/files/example.csv +6 -0
data/test/unit/mock/files/inetd.conf +2 -0
data/test/unit/mock/files/kitchen.yml +7 -0
data/test/unit/mock/files/limits.conf +5 -0
data/test/unit/mock/files/login.defs +5 -0
data/test/unit/mock/files/mysql.conf +8 -0
data/test/unit/mock/files/mysql2.conf +2 -0
data/test/unit/mock/files/ntp.conf +5 -0
data/test/unit/mock/files/passwd +2 -0
data/test/unit/mock/files/policyfile.lock.json +12 -0
data/test/unit/mock/files/ssh_config +5 -0
data/test/unit/mock/files/sshd_config +7 -0
data/test/unit/mock/profiles/empty/metadata.rb +0 -0
data/test/unit/mock/profiles/metadata/metadata.rb +1 -0
data/test/unit/profile_context_test.rb +140 -0
data/test/unit/profile_test.rb +49 -0
data/test/unit/resources/apt_test.rb +46 -0
data/test/unit/resources/audit_policy_test.rb +13 -0
data/test/unit/resources/auditd_conf_test.rb +15 -0
data/test/unit/resources/auditd_rules_test.rb +21 -0
data/test/unit/resources/bond_test.rb +24 -0
data/test/unit/resources/bridge_test.rb +56 -0
data/test/unit/resources/csv_test.rb +35 -0
data/test/unit/resources/etc_group_test.rb +37 -0
data/test/unit/resources/gem_test.rb +20 -0
data/test/unit/resources/group_test.rb +96 -0
data/test/unit/resources/host_test.rb +38 -0
data/test/unit/resources/inetd_conf_test.rb +15 -0
data/test/unit/resources/interface_test.rb +54 -0
data/test/unit/resources/iptables_test.rb +30 -0
data/test/unit/resources/json_test.rb +36 -0
data/test/unit/resources/kernel_module_test.rb +23 -0
data/test/unit/resources/kernel_parameter_test.rb +13 -0
data/test/unit/resources/limits_conf_test.rb +14 -0
data/test/unit/resources/login_def_test.rb +16 -0
data/test/unit/resources/mysql_conf_test.rb +14 -0
data/test/unit/resources/npm_test.rb +20 -0
data/test/unit/resources/ntp_conf_test.rb +16 -0
data/test/unit/resources/oneget_test.rb +45 -0
data/test/unit/resources/os_env_test.rb +13 -0
data/test/unit/resources/package_test.rb +51 -0
data/test/unit/resources/passwd_test.rb +24 -0
data/test/unit/resources/pip_test.rb +15 -0
data/test/unit/resources/port_test.rb +46 -0
data/test/unit/resources/processes_test.rb +32 -0
data/test/unit/resources/registry_key_test.rb +19 -0
data/test/unit/resources/script_test.rb +19 -0
data/test/unit/resources/security_policy_test.rb +16 -0
data/test/unit/resources/service_test.rb +116 -0
data/test/unit/resources/ssh_conf_test.rb +33 -0
data/test/unit/resources/user_test.rb +93 -0
data/test/unit/resources/windows_feature.rb +17 -0
data/test/unit/resources/yaml_test.rb +34 -0
data/test/unit/resources/yum_test.rb +68 -0
data/test/unit/simpleconfig_test.rb +80 -0
data/test/unit/utils/content_parser_test.rb +30 -0
metadata +555 -0

data/lib/resources/ssh_conf.rb ADDED Viewed

@@ -0,0 +1,75 @@
+# encoding: utf-8
+# copyright: 2015, Vulcano Security GmbH
+# author: Dominik Richter
+# author: Christoph Hartmann
+# license: All rights reserved
+require 'utils/simpleconfig'
+class SshConf < Inspec.resource(1)
+  name 'ssh_config'
+  def initialize(conf_path = nil, type = nil)
+    @conf_path = conf_path || '/etc/ssh/ssh_config'
+    typename = (@conf_path.include?('sshd') ? 'Server' : 'Client')
+    @type = type || "SSH #{typename} configuration #{conf_path}"
+  end
+  def content
+    read_content
+  end
+  def params(*opts)
+    opts.inject(read_params) do |res, nxt|
+      res.respond_to?(:key) ? res[nxt] : nil
+    end
+  end
+  def method_missing(name)
+    param = read_params[name.to_s]
+    return nil if param.nil?
+    # extract first value if we have only one value in array
+    return param[0] if param.length == 1
+    param
+  end
+  def to_s
+    'SSH Configuration'
+  end
+  private
+  def read_content
+    return @content if defined?(@content)
+    file = inspec.file(@conf_path)
+    if !file.file?
+      return skip_resource "Can't find file \"#{@conf_path}\""
+    end
+    @content = file.content
+    if @content.empty? && file.size > 0
+      return skip_resource "Can't read file \"#{@conf_path}\""
+    end
+    @content
+  end
+  def read_params
+    return @params if defined?(@params)
+    return @params = {} if read_content.nil?
+    conf = SimpleConfig.new(
+      read_content,
+      assignment_re: /^\s*(\S+?)\s+(.*?)\s*$/,
+      multiple_values: true,
+    )
+    @params = conf.params
+  end
+end
+class SshdConf < SshConf
+  name 'sshd_config'
+  def initialize(path = nil)
+    super(path || '/etc/ssh/sshd_config')
+  end
+end

data/lib/resources/user.rb ADDED Viewed

@@ -0,0 +1,374 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+# Usage:
+#
+# describe user('root') do
+#   it { should exist }
+#   its(:uid) { should eq 0 }
+#   its(:gid) { should eq 0 }
+#   its(:group) { should eq 'root' }
+#   its(:groups) { should eq ['root', 'wheel']}
+#   its(:home) { should eq '/root' }
+#   its(:shell) { should eq '/bin/bash' }
+#   its(:mindays) { should eq 0 }
+#   its(:maxdays) { should eq 99 }
+#   its(:warndays) { should eq 5 }
+# end
+#
+# The following  Serverspec  matchers are deprecated in favor for direct value access
+#
+# describe user('root') do
+#   it { should belong_to_group 'root' }
+#   it { should have_uid 0 }
+#   it { should have_home_directory '/root' }
+#   it { should have_login_shell '/bin/bash' }
+#   its(:minimum_days_between_password_change) { should eq 0 }
+#   its(:maximum_days_between_password_change) { should eq 99 }
+# end
+# ServerSpec tests that are not supported:
+#
+# describe user('root') do
+#   it { should have_authorized_key 'ssh-rsa ADg54...3434 user@example.local' }
+#   its(:encrypted_password) { should eq 1234 }
+# end
+require 'utils/parser'
+require 'utils/convert'
+class User < Inspec.resource(1)
+  name 'user'
+  def initialize(user)
+    @user = user
+    # select package manager
+    @user_provider = nil
+    case inspec.os[:family]
+    when 'ubuntu', 'debian', 'redhat', 'fedora', 'centos', 'arch', 'opensuse'
+      @user_provider = LinuxUser.new(inspec)
+    when 'windows'
+      @user_provider = WindowsUser.new(inspec)
+    when 'darwin'
+      @user_provider = DarwinUser.new(inspec)
+    when 'freebsd'
+      @user_provider = FreeBSDUser.new(inspec)
+    else
+      return skip_resource 'The `user` resource is not supported on your OS yet.'
+    end
+  end
+  def exists?
+    !identiy.nil? && !identiy[:user].nil?
+  end
+  def uid
+    identiy.nil? ? nil : identiy[:uid]
+  end
+  def gid
+    identiy.nil? ? nil : identiy[:gid]
+  end
+  def group
+    identiy.nil? ? nil : identiy[:group]
+  end
+  def groups
+    identiy.nil? ? nil : identiy[:groups]
+  end
+  def home
+    meta_info.nil? ? nil : meta_info[:home]
+  end
+  def shell
+    meta_info.nil? ? nil : meta_info[:shell]
+  end
+  # returns the minimum days between password changes
+  def mindays
+    credentials.nil? ? nil : credentials[:mindays]
+  end
+  # returns the maximum days between password changes
+  def maxdays
+    credentials.nil? ? nil : credentials[:maxdays]
+  end
+  # returns the days for password change warning
+  def warndays
+    credentials.nil? ? nil : credentials[:warndays]
+  end
+  # implement 'mindays' method to be compatible with serverspec
+  def minimum_days_between_password_change
+    deprecated('minimum_days_between_password_change', "Please use 'its(:mindays)'")
+    mindays
+  end
+  # implement 'maxdays' method to be compatible with serverspec
+  def maximum_days_between_password_change
+    deprecated('maximum_days_between_password_change', "Please use 'its(:maxdays)'")
+    maxdays
+  end
+  # implements rspec has matcher, to be compatible with serverspec
+  # @see: https://github.com/rspec/rspec-expectations/blob/master/lib/rspec/matchers/built_in/has.rb
+  def has_uid?(compare_uid)
+    deprecated('has_uid?')
+    uid == compare_uid
+  end
+  def has_home_directory?(compare_home)
+    deprecated('has_home_directory?', "Please use 'its(:home)'")
+    home == compare_home
+  end
+  def has_login_shell?(compare_shell)
+    deprecated('has_login_shell?', "Please use 'its(:shell)'")
+    shell == compare_shell
+  end
+  def has_authorized_key?(_compare_key)
+    deprecated('has_authorized_key?')
+    fail NotImplementedError
+  end
+  def deprecated(name, alternative = nil)
+    warn "[DEPRECATION] #{name} is deprecated. #{alternative}"
+  end
+  def to_s
+    "User #{@user}"
+  end
+  private
+  def identiy
+    return @id_cache if defined?(@id_cache)
+    @id_cache = @user_provider.identity(@user) if !@user_provider.nil?
+  end
+  def meta_info
+    return @meta_cache if defined?(@meta_cache)
+    @meta_cache = @user_provider.meta_info(@user) if !@user_provider.nil?
+  end
+  def credentials
+    return @cred_cache if defined?(@cred_cache)
+    @cred_cache = @user_provider.credentials(@user) if !@user_provider.nil?
+  end
+end
+class UserInfo
+  include Converter
+  attr_reader :inspec
+  def initialize(inspec)
+    @inspec = inspec
+  end
+  def credentials(_username)
+  end
+end
+# implements generic unix id handling
+class UnixUser < UserInfo
+  # parse one id entry like '0(wheel)''
+  def parse_value(line)
+    SimpleConfig.new(
+      line,
+      line_separator: ',',
+      assignment_re: /^\s*([^\(]*?)\s*\(\s*(.*?)\)*$/,
+      group_re: nil,
+      multiple_values: false,
+    ).params
+  end
+  # extracts the identity
+  def identity(username)
+    cmd = inspec.command("id #{username}")
+    return nil if cmd.exit_status != 0
+    # parse words
+    params = SimpleConfig.new(
+      cmd.stdout.chomp,
+      line_separator: ' ',
+      assignment_re: /^\s*([^=]*?)\s*=\s*(.*?)\s*$/,
+      group_re: nil,
+      multiple_values: false,
+    ).params
+    {
+      uid: convert_to_i(parse_value(params['uid']).keys[0]),
+      user: parse_value(params['uid']).values[0],
+      gid: convert_to_i(parse_value(params['gid']).keys[0]),
+      group: parse_value(params['gid']).values[0],
+      groups: parse_value(params['groups']).values,
+    }
+  end
+end
+class LinuxUser < UnixUser
+  include ContentParser
+  def meta_info(username)
+    cmd = inspec.command("getent passwd #{username}")
+    return nil if cmd.exit_status != 0
+    # returns: root:x:0:0:root:/root:/bin/bash
+    passwd = parse_passwd_line(cmd.stdout.chomp)
+    {
+      home: passwd['home'],
+      shell: passwd['shell'],
+    }
+  end
+  def credentials(username)
+    cmd = inspec.command("chage -l #{username}")
+    return nil if cmd.exit_status != 0
+    params = SimpleConfig.new(
+      cmd.stdout.chomp,
+      assignment_re: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
+      group_re: nil,
+      multiple_values: false,
+    ).params
+    {
+      mindays: convert_to_i(params['Minimum number of days between password change']),
+      maxdays: convert_to_i(params['Maximum number of days between password change']),
+      warndays: convert_to_i(params['Number of days of warning before password expires']),
+    }
+  end
+end
+# we do not use 'finger' for MacOS, because it is harder to parse data with it
+# @see https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man8/fingerd.8.html
+# instead we use 'dscl' to request user data
+# @see https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/dscl.1.html
+# @see http://superuser.com/questions/592921/mac-osx-users-vs-dscl-command-to-list-user
+class DarwinUser < UnixUser
+  def meta_info(username)
+    cmd = inspec.command("dscl -q . -read /Users/#{username} NFSHomeDirectory PrimaryGroupID RecordName UniqueID UserShell")
+    return nil if cmd.exit_status != 0
+    params = SimpleConfig.new(
+      cmd.stdout.chomp,
+      assignment_re: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
+      group_re: nil,
+      multiple_values: false,
+    ).params
+    {
+      home: params['NFSHomeDirectory'],
+      shell: params['UserShell'],
+    }
+  end
+end
+# FreeBSD recommends to use the 'pw' command for user management
+# @see: https://www.freebsd.org/doc/handbook/users-synopsis.html
+# @see: https://www.freebsd.org/cgi/man.cgi?pw(8)
+# It offers the following commands:
+# - adduser(8)	The recommended command-line application for adding new users.
+# - rmuser(8)	The recommended command-line application for removing users.
+# - chpass(1)	A flexible tool for changing user database information.
+# - passwd(1)	The command-line tool to change user passwords.
+class FreeBSDUser < UnixUser
+  include ContentParser
+  def meta_info(username)
+    cmd = inspec.command("pw usershow #{username} -7")
+    return nil if cmd.exit_status != 0
+    # returns: root:*:0:0:Charlie &:/root:/bin/csh
+    passwd = parse_passwd_line(cmd.stdout.chomp)
+    {
+      home: passwd['home'],
+      shell: passwd['shell'],
+    }
+  end
+end
+# For now, we stick with WMI Win32_UserAccount
+# @see https://msdn.microsoft.com/en-us/library/aa394507(v=vs.85).aspx
+# @see https://msdn.microsoft.com/en-us/library/aa394153(v=vs.85).aspx
+#
+# using Get-AdUser would be the best command for domain machines, but it will not be installed
+# on client machines by default
+# @see https://technet.microsoft.com/en-us/library/ee617241.aspx
+# @see https://technet.microsoft.com/en-us/library/hh509016(v=WS.10).aspx
+# @see http://woshub.com/get-aduser-getting-active-directory-users-data-via-powershell/
+# @see http://stackoverflow.com/questions/17548523/the-term-get-aduser-is-not-recognized-as-the-name-of-a-cmdlet
+#
+# Just for reference, we could also use ADSI (Active Directory Service Interfaces)
+# @see https://mcpmag.com/articles/2015/04/15/reporting-on-local-accounts.aspx
+class WindowsUser < UserInfo
+  # parse windows account name
+  def parse_windows_account(username)
+    account = username.split('\\')
+    name = account.pop
+    domain = account.pop if account.size > 0
+    [name, domain]
+  end
+  def identity(username)
+    # extract domain/user information
+    account, domain = parse_windows_account(username)
+    # TODO: escape content
+    if !domain.nil?
+      filter = "Name = '#{account}' and Domain = '#{domain}'"
+    else
+      filter = "Name = '#{account}' and LocalAccount = true"
+    end
+    script = <<-EOH
+      # find user
+      $user = Get-WmiObject Win32_UserAccount -filter "#{filter}"
+      # get related groups
+      $groups = $user.GetRelated('Win32_Group') | Select-Object -Property Caption, Domain, Name, LocalAccount, SID, SIDType, Status
+      # filter user information
+      $user = $user | Select-Object -Property Caption, Description, Domain, Name, LocalAccount, Lockout, PasswordChangeable, PasswordExpires, PasswordRequired, SID, SIDType, Status
+      # build response object
+      New-Object -Type PSObject | `
+      Add-Member -MemberType NoteProperty -Name User -Value ($user) -PassThru | `
+      Add-Member -MemberType NoteProperty -Name Groups -Value ($groups) -PassThru | `
+      ConvertTo-Json
+    EOH
+    cmd = inspec.script(script)
+    # cannot rely on exit code for now, successful command returns exit code 1
+    # return nil if cmd.exit_status != 0, try to parse json
+    begin
+      params = JSON.parse(cmd.stdout)
+    rescue JSON::ParserError => _e
+      return nil
+    end
+    user = params['User']['Caption'] unless params['User'].nil?
+    groups = params['Groups']
+    # if groups is no array, generate one
+    groups = [groups] if !groups.is_a?(Array)
+    groups = groups.map { |grp| grp['Caption'] } unless params['Groups'].nil?
+    {
+      uid: nil,
+      user: user,
+      gid: nil,
+      group: nil,
+      groups: groups,
+    }
+  end
+  # not implemented yet
+  def meta_info(_username)
+    {
+      home: nil,
+      shell: nil,
+    }
+  end
+end

data/lib/resources/windows_feature.rb ADDED Viewed

@@ -0,0 +1,77 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+# check for a Windows feature
+# Usage:
+# describe windows_feature('DHCP Server') do
+#   it{ should be_installed }
+# end
+#
+# deprecated serverspec syntax:
+# describe windows_feature('IIS-Webserver') do
+#   it{ should be_installed.by("dism") }
+# end
+#
+# describe windows_feature('Web-Webserver') do
+#   it{ should be_installed.by("powershell") }
+# end
+#
+# This implementation uses the Get-WindowsFeature commandlet:
+# Get-WindowsFeature | Where-Object {$_.Name -eq 'XPS Viewer' -or $_.DisplayName -eq 'XPS Viewe
+# r'} | Select-Object -Property Name,DisplayName,Description,Installed,InstallState | ConvertTo-Json
+# {
+#     "Name":  "XPS-Viewer",
+#     "DisplayName":  "XPS Viewer",
+#     "Description":  "The XPS Viewer is used to read, set permissions for, and digitally sign XPS documents.",
+#     "Installed":  false,
+#     "InstallState":  0
+# }
+class WindowsFeature < Inspec.resource(1)
+  name 'windows_feature'
+  def initialize(feature)
+    @feature = feature
+    @cache = nil
+    # verify that this resource is only supported on Windows
+    return skip_resource 'The `windows_feature` resource is not supported on your OS.' if inspec.os[:family] != 'windows'
+  end
+  # returns true if the package is installed
+  def installed?(_provider = nil, _version = nil)
+    info[:installed] == true
+  end
+  # returns the package description
+  def info
+    return @cache if !@cache.nil?
+    features_cmd = "Get-WindowsFeature | Where-Object {$_.Name -eq '#{@feature}' -or $_.DisplayName -eq '#{@feature}'} | Select-Object -Property Name,DisplayName,Description,Installed,InstallState | ConvertTo-Json"
+    cmd = inspec.command(features_cmd)
+    @cache = {
+      name: @feature,
+      type: 'windows-feature',
+    }
+    # cannot rely on exit code for now, successful command returns exit code 1
+    # return nil if cmd.exit_status != 0
+    # try to parse json
+    begin
+      params = JSON.parse(cmd.stdout)
+    rescue JSON::ParserError => _e
+      return @cache
+    end
+    @cache = {
+      name: params['Name'],
+      description: params['Description'],
+      installed: params['Installed'],
+      type: 'windows-feature',
+    }
+  end
+  def to_s
+    "Windows Feature '#{@feature}'"
+  end
+end