inspec 1.0.0 → 1.1.0

data/docs/resources/yum.md.erb

@@ -6,7 +6,7 @@ title: About the yum Resource
 
 Use the `yum` InSpec audit resource to test packages in the Yum repository.
 
-# Syntax
+## Syntax
 
 A `yum` resource block declares a package repo, tests if the package repository is present, and if it that package repository is a valid package source (i.e. "is enabled"):
 
@@ -19,43 +19,43 @@ where
 
 * `repo('name')` is the (optional) name of a package repo, using either a full identifier (`'updates/7/x86_64'`) or a short identifier (`'updates'`)
 
-# Matchers
+## Matchers
 
 This InSpec audit resource has the following matchers:
 
-## be
+### be
 
 <%= partial "/shared/matcher_be" %>
 
-## be_enabled
+### be_enabled
 
 The `be_enabled` matcher tests if the package repository is a valid package source:
 
     it { should be_enabled }
 
-## cmp
+### cmp
 
 <%= partial "/shared/matcher_cmp" %>
 
-## eq
+### eq
 
 <%= partial "/shared/matcher_eq" %>
 
-## exist
+### exist
 
 The `exist` matcher tests if the package repository exists:
 
     it { should exist }
 
-## include
+### include
 
 <%= partial "/shared/matcher_include" %>
 
-## match
+### match
 
 <%= partial "/shared/matcher_match" %>
 
-## repo('name')
+### repo('name')
 
 The `repo('name')` matcher names a specific package repository:
 
@@ -63,13 +63,13 @@ The `repo('name')` matcher names a specific package repository:
       ...
     end
 
-## repos
+### repos
 
 The `repos` matcher tests if a named repo, using either a full identifier (`'updates/7/x86_64'`) or a short identifier (`'updates'`), is included in the Yum repo:
 
     its('repos') { should include 'some_repo' }
 
-## shortname
+### shortname
 
 The `shortname` matcher names a specific package repository's group identifier. For example, if a repository's group name is "Directory Server", the corresponding group idenfier is typically "directory-server":
 
@@ -77,17 +77,17 @@ The `shortname` matcher names a specific package repository's group identifier.
       its('shortname') { should eq 'directory-server' }
     end
 
-# Examples
+## Examples
 
 The following examples show how to use this InSpec audit resource.
 
-## Test if the yum repo exists
+### Test if the yum repo exists
 
     describe yum do
       its('repos') { should exist }
     end
 
-## Test if the 'base/7/x86_64' repo exists and is enabled
+### Test if the 'base/7/x86_64' repo exists and is enabled
 
     describe yum do
       its('repos') { should include 'base/7/x86_64' }
@@ -95,7 +95,7 @@ The following examples show how to use this InSpec audit resource.
       its('epel') { should be_enabled }
     end
 
-## Test if a specific yum repo exists
+### Test if a specific yum repo exists
 
     describe yum.repo('epel') do
       it { should exist }

data/examples/meta-profile/README.md

@@ -4,8 +4,3 @@ The inspec.yml file in this profile shows how one can use dependencies
 from non-local sources such as Git or an HTTP url. This feature can
 be used to build up a environment-wide profile that is based on more
 specific profiles managed by others.
-
-# WARNING
-
-This profile likely does not work yet. It exists as a target for
-ongoing development work.

data/lib/inspec/base_cli.rb

@@ -32,6 +32,12 @@ module Inspec
         desc: 'Additional sudo options for a remote scan.'
       option :sudo_command, type: :string,
         desc: 'Alternate command for sudo.'
+      option :shell, type: :boolean,
+        desc: 'Run scans in a subshell. Only activates on Unix.'
+      option :shell_options, type: :string,
+        desc: 'Additional shell options.'
+      option :shell_command, type: :string,
+        desc: 'Specify a particular shell to use.'
       option :ssl, type: :boolean,
         desc: 'Use SSL for transport layer encryption (WinRM).'
       option :self_signed, type: :boolean,

data/lib/inspec/cli.rb

@@ -34,6 +34,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
     diagnose
     o = opts.dup
     o[:ignore_supports] = true
+    o[:backend] = Inspec::Backend.create(target: 'mock://')
 
     profile = Inspec::Profile.for_target(target, o)
     dst = o[:output].to_s
@@ -60,6 +61,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
     o = opts.dup
     # configure_logger(o) # we do not need a logger for check yet
     o[:ignore_supports] = true # we check for integrity only
+    o[:backend] = Inspec::Backend.create(target: 'mock://')
 
     # run check
     profile = Inspec::Profile.for_target(path, o)
@@ -105,8 +107,12 @@ class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
 
   desc 'vendor', 'Download all dependencies and generate a lockfile'
   def vendor(path = nil)
-    configure_logger(opts)
-    profile = Inspec::Profile.for_target('./', opts.merge(cache: Inspec::Cache.new(path)))
+    o = opts.dup
+    o[:cache] = Inspec::Cache.new(path)
+    o[:backend] = Inspec::Backend.create(target: 'mock://')
+    configure_logger(o)
+
+    profile = Inspec::Profile.for_target('./', o)
     lockfile = profile.generate_lockfile
     File.write('inspec.lock', lockfile.to_yaml)
   rescue StandardError => e
@@ -131,12 +137,13 @@ class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
     o = opts.dup
     o[:logger] = Logger.new(STDOUT)
     o[:logger].level = get_log_level(o.log_level)
+    o[:backend] = Inspec::Backend.create(target: 'mock://')
 
     profile = Inspec::Profile.for_target(path, o)
     result = profile.check
 
     if result && !opts[:ignore_errors] == false
-      @logger.info 'Profile check failed. Please fix the profile before generating an archive.'
+      o[:logger].info 'Profile check failed. Please fix the profile before generating an archive.'
       return exit 1
     end
 

data/lib/inspec/profile.rb

@@ -64,9 +64,9 @@ module Inspec
       @tests_collected = false
       @libraries_loaded = false
       Metadata.finalize(@source_reader.metadata, @profile_id)
-      @runner_context = options[:profile_context] || Inspec::ProfileContext.for_profile(self,
-                                                                                        @backend,
-                                                                                        options[:attributes])
+      @runner_context =
+        options[:profile_context] ||
+        Inspec::ProfileContext.for_profile(self, @backend, options[:attributes])
     end
 
     def name

data/lib/inspec/rspec_json_formatter.rb

@@ -287,6 +287,7 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
     @missing_controls = []
     @anonymous_tests = []
     @control_tests = []
+    @profile_printed = false
     super(*args)
   end
 
@@ -296,17 +297,7 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
     print_tests
     output.puts('')
 
-    @profiles_info.each do |profile|
-      next if profile[:already_printed]
-      @current_profile = profile
-      next unless print_current_profile
-      print_line(
-        color: '', indicator: @indicators['empty'], id: '', profile: '',
-        summary: 'No tests executed.'
-      ) if @current_control.nil?
-      output.puts('')
-    end
-
+    print_profiles_info if !@profile_printed
     controls_res = controls_summary
     tests_res = tests_summary
 
@@ -463,9 +454,8 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
   def flush_current_control
     return if @current_control.nil?
 
-    prev_profile = @current_profile
     @current_profile = @profiles_info.find { |i| i[:id] == @current_control[:profile_id] }
-    print_current_profile if prev_profile != @current_profile
+    print_current_profile if !@profile_printed
 
     fails, skips, passes, summary_indicator = current_control_infos
     summary = current_control_summary(fails, skips)
@@ -495,14 +485,32 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
     output.puts(before + connection.uri + after)
   end
 
+  def print_profiles_info
+    @profiles_info.each do |profile|
+      next if profile[:already_printed]
+      @current_profile = profile
+      next unless print_current_profile
+      print_line(
+        color: '', indicator: @indicators['empty'], id: '', profile: '',
+        summary: 'No tests executed.'
+      ) if @current_control.nil?
+      output.puts('')
+    end
+  end
+
   def print_current_profile
     profile = @current_profile
-    return false if profile.nil?
-
+    if profile.nil?
+      print_profiles_info
+      @profile_printed = true
+      return true
+    end
     output.puts ''
     profile[:already_printed] = true
+
     if profile[:name].nil?
       print_target('Target:  ', "\n\n")
+      @profile_printed = true
       return true
     end
 
@@ -515,6 +523,7 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
     output.puts 'Version: ' + (profile[:version] || 'unknown')
     print_target('Target:  ', "\n")
     output.puts
+    @profile_printed = true
     true
   end
 

data/lib/inspec/version.rb

@@ -4,5 +4,5 @@
 # author: Christoph Hartmann
 
 module Inspec
-  VERSION = '1.0.0'.freeze
+  VERSION = '1.1.0'.freeze
 end

data/lib/resources/registry_key.rb

@@ -147,6 +147,11 @@ module Inspec::Resources
       script = <<-EOH
       Function InSpec-GetRegistryKey($path) {
         $reg = Get-Item ('Registry::' + $path)
+        if ($reg -eq $null) {
+          Write-Error "InSpec: Failed to find registry key"
+          exit 1001
+        }
+
         $properties = New-Object -Type PSObject
         $reg.Property | ForEach-Object {
             $key = $_
@@ -167,11 +172,16 @@ module Inspec::Resources
       # cannot rely on exit code for now, successful command returns exit code 1
       # return nil if cmd.exit_status != 0, try to parse json
       begin
-        @registry_cache = JSON.parse(cmd.stdout)
-        # convert keys to lower case
-        @registry_cache = Hash[@registry_cache.map do |key, value|
-          [key.downcase, value]
-        end]
+        if cmd.exit_status == 1001 && cmd.stderr =~ /InSpec: Failed to find registry key/
+          # TODO: provide the stderr output
+          @registry_cache = nil
+        else
+          @registry_cache = JSON.parse(cmd.stdout)
+          # convert keys to lower case
+          @registry_cache = Hash[@registry_cache.map do |key, value|
+            [key.downcase, value]
+          end]
+        end
       rescue JSON::ParserError => _e
         @registry_cache = nil
       end

data/lib/utils/filter.rb

@@ -44,6 +44,7 @@ module FilterTable
     def initialize(resource, params, filters)
       @resource = resource
       @params = params
+      @params = [] if @params.nil?
       @filters = filters
     end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors:
 - Dominik Richter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-09-26 00:00:00.000000000 Z
+date: 2016-10-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: train
@@ -530,9 +530,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.6
+rubygems_version: 2.5.1
 signing_key: 
 specification_version: 4
 summary: Infrastructure and compliance testing.
 test_files: []
-has_rdoc: