inspec 1.15.0 → 1.16.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6d6a9596b5e8f107982bbf0772679d92bd903b24
-  data.tar.gz: 87f6fd87e179535f8d78512cc6a35798076cb51f
+  metadata.gz: c3a96e098c7ff3d2cb9f43ea5d89cf3a75e34169
+  data.tar.gz: c16f66e486f2502feb4c0596c182d494cf2279f1
 SHA512:
-  metadata.gz: 73b6a1520ce732b59972ab69a1de54febd1512d06cf3102d81ad678ad7bedf85755a214d1ddc803fe7deda9cf2b1f26c0abc49716281f2690f3c4514dea15f3f
-  data.tar.gz: 1333f99c255ff0853315186c023fa22d419a3a9ec1e770bc2e6983eed371a15d5f91f3d65ff889deead3cef15d7eec0641fb4b33dc72abaaa1f2c3346de0a173
+  metadata.gz: 0d052313445bc953e03e27d8f6f35f078df54249fc1736fc6b48c61c4cffe96b5bebc3ecede732b534ca56337134285c96ec915954dde7b9ccb19eca62bd296d
+  data.tar.gz: 4cd5c91590c765f3c9dc8f07721187663245c3092f478672cdaaad95c9ff6ea2f6a3848e76ae36eda2ba5c76a799b01ecdfe22914974816e4a1e7bf70d916cef

data/CHANGELOG.md

@@ -1,5 +1,36 @@
+
+n.n.n / 2017-03-02
+==================
+
+  * Merge pull request #1520 from chef/adamleff/fix-habitat-build
+  * Add Rake to Habitat build Gemfile
+  * Merge pull request #1454 from jkerry/FunctionalJUnitReporter
+  * correcting a typo, anonymnous -> anonymous
+  * adding gitignore entries for the tar.gz files that result from the functional tests
+  * resolving old junit unit tests with the new format. Adding a skipped test node as a result
+  * Converting the junit reporter to use nokogiri on top of the json reporter output hash
 # Change Log
 
+## [1.16.0](https://github.com/chef/inspec/tree/1.16.0) (2017-03-02)
+[Full Changelog](https://github.com/chef/inspec/compare/v1.15.0...v1.16.0)
+
+**Implemented enhancements:**
+
+- Functional JUnit reporter [\#1454](https://github.com/chef/inspec/pull/1454) ([jkerry](https://github.com/jkerry))
+
+**Closed issues:**
+
+- Small bug on the registry\_key docs page [\#1523](https://github.com/chef/inspec/issues/1523)
+
+**Merged pull requests:**
+
+- use -- for description of inspec login\_automate [\#1527](https://github.com/chef/inspec/pull/1527) ([chris-rock](https://github.com/chris-rock))
+- fix ident in cmp matcher docs [\#1524](https://github.com/chef/inspec/pull/1524) ([chris-rock](https://github.com/chris-rock))
+- Add Rake to Habitat build Gemfile [\#1520](https://github.com/chef/inspec/pull/1520) ([adamleff](https://github.com/adamleff))
+- Fix kernel\_module for centos/redhat [\#1513](https://github.com/chef/inspec/pull/1513) ([postgred](https://github.com/postgred))
+- Added oracle linux to rhel platform section of 'service' resource. [\#1511](https://github.com/chef/inspec/pull/1511) ([carldjohnston](https://github.com/carldjohnston))
+- Add FreeBSD support for ZFS datasets and pools [\#1501](https://github.com/chef/inspec/pull/1501) ([jbenden](https://github.com/jbenden))
+
 ## [v1.15.0](https://github.com/chef/inspec/tree/v1.15.0) (2017-02-27)
 [Full Changelog](https://github.com/chef/inspec/compare/v1.14.1...v1.15.0)
 
@@ -27,6 +58,7 @@
 
 **Merged pull requests:**
 
+- 1.15.0 [\#1519](https://github.com/chef/inspec/pull/1519) ([adamleff](https://github.com/adamleff))
 - Fix formatting and colors on Windows [\#1510](https://github.com/chef/inspec/pull/1510) ([trickyearlobe](https://github.com/trickyearlobe))
 - Adding a Habitat profile artifact creator [\#1505](https://github.com/chef/inspec/pull/1505) ([adamleff](https://github.com/adamleff))
 - create inspec.io/tutorial.html [\#1490](https://github.com/chef/inspec/pull/1490) ([arlimus](https://github.com/arlimus))
@@ -2170,4 +2202,4 @@
 
 
 
-\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*
+\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*

data/Gemfile

@@ -8,7 +8,7 @@ if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.2.2')
 end
 
 gem 'ffi', '>= 1.9.14'
-gem 'rspec_junit_formatter', '~> 0.2.3'
+gem 'nokogiri', '~> 1.6'
 
 group :test do
   gem 'bundler', '~> 1.5'
@@ -19,7 +19,6 @@ group :test do
   gem 'concurrent-ruby', '~> 0.9'
   gem 'mocha', '~> 1.1'
   gem 'ruby-progressbar', '~> 1.8'
-  gem 'nokogiri', '~> 1.6'
   gem 'webmock', '~> 2.3.2'
 end
 

data/docs/resources/mount.md.erb

@@ -4,7 +4,7 @@ title: About the mount Resource
 
 # mount
 
-Use the `mount` InSpec audit resource to test the mount points on Linux systems.
+Use the `mount` InSpec audit resource to test the mount points on FreeBSD and Linux systems.
 
 ## Syntax
 

data/docs/resources/zfs_dataset.md.erb

@@ -0,0 +1,63 @@
+---
+title: About the zfs_dataset Resource
+---
+
+# zfs_dataset
+
+Use the `zfs_dataset` InSpec audit resource to test the ZFS datasets on FreeBSD systems.
+
+## Syntax
+
+A `zfs_dataset` resource block declares the ZFS dataset properties that should be tested:
+
+    describe zfs_dataset('dataset') do
+      it { should MATCHER 'value' }
+    end
+
+where
+
+* `('dataset')` is the name of the ZFS dataset (eg: `'tank/tmp'`)
+* `MATCHER` is a valid matcher for this resource
+* `'value'` is the value to be tested
+
+
+## Matchers
+
+This InSpec audit resource has the matchers listed below, in addition to dynamically exposing all ZFS dataset properties available (see: `man zfs` for the list of supported properties.)
+
+### be
+
+<%= partial "/shared/matcher_be" %>
+
+### be_mounted
+
+The `be_mounted` matcher tests if the dataset is accessible from the file system:
+
+    it { should be_mounted }
+
+### cmp
+
+<%= partial "/shared/matcher_cmp" %>
+
+### eq
+
+<%= partial "/shared/matcher_eq" %>
+
+### match
+
+<%= partial "/shared/matcher_match" %>
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test a dataset of 'tank/tmp'
+
+    describe zfs_dataset('tank/tmp') do
+      it { should be_mounted }
+      its('atime') { should eq  'on' }
+      its('compression') { should eq  'lz4' }
+      its('exec') { should eq  'off' }
+      its('readonly') { should eq  'off' }
+      its('setuid') { should eq  'off' }
+    end

data/docs/resources/zfs_pool.md.erb

@@ -0,0 +1,57 @@
+---
+title: About the zfs_pool Resource
+---
+
+# zfs_pool
+
+Use the `zfs_pool` InSpec audit resource to test the ZFS pools on FreeBSD systems.
+
+## Syntax
+
+A `zfs_pool` resource block declares the ZFS pool properties that should be tested:
+
+    describe zfs_pool('pool') do
+      it { should MATCHER 'value' }
+    end
+
+where
+
+* `('pool')` is the name of the ZFS pool (eg: `'tank'`)
+* `MATCHER` is a valid matcher for this resource
+* `'value'` is the value to be tested
+
+
+## Matchers
+
+This InSpec audit resource has the matchers listed below, in addition to dynamically exposing all ZFS pool properties available (see: `man zpool` for the list of supported properties.)
+
+### be
+
+<%= partial "/shared/matcher_be" %>
+
+### cmp
+
+<%= partial "/shared/matcher_cmp" %>
+
+### eq
+
+<%= partial "/shared/matcher_eq" %>
+
+### match
+
+<%= partial "/shared/matcher_match" %>
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test a pool of 'tank'
+
+    describe zfs_pool('tank') do
+      its('autoexpand') { should eq  'off' }
+      its('failmode') { should eq  'continue' }
+      its('feature@lz4_compress') { should eq  'active' }
+      its('health') { should eq  'ONLINE' }
+      its('listsnapshots') { should eq  'off' }
+      its('readonly') { should eq  'off' }
+    end

data/docs/shared/matcher_cmp.md.erb

@@ -28,10 +28,10 @@ vs:
 
 Ignoring case sensitivity:
 
-   describe some_resource do
-     its('setting') { should cmp 'raw' }
-     its('setting') { should cmp 'RAW' }
-   end
+    describe some_resource do
+      its('setting') { should cmp 'raw' }
+      its('setting') { should cmp 'RAW' }
+    end
 
 Printing octal values:
 

data/examples/meta-profile/inspec.lock

@@ -14,5 +14,5 @@ depends:
 - name: windows-patch-benchmark
   resolved_source:
     url: https://github.com/chris-rock/windows-patch-benchmark/archive/master.tar.gz
-    sha256: 3d473e72d8b70018386a53e0a105e92ccbb4115dc268cadc16ff53d550d2898e
+    sha256: 6bdab40a3fe9f9de4e7c87f4f3844fdcf2c5cba6f84089b68d47c72392b51fdc
   version_constraints: ">= 0"

data/lib/bundles/inspec-compliance/cli.rb

@@ -76,7 +76,7 @@ module Compliance
         if !options['dctoken'].nil? || !options['usertoken'].nil?
           msg = login_automate_config(url, options['user'], options['dctoken'], options['usertoken'], options['ent'], options['insecure'])
         else
-          puts "Please specify a token using --dctoken='DATA_COLLECTOR_TOKEN' or usertoken='AUTOMATE_TOKEN' "
+          puts "Please specify a token using --dctoken='DATA_COLLECTOR_TOKEN' or --usertoken='AUTOMATE_TOKEN' "
           exit 1
         end
       else

data/lib/inspec/resource.rb

@@ -132,6 +132,8 @@ require 'resources/windows_task'
 require 'resources/xinetd'
 require 'resources/wmi'
 require 'resources/yum'
+require 'resources/zfs_dataset'
+require 'resources/zfs_pool'
 
 # file formats, depend on json implementation
 require 'resources/json'

data/lib/inspec/rspec_json_formatter.rb

@@ -791,13 +791,73 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
   end
 end
 
-class InspecRspecJUnit < RSpecJUnitFormatter
+class InspecRspecJUnit < InspecRspecJson
   RSpec::Core::Formatters.register self, :close
 
-  def initialize(*args)
-    super(*args)
+  #
+  # This is the last method is invoked through the formatter interface.
+  # Converts the junit formatter constructed output_hash into nokogiri generated
+  # XML and writes it to output.
+  #
+  def close(_notification)
+    require 'nokogiri'
+    xml_output = Nokogiri::XML::Builder.new { |xml|
+      xml.testsuites do
+        @output_hash[:profiles].each do |profile|
+          build_profile_xml(xml, profile)
+        end
+      end
+    }.to_xml
+    output.puts xml_output
   end
 
-  def close(_notification)
+  private
+
+  def build_profile_xml(xml, profile)
+    xml.testsuite(
+      name: profile[:name],
+      tests: count_profile_tests(profile),
+      failed: count_profile_failed_tests(profile),
+    ) do
+      profile[:controls].each do |control|
+        build_control_xml(xml, control)
+      end
+    end
+  end
+
+  def build_control_xml(xml, control)
+    return if control[:results].nil?
+    control[:results].each do |result|
+      build_result_xml(xml, control, result)
+    end
+  end
+
+  def build_result_xml(xml, control, result)
+    test_class = control[:title].nil? ? 'Anonymous' : control[:id]
+    xml.testcase(name: result[:code_desc], class: test_class, time: result[:run_time]) do
+      if result[:status] == 'failed'
+        xml.failure(message: result[:message])
+      elsif result[:status] == 'skipped'
+        xml.skipped
+      end
+    end
+  end
+
+  def count_profile_tests(profile)
+    profile[:controls].reduce(0) { |acc, elem|
+      acc + (elem[:results].nil? ? 0 : elem[:results].count)
+    }
+  end
+
+  def count_profile_failed_tests(profile)
+    profile[:controls].reduce(0) { |acc, elem|
+      if elem[:results].nil?
+        acc
+      else
+        acc + elem[:results].reduce(0) { |fail_test_total, test_case|
+          test_case[:status] == 'failed' ? fail_test_total + 1 : fail_test_total
+        }
+      end
+    }
   end
 end

data/lib/inspec/version.rb

@@ -4,5 +4,5 @@
 # author: Christoph Hartmann
 
 module Inspec
-  VERSION = '1.15.0'.freeze
+  VERSION = '1.16.0'.freeze
 end

data/lib/resources/file.rb

@@ -19,7 +19,7 @@ module Inspec::Resources
 
   class FileResource < Inspec.resource(1)
     include FilePermissionsSelector
-    include MountParser
+    include LinuxMountParser
 
     name 'file'
     desc 'Use the file InSpec audit resource to test all system file types, including files, directories, symbolic links, named pipes, sockets, character devices, block devices, and doors.'

data/lib/resources/kernel_module.rb

@@ -21,10 +21,11 @@ module Inspec::Resources
     end
 
     def loaded?
-      # default lsmod command
-      lsmod_cmd = 'lsmod'
-      # special care for CentOS 5 and sudo
-      lsmod_cmd = '/sbin/lsmod' if inspec.os[:name] == 'centos' && inspec.os[:release].to_i == 5
+      if inspec.os.redhat? || inspec.os.name == 'fedora'
+        lsmod_cmd = '/sbin/lsmod'
+      else
+        lsmod_cmd = 'lsmod'
+      end
 
       # get list of all modules
       cmd = inspec.command(lsmod_cmd)
@@ -37,7 +38,7 @@ module Inspec::Resources
     end
 
     def version
-      if inspec.os[:name] == 'centos' && inspec.os[:release].to_i == 5
+      if inspec.os.redhat? || inspec.os.name == 'fedora'
         modinfo_cmd = "/sbin/modinfo -F version #{@module}"
       else
         modinfo_cmd = "modinfo -F version #{@module}"

data/lib/resources/mount.rb

@@ -1,6 +1,7 @@
 # encoding: utf-8
 # author: Christoph Hartmann
 # author: Dominik Richter
+# author: Joseph Benden
 
 require 'utils/simpleconfig'
 
@@ -18,13 +19,12 @@ module Inspec::Resources
         its('options') { should include 'nodev' }
       end
     "
-    include MountParser
-
     attr_reader :file
 
     def initialize(path)
       @path = path
-      return skip_resource 'The `mount` resource is not supported on your OS yet.' if !inspec.os.linux?
+      @mount_manager = mount_manager_for_os
+      return skip_resource 'The `mount` resource is not supported on your OS yet.' if @mount_manager.nil?
       @file = inspec.backend.file(@path)
     end
 
@@ -49,12 +49,42 @@ module Inspec::Resources
       line = mounted.stdout.lines.to_a.last if mounted.stdout.lines.count > 1
 
       # parse content if we are on linux
-      @mount_options ||= parse_mount_options(line)
+      @mount_options ||= @mount_manager.parse_mount_options(line)
       @mount_options[name]
     end
 
     def to_s
       "Mount #{@path}"
     end
+
+    private
+
+    def mount_manager_for_os
+      os = inspec.os
+      if os.linux?
+        LinuxMounts.new(inspec)
+      elsif ['freebsd'].include?(os[:family])
+        BsdMounts.new(inspec)
+      end
+    end
+  end
+
+  class MountsInfo
+    attr_reader :inspec
+    def initialize(inspec)
+      @inspec = inspec
+    end
+
+    def parse_mount_options(_mount_line, _compatibility = false)
+      raise NotImplementedError
+    end
+  end
+
+  class LinuxMounts < MountsInfo
+    include LinuxMountParser
+  end
+
+  class BsdMounts < MountsInfo
+    include BsdMountParser
   end
 end

data/lib/resources/service.rb

@@ -134,9 +134,9 @@ module Inspec::Resources
         else
           SysV.new(inspec, service_ctl || '/usr/sbin/service')
         end
-      elsif %w{redhat fedora centos}.include?(platform)
+      elsif %w{redhat fedora centos oracle}.include?(platform)
         version = os[:release].to_i
-        if (%w{ redhat centos }.include?(platform) && version >= 7) || (platform == 'fedora' && version >= 15)
+        if (%w{ redhat centos oracle }.include?(platform) && version >= 7) || (platform == 'fedora' && version >= 15)
           Systemd.new(inspec, service_ctl)
         else
           SysV.new(inspec, service_ctl || '/sbin/service')

data/lib/resources/zfs_dataset.rb

@@ -0,0 +1,60 @@
+# encoding: utf-8
+# author: Joseph Benden
+
+module Inspec::Resources
+  class ZfsDataset < Inspec.resource(1)
+    name 'zfs_dataset'
+    desc "
+      Use the zfs_dataset InSpec audit resource to test if the named
+      ZFS Dataset is present and/or has certain properties.
+    "
+    example "
+      describe zfs_dataset('tank/tmp') do
+        its('exec') { should eq('off') }
+        its('setuid') { should eq('off') }
+      end
+    "
+
+    def initialize(zfs_dataset)
+      return skip_resource 'The `zfs_dataset` resource is not supported on your OS yet.' if !inspec.os.bsd?
+      @zfs_dataset = zfs_dataset
+
+      @params = gather
+    end
+
+    # method called by 'it { should exist }'
+    def exists?
+      inspec.command("/sbin/zfs get -Hp all #{@zfs_dataset}").exit_status == 0
+    end
+
+    def mounted?
+      return false if !exists?
+      inspec.mount(@params['mountpoint']).mounted?
+    end
+
+    def to_s
+      "ZFS Dataset #{@zfs_dataset}"
+    end
+
+    def gather
+      cmd = inspec.command("/sbin/zfs get -Hp all #{@zfs_dataset}")
+      return nil if cmd.exit_status.to_i != 0
+
+      # parse data
+      cmd.stdout.chomp.split("\n").each_with_object(Hash.new(0)) do |line, h|
+        t = line.split("\t")
+        h[t[1].to_s] = t[2].to_s
+      end
+    end
+
+    # override method
+    def exec
+      @params['exec']
+    end
+
+    # expose all parameters
+    def method_missing(name)
+      @params[name.to_s]
+    end
+  end
+end

data/lib/resources/zfs_pool.rb

@@ -0,0 +1,49 @@
+# encoding: utf-8
+# author: Joseph Benden
+
+module Inspec::Resources
+  class ZfsPool < Inspec.resource(1)
+    name 'zfs_pool'
+    desc "
+      Use the zfs_pool InSpec audit resource to test if the named
+      ZFS Pool is present and/or has certain properties.
+    "
+    example "
+      describe zfs_pool('tank') do
+        its('failmode') { should eq('continue') }
+      end
+    "
+
+    def initialize(zfs_pool)
+      return skip_resource 'The `zfs_pool` resource is not supported on your OS yet.' if !inspec.os.bsd?
+      @zfs_pool = zfs_pool
+
+      @params = gather
+    end
+
+    # method called by 'it { should exist }'
+    def exists?
+      inspec.command("/sbin/zpool get -Hp all #{@zfs_pool}").exit_status == 0
+    end
+
+    def to_s
+      "ZFS Pool #{@zfs_pool}"
+    end
+
+    def gather
+      cmd = inspec.command("/sbin/zpool get -Hp all #{@zfs_pool}")
+      return nil if cmd.exit_status.to_i != 0
+
+      # parse data
+      cmd.stdout.chomp.split("\n").each_with_object(Hash.new(0)) do |line, h|
+        t = line.split("\t")
+        h[t[1].to_s] = t[2].to_s
+      end
+    end
+
+    # expose all parameters
+    def method_missing(name)
+      @params[name.to_s]
+    end
+  end
+end

data/lib/utils/parser.rb

@@ -63,7 +63,7 @@ module CommentParser
   end
 end
 
-module MountParser
+module LinuxMountParser
   # this parses the output of mount command (only tested on linux)
   # this method expects only one line of the mount output
   def parse_mount_options(mount_line, compatibility = false)
@@ -94,6 +94,20 @@ module MountParser
   end
 end
 
+module BsdMountParser
+  # this parses the output of mount command (only tested on freebsd)
+  # this method expects only one line of the mount output
+  def parse_mount_options(mount_line, _compatibility = false)
+    return {} if mount_line.nil? || mount_line.empty?
+
+    mount = mount_line.chomp.split(' ', 4)
+    options = mount[3].tr('()', '').split(', ')
+
+    # parse device and type
+    { device: mount[0], type: options.shift, options: options }
+  end
+end
+
 module SolarisNetstatParser
   # takes this as a input and parses the values
   # UDP: IPv4

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec
 version: !ruby/object:Gem::Version
-  version: 1.15.0
+  version: 1.16.0
 platform: ruby
 authors:
 - Dominik Richter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-02-27 00:00:00.000000000 Z
+date: 2017-03-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: train
@@ -346,6 +346,8 @@ files:
 - docs/resources/xinetd_conf.md.erb
 - docs/resources/yaml.md.erb
 - docs/resources/yum.md.erb
+- docs/resources/zfs_dataset.md.erb
+- docs/resources/zfs_pool.md.erb
 - docs/ruby_usage.md
 - docs/shared/matcher_be.md.erb
 - docs/shared/matcher_cmp.md.erb
@@ -384,7 +386,7 @@ files:
 - examples/meta-profile/controls/example.rb
 - examples/meta-profile/inspec.lock
 - examples/meta-profile/inspec.yml
-- examples/meta-profile/vendor/3d473e72d8b70018386a53e0a105e92ccbb4115dc268cadc16ff53d550d2898e.tar.gz
+- examples/meta-profile/vendor/6bdab40a3fe9f9de4e7c87f4f3844fdcf2c5cba6f84089b68d47c72392b51fdc.tar.gz
 - examples/meta-profile/vendor/9ad48391d4e6efff0a13d06736c5b075fb021410e0a629e087bc21e9617d957c.tar.gz
 - examples/meta-profile/vendor/e25d521fb1093b4c23b31a7dc8f41b5540236f4a433960b151bc427523662ab6.tar.gz
 - examples/profile-attribute.yml
@@ -558,6 +560,8 @@ files:
 - lib/resources/xinetd.rb
 - lib/resources/yaml.rb
 - lib/resources/yum.rb
+- lib/resources/zfs_dataset.rb
+- lib/resources/zfs_pool.rb
 - lib/source_readers/flat.rb
 - lib/source_readers/inspec.rb
 - lib/utils/command_wrapper.rb