inspec 1.19.2 → 1.20.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e175f1b4f521dfa8107012a2ce9887a71af34717
-  data.tar.gz: 9c14b1a99c50557cdefa23076f3926c1dabe5192
+  metadata.gz: a68bde2c8c3272f13f8f2953742130866e0a8384
+  data.tar.gz: ce752f86311f19345c39d1ae1a3884194700164d
 SHA512:
-  metadata.gz: e29e205b839e1de3732c2395a280b9c3b1c21fb450dbf01a9cf6db306aaa60ebb3ae8915f5cb8da6ce09e63a11be3553de5c9c8de63640379d3c3fc04b51cc49
-  data.tar.gz: ef28f083bc1b0bd7aea60d9bc4fd15b1a0878f7b5130abd567d45535cd8ee01ad7cfb3d318bcf94d2d51b40275f9e3ae100535452e8f3d21b4b29d153c896388
+  metadata.gz: 4271a1f24111f22d6044ff3e0892e16ccbd32b9cdcc942afe1d10490225594f8aaff71c1a41b98fdc347d65612fcd254295a1f90c3941a73c54d4c4b029e3c72
+  data.tar.gz: 6c2e5e7c839b3e641a435570e00ee48c839f1ed9bf84220505a2eee1be2dc97719d58b851205cd9b8e52e38383b0debbe86628cfcda95507b490b49de59767d3

data/CHANGELOG.md

@@ -1,5 +1,32 @@
 # Change Log
 
+## [v1.20.0](https://github.com/chef/inspec/tree/v1.20.0) (2017-04-13)
+[Full Changelog](https://github.com/chef/inspec/compare/v1.19.2...v1.20.0)
+
+**Fixed bugs:**
+
+- gem resource :chef symbol isn't valid on Windows [\#1645](https://github.com/chef/inspec/issues/1645)
+
+**Closed issues:**
+
+- List on-tap hard to use [\#1644](https://github.com/chef/inspec/issues/1644)
+- inspec vendor meta profiles fails when dependency profile is in Automate asset store [\#1632](https://github.com/chef/inspec/issues/1632)
+- cannot upload meta profile to Automate [\#1631](https://github.com/chef/inspec/issues/1631)
+
+**Merged pull requests:**
+
+- Habitat packages should run as root [\#1656](https://github.com/chef/inspec/pull/1656) ([adamleff](https://github.com/adamleff))
+- harmonize compliance profiles view with supermarket views [\#1654](https://github.com/chef/inspec/pull/1654) ([chris-rock](https://github.com/chris-rock))
+- \[www\] Update community page [\#1651](https://github.com/chef/inspec/pull/1651) ([adamleff](https://github.com/adamleff))
+- Fix gem resource on Windows [\#1650](https://github.com/chef/inspec/pull/1650) ([adamleff](https://github.com/adamleff))
+- add support for hostname detection on macOS [\#1648](https://github.com/chef/inspec/pull/1648) ([chris-rock](https://github.com/chris-rock))
+- allow Automate profile dependencies [\#1647](https://github.com/chef/inspec/pull/1647) ([jeremymv2](https://github.com/jeremymv2))
+- pass options hash sans target key [\#1646](https://github.com/chef/inspec/pull/1646) ([jeremymv2](https://github.com/jeremymv2))
+- add `rabbitmq\_config` resource [\#1639](https://github.com/chef/inspec/pull/1639) ([arlimus](https://github.com/arlimus))
+- \[www\] Adding a website acceptance environment [\#1634](https://github.com/chef/inspec/pull/1634) ([adamleff](https://github.com/adamleff))
+- Adding SNI utilization to ssl resource [\#1624](https://github.com/chef/inspec/pull/1624) ([supergicko](https://github.com/supergicko))
+- Add OSX support for host resource [\#1608](https://github.com/chef/inspec/pull/1608) ([RyanJarv](https://github.com/RyanJarv))
+
 ## [v1.19.2](https://github.com/chef/inspec/tree/v1.19.2) (2017-04-07)
 [Full Changelog](https://github.com/chef/inspec/compare/v1.19.1...v1.19.2)
 
@@ -13,6 +40,7 @@
 
 **Merged pull requests:**
 
+- Release 1.19.2 patch release [\#1638](https://github.com/chef/inspec/pull/1638) ([adamleff](https://github.com/adamleff))
 - Fix and document registry issues [\#1635](https://github.com/chef/inspec/pull/1635) ([chris-rock](https://github.com/chris-rock))
 - \[www\] Add warning to the http resource documentation [\#1623](https://github.com/chef/inspec/pull/1623) ([adamleff](https://github.com/adamleff))
 
@@ -438,7 +466,6 @@
 - do not load controls from test directory [\#1327](https://github.com/chef/inspec/pull/1327) ([chris-rock](https://github.com/chris-rock))
 - Replaced Colors for output [\#1320](https://github.com/chef/inspec/pull/1320) ([hannah-radish](https://github.com/hannah-radish))
 - Hannah vj/fix tests formatting [\#1319](https://github.com/chef/inspec/pull/1319) ([hannah-radish](https://github.com/hannah-radish))
-- revert style changes temporarily [\#1317](https://github.com/chef/inspec/pull/1317) ([vjeffrey](https://github.com/vjeffrey))
 - Updated color palettes, label colors and icons [\#1313](https://github.com/chef/inspec/pull/1313) ([hannah-radish](https://github.com/hannah-radish))
 - Remove extra `'` in registry key examples [\#1308](https://github.com/chef/inspec/pull/1308) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
 - also push docker latest tag with each release [\#1307](https://github.com/chef/inspec/pull/1307) ([chris-rock](https://github.com/chris-rock))
@@ -459,6 +486,7 @@
 
 **Merged pull requests:**
 
+- revert style changes temporarily [\#1317](https://github.com/chef/inspec/pull/1317) ([vjeffrey](https://github.com/vjeffrey))
 - ensure metadata release entry is a string [\#1305](https://github.com/chef/inspec/pull/1305) ([chris-rock](https://github.com/chris-rock))
 - Fixes resources in the docs [\#1303](https://github.com/chef/inspec/pull/1303) ([burtlo](https://github.com/burtlo))
 - copy vendored dependencies into cache [\#1291](https://github.com/chef/inspec/pull/1291) ([chris-rock](https://github.com/chris-rock))

data/docs/resources/rabbitmq_config.md.erb

@@ -0,0 +1,55 @@
+---
+title: About the rabbitmq_config Resource
+---
+
+# rabbitmq_config
+
+Use the `rabbitmq_config` InSpec audit resource to test configuration data for the RabbitMQ daemon located at `/etc/rabbitmq/rabbitmq.config` on Linux and Unix platforms.
+
+## Syntax
+
+A `rabbitmq_config` resource block declares the RabbitMQ configuration data to be tested:
+
+    describe rabbitmq_config.params('rabbit', 'ssl_listeners') do
+      it { should cmp 5671 }
+    end
+
+where
+
+* `params` is the list of parameters configured in the RabbitMQ config file
+* `{ should cmp 5671 }` tests the value of `rabbit.ssl_listeners` as read from `rabbitmq.config` versus the value declared in the test
+
+
+## Matchers
+
+This InSpec audit resource has the following matchers:
+
+### be
+
+<%= partial "/shared/matcher_be" %>
+
+### cmp
+
+<%= partial "/shared/matcher_cmp" %>
+
+### eq
+
+<%= partial "/shared/matcher_eq" %>
+
+### include
+
+<%= partial "/shared/matcher_include" %>
+
+### match
+
+<%= partial "/shared/matcher_match" %>
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test the list of TCP listeners
+
+    describe rabbitmq_config.params('rabbit', 'tcp_listeners') do
+      it { should eq [5672] }
+    end

data/inspec.gemspec

@@ -37,9 +37,10 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'pry', '~> 0'
   spec.add_dependency 'hashie', '~> 3.4'
   spec.add_dependency 'mixlib-log'
-  spec.add_dependency 'sslshake', '~> 1'
+  spec.add_dependency 'sslshake', '~> 1.1'
   spec.add_dependency 'parallel', '~> 1.9'
   spec.add_dependency 'faraday', '>=0.9.0'
   spec.add_dependency 'toml', '~> 0.1'
   spec.add_dependency 'addressable', '~> 2.4'
+  spec.add_dependency 'parslet', '~> 1.5'
 end

data/lib/bundles/inspec-compliance/README.md

@@ -9,8 +9,9 @@ This extensions offers the following features:
 To use the CLI, this InSpec add-on adds the following commands:
 
  * `$ inspec compliance login` - authentication of the API token against Chef Compliance
+ * `$ inspec compliance login_automate` - authentication of the API token against Chef Automate
  * `$ inspec compliance profiles` - list all available Chef Compliance profiles
- * `$ inspec compliance exec profile` - runs a Chef Compliance profile
+ * `$ inspec exec compliance://profile` - runs a Chef Compliance profile
  * `$ inspec compliance upload path/to/local/profile` - uploads a local profile to Chef Compliance
  * `$ inspec compliance logout` - logout of Chef Compliance
 
@@ -19,8 +20,37 @@ Compliance profiles can be executed in two mays:
 - via compliance exec: `inspec compliance exec profile`
 - via compliance scheme: `inspec exec compliance://profile`
 
+
 ## Usage
 
+### Command options
+
+```
+$ inspec compliance
+Commands:
+  inspec compliance download PROFILE  # downloads a profile from Chef Compliance
+  inspec compliance exec PROFILE      # executes a Chef Compliance profile
+  inspec compliance help [COMMAND]    # Describe subcommands or one specific subcommand
+  inspec compliance login SERVER      # Log in to a Chef Compliance SERVER
+  inspec compliance login_automate SERVER   # Log in to an Automate SERVER
+  inspec compliance logout            # user logout from Chef Compliance
+  inspec compliance profiles          # list all available profiles in Chef Compliance
+  inspec compliance upload PATH       # uploads a local profile to Chef Compliance
+  inspec compliance version           # displays the version of the Chef Compliance server
+```
+
+### Login with Chef Automate
+
+You need a Chef Automate server up and running. Compliance features need to [be activated](https://docs.chef.io/install_chef_automate.html#compliance), too.
+
+Now, you need a user token. You can retrieve that via [UI](https://docs.chef.io/api_delivery.html) or [CLI](https://docs.chef.io/ctl_delivery.html#delivery-token).
+
+```
+inspec compliance login_automate https://automate.compliance.test --insecure --user 'admin' --ent 'brewinc' --usertoken 'zuop..._KzE'
+```
+
+### Login with Chef Compliance
+
 Before you start using the compliance plugin, you need a running [Chef Compliance](https://www.chef.io/compliance/) server. Please login and gather the access token:
 
 ![Chef Compliance Token](images/cc-token.png)
@@ -28,24 +58,17 @@ Before you start using the compliance plugin, you need a running [Chef Complianc
 You can choose the access token (`--token`) or the refresh token (`--refresh_token`)
 
 ```
-$ inspec compliance
-Commands:
-  inspec compliance exec PROFILE    # executes a Chef Compliance profile
-  inspec compliance help [COMMAND]  # Describe subcommands or one specific subcommand
-  inspec compliance login SERVER    # Log in to a Chef Compliance SERVER
-  inspec compliance logout          # user logout from Chef Compliance
-  inspec compliance profiles        # list all available profiles in Chef Compliance
-  inspec compliance upload PATH     # uploads a local profile to Chef Compliance
-  inspec compliance version         # displays the version of the Chef Compliance server
-
 # login to chef compliance server
 $ inspec compliance login https://compliance.test --user admin --insecure --token '...'
 
 # display the chef compliance server version
 $ inspec compliance version
 Chef Compliance version: 1.0.11
+```
+
+### List available profiles via Chef Compliance / Automate
 
-# list available profiles via Chef Compliance
+```
 $ inspec compliance profiles
 Available profiles:
 -------------------
@@ -65,8 +88,11 @@ Available profiles:
  * cis/cis-ubuntu12.04lts-level2
  * cis/cis-ubuntu14.04lts-level1
  * cis/cis-ubuntu14.04lts-level2
+```
+
+### Upload a profile to Chef Compliance / Automate
 
-# upload a profile to chef Compliance
+```
 $ inspec compliance version
 Chef Compliance version: 1.0.11
 ➜  inspec git:(chris-rock/cc-error-not-loggedin) ✗ b inspec compliance upload examples/profile
@@ -103,8 +129,11 @@ Available profiles:
  * cis/cis-ubuntu12.04lts-level2
  * cis/cis-ubuntu14.04lts-level1
  * cis/cis-ubuntu14.04lts-level2
+```
+
+### Run a profile from Chef Compliance / Automate on Workstation
 
-# run a profile from Chef Compliance locally
+```
 $ inspec exec compliance://admin/profile
 .*...
 
@@ -119,7 +148,7 @@ Finished in 0.02862 seconds (files took 0.62628 seconds to load)
 5 examples, 0 failures, 1 pending
 ```
 
-# Logout from Chef Compliance
+### To Logout from Chef Compliance
 
 ```
 $ inspec compliance logout

data/lib/bundles/inspec-compliance/api.rb

@@ -22,16 +22,14 @@ module Compliance
         profiles = JSON.parse(data)
         # iterate over profiles
         if config['server_type'] == 'automate'
-          mapped_profiles = profiles.map do |owner, ps|
-            { org: ps['owner_id'], name: owner }
-          end.flatten
+          mapped_profiles = profiles.values.to_a.flatten
         else
-          mapped_profiles = profiles.map do |owner, ps|
-            ps.keys.map do |name|
-              { org: owner, name: name }
-            end
-          end.flatten
+          mapped_profiles = []
+          profiles.values.each { |org|
+            mapped_profiles += org.values
+          }
         end
+
         return msg, mapped_profiles
       when '401'
         msg = '401 Unauthorized. Please check your token.'
@@ -66,7 +64,7 @@ Please login using `inspec compliance login https://compliance.test --user admin
     def self.exist?(config, profile)
       _msg, profiles = Compliance::API.profiles(config)
       if !profiles.empty?
-        index = profiles.index { |p| "#{p[:org]}/#{p[:name]}" == profile }
+        index = profiles.index { |p| "#{p['owner_id']}/#{p['name']}" == profile }
         !index.nil? && index >= 0
       else
         false

data/lib/bundles/inspec-compliance/cli.rb

@@ -57,7 +57,14 @@ module Compliance
       puts '', msg
     end
 
-    desc "login_automate SERVER --user='USER' --ent='ENT' --dctoken or --usertoken='TOKEN'", 'Log in to an Automate SERVER'
+    desc "login_automate SERVER --insecure --user='USER' --ent='ENT' --usertoken='TOKEN'", 'Log in to an Automate SERVER'
+    long_desc <<-LONGDESC
+      `login_automate` allows you to use InSpec with Chef Automate
+
+      You need to a user-token for communication with Chef Automate. More
+      information about token retrieval for Automate is available at:
+      https://docs.chef.io/api_delivery.html
+    LONGDESC
     option :dctoken, type: :string,
       desc: 'Data Collector token'
     option :usertoken, type: :string,
@@ -72,31 +79,32 @@ module Compliance
       options['server'] = server
       url = options['server'] + '/compliance/profiles'
 
-      if url && !options['user'].nil? && !options['ent'].nil?
-        if !options['dctoken'].nil? || !options['usertoken'].nil?
-          msg = login_automate_config(url, options['user'], options['dctoken'], options['usertoken'], options['ent'], options['insecure'])
-        else
-          puts "Please specify a token using --dctoken='DATA_COLLECTOR_TOKEN' or --usertoken='AUTOMATE_TOKEN' "
-          exit 1
-        end
-      else
-        puts "Please login to your automate instance using 'inspec compliance login_automate SERVER --user AUTOMATE_USER --ent AUTOMATE_ENT --dctoken DC_TOKEN or --usertoken USER_TOKEN' "
-        exit 1
+      if url && !options['user'].nil? && !options['ent'].nil? && (!options['dctoken'].nil? || !options['usertoken'].nil?)
+        msg = login_automate_config(url, options['user'], options['dctoken'], options['usertoken'], options['ent'], options['insecure'])
+        puts '', msg
+        exit 0
       end
-      puts '', msg
+
+      # parameters are missing if we reach here
+      puts 'Please specify an user using `--user \'USER\'`' if options['user'].nil?
+      puts 'Please specify an enterprise using `--ent \'cd\'`' if options['ent'].nil?
+      puts 'Please specify a token using `--usertoken=\'AUTOMATE_TOKEN\'`' if options['usertoken'].nil? && options['dctoken'].nil?
+      exit 1
     end
 
     desc 'profiles', 'list all available profiles in Chef Compliance'
+
     def profiles
       config = Compliance::Configuration.new
       return if !loggedin(config)
 
       msg, profiles = Compliance::API.profiles(config)
+      profiles.sort_by! { |hsh| hsh['title'] }
       if !profiles.empty?
         # iterate over profiles
         headline('Available profiles:')
         profiles.each { |profile|
-          li("#{profile[:org]}/#{profile[:name]}")
+          li("#{profile['title']} #{mark_text(profile['owner_id'] + '/' + profile['name'])}")
         }
       else
         puts msg, 'Could not find any profiles'
@@ -110,7 +118,7 @@ module Compliance
       config = Compliance::Configuration.new
       return if !loggedin(config)
       # iterate over tests and add compliance scheme
-      tests = tests.map { |t| 'compliance://' + t }
+      tests = tests.map { |t| 'compliance://' + sanitize_profile_name(t) }
       # execute profile from inspec exec implementation
       diagnose
       run_tests(tests, opts)
@@ -126,6 +134,7 @@ module Compliance
       config = Compliance::Configuration.new
       return if !loggedin(config)
 
+      profile_name = sanitize_profile_name(profile_name)
       if Compliance::API.exist?(config, profile_name)
         puts "Downloading `#{profile_name}`"
 
@@ -260,6 +269,16 @@ module Compliance
 
     private
 
+    # returns a parsed url for `admin/profile` or `compliance://admin/profile`
+    def sanitize_profile_name(profile)
+      if URI(profile).scheme == 'compliance'
+        uri = URI(profile)
+      else
+        uri = URI("compliance://#{profile}")
+      end
+      uri.host + uri.path
+    end
+
     def login_automate_config(url, user, dctoken, usertoken, ent, insecure) # rubocop:disable Metrics/ParameterLists
       config = Compliance::Configuration.new
       config['user'] = user

data/lib/bundles/inspec-compliance/target.rb

@@ -79,8 +79,13 @@ EOF
 
     private
 
+    # determine the owner_id and the profile name from the url
     def compliance_profile_name
-      m = %r{^#{@config['server']}/owners/(?<owner>[^/]+)/compliance/(?<id>[^/]+)/tar$}.match(@target)
+      m = if @config['server_type'] == 'automate'
+            %r{^#{@config['server']}/(?<owner>[^/]+)/(?<id>[^/]+)/tar$}
+          else
+            %r{^#{@config['server']}/owners/(?<owner>[^/]+)/compliance/(?<id>[^/]+)/tar$}
+          end.match(@target)
       "#{m[:owner]}/#{m[:id]}"
     end
   end

data/lib/bundles/inspec-habitat/profile.rb

@@ -294,6 +294,7 @@ pkg_origin=#{habitat_origin}
 pkg_source="nosuchfile.tar.gz"
 pkg_deps=(chef/inspec)
 pkg_build_deps=()
+pkg_svc_user=root
 EOL
 
       plan += "pkg_license='#{profile.metadata.params[:license]}'\n\n" if profile.metadata.params[:license]

data/lib/inspec/profile.rb

@@ -89,7 +89,7 @@ module Inspec
       @writable = options[:writable] || false
       @profile_id = options[:id]
       @cache = options[:cache] || Cache.new
-      @backend = options[:backend] || Inspec::Backend.create(options)
+      @backend = options[:backend] || Inspec::Backend.create(options.select { |k, _| k != 'target' })
       @attr_values = options[:attributes]
       @source_reader = source_reader
       @tests_collected = false

data/lib/inspec/resource.rb

@@ -120,6 +120,7 @@ require 'resources/postgres_conf'
 require 'resources/postgres_session'
 require 'resources/powershell'
 require 'resources/processes'
+require 'resources/rabbitmq_conf'
 require 'resources/registry_key'
 require 'resources/security_policy'
 require 'resources/service'

data/lib/inspec/version.rb

@@ -4,5 +4,5 @@
 # author: Christoph Hartmann
 
 module Inspec
-  VERSION = '1.19.2'.freeze
+  VERSION = '1.20.0'.freeze
 end

data/lib/resources/gem.rb

@@ -23,7 +23,7 @@ module Inspec::Resources
                       'gem'
                     when :chef
                       if inspec.os.windows?
-                        'c:\opscode\chef\embedded\bin\gem'
+                        'c:\opscode\chef\embedded\bin\gem.bat'
                       else
                         '/opt/chef/embedded/bin/gem'
                       end
@@ -32,6 +32,7 @@ module Inspec::Resources
                     else
                       gem_binary
                     end
+      skip_resource 'Unable to retrieve gem information' if info.empty?
     end
 
     def info
@@ -47,6 +48,8 @@ module Inspec::Resources
       # extract package name and version
       # parses data like winrm (1.3.4, 1.3.3)
       params = /^\s*([^\(]*?)\s*\((.*?)\)\s*$/.match(cmd.stdout.chomp)
+      return {} if params.nil?
+
       versions = params[2].split(',')
       @info[:name] = params[1]
       @info[:version] = versions[0]

data/lib/resources/host.rb

@@ -43,11 +43,15 @@ module Inspec::Resources
       @port = params[:port]   || nil
       @proto = params[:proto] || nil
 
+      return skip_resource 'The UDP protocol for the `host` resource is not supported yet.' if @proto == 'udp'
+
       @host_provider = nil
       if inspec.os.linux?
         @host_provider = LinuxHostProvider.new(inspec)
       elsif inspec.os.windows?
         @host_provider = WindowsHostProvider.new(inspec)
+      elsif inspec.os.darwin?
+        @host_provider = DarwinHostProvider.new(inspec)
       else
         return skip_resource 'The `host` resource is not supported on your OS yet.'
       end
@@ -93,6 +97,29 @@ module Inspec::Resources
     end
   end
 
+  class DarwinHostProvider < HostProvider
+    def ping(hostname, port = nil, proto = nil)
+      if proto == 'tcp'
+        resp = inspec.command("nc -vz -G 1 #{hostname} #{port}")
+      else
+        resp = inspec.command("ping -W 1 -c 1 #{hostname}")
+      end
+      resp.exit_status.to_i != 0 ? false : true
+    end
+
+    def resolve(hostname)
+      # Resolve IPv6 address first, if that fails try IPv4 to match Linux behaivor
+      cmd = inspec.command("host -t AAAA #{hostname}")
+      if cmd.exit_status.to_i != 0
+        cmd = inspec.command("host -t A #{hostname}")
+      end
+      return nil if cmd.exit_status.to_i != 0
+
+      resolve = /^.* has IPv\d address\s+(?<ip>\S+)\s*$/.match(cmd.stdout.chomp)
+      [resolve[1]] if resolve
+    end
+  end
+
   class LinuxHostProvider < HostProvider
     # ping is difficult to achieve, since we are not sure
     def ping(hostname, _port = nil, _proto = nil)
@@ -118,10 +145,7 @@ module Inspec::Resources
   # @see http://blogs.technet.com/b/josebda/archive/2015/04/18/windows-powershell-equivalents-for-common-networking-commands-ipconfig-ping-nslookup.aspx
   # @see http://blogs.technet.com/b/heyscriptingguy/archive/2014/03/19/creating-a-port-scanner-with-windows-powershell.aspx
   class WindowsHostProvider < HostProvider
-    def ping(hostname, port = nil, proto = nil)
-      # TODO: abort if we cannot run it via udp
-      return nil if proto == 'udp'
-
+    def ping(hostname, port = nil, _proto = nil)
       # ICMP: Test-NetConnection www.microsoft.com
       # TCP and port: Test-NetConnection -ComputerName www.microsoft.com -RemotePort 80
       request = "Test-NetConnection -ComputerName #{hostname}"

data/lib/resources/rabbitmq_conf.rb

@@ -0,0 +1,53 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+
+require 'utils/erlang_parser'
+
+module Inspec::Resources
+  class RabbitmqConf < Inspec.resource(1)
+    name 'rabbitmq_config'
+    desc 'Use the rabbitmq_config InSpec resource to test configuration data '\
+         'for the RabbitMQ service located in /etc/rabbitmq/rabbitmq.config on '\
+         'Linux and UNIX platforms.'
+    example "
+      describe rabbitmq_config.params('rabbit', 'ssl_listeners') do
+        it { should cmp 5671 }
+      end
+    "
+
+    def initialize(conf_path = nil)
+      @conf_path = conf_path || '/etc/rabbitmq/rabbitmq.config'
+    end
+
+    def params(*opts)
+      opts.inject(read_params) do |res, nxt|
+        res.respond_to?(:key) ? res[nxt] : nil
+      end
+    end
+
+    def to_s
+      "rabbitmq_config #{@conf_path}"
+    end
+
+    private
+
+    def read_content
+      return @content if defined?(@content)
+      file = inspec.file(@conf_path)
+      if !file.file?
+        return skip_resource "Can't find file \"#{@conf_path}\""
+      end
+
+      @content = file.content
+    end
+
+    def read_params
+      return @params if defined?(@params)
+      return @params = {} if read_content.nil?
+      @params = ErlangConfigFile.parse(read_content)
+    rescue Parslet::ParseFailed
+      raise "Cannot parse RabbitMQ config: \"#{read_content}\""
+    end
+  end
+end

data/lib/resources/ssl.rb

@@ -71,7 +71,7 @@ class SSL < Inspec.resource(1)
           res = Parallel.map(groups, in_threads: 8) do |proto, e|
             [proto, SSLShake.hello(x.resource.host, port: x.resource.port,
               protocol: proto, ciphers: e.map(&:cipher),
-              timeout: x.resource.timeout, retries: x.resource.retries)]
+              timeout: x.resource.timeout, retries: x.resource.retries, servername: x.resource.host)]
           end
           Hash[res]
         }

data/lib/resources/sys_info.rb

@@ -14,7 +14,7 @@ module Inspec::Resources
     # returns the hostname of the local system
     def hostname
       os = inspec.os
-      if os.linux?
+      if os.linux? || os.darwin?
         inspec.command('hostname').stdout.chomp
       elsif os.windows?
         inspec.powershell('$env:computername').stdout.chomp

data/lib/utils/erlang_parser.rb

@@ -0,0 +1,192 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+
+require 'parslet'
+
+class ErlangParser < Parslet::Parser
+  root :outermost
+  # only designed for rabbitmq config files for now:
+  rule(:outermost) { filler? >> array.maybe >> dot.maybe }
+
+  rule(:exp) {
+    (tuple | array | binary | string | bool | identifier | float | integer) >> filler?
+  }
+
+  rule(:array) {
+    str('[') >> filler? >> (
+      exp.repeat(1) >>
+      (comma >> exp).repeat
+    ).maybe.as(:array) >> str(']') >> filler?
+  }
+
+  rule(:tuple) {
+    str('{') >> filler? >> (
+      exp.repeat(1) >> filler? >>
+      (comma >> exp).repeat
+    ).maybe.as(:tuple) >> str('}') >> filler?
+  }
+
+  rule(:filler?) { space.repeat }
+  rule(:space)   { match('\s+') | match["\n"] | comment }
+
+  rule(:comment) { str('%') >> (match["\n\r"].absent? >> any).repeat }
+  rule(:comma) { str(',') >> filler? }
+  rule(:dot) { str('.') >> filler? }
+  rule(:bool) { str('true').as(:bool) | str('false').as(:bool) }
+
+  rule(:identifier) {
+    (match('[a-zA-Z]') >> match('[a-zA-Z0-9_]').repeat).as(:identifier) >> filler?
+  }
+
+  rule(:float) {
+    (
+      integer >> (
+        str('.') >> match('[0-9]').repeat(1) |
+        str('e') >> match('[0-9]').repeat(1)
+      ).as(:e)
+    ).as(:float) >> filler?
+  }
+
+  rule(:integer) {
+    ((str('+') | str('-')).maybe >> match('[0-9]').repeat(1)).as(:integer) >> filler?
+  }
+
+  rule(:string) { stringS | stringD }
+
+  rule(:stringS) {
+    str("'") >> (
+      str('\\') >> any | str("'").absent? >> any
+    ).repeat.as(:string) >> str("'") >> filler?
+  }
+
+  rule(:stringD) {
+    str('"') >> (
+      str('\\') >> any | str('"').absent? >> any
+    ).repeat.as(:string) >> str('"') >> filler?
+  }
+
+  rule(:binary_item) {
+    (string | integer) >>
+      (str(':') >> integer).maybe.as(:size) >>
+      (str('/') >> identifier).maybe.as(:type) >>
+      filler?
+  }
+
+  rule(:binary) {
+    str('<<') >> filler? >> (
+      binary_item.repeat(1) >>
+      (comma >> binary_item).repeat
+    ).maybe.as(:binary) >> str('>>') >> filler?
+  }
+end
+
+class ErlangBitstream
+  def initialize
+    @data = []     # a stream of 8-bit numbers
+    @cur_bits = '' # a string of binary bits 10010010...
+  end
+
+  TYPES = {
+    'integer' => 8,
+    'float'   => 8*8,
+    'utf8'    => 8,
+    'utf16'   => 8*2,
+    'utf32'   => 8*4,
+  }.freeze
+
+  def bit_size(size, type)
+    raise 'Cannot specify size and type at the same time.' if !type.nil? && !size.nil?
+    return (size || 8).to_i if type.nil?
+    TYPES[type] || raise("Cannot handle binary-stream type #{type}")
+  end
+
+  def add(i)
+    if i[:integer].nil? && i[:string].nil?
+      raise 'No data provided, internal error for binary-stream processing!'
+    end
+    s = bit_size(i[:size], i[:type])
+    unless i[:string].nil?
+      str2int(i[:string].to_s, i[:type]).map { |e| add_bits(int2bits(e, 8)) }
+    else
+      add_int(i[:integer], s)
+    end
+  rescue RuntimeError => e
+    raise 'Error processing Erlang bit string '\
+          "'#{i[:string] || i[:integer]}:#{i[:size]}/#{i[:type]}'. #{e.message}"
+  end
+
+  def str2int(s, type)
+    case type
+    when 'utf8' then s.encode('utf-8').unpack('C*')
+    when 'utf16' then s.encode('utf-16').unpack('C*').drop(2)
+    when 'utf32' then s.encode('utf-32').unpack('C*').drop(4)
+    when 'integer', 'float' then raise "Cannot handle bit string as type #{type}"
+    else s.split('').map { |x| x.ord & 0xff }
+    end
+  end
+
+  def int2bits(i, len)
+    format("%0#{len}b", i)
+  end
+
+  def add_int(v, size)
+    x = v.to_i & (2**size - 1) # only get the bits specified in size
+    add_bits(int2bits(x, size))
+  end
+
+  def add_bits(s)
+    b = (@cur_bits + s).scan(/.{1,8}/)
+    @data += b[0..-2].map { |x| x.to_i(2) }
+    @cur_bits = b.last
+  end
+
+  def value(encoding = 'utf-8')
+    # fill in the rest
+    rest = '0' * (8 - @cur_bits.length) + @cur_bits
+    arr = @data + [rest.to_i(2)]
+    s = arr.pack('C*')
+    s.force_encoding(encoding) unless encoding.nil?
+    s
+  end
+end
+
+class ErlangTransform < Parslet::Transform
+  class Tuple < Array; end
+  class Identifier < String; end
+
+  def self.assemble_binary(seq)
+    b = ErlangBitstream.new
+    seq.each { |i| b.add(i) }
+    b.value
+  end
+
+  rule(string: simple(:x)) { x.to_s }
+  rule(string: []) { '' }
+  rule(integer: simple(:x)) { x.to_i }
+  rule(float: { integer: simple(:a), e: simple(:b) }) { (a+b).to_f }
+  rule(bool: 'true') { true }
+  rule(bool: 'false') { false }
+  rule(binary: subtree(:x)) { x.nil? ? '' : ErlangTransform.assemble_binary(x) }
+  rule(identifier: simple(:x)) { Identifier.new(x.to_s) }
+  rule(array: subtree(:x)) { Array(x) }
+  rule(tuple: subtree(:x)) {
+    x.nil? ? Tuple.new : Tuple.new(x)
+  }
+end
+
+class ErlangConfigFile
+  def self.parse(content)
+    lex = ErlangParser.new.parse(content)
+    tree = ErlangTransform.new.apply(lex)
+    turn_to_hash(tree)
+  end
+
+  def self.turn_to_hash(t)
+    if t.is_a?(Array) && t.all? { |x| x.class == ErlangTransform::Tuple && x.length == 2 }
+      Hash[t.map { |i| [i[0], turn_to_hash(i[1])] }]
+    else
+      t
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec
 version: !ruby/object:Gem::Version
-  version: 1.19.2
+  version: 1.20.0
 platform: ruby
 authors:
 - Dominik Richter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-04-07 00:00:00.000000000 Z
+date: 2017-04-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: train
@@ -182,14 +182,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1'
+        version: '1.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1'
+        version: '1.1'
 - !ruby/object:Gem::Dependency
   name: parallel
   requirement: !ruby/object:Gem::Requirement
@@ -246,6 +246,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.4'
+- !ruby/object:Gem::Dependency
+  name: parslet
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
 description: InSpec provides a framework for creating end-to-end infrastructure tests.
   You can use it for integration or even compliance testing. Create fully portable
   test profiles and use them in your workflow to ensure stability and security. Integrate
@@ -330,6 +344,7 @@ files:
 - docs/resources/postgres_session.md.erb
 - docs/resources/powershell.md.erb
 - docs/resources/processes.md.erb
+- docs/resources/rabbitmq_config.md.erb
 - docs/resources/registry_key.md.erb
 - docs/resources/runit_service.md.erb
 - docs/resources/security_policy.md.erb
@@ -555,6 +570,7 @@ files:
 - lib/resources/postgres_session.rb
 - lib/resources/powershell.rb
 - lib/resources/processes.rb
+- lib/resources/rabbitmq_conf.rb
 - lib/resources/registry_key.rb
 - lib/resources/security_policy.rb
 - lib/resources/service.rb
@@ -577,6 +593,7 @@ files:
 - lib/source_readers/inspec.rb
 - lib/utils/command_wrapper.rb
 - lib/utils/convert.rb
+- lib/utils/erlang_parser.rb
 - lib/utils/filter.rb
 - lib/utils/filter_array.rb
 - lib/utils/find_files.rb