inspec 1.33.1 → 1.33.12

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 7b38759460677daa85d3475e4e3fad6e1034178b
4
- data.tar.gz: f2b20500e11fe15f329d151e2e9d6cafd48ef817
3
+ metadata.gz: f226b9d3651d0f220a203377ab9144850da1f060
4
+ data.tar.gz: 949dc3f2d16a4c7206ca6c8724897ed1a8406b08
5
5
  SHA512:
6
- metadata.gz: 75da431c0f765aa468b166d4dd36bd37c5019e664224a6acd2467cca571861153e8dbfcaa4be8cf20f2cf5bc0fc3e3ae297b196da89368c123c5c1859d3d4d75
7
- data.tar.gz: 93cdf53999b2618fca0af4e316a61fdaae22397cb53563d318c5bf8b42ad21fe4504ba41877fff1587c0a51f15c15af64c657df9cba41c6b4e4ee7f474b8c464
6
+ metadata.gz: 130d871eb491b561820541fd4541b1669135cbb736ebb2436c8412320629b5b3f2a35bb1855d774982ea27f3a194c3b2be9ea656d2cf923eede98d70807245b5
7
+ data.tar.gz: d273d6b721bd2a97efdc9c175f47fe1045ed3cf85f428f55ce922e453a2d47a35b472b1c8b41b93d11d33bc9f1aa2044cd029feeaef71f177739d49a5ef079c8
@@ -1,24 +1,38 @@
1
1
  # Change Log
2
2
 
3
- <!-- latest_release 1.33.1 -->
4
- ## [v1.33.1](https://github.com/chef/inspec/tree/v1.33.1) (2017-08-10)
5
-
6
- #### Merged Pull Requests
7
- - Bump project minor version, bump train dependency version [#2058](https://github.com/chef/inspec/pull/2058) ([adamleff](https://github.com/adamleff))
3
+ <!-- latest_release -->
8
4
  <!-- latest_release -->
9
5
 
10
- <!-- release_rollup since=1.32.1 -->
11
- ### Changes since 1.32.1 release
6
+ <!-- release_rollup -->
7
+ <!-- release_rollup -->
8
+
9
+ <!-- latest_stable_release -->
10
+ ## [v1.33.12](https://github.com/chef/inspec/tree/v1.33.12) (2017-08-18)
11
+
12
+ #### Bug Fixes
13
+ - fix command.exists for mock environments [#2056](https://github.com/chef/inspec/pull/2056) ([chris-rock](https://github.com/chris-rock))
14
+ - Add missing command mocks to fix tests after train 0.26.1 upgrade [#2069](https://github.com/chef/inspec/pull/2069) ([adamleff](https://github.com/adamleff))
15
+ - Assume sqlplus as oracle_session as default for mock environments [#2057](https://github.com/chef/inspec/pull/2057) ([chris-rock](https://github.com/chris-rock))
16
+ - add mock support for os_env resource [#2070](https://github.com/chef/inspec/pull/2070) ([chris-rock](https://github.com/chris-rock))
17
+ - Moves logic from os_env from initialize phase to runtime phase [#2072](https://github.com/chef/inspec/pull/2072) ([chris-rock](https://github.com/chris-rock))
18
+ - fix case where skip is called for os_env [#2078](https://github.com/chef/inspec/pull/2078) ([chris-rock](https://github.com/chris-rock))
19
+ - [docker_container] fix repo property [#2083](https://github.com/chef/inspec/pull/2083) ([srenatus](https://github.com/srenatus))
20
+ - Properly handle held packages on dpkg-flavored OS [#2087](https://github.com/chef/inspec/pull/2087) ([adamleff](https://github.com/adamleff))
12
21
 
13
22
  #### Merged Pull Requests
14
- - Bump project minor version, bump train dependency version [#2058](https://github.com/chef/inspec/pull/2058) ([adamleff](https://github.com/adamleff)) <!-- 1.33.1 -->
15
- - Fix docker_container.tag to use last element of image [#2052](https://github.com/chef/inspec/pull/2052) ([mattlqx](https://github.com/mattlqx)) <!-- 1.32.3 -->
23
+ - add functional tests for inspec check [#2077](https://github.com/chef/inspec/pull/2077) ([chris-rock](https://github.com/chris-rock))
24
+ - Move bug fixes in CHANGELOG to correct header [#2089](https://github.com/chef/inspec/pull/2089) ([adamleff](https://github.com/adamleff))
25
+ <!-- latest_stable_release -->
26
+
27
+ ## [v1.33.1](https://github.com/chef/inspec/tree/v1.33.1) (2017-08-10)
16
28
 
17
29
  #### Features & Enhancements
18
- - New &#39;be_in&#39; matcher for matching against values in a list [#2022](https://github.com/chef/inspec/pull/2022) ([rx294](https://github.com/rx294)) <!-- 1.32.2 -->
19
- <!-- release_rollup -->
30
+ - New &#39;be_in&#39; matcher for matching against values in a list [#2022](https://github.com/chef/inspec/pull/2022) ([rx294](https://github.com/rx294))
31
+
32
+ #### Merged Pull Requests
33
+ - Fix docker_container.tag to use last element of image [#2052](https://github.com/chef/inspec/pull/2052) ([mattlqx](https://github.com/mattlqx))
34
+ - Bump project minor version, bump train dependency version [#2058](https://github.com/chef/inspec/pull/2058) ([adamleff](https://github.com/adamleff))
20
35
 
21
- <!-- latest_stable_release -->
22
36
  ## [v1.32.1](https://github.com/chef/inspec/tree/v1.32.1) (2017-08-03)
23
37
 
24
38
  #### Merged Pull Requests
@@ -29,7 +43,6 @@
29
43
  - Fix issue when xinetd.conf does not end in newline [#2040](https://github.com/chef/inspec/pull/2040) ([kareiva](https://github.com/kareiva))
30
44
  - catch newline issues in xinet.d [#2043](https://github.com/chef/inspec/pull/2043) ([arlimus](https://github.com/arlimus))
31
45
  - Prep for 1.32.0 release [#2046](https://github.com/chef/inspec/pull/2046) ([adamleff](https://github.com/adamleff))
32
- <!-- latest_stable_release -->
33
46
 
34
47
 
35
48
 
@@ -109,18 +109,23 @@ and to target all of these examples in a single `inspec.yml` file:
109
109
 
110
110
  # Profile Dependencies
111
111
 
112
- A profile dependency is needed when:
112
+ An InSpec profile can bring in the controls and custom resources from another InSpec profile. Additionally, when inheriting the controls of another profile, a profile can skip or even modify those included controls.
113
113
 
114
- * using `include_controls` or `require_controls` in order to load controls defined in another profile
115
- * using a custom InSpec resource defined in another profile
114
+ ## Defining the Dependencies
116
115
 
117
- Use the `depends` setting in the `inspec.yml` file to specify one (or more) profiles on which this profile depends. A profile dependency may be sourced from a path, URL, a git repo, a cookbook located on Chef Supermarket or on GitHub, or a profile located on the Chef Compliance server.
116
+ Before a profile can use controls from another profile, the to-be-included profile needs to be specified in the including profile’s `inspec.yml` file in the `depends` section. For each profile to be included, a location for the profile from where to be fetched and a name for the profile should be included. For example:
118
117
 
119
- ## Path
118
+ depends:
119
+ - name: linux-baseline
120
+ url: https://github.com/dev-sec/linux-baseline/archive/master.tar.gz
121
+ - name: ssh-baseline
122
+ url: https://github.com/dev-sec/ssh-baseline/archive/master.tar.gz
120
123
 
121
- The `path` setting defines a profile that is located on disk. This setting is typically used during development of profiles and when debugging profiles. This setting does not support version constraints. If the location of the profile does not exist, an error is returned.
124
+ InSpec supports a number of dependency sources.
122
125
 
123
- For example:
126
+ ### path
127
+
128
+ The `path` setting defines a profile that is located on disk. This setting is typically used during development of profiles and when debugging profiles.
124
129
 
125
130
  depends:
126
131
  - name: my-profile
@@ -128,19 +133,19 @@ For example:
128
133
  - name: another
129
134
  path: ../relative/path
130
135
 
131
- ## URL
136
+ ### url
132
137
 
133
- The `url` setting specifies a profile that is located at an HTTP- or HTTPS-based URL. The profile must be accessible via a HTTP GET operation and must be a valid profile archive (zip, tar, tar.gz format). If the download fails, the profile is inaccessible, or not in the correct format, an error is returned.
134
-
135
- For example:
138
+ The `url` setting specifies a profile that is located at an HTTP- or HTTPS-based URL. The profile must be accessible via a HTTP GET operation and must be a valid profile archive (zip, tar, or tar.gz format).
136
139
 
137
140
  depends:
138
141
  - name: my-profile
139
142
  url: https://my.domain/path/to/profile.tgz
143
+ - name: profile-via-git
144
+ url: https://github.com/myusername/myprofile-repo/archive/master.tar.gz
140
145
 
141
- ## git
146
+ ### git
142
147
 
143
- A `git` setting specifies a profile that is located in a git repository, with optional settings for branch, tag, commit, and version. The source location is translated into a URL upon resolution. This type of dependency supports version indexing via semantic versioning as git tags.
148
+ A `git` setting specifies a profile that is located in a git repository, with optional settings for branch, tag, commit, and version. The source location is translated into a URL upon resolution. This type of dependency supports version constraints via semantic versioning as git tags.
144
149
 
145
150
  For example:
146
151
 
@@ -152,7 +157,7 @@ For example:
152
157
  commit: pinned_commit
153
158
  version: semver_via_tags
154
159
 
155
- ## Chef Supermarket
160
+ ### supermarket
156
161
 
157
162
  A `supermarket` setting specifies a profile that is located in a cookbook hosted on Chef Supermarket. The source location is translated into a URL upon resolution.
158
163
 
@@ -164,27 +169,9 @@ For example:
164
169
 
165
170
  Available Supermarket profiles can be listed with `inspec supermarket profiles`.
166
171
 
167
- ## GitHub
168
-
169
- A `github` setting specifies a profile that is located in a repository hosted on GitHub. The source location is translated into a URL upon resolution.
170
-
171
- For example:
172
-
173
- depends:
174
- - name: gh-profile
175
- github: username/project
176
-
177
- A path to a Git commit or tag on GitHub can also be used:
178
-
179
- dev-sec/linux-baseline
180
- dev-sec/linux-baseline/tree/2.0
181
- dev-sec/linux-baseline/tree/48bd4388ddffde68badd83aefa654e7af3231876
172
+ ### compliance
182
173
 
183
- would all download profiles corresponding to the GitHub URL, https://github.com/dev-sec/linux-baseline/tree/48bd4388ddffde68badd83aefa654e7af3231876, for example.
184
-
185
- ## Chef Compliance
186
-
187
- A `compliance` setting specifies a profile that is located on the Chef Compliance server.
174
+ A `compliance` setting specifies a profile that is located on the Chef Automate or Chef Compliance server.
188
175
 
189
176
  For example:
190
177
 
@@ -192,80 +179,76 @@ For example:
192
179
  - name: linux
193
180
  compliance: base/linux
194
181
 
195
- You need to `inspec vendor` the profile before uploading it to Chef Compliance version 1.7.7 or newer. The vendor subcommand fetches all dependent profiles and stores them in the `vendor` directory.
182
+ ## Vendoring Dependencies
196
183
 
197
- ## Define in inspec.yml
184
+ When you execute a local profile, the `inspec.yml` file will be read in order to source any profile dependencies. It will then cache the dependencies locally and generate an `inspec.lock` file.
198
185
 
199
- Use the `depends` setting in the `inspec.yml` file to define any combination of profile dependencies. For example:
186
+ If you add or update dependencies in `inspec.yml`, dependencies may be re-vendored and the lockfile updated with `inspec vendor --overwrite`
200
187
 
201
- depends:
202
- - name: ssh-hardening
203
- supermarket: hardening/ssh-hardening
204
- version: '= 2.0.0'
205
- - name: os-hardening
206
- url: https://github.com/dev-sec/tests-os-hardening/archive/master.zip
207
- - name: ssl-benchmark
208
- git: https://github.com/dev-sec/ssl-benchmark.git
209
- version: '< 2.0'
210
- - name: windows-patch-benchmark
211
- git: https://github.com/chris-rock/windows-patch-benchmark.git
212
- version: '~> 0.6'
213
- - name: linux
214
- compliance: base/linux
188
+ ## Using Controls from an Included Profile
215
189
 
216
- ## Vendoring Dependencies
190
+ Once defined in the `inspec.yml`, controls from the included profiles can be used! Let’s look at some examples.
217
191
 
218
- When you execute a local profile, the `inspec.yml` file will be read in order to source any profile dependencies. It will then cache the dependencies locally and generate an `inspec.lock` file. If you add or update dependencies in `inspec.yml`, please refresh the lock file by either:
192
+ ### Including All Controls from a Profile
219
193
 
220
- * running `inspec vendor` inside the profile directory; or
221
- * deleting `inspec.lock` before running `inspec exec`
194
+ With the `include_controls` command in a profile, all controls from the named profile will be executed every time the including profile is executed.
222
195
 
223
- # Profile Inheritance
196
+ ![Include Controls](/images/profile_inheritance/include_controls.png)
224
197
 
225
- When a profile is run, it may include controls that are defined in other profiles. Controls may also be required.
198
+ In the example above, every time `my-app-profile` is executed, all the controls from `my-baseline` are also executed. Therefore, the following controls would be executed:
226
199
 
227
- This requires an `inspec.yml` dependency to the profile you inherit from.
200
+ * myapp-1
201
+ * myapp-2
202
+ * myapp-3
203
+ * baseline-1
204
+ * baseline-2
228
205
 
229
- ## include_controls
206
+ This is a great reminder that having a good naming convention for your controls is helpful to avoid confusion when
207
+ including controls from other profiles!
230
208
 
231
- The `include_controls` keyword may be used in a profile to import all rules from the named profile.
209
+ ### Skipping a Control from a Profile
232
210
 
233
- For example, to include controls from the `cis-level-1` profile when running the `cis-fs-2.7` profile:
211
+ What if one of the controls from the included profile does not apply to your environment? Luckily, it is not necessary to maintain a slightly-modified copy of the included profile just to delete a control. The `skip_control` command tells InSpec to not run a particular control.
234
212
 
235
- include_controls 'cis-level-1' do
213
+ ![Include Controls with Skip](/images/profile_inheritance/include_controls_with_skip.png)
236
214
 
237
- control "cis-fs-2.7" do
238
- impact 1.0
239
- ...
215
+ In the above example, all controls from `my-app-profile` and `my-baseline` profile will be executed every time `my-app-profile` is executed **except** for control `baseline-2` from the `my-baseline` profile.
240
216
 
241
- end
217
+ ### Modifying a Control
242
218
 
243
- To include controls from the `cis-level-1` profile, but skipping two controls within that profile:
219
+ Let's say a particular control from an included profile should still be run, but the impact isn't appropriate? Perhaps the test should still run, but if it fails, it should be treated as low severity instead of high severity?
244
220
 
245
- include_controls 'cis-level-1' do
221
+ When a control is included, it can also be modified!
246
222
 
247
- skip_control "cis-fs-2.1"
248
- skip_control "cis-fs-2.2"
223
+ ![Include Controls with Modification](/images/profile_inheritance/include_controls_with_mod.png)
249
224
 
250
- end
225
+ In the above example, all controls from `my-baseline` are executed along with all the controls from the including profile, `my-app-profile`. However, should control `baseline-1` fail, it will be raised with an impact of `0.5` instead of the originally-intended impact of `1.0`.
251
226
 
252
- ## require_controls
227
+ ### Selectively Including Controls from a Profile
253
228
 
254
- The `require_controls` keyword may be used to load only specific controls from the named profile.
229
+ If there are only a handful of controls that should be executed from an included profile, it's not necessarily to skip all the unneeded controls, or worse, copy/paste those controls bit-for-bit into your profile. Instead, use the `require_controls` command.
255
230
 
256
- For example, to require that controls `cis-fs-2.1` and `cis-fs-2.2` be loaded from the `cis-level-1` profile:
231
+ ![Require Controls](/images/profile_inheritance/require_controls.png)
257
232
 
258
- require_controls 'cis-level-1' do
233
+ Whenever `my-app-profile` is executed, in addition to its own controls, it will run only the controls specified in the `require_controls` block. In the case, the following controls would be executed:
259
234
 
260
- control "cis-fs-2.1"
261
- control "cis-fs-2.2"
235
+ * myapp-1
236
+ * myapp-2
237
+ * myapp-3
238
+ * baseline-2
239
+ * baseline-4
262
240
 
263
- end
241
+ Controls `baseline-1`, `baseline-3`, and `baseline-5` would not be run, just as if they were manually skipped. This method of including specific controls ensures only the controls specified are executed; if new controls are added to a later version of `my-baseline`, they would not be run.
242
+
243
+ And, just the way its possible to modify controls when using `include_controls`, controls can be modified as well.
244
+
245
+ ![Require Controls with Modification](/images/profile_inheritance/require_controls_with_mod.png)
264
246
 
247
+ As with the prior example, only `baseline-2` and `baseline-4` are executed, but if `baseline-2` fails, it will report with an impact of `0.5` instead of the originally-intended `1.0` impact.
265
248
 
266
- ## require_resource
249
+ ## Using Resources from an Included Profile
267
250
 
268
- By default, all of the resources from a listed dependency are available
251
+ By default, all of the custom resources from a listed dependency are available
269
252
  for use in your profile. If two of your dependencies provide a resource with
270
253
  the same name, you can use the `require_resource` DSL function to
271
254
  disambiguate the two:
@@ -28,6 +28,13 @@ This InSpec audit resource has the following matchers:
28
28
 
29
29
  <%= partial "/shared/matcher_be" %>
30
30
 
31
+ ### be_held
32
+
33
+ The `be_held` matcher tests if the named package is "held". On dpkg platforms, a "held" package
34
+ will not be upgraded to a later version.
35
+
36
+ it { should be_held }
37
+
31
38
  ### be_installed
32
39
 
33
40
  The `be_installed` matcher tests if the named package is installed on the system:
@@ -23,7 +23,7 @@ depends:
23
23
  compliance: base/linux
24
24
  ```
25
25
 
26
- You could use those dependencies in your `exmaple.rb`:
26
+ You could use those dependencies in your `example.rb`:
27
27
 
28
28
  ```
29
29
 
@@ -4,5 +4,5 @@
4
4
  # author: Christoph Hartmann
5
5
 
6
6
  module Inspec
7
- VERSION = '1.33.1'.freeze
7
+ VERSION = '1.33.12'.freeze
8
8
  end
@@ -47,7 +47,7 @@ module Inspec::Resources
47
47
 
48
48
  def exist?
49
49
  # silent for mock resources
50
- return false if inspec.os[:name].to_s == 'unknown'
50
+ return false if inspec.os.name.nil?
51
51
 
52
52
  if inspec.os.linux?
53
53
  res = inspec.backend.run_command("bash -c 'type \"#{@command}\"'")
@@ -74,8 +74,13 @@ module Inspec::Resources
74
74
  end
75
75
 
76
76
  def repo
77
- return if image_name_from_image.nil?
78
- image_name_from_image.split(':')[0]
77
+ return if image.nil? || image_name_from_image.nil?
78
+ if image.include?('/') # host:port/ubuntu:latest
79
+ repo_part, image_part = image.split('/') # host:port, ubuntu:latest
80
+ repo_part + '/' + image_part.split(':')[0] # host:port + / + ubuntu
81
+ else
82
+ image_name_from_image.split(':')[0]
83
+ end
79
84
  end
80
85
 
81
86
  def tag
@@ -49,18 +49,17 @@ module Inspec::Resources
49
49
  escaped_query = escaped_query.gsub('$', '\\$')
50
50
 
51
51
  p = nil
52
- # check if sqlplus is available and prefer that
53
- if inspec.command(@sqlplus_bin).exist?
54
- bin = @sqlplus_bin
55
- opts = "SET MARKUP HTML ON\nSET FEEDBACK OFF"
56
- p = :parse_html_result
57
- elsif inspec.command(@sqlcl_bin).exist?
52
+ # use sqlplus if sqlcl is not available
53
+ if inspec.command(@sqlcl_bin).exist?
58
54
  bin = @sqlcl_bin
59
55
  opts = "set sqlformat csv\nSET FEEDBACK OFF"
60
56
  p = :parse_csv_result
57
+ else
58
+ bin = @sqlplus_bin
59
+ opts = "SET MARKUP HTML ON\nSET FEEDBACK OFF"
60
+ p = :parse_html_result
61
61
  end
62
62
 
63
- return skip_resource("Can't find suitable Oracle CLI") if p.nil?
64
63
  command = "echo \"#{opts}\n#{verify_query(escaped_query)}\nEXIT\" | #{bin} -s #{@user}/#{@password}@//#{@host}:#{@port}/#{@service}"
65
64
  cmd = inspec.command(command)
66
65
 
@@ -25,8 +25,6 @@ module Inspec::Resources
25
25
  attr_reader :content
26
26
  def initialize(env = nil)
27
27
  @osenv = env
28
- @content = nil
29
- @content = value_for(env) unless env.nil?
30
28
  end
31
29
 
32
30
  def split
@@ -35,7 +33,12 @@ module Inspec::Resources
35
33
  path_separator = inspec.os.windows? ? ';' : ':'
36
34
  # -1 is required to catch cases like dir1::dir2:
37
35
  # where we have a trailing :
38
- @content.nil? ? [] : @content.split(path_separator, -1)
36
+ content.nil? ? [] : content.split(path_separator, -1)
37
+ end
38
+
39
+ def content
40
+ return @content if defined?(@content)
41
+ @content = value_for(@osenv) unless @osenv.nil?
39
42
  end
40
43
 
41
44
  def to_s
@@ -58,7 +61,7 @@ module Inspec::Resources
58
61
  out = inspec.command(command)
59
62
 
60
63
  unless out.exit_status == 0
61
- skip_resource "Can't read environment variables on #{os[:name]}. "\
64
+ skip_resource "Can't read environment variables on #{inspec.os.name}. "\
62
65
  "Tried `#{command}` which returned #{out.exit_status}"
63
66
  end
64
67
 
@@ -15,6 +15,7 @@ module Inspec::Resources
15
15
  example "
16
16
  describe package('nginx') do
17
17
  it { should be_installed }
18
+ it { should_not be_held } # for dpkg platforms that support holding a version from being upgraded
18
19
  its('version') { should eq 1.9.5 }
19
20
  end
20
21
  "
@@ -56,6 +57,13 @@ module Inspec::Resources
56
57
  info[:installed] == true
57
58
  end
58
59
 
60
+ # returns true it the package is held (if the OS supports it)
61
+ def held?(_provider = nil, _version = nil)
62
+ return false if info.nil?
63
+ return false unless info.key?(:held)
64
+ info[:held] == true
65
+ end
66
+
59
67
  # returns the package description
60
68
  def info
61
69
  return @cache if !@cache.nil?
@@ -107,11 +115,14 @@ module Inspec::Resources
107
115
  assignment_regex: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
108
116
  multiple_values: false,
109
117
  ).params
118
+ # If the package is installed, Status is "install ok installed"
119
+ # If the package is installed and marked hold, Status is "hold ok installed"
110
120
  # If the package is removed and not purged, Status is "deinstall ok config-files" with exit_status 0
111
121
  # If the package is purged cmd fails with non-zero exit status
112
122
  {
113
123
  name: params['Package'],
114
- installed: params['Status'].split(' ').first == 'install',
124
+ installed: params['Status'].split(' ')[2] == 'installed',
125
+ held: params['Status'].split(' ')[0] == 'hold',
115
126
  version: params['Version'],
116
127
  type: 'deb',
117
128
  }
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: inspec
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.33.1
4
+ version: 1.33.12
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dominik Richter
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-08-10 00:00:00.000000000 Z
11
+ date: 2017-08-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: train
@@ -332,8 +332,6 @@ files:
332
332
  - docs/resources/docker_container.md.erb
333
333
  - docs/resources/docker_image.md.erb
334
334
  - docs/resources/etc_group.md.erb
335
- - docs/resources/etc_passwd.md.erb
336
- - docs/resources/etc_shadow.md.erb
337
335
  - docs/resources/file.md.erb
338
336
  - docs/resources/gem.md.erb
339
337
  - docs/resources/group.md.erb
@@ -366,6 +364,7 @@ files:
366
364
  - docs/resources/package.md.erb
367
365
  - docs/resources/parse_config.md.erb
368
366
  - docs/resources/parse_config_file.md.erb
367
+ - docs/resources/passwd.md.erb
369
368
  - docs/resources/pip.md.erb
370
369
  - docs/resources/port.md.erb
371
370
  - docs/resources/postgres_conf.md.erb
@@ -379,6 +378,7 @@ files:
379
378
  - docs/resources/runit_service.md.erb
380
379
  - docs/resources/security_policy.md.erb
381
380
  - docs/resources/service.md.erb
381
+ - docs/resources/shadow.md.erb
382
382
  - docs/resources/ssh_config.md.erb
383
383
  - docs/resources/sshd_config.md.erb
384
384
  - docs/resources/ssl.md.erb