inspec 1.40.0 → 1.41.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 48bd4f2dd3f7ca6fd9867f3c526a77d33f823cd3
-  data.tar.gz: 40b54c1efd38c3b50d88c58ef60652d59d9ae1e6
+  metadata.gz: 111ac2cdb0069f50d575dfd47e2644489c3b8296
+  data.tar.gz: b989512dea168e62bc8092c1e3df498a706badd3
 SHA512:
-  metadata.gz: 549fab63987e3a8c4601d9166f3c49d8d7db92537a4358f3b83c43342ddacefcf1ba5d598e19b354414f04591f2e4a4eb5b4723358f3cbd74b717fe92659547a
-  data.tar.gz: bc5e8c053a1d96b4a24be5fc85b3754a71a4a20d5780be13d282a3d794e27b0f246771b19f443fb53838a3ff8d61236c26cc904b5cffa8a7d208b7e2187471f5
+  metadata.gz: 1cca620d9852d2a6369bbc0bec4663514abcd80e102a7d7b75a3f62f61c1438df5810bc25d81453fda09cd1b72f59ab648bea045b72c95b42da7211b5dda3c4a
+  data.tar.gz: efa759491e6cadb78ee7f97a2e626663a18548f7f3d60db9fc04d431ad19c5fe11f9427a0a124a05abca26242c12fefd54951b395dc30683253d72dbdc8ef88c

data/CHANGELOG.md

@@ -1,20 +1,42 @@
 # Change Log
 <!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
-<!-- latest_release 1.40.0 -->
-## [v1.40.0](https://github.com/chef/inspec/tree/v1.40.0) (2017-09-27)
+<!-- latest_release 1.40.13 -->
+## [v1.40.13](https://github.com/chef/inspec/tree/v1.40.13) (2017-10-07)
 
-#### New Resources
-- firewalld resource: inspect the status and configuration of firewalld [#2074](https://github.com/chef/inspec/pull/2074) ([dromazmj](https://github.com/dromazmj))
+#### Enhancements
+- Enhance cmp matcher to work with symbols, fix file documentation [#2224](https://github.com/chef/inspec/pull/2224) ([adamleff](https://github.com/adamleff))
 <!-- latest_release -->
 
-<!-- release_rollup since=1.39.1 -->
-### Changes since 1.39.1 release
+<!-- release_rollup since=1.40.0 -->
+### Changes since 1.40.0 release
 
-#### New Resources
-- firewalld resource: inspect the status and configuration of firewalld [#2074](https://github.com/chef/inspec/pull/2074) ([dromazmj](https://github.com/dromazmj)) <!-- 1.40.0 -->
+#### Bug Fixes
+- ssl resource: properly raise error when unable to determine if port is enabled [#2205](https://github.com/chef/inspec/pull/2205) ([jquick](https://github.com/jquick)) <!-- 1.40.12 -->
+- Fix loading profile files when executing multiple profiles [#2223](https://github.com/chef/inspec/pull/2223) ([adamleff](https://github.com/adamleff)) <!-- 1.40.11 -->
+- Support symbol keys in ObjectTraverser [#2221](https://github.com/chef/inspec/pull/2221) ([adamleff](https://github.com/adamleff)) <!-- 1.40.8 -->
+- Add nil check for sshd config file [#2217](https://github.com/chef/inspec/pull/2217) ([jquick](https://github.com/jquick)) <!-- 1.40.7 -->
+
+#### Enhancements
+- Enhance cmp matcher to work with symbols, fix file documentation [#2224](https://github.com/chef/inspec/pull/2224) ([adamleff](https://github.com/adamleff)) <!-- 1.40.13 -->
+- processes resource: support busybox ps [#2222](https://github.com/chef/inspec/pull/2222) ([adamleff](https://github.com/adamleff)) <!-- 1.40.10 -->
+- Update shell resource help to return what is defined [#2219](https://github.com/chef/inspec/pull/2219) ([jquick](https://github.com/jquick)) <!-- 1.40.9 -->
+- Add output for port/protocol for host resource. [#2202](https://github.com/chef/inspec/pull/2202) ([jquick](https://github.com/jquick)) <!-- 1.40.3 -->
+
+#### Merged Pull Requests
+- Add Segment tag to enable Google Analytics [#2220](https://github.com/chef/inspec/pull/2220) ([hamburglar](https://github.com/hamburglar)) <!-- 1.40.6 -->
+- http resource: properly execute tests on remote target [#2209](https://github.com/chef/inspec/pull/2209) ([adamleff](https://github.com/adamleff)) <!-- 1.40.5 -->
+- Adding examples of using expect syntax [#2213](https://github.com/chef/inspec/pull/2213) ([adamleff](https://github.com/adamleff)) <!-- 1.40.4 -->
+- Add bsd platform family to etc_hosts resource [#2192](https://github.com/chef/inspec/pull/2192) ([ctbarrett](https://github.com/ctbarrett)) <!-- 1.40.2 -->
+- Clean-up kitchen-inspec reference doc [#2208](https://github.com/chef/inspec/pull/2208) ([nathenharvey](https://github.com/nathenharvey)) <!-- 1.40.1 -->
 <!-- release_rollup -->
 
 <!-- latest_stable_release -->
+## [v1.40.0](https://github.com/chef/inspec/tree/v1.40.0) (2017-09-28)
+
+#### New Resources
+- firewalld resource: inspect the status and configuration of firewalld [#2074](https://github.com/chef/inspec/pull/2074) ([dromazmj](https://github.com/dromazmj))
+<!-- latest_stable_release -->
+
 ## [v1.39.0](https://github.com/chef/inspec/tree/v1.39.0) (2017-09-25)
 
 #### New Resources
@@ -23,7 +45,6 @@
 
 #### Merged Pull Requests
 - Bump train to 0.28 to allow for more net-ssh versions [#2185](https://github.com/chef/inspec/pull/2185) ([adamleff](https://github.com/adamleff))
-<!-- latest_stable_release -->
 
 ## [v1.38.8](https://github.com/chef/inspec/tree/v1.38.8) (2017-09-23)
 

data/docs/matchers.md

@@ -14,6 +14,8 @@ The following matchers are available:
 * `include`
 * `match`
 
+<br>
+
 ## be
 
 This matcher can be followed by many different comparison operators.
@@ -26,6 +28,8 @@ describe file('/proc/cpuinfo') do
 end
 ```
 
+<br>
+
 ## cmp
 
 Unlike `eq`, cmp is a matcher for less-restrictive comparisons. It will
@@ -64,6 +68,13 @@ end
       its('log_format') { should cmp 'RAW' }
     end
     ```
+* Recognize versions embedded in strings
+
+    ```ruby
+    describe package(curl) do
+      its('version') { should cmp > '7.35.0-1ubuntu2.10' }
+    end
+    ```
 
 * Compare arrays with only one entry to a value
 
@@ -92,6 +103,7 @@ end
     expected: 0345
     got: 0444
     ```
+<br>
 
 ## eq
 
@@ -116,6 +128,8 @@ its('Port') { should eq 22 }
 
 For less restrictive comparisons, please use `cmp`.
 
+<br>
+
 ## include
 
 Verifies if a value is included in a list.
@@ -126,6 +140,8 @@ describe passwd do
 end
 ```
 
+<br>
+
 ## be_in
 
 Verifies that an item is included in a list.
@@ -136,6 +152,8 @@ describe resource do
 end
 ```
 
+<br>
+
 ## match
 
 Check if a string matches a regular expression.

data/docs/plugin_kitchen_inspec.md

@@ -4,19 +4,19 @@ title: About kitchen-inspec
 
 # kitchen-inspec
 
-The `kitchen-inspec` driver enables InSpec to be used as a verifier within Kitchen.
+Use InSpec as a Kitchen verifier with `kitchen-inspec`.
 
-To use InSpec as a verifier, add it to the kitchen.yml file:
+Add the InSpec verifier to the `.kitchen.yml` file:
 
     verifier:
       name: inspec
 
-To define a suite that pulls its run-list from the Chef Compliance server:
+Use a compliance profile from the Chef Compliance server:
 
     suites:
       - name: compliance
         run_list:
-          - recipe[ssh-hardening]
+          - recipe[ssh-hardening::default]
         verifier:
           inspec_tests:
             - compliance://base/ssh
@@ -27,29 +27,23 @@ and then run the following command:
 
 where `--insecure` is required when using self-signed certificates.
 
-To define a suite that pulls its run-list from the Chef Supermarket:
+Use a compliance profile from the Chef Supermarket:
 
     suites:
       - name: supermarket
         run_list:
-          - recipe[ssh-hardening]
+          - recipe[ssh-hardening::default]
         verifier:
           inspec_tests:
-            - supermarket://hardening/ssh-hardening
-
-The `kitchen-inspec` driver expects tests to be located in the `test/integration` directory in a cookbook. For example::
-
-    .
-    ├── Berksfile
-    ├── Gemfile
-    ├── README.md
-    ├── metadata.rb
-    ├── recipes
-    │   ├── default.rb
-    │   └── nginx.rb
-    └── test
-        └── integration
-            └── default
-                ├── controls
-                ├── inspec.yml
-                └── libraries
+            - supermarket://dev-sec/ssh-baseline
+
+Use InSpec tests from the local file system:
+
+    suites:
+      - name: local
+        run_list:
+          - recipe[my_cookbook::default]
+        verifier:
+          inspec_tests:
+            - test/integration/default
+

data/docs/profiles.md

@@ -125,7 +125,7 @@ InSpec supports a number of dependency sources.
 
 ### path
 
-The `path` setting defines a profile that is located on disk. This setting is typically used during development of profiles and when debugging profiles. 
+The `path` setting defines a profile that is located on disk. This setting is typically used during development of profiles and when debugging profiles.
 
     depends:
     - name: my-profile
@@ -203,7 +203,7 @@ In the example above, every time `my-app-profile` is executed, all the controls
  * baseline-1
  * baseline-2
 
-This is a great reminder that having a good naming convention for your controls is helpful to avoid confusion when 
+This is a great reminder that having a good naming convention for your controls is helpful to avoid confusion when
 including controls from other profiles!
 
 ### Skipping a Control from a Profile
@@ -331,3 +331,40 @@ The tests in `example.rb` can now access this file:
         it { should be_listening }
       end
     end
+
+# "should" vs. "expect" syntax
+
+Users familiar with the RSpec testing framework may know that there are two ways to write test statements: `should` and `expect`. The RSpec community decided that `expect` is the preferred syntax. However, InSpec recommends the `should` syntax as it tends to read more easily to those users who are not as technical.
+
+InSpec will continue to support both methods of writing tests. Consider this `file` test:
+
+    describe file('/tmp/test.txt') do
+      it { should be_file }
+    end
+
+This can be re-written with `expect` syntax
+
+    describe file('/tmp/test.txt') do
+      it 'should be a file' do
+        expect(subject).to(be_file)
+      end
+    end
+
+The output of both of the above examples looks like this:
+
+    File /tmp/test.txt
+       ✔  should be a file
+
+In addition, you can make use of the `subject` keyword to further control your output if you choose:
+
+    describe 'test file' do
+      subject { file('/tmp/test.txt') }
+      it 'should be a file' do
+        expect(subject).to(be_file)
+      end
+    end
+
+... which will render the following output:
+
+    test file
+      ✔  should be a file

data/docs/resources/aide_conf.md.erb

@@ -6,6 +6,8 @@ title: About the aide_conf Resource
 
 Use the `aide_conf` InSpec audit resource to test the rules established for the file integrity tool AIDE. Controlled by the aide.conf file typically at /etc/aide.conf.
 
+<br>
+
 ## Syntax
 
 An `aide_conf` resource block can be used to determine if the selection lines contain one (or more) directories whose files should be added to the aide database:
@@ -30,37 +32,11 @@ Use the where clause to match a selection_line to one rule or a particular set o
       its('rules') { should include ['p', 'i', 'l', 'n', 'u', 'g', 'sha512'] }
     end
 
-## Matchers
-
-This InSpec audit resource has the following matchers:
-
-### be
-
-<%= partial "/shared/matcher_be" %>
-
-### cmp
-
-<%= partial "/shared/matcher_cmp" %>
-
-### eq
-
-<%= partial "/shared/matcher_eq" %>
-
-### include
-
-<%= partial "/shared/matcher_include" %>
-
-### all_have_rule
-
-The usage of all_have_rule will return whether or not all selection lines in audit.conf contain a particular rule:
-
-    describe aide_conf.all_have_rule('sha512') do
-      it { should eq true }
-    end
+<br>
 
 ## Examples
 
-The following examples show how to use this InSpec audit resource.
+The following examples show how to use this InSpec audit resource. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
 
 ### Test if all selection lines contain the xattr rule
 
@@ -79,3 +55,17 @@ The following examples show how to use this InSpec audit resource.
     describe aide_conf.where { selection_line == '/sbin' } do
       its('rules') { should include ['r', 'sha512'] }
     end
+
+<br>
+
+## Matchers
+
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+### all_have_rule
+
+The usage of all_have_rule will return whether or not all selection lines in audit.conf contain a particular rule:
+
+    describe aide_conf.all_have_rule('sha512') do
+      it { should eq true }
+    end

data/docs/resources/apache_conf.md.erb

@@ -6,6 +6,8 @@ title: About the apache_conf Resource
 
 Use the `apache_conf` InSpec audit resource to test the configuration settings for Apache. This file is typically located under `/etc/apache2` on the Debian and Ubuntu platforms and under `/etc/httpd` on the Fedora, CentOS, RedHat Enterprise Linux, and ArchLinux platforms. The configuration settings may vary significantly from platform to platform.
 
+<br>
+
 ## Syntax
 
 An `apache_conf` InSpec audit resource block declares configuration settings that should be tested:
@@ -20,56 +22,40 @@ where
 * `('path')` is the non-default path to the Apache configuration file
 * `{ should eq 'value' }` is the value that is expected
 
-## Matchers
+<br>
 
-This InSpec audit resource matches any service that is listed in the Apache configuration file:
+## Examples
 
-    its('PidFile') { should_not eq '/var/run/httpd.pid' }
+The following examples show how to use this InSpec audit resource.
 
-or:
+### Test for blocking .htaccess files on CentOS
 
-    its('Timeout') { should eq 300 }
+    describe apache_conf do
+      its('AllowOverride') { should eq 'None' }
+    end
 
-For example:
+### Test ports for SSL
 
     describe apache_conf do
-      its('MaxClients') { should eq 100 }
       its('Listen') { should eq '443'}
     end
 
+<br>
 
-### be
-
-<%= partial "/shared/matcher_be" %>
-
-### cmp
-
-<%= partial "/shared/matcher_cmp" %>
-
-### eq
-
-<%= partial "/shared/matcher_eq" %>
-
-### include
-
-<%= partial "/shared/matcher_include" %>
-
-### match
-
-<%= partial "/shared/matcher_match" %>
+## Matchers
 
-## Examples
+For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+This InSpec audit resource matches any service that is listed in the Apache configuration file:
 
-The following examples show how to use this InSpec audit resource.
+    its('PidFile') { should_not eq '/var/run/httpd.pid' }
 
-### Test for blocking .htaccess files on CentOS
+or:
 
-    describe apache_conf do
-      its('AllowOverride') { should eq 'None' }
-    end
+    its('Timeout') { should eq 300 }
 
-### Test ports for SSL
+For example:
 
     describe apache_conf do
+      its('MaxClients') { should eq 100 }
       its('Listen') { should eq '443'}
     end

data/docs/resources/apt.md.erb

@@ -6,6 +6,8 @@ title: About the apt Resource
 
 Use the `apt` InSpec audit resource to verify Apt repositories on the Debian and Ubuntu platforms, and also PPA repositories on the Ubuntu platform.
 
+<br>
+
 ## Syntax
 
 An `apt` resource block tests the contents of Apt and PPA repositories:
@@ -21,42 +23,7 @@ where
 * `('path')` may be an `http://` address, a `ppa:` address, or a short `repo-name/ppa` address
 * `exist` and `be_enabled` are a valid matchers for this resource
 
-
-## Matchers
-
-This InSpec audit resource has the following matchers:
-
-### be
-
-<%= partial "/shared/matcher_be" %>
-
-### be_enabled
-
-The `be_enabled` matcher tests if a package exists in the repository:
-
-    it { should be_enabled }
-
-### cmp
-
-<%= partial "/shared/matcher_cmp" %>
-
-### eq
-
-<%= partial "/shared/matcher_eq" %>
-
-### exist
-
-The `exist` matcher tests if a package exists on the system:
-
-    it { should exist }
-
-### include
-
-<%= partial "/shared/matcher_include" %>
-
-### match
-
-<%= partial "/shared/matcher_match" %>
+<br>
 
 ## Examples
 
@@ -82,3 +49,22 @@ The following examples show how to use this InSpec audit resource.
       it { should_not exist }
       it { should_not be_enabled }
     end
+
+<br>
+
+## Matchers
+
+This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+
+
+### be_enabled
+
+The `be_enabled` matcher tests if a package exists in the repository:
+
+    it { should be_enabled }
+
+### exist
+
+The `exist` matcher tests if a package exists on the system:
+
+    it { should exist }