inspec 1.42.3 → 1.43.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6253ad47423d8b2a7bfc56409b61d31c0065aa6e
-  data.tar.gz: 7e3e02b74a6a6af95e62c09b62e949bf95eea242
+  metadata.gz: a4a6aec95f739ef20fa3418d47abd60a5ff8a48d
+  data.tar.gz: 48384f2eaf4146c12db4fd990751552d5070f1c8
 SHA512:
-  metadata.gz: 85007c9bc4574c090be7315dc133d21a364afd72af9115ea470fe026aeed18443d50271523ce2ea64d5c729315a0f0dd4433b807b23f4285ce3b8a1537174274
-  data.tar.gz: 8a1cc9ab25dd32116be49e3a05c67234040cb47d7db36629ff2fe38bfdb85684b3a9a9846900ea997054c8ac2ce140f4e27e0f4b5998980714382446e6d0a6de
+  metadata.gz: 3406d2fd4c9762d58f710d96a65c6805e1e61bb0c11e0d205bab6c77cdf0cac25ce68d244c095c2ccea0814595c579774629a1eaf635654aa45706be08fb7853
+  data.tar.gz: 4153ccfbbd14258b3bcb3e981abbc74dc15a2217ca0c4d7cecc9996c8e9839d32627512e62974e001292018e2f62d88f9d25b97f86fb7a5ccea63d5178c87bc0

data/CHANGELOG.md

@@ -1,37 +1,52 @@
 # Change Log
 <!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
-<!-- latest_release 1.42.3 -->
-## [v1.42.3](https://github.com/chef/inspec/tree/v1.42.3) (2017-10-18)
+<!-- latest_release 1.43.5 -->
+## [v1.43.5](https://github.com/chef/inspec/tree/v1.43.5) (2017-10-26)
 
 #### Enhancements
-- windows_hotfix resource: Replace WMI query with PowerShell cmdlet &quot;get-hotfix&quot; [#2252](https://github.com/chef/inspec/pull/2252) ([mattray](https://github.com/mattray))
+- Add Chef Automate support to `inspec compliance login` [#2203](https://github.com/chef/inspec/pull/2203) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
 <!-- latest_release -->
 
-<!-- release_rollup since=1.41.0 -->
-### Changes since 1.41.0 release
+<!-- release_rollup since=1.42.3 -->
+### Changes since 1.42.3 release
 
-#### Merged Pull Requests
-- Squashed some unit test warnings [#2242](https://github.com/chef/inspec/pull/2242) ([username-is-already-taken2](https://github.com/username-is-already-taken2)) <!-- 1.41.9 -->
-- Fix documentation of `split` matcher [#2240](https://github.com/chef/inspec/pull/2240) ([eramoto](https://github.com/eramoto)) <!-- 1.41.4 -->
-- Update the profile tempate [#2238](https://github.com/chef/inspec/pull/2238) ([nathenharvey](https://github.com/nathenharvey)) <!-- 1.41.3 -->
+#### Enhancements
+- Add Chef Automate support to `inspec compliance login` [#2203](https://github.com/chef/inspec/pull/2203) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.43.5 -->
+- Include ref when writing out inspec control objects [#2259](https://github.com/chef/inspec/pull/2259) ([arlimus](https://github.com/arlimus)) <!-- 1.43.2 -->
 
 #### Bug Fixes
-- Fix `only_if` behavior when used outside controls [#2216](https://github.com/chef/inspec/pull/2216) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.41.8 -->
-- Fix port ressource ss line parsing [#2243](https://github.com/chef/inspec/pull/2243) ([narkaTee](https://github.com/narkaTee)) <!-- 1.41.7 -->
-- Support PAX-formatted tar files, standardize file lists [#2225](https://github.com/chef/inspec/pull/2225) ([adamleff](https://github.com/adamleff)) <!-- 1.41.2 -->
-- Fix typo in error message in postgres resource [#2248](https://github.com/chef/inspec/pull/2248) ([rndmh3ro](https://github.com/rndmh3ro)) <!-- 1.42.2 -->
-- Resolve the weird encoding issue within inspec shell [#2234](https://github.com/chef/inspec/pull/2234) ([username-is-already-taken2](https://github.com/username-is-already-taken2)) <!-- 1.41.10 -->
+- Fix regression when uploading compliance profiles [#2264](https://github.com/chef/inspec/pull/2264) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.43.1 -->
 
-#### Enhancements
-- windows_hotfix resource: Replace WMI query with PowerShell cmdlet &quot;get-hotfix&quot; [#2252](https://github.com/chef/inspec/pull/2252) ([mattray](https://github.com/mattray)) <!-- 1.42.3 -->
-- Extend Windows ACL matchers [#1744](https://github.com/chef/inspec/pull/1744) ([TheLonelyGhost](https://github.com/TheLonelyGhost)) <!-- 1.42.1 -->
-- Add inspec habitat profile setup command [#2239](https://github.com/chef/inspec/pull/2239) ([adamleff](https://github.com/adamleff)) <!-- 1.42.0 -->
-- Add missed &#39;html&#39; to &#39;format&#39; option explanation and arrange formatters in alphabetical order [#2244](https://github.com/chef/inspec/pull/2244) ([strangeman](https://github.com/strangeman)) <!-- 1.41.6 -->
-- Uses netstat to detect open ports on AIX [#2210](https://github.com/chef/inspec/pull/2210) ([cattywampus](https://github.com/cattywampus)) <!-- 1.41.1 -->
-- etc_fstab resource: properly namespace the resource, add nfs_file_systems documentation [#2190](https://github.com/chef/inspec/pull/2190) ([jburns12](https://github.com/jburns12)) <!-- 1.41.5 -->
+#### New Resources
+- cran resource: check for R module installation [#2255](https://github.com/chef/inspec/pull/2255) ([mgrobelin](https://github.com/mgrobelin)) <!-- 1.43.4 -->
+- cpan resource: check for Perl module installation [#2254](https://github.com/chef/inspec/pull/2254) ([mgrobelin](https://github.com/mgrobelin)) <!-- 1.43.3 -->
+- new resource: elasticsearch resource, test cluster/node state [#2261](https://github.com/chef/inspec/pull/2261) ([adamleff](https://github.com/adamleff)) <!-- 1.43.0 -->
 <!-- release_rollup -->
 
 <!-- latest_stable_release -->
+## [v1.42.3](https://github.com/chef/inspec/tree/v1.42.3) (2017-10-19)
+
+#### Enhancements
+- etc_fstab resource: properly namespace the resource, add nfs_file_systems documentation [#2190](https://github.com/chef/inspec/pull/2190) ([jburns12](https://github.com/jburns12))
+- Uses netstat to detect open ports on AIX [#2210](https://github.com/chef/inspec/pull/2210) ([cattywampus](https://github.com/cattywampus))
+- Add missed &#39;html&#39; to &#39;format&#39; option explanation and arrange formatters in alphabetical order [#2244](https://github.com/chef/inspec/pull/2244) ([strangeman](https://github.com/strangeman))
+- Add inspec habitat profile setup command [#2239](https://github.com/chef/inspec/pull/2239) ([adamleff](https://github.com/adamleff))
+- Extend Windows ACL matchers [#1744](https://github.com/chef/inspec/pull/1744) ([TheLonelyGhost](https://github.com/TheLonelyGhost))
+- windows_hotfix resource: Replace WMI query with PowerShell cmdlet &quot;get-hotfix&quot; [#2252](https://github.com/chef/inspec/pull/2252) ([mattray](https://github.com/mattray))
+
+#### Bug Fixes
+- Resolve the weird encoding issue within inspec shell [#2234](https://github.com/chef/inspec/pull/2234) ([username-is-already-taken2](https://github.com/username-is-already-taken2))
+- Fix typo in error message in postgres resource [#2248](https://github.com/chef/inspec/pull/2248) ([rndmh3ro](https://github.com/rndmh3ro))
+- Support PAX-formatted tar files, standardize file lists [#2225](https://github.com/chef/inspec/pull/2225) ([adamleff](https://github.com/adamleff))
+- Fix port ressource ss line parsing [#2243](https://github.com/chef/inspec/pull/2243) ([narkaTee](https://github.com/narkaTee))
+- Fix `only_if` behavior when used outside controls [#2216](https://github.com/chef/inspec/pull/2216) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
+
+#### Merged Pull Requests
+- Update the profile tempate [#2238](https://github.com/chef/inspec/pull/2238) ([nathenharvey](https://github.com/nathenharvey))
+- Fix documentation of `split` matcher [#2240](https://github.com/chef/inspec/pull/2240) ([eramoto](https://github.com/eramoto))
+- Squashed some unit test warnings [#2242](https://github.com/chef/inspec/pull/2242) ([username-is-already-taken2](https://github.com/username-is-already-taken2))
+<!-- latest_stable_release -->
+
 ## [v1.41.0](https://github.com/chef/inspec/tree/v1.41.0) (2017-10-09)
 
 #### Enhancements
@@ -47,7 +62,6 @@
 - Support symbol keys in ObjectTraverser [#2221](https://github.com/chef/inspec/pull/2221) ([adamleff](https://github.com/adamleff))
 - Fix loading profile files when executing multiple profiles [#2223](https://github.com/chef/inspec/pull/2223) ([adamleff](https://github.com/adamleff))
 - ssl resource: properly raise error when unable to determine if port is enabled [#2205](https://github.com/chef/inspec/pull/2205) ([jquick](https://github.com/jquick))
-<!-- latest_stable_release -->
 
 ## [v1.40.0](https://github.com/chef/inspec/tree/v1.40.0) (2017-09-28)
 

data/docs/profiles.md

@@ -323,7 +323,7 @@ The tests in `example.rb` can now access this file:
     my_services = yaml(content: inspec.profile.file('services.yml')).params
 
     my_services.each do |s|
-      describe service(s['name']) do
+      describe service(s['service_name']) do
         it { should be_running }
       end
 

data/docs/resources/cpan.md.erb

@@ -0,0 +1,62 @@
+---
+title: About the cpan Resource
+---
+
+# cpan
+
+Use the `cpan` InSpec audit resource to test Perl modules that are installed by system packages or the CPAN installer.
+
+## Syntax
+
+A `cpan` resource block declares a package and (optionally) a package version:
+
+    describe cpan('package_name') do
+      it { should be_installed }
+    end
+
+where
+
+* `'package_name'` is the name of the package, such as `'DBD::Pg'`
+* `be_installed` tests to see if the package described above is installed
+
+
+## Matchers
+
+This InSpec audit resource has the following matchers:
+
+### be_installed
+
+The `be_installed` matcher tests if the named package is installed on the system:
+
+    it { should be_installed }
+
+### version
+
+The `version` matcher tests if the named package version is on the system:
+
+    its('version') { should eq '1.2.3' }
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test if DBD::Pg is installed on the system
+
+    describe cpan('DBD:Pg') do
+      it { should be_installed }
+    end
+
+### Test if DBD::Pg 3.7.0 is installed on the system
+
+    describe cpan('DBD::Pg') do
+      it { should be_installed }
+      its('version') { should eq '3.7.0' }
+    end
+    
+### Test if DBD::Pg is installed within a custom PERL5LIB path on the system
+
+Hint: You can pass multiple path's separated by colon `/path/to/perl5/lib:/usr/share/perl5/vendor_perl/lib/perl5`
+
+    describe cpan('DBD::Pg', '/home/jdoe/perl5/lib/perl5') do
+      it { should be_installed }
+    end

data/docs/resources/cran.md.erb

@@ -0,0 +1,54 @@
+---
+title: About the cran Resource
+---
+
+# cran
+
+Use the `cran` InSpec audit resource to test R modules that are installed from CRAN package repository.
+
+## Syntax
+
+A `cran` resource block declares a package and (optionally) a package version:
+
+    describe cran('package_name') do
+      it { should be_installed }
+    end
+
+where
+
+* `'package_name'` is the name of the package, such as `'DBI'`
+* `be_installed` tests to see if the package described above is installed
+
+
+## Matchers
+
+This InSpec audit resource has the following matchers:
+
+### be_installed
+
+The `be_installed` matcher tests if the named package is installed on the system:
+
+    it { should be_installed }
+
+### version
+
+The `version` matcher tests if the named package version is on the system:
+
+    its('version') { should eq '1.2.3' }
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test if DBI is installed on the system
+
+    describe cran('DBI') do
+      it { should be_installed }
+    end
+
+### Test if DBI 0.5.1 is installed on the system
+
+    describe cran('DBI') do
+      it { should be_installed }
+      its('version') { should eq '0.5.1' }
+    end

data/docs/resources/elasticsearch.md.erb

@@ -0,0 +1,245 @@
+---
+title: The Elasticsearch Resource
+---
+
+# elasticsearch
+
+The `elasticsearch` resource allows testing of a node status against a running
+Elasticsearch cluster. InSpec will retrieve the node list from the cluster node URL
+provided (defaults to `http://localhost:9200`) and provide the ability to query
+a variety of settings and statuses.
+
+## Syntax
+
+    describe elasticsearch do
+      its('property') { should cmp 'value' }
+    end
+
+The `elasticsearch` resource accepts a number of optional values:
+
+ * `url`: the top-level URL of an Elasticsearch node in the cluster. If your Elasticsearch installation is not served out of the top-level directory at the host, be sure to specific the full URL; for example: `http://my-load-balancer/elasticsearch`. Default: `http://localhost:9200`
+ * `username`: a username to use to log in with HTTP-Basic authentication. If `username` is provided, a `password` must also be provided.
+ * `password`: a password to use to log in with HTTP-Basic authentication. If `password` is provided, a `username` must also be provided.
+ * `ssl_verify`: if `false`, SSL certificate validation will be disabled. Default: `true`
+
+In addition, the `elasticsearch` resource allows for filtering the nodes returned by property before executing the tests:
+
+    describe elasticsearch.where { node_name == 'one-off-node' } do
+      its('version') { should eq '1.2.3' }
+    end
+
+    describe elasticsearch.where { process.mlockall == false } do
+      its('count') { should cmp 0 }
+    end
+
+To simply check if nodes exist that match the criteria, use the `exist` matcher:
+
+    describe elasticsearch.where { cluster_name == 'my_cluster' } do
+      it { should exist }
+    end
+
+## Supported Properties
+
+The following properties are provided:
+
+* build_hash
+* cluster_name
+* host
+* http
+* ingest
+* ip
+* jvm
+* module_list
+* modules
+* node_name
+* node_id
+* os
+* plugin_list
+* plugins
+* process
+* roles
+* settings
+* total_indexing_buffer
+* transport
+* transport_address
+* version
+
+Since the `elasticsearch` resource is meant for use on a cluster, each property will return an array of the values for each node that matches any provided search criteria. Using InSpec's `cmp` matcher will help avoid any issues when trying to compare values for when a single match is returned (i.e. when the cluster only contains a single node, or the `where` filter criteria provided only returns a single node).
+
+## Property Examples
+
+### build_hash
+
+Returns the build hash for each of the nodes.
+
+    describe elasticsearch do
+      its('build_hash') { should cmp 'b2f0c09' }
+    end
+
+### cluster_name
+
+Returns the cluster names of each of the nodes.
+
+    describe elasticsearch do
+      its('cluster_name') { should cmp 'my_cluster' }
+    end
+
+### host
+
+Returns the hostname of each of the nodes. This may return an IP address of the node is not properly performing DNS resolution or has no hostname set.
+
+    describe elasticsearch do
+      its('host') { should cmp 'my.hostname.mycompany.biz' }
+    end
+
+### http
+
+Returns a hash of HTTP-related settings for each of the nodes. In this example, the `first` method is used to grab only the first node's HTTP-related info and is a way of removing the item from the Array if only one node is being queried.
+
+    describe elasticsearch do
+      its('http.first.max_content_length_in_bytes') { should cmp 123456 }
+    end
+
+### ingest
+
+Returns ingest-related settings and capabilities, such as available processors.
+
+    describe elasticsearch do
+      its('ingest.first.processors.count') { should be >= 1 }
+    end
+
+### ip
+
+Returns the IP address of each of the nodes.
+
+    describe elasticsearch do
+      its('ip') { should cmp '192.168.1.100' }
+    end
+
+### jvm
+
+Returns Java Virtual Machine related parameters for each of the nodes.
+
+    describe elasticsearch do
+      its('jvm.first.version') { should cmp '1.8.0_141' }
+    end
+
+### module_list
+
+Returns a list of enabled modules for each node in the cluster. For more additional information about each module, use the `modules` property.
+
+    describe elasticsearch do
+      its('module_list.first') { should include 'my_module' }
+    end
+
+### modules
+
+Returns detailed information about each enabled module for each node in the cluster. For a succint list of the names of each of the modules enabled, use the `module_list` property. This example uses a bit of additional Ruby to find a specific module and assert a value.
+
+    modules = elasticsearch.modules.first
+    lang_groovy_module = modules.find { |mod| mod.name == 'lang-groovy' }
+
+    describe 'lang-groovy module version' do
+      subject { lang_groovy_module }
+      its('version') { should cmp '5.5.2' }
+    end
+
+### node_name
+
+Returns the node name for each node in the cluster.
+
+    describe elasticsearch do
+      its('node_name') { should cmp 'node1' }
+    end
+
+### node_id
+
+Returns the node IDs of each of the nodes in the cluster.
+
+    describe elasticsearch do
+      its('node_id') { should include 'my_node_id' }
+    end
+
+### os
+
+Returns OS-related information about each node in the cluster.
+
+    describe elasticsearch do
+      its('os.first.arch') { should cmp 'amd64' }
+    end
+
+### plugin_list
+
+Returns a list of enabled plugins for each node in the cluster. For more additional information about each plugin, use the `plugins` property.
+
+    describe elasticsearch do
+      its('plugin_list.first') { should include 'my_plugin' }
+    end
+
+### plugins
+
+Returns detailed information about each enabled plugin for each node in the cluster. For a succint list of the names of each of the plugins enabled, use the `plugin_list` property. This example uses a bit of additional Ruby to find a specific plugin and assert a value.
+
+    plugins = elasticsearch.plugins.first
+    my_plugin = plugins.find { |plugin| plugin.name == 'my_plugin' }
+
+    describe 'my_plugin plugin version' do
+      subject { my_plugin }
+      its('version') { should cmp '1.2.3' }
+    end
+
+### process
+
+Returns process information for each node in the cluster, such as the process ID.
+
+    describe elasticsearch do
+      its('process.first.mlockall') { should cmp true }
+    end
+
+### roles
+
+Returns the role for each of the nodes in the cluster.
+
+    describe elasticsearch.where { node_name == 'my_master_node' } do
+      it { should include 'master' }
+    end
+
+### settings
+
+Returns all the configuration settings for each node in the cluster. These settings usually include those set in the elasticsearch.yml as well as those set via `-Des.` or `-E` flags at startup. Use the `inspec shell` to explore the various setting keys that are available.
+
+    describe elasticsearch do
+      its('settings.first.path.home') { should cmp '/usr/share/elasticsearch' }
+    end
+
+### total_indexing_buffer
+
+Returns the total indexing buffer for each node in the cluster.
+
+    describe elasticsearch do
+      its('total_indexing_buffer') { should cmp 123456 }
+    end
+
+### transport
+
+Returns transport-related settings for each node in the cluster, such as the bound and published addresses.
+
+    describe elasticsearch do
+      its('transport.first.bound_address') { should cmp '1.2.3.4:9200' }
+    end
+
+### transport_address
+
+Returns the bound transport address for each node in the cluster.
+
+    describe elasticsearch do
+      its('transport_address') { should cmp '1.2.3.4:9200' }
+    end
+
+### version
+
+Returns the version of Elasticsearch running on each node of the cluster.
+
+    describe elasticsearch do
+      its('version') { should cmp '5.5.2' }
+    end