inspec 1.45.9 → 1.45.13

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1a9abff18ab1cdd996b01299cb2c0e0ab2bdbaab
-  data.tar.gz: 24deaa54689c34fd8f7813e10828a74d54583e79
+  metadata.gz: 942384b7fafcd0d8318201eec37d4a08556d3080
+  data.tar.gz: 8823e1de51315eec835891df623ea55f6dca3059
 SHA512:
-  metadata.gz: c70d6d686d8bc62602837812f291a1bb1b05805cad90bf2fe22d168809cd3d427ff31ac4f57d5471be5f334c8daae22fab0e9a646e311c9152b88c9f09fe4d06
-  data.tar.gz: 48c1b044e2d6082bfe89d1babe2df372625f7a970468882c10180b855da5625eeec81eab3c4096abbe1690cf78def4f1b4960ea871a8c1ef9da69eee3c5c3c73
+  metadata.gz: 8fa3b0ea4482dc3f5562610a64fb6b878e97c6ad6b614564f7f6a2742d66ead3620c770ec379347373ed5e0182557d4c80100d219cef7d77c70ff87cdaaa89e6
+  data.tar.gz: 0c82db93fca88e51f51d936aaa792e124ba3826033963918e0bb8faca4b3a18bcaad3f64d3773db8ecfc62df22962e8c58ffa6055aad875e8563888c6a74322e

data/.rubocop.yml

@@ -8,30 +8,72 @@ AllCops:
   - 'examples/**/*'
   - 'vendor/**/*'
   - 'lib/bundles/inspec-init/templates/**/*'
-Documentation:
-  Enabled: false
+  - 'www/tutorial/**/*'
 AlignParameters:
   Enabled: true
-Encoding:
-  Enabled: true
+BlockDelimiters:
+  Enabled: false
+Documentation:
+  Enabled: false
+EmptyLinesAroundBlockBody:
+  Enabled: false
 FrozenStringLiteralComment:
   Enabled: false
 HashSyntax:
   Enabled: true
 LineLength:
   Enabled: false
-EmptyLinesAroundBlockBody:
+Layout/AlignHash:
+  Enabled: false
+Layout/EmptyLineAfterMagicComment:
+  Enabled: false
+Layout/EndOfLine:
+  Enabled: true
+  EnforcedStyle: lf
+Layout/SpaceAroundOperators:
   Enabled: false
 MethodLength:
   Max: 40
-NumericLiterals:
-  MinDigits: 10
+Metrics/AbcSize:
+  Max: 33
+Metrics/BlockLength:
+  Max: 50
 Metrics/CyclomaticComplexity:
   Max: 10
 Metrics/PerceivedComplexity:
   Max: 11
-Metrics/AbcSize:
-  Max: 33
+NumericLiterals:
+  MinDigits: 10
+Security/YAMLLoad:
+  Enabled: false
+Style/AndOr:
+  Enabled: false
+Style/BracesAroundHashParameters:
+  Enabled: false
+Style/ClassAndModuleChildren:
+  Enabled: false
+Style/ConditionalAssignment:
+  Enabled: false
+Style/EmptyMethod:
+  Enabled: false
+Style/Encoding:
+  Enabled: false
+Style/FileName:
+  Enabled: false
+Style/IfUnlessModifier:
+  Enabled: false
+Style/MethodMissing:
+  Enabled: false
+Style/MultilineIfModifier:
+  Enabled: false
+Style/NegatedIf:
+  Enabled: false
+Style/Not:
+  Enabled: false
+Style/NumericLiteralPrefix:
+  Enabled: false
+Style/NumericPredicate:
+  Enabled: false
 Style/PercentLiteralDelimiters:
   PreferredDelimiters:
     '%':  '{}'
@@ -43,33 +85,13 @@ Style/PercentLiteralDelimiters:
     '%w': '{}'
     '%W': ()
     '%x': ()
-Style/AlignHash:
-  Enabled: false
 Style/PredicateName:
   Enabled: false
-Style/ClassAndModuleChildren:
-  Enabled: false
-Style/ConditionalAssignment:
-  Enabled: false
-Style/BracesAroundHashParameters:
+Style/SymbolArray:
   Enabled: false
-Style/AndOr:
-  Enabled: false
-Style/Not:
-  Enabled: false
-Style/FileName:
-  Enabled: false
-Style/TrailingCommaInLiteral:
-  EnforcedStyleForMultiline: comma
 Style/TrailingCommaInArguments:
   EnforcedStyleForMultiline: comma
-Style/NegatedIf:
-  Enabled: false
+Style/TrailingCommaInLiteral:
+  EnforcedStyleForMultiline: comma
 Style/UnlessElse:
   Enabled: false
-BlockDelimiters:
-  Enabled: false
-Style/SpaceAroundOperators:
-  Enabled: false
-Style/IfUnlessModifier:
-  Enabled: false

data/CHANGELOG.md

@@ -1,34 +1,43 @@
 # Change Log
 <!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
-<!-- latest_release 1.45.9 -->
-## [v1.45.9](https://github.com/chef/inspec/tree/v1.45.9) (2017-11-16)
+<!-- latest_release 1.45.13 -->
+## [v1.45.13](https://github.com/chef/inspec/tree/v1.45.13) (2017-11-21)
 
-#### Enhancements
-- http resource: Add basic param handling to remote HTTP worker [#2286](https://github.com/chef/inspec/pull/2286) ([schisamo](https://github.com/schisamo))
+#### Merged Pull Requests
+- Bump train to 0.29.2 [#2327](https://github.com/chef/inspec/pull/2327) ([adamleff](https://github.com/adamleff))
 <!-- latest_release -->
 
-<!-- release_rollup since=1.44.8 -->
-### Changes since 1.44.8 release
-
-#### Enhancements
-- http resource: Add basic param handling to remote HTTP worker [#2286](https://github.com/chef/inspec/pull/2286) ([schisamo](https://github.com/schisamo)) <!-- 1.45.9 -->
-- Correctly format skip exceptions in formatters [#2307](https://github.com/chef/inspec/pull/2307) ([adamleff](https://github.com/adamleff)) <!-- 1.45.4 -->
+<!-- release_rollup since=1.45.9 -->
+### Changes since 1.45.9 release
 
 #### Merged Pull Requests
-- Update Rubocop to TargetRubyVersion 2.3 [#2311](https://github.com/chef/inspec/pull/2311) ([adamleff](https://github.com/adamleff)) <!-- 1.45.8 -->
-- Require Ruby 2.3 and later [#2293](https://github.com/chef/inspec/pull/2293) ([adamleff](https://github.com/adamleff)) <!-- 1.45.7 -->
-- Fix gid filtering for etc_group resource [#2297](https://github.com/chef/inspec/pull/2297) ([eramoto](https://github.com/eramoto)) <!-- 1.45.3 -->
-- Habitat build works for all versions, eliminates rake [#2301](https://github.com/chef/inspec/pull/2301) ([adamleff](https://github.com/adamleff)) <!-- 1.45.2 -->
-- Bumping train to 0.29.1 [#2306](https://github.com/chef/inspec/pull/2306) ([adamleff](https://github.com/adamleff)) <!-- 1.45.0 -->
+- Bump train to 0.29.2 [#2327](https://github.com/chef/inspec/pull/2327) ([adamleff](https://github.com/adamleff)) <!-- 1.45.13 -->
+- Bump Rubocop to 0.49.1 [#2323](https://github.com/chef/inspec/pull/2323) ([adamleff](https://github.com/adamleff)) <!-- 1.45.12 -->
+- Remove bundler install during Appveyor tests [#2322](https://github.com/chef/inspec/pull/2322) ([adamleff](https://github.com/adamleff)) <!-- 1.45.11 -->
+- Remove debug message from unit test [#2313](https://github.com/chef/inspec/pull/2313) ([eramoto](https://github.com/eramoto)) <!-- 1.45.10 -->
+<!-- release_rollup -->
+
+<!-- latest_stable_release -->
+## [v1.45.9](https://github.com/chef/inspec/tree/v1.45.9) (2017-11-16)
+
+#### Enhancements
+- Correctly format skip exceptions in formatters [#2307](https://github.com/chef/inspec/pull/2307) ([adamleff](https://github.com/adamleff))
+- http resource: Add basic param handling to remote HTTP worker [#2286](https://github.com/chef/inspec/pull/2286) ([schisamo](https://github.com/schisamo))
 
 #### Bug Fixes
-- xinetd_conf resource: fix false positives when config file or directory doesn&#39;t exist [#2302](https://github.com/chef/inspec/pull/2302) ([eramoto](https://github.com/eramoto)) <!-- 1.45.6 -->
-- oracledb_session resource: fix credential passing to sql/sqlplus [#2308](https://github.com/chef/inspec/pull/2308) ([bratdim](https://github.com/bratdim)) <!-- 1.45.5 -->
-- Fix classname in JUnit formatter [#2283](https://github.com/chef/inspec/pull/2283) ([adamleff](https://github.com/adamleff)) <!-- 1.45.1 -->
-- port resource: handle ss output from older iproute package [#2305](https://github.com/chef/inspec/pull/2305) ([Wing924](https://github.com/Wing924)) <!-- 1.44.9 -->
-<!-- release_rollup -->
+- port resource: handle ss output from older iproute package [#2305](https://github.com/chef/inspec/pull/2305) ([Wing924](https://github.com/Wing924))
+- Fix classname in JUnit formatter [#2283](https://github.com/chef/inspec/pull/2283) ([adamleff](https://github.com/adamleff))
+- oracledb_session resource: fix credential passing to sql/sqlplus [#2308](https://github.com/chef/inspec/pull/2308) ([bratdim](https://github.com/bratdim))
+- xinetd_conf resource: fix false positives when config file or directory doesn&#39;t exist [#2302](https://github.com/chef/inspec/pull/2302) ([eramoto](https://github.com/eramoto))
 
+#### Merged Pull Requests
+- Bumping train to 0.29.1 [#2306](https://github.com/chef/inspec/pull/2306) ([adamleff](https://github.com/adamleff))
+- Habitat build works for all versions, eliminates rake [#2301](https://github.com/chef/inspec/pull/2301) ([adamleff](https://github.com/adamleff))
+- Fix gid filtering for etc_group resource [#2297](https://github.com/chef/inspec/pull/2297) ([eramoto](https://github.com/eramoto))
+- Require Ruby 2.3 and later [#2293](https://github.com/chef/inspec/pull/2293) ([adamleff](https://github.com/adamleff))
+- Update Rubocop to TargetRubyVersion 2.3 [#2311](https://github.com/chef/inspec/pull/2311) ([adamleff](https://github.com/adamleff))
 <!-- latest_stable_release -->
+
 ## [v1.44.8](https://github.com/chef/inspec/tree/v1.44.8) (2017-11-09)
 
 #### Enhancements
@@ -47,7 +56,6 @@
 - Switch to tomlrb for TOML parsing [#2295](https://github.com/chef/inspec/pull/2295) ([adamleff](https://github.com/adamleff))
 - Use Ruby 2.4.2 in the Omnibus InSpec packages [#2294](https://github.com/chef/inspec/pull/2294) ([adamleff](https://github.com/adamleff))
 - Eliminate deprecation warnings on resource skipped messages [#2296](https://github.com/chef/inspec/pull/2296) ([adamleff](https://github.com/adamleff))
-<!-- latest_stable_release -->
 
 ## [v1.43.8](https://github.com/chef/inspec/tree/v1.43.8) (2017-11-02)
 

data/Gemfile

@@ -13,7 +13,7 @@ group :test do
   gem 'bundler', '~> 1.5'
   gem 'minitest', '~> 5.5'
   gem 'rake', '~> 10'
-  gem 'rubocop', '= 0.39.0'
+  gem 'rubocop', '= 0.49.1'
   gem 'simplecov', '~> 0.10'
   gem 'concurrent-ruby', '~> 0.9'
   gem 'mocha', '~> 1.1'

data/docs/resources/ini.md.erb

@@ -18,7 +18,7 @@ An `ini` resource block declares the configuration settings to be tested:
 
 where
 
-* `'setting_name'` is a synchronization setting defined in the INI file
+* `'setting_name'` is a setting key defined in the INI file
 * `('path')` is the path to the INI file
 * `{ should eq 'value' }` is the value that is expected
 
@@ -29,6 +29,19 @@ For example:
       its('server') { should eq '192.0.2.62' }
     end
 
+Settings inside of sections, such as the following:
+
+    [section_name]
+    setting_name = 123
+
+... can be retrieved by prefixing the setting_name with the section.
+
+    its('section_name.setting_name') { should cmp 123 }
+
+In the event a section or setting name has a period in it, the alternate syntax can be used:
+
+    its(['section.with.a.dot.in.it', 'setting.name.with.dots']) { should cmp 'lotsadots' }
+
 <br>
 
 ## Examples

data/docs/shell.md

@@ -29,7 +29,7 @@ InSpec), you can use the `-t` flag. We support connecting using ssh,
 WinRm and docker. If no target is provided, we implicitly support the
 "local" target - i.e. tests running on the current machine running
 InSpec. For an ssh connection, use `-i` for specifying ssh key files,
-and the `--sudo*` commands for requesting a privelege escalation after
+and the `--sudo*` commands for requesting a privilege escalation after
 logging in. For a WinRM connection, use `--path` to change the login
 path, `--ssl` to use SSL for transport layer encryption.
 

data/inspec.gemspec

@@ -20,13 +20,13 @@ Gem::Specification.new do |spec|
     '{bin,docs,examples,lib}/**/*', File::FNM_DOTMATCH
   ).reject { |f| File.directory?(f) }
 
-  spec.executables   = %w{ inspec }
+  spec.executables   = %w{inspec}
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ['lib']
 
   spec.required_ruby_version = '>= 2.3'
 
-  spec.add_dependency 'train', '~> 0.29', '>= 0.29.1'
+  spec.add_dependency 'train', '~> 0.29', '>= 0.29.2'
   spec.add_dependency 'thor', '~> 0.19'
   spec.add_dependency 'json', '>= 1.8', '< 3.0'
   spec.add_dependency 'rainbow', '~> 2'

data/lib/bundles/inspec-artifact/cli.rb

@@ -211,17 +211,12 @@ module Artifact
     def valid_header?(file_alg, file_version, file_keyname)
       public_keyfile = "#{file_keyname}.pem.pub"
       puts "Looking for #{public_keyfile} to verify artifact"
-      if not File.exist? public_keyfile
+      if !File.exist? public_keyfile
         raise "Can't find #{public_keyfile}"
       end
 
-      if not VALID_PROFILE_DIGESTS.member? file_alg
-        raise 'Invalid artifact digest algorithm detected'
-      end
-
-      if not VALID_PROFILE_VERSIONS.member? file_version
-        raise 'Invalid artifact version detected'
-      end
+      raise 'Invalid artifact digest algorithm detected' if !VALID_PROFILE_DIGESTS.member?(file_alg)
+      raise 'Invalid artifact version detected' if !VALID_PROFILE_VERSIONS.member?(file_version)
     end
 
     def verify(file_to_verifiy, &content_block)

data/lib/bundles/inspec-compliance/configuration.rb

@@ -79,11 +79,11 @@ module Compliance
 
     # exit 1 if the version of compliance that we're working with doesn't support odic
     def legacy_check!(feature)
-      if !supported?(feature)
-        puts "This feature (#{feature}) is not available for legacy installations."
-        puts 'Please upgrade to a recent version of Chef Compliance.'
-        exit 1
-      end
+      return if supported?(feature)
+
+      puts "This feature (#{feature}) is not available for legacy installations."
+      puts 'Please upgrade to a recent version of Chef Compliance.'
+      exit 1
     end
 
     private

data/lib/bundles/inspec-compliance/http.rb

@@ -12,10 +12,8 @@ module Compliance
     def self.get(url, headers = nil, insecure)
       uri = _parse_url(url)
       req = Net::HTTP::Get.new(uri.path)
-      if !headers.nil?
-        headers.each do |key, value|
-          req.add_field(key, value)
-        end
+      headers&.each do |key, value|
+        req.add_field(key, value)
       end
       send_request(uri, req, insecure)
     end
@@ -72,7 +70,6 @@ module Compliance
         http.request(req)
       }
       res
-
     rescue OpenSSL::SSL::SSLError => e
       raise e unless e.message.include? 'certificate verify failed'
 

data/lib/bundles/inspec-compliance/target.rb

@@ -37,15 +37,15 @@ module Compliance
             server = 'compliance'
             msg = "inspec compliance login https://your_compliance_server --user admin --insecure --token 'PASTE TOKEN HERE' "
           end
-          raise Inspec::FetcherFailure, <<EOF
+          raise Inspec::FetcherFailure, <<~EOF
 
-Cannot fetch #{uri} because your #{server} token has not been
-configured.
+            Cannot fetch #{uri} because your #{server} token has not been
+            configured.
 
-Please login using
+            Please login using
 
-    #{msg}
-EOF
+                #{msg}
+          EOF
         end
 
         # verifies that the target e.g base/ssh exists

data/lib/bundles/inspec-compliance/test/integration/default/cli.rb

@@ -13,7 +13,7 @@ puts "Run test as #{user} in path #{pwd}"
 access_token = ENV['COMPLIANCE_ACCESSTOKEN']
 refresh_token = ENV['COMPLIANCE_REFRESHTOKEN']
 
-%w{refresh_token access_token}.each do |type|
+%w{refresh_token access_token}.each do |type| # rubocop:disable Metrics/BlockLength
   case type
   when 'access_token'
     token_options = "--token '#{access_token}'"

data/lib/bundles/inspec-habitat/profile.rb

@@ -136,27 +136,21 @@ module Habitat
       Habitat::Log.info('Checking to see if Habitat is installed...')
       cmd = Mixlib::ShellOut.new('hab --version')
       cmd.run_command
-      if cmd.error?
-        exit_with_error('Unable to run Habitat commands.', cmd.stderr)
-      end
+      exit_with_error('Unable to run Habitat commands.', cmd.stderr) if cmd.error?
     end
 
     def validate_habitat_origin
-      if habitat_origin.nil?
-        exit_with_error(
-          'Unable to determine Habitat origin name.',
-          'Run `hab setup` or set the HAB_ORIGIN environment variable.',
-        )
-      end
+      exit_with_error(
+        'Unable to determine Habitat origin name.',
+        'Run `hab setup` or set the HAB_ORIGIN environment variable.',
+      ) if habitat_origin.nil?
     end
 
     def validate_habitat_auth_token
-      if habitat_auth_token.nil?
-        exit_with_error(
-          'Unable to determine Habitat auth token for publishing.',
-          'Run `hab setup` or set the HAB_AUTH_TOKEN environment variable.',
-        )
-      end
+      exit_with_error(
+        'Unable to determine Habitat auth token for publishing.',
+        'Run `hab setup` or set the HAB_AUTH_TOKEN environment variable.',
+      ) if habitat_auth_token.nil?
     end
 
     def validate_output_dir
@@ -318,78 +312,78 @@ module Habitat
     end
 
     def plan_contents
-      plan = <<-EOL
-pkg_name=#{package_name}
-pkg_version=#{profile.version}
-pkg_origin=#{habitat_origin}
-pkg_deps=(chef/inspec core/ruby core/hab)
-pkg_svc_user=root
-EOL
+      plan = <<~EOL
+        pkg_name=#{package_name}
+        pkg_version=#{profile.version}
+        pkg_origin=#{habitat_origin}
+        pkg_deps=(chef/inspec core/ruby core/hab)
+        pkg_svc_user=root
+      EOL
 
       plan += "pkg_license='#{profile.metadata.params[:license]}'\n\n" if profile.metadata.params[:license]
 
-      plan += <<-EOL
+      plan += <<~EOL
 
-do_build() {
-  cp -vr $PLAN_CONTEXT/../* $HAB_CACHE_SRC_PATH/$pkg_dirname
-}
+        do_build() {
+          cp -vr $PLAN_CONTEXT/../* $HAB_CACHE_SRC_PATH/$pkg_dirname
+        }
 
-do_install() {
-  local profile_contents
-  local excludes
-  profile_contents=($(ls))
-  excludes=(habitat results *.hart)
+        do_install() {
+          local profile_contents
+          local excludes
+          profile_contents=($(ls))
+          excludes=(habitat results *.hart)
 
-  for item in ${excludes[@]}; do
-    profile_contents=(${profile_contents[@]/$item/})
-  done
+          for item in ${excludes[@]}; do
+            profile_contents=(${profile_contents[@]/$item/})
+          done
 
-  mkdir ${pkg_prefix}/dist
-  cp -r ${profile_contents[@]} ${pkg_prefix}/dist/
-}
+          mkdir ${pkg_prefix}/dist
+          cp -r ${profile_contents[@]} ${pkg_prefix}/dist/
+        }
       EOL
 
       plan
     end
 
     def run_hook_contents
-      <<-EOL
-#!/bin/sh
-
-# redirect stderr to stdout
-# ultimately, we'd like to log this somewhere useful, but due to
-# https://github.com/habitat-sh/habitat/issues/2395, we need to
-# avoid doing that for now.
-exec 2>&1
-
-# InSpec will try to create a .cache directory in the user's home directory
-# so this needs to be someplace writeable by the hab user
-export HOME={{pkg.svc_var_path}}
-
-PROFILE_IDENT="{{pkg.origin}}/{{pkg.name}}"
-RESULTS_DIR="{{pkg.svc_var_path}}/inspec_results"
-RESULTS_FILE="${RESULTS_DIR}/{{pkg.name}}.json"
-
-# Create a directory for inspec formatter output
-mkdir -p {{pkg.svc_var_path}}/inspec_results
-
-while true; do
-  echo "Executing InSpec for ${PROFILE_IDENT}"
-  inspec exec {{pkg.path}}/dist --format=json > ${RESULTS_FILE}
-
-  if [ $? -eq 0 ]; then
-    echo "InSpec run completed successfully."
-  else
-    echo "InSpec run did not complete successfully. If you do not see any errors above,"
-    echo "control failures were detected. Check the InSpec results here for details:"
-    echo ${RESULTS_FILE}
-    echo "Otherwise, troubleshoot any errors shown above."
-  fi
-
-  source {{pkg.svc_config_path}}/settings.sh
-  echo "sleeping for ${SLEEP_TIME} seconds"
-  sleep ${SLEEP_TIME}
-done
+      <<~EOL
+        #!/bin/sh
+
+        # redirect stderr to stdout
+        # ultimately, we'd like to log this somewhere useful, but due to
+        # https://github.com/habitat-sh/habitat/issues/2395, we need to
+        # avoid doing that for now.
+        exec 2>&1
+
+        # InSpec will try to create a .cache directory in the user's home directory
+        # so this needs to be someplace writeable by the hab user
+        export HOME={{pkg.svc_var_path}}
+
+        PROFILE_IDENT="{{pkg.origin}}/{{pkg.name}}"
+        RESULTS_DIR="{{pkg.svc_var_path}}/inspec_results"
+        RESULTS_FILE="${RESULTS_DIR}/{{pkg.name}}.json"
+
+        # Create a directory for inspec formatter output
+        mkdir -p {{pkg.svc_var_path}}/inspec_results
+
+        while true; do
+          echo "Executing InSpec for ${PROFILE_IDENT}"
+          inspec exec {{pkg.path}}/dist --format=json > ${RESULTS_FILE}
+
+          if [ $? -eq 0 ]; then
+            echo "InSpec run completed successfully."
+          else
+            echo "InSpec run did not complete successfully. If you do not see any errors above,"
+            echo "control failures were detected. Check the InSpec results here for details:"
+            echo ${RESULTS_FILE}
+            echo "Otherwise, troubleshoot any errors shown above."
+          fi
+
+          source {{pkg.svc_config_path}}/settings.sh
+          echo "sleeping for ${SLEEP_TIME} seconds"
+          sleep ${SLEEP_TIME}
+        done
       EOL
     end
   end