RubyGems - inspec - Versions diffs - 1.46.2 → 1.47.0 - Mend

inspec 1.46.2 → 1.47.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +29 -15
data/docs/ruby_usage.md +1 -1
data/inspec.gemspec +1 -1
data/lib/inspec/backend.rb +12 -0
data/lib/inspec/base_cli.rb +2 -0
data/lib/inspec/cli.rb +1 -0
data/lib/inspec/version.rb +1 -1
data/lib/resources/docker_image.rb +45 -17
data/lib/resources/json.rb +6 -0
data/lib/resources/key_rsa.rb +2 -2
data/lib/resources/security_policy.rb +7 -8
metadata +4 -10

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 275cc93db905d4d442e1c7c897a197c0123e1671
-  data.tar.gz: '097b235e017ce4fdde8e890a12e4221de4fd7330'
+  metadata.gz: 73d4de764766d6ce02f52597d9cdd3d3c5f962bf
+  data.tar.gz: 0aaec0745ed380804d6bd333711054eab7c505ea
 SHA512:
-  metadata.gz: c4424e307b2c5d474cb040e4fa023f98c9507c764edd84684cb286bf21c36a83395f5cd2d8a4f1f87d14a271e7b0a6d281eabe140065dcdd012f3780f3d390d1
-  data.tar.gz: 35a966232190612e93daac133334c5f7f2f5c705261d0155dc2758168c0f2b15865cfd52f47d635065a754f4b1f239216dd5c1574a4657024d0d92a008c6e0b4
+  metadata.gz: 93d630d3408a4c34b13504dbdc6cb07e0de5a672525db739bb7e54eff8d0971b09838ae5c14169362d3a98b58ae27af1feffb0e443733e5e92ce948786494f95
+  data.tar.gz: 49a27fd5dbe847483d31fa7d5ec357c91008596f47042d531c81c290b332b542d7caf90e56a9ae04c572b9d39cc913dda87565ec82a405aeef92e7c3d87df425

data/CHANGELOG.md CHANGED Viewed

@@ -1,28 +1,43 @@
 # Change Log
 <!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
-<!-- latest_release 1.46.2 -->
-## [v1.46.2](https://github.com/chef/inspec/tree/v1.46.2) (2017-11-29)
+<!-- latest_release 1.47.0 -->
+## [v1.47.0](https://github.com/chef/inspec/tree/v1.47.0) (2017-12-04)
-#### Bug Fixes
-- Allow skipping/failing resources in FilterTable [#2349](https://github.com/chef/inspec/pull/2349) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
+#### New Features
+- Enable caching for backend calls [#2309](https://github.com/chef/inspec/pull/2309) ([jquick](https://github.com/jquick))
 <!-- latest_release -->
-<!-- release_rollup since=1.45.13 -->
-### Changes since 1.45.13 release
+<!-- release_rollup since=1.46.2 -->
+### Changes since 1.46.2 release
-#### Enhancements
-- allow override of attribute identifier  [#2347](https://github.com/chef/inspec/pull/2347) ([chris-rock](https://github.com/chris-rock)) <!-- 1.46.0 -->
+#### New Features
+- Enable caching for backend calls [#2309](https://github.com/chef/inspec/pull/2309) ([jquick](https://github.com/jquick)) <!-- 1.47.0 -->
+#### Merged Pull Requests
+- docker_image resource: properly handle registries in image strings [#2356](https://github.com/chef/inspec/pull/2356) ([adamleff](https://github.com/adamleff)) <!-- 1.46.5 -->
 #### Bug Fixes
-- Allow skipping/failing resources in FilterTable [#2349](https://github.com/chef/inspec/pull/2349) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.46.2 -->
-- wmi resource: properly escape quotes in WMI query [#2342](https://github.com/chef/inspec/pull/2342) ([TheLonelyGhost](https://github.com/TheLonelyGhost)) <!-- 1.46.1 -->
-- file resource: fix NilClass error when using advanced windows permissions [#2344](https://github.com/chef/inspec/pull/2344) ([TheLonelyGhost](https://github.com/TheLonelyGhost)) <!-- 1.45.17 -->
-- http resource: properly support HEAD request with remote worker [#2340](https://github.com/chef/inspec/pull/2340) ([adamleff](https://github.com/adamleff)) <!-- 1.45.16 -->
-- grub_conf resource: correct grub path for RHEL-7-based OS [#2332](https://github.com/chef/inspec/pull/2332) ([atomic111](https://github.com/atomic111)) <!-- 1.45.15 -->
-- json resource (et. al.): allow inspec check to succeed when using command [#2317](https://github.com/chef/inspec/pull/2317) ([adamleff](https://github.com/adamleff)) <!-- 1.45.14 -->
+- security_policy resource: use PID for filename instead of random [#2368](https://github.com/chef/inspec/pull/2368) ([jquick](https://github.com/jquick)) <!-- 1.46.7 -->
+- key_rsa resource: fix inline shell documentation help, wrong resource name used in examples [#2364](https://github.com/chef/inspec/pull/2364) ([eramoto](https://github.com/eramoto)) <!-- 1.46.6 -->
+- json resource: ensure params is not nil in event of read/parse failure [#2354](https://github.com/chef/inspec/pull/2354) ([adamleff](https://github.com/adamleff)) <!-- 1.46.4 -->
+- Unique export file for security policy resource [#2350](https://github.com/chef/inspec/pull/2350) ([jquick](https://github.com/jquick)) <!-- 1.46.3 -->
 <!-- release_rollup -->
 <!-- latest_stable_release -->
+## [v1.46.2](https://github.com/chef/inspec/tree/v1.46.2) (2017-11-29)
+#### Enhancements
+- allow override of attribute identifier  [#2347](https://github.com/chef/inspec/pull/2347) ([chris-rock](https://github.com/chris-rock))
+#### Bug Fixes
+- json resource (et. al.): allow inspec check to succeed when using command [#2317](https://github.com/chef/inspec/pull/2317) ([adamleff](https://github.com/adamleff))
+- grub_conf resource: correct grub path for RHEL-7-based OS [#2332](https://github.com/chef/inspec/pull/2332) ([atomic111](https://github.com/atomic111))
+- http resource: properly support HEAD request with remote worker [#2340](https://github.com/chef/inspec/pull/2340) ([adamleff](https://github.com/adamleff))
+- file resource: fix NilClass error when using advanced windows permissions [#2344](https://github.com/chef/inspec/pull/2344) ([TheLonelyGhost](https://github.com/TheLonelyGhost))
+- wmi resource: properly escape quotes in WMI query [#2342](https://github.com/chef/inspec/pull/2342) ([TheLonelyGhost](https://github.com/TheLonelyGhost))
+- Allow skipping/failing resources in FilterTable [#2349](https://github.com/chef/inspec/pull/2349) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
+<!-- latest_stable_release -->
 ## [v1.45.13](https://github.com/chef/inspec/tree/v1.45.13) (2017-11-21)
 #### Merged Pull Requests
@@ -30,7 +45,6 @@
 - Remove bundler install during Appveyor tests [#2322](https://github.com/chef/inspec/pull/2322) ([adamleff](https://github.com/adamleff))
 - Bump Rubocop to 0.49.1 [#2323](https://github.com/chef/inspec/pull/2323) ([adamleff](https://github.com/adamleff))
 - Bump train to 0.29.2 [#2327](https://github.com/chef/inspec/pull/2327) ([adamleff](https://github.com/adamleff))
-<!-- latest_stable_release -->
 ## [v1.45.9](https://github.com/chef/inspec/tree/v1.45.9) (2017-11-16)

data/docs/ruby_usage.md CHANGED Viewed

@@ -73,7 +73,7 @@ independent of programming languages and their resolver mechanisms.
 ## Interactive Debugging with Pry
 Here's a sample InSpec control that users Ruby variables to instantiate
-an InSpec resource once and use the content in multipLe tests.
+an InSpec resource once and use the content in multiple tests.
 ```ruby
 control 'check-perl' do

data/inspec.gemspec CHANGED Viewed

@@ -26,7 +26,7 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = '>= 2.3'
-  spec.add_dependency 'train', '~> 0.29', '>= 0.29.2'
+  spec.add_dependency 'train', '~> 0.30'
   spec.add_dependency 'thor', '~> 0.19'
   spec.add_dependency 'json', '>= 1.8', '< 3.0'
   spec.add_dependency 'rainbow', '~> 2'

data/lib/inspec/backend.rb CHANGED Viewed

@@ -53,6 +53,18 @@ module Inspec
         raise "Can't connect to transport backend '#{name}'."
       end
+      # Set caching settings. We always want to enable caching for
+      # the Mock transport for testing.
+      if config[:backend_cache] || config[:backend] == :mock
+        connection.enable_cache(:file)
+        connection.enable_cache(:command)
+      elsif config[:debug_shell]
+        connection.disable_cache(:file)
+        connection.disable_cache(:command)
+      else
+        connection.disable_cache(:command)
+      end
       cls = Class.new do
         include Base

data/lib/inspec/base_cli.rb CHANGED Viewed

@@ -67,6 +67,8 @@ module Inspec
         desc: 'Use the given path for caching dependencies. (default: ~/.inspec/cache)'
       option :create_lockfile, type: :boolean, default: true,
         desc: 'Write out a lockfile based on this execution (unless one already exists)'
+      option :backend_cache, type: :boolean, default: false,
+        desc: 'Allow caching for backend command output.'
     end
     private

data/lib/inspec/cli.rb CHANGED Viewed

@@ -189,6 +189,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
   def shell_func
     diagnose
     o = opts.dup
+    o[:debug_shell] = true
     json_output = ['json', 'json-min'].include?(opts['format'])
     log_device = json_output ? nil : STDOUT

data/lib/inspec/version.rb CHANGED Viewed

@@ -4,5 +4,5 @@
 # author: Christoph Hartmann
 module Inspec
-  VERSION = '1.46.2'
+  VERSION = '1.47.0'
 end

data/lib/resources/docker_image.rb CHANGED Viewed

@@ -63,25 +63,19 @@ module Inspec::Resources
     private
     def sanitize_options(opts)
-      if !opts[:image].nil?
-        if !opts[:image].index(':').nil?
-          repo, tag = opts[:image].split(':')
-        else
-          opts[:repo] = opts[:image]
-          opts[:image] = nil
-        end
-        opts[:repo] ||= repo
-        opts[:tag] ||= tag
-      end
-      if !opts[:id].nil?
-        if opts[:id].index(':').nil?
-          opts[:id] = 'sha256:' + opts[:id]
-        end
-      end
+      opts.merge!(parse_components_from_image(opts[:image]))
+      # assume a "latest" tag if we don't have one
       opts[:tag] ||= 'latest'
-      opts[:image] ||= "#{opts[:repo]}:#{opts[:tag]}" unless opts[:repo].nil?
+      # if the ID isn't nil and doesn't contain a hash indicator (indicated by the presence
+      # of a colon, which separates the indicator from the actual hash), we assume it's sha256.
+      opts[:id] = 'sha256:' + opts[:id] unless opts[:id].nil? || opts[:id].include?(':')
+      # Assemble/reassemble the image from the repo and tag
+      opts[:image] = "#{opts[:repo]}:#{opts[:tag]}" unless opts[:repo].nil?
+      # return the santized opts back to the caller
       opts
     end
@@ -92,5 +86,39 @@ module Inspec::Resources
         (repository == opts[:repo] && tag == opts[:tag]) || (!id.nil? && !opts[:id].nil? && (id == opts[:id] || id.start_with?(opts[:id])))
       }
     end
+    def parse_components_from_image(image_string)
+      # if the user did not supply an image string, they likely supplied individual
+      # option parameters, such as repo and tag. Return empty data back to the caller.
+      return {} if image_string.nil?
+      first_colon = image_string.index(':') || -1
+      first_slash = image_string.index('/') || -1
+      if image_string.count(':') == 2
+        # If there are two colons in the image string, it contains a repo-with-port and a tag.
+        # example: localhost:5000/chef/inspec:1.46.3
+        partitioned_string = image_string.rpartition(':')
+        repo = partitioned_string.first
+        tag = partitioned_string.last
+      elsif image_string.count(':') == 1 && first_colon < first_slash
+        # If there's one colon in the image string, and it comes before a forward-slash,
+        # it contains a repo-with-port but no tag.
+        # example: localhost:5000/ubuntu
+        repo = image_string
+        tag = nil
+      else
+        # If there's one colon in the image string and it doesn't preceed a slash, or if
+        # there is no colon at all, then it separates the repo from the tag, if there is a tag.
+        # example: chef/inspec:1.46.3
+        # example: chef/inspec
+        # example: ubuntu:14.04
+        repo, tag = image_string.split(':')
+      end
+      # return the repo and tag parsed from the string, which can be merged into
+      # the rest of the user-supplied options
+      { repo: repo, tag: tag }
+    end
   end
 end

data/lib/resources/json.rb CHANGED Viewed

@@ -29,6 +29,12 @@ module Inspec::Resources
     attr_reader :params, :raw_content
     def initialize(opts)
+      # pre-initialize @params to an empty hash. In the event that reading/parsing the data
+      # throws an exception, this allows the resource to still be called outside of a
+      # describe/test and not throw errors when a caller attempts to fetch a value from the params.
+      @params = {}
+      # load the raw content from the source, and then parse it
       @raw_content = load_raw_content(opts)
       @params = parse(@raw_content)
     end

data/lib/resources/key_rsa.rb CHANGED Viewed

@@ -10,11 +10,11 @@ module Inspec::Resources
     name 'key_rsa'
     desc 'public/private RSA key pair test'
     example "
-      describe rsa_key('/etc/pki/www.mywebsite.com.key') do
+      describe key_rsa('/etc/pki/www.mywebsite.com.key') do
         its('public_key') { should match /BEGIN RSA PUBLIC KEY/ }
       end
-      describe rsa_key('/etc/pki/www.mywebsite.com.key', 'passphrase') do
+      describe key_rsa('/etc/pki/www.mywebsite.com.key', 'passphrase') do
         it { should be_private }
         it { should be_public }
       end

data/lib/resources/security_policy.rb CHANGED Viewed

@@ -108,22 +108,21 @@ module Inspec::Resources
     def read_content
       return @content if defined?(@content)
+      # using process pid to prevent any race conditions with multiple runners
+      export_file = "win_secpol-#{Process.pid}.cfg"
       # export the security policy
-      cmd = inspec.command('secedit /export /cfg win_secpol.cfg')
+      cmd = inspec.command("secedit /export /cfg #{export_file}")
       return nil if cmd.exit_status.to_i != 0
       # store file content
-      cmd = inspec.command('Get-Content win_secpol.cfg')
+      cmd = inspec.command("Get-Content #{export_file}")
       return skip_resource "Can't read security policy" if cmd.exit_status.to_i != 0
-      @content = cmd.stdout
-      if @content.empty? && !file.empty?
-        return skip_resource "Can't read security policy"
-      end
-      @content
+      @content = cmd.stdout
     ensure
       # delete temp file
-      inspec.command('Remove-Item win_secpol.cfg').exit_status.to_i
+      inspec.command("Remove-Item #{export_file}").exit_status.to_i
     end
     def read_params

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec
 version: !ruby/object:Gem::Version
-  version: 1.46.2
+  version: 1.47.0
 platform: ruby
 authors:
 - Dominik Richter
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-11-29 00:00:00.000000000 Z
+date: 2017-12-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: train
@@ -16,20 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.29'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.29.2
+        version: '0.30'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.29'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.29.2
+        version: '0.30'
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement