RubyGems - inspec - Versions diffs - 1.49.2 → 1.50.1 - Mend

inspec 1.49.2 → 1.50.1

Files changed (17) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +43 -25
data/docs/resources/etc_hosts_allow.md.erb +1 -1
data/docs/resources/etc_hosts_deny.md.erb +1 -1
data/docs/resources/firewalld.md.erb +2 -0
data/docs/resources/postgres_hba_conf.md.erb +1 -1
data/docs/resources/postgres_ident_conf.md.erb +1 -1
data/docs/resources/windows_hotfix.md.erb +2 -0
data/docs/resources/xml.md.erb +21 -3
data/lib/inspec/metadata.rb +1 -1
data/lib/inspec/version.rb +1 -1
data/lib/resources/firewalld.rb +3 -3
data/lib/resources/http.rb +15 -1
data/lib/resources/mssql_session.rb +7 -6
data/lib/resources/package.rb +5 -1
data/lib/resources/xml.rb +12 -1
metadata +2 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ff56bd489f8c7496d62120343dd41c16364bef74
-  data.tar.gz: c2fc41784be9b7695628bea807ba737ea1f0deb4
+  metadata.gz: 3e1a10fa109bd6acf6791160ec84a2b00541332f
+  data.tar.gz: 0ca5fa62d228cc13b973f272fd9ac55635cafba7
 SHA512:
-  metadata.gz: fc9b5edf8c20fa3b937a7215cb6aee10a3622de37d4bbfa9752666f92cbf355300b953840ee5a032be8ae3fd4a338cd0e6345be2156fab4b5d3dd008ef5193d0
-  data.tar.gz: 250b01f2dc31fd57a9321758e8ef6b4ffc47ddd025c1b0db157a842ff3ebe04467fe7e9e8f90ccf16afc3b7fbff767bab3a89d799dc4d5959000bfd76f48115e
+  metadata.gz: 47dec2f9f7653e27b31489524ccb93ab364a8683f66ce00e7eec849a0fcc1cc0b5cbf773cb673e6ac4a532c0c3ccabffa5446c9feb50674f4cd130e46d5ccfb6
+  data.tar.gz: 385cbd5d676ef7f3bfb5905a23da6a2359abbdf5fc025e77ebb885bb20dde32172573df4b51176919edba5425bab9c95b6b8b02188b3941dc77f9f05940b2338

data/CHANGELOG.md CHANGED

@@ -1,39 +1,58 @@
 # Change Log
 <!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
-<!-- latest_release 1.49.2 -->
-## [v1.49.2](https://github.com/chef/inspec/tree/v1.49.2) (2018-01-04)
+<!-- latest_release unreleased -->
+## Unreleased
-#### Enhancements
-- load local dependencies in inspec shell [#2438](https://github.com/chef/inspec/pull/2438) ([arlimus](https://github.com/arlimus))
+#### Merged Pull Requests
+- Bump version manually to trigger Habitat build [#2466](https://github.com/chef/inspec/pull/2466) ([adamleff](https://github.com/adamleff))
 <!-- latest_release -->
-<!-- release_rollup since=1.48.0 -->
-### Changes since 1.48.0 release
-#### Enhancements
-- load local dependencies in inspec shell [#2438](https://github.com/chef/inspec/pull/2438) ([arlimus](https://github.com/arlimus)) <!-- 1.49.2 -->
-- Deprecate and warn when comparing against OS name with capitals/spaces [#2397](https://github.com/chef/inspec/pull/2397) ([jquick](https://github.com/jquick)) <!-- 1.49.1 -->
-- Add platform resource and platform supports [#2393](https://github.com/chef/inspec/pull/2393) ([jquick](https://github.com/jquick)) <!-- 1.48.12 -->
-- file resource: adds `Synchronize` permission to windows ACL checks [#2399](https://github.com/chef/inspec/pull/2399) ([TheLonelyGhost](https://github.com/TheLonelyGhost)) <!-- 1.48.6 -->
-- bond resource: Add bonding mode matcher [#2414](https://github.com/chef/inspec/pull/2414) ([ehanlon](https://github.com/ehanlon)) <!-- 1.48.8 -->
+<!-- release_rollup since=1.49.2 -->
+### Changes since 1.49.2 release
 #### Bug Fixes
-- Modify `inspec json` to use `check_mode` [#2435](https://github.com/chef/inspec/pull/2435) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.48.14 -->
-- dependency chaining in libraries [#2428](https://github.com/chef/inspec/pull/2428) ([arlimus](https://github.com/arlimus)) <!-- 1.48.13 -->
-- Update apache_conf regular expression to exclude whitespace. [#2416](https://github.com/chef/inspec/pull/2416) ([miah](https://github.com/miah)) <!-- 1.48.9 -->
-- Add support for Darwin Directory Service groups [#2403](https://github.com/chef/inspec/pull/2403) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.48.4 -->
-- Fix Docker build in the Expeditor pipeline [#2432](https://github.com/chef/inspec/pull/2432) ([adamleff](https://github.com/adamleff)) <!-- 1.48.11 -->
-- Fix `x509_certificate` integration tests [#2431](https://github.com/chef/inspec/pull/2431) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.48.10 -->
-- Fix OWCA detection for `compliance login` [#2401](https://github.com/chef/inspec/pull/2401) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.48.7 -->
-- default attributes for nil and false [#2410](https://github.com/chef/inspec/pull/2410) ([arlimus](https://github.com/arlimus)) <!-- 1.48.5 -->
-- package resource: Enhance resource error handling [#2388](https://github.com/chef/inspec/pull/2388) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.48.3 -->
+- http resource: make header keys case insensitive [#2457](https://github.com/chef/inspec/pull/2457) ([adamleff](https://github.com/adamleff)) <!-- 1.49.10 -->
+- package resource: fix NilClass errors on arch linux [#2437](https://github.com/chef/inspec/pull/2437) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.49.8 -->
+- firewalld resource: prepend rule string only when necessary [#2430](https://github.com/chef/inspec/pull/2430) ([tarcinil](https://github.com/tarcinil)) <!-- 1.49.6 -->
+#### Enhancements
+- xml resource: support fetching attributes [#2423](https://github.com/chef/inspec/pull/2423) ([tarcinil](https://github.com/tarcinil)) <!-- 1.49.7 -->
+- mssql_session resource: add port parameter [#2429](https://github.com/chef/inspec/pull/2429) ([tarcinil](https://github.com/tarcinil)) <!-- 1.49.5 -->
 #### Merged Pull Requests
-- Bump minor version and cleanup changelog for release [#2440](https://github.com/chef/inspec/pull/2440) ([adamleff](https://github.com/adamleff)) <!-- 1.49.0 -->
-- Split unit tests from functional [#2391](https://github.com/chef/inspec/pull/2391) ([adamleff](https://github.com/adamleff)) <!-- 1.48.2 -->
+- Bump version manually to trigger Habitat build [#2466](https://github.com/chef/inspec/pull/2466) ([adamleff](https://github.com/adamleff)) <!-- 1.50.1 -->
+- Bump minor version [#2465](https://github.com/chef/inspec/pull/2465) ([adamleff](https://github.com/adamleff)) <!-- 1.50.0 -->
+- Bump Omnibus Ruby (and Travis Rubies) to 2.4.3 [#2452](https://github.com/chef/inspec/pull/2452) ([adamleff](https://github.com/adamleff)) <!-- 1.49.9 -->
+- Update the inspec support check to warn to stderr. [#2446](https://github.com/chef/inspec/pull/2446) ([jquick](https://github.com/jquick)) <!-- 1.49.4 -->
+- Fix package manager detection on Arch Linux [#2436](https://github.com/chef/inspec/pull/2436) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.49.3 -->
 <!-- release_rollup -->
 <!-- latest_stable_release -->
+## [v1.49.2](https://github.com/chef/inspec/tree/v1.49.2) (2018-01-04)
+#### Enhancements
+- bond resource: Add bonding mode matcher [#2414](https://github.com/chef/inspec/pull/2414) ([ehanlon](https://github.com/ehanlon))
+- file resource: adds `Synchronize` permission to windows ACL checks [#2399](https://github.com/chef/inspec/pull/2399) ([TheLonelyGhost](https://github.com/TheLonelyGhost))
+- Add platform resource and platform supports [#2393](https://github.com/chef/inspec/pull/2393) ([jquick](https://github.com/jquick))
+- Deprecate and warn when comparing against OS name with capitals/spaces [#2397](https://github.com/chef/inspec/pull/2397) ([jquick](https://github.com/jquick))
+- load local dependencies in inspec shell [#2438](https://github.com/chef/inspec/pull/2438) ([arlimus](https://github.com/arlimus))
+#### Bug Fixes
+- package resource: Enhance resource error handling [#2388](https://github.com/chef/inspec/pull/2388) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
+- default attributes for nil and false [#2410](https://github.com/chef/inspec/pull/2410) ([arlimus](https://github.com/arlimus))
+- Fix OWCA detection for `compliance login` [#2401](https://github.com/chef/inspec/pull/2401) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
+- Fix `x509_certificate` integration tests [#2431](https://github.com/chef/inspec/pull/2431) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
+- Fix Docker build in the Expeditor pipeline [#2432](https://github.com/chef/inspec/pull/2432) ([adamleff](https://github.com/adamleff))
+- Add support for Darwin Directory Service groups [#2403](https://github.com/chef/inspec/pull/2403) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
+- Update apache_conf regular expression to exclude whitespace. [#2416](https://github.com/chef/inspec/pull/2416) ([miah](https://github.com/miah))
+- dependency chaining in libraries [#2428](https://github.com/chef/inspec/pull/2428) ([arlimus](https://github.com/arlimus))
+- Modify `inspec json` to use `check_mode` [#2435](https://github.com/chef/inspec/pull/2435) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
+#### Merged Pull Requests
+- Split unit tests from functional [#2391](https://github.com/chef/inspec/pull/2391) ([adamleff](https://github.com/adamleff))
+- Bump minor version and cleanup changelog for release [#2440](https://github.com/chef/inspec/pull/2440) ([adamleff](https://github.com/adamleff))
+<!-- latest_stable_release -->
 ## [v1.48.0](https://github.com/chef/inspec/tree/v1.48.0) (2017-12-07)
 #### Enhancements
@@ -50,7 +69,6 @@
 - Update command resource to check for mock backend [#2353](https://github.com/chef/inspec/pull/2353) ([jquick](https://github.com/jquick))
 - Fix inspec appveyor test with the new local train transport [#2376](https://github.com/chef/inspec/pull/2376) ([jquick](https://github.com/jquick))
 - Fix changelog categories, bump minor version for release [#2381](https://github.com/chef/inspec/pull/2381) ([adamleff](https://github.com/adamleff))
-<!-- latest_stable_release -->
 ## [v1.47.0](https://github.com/chef/inspec/tree/v1.47.0) (2017-12-04)

data/docs/resources/etc_hosts_allow.md.erb CHANGED

@@ -2,7 +2,7 @@
 title: About the etc_hosts_allow Resource
 ---
-# etc_hosts_allow
+# etc\_hosts\_allow
 Use the `etc_hosts_allow` InSpec audit resource to test rules set to accept daemon and client traffic set in /etc/hosts.allow file.

data/docs/resources/etc_hosts_deny.md.erb CHANGED

@@ -2,7 +2,7 @@
 title: About the etc_hosts_deny Resource
 ---
-# etc_hosts_deny
+# etc\_hosts\_deny
 Use the `etc_hosts_deny` InSpec audit resource to test rules set to reject daemon and client traffic set in /etc/hosts.deny.

data/docs/resources/firewalld.md.erb CHANGED

@@ -102,3 +102,5 @@ The `be_running` matcher tests if the firewalld service is running:
 `have_rule_enabled` returns true or false if the rich-rule has been specified in the zone.
     it { should have_rule_enabled('family=ipv4 source address=192.168.0.14 accept', 'public') }
+It is not necessary to add the "rule" string, and you can start with the optional flags that are used in firewalld and end with the action

data/docs/resources/postgres_hba_conf.md.erb CHANGED

@@ -2,7 +2,7 @@
 title: About the postgres_hba_conf Resource
 ---
-# postgres_hba_conf
+# postgres\_hba\_conf
 Use the `postgres_hba_conf` InSpec audit resource to test the client authentication data defined in the pg_hba.conf file.

data/docs/resources/postgres_ident_conf.md.erb CHANGED

@@ -2,7 +2,7 @@
 title: About the postgres_ident_conf Resource
 ---
-# postgres_ident_conf
+# postgres\_ident\_conf
 Use the `postgres_ident_conf` InSpec audit resource to test the client authentication data defined in the pg_hba.conf file.

data/docs/resources/windows_hotfix.md.erb CHANGED

@@ -2,6 +2,8 @@
 title: About the windows_hotfix Resource
 ---
+# windows_hotfix
 Use the `windows_hotfix` InSpec audit resource to test if the hotfix has been installed on a Windows system.
 <br>

data/docs/resources/xml.md.erb CHANGED

@@ -21,9 +21,13 @@ An `xml` resource block declares the data to be tested. Assume the following XML
         <element>one</element>
         <element>two</element>
       </array>
+      <array>
+        <element value="one"></element>
+        <element value="two"></element>
+      </array>
     </root>
-This file can be queried using:
+This file can be queried for elements using:
     describe xml('/path/to/name.xml') do
       its('root/name') { should eq ['hello'] }
@@ -31,11 +35,21 @@ This file can be queried using:
       its('root/array[2]/element') { should eq ['two'] }
     end
+This file can be queried for attributes using:
+    describe xml('/path/to/name.xml') do
+      its('root/array[2]/element/@value') { should eq ['one', 'two'] }
+      its('root/array[2]/element/attribute::value') { should eq ['one', 'two'] }
+      its('root/array[2]/element[2]/attribute::value') { should eq ['two'] }
+    end
 where
-* `root/name` is an XPath expression
+* `root/name` and `root/array[2]/element/@value` is an XPath expression
 * `should eq ['foo']` tests a value of `root/name` as read from an XML file versus the value declared in the test
+In the above example, you see the use of `@` and `attribute::` which are both methods of fetching attributes.
 <br>
 In the event the path contains an element which contains periods, the alternate syntax can be used:
@@ -46,13 +60,17 @@ In the event the path contains an element which contains periods, the alternate
 The following examples show how to use this InSpec audit resource.
-### Test an AppPool's presence in an applicationHost.config file
+### Test an AppPool's presence in an applicationHost.config file or the default site under applicationHost.sites
     describe xml('applicationHost.config') do
       # using the alternate syntax as described above because of the . in the key name
       its(['configuration/system.applicationHost/applicationPools/add@name']) { should contain('my_pool') }
     end
+    describe xml('applicationHost.sites') do
+      its('site[@name="Default Web Site"]/application/virtualDirectory/@path') { should eq ['/'] }
+    end
 <br>
 ## Matchers

data/lib/inspec/metadata.rb CHANGED

@@ -56,7 +56,7 @@ module Inspec
     def inspec_requirement
       inspec_in_supports = params[:supports].find { |x| !x[:inspec].nil? }
       if inspec_in_supports
-        Inspec::Log.warn '[DEPRECATED] The use of inspec.yml `supports:inspec` is deprecated and will be removed in InSpec 2.0. Please use `inspec_version` instead.'
+        warn '[DEPRECATED] The use of inspec.yml `supports:inspec` is deprecated and will be removed in InSpec 2.0. Please use `inspec_version` instead.'
         Gem::Requirement.create(inspec_in_supports[:inspec])
       else
         # using Gem::Requirement here to allow nil values which

data/lib/inspec/version.rb CHANGED

@@ -4,5 +4,5 @@
 # author: Christoph Hartmann
 module Inspec
-  VERSION = '1.49.2'
+  VERSION = '1.50.1'
 end

data/lib/resources/firewalld.rb CHANGED

@@ -38,7 +38,7 @@ module Inspec::Resources
     filter.connect(self, :params)
     def initialize
-      return skip_resource 'The `etc_hosts_deny` resource is not supported on your OS.' unless inspec.os.linux?
+      return skip_resource 'The `firewalld` resource is not supported on your OS.' unless inspec.os.linux?
       @params = parse_active_zones(active_zones)
     end
@@ -85,8 +85,8 @@ module Inspec::Resources
     end
     def has_rule_enabled?(rule, query_zone = default_zone)
-      rule = 'rule ' + rule
-      firewalld_command("--zone=#{query_zone} --query-rich-rule=#{rule}") == 'yes'
+      rule = "rule #{rule}" unless rule.start_with?('rule')
+      firewalld_command("--zone=#{query_zone} --query-rich-rule='#{rule}'") == 'yes'
     end
     private

data/lib/resources/http.rb CHANGED

@@ -47,7 +47,7 @@ module Inspec::Resources
     end
     def headers
-      Hashie::Mash.new(@worker.response_headers)
+      @headers ||= Inspec::Resources::Http::Headers.create(@worker.response_headers)
     end
     def body
@@ -234,5 +234,19 @@ module Inspec::Resources
         end
       end
     end
+    class Headers < Hash
+      def self.create(header_data)
+        header_data.each_with_object(new) { |(k, v), memo| memo[k.to_s.downcase] = v }
+      end
+      def [](requested_key)
+        fetch(requested_key.downcase, nil)
+      end
+      def method_missing(requested_key)
+        fetch(requested_key.to_s.downcase, nil)
+      end
+    end
   end
 end

data/lib/resources/mssql_session.rb CHANGED

@@ -25,13 +25,13 @@ module Inspec::Resources
       # Passing no credentials to mssql_session forces it to use Windows authentication
       sql_windows_auth = mssql_session
-      describe sql.query(\"SELECT SERVERPROPERTY('IsIntegratedSecurityOnly') as \\\"login_mode\\\";\").row(0).column('login_mode') do
+      describe sql_windows_auth.query(\"SELECT SERVERPROPERTY('IsIntegratedSecurityOnly') as \\\"login_mode\\\";\").row(0).column('login_mode') do
         its('value') { should_not be_empty }
         its('value') { should cmp == 1 }
       end
     "
-    attr_reader :user, :password, :host
+    attr_reader :user, :password, :host, :port, :instance
     def initialize(opts = {})
       @user = opts[:user]
       @password = opts[:password] || opts[:pass]
@@ -39,12 +39,13 @@ module Inspec::Resources
         warn '[DEPRECATED] use `password` option to supply password instead of `pass`'
       end
       @host = opts[:host] || 'localhost'
+      @port = opts[:port] || '1433'
       @instance = opts[:instance]
       # check if sqlcmd is available
-      return skip_resource('sqlcmd is missing') if !inspec.command('sqlcmd').exist?
+      raise Inspec::Exceptions::ResourceSkipped, 'sqlcmd is missing' unless inspec.command('sqlcmd').exist?
       # check that database is reachable
-      return skip_resource("Can't connect to the MS SQL Server.") if !test_connection
+      raise Inspec::Exceptions::ResourceSkipped, "Can't connect to the MS SQL Server." unless test_connection
     end
     def query(q)
@@ -53,9 +54,9 @@ module Inspec::Resources
       cmd_string = "sqlcmd -Q \"set nocount on; #{escaped_query}\" -W -w 1024 -s ','"
       cmd_string += " -U '#{@user}' -P '#{@password}'" unless @user.nil? || @password.nil?
       if @instance.nil?
-        cmd_string += " -S '#{@host}'"
+        cmd_string += " -S '#{@host},#{@port}'"
       else
-        cmd_string += " -S '#{@host}\\#{@instance}'"
+        cmd_string += " -S '#{@host},#{@port}\\#{@instance}'"
       end
       cmd = inspec.command(cmd_string)
       out = cmd.stdout + "\n" + cmd.stderr

data/lib/resources/package.rb CHANGED

@@ -32,7 +32,7 @@ module Inspec::Resources
         @pkgman = Deb.new(inspec)
       elsif os.redhat? || %w{suse amazon fedora}.include?(os[:family])
         @pkgman = Rpm.new(inspec, opts)
-      elsif ['arch'].include?(os[:family])
+      elsif ['arch'].include?(os[:name])
         @pkgman = Pacman.new(inspec)
       elsif ['darwin'].include?(os[:family])
         @pkgman = Brew.new(inspec)
@@ -64,6 +64,10 @@ module Inspec::Resources
     # returns the package description
     def info
       return @cache if !@cache.nil?
+      # All `@pkgman.info` methods return `{}`. This matches that
+      # behavior if `@pkgman` can't be determined, thus avoiding the
+      # `undefined method 'info' for nil:NilClass` error
+      return {} if @pkgman.nil?
       @pkgman.info(@package_name)
     end

data/lib/resources/xml.rb CHANGED

@@ -20,7 +20,18 @@ module Inspec::Resources
     end
     def value(key)
-      REXML::XPath.each(@params, key.first.to_s).map(&:text)
+      output = []
+      REXML::XPath.each(@params, key.first.to_s) do |element|
+        if element.is_a?(REXML::Attribute)
+          output.push(element.to_s)
+        elsif element.is_a?(REXML::Element)
+          output.push(element.text)
+        else
+          raise Inspec::Exceptions::ResourceFailed, "Unknown XML object received (#{element.class}): #{element}"
+        end
+      end
+      output
     end
     private

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec
 version: !ruby/object:Gem::Version
-  version: 1.49.2
+  version: 1.50.1
 platform: ruby
 authors:
 - Dominik Richter
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-01-04 00:00:00.000000000 Z
+date: 2018-01-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: train