inspec 1.51.25 → 2.0.16

Sign up to get free protection for your applications and to get access to all the features.
Files changed (482) hide show
  1. checksums.yaml +4 -4
  2. data/.rubocop.yml +1 -1
  3. data/CHANGELOG.md +24 -19
  4. data/Gemfile +3 -1
  5. data/LICENSE +0 -0
  6. data/MAINTAINERS.md +0 -0
  7. data/MAINTAINERS.toml +0 -0
  8. data/README.md +22 -3
  9. data/Rakefile +117 -0
  10. data/docs/.gitignore +0 -0
  11. data/docs/README.md +0 -0
  12. data/docs/dsl_inspec.md +0 -0
  13. data/docs/dsl_resource.md +0 -0
  14. data/docs/glossary.md +0 -0
  15. data/docs/habitat.md +0 -0
  16. data/docs/inspec_and_friends.md +0 -0
  17. data/docs/matchers.md +0 -0
  18. data/docs/migration.md +0 -0
  19. data/docs/platforms.md +119 -0
  20. data/docs/plugin_kitchen_inspec.md +0 -0
  21. data/docs/profiles.md +0 -0
  22. data/docs/reporters.md +0 -0
  23. data/docs/resources/aide_conf.md.erb +6 -8
  24. data/docs/resources/apache.md.erb +2 -1
  25. data/docs/resources/apache_conf.md.erb +2 -1
  26. data/docs/resources/apt.md.erb +2 -1
  27. data/docs/resources/audit_policy.md.erb +3 -2
  28. data/docs/resources/auditd.md.erb +2 -1
  29. data/docs/resources/auditd_conf.md.erb +3 -3
  30. data/docs/resources/aws_cloudtrail_trail.md.erb +140 -0
  31. data/docs/resources/aws_cloudtrail_trails.md.erb +81 -0
  32. data/docs/resources/aws_cloudwatch_alarm.md.erb +86 -0
  33. data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +151 -0
  34. data/docs/resources/aws_ec2_instance.md.erb +106 -0
  35. data/docs/resources/aws_iam_access_key.md.erb +123 -0
  36. data/docs/resources/aws_iam_access_keys.md.erb +198 -0
  37. data/docs/resources/aws_iam_group.md.erb +46 -0
  38. data/docs/resources/aws_iam_groups.md.erb +43 -0
  39. data/docs/resources/aws_iam_password_policy.md.erb +76 -0
  40. data/docs/resources/aws_iam_policies.md.erb +82 -0
  41. data/docs/resources/aws_iam_policy.md.erb +146 -0
  42. data/docs/resources/aws_iam_role.md.erb +65 -0
  43. data/docs/resources/aws_iam_root_user.md.erb +58 -0
  44. data/docs/resources/aws_iam_user.md.erb +64 -0
  45. data/docs/resources/aws_iam_users.md.erb +90 -0
  46. data/docs/resources/aws_kms_keys.md.erb +84 -0
  47. data/docs/resources/aws_route_table.md.erb +47 -0
  48. data/docs/resources/aws_s3_bucket.md.erb +134 -0
  49. data/docs/resources/aws_security_group.md.erb +152 -0
  50. data/docs/resources/aws_security_groups.md.erb +92 -0
  51. data/docs/resources/aws_sns_topic.md.erb +63 -0
  52. data/docs/resources/aws_subnet.md.erb +134 -0
  53. data/docs/resources/aws_subnets.md.erb +126 -0
  54. data/docs/resources/aws_vpc.md.erb +120 -0
  55. data/docs/resources/aws_vpcs.md.erb +48 -0
  56. data/docs/resources/azure_generic_resource.md.erb +140 -0
  57. data/docs/resources/azure_resource_group.md.erb +284 -0
  58. data/docs/resources/azure_virtual_machine.md.erb +314 -0
  59. data/docs/resources/azure_virtual_machine_data_disk.md.erb +182 -0
  60. data/docs/resources/bash.md.erb +2 -1
  61. data/docs/resources/bond.md.erb +2 -1
  62. data/docs/resources/bridge.md.erb +5 -2
  63. data/docs/resources/bsd_service.md.erb +3 -1
  64. data/docs/resources/command.md.erb +2 -1
  65. data/docs/resources/cpan.md.erb +4 -3
  66. data/docs/resources/cran.md.erb +2 -1
  67. data/docs/resources/crontab.md.erb +2 -1
  68. data/docs/resources/csv.md.erb +2 -1
  69. data/docs/resources/dh_params.md.erb +2 -1
  70. data/docs/resources/directory.md.erb +4 -2
  71. data/docs/resources/docker.md.erb +2 -1
  72. data/docs/resources/docker_container.md.erb +5 -2
  73. data/docs/resources/docker_image.md.erb +2 -1
  74. data/docs/resources/docker_service.md.erb +2 -1
  75. data/docs/resources/elasticsearch.md.erb +12 -1
  76. data/docs/resources/etc_fstab.md.erb +2 -1
  77. data/docs/resources/etc_group.md.erb +2 -1
  78. data/docs/resources/etc_hosts.md.erb +4 -1
  79. data/docs/resources/etc_hosts_allow.md.erb +2 -1
  80. data/docs/resources/etc_hosts_deny.md.erb +2 -1
  81. data/docs/resources/file.md.erb +6 -3
  82. data/docs/resources/filesystem.md.erb +2 -1
  83. data/docs/resources/firewalld.md.erb +4 -3
  84. data/docs/resources/gem.md.erb +2 -1
  85. data/docs/resources/group.md.erb +2 -1
  86. data/docs/resources/grub_conf.md.erb +2 -2
  87. data/docs/resources/host.md.erb +2 -1
  88. data/docs/resources/http.md.erb +4 -7
  89. data/docs/resources/iis_app.md.erb +3 -1
  90. data/docs/resources/iis_site.md.erb +4 -1
  91. data/docs/resources/inetd_conf.md.erb +2 -3
  92. data/docs/resources/ini.md.erb +6 -2
  93. data/docs/resources/interface.md.erb +5 -2
  94. data/docs/resources/iptables.md.erb +2 -1
  95. data/docs/resources/json.md.erb +2 -1
  96. data/docs/resources/kernel_module.md.erb +2 -1
  97. data/docs/resources/kernel_parameter.md.erb +3 -3
  98. data/docs/resources/key_rsa.md.erb +5 -3
  99. data/docs/resources/launchd_service.md.erb +2 -1
  100. data/docs/resources/limits_conf.md.erb +4 -2
  101. data/docs/resources/login_def.md.erb +2 -2
  102. data/docs/resources/mount.md.erb +2 -1
  103. data/docs/resources/mssql_session.md.erb +2 -1
  104. data/docs/resources/mysql_conf.md.erb +2 -1
  105. data/docs/resources/mysql_session.md.erb +2 -1
  106. data/docs/resources/nginx.md.erb +1 -0
  107. data/docs/resources/nginx_conf.md.erb +2 -1
  108. data/docs/resources/npm.md.erb +2 -1
  109. data/docs/resources/ntp_conf.md.erb +2 -1
  110. data/docs/resources/oneget.md.erb +2 -1
  111. data/docs/resources/oracledb_session.md.erb +2 -1
  112. data/docs/resources/os.md.erb +4 -3
  113. data/docs/resources/os_env.md.erb +2 -1
  114. data/docs/resources/package.md.erb +3 -2
  115. data/docs/resources/packages.md.erb +2 -1
  116. data/docs/resources/parse_config.md.erb +2 -1
  117. data/docs/resources/parse_config_file.md.erb +3 -2
  118. data/docs/resources/passwd.md.erb +2 -1
  119. data/docs/resources/pip.md.erb +2 -1
  120. data/docs/resources/port.md.erb +2 -1
  121. data/docs/resources/postgres_conf.md.erb +2 -1
  122. data/docs/resources/postgres_hba_conf.md.erb +2 -1
  123. data/docs/resources/postgres_ident_conf.md.erb +2 -1
  124. data/docs/resources/postgres_session.md.erb +2 -1
  125. data/docs/resources/powershell.md.erb +2 -1
  126. data/docs/resources/processes.md.erb +3 -1
  127. data/docs/resources/rabbitmq_config.md.erb +2 -1
  128. data/docs/resources/registry_key.md.erb +2 -1
  129. data/docs/resources/runit_service.md.erb +2 -1
  130. data/docs/resources/security_policy.md.erb +2 -1
  131. data/docs/resources/service.md.erb +2 -1
  132. data/docs/resources/shadow.md.erb +2 -1
  133. data/docs/resources/ssh_config.md.erb +2 -1
  134. data/docs/resources/sshd_config.md.erb +2 -1
  135. data/docs/resources/ssl.md.erb +2 -1
  136. data/docs/resources/sys_info.md.erb +2 -1
  137. data/docs/resources/systemd_service.md.erb +2 -1
  138. data/docs/resources/sysv_service.md.erb +2 -1
  139. data/docs/resources/upstart_service.md.erb +2 -1
  140. data/docs/resources/user.md.erb +3 -1
  141. data/docs/resources/users.md.erb +2 -1
  142. data/docs/resources/vbscript.md.erb +2 -1
  143. data/docs/resources/virtualization.md.erb +2 -1
  144. data/docs/resources/windows_feature.md.erb +2 -1
  145. data/docs/resources/windows_hotfix.md.erb +2 -1
  146. data/docs/resources/windows_task.md.erb +49 -43
  147. data/docs/resources/wmi.md.erb +2 -1
  148. data/docs/resources/x509_certificate.md.erb +1 -0
  149. data/docs/resources/xinetd_conf.md.erb +2 -1
  150. data/docs/resources/xml.md.erb +2 -1
  151. data/docs/resources/yaml.md.erb +2 -1
  152. data/docs/resources/yum.md.erb +2 -1
  153. data/docs/resources/zfs_dataset.md.erb +2 -1
  154. data/docs/resources/zfs_pool.md.erb +2 -1
  155. data/docs/ruby_usage.md +0 -0
  156. data/docs/shared/matcher_be.md.erb +0 -0
  157. data/docs/shared/matcher_cmp.md.erb +0 -0
  158. data/docs/shared/matcher_eq.md.erb +0 -0
  159. data/docs/shared/matcher_include.md.erb +0 -0
  160. data/docs/shared/matcher_match.md.erb +0 -0
  161. data/docs/shell.md +0 -0
  162. data/examples/README.md +0 -0
  163. data/examples/inheritance/README.md +0 -0
  164. data/examples/inheritance/controls/example.rb +0 -0
  165. data/examples/inheritance/inspec.yml +0 -0
  166. data/examples/kitchen-ansible/.kitchen.yml +0 -0
  167. data/examples/kitchen-ansible/Gemfile +0 -0
  168. data/examples/kitchen-ansible/README.md +0 -0
  169. data/examples/kitchen-ansible/files/nginx.repo +0 -0
  170. data/examples/kitchen-ansible/tasks/main.yml +0 -0
  171. data/examples/kitchen-ansible/test/integration/default/default.yml +0 -0
  172. data/examples/kitchen-ansible/test/integration/default/web_spec.rb +0 -0
  173. data/examples/kitchen-chef/.kitchen.yml +0 -0
  174. data/examples/kitchen-chef/Berksfile +0 -0
  175. data/examples/kitchen-chef/Gemfile +0 -0
  176. data/examples/kitchen-chef/README.md +0 -0
  177. data/examples/kitchen-chef/metadata.rb +0 -0
  178. data/examples/kitchen-chef/recipes/default.rb +0 -0
  179. data/examples/kitchen-chef/recipes/nginx.rb +0 -0
  180. data/examples/kitchen-chef/test/integration/default/web_spec.rb +0 -0
  181. data/examples/kitchen-puppet/.kitchen.yml +0 -0
  182. data/examples/kitchen-puppet/Gemfile +0 -0
  183. data/examples/kitchen-puppet/Puppetfile +0 -0
  184. data/examples/kitchen-puppet/README.md +0 -0
  185. data/examples/kitchen-puppet/manifests/site.pp +0 -0
  186. data/examples/kitchen-puppet/metadata.json +0 -0
  187. data/examples/kitchen-puppet/test/integration/default/web_spec.rb +0 -0
  188. data/examples/meta-profile/README.md +0 -0
  189. data/examples/meta-profile/controls/example.rb +0 -0
  190. data/examples/meta-profile/inspec.yml +0 -0
  191. data/examples/profile-attribute.yml +0 -0
  192. data/examples/profile-attribute/README.md +0 -0
  193. data/examples/profile-attribute/controls/example.rb +0 -0
  194. data/examples/profile-attribute/inspec.yml +0 -0
  195. data/examples/profile-aws/controls/iam_password_policy_expiration.rb +8 -0
  196. data/examples/profile-aws/controls/iam_password_policy_max_age.rb +8 -0
  197. data/examples/profile-aws/controls/iam_root_user_mfa.rb +8 -0
  198. data/examples/profile-aws/controls/iam_users_access_key_age.rb +8 -0
  199. data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +8 -0
  200. data/examples/profile-aws/inspec.yml +11 -0
  201. data/examples/profile-azure/controls/azure_resource_group_example.rb +24 -0
  202. data/examples/profile-azure/controls/azure_vm_example.rb +29 -0
  203. data/examples/profile-azure/inspec.yml +11 -0
  204. data/examples/profile-sensitive/README.md +0 -0
  205. data/examples/profile-sensitive/controls/sensitive-failures.rb +0 -0
  206. data/examples/profile-sensitive/controls/sensitive.rb +0 -0
  207. data/examples/profile-sensitive/inspec.yml +0 -0
  208. data/examples/profile/README.md +0 -0
  209. data/examples/profile/controls/example.rb +0 -0
  210. data/examples/profile/controls/gordon.rb +0 -0
  211. data/examples/profile/controls/meta.rb +0 -0
  212. data/examples/profile/inspec.yml +0 -0
  213. data/examples/profile/libraries/gordon_config.rb +0 -0
  214. data/inspec.gemspec +1 -1
  215. data/lib/bundles/README.md +0 -0
  216. data/lib/bundles/inspec-artifact.rb +0 -0
  217. data/lib/bundles/inspec-artifact/README.md +0 -0
  218. data/lib/bundles/inspec-artifact/cli.rb +0 -0
  219. data/lib/bundles/inspec-compliance.rb +0 -0
  220. data/lib/bundles/inspec-compliance/.kitchen.yml +0 -0
  221. data/lib/bundles/inspec-compliance/README.md +0 -0
  222. data/lib/bundles/inspec-compliance/api/login.rb +0 -0
  223. data/lib/bundles/inspec-compliance/bootstrap.sh +0 -0
  224. data/lib/bundles/inspec-compliance/cli.rb +12 -35
  225. data/lib/bundles/inspec-compliance/configuration.rb +0 -0
  226. data/lib/bundles/inspec-compliance/http.rb +0 -0
  227. data/lib/bundles/inspec-compliance/images/cc-token.png +0 -0
  228. data/lib/bundles/inspec-compliance/support.rb +0 -0
  229. data/lib/bundles/inspec-compliance/target.rb +0 -0
  230. data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +0 -0
  231. data/lib/bundles/inspec-habitat.rb +0 -0
  232. data/lib/bundles/inspec-habitat/cli.rb +0 -0
  233. data/lib/bundles/inspec-habitat/log.rb +0 -0
  234. data/lib/bundles/inspec-habitat/profile.rb +0 -0
  235. data/lib/bundles/inspec-init.rb +0 -0
  236. data/lib/bundles/inspec-init/README.md +0 -0
  237. data/lib/bundles/inspec-init/cli.rb +0 -0
  238. data/lib/bundles/inspec-init/templates/profile/README.md +0 -0
  239. data/lib/bundles/inspec-init/templates/profile/controls/example.rb +1 -1
  240. data/lib/bundles/inspec-init/templates/profile/inspec.yml +0 -0
  241. data/lib/bundles/inspec-init/templates/profile/libraries/.gitkeep +0 -0
  242. data/lib/bundles/inspec-supermarket.rb +0 -0
  243. data/lib/bundles/inspec-supermarket/README.md +0 -0
  244. data/lib/bundles/inspec-supermarket/api.rb +0 -0
  245. data/lib/bundles/inspec-supermarket/cli.rb +11 -3
  246. data/lib/bundles/inspec-supermarket/target.rb +0 -0
  247. data/lib/fetchers/git.rb +0 -0
  248. data/lib/fetchers/local.rb +0 -0
  249. data/lib/fetchers/mock.rb +0 -0
  250. data/lib/fetchers/url.rb +0 -0
  251. data/lib/inspec.rb +0 -0
  252. data/lib/inspec/archive/tar.rb +0 -0
  253. data/lib/inspec/archive/zip.rb +0 -0
  254. data/lib/inspec/backend.rb +0 -0
  255. data/lib/inspec/base_cli.rb +2 -4
  256. data/lib/inspec/cached_fetcher.rb +0 -0
  257. data/lib/inspec/cli.rb +15 -11
  258. data/lib/inspec/completions/bash.sh.erb +0 -0
  259. data/lib/inspec/completions/fish.sh.erb +0 -0
  260. data/lib/inspec/completions/zsh.sh.erb +0 -0
  261. data/lib/inspec/control_eval_context.rb +0 -0
  262. data/lib/inspec/dependencies/cache.rb +0 -0
  263. data/lib/inspec/dependencies/dependency_set.rb +0 -0
  264. data/lib/inspec/dependencies/lockfile.rb +0 -0
  265. data/lib/inspec/dependencies/requirement.rb +0 -0
  266. data/lib/inspec/dependencies/resolver.rb +0 -0
  267. data/lib/inspec/describe.rb +0 -0
  268. data/lib/inspec/dsl.rb +0 -0
  269. data/lib/inspec/dsl_shared.rb +0 -0
  270. data/lib/inspec/env_printer.rb +0 -0
  271. data/lib/inspec/errors.rb +0 -0
  272. data/lib/inspec/exceptions.rb +0 -0
  273. data/lib/inspec/expect.rb +0 -0
  274. data/lib/inspec/fetcher.rb +0 -0
  275. data/lib/inspec/file_provider.rb +0 -0
  276. data/lib/inspec/formatters.rb +0 -0
  277. data/lib/inspec/formatters/base.rb +43 -1
  278. data/lib/inspec/formatters/json_rspec.rb +0 -0
  279. data/lib/inspec/formatters/show_progress.rb +0 -0
  280. data/lib/inspec/library_eval_context.rb +0 -0
  281. data/lib/inspec/log.rb +0 -0
  282. data/lib/inspec/metadata.rb +3 -9
  283. data/lib/inspec/method_source.rb +0 -0
  284. data/lib/inspec/objects.rb +0 -0
  285. data/lib/inspec/objects/attribute.rb +0 -0
  286. data/lib/inspec/objects/control.rb +0 -0
  287. data/lib/inspec/objects/describe.rb +0 -0
  288. data/lib/inspec/objects/each_loop.rb +0 -0
  289. data/lib/inspec/objects/list.rb +0 -0
  290. data/lib/inspec/objects/or_test.rb +0 -0
  291. data/lib/inspec/objects/ruby_helper.rb +0 -0
  292. data/lib/inspec/objects/tag.rb +0 -0
  293. data/lib/inspec/objects/test.rb +0 -0
  294. data/lib/inspec/objects/value.rb +0 -0
  295. data/lib/inspec/plugins.rb +0 -0
  296. data/lib/inspec/plugins/cli.rb +0 -0
  297. data/lib/inspec/plugins/fetcher.rb +0 -0
  298. data/lib/inspec/plugins/resource.rb +10 -9
  299. data/lib/inspec/plugins/secret.rb +0 -0
  300. data/lib/inspec/plugins/source_reader.rb +0 -0
  301. data/lib/inspec/polyfill.rb +0 -0
  302. data/lib/inspec/profile.rb +0 -0
  303. data/lib/inspec/profile_context.rb +0 -0
  304. data/lib/inspec/profile_vendor.rb +0 -0
  305. data/lib/inspec/reporters.rb +0 -0
  306. data/lib/inspec/reporters/base.rb +0 -0
  307. data/lib/inspec/reporters/cli.rb +12 -51
  308. data/lib/inspec/reporters/json.rb +3 -26
  309. data/lib/inspec/reporters/json_min.rb +0 -0
  310. data/lib/inspec/reporters/junit.rb +0 -0
  311. data/lib/inspec/require_loader.rb +0 -0
  312. data/lib/inspec/resource.rb +11 -1
  313. data/lib/inspec/rule.rb +0 -0
  314. data/lib/inspec/runner.rb +10 -8
  315. data/lib/inspec/runner_mock.rb +0 -0
  316. data/lib/inspec/runner_rspec.rb +18 -2
  317. data/lib/inspec/runtime_profile.rb +0 -0
  318. data/lib/inspec/schema.rb +25 -4
  319. data/lib/inspec/secrets.rb +0 -0
  320. data/lib/inspec/secrets/yaml.rb +0 -0
  321. data/lib/inspec/shell.rb +0 -0
  322. data/lib/inspec/shell_detector.rb +0 -0
  323. data/lib/inspec/source_reader.rb +0 -0
  324. data/lib/inspec/version.rb +1 -1
  325. data/lib/matchers/matchers.rb +1 -59
  326. data/lib/resource_support/aws.rb +40 -0
  327. data/lib/resource_support/aws/aws_backend_base.rb +12 -0
  328. data/lib/resource_support/aws/aws_backend_factory_mixin.rb +12 -0
  329. data/lib/resource_support/aws/aws_plural_resource_mixin.rb +21 -0
  330. data/lib/resource_support/aws/aws_resource_mixin.rb +66 -0
  331. data/lib/resource_support/aws/aws_singular_resource_mixin.rb +24 -0
  332. data/lib/resources/aide_conf.rb +1 -1
  333. data/lib/resources/apache.rb +1 -2
  334. data/lib/resources/apache_conf.rb +2 -4
  335. data/lib/resources/apt.rb +1 -2
  336. data/lib/resources/audit_policy.rb +1 -2
  337. data/lib/resources/auditd.rb +1 -3
  338. data/lib/resources/auditd_conf.rb +1 -2
  339. data/lib/resources/aws/aws_cloudtrail_trail.rb +77 -0
  340. data/lib/resources/aws/aws_cloudtrail_trails.rb +47 -0
  341. data/lib/resources/aws/aws_cloudwatch_alarm.rb +62 -0
  342. data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +100 -0
  343. data/lib/resources/aws/aws_ec2_instance.rb +157 -0
  344. data/lib/resources/aws/aws_iam_access_key.rb +106 -0
  345. data/lib/resources/aws/aws_iam_access_keys.rb +144 -0
  346. data/lib/resources/aws/aws_iam_group.rb +56 -0
  347. data/lib/resources/aws/aws_iam_groups.rb +45 -0
  348. data/lib/resources/aws/aws_iam_password_policy.rb +116 -0
  349. data/lib/resources/aws/aws_iam_policies.rb +46 -0
  350. data/lib/resources/aws/aws_iam_policy.rb +119 -0
  351. data/lib/resources/aws/aws_iam_role.rb +51 -0
  352. data/lib/resources/aws/aws_iam_root_user.rb +60 -0
  353. data/lib/resources/aws/aws_iam_user.rb +111 -0
  354. data/lib/resources/aws/aws_iam_users.rb +96 -0
  355. data/lib/resources/aws/aws_kms_keys.rb +46 -0
  356. data/lib/resources/aws/aws_route_table.rb +61 -0
  357. data/lib/resources/aws/aws_s3_bucket.rb +115 -0
  358. data/lib/resources/aws/aws_security_group.rb +93 -0
  359. data/lib/resources/aws/aws_security_groups.rb +68 -0
  360. data/lib/resources/aws/aws_sns_topic.rb +53 -0
  361. data/lib/resources/aws/aws_subnet.rb +88 -0
  362. data/lib/resources/aws/aws_subnets.rb +53 -0
  363. data/lib/resources/aws/aws_vpc.rb +69 -0
  364. data/lib/resources/aws/aws_vpcs.rb +45 -0
  365. data/lib/resources/azure/azure_backend.rb +377 -0
  366. data/lib/resources/azure/azure_generic_resource.rb +59 -0
  367. data/lib/resources/azure/azure_resource_group.rb +152 -0
  368. data/lib/resources/azure/azure_virtual_machine.rb +264 -0
  369. data/lib/resources/azure/azure_virtual_machine_data_disk.rb +136 -0
  370. data/lib/resources/bash.rb +1 -2
  371. data/lib/resources/bond.rb +1 -2
  372. data/lib/resources/bridge.rb +1 -2
  373. data/lib/resources/command.rb +2 -2
  374. data/lib/resources/cpan.rb +1 -3
  375. data/lib/resources/cran.rb +1 -3
  376. data/lib/resources/crontab.rb +1 -0
  377. data/lib/resources/csv.rb +4 -2
  378. data/lib/resources/dh_params.rb +1 -2
  379. data/lib/resources/directory.rb +2 -2
  380. data/lib/resources/docker.rb +1 -4
  381. data/lib/resources/docker_container.rb +1 -4
  382. data/lib/resources/docker_image.rb +1 -4
  383. data/lib/resources/docker_object.rb +0 -0
  384. data/lib/resources/docker_service.rb +1 -5
  385. data/lib/resources/elasticsearch.rb +1 -0
  386. data/lib/resources/etc_fstab.rb +1 -1
  387. data/lib/resources/etc_group.rb +1 -2
  388. data/lib/resources/etc_hosts.rb +1 -1
  389. data/lib/resources/etc_hosts_allow_deny.rb +2 -1
  390. data/lib/resources/file.rb +2 -2
  391. data/lib/resources/filesystem.rb +1 -1
  392. data/lib/resources/firewalld.rb +1 -1
  393. data/lib/resources/gem.rb +2 -3
  394. data/lib/resources/groups.rb +4 -2
  395. data/lib/resources/grub_conf.rb +1 -1
  396. data/lib/resources/host.rb +2 -2
  397. data/lib/resources/http.rb +20 -22
  398. data/lib/resources/iis_app.rb +1 -0
  399. data/lib/resources/iis_site.rb +1 -0
  400. data/lib/resources/inetd_conf.rb +1 -2
  401. data/lib/resources/ini.rb +2 -2
  402. data/lib/resources/interface.rb +2 -3
  403. data/lib/resources/iptables.rb +1 -2
  404. data/lib/resources/json.rb +4 -2
  405. data/lib/resources/kernel_module.rb +1 -4
  406. data/lib/resources/kernel_parameter.rb +1 -1
  407. data/lib/resources/key_rsa.rb +2 -2
  408. data/lib/resources/limits_conf.rb +1 -2
  409. data/lib/resources/login_def.rb +1 -2
  410. data/lib/resources/mount.rb +1 -3
  411. data/lib/resources/mssql_session.rb +1 -3
  412. data/lib/resources/mysql.rb +1 -2
  413. data/lib/resources/mysql_conf.rb +2 -1
  414. data/lib/resources/mysql_session.rb +2 -3
  415. data/lib/resources/nginx.rb +1 -2
  416. data/lib/resources/nginx_conf.rb +1 -2
  417. data/lib/resources/npm.rb +2 -2
  418. data/lib/resources/ntp_conf.rb +1 -2
  419. data/lib/resources/oneget.rb +1 -2
  420. data/lib/resources/oracledb_session.rb +2 -3
  421. data/lib/resources/os.rb +2 -12
  422. data/lib/resources/os_env.rb +2 -2
  423. data/lib/resources/package.rb +2 -2
  424. data/lib/resources/packages.rb +1 -2
  425. data/lib/resources/parse_config.rb +2 -2
  426. data/lib/resources/passwd.rb +1 -23
  427. data/lib/resources/pip.rb +2 -2
  428. data/lib/resources/platform.rb +19 -22
  429. data/lib/resources/port.rb +2 -2
  430. data/lib/resources/postgres.rb +1 -3
  431. data/lib/resources/postgres_conf.rb +2 -3
  432. data/lib/resources/postgres_hba_conf.rb +1 -2
  433. data/lib/resources/postgres_ident_conf.rb +1 -2
  434. data/lib/resources/postgres_session.rb +2 -3
  435. data/lib/resources/powershell.rb +1 -2
  436. data/lib/resources/processes.rb +2 -2
  437. data/lib/resources/rabbitmq_conf.rb +1 -2
  438. data/lib/resources/registry_key.rb +1 -1
  439. data/lib/resources/security_policy.rb +1 -2
  440. data/lib/resources/service.rb +8 -3
  441. data/lib/resources/shadow.rb +1 -2
  442. data/lib/resources/ssh_conf.rb +2 -2
  443. data/lib/resources/ssl.rb +2 -2
  444. data/lib/resources/sys_info.rb +2 -0
  445. data/lib/resources/toml.rb +0 -0
  446. data/lib/resources/users.rb +4 -2
  447. data/lib/resources/vbscript.rb +1 -2
  448. data/lib/resources/virtualization.rb +1 -1
  449. data/lib/resources/windows_feature.rb +1 -2
  450. data/lib/resources/windows_hotfix.rb +1 -1
  451. data/lib/resources/windows_task.rb +1 -2
  452. data/lib/resources/wmi.rb +1 -2
  453. data/lib/resources/x509_certificate.rb +2 -2
  454. data/lib/resources/xinetd.rb +1 -2
  455. data/lib/resources/xml.rb +2 -1
  456. data/lib/resources/yaml.rb +4 -2
  457. data/lib/resources/yum.rb +1 -2
  458. data/lib/resources/zfs_dataset.rb +1 -1
  459. data/lib/resources/zfs_pool.rb +1 -1
  460. data/lib/source_readers/flat.rb +0 -0
  461. data/lib/source_readers/inspec.rb +0 -0
  462. data/lib/utils/command_wrapper.rb +0 -0
  463. data/lib/utils/convert.rb +0 -0
  464. data/lib/utils/database_helpers.rb +0 -0
  465. data/lib/utils/erlang_parser.rb +0 -0
  466. data/lib/utils/filter.rb +0 -0
  467. data/lib/utils/filter_array.rb +0 -0
  468. data/lib/utils/find_files.rb +0 -0
  469. data/lib/utils/hash.rb +0 -0
  470. data/lib/utils/json_log.rb +0 -0
  471. data/lib/utils/latest_version.rb +0 -0
  472. data/lib/utils/modulator.rb +0 -0
  473. data/lib/utils/nginx_parser.rb +0 -0
  474. data/lib/utils/object_traversal.rb +0 -0
  475. data/lib/utils/parser.rb +0 -0
  476. data/lib/utils/plugin_registry.rb +0 -0
  477. data/lib/utils/simpleconfig.rb +0 -12
  478. data/lib/utils/spdx.rb +0 -0
  479. data/lib/utils/spdx.txt +0 -0
  480. metadata +81 -6
  481. data/docs/resources/auditd_rules.md.erb +0 -116
  482. data/lib/resources/auditd_rules.rb +0 -205
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 989b25f3c8ed378cf7ec3580045812b39866fb60
4
- data.tar.gz: e84c1fc487dedd86208c9a0ff1802f05e416b4eb
3
+ metadata.gz: e7923a9284d909a94f986218ff9f89f5241b5952
4
+ data.tar.gz: e19fc206a4c814a51d24d56902b1a32b63c8a173
5
5
  SHA512:
6
- metadata.gz: c5692520e23adfaccc539648a4a6a45574500a5f416d69d11fdf815cc2aeccd1022e48e4b6037818418c44429f2271bd7204250763eb66d8f8e2df024b50905e
7
- data.tar.gz: 3ffa101802b8512979e14d6d9fd4578219caf589fdd4ee82704cfe78ff0c92bbaf36e1da988fe805111c48256d8d67f3d603da1eff37566a17cf1a1d78c16721
6
+ metadata.gz: 4e2cb5db850d22b7fba377bc6845e296fc5da8b22dd37b873dd6693a6fe564f2e84e2b2c20c5b8e041714972280ae74da02ff61703298b7a5647d39f48fd66dd
7
+ data.tar.gz: a71bab78912c612c454ddf3deb5d053bb5e3c61e1c4838594ba4d8d09feffd5813dd1f20e3cee90c38100717982f11ba3a8652d9b19a2974fdf215de6d9a1382
@@ -8,7 +8,7 @@ AllCops:
8
8
  - 'examples/**/*'
9
9
  - 'vendor/**/*'
10
10
  - 'lib/bundles/inspec-init/templates/**/*'
11
- - 'www/tutorial/**/*'
11
+ - 'www/demo/**/*'
12
12
  AlignParameters:
13
13
  Enabled: true
14
14
  BlockDelimiters:
@@ -1,39 +1,44 @@
1
1
  # Change Log
2
2
  <!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
3
- <!-- latest_release 1.51.25 -->
4
- ## [v1.51.25](https://github.com/chef/inspec/tree/v1.51.25) (2018-05-10)
3
+ <!-- latest_release 2.0.16 -->
4
+ ## [v2.0.16](https://github.com/chef/inspec/tree/v2.0.16) (2018-02-20)
5
5
 
6
6
  #### Merged Pull Requests
7
- - Backport ci verify scripts [#3038](https://github.com/chef/inspec/pull/3038) ([miah](https://github.com/miah))
7
+ - HM Mobile IE [#2705](https://github.com/chef/inspec/pull/2705) ([hannah-radish](https://github.com/hannah-radish))
8
8
  <!-- latest_release -->
9
9
 
10
- <!-- release_rollup since=1.51.21 -->
11
- ### Changes since 1.51.21 release
12
-
13
- #### Bug Fixes
14
- - Allow the depends key to be exposed in json profiles report 1.x [#3035](https://github.com/chef/inspec/pull/3035) ([jquick](https://github.com/jquick)) <!-- 1.51.24 -->
10
+ <!-- release_rollup since=1.51.18 -->
11
+ ### Changes since 1.51.18 release
15
12
 
16
13
  #### Merged Pull Requests
17
- - Backport ci verify scripts [#3038](https://github.com/chef/inspec/pull/3038) ([miah](https://github.com/miah)) <!-- 1.51.25 -->
18
- - cmp should recognise a string being a negative int (#3007) [#3012](https://github.com/chef/inspec/pull/3012) ([james-stocks](https://github.com/james-stocks)) <!-- 1.51.23 -->
19
- - 1.x - Adjust version test to allow for inspec 2.x being available [#3015](https://github.com/chef/inspec/pull/3015) ([james-stocks](https://github.com/james-stocks)) <!-- 1.51.22 -->
14
+ - HM Mobile IE [#2705](https://github.com/chef/inspec/pull/2705) ([hannah-radish](https://github.com/hannah-radish)) <!-- 2.0.16 -->
15
+ - move /tutorial to /demo [#2700](https://github.com/chef/inspec/pull/2700) ([arlimus](https://github.com/arlimus)) <!-- 2.0.15 -->
16
+ - HM website optimization [#2699](https://github.com/chef/inspec/pull/2699) ([hannah-radish](https://github.com/hannah-radish)) <!-- 2.0.14 -->
17
+ - www: fix sidebar stickiness [#2698](https://github.com/chef/inspec/pull/2698) ([arlimus](https://github.com/arlimus)) <!-- 2.0.13 -->
18
+ - Add correct `supports platform` to resources. [#2674](https://github.com/chef/inspec/pull/2674) ([miah](https://github.com/miah)) <!-- 2.0.12 -->
19
+ - Fix legacy reporter output to file [#2667](https://github.com/chef/inspec/pull/2667) ([jquick](https://github.com/jquick)) <!-- 2.0.11 -->
20
+ - Add example profiles for AWS/Azure [#2680](https://github.com/chef/inspec/pull/2680) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 2.0.10 -->
21
+ - Revert download button [#2684](https://github.com/chef/inspec/pull/2684) ([hannah-radish](https://github.com/hannah-radish)) <!-- 2.0.9 -->
22
+ - Hannah Review1 [#2683](https://github.com/chef/inspec/pull/2683) ([hannah-radish](https://github.com/hannah-radish)) <!-- 2.0.8 -->
23
+ - Capture ArgumentErrors from aws. [#2673](https://github.com/chef/inspec/pull/2673) ([jquick](https://github.com/jquick)) <!-- 2.0.7 -->
24
+ - Fix bundle exec calls [#2670](https://github.com/chef/inspec/pull/2670) ([jquick](https://github.com/jquick)) <!-- 2.0.6 -->
25
+ - Fixes merge conflict messages [#2677](https://github.com/chef/inspec/pull/2677) ([kagarmoe](https://github.com/kagarmoe)) <!-- 2.0.5 -->
26
+ - Add `Release:` to AWS `inspec detect` example [#2672](https://github.com/chef/inspec/pull/2672) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 2.0.4 -->
27
+ - Remove duplicated encryption key test. [#2671](https://github.com/chef/inspec/pull/2671) ([juliandunn](https://github.com/juliandunn)) <!-- 2.0.3 -->
28
+ - Prevent resources from loading if supports check fails [#2665](https://github.com/chef/inspec/pull/2665) ([jquick](https://github.com/jquick)) <!-- 2.0.2 -->
29
+ - Add in release-2.0 changes to master [#2655](https://github.com/chef/inspec/pull/2655) ([jquick](https://github.com/jquick)) <!-- 2.0.1 -->
30
+ - package resource: Fix Windows package detection [#2624](https://github.com/chef/inspec/pull/2624) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.51.20 -->
31
+ - Fix the /private/var osx issue causing functional tests to fail [#2616](https://github.com/chef/inspec/pull/2616) ([jquick](https://github.com/jquick)) <!-- 1.51.19 -->
20
32
  <!-- release_rollup -->
21
33
 
22
34
  <!-- latest_stable_release -->
23
- ## [v1.51.21](https://github.com/chef/inspec/tree/v1.51.21) (2018-02-20)
24
-
25
- #### Merged Pull Requests
26
- - Fix the /private/var osx issue causing functional tests to fail [#2616](https://github.com/chef/inspec/pull/2616) ([jquick](https://github.com/jquick))
27
- - package resource: Fix Windows package detection [#2624](https://github.com/chef/inspec/pull/2624) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
28
- - Fix legacy reporter output to file (inspec-v1.x) [#2689](https://github.com/chef/inspec/pull/2689) ([jquick](https://github.com/jquick))
29
- <!-- latest_stable_release -->
30
-
31
35
  ## [v1.51.18](https://github.com/chef/inspec/tree/v1.51.18) (2018-02-12)
32
36
 
33
37
  #### Merged Pull Requests
34
38
  - Force a default reporter for ad-hoc runners [#2610](https://github.com/chef/inspec/pull/2610) ([jquick](https://github.com/jquick))
35
39
  - Allow ad-hoc runners to use rspec formats. [#2621](https://github.com/chef/inspec/pull/2621) ([jquick](https://github.com/jquick))
36
40
  - Add json fields to schema and add tests. [#2618](https://github.com/chef/inspec/pull/2618) ([jquick](https://github.com/jquick))
41
+ <!-- latest_stable_release -->
37
42
 
38
43
  ## [v1.51.15](https://github.com/chef/inspec/tree/v1.51.15) (2018-02-09)
39
44
 
data/Gemfile CHANGED
@@ -8,6 +8,7 @@ if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.2.2')
8
8
  end
9
9
 
10
10
  gem 'ffi', '>= 1.9.14'
11
+ gem 'aws-sdk', '~> 2'
11
12
 
12
13
  group :test do
13
14
  gem 'bundler', '~> 1.5'
@@ -15,11 +16,12 @@ group :test do
15
16
  gem 'rake', '>= 10'
16
17
  gem 'rubocop', '= 0.49.1'
17
18
  gem 'simplecov', '~> 0.10'
18
- gem 'concurrent-ruby', '~> 0.9'
19
+ gem 'concurrent-ruby', '~> 1.0'
19
20
  gem 'mocha', '~> 1.1'
20
21
  gem 'ruby-progressbar', '~> 1.8'
21
22
  gem 'webmock', '~> 2.3.2'
22
23
  gem 'jsonschema', '~> 2.0.2'
24
+ gem 'passgen'
23
25
  gem 'm'
24
26
  end
25
27
 
data/LICENSE CHANGED
File without changes
File without changes
File without changes
data/README.md CHANGED
@@ -242,6 +242,18 @@ inspec exec test.rb --sudo [--sudo-password ...] [--sudo-options ...] [--sudo_co
242
242
 
243
243
  # run in a subshell
244
244
  inspec exec test.rb --shell [--shell-options ...] [--shell-command ...]
245
+
246
+ # run a profile targeting AWS using env vars
247
+ inspec exec test.rb -t aws://
248
+
249
+ # or store your AWS credentials in your ~/.aws/credentials profiles file
250
+ inspec exec test.rb -t aws://us-east-2/my-profile
251
+
252
+ # run a profile targeting Azure using env vars
253
+ inspec exec test.rb -t azure://
254
+
255
+ # or store your Azure credentials in your ~/.azure/credentials profiles file
256
+ inspec exec test.rb -t azure://subscription_id
245
257
  ```
246
258
 
247
259
  ### detect
@@ -322,6 +334,7 @@ You may also [browse the Supermarket for shared Compliance Profiles](https://sup
322
334
 
323
335
  InSpec is inspired by the wonderful [Serverspec](http://serverspec.org) project. Kudos to [mizzy](https://github.com/mizzy) and [all contributors](https://github.com/mizzy/serverspec/graphs/contributors)!
324
336
 
337
+ The AWS resources were inspired by [inspec-aws](https://github.com/arothian/inspec-aws) from [arothian](https://github.com/arothian).
325
338
 
326
339
  ## Contribute
327
340
 
@@ -339,10 +352,11 @@ The InSpec community and maintainers are very active and helpful. This project b
339
352
 
340
353
  ## Testing InSpec
341
354
 
342
- We perform `unit` and `integration` tests.
355
+ We offer `unit`, `integration`, and `aws` tests.
343
356
 
344
357
  - `unit` tests ensure the intended behaviour of the implementation
345
358
  - `integration` tests run against Docker-based VMs via test-kitchen and [kitchen-inspec](https://github.com/chef/kitchen-inspec)
359
+ - `aws` tests exercise the AWS resources against real AWS accounts
346
360
 
347
361
  ### Unit tests
348
362
 
@@ -360,7 +374,6 @@ You may also run a single test within a file by line number:
360
374
 
361
375
  ```bash
362
376
  bundle exec m test/unit/resources/user_test.rb -l 123
363
- ```
364
377
 
365
378
  ### Integration tests
366
379
 
@@ -396,14 +409,20 @@ You may test all instances in parallel with:
396
409
  bundle exec kitchen test -c
397
410
  ```
398
411
 
412
+ ### AWS Tests
413
+
414
+ Use the rake task `bundle exec rake test:aws` to test the AWS resources against a pair of real AWS accounts.
415
+
416
+ Please see TESTING_AGAINST_AWS.md for details on how to setup the needed AWS accounts to perform testing.
417
+
399
418
  ## License
400
419
 
401
420
  | | |
402
421
  | ------ | --- |
403
422
  | **Author:** | Dominik Richter (<drichter@chef.io>) |
404
423
  | **Author:** | Christoph Hartmann (<chartmann@chef.io>) |
405
- | **Copyright:** | Copyright (c) 2015 Chef Software Inc. |
406
424
  | **Copyright:** | Copyright (c) 2015 Vulcano Security GmbH. |
425
+ | **Copyright:** | Copyright (c) 2017 Chef Software Inc. |
407
426
  | **License:** | Apache License, Version 2.0 |
408
427
 
409
428
  Licensed under the Apache License, Version 2.0 (the "License");
data/Rakefile CHANGED
@@ -4,9 +4,16 @@
4
4
  require 'bundler'
5
5
  require 'bundler/gem_tasks'
6
6
  require 'rake/testtask'
7
+ require 'passgen'
8
+ require 'train'
7
9
  require_relative 'tasks/maintainers'
8
10
  require_relative 'tasks/spdx'
9
11
 
12
+ def prompt(message)
13
+ print(message)
14
+ STDIN.gets.chomp
15
+ end
16
+
10
17
  # The docs tasks rely on ruby-progressbar. If we can't load it, then don't
11
18
  # load the docs tasks. This is necessary to allow this Rakefile to work
12
19
  # when the "tests" gem group in the Gemfile has been excluded, such as
@@ -84,6 +91,116 @@ namespace :test do
84
91
 
85
92
  sh('sh', '-c', sh_cmd)
86
93
  end
94
+
95
+ project_dir = File.dirname(__FILE__)
96
+ namespace :aws do
97
+ ['default', 'minimal'].each do |account|
98
+ integration_dir = File.join(project_dir, 'test', 'aws', account)
99
+ attribute_file = File.join(integration_dir, '.attribute.yml')
100
+
101
+ task :"setup:#{account}", :tf_workspace do |t, args|
102
+ tf_workspace = args[:tf_workspace] || ENV['INSPEC_TERRAFORM_ENV']
103
+ abort("You must either call the top-level test:aws:#{account} task, or set the INSPEC_TERRAFORM_ENV variable.") unless tf_workspace
104
+ puts "----> Setup"
105
+ abort("You must set the environment variable AWS_REGION") unless ENV['AWS_REGION']
106
+ puts "----> Checking for required AWS profile..."
107
+ sh("aws configure get aws_access_key_id --profile inspec-aws-test-#{account} > /dev/null")
108
+ sh("cd #{integration_dir}/build/ && terraform init")
109
+ sh("cd #{integration_dir}/build/ && terraform workspace new #{tf_workspace}")
110
+ sh("cd #{integration_dir}/build/ && AWS_PROFILE=inspec-aws-test-#{account} terraform plan")
111
+ sh("cd #{integration_dir}/build/ && AWS_PROFILE=inspec-aws-test-#{account} terraform apply")
112
+ Rake::Task["test:aws:dump_attrs:#{account}"].execute
113
+ end
114
+
115
+ task :"dump_attrs:#{account}" do
116
+ sh("cd #{integration_dir}/build/ && AWS_PROFILE=inspec-aws-test-#{account} terraform output > #{attribute_file}")
117
+ raw_output = File.read(attribute_file)
118
+ yaml_output = raw_output.gsub(" = ", " : ")
119
+ File.open(attribute_file, "w") {|file| file.puts yaml_output}
120
+ end
121
+
122
+ task :"run:#{account}" do
123
+ puts "----> Run"
124
+ sh("bundle exec inspec exec #{integration_dir}/verify -t aws://${AWS_REGION}/inspec-aws-test-#{account} --attrs #{attribute_file}")
125
+ end
126
+
127
+ task :"cleanup:#{account}", :tf_workspace do |t, args|
128
+ tf_workspace = args[:tf_workspace] || ENV['INSPEC_TERRAFORM_ENV']
129
+ abort("You must either call the top-level test:aws:#{account} task, or set the INSPEC_TERRAFORM_ENV variable.") unless tf_workspace
130
+ puts "----> Cleanup"
131
+ sh("cd #{integration_dir}/build/ && AWS_PROFILE=inspec-aws-test-#{account} terraform destroy -force")
132
+ sh("cd #{integration_dir}/build/ && terraform workspace select default")
133
+ sh("cd #{integration_dir}/build && terraform workspace delete #{tf_workspace}")
134
+ end
135
+
136
+ task :"#{account}" do
137
+ tf_workspace = ENV['INSPEC_TERRAFORM_ENV'] || prompt("Please enter a workspace for your integration tests to run in: ")
138
+ begin
139
+ Rake::Task["test:aws:setup:#{account}"].execute({:tf_workspace => tf_workspace})
140
+ Rake::Task["test:aws:run:#{account}"].execute
141
+ rescue
142
+ abort("Integration testing has failed for the #{account} account")
143
+ ensure
144
+ Rake::Task["test:aws:cleanup:#{account}"].execute({:tf_workspace => tf_workspace})
145
+ end
146
+ end
147
+ end
148
+ end
149
+ desc "Perform AWS Integration Tests"
150
+ task aws: [:'aws:default', :'aws:minimal']
151
+
152
+ namespace :azure do
153
+ # Specify the directory for the integration tests
154
+ integration_dir = 'test/azure'
155
+
156
+
157
+ task :init_workspace do
158
+ # Initialize terraform workspace
159
+ sh("cd #{integration_dir}/build/ && terraform init")
160
+ end
161
+
162
+ task :setup_integration_tests do
163
+ puts '----> Setup'
164
+ creds = Train.create('azure').connection.connect
165
+
166
+ # Determine the storage account name and the admin password
167
+ sa_name = (0...15).map { (65 + rand(26)).chr }.join.downcase
168
+ admin_password = Passgen::generate(length: 12, uppercase: true, lowercase: true, symbols: true, digits: true)
169
+
170
+ # Use the first 4 characters of the storage account to create a suffix
171
+ suffix = sa_name[0..3]
172
+
173
+ # Create the plan that can be applied to Azure
174
+ cmd = format("cd %s/build/ && terraform plan -var 'subscription_id=%s' -var 'client_id=%s' -var 'client_secret=%s' -var 'tenant_id=%s' -var 'storage_account_name=%s' -var 'admin_password=%s' -var 'suffix=%s' -out inspec-azure.plan", integration_dir, creds[:subscription_id], creds[:client_id], creds[:client_secret], creds[:tenant_id], sa_name, admin_password, suffix)
175
+ sh(cmd)
176
+
177
+ # Apply the plan on Azure
178
+ cmd = format("cd %s/build/ && terraform apply inspec-azure.plan", integration_dir)
179
+ sh(cmd)
180
+ end
181
+
182
+ task :run_integration_tests do
183
+ puts '----> Run'
184
+ sh("bundle exec inspec exec #{integration_dir}/verify -t azure://1e0b427a-d58b-494e-ae4f-ee558463ebbf")
185
+ end
186
+
187
+ task :cleanup_integration_tests do
188
+ puts '----> Cleanup'
189
+ creds = Train.create('azure').connection.connect
190
+
191
+ cmd = format("cd %s/build/ && terraform destroy -force -var 'subscription_id=%s' -var 'client_id=%s' -var 'client_secret=%s' -var 'tenant_id=%s' -var 'admin_password=dummy' -var 'storage_account_name=dummy' -var 'suffix=dummy'", integration_dir, creds[:subscription_id], creds[:client_id], creds[:client_secret], creds[:tenant_id])
192
+ sh(cmd)
193
+ end
194
+ end
195
+
196
+ desc "Perform Azure Integration Tests"
197
+ task :azure do
198
+ Rake::Task['test:azure:init_workspace'].execute
199
+ Rake::Task['test:azure:cleanup_integration_tests'].execute
200
+ Rake::Task['test:azure:setup_integration_tests'].execute
201
+ Rake::Task['test:azure:run_integration_tests'].execute
202
+ Rake::Task['test:azure:cleanup_integration_tests'].execute
203
+ end
87
204
  end
88
205
 
89
206
  # Print the current version of this gem or update it.
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes
File without changes
@@ -0,0 +1,119 @@
1
+ # Using InSpec 2.0 on Cloud Platforms
2
+
3
+ We are pleased to announce that with this release of InSpec 2.0, we have expanded our platform support beyond individual machines and now include support for select AWS and Azure resources.
4
+
5
+ With InSpec 2.0, you may now use several InSpec resources to audit properties of your cloud infrastructure - for example, an Amazon Web Services S3 bucket.
6
+
7
+ <br>
8
+
9
+ ## AWS Platform Support in InSpec 2.0
10
+
11
+ ### Setting up AWS credentials for InSpec
12
+
13
+ InSpec uses the standard AWS authentication mechanisms. Typically, you will create an IAM user specifically for auditing activities.
14
+
15
+ * 1 Create an IAM user in the AWS console, with your choice of username. Check the box marked "Programmatic Access."
16
+ * 2 On the Permissions screen, choose Direct Attach. Select the AWS-managed IAM Profile named "ReadOnlyAccess." If you wish to restrict the user further, you may do so; see individual InSpec resources to identify which permissions are required.
17
+ * 3 After generating the key, record the Access Key ID and Secret Key.
18
+
19
+ #### Using Environment Variables to provide credentials
20
+
21
+ You may provide the credentials to InSpec by setting the following environment variables: `AWS_REGION`, `AWS_ACCESS_KEY_ID`, and `AWS_SECRET_KEY_ID`. You may also use `AWS_PROFILE`, or if you are using MFA, `AWS_SESSION_TOKEN`. See the [AWS Command Line Interface Docs](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html) for details.
22
+
23
+ Once you have your environment variables set, you can verify your credentials by running:
24
+
25
+ ```bash
26
+ you$ inspec detect -t aws://
27
+
28
+ == Platform Details
29
+ Name: aws
30
+ Families: cloud, api
31
+ Release: aws-sdk-v2.10.125
32
+ ```
33
+
34
+ #### Using the InSpec target option to provide credentials on AWS
35
+
36
+ Look for a file in your home directory named `~/.aws/credentials`. If it does not exist, create it. Choose a name for your profile; here, we're using the name 'auditing'. Add your credentials as a new profile, in INI format:
37
+
38
+ ```bash
39
+ [auditing]
40
+ aws_access_key_id = AKIA....
41
+ aws_secret_access_key = 1234....abcd
42
+ ```
43
+
44
+ You may now run InSpec using the `--target` / `-t` option, using the format `-t aws://region/profile`. For example, to connect to the Ohio region using a profile named 'auditing', use `-t aws://us-east-2/auditing`.
45
+
46
+ To verify your credentials,
47
+
48
+ ```bash
49
+ you$ inspec detect -t aws://
50
+
51
+ == Platform Details
52
+ Name: aws
53
+ Families: cloud, api
54
+ Release: aws-sdk-v2.10.125
55
+ ```
56
+
57
+ <br>
58
+
59
+ ## Azure Platform Support in InSpec 2.0
60
+
61
+ ### Setting up Azure credentials for InSpec
62
+
63
+ To use InSpec Azure resources, you will need to create a Service Principal Name (SPN) for auditing an Azure subscription.
64
+
65
+ This can be done on the command line or from the Azure Portal:
66
+
67
+ * [Azure CLI](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-authenticate-service-principal-cli)
68
+ * [PowerShell](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-authenticate-service-principal)
69
+ * [Azure Portal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal)
70
+
71
+ The information from the SPN can be specified either in the file `~/.azure/credentials`, as environment variables, or by using InSpec target URIs.
72
+
73
+ #### Setting up the Azure Credentials File
74
+
75
+ By default InSpec is configured to look at ~/.azure/credentials, and it should contain:
76
+
77
+ ```powershell
78
+ [<SUBSCRIPTION_ID>]
79
+ client_id = "<CLIENT_ID>"
80
+ client_secret = "<CLIENT_SECRET>"
81
+ tenant_id = "<TENANT_ID>"
82
+ ```
83
+
84
+ NOTE: In the Azure web portal, these values are labeled differently:
85
+ * The client_id is referred to as the 'Application ID'
86
+ * The client_secret is referred to as the 'Key (Password Type)'
87
+ * The tenant_id is referred to as the 'Directory ID'
88
+
89
+ With the credentials are in place you may now execute InSpec:
90
+
91
+ ```bash
92
+ inspec exec my-inspec-profile -t azure://
93
+ ```
94
+
95
+ #### Using Environment variables to provide credentials
96
+
97
+ You may also set the Azure credentials via environment variables:
98
+
99
+ * `AZURE_SUBSCRIPTION_ID`
100
+ * `AZURE_CLIENT_ID`
101
+ * `AZURE_CLIENT_SECRET`
102
+ * `AZURE_TENANT_ID`
103
+
104
+ For example:
105
+
106
+ ```bash
107
+ AZURE_SUBSCRIPTION_ID="2fbdbb02-df2e-11e6-bf01-fe55135034f3" \
108
+ AZURE_CLIENT_ID="58dc4f6c-df2e-11e6-bf01-fe55135034f3" \
109
+ AZURE_CLIENT_SECRET="Jibr4iwwaaZwBb6W" \
110
+ AZURE_TENANT_ID="6ad89b58-df2e-11e6-bf01-fe55135034f3" inspec exec my-profile -t azure://
111
+ ```
112
+
113
+ #### Using the InSpec target option to provide credentials on Azure
114
+
115
+ If you have created a `~/.azure/credentials` file as above, you may also use the InSpec command line `--target` / `-t` option to select a subscription ID. For example:
116
+
117
+ ```bash
118
+ inspec exec my-profile -t azure://2fbdbb02-df2e-11e6-bf01-fe55135034f3
119
+ ```