inspec 1.9.0 → 1.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1f94253412c3c460db42fc5f03154c96a51a4c7b
-  data.tar.gz: 460e9aa3231989faa7af89b29cc51d4f2a518eb0
+  metadata.gz: f9d96ad2cb03fa0071dad1bfb2c2409af0555584
+  data.tar.gz: 9e4f11747702ebad75c867b4bea1befa2f9c611a
 SHA512:
-  metadata.gz: cb44eed7117103ec33fb7ed1f69f236637798124533f1daa2fc0039f86871599d47d1e67506abd904ab3915cb9a6f8078caafdb78465da9ad6c4845f311a08ab
-  data.tar.gz: c10829d5c72a263cbf7794a2e8617a5aae54765de056226604527d3a5dd1217b04006f449da51b11325f2113b4949ca12dc6f6c70b887facc0e935e317aa1ad7
+  metadata.gz: 9823737855e6322463707930f5dc977a4cbd44373c765e336ef2690fa49077197670aea0f1a4d31bc8e0bbfccb90788a55e0833a8843ae5b4a33622292c163e0
+  data.tar.gz: 918ecce5051aa29d57aa6b158bacc20fd3c47f41af6389a14c4c1f3d300f03f0e95b82538647074cf6a0cbd9e7943d81500965a040f107789199e9aa7218ee6c

data/CHANGELOG.md

@@ -1,7 +1,34 @@
 # Change Log
 
-## [1.9.0](https://github.com/chef/inspec/tree/1.9.0) (2017-01-06)
-[Full Changelog](https://github.com/chef/inspec/compare/v1.8.0...1.9.0)
+## [1.10.0](https://github.com/chef/inspec/tree/1.10.0) (2017-01-26)
+[Full Changelog](https://github.com/chef/inspec/compare/v1.9.0...1.10.0)
+
+**Implemented enhancements:**
+
+- HTTP request resource [\#336](https://github.com/chef/inspec/issues/336)
+
+**Closed issues:**
+
+- fix functional tests [\#1429](https://github.com/chef/inspec/issues/1429)
+
+**Merged pull requests:**
+
+- improve http header handling [\#1432](https://github.com/chef/inspec/pull/1432) ([chris-rock](https://github.com/chris-rock))
+- use new devsec baseline [\#1431](https://github.com/chef/inspec/pull/1431) ([chris-rock](https://github.com/chris-rock))
+- 'execution' is spelled correctly [\#1428](https://github.com/chef/inspec/pull/1428) ([nathenharvey](https://github.com/nathenharvey))
+- Bug fixes + New Elements [\#1426](https://github.com/chef/inspec/pull/1426) ([hannah-radish](https://github.com/hannah-radish))
+- Docs: fix resource name \('processes' instead of 'process'\) [\#1423](https://github.com/chef/inspec/pull/1423) ([techraf](https://github.com/techraf))
+- update copyright of the year [\#1422](https://github.com/chef/inspec/pull/1422) ([chris-rock](https://github.com/chris-rock))
+- Link to the 1.0 release webinar [\#1419](https://github.com/chef/inspec/pull/1419) ([nathenharvey](https://github.com/nathenharvey))
+- Updated compliance api requests to actually use refresh token correctly [\#1416](https://github.com/chef/inspec/pull/1416) ([brentm5](https://github.com/brentm5))
+- Docs examples: use double quotes to prevent escaping backslash in the expected string [\#1413](https://github.com/chef/inspec/pull/1413) ([techraf](https://github.com/techraf))
+- Fixed error in OS docs, added CentOS to redhat family docs. [\#1407](https://github.com/chef/inspec/pull/1407) ([gscho](https://github.com/gscho))
+- Solicit talks for ChefConf [\#1405](https://github.com/chef/inspec/pull/1405) ([nathenharvey](https://github.com/nathenharvey))
+- Add an http test method [\#1403](https://github.com/chef/inspec/pull/1403) ([guilhem](https://github.com/guilhem))
+- new inspec.io frontpage [\#1362](https://github.com/chef/inspec/pull/1362) ([hannah-radish](https://github.com/hannah-radish))
+
+## [v1.9.0](https://github.com/chef/inspec/tree/v1.9.0) (2017-01-06)
+[Full Changelog](https://github.com/chef/inspec/compare/v1.8.0...v1.9.0)
 
 **Implemented enhancements:**
 
@@ -2001,19 +2028,10 @@
 
 **Implemented enhancements:**
 
-- pretty-print resources [\#78](https://github.com/chef/inspec/issues/78)
-- Add networking resources [\#68](https://github.com/chef/inspec/issues/68)
 - Add WinRM transport layer [\#64](https://github.com/chef/inspec/issues/64)
 
-**Fixed bugs:**
-
-- expose all necessary methods in OS resource [\#79](https://github.com/chef/inspec/issues/79)
-
 **Closed issues:**
 
-- script resource [\#74](https://github.com/chef/inspec/issues/74)
-- add project docs [\#72](https://github.com/chef/inspec/issues/72)
-- OS detection on debian does not detect versions [\#39](https://github.com/chef/inspec/issues/39)
 - ensure all resources have a proper to\_s method [\#98](https://github.com/chef/inspec/issues/98)
 - Escape commands before we execute them [\#70](https://github.com/chef/inspec/issues/70)
 
@@ -2040,90 +2058,6 @@
 - Improve unit tests [\#106](https://github.com/chef/inspec/pull/106) ([chris-rock](https://github.com/chris-rock))
 - add to\_s methods to resources, fixes \#98 [\#105](https://github.com/chef/inspec/pull/105) ([chris-rock](https://github.com/chris-rock))
 - 0.7.0 release [\#104](https://github.com/chef/inspec/pull/104) ([chris-rock](https://github.com/chris-rock))
-- implement iptables resource [\#103](https://github.com/chef/inspec/pull/103) ([chris-rock](https://github.com/chris-rock))
-- bugfix: return function if data is already cached [\#102](https://github.com/chef/inspec/pull/102) ([chris-rock](https://github.com/chris-rock))
-- implement apt resource [\#101](https://github.com/chef/inspec/pull/101) ([chris-rock](https://github.com/chris-rock))
-- improve shell [\#100](https://github.com/chef/inspec/pull/100) ([chris-rock](https://github.com/chris-rock))
-- implement host resource [\#99](https://github.com/chef/inspec/pull/99) ([chris-rock](https://github.com/chris-rock))
-- implement bridge resource [\#97](https://github.com/chef/inspec/pull/97) ([chris-rock](https://github.com/chris-rock))
-- interactive shell [\#95](https://github.com/chef/inspec/pull/95) ([arlimus](https://github.com/arlimus))
-- interface resource [\#94](https://github.com/chef/inspec/pull/94) ([chris-rock](https://github.com/chris-rock))
-- lint: dont use undefined vars [\#93](https://github.com/chef/inspec/pull/93) ([arlimus](https://github.com/arlimus))
-- fix delivery dependencies [\#92](https://github.com/chef/inspec/pull/92) ([arlimus](https://github.com/arlimus))
-- improvement: add default print method to resources [\#91](https://github.com/chef/inspec/pull/91) ([arlimus](https://github.com/arlimus))
-- extend os backend helper [\#90](https://github.com/chef/inspec/pull/90) ([chris-rock](https://github.com/chris-rock))
-- integrate docs [\#89](https://github.com/chef/inspec/pull/89) ([chris-rock](https://github.com/chris-rock))
-- integrate docs [\#88](https://github.com/chef/inspec/pull/88) ([chris-rock](https://github.com/chris-rock))
-- script resource [\#87](https://github.com/chef/inspec/pull/87) ([chris-rock](https://github.com/chris-rock))
-- implement group resource [\#85](https://github.com/chef/inspec/pull/85) ([chris-rock](https://github.com/chris-rock))
-- add author header [\#84](https://github.com/chef/inspec/pull/84) ([chris-rock](https://github.com/chris-rock))
-- Resource bugfix [\#83](https://github.com/chef/inspec/pull/83) ([arlimus](https://github.com/arlimus))
-- Resource in resource [\#80](https://github.com/chef/inspec/pull/80) ([arlimus](https://github.com/arlimus))
-- ignore local delivery config [\#77](https://github.com/chef/inspec/pull/77) ([arlimus](https://github.com/arlimus))
-- bugfix user resource for windows [\#76](https://github.com/chef/inspec/pull/76) ([chris-rock](https://github.com/chris-rock))
-- activate lint in travis [\#75](https://github.com/chef/inspec/pull/75) ([arlimus](https://github.com/arlimus))
-- Simplify SSL configuration [\#69](https://github.com/chef/inspec/pull/69) ([arlimus](https://github.com/arlimus))
-- implement user resource [\#67](https://github.com/chef/inspec/pull/67) ([chris-rock](https://github.com/chris-rock))
-- switch from open4 -\> mixlib-shellout [\#66](https://github.com/chef/inspec/pull/66) ([arlimus](https://github.com/arlimus))
-- WinRM path [\#63](https://github.com/chef/inspec/pull/63) ([arlimus](https://github.com/arlimus))
-- bugfix: catch cases where oneget returns an array [\#62](https://github.com/chef/inspec/pull/62) ([chris-rock](https://github.com/chris-rock))
-- extend delivery tests to extra docker images [\#61](https://github.com/chef/inspec/pull/61) ([arlimus](https://github.com/arlimus))
-- rename --key-file to --key on cli [\#60](https://github.com/chef/inspec/pull/60) ([arlimus](https://github.com/arlimus))
-- Simpleconfig groups [\#57](https://github.com/chef/inspec/pull/57) ([arlimus](https://github.com/arlimus))
-- OS detection tests [\#56](https://github.com/chef/inspec/pull/56) ([arlimus](https://github.com/arlimus))
-- Start Linting remaining resources [\#55](https://github.com/chef/inspec/pull/55) ([arlimus](https://github.com/arlimus))
-- fix various robocop lint issues [\#54](https://github.com/chef/inspec/pull/54) ([chris-rock](https://github.com/chris-rock))
-- overhaul rule structure [\#53](https://github.com/chef/inspec/pull/53) ([arlimus](https://github.com/arlimus))
-- Verify ssh transport backend [\#51](https://github.com/chef/inspec/pull/51) ([arlimus](https://github.com/arlimus))
-- Unit test for service resource [\#50](https://github.com/chef/inspec/pull/50) ([chris-rock](https://github.com/chris-rock))
-- Ssh backend tests [\#49](https://github.com/chef/inspec/pull/49) ([arlimus](https://github.com/arlimus))
-- Docker concurrency [\#48](https://github.com/chef/inspec/pull/48) ([arlimus](https://github.com/arlimus))
-- unit tests for package resource [\#47](https://github.com/chef/inspec/pull/47) ([chris-rock](https://github.com/chris-rock))
-- Docker runner test [\#46](https://github.com/chef/inspec/pull/46) ([arlimus](https://github.com/arlimus))
-- add port resource [\#45](https://github.com/chef/inspec/pull/45) ([chris-rock](https://github.com/chris-rock))
-- bugfix: windows server 2008 detection [\#44](https://github.com/chef/inspec/pull/44) ([arlimus](https://github.com/arlimus))
-- Add detect command [\#43](https://github.com/chef/inspec/pull/43) ([arlimus](https://github.com/arlimus))
-- unit test mock os [\#42](https://github.com/chef/inspec/pull/42) ([chris-rock](https://github.com/chris-rock))
-- let travis do dockerized resource tests [\#41](https://github.com/chef/inspec/pull/41) ([arlimus](https://github.com/arlimus))
-- docker test run [\#40](https://github.com/chef/inspec/pull/40) ([arlimus](https://github.com/arlimus))
-- bugfix: detect os via unames [\#38](https://github.com/chef/inspec/pull/38) ([arlimus](https://github.com/arlimus))
-- run kitchen test instead of converge [\#37](https://github.com/chef/inspec/pull/37) ([arlimus](https://github.com/arlimus))
-- bugfix: local file owner [\#36](https://github.com/chef/inspec/pull/36) ([arlimus](https://github.com/arlimus))
-- bugfix: backend description for local + docker [\#35](https://github.com/chef/inspec/pull/35) ([arlimus](https://github.com/arlimus))
-- implement fake os method for mock backend \(for now\) [\#34](https://github.com/chef/inspec/pull/34) ([chris-rock](https://github.com/chris-rock))
-- add Windows feature resource [\#33](https://github.com/chef/inspec/pull/33) ([chris-rock](https://github.com/chris-rock))
-- add linux kernel resources [\#32](https://github.com/chef/inspec/pull/32) ([chris-rock](https://github.com/chris-rock))
-- Exist vs exists [\#31](https://github.com/chef/inspec/pull/31) ([arlimus](https://github.com/arlimus))
-- File formats [\#30](https://github.com/chef/inspec/pull/30) ([chris-rock](https://github.com/chris-rock))
-- OS detection and resource [\#29](https://github.com/chef/inspec/pull/29) ([arlimus](https://github.com/arlimus))
-- bugfix: fix simplified runner configuration [\#28](https://github.com/chef/inspec/pull/28) ([chris-rock](https://github.com/chris-rock))
-- improvement: simplify runner configuration [\#27](https://github.com/chef/inspec/pull/27) ([arlimus](https://github.com/arlimus))
-- bugfix: catch cases, where no service is available [\#26](https://github.com/chef/inspec/pull/26) ([chris-rock](https://github.com/chris-rock))
-- support package for windows [\#25](https://github.com/chef/inspec/pull/25) ([chris-rock](https://github.com/chris-rock))
-- implement service for FreeBSD [\#24](https://github.com/chef/inspec/pull/24) ([chris-rock](https://github.com/chris-rock))
-- move integration dependencies to Gemfile [\#23](https://github.com/chef/inspec/pull/23) ([chris-rock](https://github.com/chris-rock))
-- add oracle linux docker tests [\#22](https://github.com/chef/inspec/pull/22) ([arlimus](https://github.com/arlimus))
-- Support FreeBSD [\#21](https://github.com/chef/inspec/pull/21) ([arlimus](https://github.com/arlimus))
-- Service resource [\#20](https://github.com/chef/inspec/pull/20) ([chris-rock](https://github.com/chris-rock))
-- Improvements [\#19](https://github.com/chef/inspec/pull/19) ([chris-rock](https://github.com/chris-rock))
-- bugfix: set host for ssh config in specinfra [\#18](https://github.com/chef/inspec/pull/18) ([chris-rock](https://github.com/chris-rock))
-- improve readme [\#17](https://github.com/chef/inspec/pull/17) ([chris-rock](https://github.com/chris-rock))
-- Integration tests for the backend runner [\#16](https://github.com/chef/inspec/pull/16) ([arlimus](https://github.com/arlimus))
-- Fix specinfra OS detection [\#15](https://github.com/chef/inspec/pull/15) ([arlimus](https://github.com/arlimus))
-- Os detection [\#14](https://github.com/chef/inspec/pull/14) ([chris-rock](https://github.com/chris-rock))
-- bugfix: require specinfra backend [\#13](https://github.com/chef/inspec/pull/13) ([chris-rock](https://github.com/chris-rock))
-- improve docker test runner structure [\#12](https://github.com/chef/inspec/pull/12) ([arlimus](https://github.com/arlimus))
-- Concurrent integrationtest [\#11](https://github.com/chef/inspec/pull/11) ([arlimus](https://github.com/arlimus))
-- add oneget resource [\#10](https://github.com/chef/inspec/pull/10) ([chris-rock](https://github.com/chris-rock))
-- Winrm [\#9](https://github.com/chef/inspec/pull/9) ([chris-rock](https://github.com/chris-rock))
-- bugfix: linux file stat parameters and mount [\#8](https://github.com/chef/inspec/pull/8) ([arlimus](https://github.com/arlimus))
-- Mysql conf [\#7](https://github.com/chef/inspec/pull/7) ([arlimus](https://github.com/arlimus))
-- Lint update [\#6](https://github.com/chef/inspec/pull/6) ([arlimus](https://github.com/arlimus))
-- SSH PTY [\#5](https://github.com/chef/inspec/pull/5) ([arlimus](https://github.com/arlimus))
-- Start Docker + SSH backends [\#4](https://github.com/chef/inspec/pull/4) ([arlimus](https://github.com/arlimus))
-- travis checks [\#3](https://github.com/chef/inspec/pull/3) ([chris-rock](https://github.com/chris-rock))
-- Package [\#2](https://github.com/chef/inspec/pull/2) ([chris-rock](https://github.com/chris-rock))
-- shared linux file handling + specinfra config + cleanup [\#1](https://github.com/chef/inspec/pull/1) ([arlimus](https://github.com/arlimus))
 
 
 

data/Gemfile

@@ -20,6 +20,7 @@ group :test do
   gem 'mocha', '~> 1.1'
   gem 'ruby-progressbar', '~> 1.8'
   gem 'nokogiri', '~> 1.6'
+  gem 'webmock', '~> 2.3.2'
 end
 
 group :integration do

data/docs/resources/command.md.erb

@@ -87,7 +87,7 @@ The following examples show how to use this InSpec audit resource.
 ### Test standard output (stdout)
 
     describe command('echo hello') do
-      its('stdout') { should eq 'hello\n' }
+      its('stdout') { should eq "hello\n" }
       its('stderr') { should eq '' }
       its('exit_status') { should eq 0 }
     end
@@ -96,7 +96,7 @@ The following examples show how to use this InSpec audit resource.
 
     describe command('>&2 echo error') do
       its('stdout') { should eq '' }
-      its('stderr') { should eq 'error\n' }
+      its('stderr') { should eq "error\n" }
       its('exit_status') { should eq 0 }
     end
 

data/docs/resources/http.md.erb

@@ -0,0 +1,97 @@
+---
+title: About the http Resource
+---
+
+# http
+
+Use the `http` InSpec audit resource to test an http endpoint.
+
+## Syntax
+
+An `http` resource block declares the configuration settings to be tested:
+
+    describe http('url', auth: {user: 'user', pass: 'test'}, params: {params}, method: 'method', headers: {headers}, body: body) do
+      its('status') { should eq number }
+      its('body') { should eq 'body' }
+      its('headers.name') { should eq 'header' }
+    end
+
+where
+
+* `('url')` is the url to test
+* `{user: 'user', pass: 'test'}` may be specified for basic auth request
+* `{params}` may be specified for http request parameters
+* `'method'` may be specified for http request method (default to 'GET')
+* `{headers}` may be specified for http request headers
+* `body` may be specified for http request body
+
+## Matchers
+
+This InSpec audit resource has the following matchers:
+
+### be
+
+<%= partial "/shared/matcher_be" %>
+
+### body
+
+The `body` matcher tests body content of http response:
+
+   its('body') { should eq 'hello\n' }
+
+### cmp
+
+<%= partial "/shared/matcher_cmp" %>
+
+### eq
+
+<%= partial "/shared/matcher_eq" %>
+
+### headers
+
+The `headers` matcher returns an hash of all http headers:
+
+    its('headers') { should eq {} }
+
+Individual headers can be tested via:
+
+    its('headers.Content-Type') { should cmp 'text/html' }
+
+### include
+
+<%= partial "/shared/matcher_include" %>
+
+### match
+
+<%= partial "/shared/matcher_match" %>
+
+### status
+
+The `status` matcher tests status of the http response:
+
+    its('status') { should eq 200 }
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Simple http test
+
+For example, a service is listening on default http port can be tested like this:
+
+    describe http('http://localhost') do
+      its('status') { should cmp 200 }
+    end
+
+### Complex http test
+
+    describe http('http://localhost:8080/ping',
+                  auth: {user: 'user', pass: 'test'},
+                  params: {format: 'html'},
+                  method: 'POST',
+                  headers: {'Content-Type' => 'application/json'},
+                  data: '{"data":{"a":"1","b":"five"}}') do
+      its('status') { should cmp 200 }
+      its('body') { should cmp 'pong' }
+      its('headers.Content-Type') { should cmp 'text/html' }
+    end

data/docs/resources/os.md.erb

@@ -56,7 +56,7 @@ The `os` audit resource includes a collection of helpers that enable more granul
 * `debian?`
 * `hpux?`
 * `linux?` (including Alpine Linux, Amazon Linux, ArchLinux, CoreOS, Exherbo, Fedora, Gentoo, and Slackware)
-* `redhat?`
+* `redhat?` (including CentOS)
 * `solaris?` (including Nexenta Core, OmniOS, Open Indiana, Solaris Open, and SmartOS)
 * `suse?`
 * `unix?`
@@ -103,7 +103,7 @@ Use `os[:family]` to enable more granular testing of platforms, platform names,
 * `:debian`
 * `:hpux`
 * `:linux`. For platforms that are part of the Linux family: `:alpine`, `:amazon`, `:arch`, `:coreos`, `:exherbo`, `:fedora`, `:gentoo`, and `:slackware`.
-* `:redhat`
+* `:redhat`. For platforms that are part of the Redhat family: `:centos`.
 * `:solaris`. For platforms that are part of the Solaris family: `:nexentacore`, `:omnios`, `:openindiana`, `:opensolaris`, and `:smartos`.
 * `:suse`
 * `:unix`
@@ -115,7 +115,7 @@ For example, both of the following tests should have the same result:
       describe port(69) do
         its('processes') { should include 'in.tftpd' }
       end
-    elsif os[:family] == 'rhel'
+    elsif os[:family] == 'redhat'
       describe port(69) do
         its('processes') { should include 'xinetd' }
       end
@@ -125,7 +125,7 @@ For example, both of the following tests should have the same result:
       describe port(69) do
         its('processes') { should include 'in.tftpd' }
       end
-    elsif os[:rhel]
+    elsif os[:redhat]
       describe port(69) do
         its('processes') { should include 'xinetd' }
       end

data/docs/resources/sshd_config.md.erb

@@ -4,7 +4,7 @@ title: About the sshd_config Resource
 
 # sshd_config
 
-Use the `sshd_config` InSpec audit resource to test configuration data for the OpenSSH daemon located at `/etc/ssh/sshd_config` on Linux and Unix platforms. sshd---the OpenSSH daemon---listens on dedicated ports, starts a daemon for each incoming connection, and then handles encryption, authentication, key exchanges, command executation, and data exchanges.
+Use the `sshd_config` InSpec audit resource to test configuration data for the OpenSSH daemon located at `/etc/ssh/sshd_config` on Linux and Unix platforms. sshd---the OpenSSH daemon---listens on dedicated ports, starts a daemon for each incoming connection, and then handles encryption, authentication, key exchanges, command execution, and data exchanges.
 
 ## Syntax
 

data/examples/meta-profile/controls/example.rb

@@ -3,7 +3,7 @@
 # license: All rights reserved
 
 # import full profile
-include_controls 'hardening/ssh-hardening'
+include_controls 'dev-sec/ssh-baseline'
 
 # select only individual controls
 include_controls 'ssl-benchmark' do

data/examples/meta-profile/inspec.yml

@@ -7,7 +7,7 @@ license: Apache 2
 summary: InSpec Profile that is only consuming dependencies
 version: 0.2.0
 depends:
-  - name: hardening/ssh-hardening  # defaults to supermarket
+  - name: dev-sec/ssh-baseline  # defaults to supermarket
   - url: https://github.com/dev-sec/ssl-benchmark
   - name: windows-patch-benchmark
     url: https://github.com/chris-rock/windows-patch-benchmark

data/inspec.gemspec

@@ -38,4 +38,5 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'sslshake', '~> 1'
   spec.add_dependency 'parallel', '~> 1.9'
   spec.add_dependency 'rspec_junit_formatter', '~> 0.2.3'
+  spec.add_dependency 'http', '~> 2.1.0'
 end

data/lib/bundles/inspec-compliance/api.rb

@@ -81,7 +81,7 @@ Please login using `inspec compliance login https://compliance.test --user admin
       [res.is_a?(Net::HTTPSuccess), res.body]
     end
 
-    # Use username and refresh_toke to get an API access token
+    # Use username and refresh_token to get an API access token
     def self.get_token_via_refresh_token(url, refresh_token, insecure)
       uri = URI.parse("#{url}/login")
       req = Net::HTTP::Post.new(uri.path)
@@ -130,20 +130,27 @@ Please login using `inspec compliance login https://compliance.test --user admin
     end
 
     def self.get_headers(config)
+      token = get_token(config)
       if config['server_type'] == 'automate'
         headers = { 'chef-delivery-enterprise' => config['automate']['ent'] }
         if config['automate']['token_type'] == 'dctoken'
-          headers['x-data-collector-token'] = config['token']
+          headers['x-data-collector-token'] = token
         else
           headers['chef-delivery-user'] = config['user']
-          headers['chef-delivery-token'] = config['token']
+          headers['chef-delivery-token'] = token
         end
       else
-        headers = { 'Authorization' => "Bearer #{config['token']}" }
+        headers = { 'Authorization' => "Bearer #{token}" }
       end
       headers
     end
 
+    def self.get_token(config)
+      return config['token'] unless config['refresh_token']
+      _success, _msg, token = get_token_via_refresh_token(config['server'], config['refresh_token'], config['insecure'])
+      token
+    end
+
     def self.target_url(config, profile)
       if config['server_type'] == 'automate'
         target = "#{config['server']}/#{profile}/tar"

data/lib/bundles/inspec-compliance/cli.rb

@@ -179,7 +179,7 @@ module Compliance
       end
 
       # determine user information
-      if config['token'].nil? || config['user'].nil?
+      if (config['token'].nil? && config['refresh_token'].nil?) || config['user'].nil?
         error.call('Please login via `inspec compliance login`')
       end
 
@@ -287,11 +287,10 @@ module Compliance
     end
 
     def login_refreshtoken(url, options)
-      success, msg, access_token = Compliance::API.get_token_via_refresh_token(url, options['refresh_token'], options['insecure'])
+      success, msg, _access_token = Compliance::API.get_token_via_refresh_token(url, options['refresh_token'], options['insecure'])
       if success
         config = Compliance::Configuration.new
         config['server'] = url
-        config['token'] = access_token
         config['insecure'] = options['insecure']
         config['version'] = Compliance::API.version(url, options['insecure'])
         config['server_type'] = 'compliance'
@@ -344,11 +343,10 @@ module Compliance
         success = true
         msg = 'API refresh token stored'
       else
-        success, msg, access_token = Compliance::API.get_token_via_refresh_token(url, refresh_token, insecure)
+        success, msg, _access_token= Compliance::API.get_token_via_refresh_token(url, refresh_token, insecure)
         if success
-          config['token'] = access_token
           config.store
-          msg = 'API access token verified and stored'
+          msg = 'API access token verified'
         end
       end
 

data/lib/bundles/inspec-compliance/target.rb

@@ -13,7 +13,7 @@ module Compliance
   class Fetcher < Fetchers::Url
     name 'compliance'
     priority 500
-    def self.resolve(target) # rubocop:disable PerceivedComplexity, Metrics/CyclomaticComplexity
+    def self.resolve(target) # rubocop:disable PerceivedComplexity, Metrics/CyclomaticComplexity, Metrics/AbcSize
       uri = if target.is_a?(String) && URI(target).scheme == 'compliance'
               URI(target)
             elsif target.respond_to?(:key?) && target.key?(:compliance)
@@ -29,7 +29,7 @@ module Compliance
       else
         # check if we have a compliance token
         config = Compliance::Configuration.new
-        if config['token'].nil?
+        if config['token'].nil? && config['refresh_token'].nil?
           if config['server_type'] == 'automate'
             server = 'automate'
             msg = 'inspec compliance login_automate https://your_automate_server --user USER --ent ENT --dctoken DCTOKEN or --usertoken USERTOKEN'
@@ -55,6 +55,9 @@ EOF
         end
         profile_fetch_url = Compliance::API.target_url(config, profile)
       end
+      # We need to pass the token to the fetcher
+      config['token'] = Compliance::API.get_token(config)
+
       new(profile_fetch_url, config)
     rescue URI::Error => _e
       nil

data/lib/inspec/resource.rb

@@ -86,6 +86,7 @@ require 'resources/gem'
 require 'resources/groups'
 require 'resources/grub_conf'
 require 'resources/host'
+require 'resources/http'
 require 'resources/iis_site'
 require 'resources/inetd_conf'
 require 'resources/interface'

data/lib/inspec/version.rb

@@ -4,5 +4,5 @@
 # author: Christoph Hartmann
 
 module Inspec
-  VERSION = '1.9.0'.freeze
+  VERSION = '1.10.0'.freeze
 end

data/lib/resources/http.rb

@@ -0,0 +1,60 @@
+# encoding: utf-8
+# copyright: 2017, Criteo
+# author: Guilhem Lettron
+# license: Apache v2
+
+require 'http'
+require 'hashie'
+
+module Inspec::Resources
+  class Http < Inspec.resource(1)
+    name 'http'
+    desc 'Use the http InSpec audit resource to test http call.'
+    example "
+      describe http('http://localhost:8080/ping', auth: {user: 'user', pass: 'test'}, params: {format: 'html'}) do
+        its('status') { should cmp 200 }
+        its('body') { should cmp 'pong' }
+        its('headers.Content-Type') { should cmp 'text/html' }
+      end
+
+      describe http('http://example.com/ping').headers do
+        its('Content-Length') { should cmp 258 }
+        its('Content-Type') { should cmp 'text/html; charset=UTF-8' }
+      end
+    "
+
+    # rubocop:disable ParameterLists
+    def initialize(url, method: 'GET', params: nil, auth: {}, headers: {}, data: nil)
+      @url = url
+      @method = method
+      @params = params
+      @auth = auth
+      @headers = headers
+      @data = data
+    end
+
+    def status
+      response.status
+    end
+
+    def body
+      response.to_s
+    end
+
+    def headers
+      Hashie::Mash.new(response.headers.to_h)
+    end
+
+    def to_s
+      "http #{@method} on #{@url}"
+    end
+
+    private
+
+    def response
+      http = HTTP.headers(@headers)
+      http = http.basic_auth(@auth) unless @auth.empty?
+      @response ||= http.request(@method, @url, { body: @data, params: @params })
+    end
+  end
+end

data/lib/resources/ssh_conf.rb

@@ -9,7 +9,7 @@ require 'utils/simpleconfig'
 module Inspec::Resources
   class SshConf < Inspec.resource(1)
     name 'ssh_config'
-    desc 'Use the sshd_config InSpec audit resource to test configuration data for the Open SSH daemon located at /etc/ssh/sshd_config on Linux and UNIX platforms. sshd---the Open SSH daemon---listens on dedicated ports, starts a daemon for each incoming connection, and then handles encryption, authentication, key exchanges, command executation, and data exchanges.'
+    desc 'Use the sshd_config InSpec audit resource to test configuration data for the Open SSH daemon located at /etc/ssh/sshd_config on Linux and UNIX platforms. sshd---the Open SSH daemon---listens on dedicated ports, starts a daemon for each incoming connection, and then handles encryption, authentication, key exchanges, command execution, and data exchanges.'
     example "
       describe sshd_config do
         its('Protocol') { should eq '2' }

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec
 version: !ruby/object:Gem::Version
-  version: 1.9.0
+  version: 1.10.0
 platform: ruby
 authors:
 - Dominik Richter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-01-06 00:00:00.000000000 Z
+date: 2017-01-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: train
@@ -218,6 +218,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 0.2.3
+- !ruby/object:Gem::Dependency
+  name: http
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.1.0
 description: InSpec provides a framework for creating end-to-end infrastructure tests.
   You can use it for integration or even compliance testing. Create fully portable
   test profiles and use them in your workflow to ensure stability and security. Integrate
@@ -268,6 +282,7 @@ files:
 - docs/resources/group.md.erb
 - docs/resources/grub_conf.md.erb
 - docs/resources/host.md.erb
+- docs/resources/http.md.erb
 - docs/resources/iis_site.md.erb
 - docs/resources/inetd_conf.md.erb
 - docs/resources/ini.md.erb
@@ -295,7 +310,7 @@ files:
 - docs/resources/postgres_conf.md.erb
 - docs/resources/postgres_session.md.erb
 - docs/resources/powershell.md.erb
-- docs/resources/process.md.erb
+- docs/resources/processes.md.erb
 - docs/resources/registry_key.md.erb
 - docs/resources/runit_service.md.erb
 - docs/resources/security_policy.md.erb
@@ -471,6 +486,7 @@ files:
 - lib/resources/groups.rb
 - lib/resources/grub_conf.rb
 - lib/resources/host.rb
+- lib/resources/http.rb
 - lib/resources/iis_site.rb
 - lib/resources/inetd_conf.rb
 - lib/resources/ini.rb