RubyGems - inspec - Versions diffs - 2.0.16 → 2.0.17 - Mend

inspec 2.0.16 → 2.0.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (480) hide show

checksums.yaml +4 -4
data/.rubocop.yml +101 -101
data/CHANGELOG.md +2949 -2944
data/Gemfile +55 -55
data/LICENSE +14 -14
data/MAINTAINERS.md +31 -31
data/MAINTAINERS.toml +47 -47
data/README.md +438 -438
data/Rakefile +284 -284
data/bin/inspec +12 -12
data/docs/.gitignore +2 -2
data/docs/README.md +40 -40
data/docs/dsl_inspec.md +258 -258
data/docs/dsl_resource.md +93 -93
data/docs/glossary.md +99 -99
data/docs/habitat.md +191 -191
data/docs/inspec_and_friends.md +107 -107
data/docs/matchers.md +165 -165
data/docs/migration.md +293 -293
data/docs/platforms.md +118 -118
data/docs/plugin_kitchen_inspec.md +49 -49
data/docs/profiles.md +370 -370
data/docs/reporters.md +105 -105
data/docs/resources/aide_conf.md.erb +75 -75
data/docs/resources/apache.md.erb +67 -67
data/docs/resources/apache_conf.md.erb +68 -68
data/docs/resources/apt.md.erb +71 -71
data/docs/resources/audit_policy.md.erb +47 -47
data/docs/resources/auditd.md.erb +79 -79
data/docs/resources/auditd_conf.md.erb +68 -68
data/docs/resources/aws_cloudtrail_trail.md.erb +140 -140
data/docs/resources/aws_cloudtrail_trails.md.erb +81 -81
data/docs/resources/aws_cloudwatch_alarm.md.erb +86 -86
data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +151 -151
data/docs/resources/aws_ec2_instance.md.erb +106 -106
data/docs/resources/aws_iam_access_key.md.erb +123 -123
data/docs/resources/aws_iam_access_keys.md.erb +198 -198
data/docs/resources/aws_iam_group.md.erb +46 -46
data/docs/resources/aws_iam_groups.md.erb +43 -43
data/docs/resources/aws_iam_password_policy.md.erb +76 -76
data/docs/resources/aws_iam_policies.md.erb +82 -82
data/docs/resources/aws_iam_policy.md.erb +146 -146
data/docs/resources/aws_iam_role.md.erb +65 -65
data/docs/resources/aws_iam_root_user.md.erb +58 -58
data/docs/resources/aws_iam_user.md.erb +64 -64
data/docs/resources/aws_iam_users.md.erb +89 -89
data/docs/resources/aws_kms_keys.md.erb +84 -84
data/docs/resources/aws_route_table.md.erb +47 -47
data/docs/resources/aws_s3_bucket.md.erb +134 -134
data/docs/resources/aws_security_group.md.erb +152 -152
data/docs/resources/aws_security_groups.md.erb +92 -92
data/docs/resources/aws_sns_topic.md.erb +62 -62
data/docs/resources/aws_subnet.md.erb +133 -133
data/docs/resources/aws_subnets.md.erb +126 -126
data/docs/resources/aws_vpc.md.erb +120 -120
data/docs/resources/aws_vpcs.md.erb +48 -48
data/docs/resources/azure_generic_resource.md.erb +170 -139
data/docs/resources/azure_resource_group.md.erb +284 -284
data/docs/resources/azure_virtual_machine.md.erb +347 -314
data/docs/resources/azure_virtual_machine_data_disk.md.erb +224 -182
data/docs/resources/bash.md.erb +75 -75
data/docs/resources/bond.md.erb +90 -90
data/docs/resources/bridge.md.erb +57 -57
data/docs/resources/bsd_service.md.erb +67 -67
data/docs/resources/command.md.erb +138 -138
data/docs/resources/cpan.md.erb +79 -79
data/docs/resources/cran.md.erb +64 -64
data/docs/resources/crontab.md.erb +88 -88
data/docs/resources/csv.md.erb +54 -54
data/docs/resources/dh_params.md.erb +217 -217
data/docs/resources/directory.md.erb +30 -30
data/docs/resources/docker.md.erb +164 -164
data/docs/resources/docker_container.md.erb +104 -104
data/docs/resources/docker_image.md.erb +94 -94
data/docs/resources/docker_service.md.erb +114 -114
data/docs/resources/elasticsearch.md.erb +242 -242
data/docs/resources/etc_fstab.md.erb +125 -125
data/docs/resources/etc_group.md.erb +75 -75
data/docs/resources/etc_hosts.md.erb +78 -78
data/docs/resources/etc_hosts_allow.md.erb +74 -74
data/docs/resources/etc_hosts_deny.md.erb +74 -74
data/docs/resources/file.md.erb +515 -515
data/docs/resources/filesystem.md.erb +41 -41
data/docs/resources/firewalld.md.erb +107 -107
data/docs/resources/gem.md.erb +79 -79
data/docs/resources/group.md.erb +61 -61
data/docs/resources/grub_conf.md.erb +101 -101
data/docs/resources/host.md.erb +78 -78
data/docs/resources/http.md.erb +101 -101
data/docs/resources/iis_app.md.erb +122 -122
data/docs/resources/iis_site.md.erb +135 -135
data/docs/resources/inetd_conf.md.erb +94 -94
data/docs/resources/ini.md.erb +76 -76
data/docs/resources/interface.md.erb +58 -58
data/docs/resources/iptables.md.erb +64 -64
data/docs/resources/json.md.erb +62 -62
data/docs/resources/kernel_module.md.erb +107 -107
data/docs/resources/kernel_parameter.md.erb +53 -53
data/docs/resources/key_rsa.md.erb +85 -85
data/docs/resources/launchd_service.md.erb +57 -57
data/docs/resources/limits_conf.md.erb +75 -75
data/docs/resources/login_def.md.erb +71 -71
data/docs/resources/mount.md.erb +69 -69
data/docs/resources/mssql_session.md.erb +60 -60
data/docs/resources/mysql_conf.md.erb +99 -99
data/docs/resources/mysql_session.md.erb +74 -74
data/docs/resources/nginx.md.erb +79 -79
data/docs/resources/nginx_conf.md.erb +128 -128
data/docs/resources/npm.md.erb +60 -60
data/docs/resources/ntp_conf.md.erb +60 -60
data/docs/resources/oneget.md.erb +53 -53
data/docs/resources/oracledb_session.md.erb +52 -52
data/docs/resources/os.md.erb +141 -141
data/docs/resources/os_env.md.erb +78 -78
data/docs/resources/package.md.erb +120 -120
data/docs/resources/packages.md.erb +67 -67
data/docs/resources/parse_config.md.erb +103 -103
data/docs/resources/parse_config_file.md.erb +138 -138
data/docs/resources/passwd.md.erb +141 -141
data/docs/resources/pip.md.erb +67 -67
data/docs/resources/port.md.erb +137 -137
data/docs/resources/postgres_conf.md.erb +79 -79
data/docs/resources/postgres_hba_conf.md.erb +93 -93
data/docs/resources/postgres_ident_conf.md.erb +76 -76
data/docs/resources/postgres_session.md.erb +69 -69
data/docs/resources/powershell.md.erb +102 -102
data/docs/resources/processes.md.erb +109 -109
data/docs/resources/rabbitmq_config.md.erb +41 -41
data/docs/resources/registry_key.md.erb +158 -158
data/docs/resources/runit_service.md.erb +57 -57
data/docs/resources/security_policy.md.erb +47 -47
data/docs/resources/service.md.erb +121 -121
data/docs/resources/shadow.md.erb +144 -144
data/docs/resources/ssh_config.md.erb +80 -80
data/docs/resources/sshd_config.md.erb +83 -83
data/docs/resources/ssl.md.erb +119 -119
data/docs/resources/sys_info.md.erb +42 -42
data/docs/resources/systemd_service.md.erb +57 -57
data/docs/resources/sysv_service.md.erb +57 -57
data/docs/resources/upstart_service.md.erb +57 -57
data/docs/resources/user.md.erb +140 -140
data/docs/resources/users.md.erb +127 -127
data/docs/resources/vbscript.md.erb +55 -55
data/docs/resources/virtualization.md.erb +57 -57
data/docs/resources/windows_feature.md.erb +47 -47
data/docs/resources/windows_hotfix.md.erb +53 -53
data/docs/resources/windows_task.md.erb +95 -95
data/docs/resources/wmi.md.erb +81 -81
data/docs/resources/x509_certificate.md.erb +151 -151
data/docs/resources/xinetd_conf.md.erb +156 -156
data/docs/resources/xml.md.erb +85 -85
data/docs/resources/yaml.md.erb +69 -69
data/docs/resources/yum.md.erb +98 -98
data/docs/resources/zfs_dataset.md.erb +53 -53
data/docs/resources/zfs_pool.md.erb +47 -47
data/docs/ruby_usage.md +203 -203
data/docs/shared/matcher_be.md.erb +1 -1
data/docs/shared/matcher_cmp.md.erb +43 -43
data/docs/shared/matcher_eq.md.erb +3 -3
data/docs/shared/matcher_include.md.erb +1 -1
data/docs/shared/matcher_match.md.erb +1 -1
data/docs/shell.md +172 -172
data/examples/README.md +8 -8
data/examples/inheritance/README.md +65 -65
data/examples/inheritance/controls/example.rb +14 -14
data/examples/inheritance/inspec.yml +15 -15
data/examples/kitchen-ansible/.kitchen.yml +25 -25
data/examples/kitchen-ansible/Gemfile +19 -19
data/examples/kitchen-ansible/README.md +53 -53
data/examples/kitchen-ansible/files/nginx.repo +6 -6
data/examples/kitchen-ansible/tasks/main.yml +16 -16
data/examples/kitchen-ansible/test/integration/default/default.yml +5 -5
data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -28
data/examples/kitchen-chef/.kitchen.yml +20 -20
data/examples/kitchen-chef/Berksfile +3 -3
data/examples/kitchen-chef/Gemfile +19 -19
data/examples/kitchen-chef/README.md +27 -27
data/examples/kitchen-chef/metadata.rb +7 -7
data/examples/kitchen-chef/recipes/default.rb +6 -6
data/examples/kitchen-chef/recipes/nginx.rb +30 -30
data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -28
data/examples/kitchen-puppet/.kitchen.yml +22 -22
data/examples/kitchen-puppet/Gemfile +20 -20
data/examples/kitchen-puppet/Puppetfile +25 -25
data/examples/kitchen-puppet/README.md +53 -53
data/examples/kitchen-puppet/manifests/site.pp +33 -33
data/examples/kitchen-puppet/metadata.json +11 -11
data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -28
data/examples/meta-profile/README.md +37 -37
data/examples/meta-profile/controls/example.rb +13 -13
data/examples/meta-profile/inspec.yml +13 -13
data/examples/profile-attribute.yml +2 -2
data/examples/profile-attribute/README.md +14 -14
data/examples/profile-attribute/controls/example.rb +11 -11
data/examples/profile-attribute/inspec.yml +8 -8
data/examples/profile-aws/controls/iam_password_policy_expiration.rb +8 -8
data/examples/profile-aws/controls/iam_password_policy_max_age.rb +8 -8
data/examples/profile-aws/controls/iam_root_user_mfa.rb +8 -8
data/examples/profile-aws/controls/iam_users_access_key_age.rb +8 -8
data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +8 -8
data/examples/profile-aws/inspec.yml +11 -11
data/examples/profile-azure/controls/azure_resource_group_example.rb +24 -24
data/examples/profile-azure/controls/azure_vm_example.rb +29 -29
data/examples/profile-azure/inspec.yml +11 -11
data/examples/profile-sensitive/README.md +29 -29
data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -9
data/examples/profile-sensitive/controls/sensitive.rb +9 -9
data/examples/profile-sensitive/inspec.yml +8 -8
data/examples/profile/README.md +48 -48
data/examples/profile/controls/example.rb +23 -23
data/examples/profile/controls/gordon.rb +36 -36
data/examples/profile/controls/meta.rb +34 -34
data/examples/profile/inspec.yml +10 -10
data/examples/profile/libraries/gordon_config.rb +53 -53
data/inspec.gemspec +47 -47
data/lib/bundles/README.md +3 -3
data/lib/bundles/inspec-artifact.rb +7 -7
data/lib/bundles/inspec-artifact/README.md +1 -1
data/lib/bundles/inspec-artifact/cli.rb +277 -277
data/lib/bundles/inspec-compliance.rb +16 -16
data/lib/bundles/inspec-compliance/.kitchen.yml +20 -20
data/lib/bundles/inspec-compliance/README.md +185 -185
data/lib/bundles/inspec-compliance/api.rb +316 -316
data/lib/bundles/inspec-compliance/api/login.rb +152 -152
data/lib/bundles/inspec-compliance/bootstrap.sh +41 -41
data/lib/bundles/inspec-compliance/cli.rb +254 -254
data/lib/bundles/inspec-compliance/configuration.rb +103 -103
data/lib/bundles/inspec-compliance/http.rb +86 -86
data/lib/bundles/inspec-compliance/support.rb +36 -36
data/lib/bundles/inspec-compliance/target.rb +98 -98
data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -93
data/lib/bundles/inspec-habitat.rb +12 -12
data/lib/bundles/inspec-habitat/cli.rb +36 -36
data/lib/bundles/inspec-habitat/log.rb +10 -10
data/lib/bundles/inspec-habitat/profile.rb +390 -390
data/lib/bundles/inspec-init.rb +8 -8
data/lib/bundles/inspec-init/README.md +31 -31
data/lib/bundles/inspec-init/cli.rb +97 -97
data/lib/bundles/inspec-init/templates/profile/README.md +3 -3
data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -19
data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -8
data/lib/bundles/inspec-supermarket.rb +13 -13
data/lib/bundles/inspec-supermarket/README.md +45 -45
data/lib/bundles/inspec-supermarket/api.rb +84 -84
data/lib/bundles/inspec-supermarket/cli.rb +73 -73
data/lib/bundles/inspec-supermarket/target.rb +34 -34
data/lib/fetchers/git.rb +163 -163
data/lib/fetchers/local.rb +74 -74
data/lib/fetchers/mock.rb +35 -35
data/lib/fetchers/url.rb +204 -204
data/lib/inspec.rb +24 -24
data/lib/inspec/archive/tar.rb +29 -29
data/lib/inspec/archive/zip.rb +19 -19
data/lib/inspec/backend.rb +92 -92
data/lib/inspec/base_cli.rb +350 -333
data/lib/inspec/cached_fetcher.rb +66 -66
data/lib/inspec/cli.rb +292 -302
data/lib/inspec/completions/bash.sh.erb +45 -45
data/lib/inspec/completions/fish.sh.erb +34 -34
data/lib/inspec/completions/zsh.sh.erb +61 -61
data/lib/inspec/control_eval_context.rb +179 -179
data/lib/inspec/dependencies/cache.rb +72 -72
data/lib/inspec/dependencies/dependency_set.rb +92 -92
data/lib/inspec/dependencies/lockfile.rb +115 -115
data/lib/inspec/dependencies/requirement.rb +123 -123
data/lib/inspec/dependencies/resolver.rb +86 -86
data/lib/inspec/describe.rb +27 -27
data/lib/inspec/dsl.rb +66 -66
data/lib/inspec/dsl_shared.rb +33 -33
data/lib/inspec/env_printer.rb +157 -157
data/lib/inspec/errors.rb +13 -13
data/lib/inspec/exceptions.rb +12 -12
data/lib/inspec/expect.rb +45 -45
data/lib/inspec/fetcher.rb +45 -45
data/lib/inspec/file_provider.rb +275 -275
data/lib/inspec/formatters.rb +3 -3
data/lib/inspec/formatters/base.rb +250 -250
data/lib/inspec/formatters/json_rspec.rb +20 -20
data/lib/inspec/formatters/show_progress.rb +12 -12
data/lib/inspec/library_eval_context.rb +58 -58
data/lib/inspec/log.rb +11 -11
data/lib/inspec/metadata.rb +247 -247
data/lib/inspec/method_source.rb +24 -24
data/lib/inspec/objects.rb +14 -14
data/lib/inspec/objects/attribute.rb +65 -65
data/lib/inspec/objects/control.rb +61 -61
data/lib/inspec/objects/describe.rb +92 -92
data/lib/inspec/objects/each_loop.rb +36 -36
data/lib/inspec/objects/list.rb +15 -15
data/lib/inspec/objects/or_test.rb +40 -40
data/lib/inspec/objects/ruby_helper.rb +15 -15
data/lib/inspec/objects/tag.rb +27 -27
data/lib/inspec/objects/test.rb +87 -87
data/lib/inspec/objects/value.rb +27 -27
data/lib/inspec/plugins.rb +60 -60
data/lib/inspec/plugins/cli.rb +24 -24
data/lib/inspec/plugins/fetcher.rb +86 -86
data/lib/inspec/plugins/resource.rb +133 -133
data/lib/inspec/plugins/secret.rb +15 -15
data/lib/inspec/plugins/source_reader.rb +40 -40
data/lib/inspec/polyfill.rb +12 -12
data/lib/inspec/profile.rb +510 -510
data/lib/inspec/profile_context.rb +207 -207
data/lib/inspec/profile_vendor.rb +66 -66
data/lib/inspec/reporters.rb +50 -50
data/lib/inspec/reporters/base.rb +24 -24
data/lib/inspec/reporters/cli.rb +356 -356
data/lib/inspec/reporters/json.rb +116 -116
data/lib/inspec/reporters/json_min.rb +48 -48
data/lib/inspec/reporters/junit.rb +77 -77
data/lib/inspec/require_loader.rb +33 -33
data/lib/inspec/resource.rb +186 -186
data/lib/inspec/rule.rb +266 -266
data/lib/inspec/runner.rb +344 -344
data/lib/inspec/runner_mock.rb +41 -41
data/lib/inspec/runner_rspec.rb +174 -174
data/lib/inspec/runtime_profile.rb +26 -26
data/lib/inspec/schema.rb +213 -213
data/lib/inspec/secrets.rb +19 -19
data/lib/inspec/secrets/yaml.rb +30 -30
data/lib/inspec/shell.rb +220 -223
data/lib/inspec/shell_detector.rb +90 -90
data/lib/inspec/source_reader.rb +29 -29
data/lib/inspec/version.rb +8 -8
data/lib/matchers/matchers.rb +339 -339
data/lib/resource_support/aws.rb +40 -40
data/lib/resource_support/aws/aws_backend_base.rb +12 -12
data/lib/resource_support/aws/aws_backend_factory_mixin.rb +12 -12
data/lib/resource_support/aws/aws_plural_resource_mixin.rb +21 -21
data/lib/resource_support/aws/aws_resource_mixin.rb +66 -66
data/lib/resource_support/aws/aws_singular_resource_mixin.rb +24 -24
data/lib/resources/aide_conf.rb +160 -160
data/lib/resources/apache.rb +48 -48
data/lib/resources/apache_conf.rb +156 -156
data/lib/resources/apt.rb +149 -149
data/lib/resources/audit_policy.rb +63 -63
data/lib/resources/auditd.rb +231 -231
data/lib/resources/auditd_conf.rb +55 -55
data/lib/resources/aws/aws_cloudtrail_trail.rb +77 -77
data/lib/resources/aws/aws_cloudtrail_trails.rb +47 -47
data/lib/resources/aws/aws_cloudwatch_alarm.rb +62 -62
data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +100 -100
data/lib/resources/aws/aws_ec2_instance.rb +157 -157
data/lib/resources/aws/aws_iam_access_key.rb +106 -106
data/lib/resources/aws/aws_iam_access_keys.rb +144 -144
data/lib/resources/aws/aws_iam_group.rb +56 -56
data/lib/resources/aws/aws_iam_groups.rb +45 -45
data/lib/resources/aws/aws_iam_password_policy.rb +116 -116
data/lib/resources/aws/aws_iam_policies.rb +46 -46
data/lib/resources/aws/aws_iam_policy.rb +119 -119
data/lib/resources/aws/aws_iam_role.rb +51 -51
data/lib/resources/aws/aws_iam_root_user.rb +60 -60
data/lib/resources/aws/aws_iam_user.rb +111 -111
data/lib/resources/aws/aws_iam_users.rb +96 -96
data/lib/resources/aws/aws_kms_keys.rb +46 -46
data/lib/resources/aws/aws_route_table.rb +61 -61
data/lib/resources/aws/aws_s3_bucket.rb +115 -115
data/lib/resources/aws/aws_security_group.rb +93 -93
data/lib/resources/aws/aws_security_groups.rb +68 -68
data/lib/resources/aws/aws_sns_topic.rb +53 -53
data/lib/resources/aws/aws_subnet.rb +88 -88
data/lib/resources/aws/aws_subnets.rb +53 -53
data/lib/resources/aws/aws_vpc.rb +69 -69
data/lib/resources/aws/aws_vpcs.rb +45 -45
data/lib/resources/azure/azure_backend.rb +377 -377
data/lib/resources/azure/azure_generic_resource.rb +59 -59
data/lib/resources/azure/azure_resource_group.rb +152 -152
data/lib/resources/azure/azure_virtual_machine.rb +264 -264
data/lib/resources/azure/azure_virtual_machine_data_disk.rb +136 -136
data/lib/resources/bash.rb +35 -35
data/lib/resources/bond.rb +68 -68
data/lib/resources/bridge.rb +122 -122
data/lib/resources/command.rb +69 -69
data/lib/resources/cpan.rb +58 -58
data/lib/resources/cran.rb +64 -64
data/lib/resources/crontab.rb +170 -170
data/lib/resources/csv.rb +60 -60
data/lib/resources/dh_params.rb +82 -82
data/lib/resources/directory.rb +25 -25
data/lib/resources/docker.rb +236 -236
data/lib/resources/docker_container.rb +89 -89
data/lib/resources/docker_image.rb +83 -83
data/lib/resources/docker_object.rb +57 -57
data/lib/resources/docker_service.rb +90 -90
data/lib/resources/elasticsearch.rb +169 -169
data/lib/resources/etc_fstab.rb +102 -102
data/lib/resources/etc_group.rb +156 -156
data/lib/resources/etc_hosts.rb +81 -81
data/lib/resources/etc_hosts_allow_deny.rb +123 -123
data/lib/resources/file.rb +298 -298
data/lib/resources/filesystem.rb +31 -31
data/lib/resources/firewalld.rb +144 -144
data/lib/resources/gem.rb +70 -70
data/lib/resources/groups.rb +215 -215
data/lib/resources/grub_conf.rb +237 -237
data/lib/resources/host.rb +300 -300
data/lib/resources/http.rb +250 -250
data/lib/resources/iis_app.rb +104 -104
data/lib/resources/iis_site.rb +148 -148
data/lib/resources/inetd_conf.rb +62 -62
data/lib/resources/ini.rb +29 -29
data/lib/resources/interface.rb +129 -129
data/lib/resources/iptables.rb +69 -69
data/lib/resources/json.rb +117 -117
data/lib/resources/kernel_module.rb +107 -107
data/lib/resources/kernel_parameter.rb +58 -58
data/lib/resources/key_rsa.rb +67 -67
data/lib/resources/limits_conf.rb +55 -55
data/lib/resources/login_def.rb +66 -66
data/lib/resources/mount.rb +88 -88
data/lib/resources/mssql_session.rb +101 -101
data/lib/resources/mysql.rb +81 -81
data/lib/resources/mysql_conf.rb +134 -134
data/lib/resources/mysql_session.rb +71 -71
data/lib/resources/nginx.rb +96 -96
data/lib/resources/nginx_conf.rb +227 -227
data/lib/resources/npm.rb +48 -48
data/lib/resources/ntp_conf.rb +58 -58
data/lib/resources/oneget.rb +71 -71
data/lib/resources/oracledb_session.rb +139 -139
data/lib/resources/os.rb +36 -36
data/lib/resources/os_env.rb +76 -76
data/lib/resources/package.rb +363 -363
data/lib/resources/packages.rb +111 -111
data/lib/resources/parse_config.rb +116 -116
data/lib/resources/passwd.rb +74 -74
data/lib/resources/pip.rb +89 -89
data/lib/resources/platform.rb +109 -109
data/lib/resources/port.rb +771 -771
data/lib/resources/postgres.rb +130 -130
data/lib/resources/postgres_conf.rb +121 -121
data/lib/resources/postgres_hba_conf.rb +100 -100
data/lib/resources/postgres_ident_conf.rb +78 -78
data/lib/resources/postgres_session.rb +71 -71
data/lib/resources/powershell.rb +57 -57
data/lib/resources/processes.rb +204 -204
data/lib/resources/rabbitmq_conf.rb +52 -52
data/lib/resources/registry_key.rb +296 -296
data/lib/resources/security_policy.rb +180 -180
data/lib/resources/service.rb +789 -789
data/lib/resources/shadow.rb +140 -140
data/lib/resources/ssh_conf.rb +102 -102
data/lib/resources/ssl.rb +99 -99
data/lib/resources/sys_info.rb +28 -28
data/lib/resources/toml.rb +32 -32
data/lib/resources/users.rb +654 -654
data/lib/resources/vbscript.rb +69 -69
data/lib/resources/virtualization.rb +251 -251
data/lib/resources/windows_feature.rb +84 -84
data/lib/resources/windows_hotfix.rb +35 -35
data/lib/resources/windows_task.rb +105 -105
data/lib/resources/wmi.rb +113 -113
data/lib/resources/x509_certificate.rb +143 -143
data/lib/resources/xinetd.rb +111 -111
data/lib/resources/xml.rb +46 -46
data/lib/resources/yaml.rb +47 -47
data/lib/resources/yum.rb +180 -180
data/lib/resources/zfs_dataset.rb +60 -60
data/lib/resources/zfs_pool.rb +49 -49
data/lib/source_readers/flat.rb +39 -39
data/lib/source_readers/inspec.rb +75 -75
data/lib/utils/command_wrapper.rb +27 -27
data/lib/utils/convert.rb +12 -12
data/lib/utils/database_helpers.rb +77 -77
data/lib/utils/erlang_parser.rb +192 -192
data/lib/utils/filter.rb +272 -272
data/lib/utils/filter_array.rb +27 -27
data/lib/utils/find_files.rb +44 -44
data/lib/utils/hash.rb +41 -41
data/lib/utils/json_log.rb +18 -18
data/lib/utils/latest_version.rb +22 -22
data/lib/utils/modulator.rb +12 -12
data/lib/utils/nginx_parser.rb +85 -85
data/lib/utils/object_traversal.rb +49 -49
data/lib/utils/parser.rb +274 -274
data/lib/utils/plugin_registry.rb +93 -93
data/lib/utils/simpleconfig.rb +120 -120
data/lib/utils/spdx.rb +13 -13
data/lib/utils/spdx.txt +343 -343
metadata +1 -1

data/docs/resources/docker_image.md.erb CHANGED

@@ -1,94 +1,94 @@
----
-title: About the docker_image Resource
-platform: linux
----
-# docker_image
-Use the `docker_image` InSpec audit resource to verify a docker image.
-<br>
-## Syntax
-A `docker_image` resource block declares the image:
-    describe docker_image('alpine:latest') do
-      it { should exist }
-      its('id') { should eq 'sha256:4a415e...a526' }
-      its('repo') { should eq 'alpine' }
-      its('tag') { should eq 'latest' }
-    end
-<br>
-## Resource Parameter Examples
-The resource allows you to pass in an image id:
-    describe docker_image(id: alpine_id) do
-      ...
-    end
-If the tag is missing for an image, `latest` is assumed as default:
-    describe docker_image('alpine') do
-      ...
-    end
-You can also pass in repository and tag as separate values
-    describe docker_image(repo: 'alpine', tag: 'latest') do
-      ...
-    end
-<br>
-## Property Examples
-### id
-The `id` property returns the full image id:
-    its('id') { should eq 'sha256:4a415e3663882fbc554ee830889c68a33b3585503892cc718a4698e91ef2a526' }
-### image
-The `image` property tests the value of the image. It is a combination of `repository/tag`:
-    its('image') { should eq 'alpine:latest' }
-### repo
-The `repo` property tests the value of the repository name:
-    its('repo') { should eq 'alpine' }
-### tag
-The `tag` property tests the value of image tag:
-    its('tag') { should eq 'latest' }
-### Test a docker image
-    describe docker_image('alpine:latest') do
-      it { should exist }
-      its('id') { should eq 'sha256:4a415e...a526' }
-      its('image') { should eq 'alpine:latest' }
-      its('repo') { should eq 'alpine' }
-      its('tag') { should eq 'latest' }
-    end
-<br>
-## Matchers
-For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-### exist
-The `exist` matcher tests if the image is available on the node:
-    it { should exist }
+---
+title: About the docker_image Resource
+platform: linux
+---
+# docker_image
+Use the `docker_image` InSpec audit resource to verify a docker image.
+<br>
+## Syntax
+A `docker_image` resource block declares the image:
+    describe docker_image('alpine:latest') do
+      it { should exist }
+      its('id') { should eq 'sha256:4a415e...a526' }
+      its('repo') { should eq 'alpine' }
+      its('tag') { should eq 'latest' }
+    end
+<br>
+## Resource Parameter Examples
+The resource allows you to pass in an image id:
+    describe docker_image(id: alpine_id) do
+      ...
+    end
+If the tag is missing for an image, `latest` is assumed as default:
+    describe docker_image('alpine') do
+      ...
+    end
+You can also pass in repository and tag as separate values
+    describe docker_image(repo: 'alpine', tag: 'latest') do
+      ...
+    end
+<br>
+## Property Examples
+### id
+The `id` property returns the full image id:
+    its('id') { should eq 'sha256:4a415e3663882fbc554ee830889c68a33b3585503892cc718a4698e91ef2a526' }
+### image
+The `image` property tests the value of the image. It is a combination of `repository/tag`:
+    its('image') { should eq 'alpine:latest' }
+### repo
+The `repo` property tests the value of the repository name:
+    its('repo') { should eq 'alpine' }
+### tag
+The `tag` property tests the value of image tag:
+    its('tag') { should eq 'latest' }
+### Test a docker image
+    describe docker_image('alpine:latest') do
+      it { should exist }
+      its('id') { should eq 'sha256:4a415e...a526' }
+      its('image') { should eq 'alpine:latest' }
+      its('repo') { should eq 'alpine' }
+      its('tag') { should eq 'latest' }
+    end
+<br>
+## Matchers
+For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+### exist
+The `exist` matcher tests if the image is available on the node:
+    it { should exist }

data/docs/resources/docker_service.md.erb CHANGED

@@ -1,114 +1,114 @@
----
-title: About the docker_service Resource
-platform: linux
----
-# docker_service
-Use the `docker_service` InSpec audit resource to verify a docker swarm service.
-<br>
-## Syntax
-A `docker_service` resource block declares the service by name:
-    describe docker_service('foo') do
-      it { should exist }
-      its('id') { should eq '2ghswegspre1' }
-      its('repo') { should eq 'alpine' }
-      its('tag') { should eq 'latest' }
-    end
-<br>
-## Resource Parameter Examples
-The resource allows you to pass in a service id:
-    describe docker_service(id: '2ghswegspre1') do
-      ...
-    end
-You can also pass in the fully-qualified image:
-    describe docker_service(image: 'localhost:5000/alpine:latest') do
-      ...
-    end
-<br>
-## Property Examples
-The following examples show how to use InSpec `docker_service` resource.
-### id
-The `id` property returns the service id:
-    its('id') { should eq '2ghswegspre1' }
-### image
-The `image` property tests the value of the image. It is a combination of `repository:tag`:
-    its('image') { should eq 'alpine:latest' }
-### mode
-The `mode` property tests the value of the service mode:
-    its('mode') { should eq 'replicated' }
-### name
-The `name` property tests the value of the service name:
-    its('name') { should eq 'foo' }
-### ports
-The `ports` property tests the value of the service's published ports:
-    its('ports') { should include '*:8000->8000/tcp' }
-### repo
-The `repo` property tests the value of the repository name:
-    its('repo') { should eq 'alpine' }
-### replicas
-The `replicas` property tests the value of the service's replica count:
-    its('replicas') { should eq '3/3' }
-### tag
-The `tag` property tests the value of image tag:
-    its('tag') { should eq 'latest' }
-### Test a docker service
-    describe docker_service('foo') do
-      it { should exist }
-      its('id') { should eq '2ghswegspre1' }
-      its('repo') { should eq 'alpine' }
-      its('tag') { should eq 'latest' }
-    end
-<br>
-## Matchers
-For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
-### exist
-The `exist` matcher tests if the image is available on the node:
-    it { should exist }
+---
+title: About the docker_service Resource
+platform: linux
+---
+# docker_service
+Use the `docker_service` InSpec audit resource to verify a docker swarm service.
+<br>
+## Syntax
+A `docker_service` resource block declares the service by name:
+    describe docker_service('foo') do
+      it { should exist }
+      its('id') { should eq '2ghswegspre1' }
+      its('repo') { should eq 'alpine' }
+      its('tag') { should eq 'latest' }
+    end
+<br>
+## Resource Parameter Examples
+The resource allows you to pass in a service id:
+    describe docker_service(id: '2ghswegspre1') do
+      ...
+    end
+You can also pass in the fully-qualified image:
+    describe docker_service(image: 'localhost:5000/alpine:latest') do
+      ...
+    end
+<br>
+## Property Examples
+The following examples show how to use InSpec `docker_service` resource.
+### id
+The `id` property returns the service id:
+    its('id') { should eq '2ghswegspre1' }
+### image
+The `image` property tests the value of the image. It is a combination of `repository:tag`:
+    its('image') { should eq 'alpine:latest' }
+### mode
+The `mode` property tests the value of the service mode:
+    its('mode') { should eq 'replicated' }
+### name
+The `name` property tests the value of the service name:
+    its('name') { should eq 'foo' }
+### ports
+The `ports` property tests the value of the service's published ports:
+    its('ports') { should include '*:8000->8000/tcp' }
+### repo
+The `repo` property tests the value of the repository name:
+    its('repo') { should eq 'alpine' }
+### replicas
+The `replicas` property tests the value of the service's replica count:
+    its('replicas') { should eq '3/3' }
+### tag
+The `tag` property tests the value of image tag:
+    its('tag') { should eq 'latest' }
+### Test a docker service
+    describe docker_service('foo') do
+      it { should exist }
+      its('id') { should eq '2ghswegspre1' }
+      its('repo') { should eq 'alpine' }
+      its('tag') { should eq 'latest' }
+    end
+<br>
+## Matchers
+For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+### exist
+The `exist` matcher tests if the image is available on the node:
+    it { should exist }

data/docs/resources/elasticsearch.md.erb CHANGED

@@ -1,242 +1,242 @@
----
-title: About the Elasticsearch Resource
-platform: linux
----
-# elasticsearch
-Use the  `elasticsearch` resource to test the status of a node against a running
-Elasticsearch cluster. InSpec retrieves the node list from the cluster node URL
-provided (defaults to `http://localhost:9200`) and provides the ability to query
-a variety of settings and statuses.
-<br>
-## Syntax
-    describe elasticsearch do
-      its('property') { should cmp 'value' }
-    end
-<br>
-## Supported Resource parameters
-The `elasticsearch` resource accepts a number of optional resource parameters:
- * `url`: the top-level URL of an Elasticsearch node in the cluster. If your Elasticsearch installation is not served out of the top-level directory at the host, be sure to specific the full URL; for example: `http://my-load-balancer/elasticsearch`. Default: `http://localhost:9200`
- * `username`: a username to use to log in with HTTP-Basic authentication. If `username` is provided, a `password` must also be provided.
- * `password`: a password to use to log in with HTTP-Basic authentication. If `password` is provided, a `username` must also be provided.
- * `ssl_verify`: if `false`, SSL certificate validation will be disabled. Default: `true`
-In addition, the `elasticsearch` resource allows for filtering the nodes returned by property before executing the tests:
-    describe elasticsearch.where { node_name == 'one-off-node' } do
-      its('version') { should eq '1.2.3' }
-    end
-    describe elasticsearch.where { process.mlockall == false } do
-      its('count') { should cmp 0 }
-    end
-To simply check if nodes exist that match the criteria, use the `exist` matcher:
-    describe elasticsearch.where { cluster_name == 'my_cluster' } do
-      it { should exist }
-    end
-<br>
-## Properties
-The following properties are provided:
-* build\_hash cluster\_name, host, http, ingest, ip, jvm, module\_list, modules, node\_name, node\_id, os, plugin\_list, plugins, process, roles, settings, total\_indexing\_buffer, transport, transport\_address, version
-Since the `elasticsearch` resource is meant for use on a cluster, each property will return an array of the values for each node that matches any provided search criteria. Using InSpec's `cmp` matcher helps avoid issues when comparing values when there is only a single match (i.e. when the cluster only contains a single node, or the `where` filter criteria provided only returns a single node).
-<br>
-## Property Examples
-### build_hash
-Returns the build hash for each of the nodes.
-    describe elasticsearch do
-      its('build_hash') { should cmp 'b2f0c09' }
-    end
-### cluster_name
-Returns the cluster names of each of the nodes.
-    describe elasticsearch do
-      its('cluster_name') { should cmp 'my_cluster' }
-    end
-### host
-Returns the hostname of each of the nodes. This may return an IP address, if the node is improperly performing DNS resolution or has no hostname set.
-    describe elasticsearch do
-      its('host') { should cmp 'my.hostname.mycompany.biz' }
-    end
-### http
-Returns a hash of HTTP-related settings for each of the nodes. In this example, the `first` method is used to grab only the first node's HTTP-related info and is a way of removing the item from the Array if only one node is being queried.
-    describe elasticsearch do
-      its('http.first.max_content_length_in_bytes') { should cmp 123456 }
-    end
-### ingest
-Returns ingest-related settings and capabilities, such as available processors.
-    describe elasticsearch do
-      its('ingest.first.processors.count') { should be >= 1 }
-    end
-### ip
-Returns the IP address of each of the nodes.
-    describe elasticsearch do
-      its('ip') { should cmp '192.168.1.100' }
-    end
-### jvm
-Returns Java Virtual Machine related parameters for each of the nodes.
-    describe elasticsearch do
-      its('jvm.first.version') { should cmp '1.8.0_141' }
-    end
-### module_list
-Returns a list of enabled modules for each node in the cluster. For more additional information about each module, use the `modules` property.
-    describe elasticsearch do
-      its('module_list.first') { should include 'my_module' }
-    end
-### modules
-Returns detailed information about each enabled module for each node in the cluster. For a succint list of the names of each of the modules enabled, use the `module_list` property. This example uses additional Ruby to find a specific module and assert a value.
-    modules = elasticsearch.modules.first
-    lang_groovy_module = modules.find { |mod| mod.name == 'lang-groovy' }
-    describe 'lang-groovy module version' do
-      subject { lang_groovy_module }
-      its('version') { should cmp '5.5.2' }
-    end
-### node_name
-Returns the node name for each node in the cluster.
-    describe elasticsearch do
-      its('node_name') { should cmp 'node1' }
-    end
-### node_id
-Returns the node IDs of each of the nodes in the cluster.
-    describe elasticsearch do
-      its('node_id') { should include 'my_node_id' }
-    end
-### os
-Returns OS-related information about each node in the cluster.
-    describe elasticsearch do
-      its('os.first.arch') { should cmp 'amd64' }
-    end
-### plugin_list
-Returns a list of enabled plugins for each node in the cluster. For more additional information about each plugin, use the `plugins` property.
-    describe elasticsearch do
-      its('plugin_list.first') { should include 'my_plugin' }
-    end
-### plugins
-Returns detailed information about each enabled plugin for each node in the cluster. For a succint list of the names of each of the plugins enabled, use the `plugin_list` property. This example uses additional Ruby to find a specific plugin and assert a value.
-    plugins = elasticsearch.plugins.first
-    my_plugin = plugins.find { |plugin| plugin.name == 'my_plugin' }
-    describe 'my_plugin plugin version' do
-      subject { my_plugin }
-      its('version') { should cmp '1.2.3' }
-    end
-### process
-Returns process information for each node in the cluster, such as the process ID.
-    describe elasticsearch do
-      its('process.first.mlockall') { should cmp true }
-    end
-### roles
-Returns the role for each of the nodes in the cluster.
-    describe elasticsearch.where { node_name == 'my_master_node' } do
-      it { should include 'master' }
-    end
-### settings
-Returns all the configuration settings for each node in the cluster. These settings usually include those set in the elasticsearch.yml as well as those set via `-Des.` or `-E` flags at startup. Use the `inspec shell` to explore the various setting keys that are available.
-    describe elasticsearch do
-      its('settings.first.path.home') { should cmp '/usr/share/elasticsearch' }
-    end
-### total_indexing_buffer
-Returns the total indexing buffer for each node in the cluster.
-    describe elasticsearch do
-      its('total_indexing_buffer') { should cmp 123456 }
-    end
-### transport
-Returns transport-related settings for each node in the cluster, such as the bound and published addresses.
-    describe elasticsearch do
-      its('transport.first.bound_address') { should cmp '1.2.3.4:9200' }
-    end
-### transport_address
-Returns the bound transport address for each node in the cluster.
-    describe elasticsearch do
-      its('transport_address') { should cmp '1.2.3.4:9200' }
-    end
-### version
-Returns the version of Elasticsearch running on each node of the cluster.
-    describe elasticsearch do
-      its('version') { should cmp '5.5.2' }
-    end
-<br>
-## Matchers
-For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+---
+title: About the Elasticsearch Resource
+platform: linux
+---
+# elasticsearch
+Use the  `elasticsearch` resource to test the status of a node against a running
+Elasticsearch cluster. InSpec retrieves the node list from the cluster node URL
+provided (defaults to `http://localhost:9200`) and provides the ability to query
+a variety of settings and statuses.
+<br>
+## Syntax
+    describe elasticsearch do
+      its('property') { should cmp 'value' }
+    end
+<br>
+## Supported Resource parameters
+The `elasticsearch` resource accepts a number of optional resource parameters:
+ * `url`: the top-level URL of an Elasticsearch node in the cluster. If your Elasticsearch installation is not served out of the top-level directory at the host, be sure to specific the full URL; for example: `http://my-load-balancer/elasticsearch`. Default: `http://localhost:9200`
+ * `username`: a username to use to log in with HTTP-Basic authentication. If `username` is provided, a `password` must also be provided.
+ * `password`: a password to use to log in with HTTP-Basic authentication. If `password` is provided, a `username` must also be provided.
+ * `ssl_verify`: if `false`, SSL certificate validation will be disabled. Default: `true`
+In addition, the `elasticsearch` resource allows for filtering the nodes returned by property before executing the tests:
+    describe elasticsearch.where { node_name == 'one-off-node' } do
+      its('version') { should eq '1.2.3' }
+    end
+    describe elasticsearch.where { process.mlockall == false } do
+      its('count') { should cmp 0 }
+    end
+To simply check if nodes exist that match the criteria, use the `exist` matcher:
+    describe elasticsearch.where { cluster_name == 'my_cluster' } do
+      it { should exist }
+    end
+<br>
+## Properties
+The following properties are provided:
+* build\_hash cluster\_name, host, http, ingest, ip, jvm, module\_list, modules, node\_name, node\_id, os, plugin\_list, plugins, process, roles, settings, total\_indexing\_buffer, transport, transport\_address, version
+Since the `elasticsearch` resource is meant for use on a cluster, each property will return an array of the values for each node that matches any provided search criteria. Using InSpec's `cmp` matcher helps avoid issues when comparing values when there is only a single match (i.e. when the cluster only contains a single node, or the `where` filter criteria provided only returns a single node).
+<br>
+## Property Examples
+### build_hash
+Returns the build hash for each of the nodes.
+    describe elasticsearch do
+      its('build_hash') { should cmp 'b2f0c09' }
+    end
+### cluster_name
+Returns the cluster names of each of the nodes.
+    describe elasticsearch do
+      its('cluster_name') { should cmp 'my_cluster' }
+    end
+### host
+Returns the hostname of each of the nodes. This may return an IP address, if the node is improperly performing DNS resolution or has no hostname set.
+    describe elasticsearch do
+      its('host') { should cmp 'my.hostname.mycompany.biz' }
+    end
+### http
+Returns a hash of HTTP-related settings for each of the nodes. In this example, the `first` method is used to grab only the first node's HTTP-related info and is a way of removing the item from the Array if only one node is being queried.
+    describe elasticsearch do
+      its('http.first.max_content_length_in_bytes') { should cmp 123456 }
+    end
+### ingest
+Returns ingest-related settings and capabilities, such as available processors.
+    describe elasticsearch do
+      its('ingest.first.processors.count') { should be >= 1 }
+    end
+### ip
+Returns the IP address of each of the nodes.
+    describe elasticsearch do
+      its('ip') { should cmp '192.168.1.100' }
+    end
+### jvm
+Returns Java Virtual Machine related parameters for each of the nodes.
+    describe elasticsearch do
+      its('jvm.first.version') { should cmp '1.8.0_141' }
+    end
+### module_list
+Returns a list of enabled modules for each node in the cluster. For more additional information about each module, use the `modules` property.
+    describe elasticsearch do
+      its('module_list.first') { should include 'my_module' }
+    end
+### modules
+Returns detailed information about each enabled module for each node in the cluster. For a succint list of the names of each of the modules enabled, use the `module_list` property. This example uses additional Ruby to find a specific module and assert a value.
+    modules = elasticsearch.modules.first
+    lang_groovy_module = modules.find { |mod| mod.name == 'lang-groovy' }
+    describe 'lang-groovy module version' do
+      subject { lang_groovy_module }
+      its('version') { should cmp '5.5.2' }
+    end
+### node_name
+Returns the node name for each node in the cluster.
+    describe elasticsearch do
+      its('node_name') { should cmp 'node1' }
+    end
+### node_id
+Returns the node IDs of each of the nodes in the cluster.
+    describe elasticsearch do
+      its('node_id') { should include 'my_node_id' }
+    end
+### os
+Returns OS-related information about each node in the cluster.
+    describe elasticsearch do
+      its('os.first.arch') { should cmp 'amd64' }
+    end
+### plugin_list
+Returns a list of enabled plugins for each node in the cluster. For more additional information about each plugin, use the `plugins` property.
+    describe elasticsearch do
+      its('plugin_list.first') { should include 'my_plugin' }
+    end
+### plugins
+Returns detailed information about each enabled plugin for each node in the cluster. For a succint list of the names of each of the plugins enabled, use the `plugin_list` property. This example uses additional Ruby to find a specific plugin and assert a value.
+    plugins = elasticsearch.plugins.first
+    my_plugin = plugins.find { |plugin| plugin.name == 'my_plugin' }
+    describe 'my_plugin plugin version' do
+      subject { my_plugin }
+      its('version') { should cmp '1.2.3' }
+    end
+### process
+Returns process information for each node in the cluster, such as the process ID.
+    describe elasticsearch do
+      its('process.first.mlockall') { should cmp true }
+    end
+### roles
+Returns the role for each of the nodes in the cluster.
+    describe elasticsearch.where { node_name == 'my_master_node' } do
+      it { should include 'master' }
+    end
+### settings
+Returns all the configuration settings for each node in the cluster. These settings usually include those set in the elasticsearch.yml as well as those set via `-Des.` or `-E` flags at startup. Use the `inspec shell` to explore the various setting keys that are available.
+    describe elasticsearch do
+      its('settings.first.path.home') { should cmp '/usr/share/elasticsearch' }
+    end
+### total_indexing_buffer
+Returns the total indexing buffer for each node in the cluster.
+    describe elasticsearch do
+      its('total_indexing_buffer') { should cmp 123456 }
+    end
+### transport
+Returns transport-related settings for each node in the cluster, such as the bound and published addresses.
+    describe elasticsearch do
+      its('transport.first.bound_address') { should cmp '1.2.3.4:9200' }
+    end
+### transport_address
+Returns the bound transport address for each node in the cluster.
+    describe elasticsearch do
+      its('transport_address') { should cmp '1.2.3.4:9200' }
+    end
+### version
+Returns the version of Elasticsearch running on each node of the cluster.
+    describe elasticsearch do
+      its('version') { should cmp '5.5.2' }
+    end
+<br>
+## Matchers
+For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).