inspec 2.0.17 → 2.0.32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -43,7 +43,7 @@ module Inspec
43
43
  Inspec::Resource.registry
44
44
  end
45
45
 
46
- def __register(name, obj) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
46
+ def __register(name, obj) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
47
47
  cl = Class.new(obj) do # rubocop:disable Metrics/BlockLength
48
48
  attr_reader :resource_exception_message
49
49
 
@@ -59,12 +59,9 @@ module Inspec
59
59
  # check resource supports
60
60
  supported = true
61
61
  supported = check_supports unless @supports.nil?
62
- if defined?(Train::Transports::Mock::Connection) && backend.backend.class == Train::Transports::Mock::Connection
63
- # do not exit out for tests
64
- elsif supported == false
65
- # do not run resource initalize if we are unsupported
66
- return
67
- end
62
+ test_backend = defined?(Train::Transports::Mock::Connection) && backend.backend.class == Train::Transports::Mock::Connection
63
+ # do not return if we are supported, or for tests
64
+ return unless supported || test_backend
68
65
 
69
66
  # call the resource initializer
70
67
  begin
@@ -73,6 +70,11 @@ module Inspec
73
70
  skip_resource(e.message)
74
71
  rescue Inspec::Exceptions::ResourceFailed => e
75
72
  fail_resource(e.message)
73
+ rescue NoMethodError => e
74
+ # The new platform resources have methods generated on the fly
75
+ # for inspec check to work we need to skip these train errors
76
+ raise unless test_backend && e.receiver.class == Train::Transports::Mock::Connection
77
+ skip_resource(e.message)
76
78
  end
77
79
  end
78
80
 
data/lib/inspec/runner.rb CHANGED
@@ -129,8 +129,9 @@ module Inspec
129
129
  end
130
130
 
131
131
  def run_tests(with = nil)
132
- run_data = @test_collector.run(with)
133
- render_output(run_data)
132
+ @run_data = @test_collector.run(with)
133
+ # dont output anything if we want a report
134
+ render_output(@run_data) unless @conf['report']
134
135
  @test_collector.exit_code
135
136
  end
136
137
 
@@ -82,6 +82,7 @@ module Inspec
82
82
  #
83
83
  # @return [int] exit code
84
84
  def exit_code
85
+ return @rspec_exit_code if @formatter.results.empty?
85
86
  stats = @formatter.results[:statistics][:controls]
86
87
  if stats[:failed][:total] == 0 && stats[:skipped][:total] == 0
87
88
  0
@@ -4,5 +4,5 @@
4
4
  # author: Christoph Hartmann
5
5
 
6
6
  module Inspec
7
- VERSION = '2.0.17'
7
+ VERSION = '2.0.32'
8
8
  end
@@ -16,6 +16,7 @@ require 'resources/aws/aws_cloudtrail_trail'
16
16
  require 'resources/aws/aws_cloudtrail_trails'
17
17
  require 'resources/aws/aws_cloudwatch_alarm'
18
18
  require 'resources/aws/aws_cloudwatch_log_metric_filter'
19
+ require 'resources/aws/aws_config_recorder'
19
20
  require 'resources/aws/aws_ec2_instance'
20
21
  require 'resources/aws/aws_iam_access_key'
21
22
  require 'resources/aws/aws_iam_access_keys'
@@ -0,0 +1,98 @@
1
+ class AwsConfigurationRecorder < Inspec.resource(1)
2
+ name 'aws_config_recorder'
3
+ desc 'Verifies settings for AWS Configuration Recorder'
4
+ example "
5
+ describe aws_config_recorder('My_Recorder') do
6
+ it { should exist }
7
+ it { should be_recording }
8
+ it { should be_all_supported }
9
+ it { should have_include_global_resource_types }
10
+ end
11
+ "
12
+ supports platform: 'aws'
13
+
14
+ include AwsSingularResourceMixin
15
+ attr_reader :role_arn, :resource_types, :recorder_name, :resp
16
+
17
+ def to_s
18
+ "Configuration_Recorder: #{@recorder_name}"
19
+ end
20
+
21
+ def recording_all_resource_types?
22
+ @recording_all_resource_types
23
+ end
24
+
25
+ def recording_all_global_types?
26
+ @recording_all_global_types
27
+ end
28
+
29
+ def status
30
+ return unless @exists
31
+ backend = BackendFactory.create(inspec_runner)
32
+ catch_aws_errors do
33
+ @resp = backend.describe_configuration_recorder_status(@query)
34
+ @status = @resp.configuration_recorders_status.first.to_h
35
+ end
36
+ end
37
+
38
+ def recording?
39
+ return unless @exists
40
+ status[:recording]
41
+ end
42
+
43
+ private
44
+
45
+ def validate_params(raw_params)
46
+ validated_params = check_resource_param_names(
47
+ raw_params: raw_params,
48
+ allowed_params: [:recorder_name],
49
+ allowed_scalar_name: :recorder_name,
50
+ allowed_scalar_type: String,
51
+ )
52
+
53
+ # Must give it a recorder_name
54
+ if validated_params[:recorder_name].nil?
55
+ raise ArgumentError, 'You must provide recorder_name to aws_config_recorder'
56
+ end
57
+
58
+ validated_params
59
+ end
60
+
61
+ def fetch_from_api
62
+ backend = BackendFactory.create(inspec_runner)
63
+ @query = { configuration_recorder_names: [@recorder_name] }
64
+
65
+ catch_aws_errors do
66
+ begin
67
+ @resp = backend.describe_configuration_recorders(@query)
68
+ rescue Aws::ConfigService::Errors::NoSuchConfigurationRecorderException
69
+ @exists = false
70
+ return
71
+ end
72
+ @exists = !@resp.empty?
73
+ return unless @exists
74
+
75
+ @recorder = @resp.configuration_recorders.first.to_h
76
+ @recorder_name = @recorder[:name]
77
+ @role_arn = @recorder[:role_arn]
78
+ @recording_all_resource_types = @recorder[:recording_group][:all_supported]
79
+ @recording_all_global_types = @recorder[:recording_group][:include_global_resource_types]
80
+ @resource_types = @recorder[:recording_group][:resource_types]
81
+ end
82
+ end
83
+
84
+ class Backend
85
+ class AwsClientApi < AwsBackendBase
86
+ BackendFactory.set_default_backend(self)
87
+ self.aws_client_class = Aws::ConfigService::Client
88
+
89
+ def describe_configuration_recorders(query)
90
+ aws_service_client.describe_configuration_recorders(query)
91
+ end
92
+
93
+ def describe_configuration_recorder_status(query)
94
+ aws_service_client.describe_configuration_recorder_status(query)
95
+ end
96
+ end
97
+ end
98
+ end
@@ -137,7 +137,7 @@ module Inspec::Resources
137
137
  conn.options.timeout = read_timeout # open/read timeout in seconds
138
138
  conn.options.open_timeout = open_timeout # connection open timeout in seconds
139
139
 
140
- @response = conn.send(http_method.downcase) do |req|
140
+ @response = conn.run_request(http_method.downcase.to_sym, nil, nil, nil) do |req|
141
141
  req.body = request_body
142
142
  end
143
143
  end
@@ -194,9 +194,16 @@ module Inspec::Resources
194
194
  def info(package_name)
195
195
  brew_path = inspec.command('brew').exist? ? 'brew' : '/usr/local/bin/brew'
196
196
  cmd = inspec.command("#{brew_path} info --json=v1 #{package_name}")
197
+
198
+ # If no available formula exists, then `brew` will exit non-zero
197
199
  return {} if cmd.exit_status.to_i != 0
198
- # parse data
200
+
199
201
  pkg = JSON.parse(cmd.stdout)[0]
202
+
203
+ # If package exists but is not installed, then `brew` output will not
204
+ # contain `pkg['installed'][0]['version']
205
+ return {} unless pkg.dig('installed', 0, 'version')
206
+
200
207
  {
201
208
  name: pkg['name'],
202
209
  installed: true,
@@ -97,7 +97,7 @@ module Inspec::Resources
97
97
 
98
98
  class PConfigFile < PConfig
99
99
  name 'parse_config_file'
100
- desc 'Use the parse_config_file InSpec audit resource to test arbitrary configuration files. It works identiacal to parse_config. Instead of using a command output, this resource works with files.'
100
+ desc 'Use the parse_config_file InSpec resource to test arbitrary configuration files. It works identically to parse_config. Instead of using a command output, this resource works with files.'
101
101
  example "
102
102
  describe parse_config_file('/path/to/file') do
103
103
  its('setting') { should eq 1 }
@@ -5,7 +5,7 @@ require 'hashie/mash'
5
5
  module Inspec::Resources
6
6
  class Virtualization < Inspec.resource(1)
7
7
  name 'virtualization'
8
- supports platform: 'unix'
8
+ supports platform: 'linux'
9
9
  desc 'Use the virtualization InSpec audit resource to test the virtualization platform on which the system is running'
10
10
  example "
11
11
  describe virtualization do
@@ -25,11 +25,8 @@ module Inspec::Resources
25
25
  "
26
26
 
27
27
  def initialize
28
- unless inspec.os.linux?
29
- skip_resource 'The `virtualization` resource is not supported on your OS yet.'
30
- else
31
- collect_data_linux
32
- end
28
+ @virtualization_data = Hashie::Mash.new
29
+ collect_data_linux
33
30
  end
34
31
 
35
32
  # add helper methods for easy access of properties
@@ -229,8 +226,7 @@ module Inspec::Resources
229
226
  end
230
227
 
231
228
  def collect_data_linux # rubocop:disable Metrics/PerceivedComplexity, Metrics/CyclomaticComplexity
232
- # cache data in an instance var to avoid doing multiple detections for a single test
233
- @virtualization_data ||= Hashie::Mash.new
229
+ # This avoids doing multiple detections in a single test
234
230
  return unless @virtualization_data.empty?
235
231
 
236
232
  # each detect method will return true if it matched and was successfully
@@ -10,7 +10,7 @@ module DatabaseHelper
10
10
  end
11
11
 
12
12
  def value
13
- @row[@name.downcase]
13
+ @row.nil? ? '' : @row[@name.downcase]
14
14
  end
15
15
 
16
16
  def to_s
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: inspec
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.17
4
+ version: 2.0.32
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dominik Richter
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-02-20 00:00:00.000000000 Z
11
+ date: 2018-03-01 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: train
@@ -312,6 +312,7 @@ files:
312
312
  - docs/resources/aws_cloudtrail_trails.md.erb
313
313
  - docs/resources/aws_cloudwatch_alarm.md.erb
314
314
  - docs/resources/aws_cloudwatch_log_metric_filter.md.erb
315
+ - docs/resources/aws_config_recorder.md.erb
315
316
  - docs/resources/aws_ec2_instance.md.erb
316
317
  - docs/resources/aws_iam_access_key.md.erb
317
318
  - docs/resources/aws_iam_access_keys.md.erb
@@ -622,6 +623,7 @@ files:
622
623
  - lib/resources/aws/aws_cloudtrail_trails.rb
623
624
  - lib/resources/aws/aws_cloudwatch_alarm.rb
624
625
  - lib/resources/aws/aws_cloudwatch_log_metric_filter.rb
626
+ - lib/resources/aws/aws_config_recorder.rb
625
627
  - lib/resources/aws/aws_ec2_instance.rb
626
628
  - lib/resources/aws/aws_iam_access_key.rb
627
629
  - lib/resources/aws/aws_iam_access_keys.rb