inspec 2.0.17 → 2.0.32

data/lib/inspec/plugins/resource.rb

@@ -43,7 +43,7 @@ module Inspec
       Inspec::Resource.registry
     end
 
-    def __register(name, obj) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
+    def __register(name, obj) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
       cl = Class.new(obj) do # rubocop:disable Metrics/BlockLength
         attr_reader :resource_exception_message
 
@@ -59,12 +59,9 @@ module Inspec
           # check resource supports
           supported = true
           supported = check_supports unless @supports.nil?
-          if defined?(Train::Transports::Mock::Connection) && backend.backend.class == Train::Transports::Mock::Connection
-            # do not exit out for tests
-          elsif supported == false
-            # do not run resource initalize if we are unsupported
-            return
-          end
+          test_backend = defined?(Train::Transports::Mock::Connection) && backend.backend.class == Train::Transports::Mock::Connection
+          # do not return if we are supported, or for tests
+          return unless supported || test_backend
 
           # call the resource initializer
           begin
@@ -73,6 +70,11 @@ module Inspec
             skip_resource(e.message)
           rescue Inspec::Exceptions::ResourceFailed => e
             fail_resource(e.message)
+          rescue NoMethodError => e
+            # The new platform resources have methods generated on the fly
+            # for inspec check to work we need to skip these train errors
+            raise unless test_backend && e.receiver.class == Train::Transports::Mock::Connection
+            skip_resource(e.message)
           end
         end
 

data/lib/inspec/runner.rb

@@ -129,8 +129,9 @@ module Inspec
     end
 
     def run_tests(with = nil)
-      run_data = @test_collector.run(with)
-      render_output(run_data)
+      @run_data = @test_collector.run(with)
+      # dont output anything if we want a report
+      render_output(@run_data) unless @conf['report']
       @test_collector.exit_code
     end
 

data/lib/inspec/runner_rspec.rb

@@ -82,6 +82,7 @@ module Inspec
     #
     # @return [int] exit code
     def exit_code
+      return @rspec_exit_code if @formatter.results.empty?
       stats = @formatter.results[:statistics][:controls]
       if stats[:failed][:total] == 0 && stats[:skipped][:total] == 0
         0

data/lib/inspec/version.rb

@@ -4,5 +4,5 @@
 # author: Christoph Hartmann
 
 module Inspec
-  VERSION = '2.0.17'
+  VERSION = '2.0.32'
 end

data/lib/resource_support/aws.rb

@@ -16,6 +16,7 @@ require 'resources/aws/aws_cloudtrail_trail'
 require 'resources/aws/aws_cloudtrail_trails'
 require 'resources/aws/aws_cloudwatch_alarm'
 require 'resources/aws/aws_cloudwatch_log_metric_filter'
+require 'resources/aws/aws_config_recorder'
 require 'resources/aws/aws_ec2_instance'
 require 'resources/aws/aws_iam_access_key'
 require 'resources/aws/aws_iam_access_keys'

data/lib/resources/aws/aws_config_recorder.rb

@@ -0,0 +1,98 @@
+class AwsConfigurationRecorder < Inspec.resource(1)
+  name 'aws_config_recorder'
+  desc 'Verifies settings for AWS Configuration Recorder'
+  example "
+    describe aws_config_recorder('My_Recorder') do
+      it { should exist }
+      it { should be_recording }
+      it { should be_all_supported }
+      it { should have_include_global_resource_types }
+    end
+  "
+  supports platform: 'aws'
+
+  include AwsSingularResourceMixin
+  attr_reader :role_arn, :resource_types, :recorder_name, :resp
+
+  def to_s
+    "Configuration_Recorder: #{@recorder_name}"
+  end
+
+  def recording_all_resource_types?
+    @recording_all_resource_types
+  end
+
+  def recording_all_global_types?
+    @recording_all_global_types
+  end
+
+  def status
+    return unless @exists
+    backend = BackendFactory.create(inspec_runner)
+    catch_aws_errors do
+      @resp = backend.describe_configuration_recorder_status(@query)
+      @status = @resp.configuration_recorders_status.first.to_h
+    end
+  end
+
+  def recording?
+    return unless @exists
+    status[:recording]
+  end
+
+  private
+
+  def validate_params(raw_params)
+    validated_params = check_resource_param_names(
+      raw_params: raw_params,
+      allowed_params: [:recorder_name],
+      allowed_scalar_name: :recorder_name,
+      allowed_scalar_type: String,
+    )
+
+    # Must give it a recorder_name
+    if validated_params[:recorder_name].nil?
+      raise ArgumentError, 'You must provide recorder_name to aws_config_recorder'
+    end
+
+    validated_params
+  end
+
+  def fetch_from_api
+    backend = BackendFactory.create(inspec_runner)
+    @query = { configuration_recorder_names: [@recorder_name] }
+
+    catch_aws_errors do
+      begin
+        @resp = backend.describe_configuration_recorders(@query)
+      rescue Aws::ConfigService::Errors::NoSuchConfigurationRecorderException
+        @exists = false
+        return
+      end
+      @exists = !@resp.empty?
+      return unless @exists
+
+      @recorder = @resp.configuration_recorders.first.to_h
+      @recorder_name = @recorder[:name]
+      @role_arn = @recorder[:role_arn]
+      @recording_all_resource_types = @recorder[:recording_group][:all_supported]
+      @recording_all_global_types = @recorder[:recording_group][:include_global_resource_types]
+      @resource_types = @recorder[:recording_group][:resource_types]
+    end
+  end
+
+  class Backend
+    class AwsClientApi < AwsBackendBase
+      BackendFactory.set_default_backend(self)
+      self.aws_client_class = Aws::ConfigService::Client
+
+      def describe_configuration_recorders(query)
+        aws_service_client.describe_configuration_recorders(query)
+      end
+
+      def describe_configuration_recorder_status(query)
+        aws_service_client.describe_configuration_recorder_status(query)
+      end
+    end
+  end
+end

data/lib/resources/http.rb

@@ -137,7 +137,7 @@ module Inspec::Resources
           conn.options.timeout      = read_timeout  # open/read timeout in seconds
           conn.options.open_timeout = open_timeout  # connection open timeout in seconds
 
-          @response = conn.send(http_method.downcase) do |req|
+          @response = conn.run_request(http_method.downcase.to_sym, nil, nil, nil) do |req|
             req.body = request_body
           end
         end

data/lib/resources/package.rb

@@ -194,9 +194,16 @@ module Inspec::Resources
     def info(package_name)
       brew_path = inspec.command('brew').exist? ? 'brew' : '/usr/local/bin/brew'
       cmd = inspec.command("#{brew_path} info --json=v1 #{package_name}")
+
+      # If no available formula exists, then `brew` will exit non-zero
       return {} if cmd.exit_status.to_i != 0
-      # parse data
+
       pkg = JSON.parse(cmd.stdout)[0]
+
+      # If package exists but is not installed, then `brew` output will not
+      # contain `pkg['installed'][0]['version']
+      return {} unless pkg.dig('installed', 0, 'version')
+
       {
         name: pkg['name'],
         installed: true,

data/lib/resources/parse_config.rb

@@ -97,7 +97,7 @@ module Inspec::Resources
 
   class PConfigFile < PConfig
     name 'parse_config_file'
-    desc 'Use the parse_config_file InSpec audit resource to test arbitrary configuration files. It works identiacal to parse_config. Instead of using a command output, this resource works with files.'
+    desc 'Use the parse_config_file InSpec resource to test arbitrary configuration files. It works identically to parse_config. Instead of using a command output, this resource works with files.'
     example "
       describe parse_config_file('/path/to/file') do
         its('setting') { should eq 1 }

data/lib/resources/virtualization.rb

@@ -5,7 +5,7 @@ require 'hashie/mash'
 module Inspec::Resources
   class Virtualization < Inspec.resource(1)
     name 'virtualization'
-    supports platform: 'unix'
+    supports platform: 'linux'
     desc 'Use the virtualization InSpec audit resource to test the virtualization platform on which the system is running'
     example "
       describe virtualization do
@@ -25,11 +25,8 @@ module Inspec::Resources
     "
 
     def initialize
-      unless inspec.os.linux?
-        skip_resource 'The `virtualization` resource is not supported on your OS yet.'
-      else
-        collect_data_linux
-      end
+      @virtualization_data = Hashie::Mash.new
+      collect_data_linux
     end
 
     # add helper methods for easy access of properties
@@ -229,8 +226,7 @@ module Inspec::Resources
     end
 
     def collect_data_linux # rubocop:disable Metrics/PerceivedComplexity, Metrics/CyclomaticComplexity
-      # cache data in an instance var to avoid doing multiple detections for a single test
-      @virtualization_data ||= Hashie::Mash.new
+      # This avoids doing multiple detections in a single test
       return unless @virtualization_data.empty?
 
       # each detect method will return true if it matched and was successfully

data/lib/utils/database_helpers.rb

@@ -10,7 +10,7 @@ module DatabaseHelper
     end
 
     def value
-      @row[@name.downcase]
+      @row.nil? ? '' : @row[@name.downcase]
     end
 
     def to_s

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec
 version: !ruby/object:Gem::Version
-  version: 2.0.17
+  version: 2.0.32
 platform: ruby
 authors:
 - Dominik Richter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-02-20 00:00:00.000000000 Z
+date: 2018-03-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: train
@@ -312,6 +312,7 @@ files:
 - docs/resources/aws_cloudtrail_trails.md.erb
 - docs/resources/aws_cloudwatch_alarm.md.erb
 - docs/resources/aws_cloudwatch_log_metric_filter.md.erb
+- docs/resources/aws_config_recorder.md.erb
 - docs/resources/aws_ec2_instance.md.erb
 - docs/resources/aws_iam_access_key.md.erb
 - docs/resources/aws_iam_access_keys.md.erb
@@ -622,6 +623,7 @@ files:
 - lib/resources/aws/aws_cloudtrail_trails.rb
 - lib/resources/aws/aws_cloudwatch_alarm.rb
 - lib/resources/aws/aws_cloudwatch_log_metric_filter.rb
+- lib/resources/aws/aws_config_recorder.rb
 - lib/resources/aws/aws_ec2_instance.rb
 - lib/resources/aws/aws_iam_access_key.rb
 - lib/resources/aws/aws_iam_access_keys.rb