inspec 2.0.32 → 2.0.45

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (482) hide show
  1. checksums.yaml +4 -4
  2. data/.rubocop.yml +101 -101
  3. data/CHANGELOG.md +2991 -2970
  4. data/Gemfile +55 -55
  5. data/LICENSE +14 -14
  6. data/MAINTAINERS.md +33 -33
  7. data/MAINTAINERS.toml +52 -52
  8. data/README.md +446 -437
  9. data/Rakefile +322 -322
  10. data/bin/inspec +12 -12
  11. data/docs/.gitignore +2 -2
  12. data/docs/README.md +40 -40
  13. data/docs/dsl_inspec.md +258 -258
  14. data/docs/dsl_resource.md +93 -93
  15. data/docs/glossary.md +99 -99
  16. data/docs/habitat.md +191 -191
  17. data/docs/inspec_and_friends.md +107 -107
  18. data/docs/matchers.md +169 -168
  19. data/docs/migration.md +293 -293
  20. data/docs/platforms.md +118 -118
  21. data/docs/plugin_kitchen_inspec.md +49 -49
  22. data/docs/profiles.md +370 -370
  23. data/docs/reporters.md +105 -105
  24. data/docs/resources/aide_conf.md.erb +75 -75
  25. data/docs/resources/apache.md.erb +67 -67
  26. data/docs/resources/apache_conf.md.erb +68 -68
  27. data/docs/resources/apt.md.erb +71 -71
  28. data/docs/resources/audit_policy.md.erb +47 -47
  29. data/docs/resources/auditd.md.erb +79 -79
  30. data/docs/resources/auditd_conf.md.erb +68 -68
  31. data/docs/resources/aws_cloudtrail_trail.md.erb +140 -140
  32. data/docs/resources/aws_cloudtrail_trails.md.erb +81 -81
  33. data/docs/resources/aws_cloudwatch_alarm.md.erb +86 -86
  34. data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +151 -151
  35. data/docs/resources/aws_config_recorder.md.erb +71 -71
  36. data/docs/resources/aws_ec2_instance.md.erb +106 -106
  37. data/docs/resources/aws_iam_access_key.md.erb +123 -123
  38. data/docs/resources/aws_iam_access_keys.md.erb +198 -198
  39. data/docs/resources/aws_iam_group.md.erb +46 -46
  40. data/docs/resources/aws_iam_groups.md.erb +43 -43
  41. data/docs/resources/aws_iam_password_policy.md.erb +76 -76
  42. data/docs/resources/aws_iam_policies.md.erb +82 -82
  43. data/docs/resources/aws_iam_policy.md.erb +144 -144
  44. data/docs/resources/aws_iam_role.md.erb +63 -63
  45. data/docs/resources/aws_iam_root_user.md.erb +58 -58
  46. data/docs/resources/aws_iam_user.md.erb +64 -64
  47. data/docs/resources/aws_iam_users.md.erb +89 -89
  48. data/docs/resources/aws_kms_keys.md.erb +84 -84
  49. data/docs/resources/aws_route_table.md.erb +47 -47
  50. data/docs/resources/aws_s3_bucket.md.erb +134 -134
  51. data/docs/resources/aws_security_group.md.erb +151 -151
  52. data/docs/resources/aws_security_groups.md.erb +91 -91
  53. data/docs/resources/aws_sns_topic.md.erb +63 -63
  54. data/docs/resources/aws_subnet.md.erb +133 -133
  55. data/docs/resources/aws_subnets.md.erb +126 -126
  56. data/docs/resources/aws_vpc.md.erb +120 -120
  57. data/docs/resources/aws_vpcs.md.erb +48 -48
  58. data/docs/resources/azure_generic_resource.md.erb +170 -170
  59. data/docs/resources/azure_resource_group.md.erb +284 -284
  60. data/docs/resources/azure_virtual_machine.md.erb +347 -347
  61. data/docs/resources/azure_virtual_machine_data_disk.md.erb +224 -224
  62. data/docs/resources/bash.md.erb +75 -75
  63. data/docs/resources/bond.md.erb +90 -90
  64. data/docs/resources/bridge.md.erb +57 -57
  65. data/docs/resources/bsd_service.md.erb +67 -67
  66. data/docs/resources/command.md.erb +138 -138
  67. data/docs/resources/cpan.md.erb +79 -79
  68. data/docs/resources/cran.md.erb +64 -64
  69. data/docs/resources/crontab.md.erb +89 -89
  70. data/docs/resources/csv.md.erb +54 -54
  71. data/docs/resources/dh_params.md.erb +205 -205
  72. data/docs/resources/directory.md.erb +30 -30
  73. data/docs/resources/docker.md.erb +219 -219
  74. data/docs/resources/docker_container.md.erb +104 -104
  75. data/docs/resources/docker_image.md.erb +94 -94
  76. data/docs/resources/docker_service.md.erb +114 -114
  77. data/docs/resources/elasticsearch.md.erb +242 -242
  78. data/docs/resources/etc_fstab.md.erb +125 -125
  79. data/docs/resources/etc_group.md.erb +75 -75
  80. data/docs/resources/etc_hosts.md.erb +78 -78
  81. data/docs/resources/etc_hosts_allow.md.erb +74 -74
  82. data/docs/resources/etc_hosts_deny.md.erb +74 -74
  83. data/docs/resources/file.md.erb +526 -515
  84. data/docs/resources/filesystem.md.erb +41 -41
  85. data/docs/resources/firewalld.md.erb +107 -107
  86. data/docs/resources/gem.md.erb +79 -79
  87. data/docs/resources/group.md.erb +61 -61
  88. data/docs/resources/grub_conf.md.erb +101 -101
  89. data/docs/resources/host.md.erb +86 -86
  90. data/docs/resources/http.md.erb +196 -196
  91. data/docs/resources/iis_app.md.erb +122 -122
  92. data/docs/resources/iis_site.md.erb +135 -135
  93. data/docs/resources/inetd_conf.md.erb +94 -94
  94. data/docs/resources/ini.md.erb +76 -76
  95. data/docs/resources/interface.md.erb +58 -58
  96. data/docs/resources/iptables.md.erb +64 -64
  97. data/docs/resources/json.md.erb +63 -63
  98. data/docs/resources/kernel_module.md.erb +120 -120
  99. data/docs/resources/kernel_parameter.md.erb +53 -53
  100. data/docs/resources/key_rsa.md.erb +85 -85
  101. data/docs/resources/launchd_service.md.erb +57 -57
  102. data/docs/resources/limits_conf.md.erb +75 -75
  103. data/docs/resources/login_def.md.erb +71 -71
  104. data/docs/resources/mount.md.erb +69 -69
  105. data/docs/resources/mssql_session.md.erb +60 -60
  106. data/docs/resources/mysql_conf.md.erb +99 -99
  107. data/docs/resources/mysql_session.md.erb +74 -74
  108. data/docs/resources/nginx.md.erb +79 -79
  109. data/docs/resources/nginx_conf.md.erb +128 -128
  110. data/docs/resources/npm.md.erb +60 -60
  111. data/docs/resources/ntp_conf.md.erb +60 -60
  112. data/docs/resources/oneget.md.erb +53 -53
  113. data/docs/resources/oracledb_session.md.erb +52 -52
  114. data/docs/resources/os.md.erb +141 -141
  115. data/docs/resources/os_env.md.erb +78 -78
  116. data/docs/resources/package.md.erb +120 -120
  117. data/docs/resources/packages.md.erb +67 -67
  118. data/docs/resources/parse_config.md.erb +103 -103
  119. data/docs/resources/parse_config_file.md.erb +138 -138
  120. data/docs/resources/passwd.md.erb +141 -141
  121. data/docs/resources/pip.md.erb +67 -67
  122. data/docs/resources/port.md.erb +137 -137
  123. data/docs/resources/postgres_conf.md.erb +79 -79
  124. data/docs/resources/postgres_hba_conf.md.erb +93 -93
  125. data/docs/resources/postgres_ident_conf.md.erb +76 -76
  126. data/docs/resources/postgres_session.md.erb +69 -69
  127. data/docs/resources/powershell.md.erb +102 -102
  128. data/docs/resources/processes.md.erb +109 -109
  129. data/docs/resources/rabbitmq_config.md.erb +41 -41
  130. data/docs/resources/registry_key.md.erb +158 -158
  131. data/docs/resources/runit_service.md.erb +57 -57
  132. data/docs/resources/security_policy.md.erb +47 -47
  133. data/docs/resources/service.md.erb +121 -121
  134. data/docs/resources/shadow.md.erb +146 -144
  135. data/docs/resources/ssh_config.md.erb +80 -80
  136. data/docs/resources/sshd_config.md.erb +83 -83
  137. data/docs/resources/ssl.md.erb +119 -119
  138. data/docs/resources/sys_info.md.erb +42 -42
  139. data/docs/resources/systemd_service.md.erb +57 -57
  140. data/docs/resources/sysv_service.md.erb +57 -57
  141. data/docs/resources/upstart_service.md.erb +57 -57
  142. data/docs/resources/user.md.erb +140 -140
  143. data/docs/resources/users.md.erb +127 -127
  144. data/docs/resources/vbscript.md.erb +55 -55
  145. data/docs/resources/virtualization.md.erb +57 -57
  146. data/docs/resources/windows_feature.md.erb +47 -47
  147. data/docs/resources/windows_hotfix.md.erb +53 -53
  148. data/docs/resources/windows_task.md.erb +95 -95
  149. data/docs/resources/wmi.md.erb +81 -81
  150. data/docs/resources/x509_certificate.md.erb +151 -151
  151. data/docs/resources/xinetd_conf.md.erb +156 -156
  152. data/docs/resources/xml.md.erb +85 -85
  153. data/docs/resources/yaml.md.erb +69 -69
  154. data/docs/resources/yum.md.erb +98 -98
  155. data/docs/resources/zfs_dataset.md.erb +53 -53
  156. data/docs/resources/zfs_pool.md.erb +47 -47
  157. data/docs/ruby_usage.md +203 -203
  158. data/docs/shared/matcher_be.md.erb +1 -1
  159. data/docs/shared/matcher_cmp.md.erb +43 -43
  160. data/docs/shared/matcher_eq.md.erb +3 -3
  161. data/docs/shared/matcher_include.md.erb +1 -1
  162. data/docs/shared/matcher_match.md.erb +1 -1
  163. data/docs/shell.md +215 -215
  164. data/examples/README.md +8 -8
  165. data/examples/inheritance/README.md +65 -65
  166. data/examples/inheritance/controls/example.rb +14 -14
  167. data/examples/inheritance/inspec.yml +15 -15
  168. data/examples/kitchen-ansible/.kitchen.yml +25 -25
  169. data/examples/kitchen-ansible/Gemfile +19 -19
  170. data/examples/kitchen-ansible/README.md +53 -53
  171. data/examples/kitchen-ansible/files/nginx.repo +6 -6
  172. data/examples/kitchen-ansible/tasks/main.yml +16 -16
  173. data/examples/kitchen-ansible/test/integration/default/default.yml +5 -5
  174. data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -28
  175. data/examples/kitchen-chef/.kitchen.yml +20 -20
  176. data/examples/kitchen-chef/Berksfile +3 -3
  177. data/examples/kitchen-chef/Gemfile +19 -19
  178. data/examples/kitchen-chef/README.md +27 -27
  179. data/examples/kitchen-chef/metadata.rb +7 -7
  180. data/examples/kitchen-chef/recipes/default.rb +6 -6
  181. data/examples/kitchen-chef/recipes/nginx.rb +30 -30
  182. data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -28
  183. data/examples/kitchen-puppet/.kitchen.yml +22 -22
  184. data/examples/kitchen-puppet/Gemfile +20 -20
  185. data/examples/kitchen-puppet/Puppetfile +25 -25
  186. data/examples/kitchen-puppet/README.md +53 -53
  187. data/examples/kitchen-puppet/manifests/site.pp +33 -33
  188. data/examples/kitchen-puppet/metadata.json +11 -11
  189. data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -28
  190. data/examples/meta-profile/README.md +37 -37
  191. data/examples/meta-profile/controls/example.rb +13 -13
  192. data/examples/meta-profile/inspec.yml +13 -13
  193. data/examples/profile-attribute.yml +2 -2
  194. data/examples/profile-attribute/README.md +14 -14
  195. data/examples/profile-attribute/controls/example.rb +11 -11
  196. data/examples/profile-attribute/inspec.yml +8 -8
  197. data/examples/profile-aws/controls/iam_password_policy_expiration.rb +8 -8
  198. data/examples/profile-aws/controls/iam_password_policy_max_age.rb +8 -8
  199. data/examples/profile-aws/controls/iam_root_user_mfa.rb +8 -8
  200. data/examples/profile-aws/controls/iam_users_access_key_age.rb +8 -8
  201. data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +8 -8
  202. data/examples/profile-aws/inspec.yml +11 -11
  203. data/examples/profile-azure/controls/azure_resource_group_example.rb +24 -24
  204. data/examples/profile-azure/controls/azure_vm_example.rb +29 -29
  205. data/examples/profile-azure/inspec.yml +11 -11
  206. data/examples/profile-sensitive/README.md +29 -29
  207. data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -9
  208. data/examples/profile-sensitive/controls/sensitive.rb +9 -9
  209. data/examples/profile-sensitive/inspec.yml +8 -8
  210. data/examples/profile/README.md +48 -48
  211. data/examples/profile/controls/example.rb +23 -23
  212. data/examples/profile/controls/gordon.rb +36 -36
  213. data/examples/profile/controls/meta.rb +34 -34
  214. data/examples/profile/inspec.yml +10 -10
  215. data/examples/profile/libraries/gordon_config.rb +53 -53
  216. data/inspec.gemspec +47 -47
  217. data/lib/bundles/README.md +3 -3
  218. data/lib/bundles/inspec-artifact.rb +7 -7
  219. data/lib/bundles/inspec-artifact/README.md +1 -1
  220. data/lib/bundles/inspec-artifact/cli.rb +277 -277
  221. data/lib/bundles/inspec-compliance.rb +16 -16
  222. data/lib/bundles/inspec-compliance/.kitchen.yml +20 -20
  223. data/lib/bundles/inspec-compliance/README.md +185 -185
  224. data/lib/bundles/inspec-compliance/api.rb +316 -316
  225. data/lib/bundles/inspec-compliance/api/login.rb +152 -152
  226. data/lib/bundles/inspec-compliance/bootstrap.sh +41 -41
  227. data/lib/bundles/inspec-compliance/cli.rb +254 -254
  228. data/lib/bundles/inspec-compliance/configuration.rb +103 -103
  229. data/lib/bundles/inspec-compliance/http.rb +86 -86
  230. data/lib/bundles/inspec-compliance/support.rb +36 -36
  231. data/lib/bundles/inspec-compliance/target.rb +98 -98
  232. data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -93
  233. data/lib/bundles/inspec-habitat.rb +12 -12
  234. data/lib/bundles/inspec-habitat/cli.rb +36 -36
  235. data/lib/bundles/inspec-habitat/log.rb +10 -10
  236. data/lib/bundles/inspec-habitat/profile.rb +390 -390
  237. data/lib/bundles/inspec-init.rb +8 -8
  238. data/lib/bundles/inspec-init/README.md +31 -31
  239. data/lib/bundles/inspec-init/cli.rb +97 -97
  240. data/lib/bundles/inspec-init/templates/profile/README.md +3 -3
  241. data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -19
  242. data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -8
  243. data/lib/bundles/inspec-supermarket.rb +13 -13
  244. data/lib/bundles/inspec-supermarket/README.md +45 -45
  245. data/lib/bundles/inspec-supermarket/api.rb +84 -84
  246. data/lib/bundles/inspec-supermarket/cli.rb +73 -73
  247. data/lib/bundles/inspec-supermarket/target.rb +34 -34
  248. data/lib/fetchers/git.rb +163 -163
  249. data/lib/fetchers/local.rb +74 -74
  250. data/lib/fetchers/mock.rb +35 -35
  251. data/lib/fetchers/url.rb +204 -204
  252. data/lib/inspec.rb +24 -24
  253. data/lib/inspec/archive/tar.rb +29 -29
  254. data/lib/inspec/archive/zip.rb +19 -19
  255. data/lib/inspec/backend.rb +92 -92
  256. data/lib/inspec/base_cli.rb +355 -350
  257. data/lib/inspec/cached_fetcher.rb +66 -66
  258. data/lib/inspec/cli.rb +292 -292
  259. data/lib/inspec/completions/bash.sh.erb +45 -45
  260. data/lib/inspec/completions/fish.sh.erb +34 -34
  261. data/lib/inspec/completions/zsh.sh.erb +61 -61
  262. data/lib/inspec/control_eval_context.rb +179 -179
  263. data/lib/inspec/dependencies/cache.rb +72 -72
  264. data/lib/inspec/dependencies/dependency_set.rb +92 -92
  265. data/lib/inspec/dependencies/lockfile.rb +115 -115
  266. data/lib/inspec/dependencies/requirement.rb +123 -123
  267. data/lib/inspec/dependencies/resolver.rb +86 -86
  268. data/lib/inspec/describe.rb +27 -27
  269. data/lib/inspec/dsl.rb +66 -66
  270. data/lib/inspec/dsl_shared.rb +33 -33
  271. data/lib/inspec/env_printer.rb +157 -157
  272. data/lib/inspec/errors.rb +13 -13
  273. data/lib/inspec/exceptions.rb +12 -12
  274. data/lib/inspec/expect.rb +45 -45
  275. data/lib/inspec/fetcher.rb +45 -45
  276. data/lib/inspec/file_provider.rb +275 -275
  277. data/lib/inspec/formatters.rb +3 -3
  278. data/lib/inspec/formatters/base.rb +250 -250
  279. data/lib/inspec/formatters/json_rspec.rb +20 -20
  280. data/lib/inspec/formatters/show_progress.rb +12 -12
  281. data/lib/inspec/library_eval_context.rb +58 -58
  282. data/lib/inspec/log.rb +11 -11
  283. data/lib/inspec/metadata.rb +247 -247
  284. data/lib/inspec/method_source.rb +24 -24
  285. data/lib/inspec/objects.rb +14 -14
  286. data/lib/inspec/objects/attribute.rb +65 -65
  287. data/lib/inspec/objects/control.rb +61 -61
  288. data/lib/inspec/objects/describe.rb +92 -92
  289. data/lib/inspec/objects/each_loop.rb +36 -36
  290. data/lib/inspec/objects/list.rb +15 -15
  291. data/lib/inspec/objects/or_test.rb +40 -40
  292. data/lib/inspec/objects/ruby_helper.rb +15 -15
  293. data/lib/inspec/objects/tag.rb +27 -27
  294. data/lib/inspec/objects/test.rb +87 -87
  295. data/lib/inspec/objects/value.rb +27 -27
  296. data/lib/inspec/plugins.rb +60 -60
  297. data/lib/inspec/plugins/cli.rb +24 -24
  298. data/lib/inspec/plugins/fetcher.rb +86 -86
  299. data/lib/inspec/plugins/resource.rb +135 -135
  300. data/lib/inspec/plugins/secret.rb +15 -15
  301. data/lib/inspec/plugins/source_reader.rb +40 -40
  302. data/lib/inspec/polyfill.rb +12 -12
  303. data/lib/inspec/profile.rb +510 -510
  304. data/lib/inspec/profile_context.rb +207 -207
  305. data/lib/inspec/profile_vendor.rb +66 -66
  306. data/lib/inspec/reporters.rb +54 -50
  307. data/lib/inspec/reporters/base.rb +24 -24
  308. data/lib/inspec/reporters/cli.rb +356 -356
  309. data/lib/inspec/reporters/json.rb +116 -116
  310. data/lib/inspec/reporters/json_min.rb +48 -48
  311. data/lib/inspec/reporters/junit.rb +77 -77
  312. data/lib/inspec/require_loader.rb +33 -33
  313. data/lib/inspec/resource.rb +186 -186
  314. data/lib/inspec/rule.rb +266 -266
  315. data/lib/inspec/runner.rb +345 -345
  316. data/lib/inspec/runner_mock.rb +41 -41
  317. data/lib/inspec/runner_rspec.rb +175 -175
  318. data/lib/inspec/runtime_profile.rb +26 -26
  319. data/lib/inspec/schema.rb +213 -213
  320. data/lib/inspec/secrets.rb +19 -19
  321. data/lib/inspec/secrets/yaml.rb +30 -30
  322. data/lib/inspec/shell.rb +220 -220
  323. data/lib/inspec/shell_detector.rb +90 -90
  324. data/lib/inspec/source_reader.rb +29 -29
  325. data/lib/inspec/version.rb +8 -8
  326. data/lib/matchers/matchers.rb +339 -339
  327. data/lib/resource_support/aws.rb +41 -41
  328. data/lib/resource_support/aws/aws_backend_base.rb +12 -12
  329. data/lib/resource_support/aws/aws_backend_factory_mixin.rb +12 -12
  330. data/lib/resource_support/aws/aws_plural_resource_mixin.rb +21 -21
  331. data/lib/resource_support/aws/aws_resource_mixin.rb +66 -66
  332. data/lib/resource_support/aws/aws_singular_resource_mixin.rb +24 -24
  333. data/lib/resources/aide_conf.rb +159 -160
  334. data/lib/resources/apache.rb +48 -48
  335. data/lib/resources/apache_conf.rb +156 -156
  336. data/lib/resources/apt.rb +149 -149
  337. data/lib/resources/audit_policy.rb +63 -63
  338. data/lib/resources/auditd.rb +231 -231
  339. data/lib/resources/auditd_conf.rb +55 -55
  340. data/lib/resources/aws/aws_cloudtrail_trail.rb +77 -77
  341. data/lib/resources/aws/aws_cloudtrail_trails.rb +47 -47
  342. data/lib/resources/aws/aws_cloudwatch_alarm.rb +62 -62
  343. data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +100 -100
  344. data/lib/resources/aws/aws_config_recorder.rb +98 -98
  345. data/lib/resources/aws/aws_ec2_instance.rb +157 -157
  346. data/lib/resources/aws/aws_iam_access_key.rb +106 -106
  347. data/lib/resources/aws/aws_iam_access_keys.rb +149 -144
  348. data/lib/resources/aws/aws_iam_group.rb +56 -56
  349. data/lib/resources/aws/aws_iam_groups.rb +52 -45
  350. data/lib/resources/aws/aws_iam_password_policy.rb +116 -116
  351. data/lib/resources/aws/aws_iam_policies.rb +53 -46
  352. data/lib/resources/aws/aws_iam_policy.rb +125 -119
  353. data/lib/resources/aws/aws_iam_role.rb +51 -51
  354. data/lib/resources/aws/aws_iam_root_user.rb +60 -60
  355. data/lib/resources/aws/aws_iam_user.rb +111 -111
  356. data/lib/resources/aws/aws_iam_users.rb +108 -96
  357. data/lib/resources/aws/aws_kms_keys.rb +53 -46
  358. data/lib/resources/aws/aws_route_table.rb +61 -61
  359. data/lib/resources/aws/aws_s3_bucket.rb +115 -115
  360. data/lib/resources/aws/aws_security_group.rb +93 -93
  361. data/lib/resources/aws/aws_security_groups.rb +68 -68
  362. data/lib/resources/aws/aws_sns_topic.rb +53 -53
  363. data/lib/resources/aws/aws_subnet.rb +88 -88
  364. data/lib/resources/aws/aws_subnets.rb +53 -53
  365. data/lib/resources/aws/aws_vpc.rb +69 -69
  366. data/lib/resources/aws/aws_vpcs.rb +45 -45
  367. data/lib/resources/azure/azure_backend.rb +377 -377
  368. data/lib/resources/azure/azure_generic_resource.rb +59 -59
  369. data/lib/resources/azure/azure_resource_group.rb +152 -152
  370. data/lib/resources/azure/azure_virtual_machine.rb +264 -264
  371. data/lib/resources/azure/azure_virtual_machine_data_disk.rb +136 -136
  372. data/lib/resources/bash.rb +35 -35
  373. data/lib/resources/bond.rb +68 -68
  374. data/lib/resources/bridge.rb +122 -122
  375. data/lib/resources/command.rb +73 -69
  376. data/lib/resources/cpan.rb +58 -58
  377. data/lib/resources/cran.rb +64 -64
  378. data/lib/resources/crontab.rb +169 -170
  379. data/lib/resources/csv.rb +60 -60
  380. data/lib/resources/dh_params.rb +82 -82
  381. data/lib/resources/directory.rb +25 -25
  382. data/lib/resources/docker.rb +236 -236
  383. data/lib/resources/docker_container.rb +89 -89
  384. data/lib/resources/docker_image.rb +83 -83
  385. data/lib/resources/docker_object.rb +57 -57
  386. data/lib/resources/docker_service.rb +90 -90
  387. data/lib/resources/elasticsearch.rb +169 -169
  388. data/lib/resources/etc_fstab.rb +101 -102
  389. data/lib/resources/etc_group.rb +152 -156
  390. data/lib/resources/etc_hosts.rb +82 -81
  391. data/lib/resources/etc_hosts_allow_deny.rb +122 -123
  392. data/lib/resources/file.rb +298 -298
  393. data/lib/resources/filesystem.rb +31 -31
  394. data/lib/resources/firewalld.rb +143 -144
  395. data/lib/resources/gem.rb +70 -70
  396. data/lib/resources/groups.rb +215 -215
  397. data/lib/resources/grub_conf.rb +237 -237
  398. data/lib/resources/host.rb +306 -300
  399. data/lib/resources/http.rb +251 -250
  400. data/lib/resources/iis_app.rb +101 -104
  401. data/lib/resources/iis_site.rb +148 -148
  402. data/lib/resources/inetd_conf.rb +62 -62
  403. data/lib/resources/ini.rb +29 -29
  404. data/lib/resources/interface.rb +129 -129
  405. data/lib/resources/iptables.rb +80 -69
  406. data/lib/resources/json.rb +117 -117
  407. data/lib/resources/kernel_module.rb +107 -107
  408. data/lib/resources/kernel_parameter.rb +58 -58
  409. data/lib/resources/key_rsa.rb +67 -67
  410. data/lib/resources/limits_conf.rb +55 -55
  411. data/lib/resources/login_def.rb +66 -66
  412. data/lib/resources/mount.rb +88 -88
  413. data/lib/resources/mssql_session.rb +101 -101
  414. data/lib/resources/mysql.rb +81 -81
  415. data/lib/resources/mysql_conf.rb +134 -134
  416. data/lib/resources/mysql_session.rb +71 -71
  417. data/lib/resources/nginx.rb +96 -96
  418. data/lib/resources/nginx_conf.rb +227 -227
  419. data/lib/resources/npm.rb +48 -48
  420. data/lib/resources/ntp_conf.rb +58 -58
  421. data/lib/resources/oneget.rb +71 -71
  422. data/lib/resources/oracledb_session.rb +139 -139
  423. data/lib/resources/os.rb +36 -36
  424. data/lib/resources/os_env.rb +76 -76
  425. data/lib/resources/package.rb +370 -370
  426. data/lib/resources/packages.rb +111 -111
  427. data/lib/resources/parse_config.rb +116 -116
  428. data/lib/resources/passwd.rb +74 -74
  429. data/lib/resources/pip.rb +89 -89
  430. data/lib/resources/platform.rb +109 -109
  431. data/lib/resources/port.rb +771 -771
  432. data/lib/resources/postgres.rb +130 -130
  433. data/lib/resources/postgres_conf.rb +121 -121
  434. data/lib/resources/postgres_hba_conf.rb +99 -100
  435. data/lib/resources/postgres_ident_conf.rb +76 -78
  436. data/lib/resources/postgres_session.rb +71 -71
  437. data/lib/resources/powershell.rb +53 -57
  438. data/lib/resources/processes.rb +204 -204
  439. data/lib/resources/rabbitmq_conf.rb +52 -52
  440. data/lib/resources/registry_key.rb +296 -296
  441. data/lib/resources/security_policy.rb +180 -180
  442. data/lib/resources/service.rb +789 -789
  443. data/lib/resources/shadow.rb +146 -140
  444. data/lib/resources/ssh_conf.rb +102 -102
  445. data/lib/resources/ssl.rb +99 -99
  446. data/lib/resources/sys_info.rb +28 -28
  447. data/lib/resources/toml.rb +32 -32
  448. data/lib/resources/users.rb +654 -654
  449. data/lib/resources/vbscript.rb +68 -69
  450. data/lib/resources/virtualization.rb +247 -247
  451. data/lib/resources/windows_feature.rb +84 -84
  452. data/lib/resources/windows_hotfix.rb +35 -35
  453. data/lib/resources/windows_task.rb +102 -105
  454. data/lib/resources/wmi.rb +110 -113
  455. data/lib/resources/x509_certificate.rb +143 -143
  456. data/lib/resources/xinetd.rb +111 -111
  457. data/lib/resources/xml.rb +46 -46
  458. data/lib/resources/yaml.rb +47 -47
  459. data/lib/resources/yum.rb +180 -180
  460. data/lib/resources/zfs_dataset.rb +60 -60
  461. data/lib/resources/zfs_pool.rb +49 -49
  462. data/lib/source_readers/flat.rb +39 -39
  463. data/lib/source_readers/inspec.rb +75 -75
  464. data/lib/utils/command_wrapper.rb +27 -27
  465. data/lib/utils/convert.rb +12 -12
  466. data/lib/utils/database_helpers.rb +77 -77
  467. data/lib/utils/erlang_parser.rb +192 -192
  468. data/lib/utils/filter.rb +272 -272
  469. data/lib/utils/filter_array.rb +27 -27
  470. data/lib/utils/find_files.rb +44 -44
  471. data/lib/utils/hash.rb +41 -41
  472. data/lib/utils/json_log.rb +18 -18
  473. data/lib/utils/latest_version.rb +22 -22
  474. data/lib/utils/modulator.rb +12 -12
  475. data/lib/utils/nginx_parser.rb +85 -85
  476. data/lib/utils/object_traversal.rb +49 -49
  477. data/lib/utils/parser.rb +274 -274
  478. data/lib/utils/plugin_registry.rb +93 -93
  479. data/lib/utils/simpleconfig.rb +120 -120
  480. data/lib/utils/spdx.rb +13 -13
  481. data/lib/utils/spdx.txt +343 -343
  482. metadata +2 -2
data/docs/resources/aws_iam_access_keys.md.erb CHANGED
@@ -1,198 +1,198 @@
1
- ---
2
- title: About the aws_iam_access_keys Resource
3
- platform: aws
4
- ---
5
-
6
- # aws\_iam\_access\_keys
7
-
8
- Use the `aws_iam_access_keys` InSpec audit resource to test properties of some or all IAM Access Keys.
9
-
10
- To test properties of a single Access Key, use the `aws_iam_access_key` resource instead.
11
- To test properties of an individual user's access keys, use the `aws_iam_user` resource.
12
-
13
- Access Keys are closely related to AWS User resources. Use this resource to perform audits of all keys or of keys specified by criteria unrelated to any particular user.
14
-
15
- <br>
16
-
17
- ## Syntax
18
-
19
- An `aws_iam_access_keys` resource block uses an optional filter to select a group of access keys and then tests that group.
20
-
21
- # Do not allow any access keys
22
- describe aws_iam_access_keys do
23
- it { should_not exist }
24
- end
25
-
26
- # Don't let fred have access keys, using filter argument syntax
27
- describe aws_iam_access_keys.where(username: 'fred') do
28
- it { should_not exist }
29
- end
30
-
31
- # Don't let fred have access keys, using filter block syntax (most flexible)
32
- describe aws_iam_access_keys.where { username == 'fred' } do
33
- it { should_not exist }
34
- end
35
-
36
- <br>
37
-
38
- ## Examples
39
-
40
- The following examples show how to use this InSpec audit resource.
41
-
42
- ### Disallow access keys created more than 90 days ago
43
-
44
- describe aws_iam_access_keys.where { created_age > 90 } do
45
- it { should_not exist }
46
- end
47
-
48
- <br>
49
-
50
- ## Filter Criteria
51
- * `active`, `create_date`, `created_days_ago`, `created_hours_ago`, `created_with_user`, `ever_used`, `inactive`, `last_used_date`, `last_used_hours_ago`, `last_used_days_ago`, `never_used`, `user_created_date`
52
-
53
- <br>
54
-
55
- ## Filter Examples
56
-
57
- ### active
58
-
59
- A true / false value indicating if an Access Key is currently "Active" (the normal state) in the AWS console. See also: `inactive`.
60
-
61
- # Check if a particular key is enabled
62
- describe aws_iam_access_keys.where { active } do
63
- its('access_key_ids') { should include('AKIA1234567890ABCDEF')}
64
- end
65
-
66
- ### create\_date
67
-
68
- A DateTime identifying when the Access Key was created. See also `created_days_ago` and `created_hours_ago`.
69
-
70
- # Detect keys older than 2017
71
- describe aws_iam_access_keys.where { create_date < DateTime.parse('2017-01-01') } do
72
- it { should_not exist }
73
- end
74
-
75
- ### created\_days\_ago, created\_hours\_ago
76
-
77
- An integer, representing how old the access key is.
78
-
79
- # Don't allow keys that are older than 90 days
80
- describe aws_iam_access_keys.where { created_days_ago > 90 } do
81
- it { should_not exist }
82
- end
83
-
84
- ### created\_with\_user
85
-
86
- A true / false value indicating if the Access Key was likely created at the same time as the user, by checking if the difference between created_date and user_created_date is less than 1 hour.
87
-
88
- # Do not automatically create keys for users
89
- describe aws_iam_access_keys.where { created_with_user } do
90
- it { should_not exist }
91
- end
92
-
93
- ### ever\_used
94
-
95
- A true / false value indicating if the Access Key has ever been used, based on the last_used_date. See also: `never_used`.
96
-
97
- # Check to see if a particular key has ever been used
98
- describe aws_iam_access_keys.where { ever_used } do
99
- its('access_key_ids') { should include('AKIA1234567890ABCDEF')}
100
- end
101
-
102
- ### inactive
103
-
104
- A true / false value indicating if the Access Key has been marked Inactive in the AWS console. See also: `active`.
105
-
106
- # Don't leave inactive keys laying around
107
- describe aws_iam_access_keys.where { inactive } do
108
- it { should_not exist }
109
- end
110
-
111
- ### last\_used\_date
112
-
113
- A DateTime identifying when the Access Key was last used. Returns nil if the key has never been used. See also: `ever_used`, `last_used_days_ago`, `last_used_hours_ago`, and `never_used`.
114
-
115
- # No one should do anything on Mondays
116
- describe aws_iam_access_keys.where { ever_used and last_used_date.monday? } do
117
- it { should_not exist }
118
- end
119
-
120
- ### last\_used\_days\_ago, last\_used\_hours\_ago
121
-
122
- An integer representing when the key was last used. See also: `ever_used`, `last_used_date`, and `never_used`.
123
-
124
- # Don't allow keys that sit unused for more than 90 days
125
- describe aws_iam_access_keys.where { last_used_days_ago > 90 } do
126
- it { should_not exist }
127
- end
128
-
129
- ### never\_used
130
-
131
- A true / false value indicating if the Access Key has never been used, based on the `last_used_date`. See also: `ever_used`.
132
-
133
- # Don't allow unused keys to lay around
134
- describe aws_iam_access_keys.where { never_used } do
135
- it { should_not exist }
136
- end
137
-
138
- ### username
139
-
140
- Searches for access keys owned by the named user. Each user may have zero, one, or two access keys.
141
-
142
- describe aws_iam_access_keys(username: 'bob') do
143
- it { should exist }
144
- end
145
-
146
- ### user\_created\_date
147
-
148
- The date at which the user was created.
149
-
150
- # Users have to be a week old to have a key
151
- describe aws_iam_access_keys.where { user_created_date > Date.now - 7 }
152
- it { should_not exist }
153
- end
154
-
155
- <br>
156
-
157
- ## Properties
158
-
159
- * `access_key_ids`, `entries`
160
-
161
- ## Property Examples
162
-
163
- ### access\_key\_ids
164
-
165
- Provides a list of all access key IDs matched.
166
-
167
- describe aws_iam_access_keys do
168
- its('access_key_ids') { should include('AKIA1234567890ABCDEF') }
169
- end
170
-
171
- ### entries
172
-
173
- Provides access to the raw results of the query. This can be useful for checking counts and other advanced operations.
174
-
175
- # Allow at most 100 access keys on the account
176
- describe aws_iam_access_keys do
177
- its('entries.count') { should be <= 100}
178
- end
179
-
180
- <br>
181
-
182
- ## Matchers
183
-
184
- This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
185
-
186
- ### exists
187
-
188
- The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches.
189
-
190
- # Sally should have at least one access key
191
- describe aws_iam_access_keys.where(username: 'sally') do
192
- it { should exist }
193
- end
194
-
195
- # Don't let fred have access keys
196
- describe aws_iam_access_keys.where(username: 'fred') do
197
- it { should_not exist }
198
- end
1
+ ---
2
+ title: About the aws_iam_access_keys Resource
3
+ platform: aws
4
+ ---
5
+
6
+ # aws\_iam\_access\_keys
7
+
8
+ Use the `aws_iam_access_keys` InSpec audit resource to test properties of some or all IAM Access Keys.
9
+
10
+ To test properties of a single Access Key, use the `aws_iam_access_key` resource instead.
11
+ To test properties of an individual user's access keys, use the `aws_iam_user` resource.
12
+
13
+ Access Keys are closely related to AWS User resources. Use this resource to perform audits of all keys or of keys specified by criteria unrelated to any particular user.
14
+
15
+ <br>
16
+
17
+ ## Syntax
18
+
19
+ An `aws_iam_access_keys` resource block uses an optional filter to select a group of access keys and then tests that group.
20
+
21
+ # Do not allow any access keys
22
+ describe aws_iam_access_keys do
23
+ it { should_not exist }
24
+ end
25
+
26
+ # Don't let fred have access keys, using filter argument syntax
27
+ describe aws_iam_access_keys.where(username: 'fred') do
28
+ it { should_not exist }
29
+ end
30
+
31
+ # Don't let fred have access keys, using filter block syntax (most flexible)
32
+ describe aws_iam_access_keys.where { username == 'fred' } do
33
+ it { should_not exist }
34
+ end
35
+
36
+ <br>
37
+
38
+ ## Examples
39
+
40
+ The following examples show how to use this InSpec audit resource.
41
+
42
+ ### Disallow access keys created more than 90 days ago
43
+
44
+ describe aws_iam_access_keys.where { created_days_ago > 90 } do
45
+ it { should_not exist }
46
+ end
47
+
48
+ <br>
49
+
50
+ ## Filter Criteria
51
+ * `active`, `create_date`, `created_days_ago`, `created_hours_ago`, `created_with_user`, `ever_used`, `inactive`, `last_used_date`, `last_used_hours_ago`, `last_used_days_ago`, `never_used`, `user_created_date`
52
+
53
+ <br>
54
+
55
+ ## Filter Examples
56
+
57
+ ### active
58
+
59
+ A true / false value indicating if an Access Key is currently "Active" (the normal state) in the AWS console. See also: `inactive`.
60
+
61
+ # Check if a particular key is enabled
62
+ describe aws_iam_access_keys.where { active } do
63
+ its('access_key_ids') { should include('AKIA1234567890ABCDEF')}
64
+ end
65
+
66
+ ### create\_date
67
+
68
+ A DateTime identifying when the Access Key was created. See also `created_days_ago` and `created_hours_ago`.
69
+
70
+ # Detect keys older than 2017
71
+ describe aws_iam_access_keys.where { create_date < DateTime.parse('2017-01-01') } do
72
+ it { should_not exist }
73
+ end
74
+
75
+ ### created\_days\_ago, created\_hours\_ago
76
+
77
+ An integer, representing how old the access key is.
78
+
79
+ # Don't allow keys that are older than 90 days
80
+ describe aws_iam_access_keys.where { created_days_ago > 90 } do
81
+ it { should_not exist }
82
+ end
83
+
84
+ ### created\_with\_user
85
+
86
+ A true / false value indicating if the Access Key was likely created at the same time as the user, by checking if the difference between created_date and user_created_date is less than 1 hour.
87
+
88
+ # Do not automatically create keys for users
89
+ describe aws_iam_access_keys.where { created_with_user } do
90
+ it { should_not exist }
91
+ end
92
+
93
+ ### ever\_used
94
+
95
+ A true / false value indicating if the Access Key has ever been used, based on the last_used_date. See also: `never_used`.
96
+
97
+ # Check to see if a particular key has ever been used
98
+ describe aws_iam_access_keys.where { ever_used } do
99
+ its('access_key_ids') { should include('AKIA1234567890ABCDEF')}
100
+ end
101
+
102
+ ### inactive
103
+
104
+ A true / false value indicating if the Access Key has been marked Inactive in the AWS console. See also: `active`.
105
+
106
+ # Don't leave inactive keys laying around
107
+ describe aws_iam_access_keys.where { inactive } do
108
+ it { should_not exist }
109
+ end
110
+
111
+ ### last\_used\_date
112
+
113
+ A DateTime identifying when the Access Key was last used. Returns nil if the key has never been used. See also: `ever_used`, `last_used_days_ago`, `last_used_hours_ago`, and `never_used`.
114
+
115
+ # No one should do anything on Mondays
116
+ describe aws_iam_access_keys.where { ever_used and last_used_date.monday? } do
117
+ it { should_not exist }
118
+ end
119
+
120
+ ### last\_used\_days\_ago, last\_used\_hours\_ago
121
+
122
+ An integer representing when the key was last used. See also: `ever_used`, `last_used_date`, and `never_used`.
123
+
124
+ # Don't allow keys that sit unused for more than 90 days
125
+ describe aws_iam_access_keys.where { last_used_days_ago > 90 } do
126
+ it { should_not exist }
127
+ end
128
+
129
+ ### never\_used
130
+
131
+ A true / false value indicating if the Access Key has never been used, based on the `last_used_date`. See also: `ever_used`.
132
+
133
+ # Don't allow unused keys to lay around
134
+ describe aws_iam_access_keys.where { never_used } do
135
+ it { should_not exist }
136
+ end
137
+
138
+ ### username
139
+
140
+ Searches for access keys owned by the named user. Each user may have zero, one, or two access keys.
141
+
142
+ describe aws_iam_access_keys(username: 'bob') do
143
+ it { should exist }
144
+ end
145
+
146
+ ### user\_created\_date
147
+
148
+ The date at which the user was created.
149
+
150
+ # Users have to be a week old to have a key
151
+ describe aws_iam_access_keys.where { user_created_date > Date.now - 7 }
152
+ it { should_not exist }
153
+ end
154
+
155
+ <br>
156
+
157
+ ## Properties
158
+
159
+ * `access_key_ids`, `entries`
160
+
161
+ ## Property Examples
162
+
163
+ ### access\_key\_ids
164
+
165
+ Provides a list of all access key IDs matched.
166
+
167
+ describe aws_iam_access_keys do
168
+ its('access_key_ids') { should include('AKIA1234567890ABCDEF') }
169
+ end
170
+
171
+ ### entries
172
+
173
+ Provides access to the raw results of the query. This can be useful for checking counts and other advanced operations.
174
+
175
+ # Allow at most 100 access keys on the account
176
+ describe aws_iam_access_keys do
177
+ its('entries.count') { should be <= 100}
178
+ end
179
+
180
+ <br>
181
+
182
+ ## Matchers
183
+
184
+ This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
185
+
186
+ ### exists
187
+
188
+ The control will pass if the filter returns at least one result. Use `should_not` if you expect zero matches.
189
+
190
+ # Sally should have at least one access key
191
+ describe aws_iam_access_keys.where(username: 'sally') do
192
+ it { should exist }
193
+ end
194
+
195
+ # Don't let fred have access keys
196
+ describe aws_iam_access_keys.where(username: 'fred') do
197
+ it { should_not exist }
198
+ end
data/docs/resources/aws_iam_group.md.erb CHANGED
@@ -1,46 +1,46 @@
1
- ---
2
- title: About the aws_iam_group Resource
3
- platform: aws
4
- ---
5
-
6
- # aws\_iam\_group
7
-
8
- Use the `aws_iam_group` InSpec audit resource to test properties of a single IAM group.
9
-
10
- To test properties of multiple or all groups, use the `aws_iam_groups` resource.
11
-
12
- <br>
13
-
14
- ## Syntax
15
-
16
- An `aws_iam_group` resource block identifies a group by group name.
17
-
18
- # Find a group by group name
19
- describe aws_iam_group('mygroup') do
20
- it { should exist }
21
- end
22
-
23
- # Hash syntax for group name
24
- describe aws_iam_group(group_name: 'mygroup') do
25
- it { should exist }
26
- end
27
-
28
- <br>
29
-
30
- ## Examples
31
-
32
- The following examples show how to use this InSpec audit resource.
33
-
34
- As this is the initial release of `aws_iam_group`, its limited functionality precludes examples.
35
-
36
- <br>
37
-
38
- ## Matchers
39
-
40
- ### exists
41
-
42
- The control will pass if a group with the given group name exists.
43
-
44
- describe aws_iam_group('mygroup')
45
- it { should exist }
46
- end
1
+ ---
2
+ title: About the aws_iam_group Resource
3
+ platform: aws
4
+ ---
5
+
6
+ # aws\_iam\_group
7
+
8
+ Use the `aws_iam_group` InSpec audit resource to test properties of a single IAM group.
9
+
10
+ To test properties of multiple or all groups, use the `aws_iam_groups` resource.
11
+
12
+ <br>
13
+
14
+ ## Syntax
15
+
16
+ An `aws_iam_group` resource block identifies a group by group name.
17
+
18
+ # Find a group by group name
19
+ describe aws_iam_group('mygroup') do
20
+ it { should exist }
21
+ end
22
+
23
+ # Hash syntax for group name
24
+ describe aws_iam_group(group_name: 'mygroup') do
25
+ it { should exist }
26
+ end
27
+
28
+ <br>
29
+
30
+ ## Examples
31
+
32
+ The following examples show how to use this InSpec audit resource.
33
+
34
+ As this is the initial release of `aws_iam_group`, its limited functionality precludes examples.
35
+
36
+ <br>
37
+
38
+ ## Matchers
39
+
40
+ ### exists
41
+
42
+ The control will pass if a group with the given group name exists.
43
+
44
+ describe aws_iam_group('mygroup')
45
+ it { should exist }
46
+ end