inspec 2.1.21 → 2.1.30
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +101 -101
- data/CHANGELOG.md +3062 -3045
- data/Gemfile +56 -56
- data/LICENSE +14 -14
- data/MAINTAINERS.md +33 -33
- data/MAINTAINERS.toml +52 -52
- data/README.md +447 -447
- data/Rakefile +322 -322
- data/bin/inspec +12 -12
- data/docs/.gitignore +2 -2
- data/docs/README.md +40 -40
- data/docs/dsl_inspec.md +258 -258
- data/docs/dsl_resource.md +100 -100
- data/docs/glossary.md +99 -99
- data/docs/habitat.md +191 -191
- data/docs/inspec_and_friends.md +114 -114
- data/docs/matchers.md +169 -169
- data/docs/migration.md +293 -293
- data/docs/platforms.md +118 -118
- data/docs/plugin_kitchen_inspec.md +50 -50
- data/docs/profiles.md +376 -376
- data/docs/reporters.md +105 -105
- data/docs/resources/aide_conf.md.erb +75 -75
- data/docs/resources/apache.md.erb +67 -67
- data/docs/resources/apache_conf.md.erb +68 -68
- data/docs/resources/apt.md.erb +71 -71
- data/docs/resources/audit_policy.md.erb +47 -47
- data/docs/resources/auditd.md.erb +79 -79
- data/docs/resources/auditd_conf.md.erb +68 -68
- data/docs/resources/aws_cloudtrail_trail.md.erb +140 -140
- data/docs/resources/aws_cloudtrail_trails.md.erb +81 -81
- data/docs/resources/aws_cloudwatch_alarm.md.erb +86 -86
- data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +151 -151
- data/docs/resources/aws_config_delivery_channel.md +79 -79
- data/docs/resources/aws_config_recorder.md.erb +71 -71
- data/docs/resources/aws_ec2_instance.md.erb +106 -106
- data/docs/resources/aws_iam_access_key.md.erb +123 -123
- data/docs/resources/aws_iam_access_keys.md.erb +198 -198
- data/docs/resources/aws_iam_group.md.erb +46 -46
- data/docs/resources/aws_iam_groups.md.erb +43 -43
- data/docs/resources/aws_iam_password_policy.md.erb +76 -76
- data/docs/resources/aws_iam_policies.md.erb +82 -82
- data/docs/resources/aws_iam_policy.md.erb +144 -144
- data/docs/resources/aws_iam_role.md.erb +63 -63
- data/docs/resources/aws_iam_root_user.md.erb +70 -58
- data/docs/resources/aws_iam_user.md.erb +64 -64
- data/docs/resources/aws_iam_users.md.erb +89 -89
- data/docs/resources/aws_kms_key.md.erb +171 -171
- data/docs/resources/aws_kms_keys.md.erb +84 -84
- data/docs/resources/aws_rds_instance.md.erb +60 -60
- data/docs/resources/aws_route_table.md.erb +47 -47
- data/docs/resources/aws_route_tables.md.erb +49 -0
- data/docs/resources/aws_s3_bucket.md.erb +134 -134
- data/docs/resources/aws_s3_bucket_object.md.erb +83 -83
- data/docs/resources/aws_s3_buckets.md.erb +53 -0
- data/docs/resources/aws_security_group.md.erb +151 -151
- data/docs/resources/aws_security_groups.md.erb +91 -91
- data/docs/resources/aws_sns_subscription.md.erb +124 -124
- data/docs/resources/aws_sns_topic.md.erb +63 -63
- data/docs/resources/aws_sns_topics.md.erb +52 -52
- data/docs/resources/aws_subnet.md.erb +134 -134
- data/docs/resources/aws_subnets.md.erb +126 -126
- data/docs/resources/aws_vpc.md.erb +120 -120
- data/docs/resources/aws_vpcs.md.erb +48 -48
- data/docs/resources/azure_generic_resource.md.erb +171 -171
- data/docs/resources/azure_resource_group.md.erb +284 -284
- data/docs/resources/azure_virtual_machine.md.erb +347 -347
- data/docs/resources/azure_virtual_machine_data_disk.md.erb +224 -224
- data/docs/resources/bash.md.erb +75 -75
- data/docs/resources/bond.md.erb +90 -90
- data/docs/resources/bridge.md.erb +57 -57
- data/docs/resources/bsd_service.md.erb +67 -67
- data/docs/resources/chocolatey_package.md.erb +58 -0
- data/docs/resources/command.md.erb +138 -138
- data/docs/resources/cpan.md.erb +79 -79
- data/docs/resources/cran.md.erb +64 -64
- data/docs/resources/crontab.md.erb +89 -89
- data/docs/resources/csv.md.erb +54 -54
- data/docs/resources/dh_params.md.erb +205 -205
- data/docs/resources/directory.md.erb +30 -30
- data/docs/resources/docker.md.erb +219 -219
- data/docs/resources/docker_container.md.erb +103 -103
- data/docs/resources/docker_image.md.erb +94 -94
- data/docs/resources/docker_service.md.erb +114 -114
- data/docs/resources/elasticsearch.md.erb +242 -242
- data/docs/resources/etc_fstab.md.erb +125 -125
- data/docs/resources/etc_group.md.erb +75 -75
- data/docs/resources/etc_hosts.md.erb +78 -78
- data/docs/resources/etc_hosts_allow.md.erb +74 -74
- data/docs/resources/etc_hosts_deny.md.erb +74 -74
- data/docs/resources/file.md.erb +526 -526
- data/docs/resources/filesystem.md.erb +41 -41
- data/docs/resources/firewalld.md.erb +107 -107
- data/docs/resources/gem.md.erb +79 -79
- data/docs/resources/group.md.erb +61 -61
- data/docs/resources/grub_conf.md.erb +101 -101
- data/docs/resources/host.md.erb +86 -86
- data/docs/resources/http.md.erb +196 -196
- data/docs/resources/iis_app.md.erb +122 -122
- data/docs/resources/iis_site.md.erb +135 -135
- data/docs/resources/inetd_conf.md.erb +94 -94
- data/docs/resources/ini.md.erb +76 -76
- data/docs/resources/interface.md.erb +58 -58
- data/docs/resources/iptables.md.erb +64 -64
- data/docs/resources/json.md.erb +63 -63
- data/docs/resources/kernel_module.md.erb +120 -120
- data/docs/resources/kernel_parameter.md.erb +53 -53
- data/docs/resources/key_rsa.md.erb +85 -85
- data/docs/resources/launchd_service.md.erb +57 -57
- data/docs/resources/limits_conf.md.erb +75 -75
- data/docs/resources/login_defs.md.erb +71 -71
- data/docs/resources/mount.md.erb +69 -69
- data/docs/resources/mssql_session.md.erb +60 -60
- data/docs/resources/mysql_conf.md.erb +99 -99
- data/docs/resources/mysql_session.md.erb +74 -74
- data/docs/resources/nginx.md.erb +79 -79
- data/docs/resources/nginx_conf.md.erb +138 -138
- data/docs/resources/npm.md.erb +60 -60
- data/docs/resources/ntp_conf.md.erb +60 -60
- data/docs/resources/oneget.md.erb +53 -53
- data/docs/resources/oracledb_session.md.erb +52 -52
- data/docs/resources/os.md.erb +141 -141
- data/docs/resources/os_env.md.erb +78 -78
- data/docs/resources/package.md.erb +120 -120
- data/docs/resources/packages.md.erb +67 -67
- data/docs/resources/parse_config.md.erb +103 -103
- data/docs/resources/parse_config_file.md.erb +138 -138
- data/docs/resources/passwd.md.erb +141 -141
- data/docs/resources/pip.md.erb +67 -67
- data/docs/resources/port.md.erb +137 -137
- data/docs/resources/postgres_conf.md.erb +79 -79
- data/docs/resources/postgres_hba_conf.md.erb +93 -93
- data/docs/resources/postgres_ident_conf.md.erb +76 -76
- data/docs/resources/postgres_session.md.erb +69 -69
- data/docs/resources/powershell.md.erb +102 -102
- data/docs/resources/processes.md.erb +109 -109
- data/docs/resources/rabbitmq_config.md.erb +41 -41
- data/docs/resources/registry_key.md.erb +158 -158
- data/docs/resources/runit_service.md.erb +57 -57
- data/docs/resources/security_policy.md.erb +47 -47
- data/docs/resources/service.md.erb +121 -121
- data/docs/resources/shadow.md.erb +146 -146
- data/docs/resources/ssh_config.md.erb +73 -73
- data/docs/resources/sshd_config.md.erb +83 -83
- data/docs/resources/ssl.md.erb +119 -119
- data/docs/resources/sys_info.md.erb +42 -42
- data/docs/resources/systemd_service.md.erb +57 -57
- data/docs/resources/sysv_service.md.erb +57 -57
- data/docs/resources/upstart_service.md.erb +57 -57
- data/docs/resources/user.md.erb +140 -140
- data/docs/resources/users.md.erb +127 -127
- data/docs/resources/vbscript.md.erb +55 -55
- data/docs/resources/virtualization.md.erb +57 -57
- data/docs/resources/windows_feature.md.erb +47 -47
- data/docs/resources/windows_hotfix.md.erb +53 -53
- data/docs/resources/windows_task.md.erb +95 -95
- data/docs/resources/wmi.md.erb +81 -81
- data/docs/resources/x509_certificate.md.erb +151 -151
- data/docs/resources/xinetd_conf.md.erb +156 -156
- data/docs/resources/xml.md.erb +85 -85
- data/docs/resources/yaml.md.erb +69 -69
- data/docs/resources/yum.md.erb +98 -98
- data/docs/resources/zfs_dataset.md.erb +53 -53
- data/docs/resources/zfs_pool.md.erb +47 -47
- data/docs/ruby_usage.md +203 -203
- data/docs/shared/matcher_be.md.erb +1 -1
- data/docs/shared/matcher_cmp.md.erb +43 -43
- data/docs/shared/matcher_eq.md.erb +3 -3
- data/docs/shared/matcher_include.md.erb +1 -1
- data/docs/shared/matcher_match.md.erb +1 -1
- data/docs/shell.md +217 -217
- data/examples/README.md +8 -8
- data/examples/inheritance/README.md +65 -65
- data/examples/inheritance/controls/example.rb +14 -14
- data/examples/inheritance/inspec.yml +15 -15
- data/examples/kitchen-ansible/.kitchen.yml +25 -25
- data/examples/kitchen-ansible/Gemfile +19 -19
- data/examples/kitchen-ansible/README.md +53 -53
- data/examples/kitchen-ansible/files/nginx.repo +6 -6
- data/examples/kitchen-ansible/tasks/main.yml +16 -16
- data/examples/kitchen-ansible/test/integration/default/default.yml +5 -5
- data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -28
- data/examples/kitchen-chef/.kitchen.yml +20 -20
- data/examples/kitchen-chef/Berksfile +3 -3
- data/examples/kitchen-chef/Gemfile +19 -19
- data/examples/kitchen-chef/README.md +27 -27
- data/examples/kitchen-chef/metadata.rb +7 -7
- data/examples/kitchen-chef/recipes/default.rb +6 -6
- data/examples/kitchen-chef/recipes/nginx.rb +30 -30
- data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -28
- data/examples/kitchen-puppet/.kitchen.yml +22 -22
- data/examples/kitchen-puppet/Gemfile +20 -20
- data/examples/kitchen-puppet/Puppetfile +25 -25
- data/examples/kitchen-puppet/README.md +53 -53
- data/examples/kitchen-puppet/manifests/site.pp +33 -33
- data/examples/kitchen-puppet/metadata.json +11 -11
- data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -28
- data/examples/meta-profile/README.md +37 -37
- data/examples/meta-profile/controls/example.rb +13 -13
- data/examples/meta-profile/inspec.yml +13 -13
- data/examples/profile-attribute.yml +2 -2
- data/examples/profile-attribute/README.md +14 -14
- data/examples/profile-attribute/controls/example.rb +11 -11
- data/examples/profile-attribute/inspec.yml +8 -8
- data/examples/profile-aws/controls/iam_password_policy_expiration.rb +8 -8
- data/examples/profile-aws/controls/iam_password_policy_max_age.rb +8 -8
- data/examples/profile-aws/controls/iam_root_user_mfa.rb +8 -8
- data/examples/profile-aws/controls/iam_users_access_key_age.rb +8 -8
- data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +8 -8
- data/examples/profile-aws/inspec.yml +11 -11
- data/examples/profile-azure/controls/azure_resource_group_example.rb +24 -24
- data/examples/profile-azure/controls/azure_vm_example.rb +29 -29
- data/examples/profile-azure/inspec.yml +11 -11
- data/examples/profile-sensitive/README.md +29 -29
- data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -9
- data/examples/profile-sensitive/controls/sensitive.rb +9 -9
- data/examples/profile-sensitive/inspec.yml +8 -8
- data/examples/profile/README.md +48 -48
- data/examples/profile/controls/example.rb +23 -23
- data/examples/profile/controls/gordon.rb +36 -36
- data/examples/profile/controls/meta.rb +34 -34
- data/examples/profile/inspec.yml +10 -10
- data/examples/profile/libraries/gordon_config.rb +59 -53
- data/inspec.gemspec +47 -47
- data/lib/bundles/README.md +3 -3
- data/lib/bundles/inspec-artifact.rb +7 -7
- data/lib/bundles/inspec-artifact/README.md +1 -1
- data/lib/bundles/inspec-artifact/cli.rb +277 -277
- data/lib/bundles/inspec-compliance.rb +16 -16
- data/lib/bundles/inspec-compliance/.kitchen.yml +20 -20
- data/lib/bundles/inspec-compliance/README.md +185 -185
- data/lib/bundles/inspec-compliance/api.rb +316 -316
- data/lib/bundles/inspec-compliance/api/login.rb +152 -152
- data/lib/bundles/inspec-compliance/bootstrap.sh +41 -41
- data/lib/bundles/inspec-compliance/cli.rb +254 -254
- data/lib/bundles/inspec-compliance/configuration.rb +103 -103
- data/lib/bundles/inspec-compliance/http.rb +86 -86
- data/lib/bundles/inspec-compliance/support.rb +36 -36
- data/lib/bundles/inspec-compliance/target.rb +98 -98
- data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -93
- data/lib/bundles/inspec-habitat.rb +12 -12
- data/lib/bundles/inspec-habitat/cli.rb +36 -36
- data/lib/bundles/inspec-habitat/log.rb +10 -10
- data/lib/bundles/inspec-habitat/profile.rb +391 -391
- data/lib/bundles/inspec-init.rb +8 -8
- data/lib/bundles/inspec-init/README.md +31 -31
- data/lib/bundles/inspec-init/cli.rb +97 -97
- data/lib/bundles/inspec-init/templates/profile/README.md +3 -3
- data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -19
- data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -8
- data/lib/bundles/inspec-supermarket.rb +13 -13
- data/lib/bundles/inspec-supermarket/README.md +45 -45
- data/lib/bundles/inspec-supermarket/api.rb +84 -84
- data/lib/bundles/inspec-supermarket/cli.rb +73 -73
- data/lib/bundles/inspec-supermarket/target.rb +34 -34
- data/lib/fetchers/git.rb +163 -163
- data/lib/fetchers/local.rb +74 -74
- data/lib/fetchers/mock.rb +35 -35
- data/lib/fetchers/url.rb +204 -204
- data/lib/inspec.rb +24 -24
- data/lib/inspec/archive/tar.rb +29 -29
- data/lib/inspec/archive/zip.rb +19 -19
- data/lib/inspec/backend.rb +93 -93
- data/lib/inspec/base_cli.rb +363 -357
- data/lib/inspec/cached_fetcher.rb +66 -66
- data/lib/inspec/cli.rb +292 -292
- data/lib/inspec/completions/bash.sh.erb +45 -45
- data/lib/inspec/completions/fish.sh.erb +34 -34
- data/lib/inspec/completions/zsh.sh.erb +61 -61
- data/lib/inspec/control_eval_context.rb +179 -179
- data/lib/inspec/dependencies/cache.rb +72 -72
- data/lib/inspec/dependencies/dependency_set.rb +92 -92
- data/lib/inspec/dependencies/lockfile.rb +115 -115
- data/lib/inspec/dependencies/requirement.rb +123 -123
- data/lib/inspec/dependencies/resolver.rb +86 -86
- data/lib/inspec/describe.rb +27 -27
- data/lib/inspec/dsl.rb +66 -66
- data/lib/inspec/dsl_shared.rb +33 -33
- data/lib/inspec/env_printer.rb +157 -157
- data/lib/inspec/errors.rb +14 -13
- data/lib/inspec/exceptions.rb +12 -12
- data/lib/inspec/expect.rb +45 -45
- data/lib/inspec/fetcher.rb +45 -45
- data/lib/inspec/file_provider.rb +275 -275
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +259 -250
- data/lib/inspec/formatters/json_rspec.rb +20 -20
- data/lib/inspec/formatters/show_progress.rb +12 -12
- data/lib/inspec/library_eval_context.rb +58 -58
- data/lib/inspec/log.rb +11 -11
- data/lib/inspec/metadata.rb +247 -247
- data/lib/inspec/method_source.rb +24 -24
- data/lib/inspec/objects.rb +14 -14
- data/lib/inspec/objects/attribute.rb +65 -65
- data/lib/inspec/objects/control.rb +61 -61
- data/lib/inspec/objects/describe.rb +92 -92
- data/lib/inspec/objects/each_loop.rb +36 -36
- data/lib/inspec/objects/list.rb +15 -15
- data/lib/inspec/objects/or_test.rb +40 -40
- data/lib/inspec/objects/ruby_helper.rb +15 -15
- data/lib/inspec/objects/tag.rb +27 -27
- data/lib/inspec/objects/test.rb +87 -87
- data/lib/inspec/objects/value.rb +27 -27
- data/lib/inspec/plugins.rb +60 -60
- data/lib/inspec/plugins/cli.rb +24 -24
- data/lib/inspec/plugins/fetcher.rb +86 -86
- data/lib/inspec/plugins/resource.rb +135 -135
- data/lib/inspec/plugins/secret.rb +15 -15
- data/lib/inspec/plugins/source_reader.rb +40 -40
- data/lib/inspec/polyfill.rb +12 -12
- data/lib/inspec/profile.rb +513 -513
- data/lib/inspec/profile_context.rb +208 -208
- data/lib/inspec/profile_vendor.rb +66 -66
- data/lib/inspec/reporters.rb +60 -54
- data/lib/inspec/reporters/automate.rb +76 -0
- data/lib/inspec/reporters/base.rb +25 -24
- data/lib/inspec/reporters/cli.rb +356 -356
- data/lib/inspec/reporters/json.rb +116 -116
- data/lib/inspec/reporters/json_min.rb +48 -48
- data/lib/inspec/reporters/junit.rb +77 -77
- data/lib/inspec/require_loader.rb +33 -33
- data/lib/inspec/resource.rb +187 -186
- data/lib/inspec/rule.rb +266 -266
- data/lib/inspec/runner.rb +345 -345
- data/lib/inspec/runner_mock.rb +41 -41
- data/lib/inspec/runner_rspec.rb +175 -175
- data/lib/inspec/runtime_profile.rb +26 -26
- data/lib/inspec/schema.rb +213 -213
- data/lib/inspec/secrets.rb +19 -19
- data/lib/inspec/secrets/yaml.rb +30 -30
- data/lib/inspec/shell.rb +220 -220
- data/lib/inspec/shell_detector.rb +90 -90
- data/lib/inspec/source_reader.rb +29 -29
- data/lib/inspec/version.rb +8 -8
- data/lib/matchers/matchers.rb +339 -339
- data/lib/resource_support/aws.rb +49 -47
- data/lib/resource_support/aws/aws_backend_base.rb +12 -12
- data/lib/resource_support/aws/aws_backend_factory_mixin.rb +12 -12
- data/lib/resource_support/aws/aws_plural_resource_mixin.rb +21 -21
- data/lib/resource_support/aws/aws_resource_mixin.rb +66 -66
- data/lib/resource_support/aws/aws_singular_resource_mixin.rb +24 -24
- data/lib/resources/aide_conf.rb +151 -151
- data/lib/resources/apache.rb +48 -48
- data/lib/resources/apache_conf.rb +149 -149
- data/lib/resources/apt.rb +149 -149
- data/lib/resources/audit_policy.rb +63 -63
- data/lib/resources/auditd.rb +231 -231
- data/lib/resources/auditd_conf.rb +46 -46
- data/lib/resources/aws/aws_cloudtrail_trail.rb +77 -77
- data/lib/resources/aws/aws_cloudtrail_trails.rb +47 -47
- data/lib/resources/aws/aws_cloudwatch_alarm.rb +62 -62
- data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +100 -100
- data/lib/resources/aws/aws_config_delivery_channel.rb +76 -76
- data/lib/resources/aws/aws_config_recorder.rb +98 -98
- data/lib/resources/aws/aws_ec2_instance.rb +157 -157
- data/lib/resources/aws/aws_iam_access_key.rb +106 -106
- data/lib/resources/aws/aws_iam_access_keys.rb +149 -149
- data/lib/resources/aws/aws_iam_group.rb +56 -56
- data/lib/resources/aws/aws_iam_groups.rb +52 -52
- data/lib/resources/aws/aws_iam_password_policy.rb +116 -116
- data/lib/resources/aws/aws_iam_policies.rb +53 -53
- data/lib/resources/aws/aws_iam_policy.rb +125 -125
- data/lib/resources/aws/aws_iam_role.rb +51 -51
- data/lib/resources/aws/aws_iam_root_user.rb +78 -60
- data/lib/resources/aws/aws_iam_user.rb +111 -111
- data/lib/resources/aws/aws_iam_users.rb +108 -108
- data/lib/resources/aws/aws_kms_key.rb +96 -96
- data/lib/resources/aws/aws_kms_keys.rb +53 -53
- data/lib/resources/aws/aws_rds_instance.rb +71 -71
- data/lib/resources/aws/aws_route_table.rb +63 -63
- data/lib/resources/aws/aws_route_tables.rb +60 -0
- data/lib/resources/aws/aws_s3_bucket.rb +115 -115
- data/lib/resources/aws/aws_s3_bucket_object.rb +82 -82
- data/lib/resources/aws/aws_s3_buckets.rb +51 -0
- data/lib/resources/aws/aws_security_group.rb +93 -93
- data/lib/resources/aws/aws_security_groups.rb +68 -68
- data/lib/resources/aws/aws_sns_subscription.rb +78 -78
- data/lib/resources/aws/aws_sns_topic.rb +53 -53
- data/lib/resources/aws/aws_sns_topics.rb +56 -56
- data/lib/resources/aws/aws_subnet.rb +88 -88
- data/lib/resources/aws/aws_subnets.rb +53 -53
- data/lib/resources/aws/aws_vpc.rb +69 -69
- data/lib/resources/aws/aws_vpcs.rb +45 -45
- data/lib/resources/azure/azure_backend.rb +377 -377
- data/lib/resources/azure/azure_generic_resource.rb +59 -59
- data/lib/resources/azure/azure_resource_group.rb +152 -152
- data/lib/resources/azure/azure_virtual_machine.rb +264 -264
- data/lib/resources/azure/azure_virtual_machine_data_disk.rb +134 -134
- data/lib/resources/bash.rb +35 -35
- data/lib/resources/bond.rb +69 -69
- data/lib/resources/bridge.rb +122 -122
- data/lib/resources/chocolatey_package.rb +78 -0
- data/lib/resources/command.rb +73 -73
- data/lib/resources/cpan.rb +58 -58
- data/lib/resources/cran.rb +64 -64
- data/lib/resources/crontab.rb +169 -169
- data/lib/resources/csv.rb +56 -56
- data/lib/resources/dh_params.rb +77 -77
- data/lib/resources/directory.rb +25 -25
- data/lib/resources/docker.rb +236 -236
- data/lib/resources/docker_container.rb +89 -89
- data/lib/resources/docker_image.rb +83 -83
- data/lib/resources/docker_object.rb +57 -57
- data/lib/resources/docker_service.rb +90 -90
- data/lib/resources/elasticsearch.rb +169 -169
- data/lib/resources/etc_fstab.rb +94 -94
- data/lib/resources/etc_group.rb +152 -152
- data/lib/resources/etc_hosts.rb +66 -66
- data/lib/resources/etc_hosts_allow_deny.rb +112 -112
- data/lib/resources/file.rb +298 -298
- data/lib/resources/filesystem.rb +31 -31
- data/lib/resources/firewalld.rb +143 -143
- data/lib/resources/gem.rb +70 -70
- data/lib/resources/groups.rb +215 -215
- data/lib/resources/grub_conf.rb +227 -227
- data/lib/resources/host.rb +306 -306
- data/lib/resources/http.rb +253 -253
- data/lib/resources/iis_app.rb +101 -101
- data/lib/resources/iis_site.rb +148 -148
- data/lib/resources/inetd_conf.rb +54 -54
- data/lib/resources/ini.rb +29 -29
- data/lib/resources/interface.rb +129 -129
- data/lib/resources/iptables.rb +80 -80
- data/lib/resources/json.rb +107 -107
- data/lib/resources/kernel_module.rb +107 -107
- data/lib/resources/kernel_parameter.rb +58 -58
- data/lib/resources/key_rsa.rb +61 -61
- data/lib/resources/limits_conf.rb +46 -46
- data/lib/resources/login_def.rb +57 -57
- data/lib/resources/mount.rb +88 -88
- data/lib/resources/mssql_session.rb +101 -101
- data/lib/resources/mysql.rb +82 -81
- data/lib/resources/mysql_conf.rb +127 -127
- data/lib/resources/mysql_session.rb +85 -85
- data/lib/resources/nginx.rb +96 -96
- data/lib/resources/nginx_conf.rb +226 -226
- data/lib/resources/npm.rb +48 -48
- data/lib/resources/ntp_conf.rb +51 -51
- data/lib/resources/oneget.rb +71 -71
- data/lib/resources/oracledb_session.rb +139 -139
- data/lib/resources/os.rb +36 -36
- data/lib/resources/os_env.rb +75 -75
- data/lib/resources/package.rb +370 -370
- data/lib/resources/packages.rb +111 -111
- data/lib/resources/parse_config.rb +112 -112
- data/lib/resources/passwd.rb +76 -76
- data/lib/resources/pip.rb +130 -130
- data/lib/resources/platform.rb +109 -109
- data/lib/resources/port.rb +771 -771
- data/lib/resources/postgres.rb +131 -130
- data/lib/resources/postgres_conf.rb +114 -114
- data/lib/resources/postgres_hba_conf.rb +90 -90
- data/lib/resources/postgres_ident_conf.rb +79 -79
- data/lib/resources/postgres_session.rb +71 -71
- data/lib/resources/powershell.rb +66 -66
- data/lib/resources/processes.rb +204 -204
- data/lib/resources/rabbitmq_conf.rb +51 -51
- data/lib/resources/registry_key.rb +297 -297
- data/lib/resources/security_policy.rb +180 -180
- data/lib/resources/service.rb +794 -790
- data/lib/resources/shadow.rb +149 -149
- data/lib/resources/ssh_conf.rb +97 -97
- data/lib/resources/ssl.rb +99 -99
- data/lib/resources/sys_info.rb +28 -28
- data/lib/resources/toml.rb +32 -32
- data/lib/resources/users.rb +654 -654
- data/lib/resources/vbscript.rb +68 -68
- data/lib/resources/virtualization.rb +247 -247
- data/lib/resources/windows_feature.rb +84 -84
- data/lib/resources/windows_hotfix.rb +35 -35
- data/lib/resources/windows_task.rb +102 -102
- data/lib/resources/wmi.rb +110 -110
- data/lib/resources/x509_certificate.rb +137 -137
- data/lib/resources/xinetd.rb +106 -106
- data/lib/resources/xml.rb +46 -46
- data/lib/resources/yaml.rb +43 -43
- data/lib/resources/yum.rb +180 -180
- data/lib/resources/zfs_dataset.rb +60 -60
- data/lib/resources/zfs_pool.rb +49 -49
- data/lib/source_readers/flat.rb +39 -39
- data/lib/source_readers/inspec.rb +75 -75
- data/lib/utils/command_wrapper.rb +27 -27
- data/lib/utils/convert.rb +12 -12
- data/lib/utils/database_helpers.rb +77 -77
- data/lib/utils/erlang_parser.rb +192 -192
- data/lib/utils/file_reader.rb +25 -25
- data/lib/utils/filter.rb +273 -273
- data/lib/utils/filter_array.rb +27 -27
- data/lib/utils/find_files.rb +44 -44
- data/lib/utils/hash.rb +41 -41
- data/lib/utils/json_log.rb +18 -18
- data/lib/utils/latest_version.rb +22 -22
- data/lib/utils/modulator.rb +12 -12
- data/lib/utils/nginx_parser.rb +85 -85
- data/lib/utils/object_traversal.rb +49 -49
- data/lib/utils/parser.rb +274 -274
- data/lib/utils/plugin_registry.rb +93 -93
- data/lib/utils/simpleconfig.rb +120 -120
- data/lib/utils/spdx.rb +13 -13
- data/lib/utils/spdx.txt +343 -343
- metadata +9 -2
data/Rakefile
CHANGED
|
@@ -1,322 +1,322 @@
|
|
|
1
|
-
#!/usr/bin/env rake
|
|
2
|
-
# encoding: utf-8
|
|
3
|
-
|
|
4
|
-
require 'bundler'
|
|
5
|
-
require 'bundler/gem_tasks'
|
|
6
|
-
require 'rake/testtask'
|
|
7
|
-
require 'passgen'
|
|
8
|
-
require 'train'
|
|
9
|
-
require_relative 'tasks/maintainers'
|
|
10
|
-
require_relative 'tasks/spdx'
|
|
11
|
-
|
|
12
|
-
def prompt(message)
|
|
13
|
-
print(message)
|
|
14
|
-
STDIN.gets.chomp
|
|
15
|
-
end
|
|
16
|
-
|
|
17
|
-
# The docs tasks rely on ruby-progressbar. If we can't load it, then don't
|
|
18
|
-
# load the docs tasks. This is necessary to allow this Rakefile to work
|
|
19
|
-
# when the "tests" gem group in the Gemfile has been excluded, such as
|
|
20
|
-
# during an appbundle-updater run.
|
|
21
|
-
begin
|
|
22
|
-
require 'ruby-progressbar'
|
|
23
|
-
require_relative 'tasks/docs'
|
|
24
|
-
rescue LoadError
|
|
25
|
-
puts 'docs tasks are unavailable because the ruby-progressbar gem is not available.'
|
|
26
|
-
end
|
|
27
|
-
|
|
28
|
-
# Rubocop
|
|
29
|
-
begin
|
|
30
|
-
require 'rubocop/rake_task'
|
|
31
|
-
RuboCop::RakeTask.new(:lint)
|
|
32
|
-
rescue LoadError
|
|
33
|
-
puts 'rubocop is not available. Install the rubocop gem to run the lint tests.'
|
|
34
|
-
end
|
|
35
|
-
|
|
36
|
-
# update command output for demo
|
|
37
|
-
desc 'Run inspec commands and save results to www/app/responses'
|
|
38
|
-
task :update_demo do
|
|
39
|
-
ruby 'www/tutorial/scripts/build_simulator_runtime.rb'
|
|
40
|
-
ruby 'www/tutorial/scripts/run_simulator_recording.rb'
|
|
41
|
-
end
|
|
42
|
-
|
|
43
|
-
# run tests
|
|
44
|
-
task default: [:lint, :test]
|
|
45
|
-
|
|
46
|
-
Rake::TestTask.new do |t|
|
|
47
|
-
t.libs << 'test'
|
|
48
|
-
t.pattern = 'test/unit/**/*_test.rb'
|
|
49
|
-
t.warning = true
|
|
50
|
-
t.verbose = true
|
|
51
|
-
t.ruby_opts = ['--dev'] if defined?(JRUBY_VERSION)
|
|
52
|
-
end
|
|
53
|
-
|
|
54
|
-
namespace :test do
|
|
55
|
-
task :isolated do
|
|
56
|
-
Dir.glob('test/unit/*_test.rb').all? do |file|
|
|
57
|
-
sh(Gem.ruby, '-w', '-Ilib:test', file)
|
|
58
|
-
end or fail 'Failures'
|
|
59
|
-
end
|
|
60
|
-
|
|
61
|
-
Rake::TestTask.new(:functional) do |t|
|
|
62
|
-
t.libs << 'test'
|
|
63
|
-
t.pattern = 'test/functional/**/*_test.rb'
|
|
64
|
-
t.warning = true
|
|
65
|
-
t.verbose = true
|
|
66
|
-
t.ruby_opts = ['--dev'] if defined?(JRUBY_VERSION)
|
|
67
|
-
end
|
|
68
|
-
|
|
69
|
-
task :resources do
|
|
70
|
-
tests = Dir['test/resource/*_test.rb']
|
|
71
|
-
return if tests.empty?
|
|
72
|
-
sh(Gem.ruby, 'test/docker_test.rb', *tests)
|
|
73
|
-
end
|
|
74
|
-
|
|
75
|
-
task :integration do
|
|
76
|
-
concurrency = ENV['CONCURRENCY'] || 1
|
|
77
|
-
os = ENV['OS'] || ''
|
|
78
|
-
sh("bundle exec kitchen test -c #{concurrency} #{os}")
|
|
79
|
-
end
|
|
80
|
-
|
|
81
|
-
task :ssh, [:target] do |_t, args|
|
|
82
|
-
tests_path = File.join(File.dirname(__FILE__), 'test', 'integration', 'test', 'integration', 'default')
|
|
83
|
-
key_files = ENV['key_files'] || File.join(ENV['HOME'], '.ssh', 'id_rsa')
|
|
84
|
-
|
|
85
|
-
sh_cmd = "bin/inspec exec #{tests_path}/"
|
|
86
|
-
sh_cmd += ENV['test'] ? "#{ENV['test']}_spec.rb" : '*'
|
|
87
|
-
sh_cmd += " --sudo" unless args[:target].split('@')[0] == 'root'
|
|
88
|
-
sh_cmd += " -t ssh://#{args[:target]}"
|
|
89
|
-
sh_cmd += " --key_files=#{key_files}"
|
|
90
|
-
sh_cmd += " --format=#{ENV['format']}" if ENV['format']
|
|
91
|
-
|
|
92
|
-
sh('sh', '-c', sh_cmd)
|
|
93
|
-
end
|
|
94
|
-
|
|
95
|
-
project_dir = File.dirname(__FILE__)
|
|
96
|
-
namespace :aws do
|
|
97
|
-
['default', 'minimal'].each do |account|
|
|
98
|
-
integration_dir = File.join(project_dir, 'test', 'integration', 'aws', account)
|
|
99
|
-
attribute_file = File.join(integration_dir, '.attribute.yml')
|
|
100
|
-
|
|
101
|
-
task :"setup:#{account}", :tf_workspace do |t, args|
|
|
102
|
-
tf_workspace = args[:tf_workspace] || ENV['INSPEC_TERRAFORM_ENV']
|
|
103
|
-
abort("You must either call the top-level test:aws:#{account} task, or set the INSPEC_TERRAFORM_ENV variable.") unless tf_workspace
|
|
104
|
-
puts "----> Setup"
|
|
105
|
-
abort("You must set the environment variable AWS_REGION") unless ENV['AWS_REGION']
|
|
106
|
-
puts "----> Checking for required AWS profile..."
|
|
107
|
-
sh("aws configure get aws_access_key_id --profile inspec-aws-test-#{account} > /dev/null")
|
|
108
|
-
sh("cd #{integration_dir}/build/ && terraform init")
|
|
109
|
-
sh("cd #{integration_dir}/build/ && terraform workspace new #{tf_workspace}")
|
|
110
|
-
sh("cd #{integration_dir}/build/ && AWS_PROFILE=inspec-aws-test-#{account} terraform plan")
|
|
111
|
-
sh("cd #{integration_dir}/build/ && AWS_PROFILE=inspec-aws-test-#{account} terraform apply")
|
|
112
|
-
Rake::Task["test:aws:dump_attrs:#{account}"].execute
|
|
113
|
-
end
|
|
114
|
-
|
|
115
|
-
task :"dump_attrs:#{account}" do
|
|
116
|
-
sh("cd #{integration_dir}/build/ && AWS_PROFILE=inspec-aws-test-#{account} terraform output > #{attribute_file}")
|
|
117
|
-
raw_output = File.read(attribute_file)
|
|
118
|
-
yaml_output = raw_output.gsub(" = ", " : ")
|
|
119
|
-
File.open(attribute_file, "w") {|file| file.puts yaml_output}
|
|
120
|
-
end
|
|
121
|
-
|
|
122
|
-
task :"run:#{account}" do
|
|
123
|
-
puts "----> Run"
|
|
124
|
-
sh("bundle exec inspec exec #{integration_dir}/verify -t aws://${AWS_REGION}/inspec-aws-test-#{account} --attrs #{attribute_file}")
|
|
125
|
-
end
|
|
126
|
-
|
|
127
|
-
task :"cleanup:#{account}", :tf_workspace do |t, args|
|
|
128
|
-
tf_workspace = args[:tf_workspace] || ENV['INSPEC_TERRAFORM_ENV']
|
|
129
|
-
abort("You must either call the top-level test:aws:#{account} task, or set the INSPEC_TERRAFORM_ENV variable.") unless tf_workspace
|
|
130
|
-
puts "----> Cleanup"
|
|
131
|
-
sh("cd #{integration_dir}/build/ && AWS_PROFILE=inspec-aws-test-#{account} terraform destroy -force")
|
|
132
|
-
sh("cd #{integration_dir}/build/ && terraform workspace select default")
|
|
133
|
-
sh("cd #{integration_dir}/build && terraform workspace delete #{tf_workspace}")
|
|
134
|
-
end
|
|
135
|
-
|
|
136
|
-
task :"#{account}" do
|
|
137
|
-
tf_workspace = ENV['INSPEC_TERRAFORM_ENV'] || prompt("Please enter a workspace for your integration tests to run in: ")
|
|
138
|
-
begin
|
|
139
|
-
Rake::Task["test:aws:setup:#{account}"].execute({:tf_workspace => tf_workspace})
|
|
140
|
-
Rake::Task["test:aws:run:#{account}"].execute
|
|
141
|
-
rescue
|
|
142
|
-
abort("Integration testing has failed for the #{account} account")
|
|
143
|
-
ensure
|
|
144
|
-
Rake::Task["test:aws:cleanup:#{account}"].execute({:tf_workspace => tf_workspace})
|
|
145
|
-
end
|
|
146
|
-
end
|
|
147
|
-
end
|
|
148
|
-
end
|
|
149
|
-
desc "Perform AWS Integration Tests"
|
|
150
|
-
task aws: [:'aws:default', :'aws:minimal']
|
|
151
|
-
|
|
152
|
-
namespace :azure do
|
|
153
|
-
# Specify the directory for the integration tests
|
|
154
|
-
integration_dir = File.join(project_dir, 'test', 'integration', 'azure')
|
|
155
|
-
attribute_file = File.join(integration_dir, '.attribute.yml')
|
|
156
|
-
|
|
157
|
-
task :setup, :tf_workspace do |t, args|
|
|
158
|
-
tf_workspace = args[:tf_workspace] || ENV['INSPEC_TERRAFORM_ENV']
|
|
159
|
-
abort("You must either call the top-level test:azure task, or set the INSPEC_TERRAFORM_ENV variable.") unless tf_workspace
|
|
160
|
-
puts '----> Setup'
|
|
161
|
-
sh("cd #{integration_dir}/build/ && terraform init")
|
|
162
|
-
sh("cd #{integration_dir}/build/ && terraform workspace new #{tf_workspace}")
|
|
163
|
-
|
|
164
|
-
# Generate Azure crendentials
|
|
165
|
-
creds = Train.create('azure').connection.connect
|
|
166
|
-
|
|
167
|
-
# Determine the storage account name and the admin password
|
|
168
|
-
sa_name = (0...15).map { (65 + rand(26)).chr }.join.downcase
|
|
169
|
-
admin_password = Passgen::generate(length: 12, uppercase: true, lowercase: true, symbols: true, digits: true)
|
|
170
|
-
|
|
171
|
-
# Use the first 4 characters of the storage account to create a suffix
|
|
172
|
-
suffix = sa_name[0..3]
|
|
173
|
-
|
|
174
|
-
# Create the plan that can be applied to Azure
|
|
175
|
-
cmd = ""
|
|
176
|
-
cmd += "cd #{integration_dir}/build/ && terraform plan -out inspec-azure.plan"
|
|
177
|
-
cmd += " -var 'subscription_id=#{creds[:subscription_id]}' "
|
|
178
|
-
cmd += " -var 'client_id=#{creds[:client_id]}' "
|
|
179
|
-
cmd += " -var 'client_secret=#{creds[:client_secret]}' "
|
|
180
|
-
cmd += " -var 'tenant_id=#{creds[:tenant_id]}' "
|
|
181
|
-
cmd += " -var 'storage_account_name=#{sa_name}' "
|
|
182
|
-
cmd += " -var 'admin_password=#{admin_password}' "
|
|
183
|
-
cmd += " -var 'suffix=#{suffix}' "
|
|
184
|
-
sh(cmd)
|
|
185
|
-
|
|
186
|
-
# Apply the plan on Azure
|
|
187
|
-
cmd = "cd #{integration_dir}/build/ && terraform apply inspec-azure.plan"
|
|
188
|
-
sh(cmd)
|
|
189
|
-
|
|
190
|
-
# Dump TF outputs to InSpec attributes file
|
|
191
|
-
Rake::Task["test:azure:dump_attrs"].execute
|
|
192
|
-
end
|
|
193
|
-
|
|
194
|
-
task :"dump_attrs" do
|
|
195
|
-
sh("cd #{integration_dir}/build/ && terraform output > #{attribute_file}")
|
|
196
|
-
raw_output = File.read(attribute_file)
|
|
197
|
-
yaml_output = raw_output.gsub(" = ", " : ")
|
|
198
|
-
File.open(attribute_file, "w") {|file| file.puts yaml_output}
|
|
199
|
-
end
|
|
200
|
-
|
|
201
|
-
task :run do
|
|
202
|
-
puts '----> Run'
|
|
203
|
-
sh("bundle exec inspec exec #{integration_dir}/verify -t azure://1e0b427a-d58b-494e-ae4f-ee558463ebbf")
|
|
204
|
-
end
|
|
205
|
-
|
|
206
|
-
task :cleanup, :tf_workspace do |t, args|
|
|
207
|
-
tf_workspace = args[:tf_workspace] || ENV['INSPEC_TERRAFORM_ENV']
|
|
208
|
-
abort("You must either call the top-level test:azure task, or set the INSPEC_TERRAFORM_ENV variable.") unless tf_workspace
|
|
209
|
-
puts '----> Cleanup'
|
|
210
|
-
|
|
211
|
-
creds = Train.create('azure').connection.connect
|
|
212
|
-
|
|
213
|
-
cmd = ""
|
|
214
|
-
cmd += "cd #{integration_dir}/build/ && terraform destroy -force "
|
|
215
|
-
cmd += " -var 'subscription_id=#{creds[:subscription_id]}' "
|
|
216
|
-
cmd += " -var 'client_id=#{creds[:client_id]}' "
|
|
217
|
-
cmd += " -var 'client_secret=#{creds[:client_secret]}' "
|
|
218
|
-
cmd += " -var 'tenant_id=#{creds[:tenant_id]}' "
|
|
219
|
-
cmd += " -var 'storage_account_name=dummy' "
|
|
220
|
-
cmd += " -var 'admin_password=dummy' "
|
|
221
|
-
cmd += " -var 'suffix=dummy' "
|
|
222
|
-
|
|
223
|
-
sh(cmd)
|
|
224
|
-
|
|
225
|
-
sh("cd #{integration_dir}/build/ && terraform workspace select default")
|
|
226
|
-
sh("cd #{integration_dir}/build && terraform workspace delete #{tf_workspace}")
|
|
227
|
-
end
|
|
228
|
-
end
|
|
229
|
-
|
|
230
|
-
desc "Perform Azure Integration Tests"
|
|
231
|
-
task :azure do
|
|
232
|
-
tf_workspace = ENV['INSPEC_TERRAFORM_ENV'] || prompt("Please enter a workspace for your integration tests to run in: ")
|
|
233
|
-
begin
|
|
234
|
-
Rake::Task["test:azure:setup"].execute({:tf_workspace => tf_workspace})
|
|
235
|
-
Rake::Task["test:azure:run"].execute
|
|
236
|
-
rescue
|
|
237
|
-
abort("Integration testing has failed")
|
|
238
|
-
ensure
|
|
239
|
-
Rake::Task["test:azure:cleanup"].execute({:tf_workspace => tf_workspace})
|
|
240
|
-
end
|
|
241
|
-
end
|
|
242
|
-
end
|
|
243
|
-
|
|
244
|
-
# Print the current version of this gem or update it.
|
|
245
|
-
#
|
|
246
|
-
# @param [Type] target the new version you want to set, or nil if you only want to show
|
|
247
|
-
def inspec_version(target = nil)
|
|
248
|
-
path = 'lib/inspec/version.rb'
|
|
249
|
-
require_relative path.sub(/.rb$/, '')
|
|
250
|
-
|
|
251
|
-
nu_version = target.nil? ? '' : " -> #{target}"
|
|
252
|
-
puts "Inspec: #{Inspec::VERSION}#{nu_version}"
|
|
253
|
-
|
|
254
|
-
unless target.nil?
|
|
255
|
-
raw = File.read(path)
|
|
256
|
-
nu = raw.sub(/VERSION.*/, "VERSION = '#{target}'.freeze")
|
|
257
|
-
File.write(path, nu)
|
|
258
|
-
load(path)
|
|
259
|
-
end
|
|
260
|
-
end
|
|
261
|
-
|
|
262
|
-
# Check if a command is available
|
|
263
|
-
#
|
|
264
|
-
# @param [Type] x the command you are interested in
|
|
265
|
-
# @param [Type] msg the message to display if the command is missing
|
|
266
|
-
def require_command(x, msg = nil)
|
|
267
|
-
return if system("command -v #{x} || exit 1")
|
|
268
|
-
msg ||= 'Please install it first!'
|
|
269
|
-
puts "\033[31;1mCan't find command #{x.inspect}. #{msg}\033[0m"
|
|
270
|
-
exit 1
|
|
271
|
-
end
|
|
272
|
-
|
|
273
|
-
# Check if a required environment variable has been set
|
|
274
|
-
#
|
|
275
|
-
# @param [String] x the variable you are interested in
|
|
276
|
-
# @param [String] msg the message you want to display if the variable is missing
|
|
277
|
-
def require_env(x, msg = nil)
|
|
278
|
-
exists = `env | grep "^#{x}="`
|
|
279
|
-
return unless exists.empty?
|
|
280
|
-
puts "\033[31;1mCan't find environment variable #{x.inspect}. #{msg}\033[0m"
|
|
281
|
-
exit 1
|
|
282
|
-
end
|
|
283
|
-
|
|
284
|
-
# Check the requirements for running an update of this repository.
|
|
285
|
-
def check_update_requirements
|
|
286
|
-
require_command 'git'
|
|
287
|
-
end
|
|
288
|
-
|
|
289
|
-
# Show the current version of this gem.
|
|
290
|
-
desc 'Show the version of this gem'
|
|
291
|
-
task :version do
|
|
292
|
-
inspec_version
|
|
293
|
-
end
|
|
294
|
-
|
|
295
|
-
desc 'Release a new docker image'
|
|
296
|
-
task :release_docker do
|
|
297
|
-
version = Inspec::VERSION
|
|
298
|
-
cmd = "rm *.gem; gem build *gemspec && "\
|
|
299
|
-
"mv *.gem inspec.gem && "\
|
|
300
|
-
"docker build -t chef/inspec:#{version} . && "\
|
|
301
|
-
"docker push chef/inspec:#{version} && "\
|
|
302
|
-
"docker tag chef/inspec:#{version} chef/inspec:latest &&"\
|
|
303
|
-
"docker push chef/inspec:latest"
|
|
304
|
-
puts "--> #{cmd}"
|
|
305
|
-
sh('sh', '-c', cmd)
|
|
306
|
-
end
|
|
307
|
-
|
|
308
|
-
desc 'Release the website [deprecated]'
|
|
309
|
-
task :www do
|
|
310
|
-
puts 'The Rake tasks for releasing the website are now in the www/ directory.'
|
|
311
|
-
puts 'Run `cd www` and then `rake --tasks` for a list of the www-related tasks available.'
|
|
312
|
-
exit(1)
|
|
313
|
-
end
|
|
314
|
-
|
|
315
|
-
namespace :www do
|
|
316
|
-
desc 'Release the website [deprecated]'
|
|
317
|
-
task :release do
|
|
318
|
-
puts 'The Rake tasks for releasing the website are now in the www/ directory.'
|
|
319
|
-
puts 'Run `cd www` and then `rake --tasks` for a list of the www-related tasks available.'
|
|
320
|
-
exit(1)
|
|
321
|
-
end
|
|
322
|
-
end
|
|
1
|
+
#!/usr/bin/env rake
|
|
2
|
+
# encoding: utf-8
|
|
3
|
+
|
|
4
|
+
require 'bundler'
|
|
5
|
+
require 'bundler/gem_tasks'
|
|
6
|
+
require 'rake/testtask'
|
|
7
|
+
require 'passgen'
|
|
8
|
+
require 'train'
|
|
9
|
+
require_relative 'tasks/maintainers'
|
|
10
|
+
require_relative 'tasks/spdx'
|
|
11
|
+
|
|
12
|
+
def prompt(message)
|
|
13
|
+
print(message)
|
|
14
|
+
STDIN.gets.chomp
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
# The docs tasks rely on ruby-progressbar. If we can't load it, then don't
|
|
18
|
+
# load the docs tasks. This is necessary to allow this Rakefile to work
|
|
19
|
+
# when the "tests" gem group in the Gemfile has been excluded, such as
|
|
20
|
+
# during an appbundle-updater run.
|
|
21
|
+
begin
|
|
22
|
+
require 'ruby-progressbar'
|
|
23
|
+
require_relative 'tasks/docs'
|
|
24
|
+
rescue LoadError
|
|
25
|
+
puts 'docs tasks are unavailable because the ruby-progressbar gem is not available.'
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
# Rubocop
|
|
29
|
+
begin
|
|
30
|
+
require 'rubocop/rake_task'
|
|
31
|
+
RuboCop::RakeTask.new(:lint)
|
|
32
|
+
rescue LoadError
|
|
33
|
+
puts 'rubocop is not available. Install the rubocop gem to run the lint tests.'
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
# update command output for demo
|
|
37
|
+
desc 'Run inspec commands and save results to www/app/responses'
|
|
38
|
+
task :update_demo do
|
|
39
|
+
ruby 'www/tutorial/scripts/build_simulator_runtime.rb'
|
|
40
|
+
ruby 'www/tutorial/scripts/run_simulator_recording.rb'
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
# run tests
|
|
44
|
+
task default: [:lint, :test]
|
|
45
|
+
|
|
46
|
+
Rake::TestTask.new do |t|
|
|
47
|
+
t.libs << 'test'
|
|
48
|
+
t.pattern = 'test/unit/**/*_test.rb'
|
|
49
|
+
t.warning = true
|
|
50
|
+
t.verbose = true
|
|
51
|
+
t.ruby_opts = ['--dev'] if defined?(JRUBY_VERSION)
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
namespace :test do
|
|
55
|
+
task :isolated do
|
|
56
|
+
Dir.glob('test/unit/*_test.rb').all? do |file|
|
|
57
|
+
sh(Gem.ruby, '-w', '-Ilib:test', file)
|
|
58
|
+
end or fail 'Failures'
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
Rake::TestTask.new(:functional) do |t|
|
|
62
|
+
t.libs << 'test'
|
|
63
|
+
t.pattern = 'test/functional/**/*_test.rb'
|
|
64
|
+
t.warning = true
|
|
65
|
+
t.verbose = true
|
|
66
|
+
t.ruby_opts = ['--dev'] if defined?(JRUBY_VERSION)
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
task :resources do
|
|
70
|
+
tests = Dir['test/resource/*_test.rb']
|
|
71
|
+
return if tests.empty?
|
|
72
|
+
sh(Gem.ruby, 'test/docker_test.rb', *tests)
|
|
73
|
+
end
|
|
74
|
+
|
|
75
|
+
task :integration do
|
|
76
|
+
concurrency = ENV['CONCURRENCY'] || 1
|
|
77
|
+
os = ENV['OS'] || ''
|
|
78
|
+
sh("bundle exec kitchen test -c #{concurrency} #{os}")
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
task :ssh, [:target] do |_t, args|
|
|
82
|
+
tests_path = File.join(File.dirname(__FILE__), 'test', 'integration', 'test', 'integration', 'default')
|
|
83
|
+
key_files = ENV['key_files'] || File.join(ENV['HOME'], '.ssh', 'id_rsa')
|
|
84
|
+
|
|
85
|
+
sh_cmd = "bin/inspec exec #{tests_path}/"
|
|
86
|
+
sh_cmd += ENV['test'] ? "#{ENV['test']}_spec.rb" : '*'
|
|
87
|
+
sh_cmd += " --sudo" unless args[:target].split('@')[0] == 'root'
|
|
88
|
+
sh_cmd += " -t ssh://#{args[:target]}"
|
|
89
|
+
sh_cmd += " --key_files=#{key_files}"
|
|
90
|
+
sh_cmd += " --format=#{ENV['format']}" if ENV['format']
|
|
91
|
+
|
|
92
|
+
sh('sh', '-c', sh_cmd)
|
|
93
|
+
end
|
|
94
|
+
|
|
95
|
+
project_dir = File.dirname(__FILE__)
|
|
96
|
+
namespace :aws do
|
|
97
|
+
['default', 'minimal'].each do |account|
|
|
98
|
+
integration_dir = File.join(project_dir, 'test', 'integration', 'aws', account)
|
|
99
|
+
attribute_file = File.join(integration_dir, '.attribute.yml')
|
|
100
|
+
|
|
101
|
+
task :"setup:#{account}", :tf_workspace do |t, args|
|
|
102
|
+
tf_workspace = args[:tf_workspace] || ENV['INSPEC_TERRAFORM_ENV']
|
|
103
|
+
abort("You must either call the top-level test:aws:#{account} task, or set the INSPEC_TERRAFORM_ENV variable.") unless tf_workspace
|
|
104
|
+
puts "----> Setup"
|
|
105
|
+
abort("You must set the environment variable AWS_REGION") unless ENV['AWS_REGION']
|
|
106
|
+
puts "----> Checking for required AWS profile..."
|
|
107
|
+
sh("aws configure get aws_access_key_id --profile inspec-aws-test-#{account} > /dev/null")
|
|
108
|
+
sh("cd #{integration_dir}/build/ && terraform init")
|
|
109
|
+
sh("cd #{integration_dir}/build/ && terraform workspace new #{tf_workspace}")
|
|
110
|
+
sh("cd #{integration_dir}/build/ && AWS_PROFILE=inspec-aws-test-#{account} terraform plan")
|
|
111
|
+
sh("cd #{integration_dir}/build/ && AWS_PROFILE=inspec-aws-test-#{account} terraform apply")
|
|
112
|
+
Rake::Task["test:aws:dump_attrs:#{account}"].execute
|
|
113
|
+
end
|
|
114
|
+
|
|
115
|
+
task :"dump_attrs:#{account}" do
|
|
116
|
+
sh("cd #{integration_dir}/build/ && AWS_PROFILE=inspec-aws-test-#{account} terraform output > #{attribute_file}")
|
|
117
|
+
raw_output = File.read(attribute_file)
|
|
118
|
+
yaml_output = raw_output.gsub(" = ", " : ")
|
|
119
|
+
File.open(attribute_file, "w") {|file| file.puts yaml_output}
|
|
120
|
+
end
|
|
121
|
+
|
|
122
|
+
task :"run:#{account}" do
|
|
123
|
+
puts "----> Run"
|
|
124
|
+
sh("bundle exec inspec exec #{integration_dir}/verify -t aws://${AWS_REGION}/inspec-aws-test-#{account} --attrs #{attribute_file}")
|
|
125
|
+
end
|
|
126
|
+
|
|
127
|
+
task :"cleanup:#{account}", :tf_workspace do |t, args|
|
|
128
|
+
tf_workspace = args[:tf_workspace] || ENV['INSPEC_TERRAFORM_ENV']
|
|
129
|
+
abort("You must either call the top-level test:aws:#{account} task, or set the INSPEC_TERRAFORM_ENV variable.") unless tf_workspace
|
|
130
|
+
puts "----> Cleanup"
|
|
131
|
+
sh("cd #{integration_dir}/build/ && AWS_PROFILE=inspec-aws-test-#{account} terraform destroy -force")
|
|
132
|
+
sh("cd #{integration_dir}/build/ && terraform workspace select default")
|
|
133
|
+
sh("cd #{integration_dir}/build && terraform workspace delete #{tf_workspace}")
|
|
134
|
+
end
|
|
135
|
+
|
|
136
|
+
task :"#{account}" do
|
|
137
|
+
tf_workspace = ENV['INSPEC_TERRAFORM_ENV'] || prompt("Please enter a workspace for your integration tests to run in: ")
|
|
138
|
+
begin
|
|
139
|
+
Rake::Task["test:aws:setup:#{account}"].execute({:tf_workspace => tf_workspace})
|
|
140
|
+
Rake::Task["test:aws:run:#{account}"].execute
|
|
141
|
+
rescue
|
|
142
|
+
abort("Integration testing has failed for the #{account} account")
|
|
143
|
+
ensure
|
|
144
|
+
Rake::Task["test:aws:cleanup:#{account}"].execute({:tf_workspace => tf_workspace})
|
|
145
|
+
end
|
|
146
|
+
end
|
|
147
|
+
end
|
|
148
|
+
end
|
|
149
|
+
desc "Perform AWS Integration Tests"
|
|
150
|
+
task aws: [:'aws:default', :'aws:minimal']
|
|
151
|
+
|
|
152
|
+
namespace :azure do
|
|
153
|
+
# Specify the directory for the integration tests
|
|
154
|
+
integration_dir = File.join(project_dir, 'test', 'integration', 'azure')
|
|
155
|
+
attribute_file = File.join(integration_dir, '.attribute.yml')
|
|
156
|
+
|
|
157
|
+
task :setup, :tf_workspace do |t, args|
|
|
158
|
+
tf_workspace = args[:tf_workspace] || ENV['INSPEC_TERRAFORM_ENV']
|
|
159
|
+
abort("You must either call the top-level test:azure task, or set the INSPEC_TERRAFORM_ENV variable.") unless tf_workspace
|
|
160
|
+
puts '----> Setup'
|
|
161
|
+
sh("cd #{integration_dir}/build/ && terraform init")
|
|
162
|
+
sh("cd #{integration_dir}/build/ && terraform workspace new #{tf_workspace}")
|
|
163
|
+
|
|
164
|
+
# Generate Azure crendentials
|
|
165
|
+
creds = Train.create('azure').connection.connect
|
|
166
|
+
|
|
167
|
+
# Determine the storage account name and the admin password
|
|
168
|
+
sa_name = (0...15).map { (65 + rand(26)).chr }.join.downcase
|
|
169
|
+
admin_password = Passgen::generate(length: 12, uppercase: true, lowercase: true, symbols: true, digits: true)
|
|
170
|
+
|
|
171
|
+
# Use the first 4 characters of the storage account to create a suffix
|
|
172
|
+
suffix = sa_name[0..3]
|
|
173
|
+
|
|
174
|
+
# Create the plan that can be applied to Azure
|
|
175
|
+
cmd = ""
|
|
176
|
+
cmd += "cd #{integration_dir}/build/ && terraform plan -out inspec-azure.plan"
|
|
177
|
+
cmd += " -var 'subscription_id=#{creds[:subscription_id]}' "
|
|
178
|
+
cmd += " -var 'client_id=#{creds[:client_id]}' "
|
|
179
|
+
cmd += " -var 'client_secret=#{creds[:client_secret]}' "
|
|
180
|
+
cmd += " -var 'tenant_id=#{creds[:tenant_id]}' "
|
|
181
|
+
cmd += " -var 'storage_account_name=#{sa_name}' "
|
|
182
|
+
cmd += " -var 'admin_password=#{admin_password}' "
|
|
183
|
+
cmd += " -var 'suffix=#{suffix}' "
|
|
184
|
+
sh(cmd)
|
|
185
|
+
|
|
186
|
+
# Apply the plan on Azure
|
|
187
|
+
cmd = "cd #{integration_dir}/build/ && terraform apply inspec-azure.plan"
|
|
188
|
+
sh(cmd)
|
|
189
|
+
|
|
190
|
+
# Dump TF outputs to InSpec attributes file
|
|
191
|
+
Rake::Task["test:azure:dump_attrs"].execute
|
|
192
|
+
end
|
|
193
|
+
|
|
194
|
+
task :"dump_attrs" do
|
|
195
|
+
sh("cd #{integration_dir}/build/ && terraform output > #{attribute_file}")
|
|
196
|
+
raw_output = File.read(attribute_file)
|
|
197
|
+
yaml_output = raw_output.gsub(" = ", " : ")
|
|
198
|
+
File.open(attribute_file, "w") {|file| file.puts yaml_output}
|
|
199
|
+
end
|
|
200
|
+
|
|
201
|
+
task :run do
|
|
202
|
+
puts '----> Run'
|
|
203
|
+
sh("bundle exec inspec exec #{integration_dir}/verify -t azure://1e0b427a-d58b-494e-ae4f-ee558463ebbf")
|
|
204
|
+
end
|
|
205
|
+
|
|
206
|
+
task :cleanup, :tf_workspace do |t, args|
|
|
207
|
+
tf_workspace = args[:tf_workspace] || ENV['INSPEC_TERRAFORM_ENV']
|
|
208
|
+
abort("You must either call the top-level test:azure task, or set the INSPEC_TERRAFORM_ENV variable.") unless tf_workspace
|
|
209
|
+
puts '----> Cleanup'
|
|
210
|
+
|
|
211
|
+
creds = Train.create('azure').connection.connect
|
|
212
|
+
|
|
213
|
+
cmd = ""
|
|
214
|
+
cmd += "cd #{integration_dir}/build/ && terraform destroy -force "
|
|
215
|
+
cmd += " -var 'subscription_id=#{creds[:subscription_id]}' "
|
|
216
|
+
cmd += " -var 'client_id=#{creds[:client_id]}' "
|
|
217
|
+
cmd += " -var 'client_secret=#{creds[:client_secret]}' "
|
|
218
|
+
cmd += " -var 'tenant_id=#{creds[:tenant_id]}' "
|
|
219
|
+
cmd += " -var 'storage_account_name=dummy' "
|
|
220
|
+
cmd += " -var 'admin_password=dummy' "
|
|
221
|
+
cmd += " -var 'suffix=dummy' "
|
|
222
|
+
|
|
223
|
+
sh(cmd)
|
|
224
|
+
|
|
225
|
+
sh("cd #{integration_dir}/build/ && terraform workspace select default")
|
|
226
|
+
sh("cd #{integration_dir}/build && terraform workspace delete #{tf_workspace}")
|
|
227
|
+
end
|
|
228
|
+
end
|
|
229
|
+
|
|
230
|
+
desc "Perform Azure Integration Tests"
|
|
231
|
+
task :azure do
|
|
232
|
+
tf_workspace = ENV['INSPEC_TERRAFORM_ENV'] || prompt("Please enter a workspace for your integration tests to run in: ")
|
|
233
|
+
begin
|
|
234
|
+
Rake::Task["test:azure:setup"].execute({:tf_workspace => tf_workspace})
|
|
235
|
+
Rake::Task["test:azure:run"].execute
|
|
236
|
+
rescue
|
|
237
|
+
abort("Integration testing has failed")
|
|
238
|
+
ensure
|
|
239
|
+
Rake::Task["test:azure:cleanup"].execute({:tf_workspace => tf_workspace})
|
|
240
|
+
end
|
|
241
|
+
end
|
|
242
|
+
end
|
|
243
|
+
|
|
244
|
+
# Print the current version of this gem or update it.
|
|
245
|
+
#
|
|
246
|
+
# @param [Type] target the new version you want to set, or nil if you only want to show
|
|
247
|
+
def inspec_version(target = nil)
|
|
248
|
+
path = 'lib/inspec/version.rb'
|
|
249
|
+
require_relative path.sub(/.rb$/, '')
|
|
250
|
+
|
|
251
|
+
nu_version = target.nil? ? '' : " -> #{target}"
|
|
252
|
+
puts "Inspec: #{Inspec::VERSION}#{nu_version}"
|
|
253
|
+
|
|
254
|
+
unless target.nil?
|
|
255
|
+
raw = File.read(path)
|
|
256
|
+
nu = raw.sub(/VERSION.*/, "VERSION = '#{target}'.freeze")
|
|
257
|
+
File.write(path, nu)
|
|
258
|
+
load(path)
|
|
259
|
+
end
|
|
260
|
+
end
|
|
261
|
+
|
|
262
|
+
# Check if a command is available
|
|
263
|
+
#
|
|
264
|
+
# @param [Type] x the command you are interested in
|
|
265
|
+
# @param [Type] msg the message to display if the command is missing
|
|
266
|
+
def require_command(x, msg = nil)
|
|
267
|
+
return if system("command -v #{x} || exit 1")
|
|
268
|
+
msg ||= 'Please install it first!'
|
|
269
|
+
puts "\033[31;1mCan't find command #{x.inspect}. #{msg}\033[0m"
|
|
270
|
+
exit 1
|
|
271
|
+
end
|
|
272
|
+
|
|
273
|
+
# Check if a required environment variable has been set
|
|
274
|
+
#
|
|
275
|
+
# @param [String] x the variable you are interested in
|
|
276
|
+
# @param [String] msg the message you want to display if the variable is missing
|
|
277
|
+
def require_env(x, msg = nil)
|
|
278
|
+
exists = `env | grep "^#{x}="`
|
|
279
|
+
return unless exists.empty?
|
|
280
|
+
puts "\033[31;1mCan't find environment variable #{x.inspect}. #{msg}\033[0m"
|
|
281
|
+
exit 1
|
|
282
|
+
end
|
|
283
|
+
|
|
284
|
+
# Check the requirements for running an update of this repository.
|
|
285
|
+
def check_update_requirements
|
|
286
|
+
require_command 'git'
|
|
287
|
+
end
|
|
288
|
+
|
|
289
|
+
# Show the current version of this gem.
|
|
290
|
+
desc 'Show the version of this gem'
|
|
291
|
+
task :version do
|
|
292
|
+
inspec_version
|
|
293
|
+
end
|
|
294
|
+
|
|
295
|
+
desc 'Release a new docker image'
|
|
296
|
+
task :release_docker do
|
|
297
|
+
version = Inspec::VERSION
|
|
298
|
+
cmd = "rm *.gem; gem build *gemspec && "\
|
|
299
|
+
"mv *.gem inspec.gem && "\
|
|
300
|
+
"docker build -t chef/inspec:#{version} . && "\
|
|
301
|
+
"docker push chef/inspec:#{version} && "\
|
|
302
|
+
"docker tag chef/inspec:#{version} chef/inspec:latest &&"\
|
|
303
|
+
"docker push chef/inspec:latest"
|
|
304
|
+
puts "--> #{cmd}"
|
|
305
|
+
sh('sh', '-c', cmd)
|
|
306
|
+
end
|
|
307
|
+
|
|
308
|
+
desc 'Release the website [deprecated]'
|
|
309
|
+
task :www do
|
|
310
|
+
puts 'The Rake tasks for releasing the website are now in the www/ directory.'
|
|
311
|
+
puts 'Run `cd www` and then `rake --tasks` for a list of the www-related tasks available.'
|
|
312
|
+
exit(1)
|
|
313
|
+
end
|
|
314
|
+
|
|
315
|
+
namespace :www do
|
|
316
|
+
desc 'Release the website [deprecated]'
|
|
317
|
+
task :release do
|
|
318
|
+
puts 'The Rake tasks for releasing the website are now in the www/ directory.'
|
|
319
|
+
puts 'Run `cd www` and then `rake --tasks` for a list of the www-related tasks available.'
|
|
320
|
+
exit(1)
|
|
321
|
+
end
|
|
322
|
+
end
|