RubyGems - inspec - Versions diffs - 2.1.21 → 2.1.30 - Mend

inspec 2.1.21 → 2.1.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (502) hide show

checksums.yaml +4 -4
data/.rubocop.yml +101 -101
data/CHANGELOG.md +3062 -3045
data/Gemfile +56 -56
data/LICENSE +14 -14
data/MAINTAINERS.md +33 -33
data/MAINTAINERS.toml +52 -52
data/README.md +447 -447
data/Rakefile +322 -322
data/bin/inspec +12 -12
data/docs/.gitignore +2 -2
data/docs/README.md +40 -40
data/docs/dsl_inspec.md +258 -258
data/docs/dsl_resource.md +100 -100
data/docs/glossary.md +99 -99
data/docs/habitat.md +191 -191
data/docs/inspec_and_friends.md +114 -114
data/docs/matchers.md +169 -169
data/docs/migration.md +293 -293
data/docs/platforms.md +118 -118
data/docs/plugin_kitchen_inspec.md +50 -50
data/docs/profiles.md +376 -376
data/docs/reporters.md +105 -105
data/docs/resources/aide_conf.md.erb +75 -75
data/docs/resources/apache.md.erb +67 -67
data/docs/resources/apache_conf.md.erb +68 -68
data/docs/resources/apt.md.erb +71 -71
data/docs/resources/audit_policy.md.erb +47 -47
data/docs/resources/auditd.md.erb +79 -79
data/docs/resources/auditd_conf.md.erb +68 -68
data/docs/resources/aws_cloudtrail_trail.md.erb +140 -140
data/docs/resources/aws_cloudtrail_trails.md.erb +81 -81
data/docs/resources/aws_cloudwatch_alarm.md.erb +86 -86
data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +151 -151
data/docs/resources/aws_config_delivery_channel.md +79 -79
data/docs/resources/aws_config_recorder.md.erb +71 -71
data/docs/resources/aws_ec2_instance.md.erb +106 -106
data/docs/resources/aws_iam_access_key.md.erb +123 -123
data/docs/resources/aws_iam_access_keys.md.erb +198 -198
data/docs/resources/aws_iam_group.md.erb +46 -46
data/docs/resources/aws_iam_groups.md.erb +43 -43
data/docs/resources/aws_iam_password_policy.md.erb +76 -76
data/docs/resources/aws_iam_policies.md.erb +82 -82
data/docs/resources/aws_iam_policy.md.erb +144 -144
data/docs/resources/aws_iam_role.md.erb +63 -63
data/docs/resources/aws_iam_root_user.md.erb +70 -58
data/docs/resources/aws_iam_user.md.erb +64 -64
data/docs/resources/aws_iam_users.md.erb +89 -89
data/docs/resources/aws_kms_key.md.erb +171 -171
data/docs/resources/aws_kms_keys.md.erb +84 -84
data/docs/resources/aws_rds_instance.md.erb +60 -60
data/docs/resources/aws_route_table.md.erb +47 -47
data/docs/resources/aws_route_tables.md.erb +49 -0
data/docs/resources/aws_s3_bucket.md.erb +134 -134
data/docs/resources/aws_s3_bucket_object.md.erb +83 -83
data/docs/resources/aws_s3_buckets.md.erb +53 -0
data/docs/resources/aws_security_group.md.erb +151 -151
data/docs/resources/aws_security_groups.md.erb +91 -91
data/docs/resources/aws_sns_subscription.md.erb +124 -124
data/docs/resources/aws_sns_topic.md.erb +63 -63
data/docs/resources/aws_sns_topics.md.erb +52 -52
data/docs/resources/aws_subnet.md.erb +134 -134
data/docs/resources/aws_subnets.md.erb +126 -126
data/docs/resources/aws_vpc.md.erb +120 -120
data/docs/resources/aws_vpcs.md.erb +48 -48
data/docs/resources/azure_generic_resource.md.erb +171 -171
data/docs/resources/azure_resource_group.md.erb +284 -284
data/docs/resources/azure_virtual_machine.md.erb +347 -347
data/docs/resources/azure_virtual_machine_data_disk.md.erb +224 -224
data/docs/resources/bash.md.erb +75 -75
data/docs/resources/bond.md.erb +90 -90
data/docs/resources/bridge.md.erb +57 -57
data/docs/resources/bsd_service.md.erb +67 -67
data/docs/resources/chocolatey_package.md.erb +58 -0
data/docs/resources/command.md.erb +138 -138
data/docs/resources/cpan.md.erb +79 -79
data/docs/resources/cran.md.erb +64 -64
data/docs/resources/crontab.md.erb +89 -89
data/docs/resources/csv.md.erb +54 -54
data/docs/resources/dh_params.md.erb +205 -205
data/docs/resources/directory.md.erb +30 -30
data/docs/resources/docker.md.erb +219 -219
data/docs/resources/docker_container.md.erb +103 -103
data/docs/resources/docker_image.md.erb +94 -94
data/docs/resources/docker_service.md.erb +114 -114
data/docs/resources/elasticsearch.md.erb +242 -242
data/docs/resources/etc_fstab.md.erb +125 -125
data/docs/resources/etc_group.md.erb +75 -75
data/docs/resources/etc_hosts.md.erb +78 -78
data/docs/resources/etc_hosts_allow.md.erb +74 -74
data/docs/resources/etc_hosts_deny.md.erb +74 -74
data/docs/resources/file.md.erb +526 -526
data/docs/resources/filesystem.md.erb +41 -41
data/docs/resources/firewalld.md.erb +107 -107
data/docs/resources/gem.md.erb +79 -79
data/docs/resources/group.md.erb +61 -61
data/docs/resources/grub_conf.md.erb +101 -101
data/docs/resources/host.md.erb +86 -86
data/docs/resources/http.md.erb +196 -196
data/docs/resources/iis_app.md.erb +122 -122
data/docs/resources/iis_site.md.erb +135 -135
data/docs/resources/inetd_conf.md.erb +94 -94
data/docs/resources/ini.md.erb +76 -76
data/docs/resources/interface.md.erb +58 -58
data/docs/resources/iptables.md.erb +64 -64
data/docs/resources/json.md.erb +63 -63
data/docs/resources/kernel_module.md.erb +120 -120
data/docs/resources/kernel_parameter.md.erb +53 -53
data/docs/resources/key_rsa.md.erb +85 -85
data/docs/resources/launchd_service.md.erb +57 -57
data/docs/resources/limits_conf.md.erb +75 -75
data/docs/resources/login_defs.md.erb +71 -71
data/docs/resources/mount.md.erb +69 -69
data/docs/resources/mssql_session.md.erb +60 -60
data/docs/resources/mysql_conf.md.erb +99 -99
data/docs/resources/mysql_session.md.erb +74 -74
data/docs/resources/nginx.md.erb +79 -79
data/docs/resources/nginx_conf.md.erb +138 -138
data/docs/resources/npm.md.erb +60 -60
data/docs/resources/ntp_conf.md.erb +60 -60
data/docs/resources/oneget.md.erb +53 -53
data/docs/resources/oracledb_session.md.erb +52 -52
data/docs/resources/os.md.erb +141 -141
data/docs/resources/os_env.md.erb +78 -78
data/docs/resources/package.md.erb +120 -120
data/docs/resources/packages.md.erb +67 -67
data/docs/resources/parse_config.md.erb +103 -103
data/docs/resources/parse_config_file.md.erb +138 -138
data/docs/resources/passwd.md.erb +141 -141
data/docs/resources/pip.md.erb +67 -67
data/docs/resources/port.md.erb +137 -137
data/docs/resources/postgres_conf.md.erb +79 -79
data/docs/resources/postgres_hba_conf.md.erb +93 -93
data/docs/resources/postgres_ident_conf.md.erb +76 -76
data/docs/resources/postgres_session.md.erb +69 -69
data/docs/resources/powershell.md.erb +102 -102
data/docs/resources/processes.md.erb +109 -109
data/docs/resources/rabbitmq_config.md.erb +41 -41
data/docs/resources/registry_key.md.erb +158 -158
data/docs/resources/runit_service.md.erb +57 -57
data/docs/resources/security_policy.md.erb +47 -47
data/docs/resources/service.md.erb +121 -121
data/docs/resources/shadow.md.erb +146 -146
data/docs/resources/ssh_config.md.erb +73 -73
data/docs/resources/sshd_config.md.erb +83 -83
data/docs/resources/ssl.md.erb +119 -119
data/docs/resources/sys_info.md.erb +42 -42
data/docs/resources/systemd_service.md.erb +57 -57
data/docs/resources/sysv_service.md.erb +57 -57
data/docs/resources/upstart_service.md.erb +57 -57
data/docs/resources/user.md.erb +140 -140
data/docs/resources/users.md.erb +127 -127
data/docs/resources/vbscript.md.erb +55 -55
data/docs/resources/virtualization.md.erb +57 -57
data/docs/resources/windows_feature.md.erb +47 -47
data/docs/resources/windows_hotfix.md.erb +53 -53
data/docs/resources/windows_task.md.erb +95 -95
data/docs/resources/wmi.md.erb +81 -81
data/docs/resources/x509_certificate.md.erb +151 -151
data/docs/resources/xinetd_conf.md.erb +156 -156
data/docs/resources/xml.md.erb +85 -85
data/docs/resources/yaml.md.erb +69 -69
data/docs/resources/yum.md.erb +98 -98
data/docs/resources/zfs_dataset.md.erb +53 -53
data/docs/resources/zfs_pool.md.erb +47 -47
data/docs/ruby_usage.md +203 -203
data/docs/shared/matcher_be.md.erb +1 -1
data/docs/shared/matcher_cmp.md.erb +43 -43
data/docs/shared/matcher_eq.md.erb +3 -3
data/docs/shared/matcher_include.md.erb +1 -1
data/docs/shared/matcher_match.md.erb +1 -1
data/docs/shell.md +217 -217
data/examples/README.md +8 -8
data/examples/inheritance/README.md +65 -65
data/examples/inheritance/controls/example.rb +14 -14
data/examples/inheritance/inspec.yml +15 -15
data/examples/kitchen-ansible/.kitchen.yml +25 -25
data/examples/kitchen-ansible/Gemfile +19 -19
data/examples/kitchen-ansible/README.md +53 -53
data/examples/kitchen-ansible/files/nginx.repo +6 -6
data/examples/kitchen-ansible/tasks/main.yml +16 -16
data/examples/kitchen-ansible/test/integration/default/default.yml +5 -5
data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -28
data/examples/kitchen-chef/.kitchen.yml +20 -20
data/examples/kitchen-chef/Berksfile +3 -3
data/examples/kitchen-chef/Gemfile +19 -19
data/examples/kitchen-chef/README.md +27 -27
data/examples/kitchen-chef/metadata.rb +7 -7
data/examples/kitchen-chef/recipes/default.rb +6 -6
data/examples/kitchen-chef/recipes/nginx.rb +30 -30
data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -28
data/examples/kitchen-puppet/.kitchen.yml +22 -22
data/examples/kitchen-puppet/Gemfile +20 -20
data/examples/kitchen-puppet/Puppetfile +25 -25
data/examples/kitchen-puppet/README.md +53 -53
data/examples/kitchen-puppet/manifests/site.pp +33 -33
data/examples/kitchen-puppet/metadata.json +11 -11
data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -28
data/examples/meta-profile/README.md +37 -37
data/examples/meta-profile/controls/example.rb +13 -13
data/examples/meta-profile/inspec.yml +13 -13
data/examples/profile-attribute.yml +2 -2
data/examples/profile-attribute/README.md +14 -14
data/examples/profile-attribute/controls/example.rb +11 -11
data/examples/profile-attribute/inspec.yml +8 -8
data/examples/profile-aws/controls/iam_password_policy_expiration.rb +8 -8
data/examples/profile-aws/controls/iam_password_policy_max_age.rb +8 -8
data/examples/profile-aws/controls/iam_root_user_mfa.rb +8 -8
data/examples/profile-aws/controls/iam_users_access_key_age.rb +8 -8
data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +8 -8
data/examples/profile-aws/inspec.yml +11 -11
data/examples/profile-azure/controls/azure_resource_group_example.rb +24 -24
data/examples/profile-azure/controls/azure_vm_example.rb +29 -29
data/examples/profile-azure/inspec.yml +11 -11
data/examples/profile-sensitive/README.md +29 -29
data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -9
data/examples/profile-sensitive/controls/sensitive.rb +9 -9
data/examples/profile-sensitive/inspec.yml +8 -8
data/examples/profile/README.md +48 -48
data/examples/profile/controls/example.rb +23 -23
data/examples/profile/controls/gordon.rb +36 -36
data/examples/profile/controls/meta.rb +34 -34
data/examples/profile/inspec.yml +10 -10
data/examples/profile/libraries/gordon_config.rb +59 -53
data/inspec.gemspec +47 -47
data/lib/bundles/README.md +3 -3
data/lib/bundles/inspec-artifact.rb +7 -7
data/lib/bundles/inspec-artifact/README.md +1 -1
data/lib/bundles/inspec-artifact/cli.rb +277 -277
data/lib/bundles/inspec-compliance.rb +16 -16
data/lib/bundles/inspec-compliance/.kitchen.yml +20 -20
data/lib/bundles/inspec-compliance/README.md +185 -185
data/lib/bundles/inspec-compliance/api.rb +316 -316
data/lib/bundles/inspec-compliance/api/login.rb +152 -152
data/lib/bundles/inspec-compliance/bootstrap.sh +41 -41
data/lib/bundles/inspec-compliance/cli.rb +254 -254
data/lib/bundles/inspec-compliance/configuration.rb +103 -103
data/lib/bundles/inspec-compliance/http.rb +86 -86
data/lib/bundles/inspec-compliance/support.rb +36 -36
data/lib/bundles/inspec-compliance/target.rb +98 -98
data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -93
data/lib/bundles/inspec-habitat.rb +12 -12
data/lib/bundles/inspec-habitat/cli.rb +36 -36
data/lib/bundles/inspec-habitat/log.rb +10 -10
data/lib/bundles/inspec-habitat/profile.rb +391 -391
data/lib/bundles/inspec-init.rb +8 -8
data/lib/bundles/inspec-init/README.md +31 -31
data/lib/bundles/inspec-init/cli.rb +97 -97
data/lib/bundles/inspec-init/templates/profile/README.md +3 -3
data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -19
data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -8
data/lib/bundles/inspec-supermarket.rb +13 -13
data/lib/bundles/inspec-supermarket/README.md +45 -45
data/lib/bundles/inspec-supermarket/api.rb +84 -84
data/lib/bundles/inspec-supermarket/cli.rb +73 -73
data/lib/bundles/inspec-supermarket/target.rb +34 -34
data/lib/fetchers/git.rb +163 -163
data/lib/fetchers/local.rb +74 -74
data/lib/fetchers/mock.rb +35 -35
data/lib/fetchers/url.rb +204 -204
data/lib/inspec.rb +24 -24
data/lib/inspec/archive/tar.rb +29 -29
data/lib/inspec/archive/zip.rb +19 -19
data/lib/inspec/backend.rb +93 -93
data/lib/inspec/base_cli.rb +363 -357
data/lib/inspec/cached_fetcher.rb +66 -66
data/lib/inspec/cli.rb +292 -292
data/lib/inspec/completions/bash.sh.erb +45 -45
data/lib/inspec/completions/fish.sh.erb +34 -34
data/lib/inspec/completions/zsh.sh.erb +61 -61
data/lib/inspec/control_eval_context.rb +179 -179
data/lib/inspec/dependencies/cache.rb +72 -72
data/lib/inspec/dependencies/dependency_set.rb +92 -92
data/lib/inspec/dependencies/lockfile.rb +115 -115
data/lib/inspec/dependencies/requirement.rb +123 -123
data/lib/inspec/dependencies/resolver.rb +86 -86
data/lib/inspec/describe.rb +27 -27
data/lib/inspec/dsl.rb +66 -66
data/lib/inspec/dsl_shared.rb +33 -33
data/lib/inspec/env_printer.rb +157 -157
data/lib/inspec/errors.rb +14 -13
data/lib/inspec/exceptions.rb +12 -12
data/lib/inspec/expect.rb +45 -45
data/lib/inspec/fetcher.rb +45 -45
data/lib/inspec/file_provider.rb +275 -275
data/lib/inspec/formatters.rb +3 -3
data/lib/inspec/formatters/base.rb +259 -250
data/lib/inspec/formatters/json_rspec.rb +20 -20
data/lib/inspec/formatters/show_progress.rb +12 -12
data/lib/inspec/library_eval_context.rb +58 -58
data/lib/inspec/log.rb +11 -11
data/lib/inspec/metadata.rb +247 -247
data/lib/inspec/method_source.rb +24 -24
data/lib/inspec/objects.rb +14 -14
data/lib/inspec/objects/attribute.rb +65 -65
data/lib/inspec/objects/control.rb +61 -61
data/lib/inspec/objects/describe.rb +92 -92
data/lib/inspec/objects/each_loop.rb +36 -36
data/lib/inspec/objects/list.rb +15 -15
data/lib/inspec/objects/or_test.rb +40 -40
data/lib/inspec/objects/ruby_helper.rb +15 -15
data/lib/inspec/objects/tag.rb +27 -27
data/lib/inspec/objects/test.rb +87 -87
data/lib/inspec/objects/value.rb +27 -27
data/lib/inspec/plugins.rb +60 -60
data/lib/inspec/plugins/cli.rb +24 -24
data/lib/inspec/plugins/fetcher.rb +86 -86
data/lib/inspec/plugins/resource.rb +135 -135
data/lib/inspec/plugins/secret.rb +15 -15
data/lib/inspec/plugins/source_reader.rb +40 -40
data/lib/inspec/polyfill.rb +12 -12
data/lib/inspec/profile.rb +513 -513
data/lib/inspec/profile_context.rb +208 -208
data/lib/inspec/profile_vendor.rb +66 -66
data/lib/inspec/reporters.rb +60 -54
data/lib/inspec/reporters/automate.rb +76 -0
data/lib/inspec/reporters/base.rb +25 -24
data/lib/inspec/reporters/cli.rb +356 -356
data/lib/inspec/reporters/json.rb +116 -116
data/lib/inspec/reporters/json_min.rb +48 -48
data/lib/inspec/reporters/junit.rb +77 -77
data/lib/inspec/require_loader.rb +33 -33
data/lib/inspec/resource.rb +187 -186
data/lib/inspec/rule.rb +266 -266
data/lib/inspec/runner.rb +345 -345
data/lib/inspec/runner_mock.rb +41 -41
data/lib/inspec/runner_rspec.rb +175 -175
data/lib/inspec/runtime_profile.rb +26 -26
data/lib/inspec/schema.rb +213 -213
data/lib/inspec/secrets.rb +19 -19
data/lib/inspec/secrets/yaml.rb +30 -30
data/lib/inspec/shell.rb +220 -220
data/lib/inspec/shell_detector.rb +90 -90
data/lib/inspec/source_reader.rb +29 -29
data/lib/inspec/version.rb +8 -8
data/lib/matchers/matchers.rb +339 -339
data/lib/resource_support/aws.rb +49 -47
data/lib/resource_support/aws/aws_backend_base.rb +12 -12
data/lib/resource_support/aws/aws_backend_factory_mixin.rb +12 -12
data/lib/resource_support/aws/aws_plural_resource_mixin.rb +21 -21
data/lib/resource_support/aws/aws_resource_mixin.rb +66 -66
data/lib/resource_support/aws/aws_singular_resource_mixin.rb +24 -24
data/lib/resources/aide_conf.rb +151 -151
data/lib/resources/apache.rb +48 -48
data/lib/resources/apache_conf.rb +149 -149
data/lib/resources/apt.rb +149 -149
data/lib/resources/audit_policy.rb +63 -63
data/lib/resources/auditd.rb +231 -231
data/lib/resources/auditd_conf.rb +46 -46
data/lib/resources/aws/aws_cloudtrail_trail.rb +77 -77
data/lib/resources/aws/aws_cloudtrail_trails.rb +47 -47
data/lib/resources/aws/aws_cloudwatch_alarm.rb +62 -62
data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +100 -100
data/lib/resources/aws/aws_config_delivery_channel.rb +76 -76
data/lib/resources/aws/aws_config_recorder.rb +98 -98
data/lib/resources/aws/aws_ec2_instance.rb +157 -157
data/lib/resources/aws/aws_iam_access_key.rb +106 -106
data/lib/resources/aws/aws_iam_access_keys.rb +149 -149
data/lib/resources/aws/aws_iam_group.rb +56 -56
data/lib/resources/aws/aws_iam_groups.rb +52 -52
data/lib/resources/aws/aws_iam_password_policy.rb +116 -116
data/lib/resources/aws/aws_iam_policies.rb +53 -53
data/lib/resources/aws/aws_iam_policy.rb +125 -125
data/lib/resources/aws/aws_iam_role.rb +51 -51
data/lib/resources/aws/aws_iam_root_user.rb +78 -60
data/lib/resources/aws/aws_iam_user.rb +111 -111
data/lib/resources/aws/aws_iam_users.rb +108 -108
data/lib/resources/aws/aws_kms_key.rb +96 -96
data/lib/resources/aws/aws_kms_keys.rb +53 -53
data/lib/resources/aws/aws_rds_instance.rb +71 -71
data/lib/resources/aws/aws_route_table.rb +63 -63
data/lib/resources/aws/aws_route_tables.rb +60 -0
data/lib/resources/aws/aws_s3_bucket.rb +115 -115
data/lib/resources/aws/aws_s3_bucket_object.rb +82 -82
data/lib/resources/aws/aws_s3_buckets.rb +51 -0
data/lib/resources/aws/aws_security_group.rb +93 -93
data/lib/resources/aws/aws_security_groups.rb +68 -68
data/lib/resources/aws/aws_sns_subscription.rb +78 -78
data/lib/resources/aws/aws_sns_topic.rb +53 -53
data/lib/resources/aws/aws_sns_topics.rb +56 -56
data/lib/resources/aws/aws_subnet.rb +88 -88
data/lib/resources/aws/aws_subnets.rb +53 -53
data/lib/resources/aws/aws_vpc.rb +69 -69
data/lib/resources/aws/aws_vpcs.rb +45 -45
data/lib/resources/azure/azure_backend.rb +377 -377
data/lib/resources/azure/azure_generic_resource.rb +59 -59
data/lib/resources/azure/azure_resource_group.rb +152 -152
data/lib/resources/azure/azure_virtual_machine.rb +264 -264
data/lib/resources/azure/azure_virtual_machine_data_disk.rb +134 -134
data/lib/resources/bash.rb +35 -35
data/lib/resources/bond.rb +69 -69
data/lib/resources/bridge.rb +122 -122
data/lib/resources/chocolatey_package.rb +78 -0
data/lib/resources/command.rb +73 -73
data/lib/resources/cpan.rb +58 -58
data/lib/resources/cran.rb +64 -64
data/lib/resources/crontab.rb +169 -169
data/lib/resources/csv.rb +56 -56
data/lib/resources/dh_params.rb +77 -77
data/lib/resources/directory.rb +25 -25
data/lib/resources/docker.rb +236 -236
data/lib/resources/docker_container.rb +89 -89
data/lib/resources/docker_image.rb +83 -83
data/lib/resources/docker_object.rb +57 -57
data/lib/resources/docker_service.rb +90 -90
data/lib/resources/elasticsearch.rb +169 -169
data/lib/resources/etc_fstab.rb +94 -94
data/lib/resources/etc_group.rb +152 -152
data/lib/resources/etc_hosts.rb +66 -66
data/lib/resources/etc_hosts_allow_deny.rb +112 -112
data/lib/resources/file.rb +298 -298
data/lib/resources/filesystem.rb +31 -31
data/lib/resources/firewalld.rb +143 -143
data/lib/resources/gem.rb +70 -70
data/lib/resources/groups.rb +215 -215
data/lib/resources/grub_conf.rb +227 -227
data/lib/resources/host.rb +306 -306
data/lib/resources/http.rb +253 -253
data/lib/resources/iis_app.rb +101 -101
data/lib/resources/iis_site.rb +148 -148
data/lib/resources/inetd_conf.rb +54 -54
data/lib/resources/ini.rb +29 -29
data/lib/resources/interface.rb +129 -129
data/lib/resources/iptables.rb +80 -80
data/lib/resources/json.rb +107 -107
data/lib/resources/kernel_module.rb +107 -107
data/lib/resources/kernel_parameter.rb +58 -58
data/lib/resources/key_rsa.rb +61 -61
data/lib/resources/limits_conf.rb +46 -46
data/lib/resources/login_def.rb +57 -57
data/lib/resources/mount.rb +88 -88
data/lib/resources/mssql_session.rb +101 -101
data/lib/resources/mysql.rb +82 -81
data/lib/resources/mysql_conf.rb +127 -127
data/lib/resources/mysql_session.rb +85 -85
data/lib/resources/nginx.rb +96 -96
data/lib/resources/nginx_conf.rb +226 -226
data/lib/resources/npm.rb +48 -48
data/lib/resources/ntp_conf.rb +51 -51
data/lib/resources/oneget.rb +71 -71
data/lib/resources/oracledb_session.rb +139 -139
data/lib/resources/os.rb +36 -36
data/lib/resources/os_env.rb +75 -75
data/lib/resources/package.rb +370 -370
data/lib/resources/packages.rb +111 -111
data/lib/resources/parse_config.rb +112 -112
data/lib/resources/passwd.rb +76 -76
data/lib/resources/pip.rb +130 -130
data/lib/resources/platform.rb +109 -109
data/lib/resources/port.rb +771 -771
data/lib/resources/postgres.rb +131 -130
data/lib/resources/postgres_conf.rb +114 -114
data/lib/resources/postgres_hba_conf.rb +90 -90
data/lib/resources/postgres_ident_conf.rb +79 -79
data/lib/resources/postgres_session.rb +71 -71
data/lib/resources/powershell.rb +66 -66
data/lib/resources/processes.rb +204 -204
data/lib/resources/rabbitmq_conf.rb +51 -51
data/lib/resources/registry_key.rb +297 -297
data/lib/resources/security_policy.rb +180 -180
data/lib/resources/service.rb +794 -790
data/lib/resources/shadow.rb +149 -149
data/lib/resources/ssh_conf.rb +97 -97
data/lib/resources/ssl.rb +99 -99
data/lib/resources/sys_info.rb +28 -28
data/lib/resources/toml.rb +32 -32
data/lib/resources/users.rb +654 -654
data/lib/resources/vbscript.rb +68 -68
data/lib/resources/virtualization.rb +247 -247
data/lib/resources/windows_feature.rb +84 -84
data/lib/resources/windows_hotfix.rb +35 -35
data/lib/resources/windows_task.rb +102 -102
data/lib/resources/wmi.rb +110 -110
data/lib/resources/x509_certificate.rb +137 -137
data/lib/resources/xinetd.rb +106 -106
data/lib/resources/xml.rb +46 -46
data/lib/resources/yaml.rb +43 -43
data/lib/resources/yum.rb +180 -180
data/lib/resources/zfs_dataset.rb +60 -60
data/lib/resources/zfs_pool.rb +49 -49
data/lib/source_readers/flat.rb +39 -39
data/lib/source_readers/inspec.rb +75 -75
data/lib/utils/command_wrapper.rb +27 -27
data/lib/utils/convert.rb +12 -12
data/lib/utils/database_helpers.rb +77 -77
data/lib/utils/erlang_parser.rb +192 -192
data/lib/utils/file_reader.rb +25 -25
data/lib/utils/filter.rb +273 -273
data/lib/utils/filter_array.rb +27 -27
data/lib/utils/find_files.rb +44 -44
data/lib/utils/hash.rb +41 -41
data/lib/utils/json_log.rb +18 -18
data/lib/utils/latest_version.rb +22 -22
data/lib/utils/modulator.rb +12 -12
data/lib/utils/nginx_parser.rb +85 -85
data/lib/utils/object_traversal.rb +49 -49
data/lib/utils/parser.rb +274 -274
data/lib/utils/plugin_registry.rb +93 -93
data/lib/utils/simpleconfig.rb +120 -120
data/lib/utils/spdx.rb +13 -13
data/lib/utils/spdx.txt +343 -343
metadata +9 -2

data/lib/inspec/runner.rb CHANGED Viewed

@@ -1,345 +1,345 @@
-# encoding: utf-8
-# copyright: 2015, Dominik Richter
-# author: Dominik Richter
-# author: Christoph Hartmann
-require 'forwardable'
-require 'uri'
-require 'inspec/backend'
-require 'inspec/profile_context'
-require 'inspec/profile'
-require 'inspec/metadata'
-require 'inspec/secrets'
-require 'inspec/dependencies/cache'
-# spec requirements
-module Inspec
-  #
-  # Inspec::Runner coordinates the running of tests and is the main
-  # entry point to the application.
-  #
-  # Users are expected to insantiate a runner, add targets to be run,
-  # and then call the run method:
-  #
-  # ```
-  # r = Inspec::Runner.new()
-  # r.add_target("/path/to/some/profile")
-  # r.add_target("http://url/to/some/profile")
-  # r.run
-  # ```
-  #
-  class Runner
-    extend Forwardable
-    attr_reader :backend, :rules, :attributes
-    def initialize(conf = {})
-      @rules = []
-      @conf = conf.dup
-      @conf[:logger] ||= Logger.new(nil)
-      @target_profiles = []
-      @controls = @conf[:controls] || []
-      @depends = @conf[:depends] || []
-      @ignore_supports = @conf[:ignore_supports]
-      @create_lockfile = @conf[:create_lockfile]
-      @cache = Inspec::Cache.new(@conf[:vendor_cache])
-      # parse any ad-hoc runners reporter formats
-      # this has to happen before we load the test_collector
-      @conf = Inspec::BaseCLI.parse_reporters(@conf) if @conf[:type].nil?
-      @test_collector = @conf.delete(:test_collector) || begin
-        require 'inspec/runner_rspec'
-        RunnerRspec.new(@conf)
-      end
-      # list of profile attributes
-      @attributes = []
-      load_attributes(@conf)
-      configure_transport
-    end
-    def tests
-      @test_collector.tests
-    end
-    def configure_transport
-      @backend = Inspec::Backend.create(@conf)
-      @test_collector.backend = @backend
-    end
-    def reset
-      @test_collector.reset
-      @target_profiles.each do |profile|
-        profile.runner_context.rules = {}
-      end
-      @rules = []
-    end
-    def load
-      all_controls = []
-      @target_profiles.each do |profile|
-        @test_collector.add_profile(profile)
-        write_lockfile(profile) if @create_lockfile
-        profile.locked_dependencies
-        profile_context = profile.load_libraries
-        profile_context.dependencies.list.values.each do |requirement|
-          @test_collector.add_profile(requirement.profile)
-        end
-        @attributes |= profile.runner_context.attributes
-        all_controls += profile.collect_tests
-      end
-      all_controls.each do |rule|
-        register_rule(rule) unless rule.nil?
-      end
-    end
-    def run(with = nil)
-      Inspec::Log.debug "Starting run with targets: #{@target_profiles.map(&:to_s)}"
-      load
-      run_tests(with)
-    end
-    def render_output(run_data)
-      return if @conf['reporter'].nil?
-      @conf['reporter'].each do |reporter|
-        Inspec::Reporters.render(reporter, run_data)
-      end
-    end
-    def report
-      Inspec::Reporters.report(@conf['reporter'].first, @run_data)
-    end
-    def write_lockfile(profile)
-      return false if !profile.writable?
-      if profile.lockfile_exists?
-        Inspec::Log.debug "Using existing lockfile #{profile.lockfile_path}"
-      else
-        Inspec::Log.debug "Creating lockfile: #{profile.lockfile_path}"
-        lockfile = profile.generate_lockfile
-        File.write(profile.lockfile_path, lockfile.to_yaml)
-      end
-    end
-    def run_tests(with = nil)
-      @run_data = @test_collector.run(with)
-      # dont output anything if we want a report
-      render_output(@run_data) unless @conf['report']
-      @test_collector.exit_code
-    end
-    # determine all attributes before the execution, fetch data from secrets backend
-    def load_attributes(options)
-      options[:attributes] ||= {}
-      secrets_targets = options[:attrs]
-      return options[:attributes] if secrets_targets.nil?
-      secrets_targets.each do |target|
-        validate_attributes_file_readability!(target)
-        secrets = Inspec::SecretsBackend.resolve(target)
-        if secrets.nil?
-          raise Inspec::Exceptions::SecretsBackendNotFound,
-                "Cannot find parser for attributes file '#{target}'. " \
-                'Check to make sure file has the appropriate extension.'
-        end
-        next if secrets.attributes.nil?
-        options[:attributes].merge!(secrets.attributes)
-      end
-      options[:attributes]
-    end
-    #
-    # add_target allows the user to add a target whose tests will be
-    # run when the user calls the run method.
-    #
-    # A target is a path or URL that points to a profile. Using this
-    # target we generate a Profile and a ProfileContext. The content
-    # (libraries, tests, and attributes) from the Profile are loaded
-    # into the ProfileContext.
-    #
-    # If the profile depends on other profiles, those profiles will be
-    # loaded on-demand when include_content or required_content are
-    # called using similar code in Inspec::DSL.
-    #
-    # Once the we've loaded all of the tests files in the profile, we
-    # query the profile for the full list of rules. Those rules are
-    # registered with the @test_collector which is ultimately
-    # responsible for actually running the tests.
-    #
-    # TODO: Deduplicate/clarify the loading code that exists in here,
-    # the ProfileContext, the Profile, and Inspec::DSL
-    #
-    # @params target [String] A path or URL to a profile or raw test.
-    # @params _opts [Hash] Unused, but still here to avoid breaking kitchen-inspec
-    #
-    # @eturns [Inspec::ProfileContext]
-    #
-    def add_target(target, _opts = [])
-      profile = Inspec::Profile.for_target(target,
-                                           vendor_cache: @cache,
-                                           backend: @backend,
-                                           controls: @controls,
-                                           attributes: @conf[:attributes])
-      raise "Could not resolve #{target} to valid input." if profile.nil?
-      @target_profiles << profile if supports_profile?(profile)
-    end
-    def supports_profile?(profile)
-      return true if @ignore_supports
-      if !profile.supports_runtime?
-        raise 'This profile requires InSpec version '\
-             "#{profile.metadata.inspec_requirement}. You are running "\
-             "InSpec v#{Inspec::VERSION}.\n"
-      end
-      if !profile.supports_platform?
-        raise "This OS/platform (#{@backend.platform.name}/#{@backend.platform.release}) is not supported by this profile."
-      end
-      true
-    end
-    # In some places we read the rules off of the runner, in other
-    # places we read it off of the profile context. To keep the API's
-    # the same, we provide an #all_rules method here as well.
-    def all_rules
-      @rules
-    end
-    def register_rules(ctx)
-      new_tests = false
-      ctx.rules.each do |rule_id, rule|
-        next if block_given? && !(yield rule_id, rule)
-        new_tests = true
-        register_rule(rule)
-      end
-      new_tests
-    end
-    def eval_with_virtual_profile(command)
-      require 'fetchers/mock'
-      add_target({ 'inspec.yml' => 'name: inspec-shell' })
-      our_profile = @target_profiles.first
-      ctx = our_profile.runner_context
-      # Load local profile dependencies. This is used in inspec shell
-      # to provide access to local profiles that add resources.
-      @depends
-        .map { |x| Inspec::Profile.for_path(x, { profile_context: ctx }) }
-        .each(&:load_libraries)
-      ctx.load(command)
-    end
-    private
-    def block_source_info(block)
-      return {} if block.nil? || !block.respond_to?(:source_location)
-      opts = {}
-      file_path, line = block.source_location
-      opts['file_path'] = file_path
-      opts['line_number'] = line
-      opts
-    end
-    def get_check_example(method_name, arg, block)
-      opts = block_source_info(block)
-      return nil if arg.empty?
-      resource = arg[0]
-      # check to see if we are using a filtertable object
-      resource = arg[0].resource if arg[0].class.superclass == FilterTable::Table
-      if resource.respond_to?(:resource_skipped?) && resource.resource_skipped?
-        return rspec_skipped_block(arg, opts, resource.resource_exception_message)
-      end
-      if resource.respond_to?(:resource_failed?) && resource.resource_failed?
-        return rspec_failed_block(arg, opts, resource.resource_exception_message)
-      end
-      # If neither skipped nor failed then add the resource
-      add_resource(method_name, arg, opts, block)
-    end
-    def register_rule(rule)
-      Inspec::Log.debug "Registering rule #{rule}"
-      @rules << rule
-      checks = ::Inspec::Rule.prepare_checks(rule)
-      examples = checks.flat_map do |m, a, b|
-        get_check_example(m, a, b)
-      end.compact
-      examples.each { |e| @test_collector.add_test(e, rule) }
-    end
-    def validate_attributes_file_readability!(target)
-      unless File.exist?(target)
-        raise Inspec::Exceptions::AttributesFileDoesNotExist,
-              "Cannot find attributes file '#{target}'. " \
-              'Check to make sure file exists.'
-      end
-      unless File.readable?(target)
-        raise Inspec::Exceptions::AttributesFileNotReadable,
-              "Cannot read attributes file '#{target}'. " \
-              'Check to make sure file is readable.'
-      end
-      true
-    end
-    def rspec_skipped_block(arg, opts, message)
-      @test_collector.example_group(*arg, opts) do
-        # Send custom `it` block to RSpec
-        it message
-      end
-    end
-    def rspec_failed_block(arg, opts, message)
-      @test_collector.example_group(*arg, opts) do
-        # Send custom `it` block to RSpec
-        it '' do
-          # Raising here to fail the test and get proper formatting
-          raise Inspec::Exceptions::ResourceFailed, message
-        end
-      end
-    end
-    def add_resource(method_name, arg, opts, block)
-      case method_name
-      when 'describe'
-        @test_collector.example_group(*arg, opts, &block)
-      when 'expect'
-        block.example_group
-      when 'describe.one'
-        tests = arg.map do |x|
-          @test_collector.example_group(x[1][0], block_source_info(x[2]), &x[2])
-        end
-        return nil if tests.empty?
-        successful_tests = tests.find_all(&:run)
-        # Return all tests if none succeeds; we will just report full failure
-        return tests if successful_tests.empty?
-        successful_tests
-      else
-        raise "A rule was registered with #{method_name.inspect}," \
-              "which isn't understood and cannot be processed."
-      end
-    end
-  end
-end
+# encoding: utf-8
+# copyright: 2015, Dominik Richter
+# author: Dominik Richter
+# author: Christoph Hartmann
+require 'forwardable'
+require 'uri'
+require 'inspec/backend'
+require 'inspec/profile_context'
+require 'inspec/profile'
+require 'inspec/metadata'
+require 'inspec/secrets'
+require 'inspec/dependencies/cache'
+# spec requirements
+module Inspec
+  #
+  # Inspec::Runner coordinates the running of tests and is the main
+  # entry point to the application.
+  #
+  # Users are expected to insantiate a runner, add targets to be run,
+  # and then call the run method:
+  #
+  # ```
+  # r = Inspec::Runner.new()
+  # r.add_target("/path/to/some/profile")
+  # r.add_target("http://url/to/some/profile")
+  # r.run
+  # ```
+  #
+  class Runner
+    extend Forwardable
+    attr_reader :backend, :rules, :attributes
+    def initialize(conf = {})
+      @rules = []
+      @conf = conf.dup
+      @conf[:logger] ||= Logger.new(nil)
+      @target_profiles = []
+      @controls = @conf[:controls] || []
+      @depends = @conf[:depends] || []
+      @ignore_supports = @conf[:ignore_supports]
+      @create_lockfile = @conf[:create_lockfile]
+      @cache = Inspec::Cache.new(@conf[:vendor_cache])
+      # parse any ad-hoc runners reporter formats
+      # this has to happen before we load the test_collector
+      @conf = Inspec::BaseCLI.parse_reporters(@conf) if @conf[:type].nil?
+      @test_collector = @conf.delete(:test_collector) || begin
+        require 'inspec/runner_rspec'
+        RunnerRspec.new(@conf)
+      end
+      # list of profile attributes
+      @attributes = []
+      load_attributes(@conf)
+      configure_transport
+    end
+    def tests
+      @test_collector.tests
+    end
+    def configure_transport
+      @backend = Inspec::Backend.create(@conf)
+      @test_collector.backend = @backend
+    end
+    def reset
+      @test_collector.reset
+      @target_profiles.each do |profile|
+        profile.runner_context.rules = {}
+      end
+      @rules = []
+    end
+    def load
+      all_controls = []
+      @target_profiles.each do |profile|
+        @test_collector.add_profile(profile)
+        write_lockfile(profile) if @create_lockfile
+        profile.locked_dependencies
+        profile_context = profile.load_libraries
+        profile_context.dependencies.list.values.each do |requirement|
+          @test_collector.add_profile(requirement.profile)
+        end
+        @attributes |= profile.runner_context.attributes
+        all_controls += profile.collect_tests
+      end
+      all_controls.each do |rule|
+        register_rule(rule) unless rule.nil?
+      end
+    end
+    def run(with = nil)
+      Inspec::Log.debug "Starting run with targets: #{@target_profiles.map(&:to_s)}"
+      load
+      run_tests(with)
+    end
+    def render_output(run_data)
+      return if @conf['reporter'].nil?
+      @conf['reporter'].each do |reporter|
+        Inspec::Reporters.render(reporter, run_data)
+      end
+    end
+    def report
+      Inspec::Reporters.report(@conf['reporter'].first, @run_data)
+    end
+    def write_lockfile(profile)
+      return false if !profile.writable?
+      if profile.lockfile_exists?
+        Inspec::Log.debug "Using existing lockfile #{profile.lockfile_path}"
+      else
+        Inspec::Log.debug "Creating lockfile: #{profile.lockfile_path}"
+        lockfile = profile.generate_lockfile
+        File.write(profile.lockfile_path, lockfile.to_yaml)
+      end
+    end
+    def run_tests(with = nil)
+      @run_data = @test_collector.run(with)
+      # dont output anything if we want a report
+      render_output(@run_data) unless @conf['report']
+      @test_collector.exit_code
+    end
+    # determine all attributes before the execution, fetch data from secrets backend
+    def load_attributes(options)
+      options[:attributes] ||= {}
+      secrets_targets = options[:attrs]
+      return options[:attributes] if secrets_targets.nil?
+      secrets_targets.each do |target|
+        validate_attributes_file_readability!(target)
+        secrets = Inspec::SecretsBackend.resolve(target)
+        if secrets.nil?
+          raise Inspec::Exceptions::SecretsBackendNotFound,
+                "Cannot find parser for attributes file '#{target}'. " \
+                'Check to make sure file has the appropriate extension.'
+        end
+        next if secrets.attributes.nil?
+        options[:attributes].merge!(secrets.attributes)
+      end
+      options[:attributes]
+    end
+    #
+    # add_target allows the user to add a target whose tests will be
+    # run when the user calls the run method.
+    #
+    # A target is a path or URL that points to a profile. Using this
+    # target we generate a Profile and a ProfileContext. The content
+    # (libraries, tests, and attributes) from the Profile are loaded
+    # into the ProfileContext.
+    #
+    # If the profile depends on other profiles, those profiles will be
+    # loaded on-demand when include_content or required_content are
+    # called using similar code in Inspec::DSL.
+    #
+    # Once the we've loaded all of the tests files in the profile, we
+    # query the profile for the full list of rules. Those rules are
+    # registered with the @test_collector which is ultimately
+    # responsible for actually running the tests.
+    #
+    # TODO: Deduplicate/clarify the loading code that exists in here,
+    # the ProfileContext, the Profile, and Inspec::DSL
+    #
+    # @params target [String] A path or URL to a profile or raw test.
+    # @params _opts [Hash] Unused, but still here to avoid breaking kitchen-inspec
+    #
+    # @eturns [Inspec::ProfileContext]
+    #
+    def add_target(target, _opts = [])
+      profile = Inspec::Profile.for_target(target,
+                                           vendor_cache: @cache,
+                                           backend: @backend,
+                                           controls: @controls,
+                                           attributes: @conf[:attributes])
+      raise "Could not resolve #{target} to valid input." if profile.nil?
+      @target_profiles << profile if supports_profile?(profile)
+    end
+    def supports_profile?(profile)
+      return true if @ignore_supports
+      if !profile.supports_runtime?
+        raise 'This profile requires InSpec version '\
+             "#{profile.metadata.inspec_requirement}. You are running "\
+             "InSpec v#{Inspec::VERSION}.\n"
+      end
+      if !profile.supports_platform?
+        raise "This OS/platform (#{@backend.platform.name}/#{@backend.platform.release}) is not supported by this profile."
+      end
+      true
+    end
+    # In some places we read the rules off of the runner, in other
+    # places we read it off of the profile context. To keep the API's
+    # the same, we provide an #all_rules method here as well.
+    def all_rules
+      @rules
+    end
+    def register_rules(ctx)
+      new_tests = false
+      ctx.rules.each do |rule_id, rule|
+        next if block_given? && !(yield rule_id, rule)
+        new_tests = true
+        register_rule(rule)
+      end
+      new_tests
+    end
+    def eval_with_virtual_profile(command)
+      require 'fetchers/mock'
+      add_target({ 'inspec.yml' => 'name: inspec-shell' })
+      our_profile = @target_profiles.first
+      ctx = our_profile.runner_context
+      # Load local profile dependencies. This is used in inspec shell
+      # to provide access to local profiles that add resources.
+      @depends
+        .map { |x| Inspec::Profile.for_path(x, { profile_context: ctx }) }
+        .each(&:load_libraries)
+      ctx.load(command)
+    end
+    private
+    def block_source_info(block)
+      return {} if block.nil? || !block.respond_to?(:source_location)
+      opts = {}
+      file_path, line = block.source_location
+      opts['file_path'] = file_path
+      opts['line_number'] = line
+      opts
+    end
+    def get_check_example(method_name, arg, block)
+      opts = block_source_info(block)
+      return nil if arg.empty?
+      resource = arg[0]
+      # check to see if we are using a filtertable object
+      resource = arg[0].resource if arg[0].class.superclass == FilterTable::Table
+      if resource.respond_to?(:resource_skipped?) && resource.resource_skipped?
+        return rspec_skipped_block(arg, opts, resource.resource_exception_message)
+      end
+      if resource.respond_to?(:resource_failed?) && resource.resource_failed?
+        return rspec_failed_block(arg, opts, resource.resource_exception_message)
+      end
+      # If neither skipped nor failed then add the resource
+      add_resource(method_name, arg, opts, block)
+    end
+    def register_rule(rule)
+      Inspec::Log.debug "Registering rule #{rule}"
+      @rules << rule
+      checks = ::Inspec::Rule.prepare_checks(rule)
+      examples = checks.flat_map do |m, a, b|
+        get_check_example(m, a, b)
+      end.compact
+      examples.each { |e| @test_collector.add_test(e, rule) }
+    end
+    def validate_attributes_file_readability!(target)
+      unless File.exist?(target)
+        raise Inspec::Exceptions::AttributesFileDoesNotExist,
+              "Cannot find attributes file '#{target}'. " \
+              'Check to make sure file exists.'
+      end
+      unless File.readable?(target)
+        raise Inspec::Exceptions::AttributesFileNotReadable,
+              "Cannot read attributes file '#{target}'. " \
+              'Check to make sure file is readable.'
+      end
+      true
+    end
+    def rspec_skipped_block(arg, opts, message)
+      @test_collector.example_group(*arg, opts) do
+        # Send custom `it` block to RSpec
+        it message
+      end
+    end
+    def rspec_failed_block(arg, opts, message)
+      @test_collector.example_group(*arg, opts) do
+        # Send custom `it` block to RSpec
+        it '' do
+          # Raising here to fail the test and get proper formatting
+          raise Inspec::Exceptions::ResourceFailed, message
+        end
+      end
+    end
+    def add_resource(method_name, arg, opts, block)
+      case method_name
+      when 'describe'
+        @test_collector.example_group(*arg, opts, &block)
+      when 'expect'
+        block.example_group
+      when 'describe.one'
+        tests = arg.map do |x|
+          @test_collector.example_group(x[1][0], block_source_info(x[2]), &x[2])
+        end
+        return nil if tests.empty?
+        successful_tests = tests.find_all(&:run)
+        # Return all tests if none succeeds; we will just report full failure
+        return tests if successful_tests.empty?
+        successful_tests
+      else
+        raise "A rule was registered with #{method_name.inspect}," \
+              "which isn't understood and cannot be processed."
+      end
+    end
+  end
+end