inspec 2.1.81 → 2.1.83
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.rubocop.yml +101 -101
- data/CHANGELOG.md +3183 -3177
- data/Gemfile +56 -56
- data/LICENSE +14 -14
- data/MAINTAINERS.md +33 -33
- data/MAINTAINERS.toml +52 -52
- data/README.md +453 -453
- data/Rakefile +349 -349
- data/bin/inspec +12 -12
- data/docs/.gitignore +2 -2
- data/docs/README.md +41 -40
- data/docs/dev/control-eval.md +61 -61
- data/docs/dsl_inspec.md +258 -258
- data/docs/dsl_resource.md +100 -100
- data/docs/glossary.md +99 -99
- data/docs/habitat.md +191 -191
- data/docs/inspec_and_friends.md +114 -114
- data/docs/matchers.md +169 -169
- data/docs/migration.md +293 -293
- data/docs/platforms.md +118 -118
- data/docs/plugin_kitchen_inspec.md +50 -50
- data/docs/profiles.md +378 -378
- data/docs/reporters.md +105 -105
- data/docs/resources/aide_conf.md.erb +75 -75
- data/docs/resources/apache.md.erb +67 -67
- data/docs/resources/apache_conf.md.erb +68 -68
- data/docs/resources/apt.md.erb +71 -71
- data/docs/resources/audit_policy.md.erb +47 -47
- data/docs/resources/auditd.md.erb +79 -79
- data/docs/resources/auditd_conf.md.erb +68 -68
- data/docs/resources/aws_cloudtrail_trail.md.erb +155 -155
- data/docs/resources/aws_cloudtrail_trails.md.erb +86 -86
- data/docs/resources/aws_cloudwatch_alarm.md.erb +91 -91
- data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +154 -154
- data/docs/resources/aws_config_delivery_channel.md.erb +101 -101
- data/docs/resources/aws_config_recorder.md.erb +86 -86
- data/docs/resources/aws_ec2_instance.md.erb +112 -112
- data/docs/resources/aws_ec2_instances.md.erb +79 -79
- data/docs/resources/aws_iam_access_key.md.erb +129 -129
- data/docs/resources/aws_iam_access_keys.md.erb +204 -204
- data/docs/resources/aws_iam_group.md.erb +64 -64
- data/docs/resources/aws_iam_groups.md.erb +49 -49
- data/docs/resources/aws_iam_password_policy.md.erb +82 -82
- data/docs/resources/aws_iam_policies.md.erb +87 -87
- data/docs/resources/aws_iam_policy.md.erb +245 -245
- data/docs/resources/aws_iam_role.md.erb +69 -69
- data/docs/resources/aws_iam_root_user.md.erb +76 -76
- data/docs/resources/aws_iam_user.md.erb +120 -120
- data/docs/resources/aws_iam_users.md.erb +279 -279
- data/docs/resources/aws_kms_key.md.erb +177 -177
- data/docs/resources/aws_kms_keys.md.erb +89 -89
- data/docs/resources/aws_rds_instance.md.erb +66 -66
- data/docs/resources/aws_route_table.md.erb +53 -53
- data/docs/resources/aws_route_tables.md.erb +55 -55
- data/docs/resources/aws_s3_bucket.md.erb +146 -146
- data/docs/resources/aws_s3_bucket_object.md.erb +89 -89
- data/docs/resources/aws_s3_buckets.md.erb +59 -59
- data/docs/resources/aws_security_group.md.erb +296 -296
- data/docs/resources/aws_security_groups.md.erb +97 -97
- data/docs/resources/aws_sns_subscription.md.erb +130 -130
- data/docs/resources/aws_sns_topic.md.erb +69 -69
- data/docs/resources/aws_sns_topics.md.erb +58 -58
- data/docs/resources/aws_subnet.md.erb +140 -140
- data/docs/resources/aws_subnets.md.erb +132 -132
- data/docs/resources/aws_vpc.md.erb +125 -125
- data/docs/resources/aws_vpcs.md.erb +125 -125
- data/docs/resources/azure_generic_resource.md.erb +171 -171
- data/docs/resources/azure_resource_group.md.erb +284 -284
- data/docs/resources/azure_virtual_machine.md.erb +347 -347
- data/docs/resources/azure_virtual_machine_data_disk.md.erb +224 -224
- data/docs/resources/bash.md.erb +75 -75
- data/docs/resources/bond.md.erb +90 -90
- data/docs/resources/bridge.md.erb +57 -57
- data/docs/resources/bsd_service.md.erb +67 -67
- data/docs/resources/chocolatey_package.md.erb +58 -58
- data/docs/resources/command.md.erb +138 -138
- data/docs/resources/cpan.md.erb +79 -79
- data/docs/resources/cran.md.erb +64 -64
- data/docs/resources/crontab.md.erb +89 -89
- data/docs/resources/csv.md.erb +54 -54
- data/docs/resources/dh_params.md.erb +205 -205
- data/docs/resources/directory.md.erb +30 -30
- data/docs/resources/docker.md.erb +219 -219
- data/docs/resources/docker_container.md.erb +103 -103
- data/docs/resources/docker_image.md.erb +94 -94
- data/docs/resources/docker_service.md.erb +114 -114
- data/docs/resources/elasticsearch.md.erb +242 -242
- data/docs/resources/etc_fstab.md.erb +125 -125
- data/docs/resources/etc_group.md.erb +75 -75
- data/docs/resources/etc_hosts.md.erb +78 -78
- data/docs/resources/etc_hosts_allow.md.erb +74 -74
- data/docs/resources/etc_hosts_deny.md.erb +74 -74
- data/docs/resources/file.md.erb +526 -526
- data/docs/resources/filesystem.md.erb +41 -41
- data/docs/resources/firewalld.md.erb +107 -107
- data/docs/resources/gem.md.erb +79 -79
- data/docs/resources/group.md.erb +61 -61
- data/docs/resources/grub_conf.md.erb +101 -101
- data/docs/resources/host.md.erb +86 -86
- data/docs/resources/http.md.erb +197 -197
- data/docs/resources/iis_app.md.erb +122 -122
- data/docs/resources/iis_site.md.erb +135 -135
- data/docs/resources/inetd_conf.md.erb +94 -94
- data/docs/resources/ini.md.erb +76 -76
- data/docs/resources/interface.md.erb +58 -58
- data/docs/resources/iptables.md.erb +64 -64
- data/docs/resources/json.md.erb +63 -63
- data/docs/resources/kernel_module.md.erb +120 -120
- data/docs/resources/kernel_parameter.md.erb +53 -53
- data/docs/resources/key_rsa.md.erb +85 -85
- data/docs/resources/launchd_service.md.erb +57 -57
- data/docs/resources/limits_conf.md.erb +75 -75
- data/docs/resources/login_defs.md.erb +71 -71
- data/docs/resources/mount.md.erb +69 -69
- data/docs/resources/mssql_session.md.erb +60 -60
- data/docs/resources/mysql_conf.md.erb +99 -99
- data/docs/resources/mysql_session.md.erb +74 -74
- data/docs/resources/nginx.md.erb +79 -79
- data/docs/resources/nginx_conf.md.erb +138 -138
- data/docs/resources/npm.md.erb +60 -60
- data/docs/resources/ntp_conf.md.erb +60 -60
- data/docs/resources/oneget.md.erb +53 -53
- data/docs/resources/oracledb_session.md.erb +52 -52
- data/docs/resources/os.md.erb +141 -141
- data/docs/resources/os_env.md.erb +91 -91
- data/docs/resources/package.md.erb +120 -120
- data/docs/resources/packages.md.erb +67 -67
- data/docs/resources/parse_config.md.erb +103 -103
- data/docs/resources/parse_config_file.md.erb +138 -138
- data/docs/resources/passwd.md.erb +141 -141
- data/docs/resources/pip.md.erb +67 -67
- data/docs/resources/port.md.erb +137 -137
- data/docs/resources/postgres_conf.md.erb +79 -79
- data/docs/resources/postgres_hba_conf.md.erb +93 -93
- data/docs/resources/postgres_ident_conf.md.erb +76 -76
- data/docs/resources/postgres_session.md.erb +69 -69
- data/docs/resources/powershell.md.erb +102 -102
- data/docs/resources/processes.md.erb +109 -109
- data/docs/resources/rabbitmq_config.md.erb +41 -41
- data/docs/resources/registry_key.md.erb +158 -158
- data/docs/resources/runit_service.md.erb +57 -57
- data/docs/resources/security_policy.md.erb +47 -47
- data/docs/resources/service.md.erb +121 -121
- data/docs/resources/shadow.md.erb +146 -146
- data/docs/resources/ssh_config.md.erb +73 -73
- data/docs/resources/sshd_config.md.erb +83 -83
- data/docs/resources/ssl.md.erb +119 -119
- data/docs/resources/sys_info.md.erb +42 -42
- data/docs/resources/systemd_service.md.erb +57 -57
- data/docs/resources/sysv_service.md.erb +57 -57
- data/docs/resources/upstart_service.md.erb +57 -57
- data/docs/resources/user.md.erb +140 -140
- data/docs/resources/users.md.erb +127 -127
- data/docs/resources/vbscript.md.erb +55 -55
- data/docs/resources/virtualization.md.erb +57 -57
- data/docs/resources/windows_feature.md.erb +47 -47
- data/docs/resources/windows_hotfix.md.erb +53 -53
- data/docs/resources/windows_task.md.erb +95 -95
- data/docs/resources/wmi.md.erb +81 -81
- data/docs/resources/x509_certificate.md.erb +151 -151
- data/docs/resources/xinetd_conf.md.erb +156 -156
- data/docs/resources/xml.md.erb +85 -85
- data/docs/resources/yaml.md.erb +69 -69
- data/docs/resources/yum.md.erb +98 -98
- data/docs/resources/zfs_dataset.md.erb +53 -53
- data/docs/resources/zfs_pool.md.erb +47 -47
- data/docs/ruby_usage.md +203 -203
- data/docs/shared/matcher_be.md.erb +1 -1
- data/docs/shared/matcher_cmp.md.erb +43 -43
- data/docs/shared/matcher_eq.md.erb +3 -3
- data/docs/shared/matcher_include.md.erb +1 -1
- data/docs/shared/matcher_match.md.erb +1 -1
- data/docs/shell.md +217 -217
- data/examples/README.md +8 -8
- data/examples/inheritance/README.md +65 -65
- data/examples/inheritance/controls/example.rb +14 -14
- data/examples/inheritance/inspec.yml +15 -15
- data/examples/kitchen-ansible/.kitchen.yml +25 -25
- data/examples/kitchen-ansible/Gemfile +19 -19
- data/examples/kitchen-ansible/README.md +53 -53
- data/examples/kitchen-ansible/files/nginx.repo +6 -6
- data/examples/kitchen-ansible/tasks/main.yml +16 -16
- data/examples/kitchen-ansible/test/integration/default/default.yml +5 -5
- data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -28
- data/examples/kitchen-chef/.kitchen.yml +20 -20
- data/examples/kitchen-chef/Berksfile +3 -3
- data/examples/kitchen-chef/Gemfile +19 -19
- data/examples/kitchen-chef/README.md +27 -27
- data/examples/kitchen-chef/metadata.rb +7 -7
- data/examples/kitchen-chef/recipes/default.rb +6 -6
- data/examples/kitchen-chef/recipes/nginx.rb +30 -30
- data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -28
- data/examples/kitchen-puppet/.kitchen.yml +23 -23
- data/examples/kitchen-puppet/Gemfile +20 -20
- data/examples/kitchen-puppet/Puppetfile +25 -25
- data/examples/kitchen-puppet/README.md +53 -53
- data/examples/kitchen-puppet/manifests/site.pp +33 -33
- data/examples/kitchen-puppet/metadata.json +11 -11
- data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -28
- data/examples/meta-profile/README.md +37 -37
- data/examples/meta-profile/controls/example.rb +13 -13
- data/examples/meta-profile/inspec.yml +13 -13
- data/examples/profile-attribute.yml +2 -2
- data/examples/profile-attribute/README.md +14 -14
- data/examples/profile-attribute/controls/example.rb +11 -11
- data/examples/profile-attribute/inspec.yml +8 -8
- data/examples/profile-aws/controls/iam_password_policy_expiration.rb +8 -8
- data/examples/profile-aws/controls/iam_password_policy_max_age.rb +8 -8
- data/examples/profile-aws/controls/iam_root_user_mfa.rb +8 -8
- data/examples/profile-aws/controls/iam_users_access_key_age.rb +8 -8
- data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +8 -8
- data/examples/profile-aws/inspec.yml +11 -11
- data/examples/profile-azure/controls/azure_resource_group_example.rb +24 -24
- data/examples/profile-azure/controls/azure_vm_example.rb +29 -29
- data/examples/profile-azure/inspec.yml +11 -11
- data/examples/profile-sensitive/README.md +29 -29
- data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -9
- data/examples/profile-sensitive/controls/sensitive.rb +9 -9
- data/examples/profile-sensitive/inspec.yml +8 -8
- data/examples/profile/README.md +48 -48
- data/examples/profile/controls/example.rb +23 -23
- data/examples/profile/controls/gordon.rb +36 -36
- data/examples/profile/controls/meta.rb +34 -34
- data/examples/profile/inspec.yml +10 -10
- data/examples/profile/libraries/gordon_config.rb +59 -59
- data/inspec.gemspec +49 -49
- data/lib/bundles/README.md +3 -3
- data/lib/bundles/inspec-artifact.rb +7 -7
- data/lib/bundles/inspec-artifact/README.md +1 -1
- data/lib/bundles/inspec-artifact/cli.rb +277 -277
- data/lib/bundles/inspec-compliance.rb +16 -16
- data/lib/bundles/inspec-compliance/.kitchen.yml +20 -20
- data/lib/bundles/inspec-compliance/README.md +193 -193
- data/lib/bundles/inspec-compliance/api.rb +360 -360
- data/lib/bundles/inspec-compliance/api/login.rb +193 -193
- data/lib/bundles/inspec-compliance/bootstrap.sh +41 -41
- data/lib/bundles/inspec-compliance/cli.rb +260 -260
- data/lib/bundles/inspec-compliance/configuration.rb +103 -103
- data/lib/bundles/inspec-compliance/http.rb +125 -125
- data/lib/bundles/inspec-compliance/support.rb +36 -36
- data/lib/bundles/inspec-compliance/target.rb +112 -112
- data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -93
- data/lib/bundles/inspec-habitat.rb +12 -12
- data/lib/bundles/inspec-habitat/cli.rb +36 -36
- data/lib/bundles/inspec-habitat/log.rb +10 -10
- data/lib/bundles/inspec-habitat/profile.rb +391 -391
- data/lib/bundles/inspec-init.rb +8 -8
- data/lib/bundles/inspec-init/README.md +31 -31
- data/lib/bundles/inspec-init/cli.rb +97 -97
- data/lib/bundles/inspec-init/templates/profile/README.md +3 -3
- data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -19
- data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -8
- data/lib/bundles/inspec-supermarket.rb +13 -13
- data/lib/bundles/inspec-supermarket/README.md +45 -45
- data/lib/bundles/inspec-supermarket/api.rb +84 -84
- data/lib/bundles/inspec-supermarket/cli.rb +73 -73
- data/lib/bundles/inspec-supermarket/target.rb +34 -34
- data/lib/fetchers/git.rb +163 -163
- data/lib/fetchers/local.rb +74 -74
- data/lib/fetchers/mock.rb +35 -35
- data/lib/fetchers/url.rb +247 -247
- data/lib/inspec.rb +24 -24
- data/lib/inspec/archive/tar.rb +29 -29
- data/lib/inspec/archive/zip.rb +19 -19
- data/lib/inspec/backend.rb +93 -93
- data/lib/inspec/base_cli.rb +368 -368
- data/lib/inspec/cached_fetcher.rb +66 -66
- data/lib/inspec/cli.rb +292 -292
- data/lib/inspec/completions/bash.sh.erb +45 -45
- data/lib/inspec/completions/fish.sh.erb +34 -34
- data/lib/inspec/completions/zsh.sh.erb +61 -61
- data/lib/inspec/control_eval_context.rb +179 -179
- data/lib/inspec/dependencies/cache.rb +72 -72
- data/lib/inspec/dependencies/dependency_set.rb +92 -92
- data/lib/inspec/dependencies/lockfile.rb +115 -115
- data/lib/inspec/dependencies/requirement.rb +123 -123
- data/lib/inspec/dependencies/resolver.rb +86 -86
- data/lib/inspec/describe.rb +27 -27
- data/lib/inspec/dsl.rb +66 -66
- data/lib/inspec/dsl_shared.rb +33 -33
- data/lib/inspec/env_printer.rb +157 -157
- data/lib/inspec/errors.rb +14 -14
- data/lib/inspec/exceptions.rb +12 -12
- data/lib/inspec/expect.rb +45 -45
- data/lib/inspec/fetcher.rb +45 -45
- data/lib/inspec/file_provider.rb +275 -275
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +259 -259
- data/lib/inspec/formatters/json_rspec.rb +20 -20
- data/lib/inspec/formatters/show_progress.rb +12 -12
- data/lib/inspec/library_eval_context.rb +58 -58
- data/lib/inspec/log.rb +11 -11
- data/lib/inspec/metadata.rb +247 -247
- data/lib/inspec/method_source.rb +24 -24
- data/lib/inspec/objects.rb +14 -14
- data/lib/inspec/objects/attribute.rb +75 -75
- data/lib/inspec/objects/control.rb +61 -61
- data/lib/inspec/objects/describe.rb +92 -92
- data/lib/inspec/objects/each_loop.rb +36 -36
- data/lib/inspec/objects/list.rb +15 -15
- data/lib/inspec/objects/or_test.rb +40 -40
- data/lib/inspec/objects/ruby_helper.rb +15 -15
- data/lib/inspec/objects/tag.rb +27 -27
- data/lib/inspec/objects/test.rb +87 -87
- data/lib/inspec/objects/value.rb +27 -27
- data/lib/inspec/plugins.rb +60 -60
- data/lib/inspec/plugins/cli.rb +24 -24
- data/lib/inspec/plugins/fetcher.rb +86 -86
- data/lib/inspec/plugins/resource.rb +135 -135
- data/lib/inspec/plugins/secret.rb +15 -15
- data/lib/inspec/plugins/source_reader.rb +40 -40
- data/lib/inspec/polyfill.rb +12 -12
- data/lib/inspec/profile.rb +513 -513
- data/lib/inspec/profile_context.rb +208 -208
- data/lib/inspec/profile_vendor.rb +66 -66
- data/lib/inspec/reporters.rb +60 -60
- data/lib/inspec/reporters/automate.rb +76 -76
- data/lib/inspec/reporters/base.rb +25 -25
- data/lib/inspec/reporters/cli.rb +356 -356
- data/lib/inspec/reporters/json.rb +117 -117
- data/lib/inspec/reporters/json_min.rb +48 -48
- data/lib/inspec/reporters/junit.rb +78 -78
- data/lib/inspec/require_loader.rb +33 -33
- data/lib/inspec/resource.rb +190 -190
- data/lib/inspec/rule.rb +280 -280
- data/lib/inspec/runner.rb +345 -345
- data/lib/inspec/runner_mock.rb +41 -41
- data/lib/inspec/runner_rspec.rb +175 -175
- data/lib/inspec/runtime_profile.rb +26 -26
- data/lib/inspec/schema.rb +213 -213
- data/lib/inspec/secrets.rb +19 -19
- data/lib/inspec/secrets/yaml.rb +30 -30
- data/lib/inspec/shell.rb +220 -220
- data/lib/inspec/shell_detector.rb +90 -90
- data/lib/inspec/source_reader.rb +29 -29
- data/lib/inspec/version.rb +8 -8
- data/lib/matchers/matchers.rb +339 -339
- data/lib/resource_support/aws.rb +50 -50
- data/lib/resource_support/aws/aws_backend_base.rb +12 -12
- data/lib/resource_support/aws/aws_backend_factory_mixin.rb +12 -12
- data/lib/resource_support/aws/aws_plural_resource_mixin.rb +21 -21
- data/lib/resource_support/aws/aws_resource_mixin.rb +66 -66
- data/lib/resource_support/aws/aws_singular_resource_mixin.rb +24 -24
- data/lib/resources/aide_conf.rb +151 -151
- data/lib/resources/apache.rb +48 -48
- data/lib/resources/apache_conf.rb +149 -149
- data/lib/resources/apt.rb +149 -149
- data/lib/resources/audit_policy.rb +63 -63
- data/lib/resources/auditd.rb +231 -231
- data/lib/resources/auditd_conf.rb +46 -46
- data/lib/resources/aws/aws_cloudtrail_trail.rb +93 -93
- data/lib/resources/aws/aws_cloudtrail_trails.rb +47 -47
- data/lib/resources/aws/aws_cloudwatch_alarm.rb +62 -62
- data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +100 -100
- data/lib/resources/aws/aws_config_delivery_channel.rb +70 -70
- data/lib/resources/aws/aws_config_recorder.rb +93 -93
- data/lib/resources/aws/aws_ec2_instance.rb +157 -157
- data/lib/resources/aws/aws_ec2_instances.rb +64 -64
- data/lib/resources/aws/aws_iam_access_key.rb +106 -106
- data/lib/resources/aws/aws_iam_access_keys.rb +149 -149
- data/lib/resources/aws/aws_iam_group.rb +58 -58
- data/lib/resources/aws/aws_iam_groups.rb +52 -52
- data/lib/resources/aws/aws_iam_password_policy.rb +116 -116
- data/lib/resources/aws/aws_iam_policies.rb +53 -53
- data/lib/resources/aws/aws_iam_policy.rb +291 -291
- data/lib/resources/aws/aws_iam_role.rb +55 -55
- data/lib/resources/aws/aws_iam_root_user.rb +78 -78
- data/lib/resources/aws/aws_iam_user.rb +142 -142
- data/lib/resources/aws/aws_iam_users.rb +146 -146
- data/lib/resources/aws/aws_kms_key.rb +96 -96
- data/lib/resources/aws/aws_kms_keys.rb +53 -53
- data/lib/resources/aws/aws_rds_instance.rb +71 -71
- data/lib/resources/aws/aws_route_table.rb +63 -63
- data/lib/resources/aws/aws_route_tables.rb +60 -60
- data/lib/resources/aws/aws_s3_bucket.rb +137 -137
- data/lib/resources/aws/aws_s3_bucket_object.rb +82 -82
- data/lib/resources/aws/aws_s3_buckets.rb +51 -51
- data/lib/resources/aws/aws_security_group.rb +249 -249
- data/lib/resources/aws/aws_security_groups.rb +68 -68
- data/lib/resources/aws/aws_sns_subscription.rb +78 -78
- data/lib/resources/aws/aws_sns_topic.rb +53 -53
- data/lib/resources/aws/aws_sns_topics.rb +56 -56
- data/lib/resources/aws/aws_subnet.rb +88 -88
- data/lib/resources/aws/aws_subnets.rb +53 -53
- data/lib/resources/aws/aws_vpc.rb +73 -73
- data/lib/resources/aws/aws_vpcs.rb +52 -52
- data/lib/resources/azure/azure_backend.rb +377 -377
- data/lib/resources/azure/azure_generic_resource.rb +59 -59
- data/lib/resources/azure/azure_resource_group.rb +152 -152
- data/lib/resources/azure/azure_virtual_machine.rb +264 -264
- data/lib/resources/azure/azure_virtual_machine_data_disk.rb +134 -134
- data/lib/resources/bash.rb +35 -35
- data/lib/resources/bond.rb +69 -69
- data/lib/resources/bridge.rb +122 -122
- data/lib/resources/chocolatey_package.rb +78 -78
- data/lib/resources/command.rb +73 -73
- data/lib/resources/cpan.rb +58 -58
- data/lib/resources/cran.rb +64 -64
- data/lib/resources/crontab.rb +169 -169
- data/lib/resources/csv.rb +56 -56
- data/lib/resources/dh_params.rb +77 -77
- data/lib/resources/directory.rb +25 -25
- data/lib/resources/docker.rb +236 -236
- data/lib/resources/docker_container.rb +89 -89
- data/lib/resources/docker_image.rb +83 -83
- data/lib/resources/docker_object.rb +57 -57
- data/lib/resources/docker_service.rb +90 -90
- data/lib/resources/elasticsearch.rb +169 -169
- data/lib/resources/etc_fstab.rb +94 -94
- data/lib/resources/etc_group.rb +154 -154
- data/lib/resources/etc_hosts.rb +66 -66
- data/lib/resources/etc_hosts_allow_deny.rb +112 -112
- data/lib/resources/file.rb +298 -298
- data/lib/resources/filesystem.rb +31 -31
- data/lib/resources/firewalld.rb +143 -143
- data/lib/resources/gem.rb +70 -70
- data/lib/resources/groups.rb +215 -215
- data/lib/resources/grub_conf.rb +227 -227
- data/lib/resources/host.rb +306 -306
- data/lib/resources/http.rb +253 -253
- data/lib/resources/iis_app.rb +101 -101
- data/lib/resources/iis_site.rb +148 -148
- data/lib/resources/inetd_conf.rb +54 -54
- data/lib/resources/ini.rb +29 -29
- data/lib/resources/interface.rb +129 -129
- data/lib/resources/iptables.rb +80 -80
- data/lib/resources/json.rb +111 -111
- data/lib/resources/kernel_module.rb +107 -107
- data/lib/resources/kernel_parameter.rb +58 -58
- data/lib/resources/key_rsa.rb +63 -63
- data/lib/resources/limits_conf.rb +46 -46
- data/lib/resources/login_def.rb +57 -57
- data/lib/resources/mount.rb +88 -88
- data/lib/resources/mssql_session.rb +101 -101
- data/lib/resources/mysql.rb +82 -82
- data/lib/resources/mysql_conf.rb +127 -127
- data/lib/resources/mysql_session.rb +85 -85
- data/lib/resources/nginx.rb +96 -96
- data/lib/resources/nginx_conf.rb +226 -226
- data/lib/resources/npm.rb +48 -48
- data/lib/resources/ntp_conf.rb +51 -51
- data/lib/resources/oneget.rb +71 -71
- data/lib/resources/oracledb_session.rb +139 -139
- data/lib/resources/os.rb +36 -36
- data/lib/resources/os_env.rb +86 -86
- data/lib/resources/package.rb +370 -370
- data/lib/resources/packages.rb +111 -111
- data/lib/resources/parse_config.rb +112 -112
- data/lib/resources/passwd.rb +76 -76
- data/lib/resources/pip.rb +130 -130
- data/lib/resources/platform.rb +109 -109
- data/lib/resources/port.rb +771 -771
- data/lib/resources/postgres.rb +131 -131
- data/lib/resources/postgres_conf.rb +114 -114
- data/lib/resources/postgres_hba_conf.rb +90 -90
- data/lib/resources/postgres_ident_conf.rb +79 -79
- data/lib/resources/postgres_session.rb +71 -71
- data/lib/resources/powershell.rb +67 -67
- data/lib/resources/processes.rb +204 -204
- data/lib/resources/rabbitmq_conf.rb +51 -51
- data/lib/resources/registry_key.rb +297 -297
- data/lib/resources/security_policy.rb +180 -180
- data/lib/resources/service.rb +794 -794
- data/lib/resources/shadow.rb +159 -159
- data/lib/resources/ssh_conf.rb +97 -97
- data/lib/resources/ssl.rb +99 -99
- data/lib/resources/sys_info.rb +28 -28
- data/lib/resources/toml.rb +32 -32
- data/lib/resources/users.rb +654 -654
- data/lib/resources/vbscript.rb +68 -68
- data/lib/resources/virtualization.rb +247 -247
- data/lib/resources/windows_feature.rb +84 -84
- data/lib/resources/windows_hotfix.rb +35 -35
- data/lib/resources/windows_task.rb +102 -102
- data/lib/resources/wmi.rb +110 -110
- data/lib/resources/x509_certificate.rb +137 -137
- data/lib/resources/xinetd.rb +106 -106
- data/lib/resources/xml.rb +46 -46
- data/lib/resources/yaml.rb +43 -43
- data/lib/resources/yum.rb +180 -180
- data/lib/resources/zfs_dataset.rb +60 -60
- data/lib/resources/zfs_pool.rb +49 -49
- data/lib/source_readers/flat.rb +39 -39
- data/lib/source_readers/inspec.rb +75 -75
- data/lib/utils/command_wrapper.rb +27 -27
- data/lib/utils/convert.rb +12 -12
- data/lib/utils/database_helpers.rb +77 -77
- data/lib/utils/enumerable_delegation.rb +9 -9
- data/lib/utils/erlang_parser.rb +192 -192
- data/lib/utils/file_reader.rb +25 -25
- data/lib/utils/filter.rb +273 -273
- data/lib/utils/filter_array.rb +27 -27
- data/lib/utils/find_files.rb +47 -47
- data/lib/utils/hash.rb +41 -41
- data/lib/utils/json_log.rb +18 -18
- data/lib/utils/latest_version.rb +22 -22
- data/lib/utils/modulator.rb +12 -12
- data/lib/utils/nginx_parser.rb +105 -105
- data/lib/utils/object_traversal.rb +49 -49
- data/lib/utils/parser.rb +274 -274
- data/lib/utils/pkey_reader.rb +15 -15
- data/lib/utils/plugin_registry.rb +93 -93
- data/lib/utils/simpleconfig.rb +120 -120
- data/lib/utils/spdx.rb +13 -13
- data/lib/utils/spdx.txt +343 -343
- metadata +3 -3
data/docs/dsl_resource.md
CHANGED
@@ -1,100 +1,100 @@
|
|
1
|
-
---
|
2
|
-
title: Resource DSL
|
3
|
-
---
|
4
|
-
|
5
|
-
# Resource DSL
|
6
|
-
|
7
|
-
InSpec provides a mechanism for defining custom resources. These become
|
8
|
-
available with their respective names and provide easy functionality to
|
9
|
-
profiles.
|
10
|
-
|
11
|
-
## Resource location
|
12
|
-
|
13
|
-
Resources may be added to profiles in the libraries folder:
|
14
|
-
|
15
|
-
```bash
|
16
|
-
$ tree examples/profile
|
17
|
-
examples/profile
|
18
|
-
...
|
19
|
-
├── libraries
|
20
|
-
│ └── gordon_config.rb
|
21
|
-
```
|
22
|
-
|
23
|
-
## Resource structure
|
24
|
-
|
25
|
-
The smallest possible resource takes this form:
|
26
|
-
|
27
|
-
```ruby
|
28
|
-
class Tiny < Inspec.resource(1)
|
29
|
-
name 'tiny'
|
30
|
-
end
|
31
|
-
```
|
32
|
-
|
33
|
-
Resources are written as a regular Ruby class which inherits from
|
34
|
-
Inspec.resource. The number (1) specifies the version this resource
|
35
|
-
plugin targets. As InSpec evolves, this interface may change and may
|
36
|
-
require a higher version.
|
37
|
-
|
38
|
-
The following attributes can be configured:
|
39
|
-
|
40
|
-
- name - Identifier of the resource (required)
|
41
|
-
- desc - Description of the resource (optional)
|
42
|
-
- example - Example usage of the resource (optional)
|
43
|
-
- supports - (InSpec 2.0+) Platform restrictions of the resource (optional)
|
44
|
-
|
45
|
-
The following methods are available to the resource:
|
46
|
-
|
47
|
-
- inspec - Contains a registry of all other resources to interact with the operating system or target in general.
|
48
|
-
- skip\_resource - A resource may call this method to indicate that requirements aren't met. All tests that use this resource will be marked as skipped.
|
49
|
-
|
50
|
-
The following example shows a full resource using attributes and methods
|
51
|
-
to provide simple access to a configuration file:
|
52
|
-
|
53
|
-
```ruby
|
54
|
-
class GordonConfig < Inspec.resource(1)
|
55
|
-
name 'gordon_config'
|
56
|
-
|
57
|
-
# Restrict to only run on the below platforms (if none were given, all OS's supported)
|
58
|
-
supports platform_family: 'fedora'
|
59
|
-
supports platform: 'centos', release: '6.9'
|
60
|
-
# Supports `*` for wildcard matcher in the release
|
61
|
-
supports platform: 'centos', release: '7.*'
|
62
|
-
|
63
|
-
desc '
|
64
|
-
Resource description ...
|
65
|
-
'
|
66
|
-
|
67
|
-
example '
|
68
|
-
describe gordon_config do
|
69
|
-
its("signal") { should eq "on" }
|
70
|
-
end
|
71
|
-
'
|
72
|
-
|
73
|
-
# Load the configuration file on initialization
|
74
|
-
def initialize(path = nil)
|
75
|
-
@path = path || '/etc/gordon.conf'
|
76
|
-
@params = SimpleConfig.new( read_content )
|
77
|
-
end
|
78
|
-
|
79
|
-
# Expose all parameters of the configuration file.
|
80
|
-
def method_missing(name)
|
81
|
-
@params[name]
|
82
|
-
end
|
83
|
-
|
84
|
-
private
|
85
|
-
|
86
|
-
def read_content
|
87
|
-
f = inspec.file(@path)
|
88
|
-
# Test if the path exist and that it's a file
|
89
|
-
if f.file?
|
90
|
-
# Retrieve the file's contents
|
91
|
-
f.content
|
92
|
-
else
|
93
|
-
# If the file doesn't exist, skip all tests that use gordon_config
|
94
|
-
raise Inspec::Exceptions::ResourceSkipped, "Can't read config at #{@path}"
|
95
|
-
end
|
96
|
-
end
|
97
|
-
end
|
98
|
-
```
|
99
|
-
|
100
|
-
For a full example, see our [example resource](https://github.com/chef/inspec/blob/master/examples/profile/libraries/gordon_config.rb).
|
1
|
+
---
|
2
|
+
title: Resource DSL
|
3
|
+
---
|
4
|
+
|
5
|
+
# Resource DSL
|
6
|
+
|
7
|
+
InSpec provides a mechanism for defining custom resources. These become
|
8
|
+
available with their respective names and provide easy functionality to
|
9
|
+
profiles.
|
10
|
+
|
11
|
+
## Resource location
|
12
|
+
|
13
|
+
Resources may be added to profiles in the libraries folder:
|
14
|
+
|
15
|
+
```bash
|
16
|
+
$ tree examples/profile
|
17
|
+
examples/profile
|
18
|
+
...
|
19
|
+
├── libraries
|
20
|
+
│ └── gordon_config.rb
|
21
|
+
```
|
22
|
+
|
23
|
+
## Resource structure
|
24
|
+
|
25
|
+
The smallest possible resource takes this form:
|
26
|
+
|
27
|
+
```ruby
|
28
|
+
class Tiny < Inspec.resource(1)
|
29
|
+
name 'tiny'
|
30
|
+
end
|
31
|
+
```
|
32
|
+
|
33
|
+
Resources are written as a regular Ruby class which inherits from
|
34
|
+
Inspec.resource. The number (1) specifies the version this resource
|
35
|
+
plugin targets. As InSpec evolves, this interface may change and may
|
36
|
+
require a higher version.
|
37
|
+
|
38
|
+
The following attributes can be configured:
|
39
|
+
|
40
|
+
- name - Identifier of the resource (required)
|
41
|
+
- desc - Description of the resource (optional)
|
42
|
+
- example - Example usage of the resource (optional)
|
43
|
+
- supports - (InSpec 2.0+) Platform restrictions of the resource (optional)
|
44
|
+
|
45
|
+
The following methods are available to the resource:
|
46
|
+
|
47
|
+
- inspec - Contains a registry of all other resources to interact with the operating system or target in general.
|
48
|
+
- skip\_resource - A resource may call this method to indicate that requirements aren't met. All tests that use this resource will be marked as skipped.
|
49
|
+
|
50
|
+
The following example shows a full resource using attributes and methods
|
51
|
+
to provide simple access to a configuration file:
|
52
|
+
|
53
|
+
```ruby
|
54
|
+
class GordonConfig < Inspec.resource(1)
|
55
|
+
name 'gordon_config'
|
56
|
+
|
57
|
+
# Restrict to only run on the below platforms (if none were given, all OS's supported)
|
58
|
+
supports platform_family: 'fedora'
|
59
|
+
supports platform: 'centos', release: '6.9'
|
60
|
+
# Supports `*` for wildcard matcher in the release
|
61
|
+
supports platform: 'centos', release: '7.*'
|
62
|
+
|
63
|
+
desc '
|
64
|
+
Resource description ...
|
65
|
+
'
|
66
|
+
|
67
|
+
example '
|
68
|
+
describe gordon_config do
|
69
|
+
its("signal") { should eq "on" }
|
70
|
+
end
|
71
|
+
'
|
72
|
+
|
73
|
+
# Load the configuration file on initialization
|
74
|
+
def initialize(path = nil)
|
75
|
+
@path = path || '/etc/gordon.conf'
|
76
|
+
@params = SimpleConfig.new( read_content )
|
77
|
+
end
|
78
|
+
|
79
|
+
# Expose all parameters of the configuration file.
|
80
|
+
def method_missing(name)
|
81
|
+
@params[name]
|
82
|
+
end
|
83
|
+
|
84
|
+
private
|
85
|
+
|
86
|
+
def read_content
|
87
|
+
f = inspec.file(@path)
|
88
|
+
# Test if the path exist and that it's a file
|
89
|
+
if f.file?
|
90
|
+
# Retrieve the file's contents
|
91
|
+
f.content
|
92
|
+
else
|
93
|
+
# If the file doesn't exist, skip all tests that use gordon_config
|
94
|
+
raise Inspec::Exceptions::ResourceSkipped, "Can't read config at #{@path}"
|
95
|
+
end
|
96
|
+
end
|
97
|
+
end
|
98
|
+
```
|
99
|
+
|
100
|
+
For a full example, see our [example resource](https://github.com/chef/inspec/blob/master/examples/profile/libraries/gordon_config.rb).
|
data/docs/glossary.md
CHANGED
@@ -1,99 +1,99 @@
|
|
1
|
-
# InSpec Glossary
|
2
|
-
|
3
|
-
## Basic Syntax
|
4
|
-
```
|
5
|
-
describe foo('/path/to/foo.txt') do
|
6
|
-
its('blah') { should cmp '123' }
|
7
|
-
it { should exist }
|
8
|
-
it { should be_reasonable }
|
9
|
-
it { should_not be_ridiculous }
|
10
|
-
end
|
11
|
-
```
|
12
|
-
## Basic Elements:
|
13
|
-
|
14
|
-
### describe **foo**, where
|
15
|
-
|
16
|
-
* `foo` is the _resource_
|
17
|
-
|
18
|
-
### describe foo **('/path/to/foo.txt')**, where
|
19
|
-
|
20
|
-
* `'/path/to/foo.txt'` is the _resource parameter_
|
21
|
-
|
22
|
-
## Tests:
|
23
|
-
|
24
|
-
### **its('blah') { should cmp '123' }** is an _individual test_, where
|
25
|
-
|
26
|
-
* `blah` is a _property_
|
27
|
-
* { should cmp '123' } is a _condition statement_
|
28
|
-
* `should` is the _condition_
|
29
|
-
* `cmp` is the _matcher_
|
30
|
-
* `'123'` is the _expected result_
|
31
|
-
|
32
|
-
### **{ should exist }** is a _condition statement_, where
|
33
|
-
|
34
|
-
* `should` is the _condition_
|
35
|
-
* `exist` is the _matcher_
|
36
|
-
|
37
|
-
### **{ should be\_reasonable }** is a _condition statement_, where
|
38
|
-
|
39
|
-
* `should` is the _condition_
|
40
|
-
* `be_reasonable` is the _matcher_
|
41
|
-
|
42
|
-
### **{ should\_not be\_ridiculous }** is a _negative condition statement_, where
|
43
|
-
|
44
|
-
* `should_not` is the _negative condition_
|
45
|
-
* `be_ridiculous` is the _matcher_
|
46
|
-
|
47
|
-
## Advanced Syntax
|
48
|
-
|
49
|
-
```
|
50
|
-
describe foos('/path/to/foo.txt', ssl_verify: true).where { names == 'blah' } do
|
51
|
-
its('jared') { should cmp >= 123 }
|
52
|
-
its('jared.sort.first.monkey') { should be `loud` }
|
53
|
-
its(['jared', 'monkey.with.dots']) { should be `loud` }
|
54
|
-
end
|
55
|
-
```
|
56
|
-
|
57
|
-
## Advanced Elements:
|
58
|
-
|
59
|
-
### describe **foos**, where
|
60
|
-
|
61
|
-
* `foos` is a _plural resource_
|
62
|
-
|
63
|
-
### describe foos **('/path/to/foo.txt', ssl_verify: true)**, where
|
64
|
-
|
65
|
-
* `'/path/to/foo.txt'` and `ssl_verify: true` are the _resource parameters_. Resources take one or more parameters.
|
66
|
-
|
67
|
-
## Filters:
|
68
|
-
|
69
|
-
### describe foos ('/path/to/foo.txt', ssl_verify: true)**.where { names == 'blah' }**
|
70
|
-
|
71
|
-
* `.where { names == 'blah' }` is an example of a **filter**.
|
72
|
-
* `{ names == 'blah' }` is an example of a _filter clause_
|
73
|
-
* Some resources support one or more filters.
|
74
|
-
* Filters are used on plural resources.
|
75
|
-
* Some resources, such as `etc_hosts` are explicitly plural, while others, such as `passwd` are implicitly plural.
|
76
|
-
|
77
|
-
### **{ names == 'my-name' && spots == true }** are filter criteria
|
78
|
-
|
79
|
-
* `names` compares output to `blah`
|
80
|
-
* `has spots` evaluates to `true` or `false`
|
81
|
-
|
82
|
-
## Properties:
|
83
|
-
|
84
|
-
### **its('jared') { should cmp >= 123 }**
|
85
|
-
|
86
|
-
* `jared` is the _property_
|
87
|
-
|
88
|
-
### **{ should cmp >= 123 }** is a conditional statement that uses a matcher with an operator and expected value.
|
89
|
-
|
90
|
-
* `cmp` is the _matcher_
|
91
|
-
* `>=` is the operator (some matchers accept operators)
|
92
|
-
* `123` is the expected value
|
93
|
-
|
94
|
-
## Properties with advanced usage:
|
95
|
-
|
96
|
-
### Some properties may have advanced usage:
|
97
|
-
#### **its `('jared.sort.first.monkey') { should be `loud` }`**
|
98
|
-
|
99
|
-
* `jared.sort.first.monkey` is an example of the `jared` property with an advanced usage
|
1
|
+
# InSpec Glossary
|
2
|
+
|
3
|
+
## Basic Syntax
|
4
|
+
```
|
5
|
+
describe foo('/path/to/foo.txt') do
|
6
|
+
its('blah') { should cmp '123' }
|
7
|
+
it { should exist }
|
8
|
+
it { should be_reasonable }
|
9
|
+
it { should_not be_ridiculous }
|
10
|
+
end
|
11
|
+
```
|
12
|
+
## Basic Elements:
|
13
|
+
|
14
|
+
### describe **foo**, where
|
15
|
+
|
16
|
+
* `foo` is the _resource_
|
17
|
+
|
18
|
+
### describe foo **('/path/to/foo.txt')**, where
|
19
|
+
|
20
|
+
* `'/path/to/foo.txt'` is the _resource parameter_
|
21
|
+
|
22
|
+
## Tests:
|
23
|
+
|
24
|
+
### **its('blah') { should cmp '123' }** is an _individual test_, where
|
25
|
+
|
26
|
+
* `blah` is a _property_
|
27
|
+
* { should cmp '123' } is a _condition statement_
|
28
|
+
* `should` is the _condition_
|
29
|
+
* `cmp` is the _matcher_
|
30
|
+
* `'123'` is the _expected result_
|
31
|
+
|
32
|
+
### **{ should exist }** is a _condition statement_, where
|
33
|
+
|
34
|
+
* `should` is the _condition_
|
35
|
+
* `exist` is the _matcher_
|
36
|
+
|
37
|
+
### **{ should be\_reasonable }** is a _condition statement_, where
|
38
|
+
|
39
|
+
* `should` is the _condition_
|
40
|
+
* `be_reasonable` is the _matcher_
|
41
|
+
|
42
|
+
### **{ should\_not be\_ridiculous }** is a _negative condition statement_, where
|
43
|
+
|
44
|
+
* `should_not` is the _negative condition_
|
45
|
+
* `be_ridiculous` is the _matcher_
|
46
|
+
|
47
|
+
## Advanced Syntax
|
48
|
+
|
49
|
+
```
|
50
|
+
describe foos('/path/to/foo.txt', ssl_verify: true).where { names == 'blah' } do
|
51
|
+
its('jared') { should cmp >= 123 }
|
52
|
+
its('jared.sort.first.monkey') { should be `loud` }
|
53
|
+
its(['jared', 'monkey.with.dots']) { should be `loud` }
|
54
|
+
end
|
55
|
+
```
|
56
|
+
|
57
|
+
## Advanced Elements:
|
58
|
+
|
59
|
+
### describe **foos**, where
|
60
|
+
|
61
|
+
* `foos` is a _plural resource_
|
62
|
+
|
63
|
+
### describe foos **('/path/to/foo.txt', ssl_verify: true)**, where
|
64
|
+
|
65
|
+
* `'/path/to/foo.txt'` and `ssl_verify: true` are the _resource parameters_. Resources take one or more parameters.
|
66
|
+
|
67
|
+
## Filters:
|
68
|
+
|
69
|
+
### describe foos ('/path/to/foo.txt', ssl_verify: true)**.where { names == 'blah' }**
|
70
|
+
|
71
|
+
* `.where { names == 'blah' }` is an example of a **filter**.
|
72
|
+
* `{ names == 'blah' }` is an example of a _filter clause_
|
73
|
+
* Some resources support one or more filters.
|
74
|
+
* Filters are used on plural resources.
|
75
|
+
* Some resources, such as `etc_hosts` are explicitly plural, while others, such as `passwd` are implicitly plural.
|
76
|
+
|
77
|
+
### **{ names == 'my-name' && spots == true }** are filter criteria
|
78
|
+
|
79
|
+
* `names` compares output to `blah`
|
80
|
+
* `has spots` evaluates to `true` or `false`
|
81
|
+
|
82
|
+
## Properties:
|
83
|
+
|
84
|
+
### **its('jared') { should cmp >= 123 }**
|
85
|
+
|
86
|
+
* `jared` is the _property_
|
87
|
+
|
88
|
+
### **{ should cmp >= 123 }** is a conditional statement that uses a matcher with an operator and expected value.
|
89
|
+
|
90
|
+
* `cmp` is the _matcher_
|
91
|
+
* `>=` is the operator (some matchers accept operators)
|
92
|
+
* `123` is the expected value
|
93
|
+
|
94
|
+
## Properties with advanced usage:
|
95
|
+
|
96
|
+
### Some properties may have advanced usage:
|
97
|
+
#### **its `('jared.sort.first.monkey') { should be `loud` }`**
|
98
|
+
|
99
|
+
* `jared.sort.first.monkey` is an example of the `jared` property with an advanced usage
|
data/docs/habitat.md
CHANGED
@@ -1,192 +1,192 @@
|
|
1
|
-
---
|
2
|
-
title: InSpec Integration with Habitat
|
3
|
-
---
|
4
|
-
|
5
|
-
# Habitat Integration
|
6
|
-
|
7
|
-
InSpec provides an easy method to create an executable Habitat package for an InSpec profile. When run via the Habitat Supervisor, the package will run InSpec with your profile and write out its findings to a JSON file. This provides the ability to ship your compliance controls alongside your Habitat-packaged application and continuously run InSpec, providing you *Continuous Compliance.*
|
8
|
-
|
9
|
-
## What is Habitat?
|
10
|
-
|
11
|
-
Habitat by Chef is our new Application Automation tool that aims to make it easy, safe, and fast to build, deploy, and manage applications. From build dependencies, runtime dependencies, dynamic configuration, and service discovery (just to name a few), Habitat packages the automation with the application instead of relying on an underlying platform.
|
12
|
-
|
13
|
-
To learn more about Habitat and try our demos and tutorials, visit [https://www.habitat.sh](https://www.habitat.sh).
|
14
|
-
|
15
|
-
## Using the Habitat Integration
|
16
|
-
|
17
|
-
After creating a Habitat package for an InSpec profile (see CLI commands below) and uploading the package to a Habitat Depot or manually distributing to a host, start the Habitat Supervisor with your package:
|
18
|
-
|
19
|
-
```bash
|
20
|
-
hab start adamleff/inspec-profile-frontend1
|
21
|
-
```
|
22
|
-
|
23
|
-
The Habitat Supervisor will install InSpec and execute your profile in a loop. By default, the loop runs every 300 seconds but can be changed via the `sleep_time` configuration value:
|
24
|
-
|
25
|
-
```bash
|
26
|
-
HAB_INSPEC_PROFILE_FRONTEND1="sleep_time = 60" hab start adamleff/inspec-profile-frontend1
|
27
|
-
```
|
28
|
-
|
29
|
-
The Habitat Supervisor will display output like this:
|
30
|
-
|
31
|
-
```
|
32
|
-
hab start adamleff/inspec-profile-frontend1
|
33
|
-
∵ Missing package for core/hab-sup/0.17.0
|
34
|
-
» Installing core/hab-sup/0.17.0
|
35
|
-
↓ Downloading core/hab-sup/0.17.0/20170214235450
|
36
|
-
1.68 MB / 1.68 MB - [=========================================================================] 100.00 % 7.43 MB/s
|
37
|
-
|
38
|
-
... more Habitat output here ...
|
39
|
-
|
40
|
-
hab-sup(MN): Starting adamleff/inspec-profile-frontend1/0.1.0/20170328173005
|
41
|
-
hab-sup(CS): adamleff/inspec-profile-frontend1/0.1.0/20170328173005 is not installed
|
42
|
-
↓ Downloading adamleff-20160617201047 public origin key
|
43
|
-
79 B / 79 B | [===============================================================================] 100.00 % 2.64 MB/s
|
44
|
-
☑ Cached adamleff-20160617201047 public origin key
|
45
|
-
↓ Downloading chef/inspec/1.17.0/20170321214949
|
46
|
-
16.93 MB / 16.93 MB / [======================================================================] 100.00 % 10.49 MB/s
|
47
|
-
|
48
|
-
... more Habitat output here ...
|
49
|
-
|
50
|
-
★ Install of adamleff/inspec-profile-frontend1/0.1.0/20170328173005 complete with 9 new packages installed.
|
51
|
-
hab-sup(MR): Butterfly Member ID d9bd761e18c144469d755b1b97406eb2
|
52
|
-
hab-sup(MR): Starting butterfly on 0.0.0.0:9638
|
53
|
-
hab-sup(MR): Starting http-gateway on 0.0.0.0:9631
|
54
|
-
inspec-profile-frontend1.default(SR): Initializing
|
55
|
-
inspec-profile-frontend1.default(SV): Starting process as user=hab, group=hab
|
56
|
-
inspec-profile-frontend1.default(O): Executing InSpec for adamleff/inspec-profile-frontend1
|
57
|
-
inspec-profile-frontend1.default(O): InSpec run completed successfully.
|
58
|
-
inspec-profile-frontend1.default(O): sleeping for 300 seconds
|
59
|
-
```
|
60
|
-
|
61
|
-
The above sample output shows the supervisor starting, downloading the necessary dependencies for the supervisor and the InSpec profile, and then shows the supervisor running InSpec successfully.
|
62
|
-
|
63
|
-
InSpec will write a JSON file in the `${svc_var_path}/inspec_results` directory containing the results of the last InSpec run. For example, for the `adamleff/inspec-profile-frontend1` package, the InSpec results will be at:
|
64
|
-
|
65
|
-
```
|
66
|
-
/hab/svc/inspec-profile-frontend1/var/inspec_results/inspec-profile-frontend1.json
|
67
|
-
```
|
68
|
-
|
69
|
-
## InSpec Habitat CLI Commands
|
70
|
-
|
71
|
-
### inspec habitat profile create
|
72
|
-
|
73
|
-
Create a Habitat package for an InSpec profile. InSpec will validate the profile, fetch and vendor any dependencies (if necessary), and build the Habitat package with a dependency on the latest InSpec. The resulting package will be saved to the current working directory.
|
74
|
-
|
75
|
-
The package file will be named:
|
76
|
-
|
77
|
-
```
|
78
|
-
HABITAT_ORIGIN-inspec-profile-PROFILE_NAME-PROFILE_VERSION-BUILD_ID-x86_64-linux.hart
|
79
|
-
```
|
80
|
-
|
81
|
-
For example:
|
82
|
-
|
83
|
-
```
|
84
|
-
adamleff-inspec-profile-frontend1-0.1.0-20170328173005-x86_64-linux.hart
|
85
|
-
```
|
86
|
-
|
87
|
-
#### Syntax
|
88
|
-
|
89
|
-
```bash
|
90
|
-
inspec habitat profile create PROFILE_DIRECTORY
|
91
|
-
```
|
92
|
-
|
93
|
-
Example:
|
94
|
-
|
95
|
-
```bash
|
96
|
-
inspec habitat profile create ~/profiles/frontend1
|
97
|
-
```
|
98
|
-
|
99
|
-
### inspec habitat profile create
|
100
|
-
|
101
|
-
Create a Habitat package for an InSpec profile. InSpec will validate the profile, fetch and vendor any dependencies (if necessary), and build the Habitat package with a dependency on the latest InSpec. The resulting package will be saved to the current working directory.
|
102
|
-
|
103
|
-
The package can then be manually uploaded to a Habitat Depot or manually distributed to a host and installed via `hab pkg install`.
|
104
|
-
|
105
|
-
The package file will be named:
|
106
|
-
|
107
|
-
```
|
108
|
-
HABITAT_ORIGIN-inspec-profile-PROFILE_NAME-PROFILE_VERSION-BUILD_ID-x86_64-linux.hart
|
109
|
-
```
|
110
|
-
|
111
|
-
For example:
|
112
|
-
|
113
|
-
```
|
114
|
-
adamleff-inspec-profile-frontend1-0.1.0-20170328173005-x86_64-linux.hart
|
115
|
-
```
|
116
|
-
|
117
|
-
#### Syntax
|
118
|
-
|
119
|
-
```bash
|
120
|
-
inspec habitat profile create PROFILE_DIRECTORY
|
121
|
-
```
|
122
|
-
|
123
|
-
#### Example
|
124
|
-
|
125
|
-
```bash
|
126
|
-
inspec habitat profile create ~/profiles/frontend1
|
127
|
-
```
|
128
|
-
|
129
|
-
#### Example Output
|
130
|
-
|
131
|
-
```
|
132
|
-
$ habitat profile create ~/profiles/frontend1
|
133
|
-
[2017-03-28T13:29:32-04:00] INFO: Creating a Habitat artifact for profile: /Users/aleff/profiles/frontend1
|
134
|
-
[2017-03-28T13:29:32-04:00] INFO: Checking to see if Habitat is installed...
|
135
|
-
[2017-03-28T13:29:32-04:00] INFO: Copying profile contents to the work directory...
|
136
|
-
[2017-03-28T13:29:32-04:00] INFO: Generating Habitat plan at /var/folders/v5/z54gb76j2rs3wrn65hmtyf1r0000gp/T/inspec-habitat-exporter20170328-4932-kg2ltd/habitat/plan.sh...
|
137
|
-
[2017-03-28T13:29:32-04:00] INFO: Generating a Habitat run hook at /var/folders/v5/z54gb76j2rs3wrn65hmtyf1r0000gp/T/inspec-habitat-exporter20170328-4932-kg2ltd/habitat/hooks/run...
|
138
|
-
[2017-03-28T13:29:32-04:00] INFO: Generating Habitat's default.toml configuration...
|
139
|
-
[2017-03-28T13:29:32-04:00] INFO: Building our Habitat artifact...
|
140
|
-
hab-studio: Destroying Studio at /hab/studios/src (default)
|
141
|
-
hab-studio: Creating Studio at /hab/studios/src (default)
|
142
|
-
hab-studio: Importing adamleff secret origin key
|
143
|
-
» Importing origin key from standard input
|
144
|
-
★ Imported secret origin key adamleff-20160617201047.
|
145
|
-
» Installing core/hab-backline
|
146
|
-
↓ Downloading core/hab-backline/0.19.0/20170311034116
|
147
|
-
2.17 KB / 2.17 KB / [=========================================================================] 100.00 % 4.33 MB/s
|
148
|
-
|
149
|
-
... more Habitat output here...
|
150
|
-
|
151
|
-
[2017-03-28T13:30:18-04:00] INFO: Copying artifact to /Users/aleff...
|
152
|
-
```
|
153
|
-
|
154
|
-
### inspec habitat profile upload
|
155
|
-
|
156
|
-
Create and then upload a Habitat package for an InSpec profile. Like the `inspec habitat profile create` command, InSpec will validate the profile, fetch and vendor any dependencies (if necessary), and build the Habitat package with a dependency on the latest InSpec. However, instead of saving the package locally to the workstation, InSpec will upload it to the depot defined in the `HAB_DEPOT` environment variable. If `HAB_DEPOT` is not defined, the package will be uploaded to the public Habitat depot at [https://app.habitat.sh](https://app.habitat.sh).
|
157
|
-
|
158
|
-
#### Syntax
|
159
|
-
|
160
|
-
```bash
|
161
|
-
inspec habitat profile upload PROFILE_DIRECTORY
|
162
|
-
```
|
163
|
-
|
164
|
-
#### Example
|
165
|
-
|
166
|
-
```bash
|
167
|
-
inspec habitat profile upload ~/profiles/frontend1
|
168
|
-
```
|
169
|
-
|
170
|
-
#### Example Output
|
171
|
-
```
|
172
|
-
[2017-03-28T13:29:32-04:00] INFO: Creating a Habitat artifact for profile: /Users/aleff/profiles/frontend1
|
173
|
-
[2017-03-28T13:29:32-04:00] INFO: Checking to see if Habitat is installed...
|
174
|
-
[2017-03-28T13:29:32-04:00] INFO: Copying profile contents to the work directory...
|
175
|
-
[2017-03-28T13:29:32-04:00] INFO: Generating Habitat plan at /var/folders/v5/z54gb76j2rs3wrn65hmtyf1r0000gp/T/inspec-habitat-exporter20170328-4932-kg2ltd/habitat/plan.sh...
|
176
|
-
[2017-03-28T13:29:32-04:00] INFO: Generating a Habitat run hook at /var/folders/v5/z54gb76j2rs3wrn65hmtyf1r0000gp/T/inspec-habitat-exporter20170328-4932-kg2ltd/habitat/hooks/run...
|
177
|
-
[2017-03-28T13:29:32-04:00] INFO: Generating Habitat's default.toml configuration...
|
178
|
-
[2017-03-28T13:29:32-04:00] INFO: Building our Habitat artifact...
|
179
|
-
hab-studio: Destroying Studio at /hab/studios/src (default)
|
180
|
-
hab-studio: Creating Studio at /hab/studios/src (default)
|
181
|
-
hab-studio: Importing adamleff secret origin key
|
182
|
-
» Importing origin key from standard input
|
183
|
-
★ Imported secret origin key adamleff-20160617201047.
|
184
|
-
» Installing core/hab-backline
|
185
|
-
↓ Downloading core/hab-backline/0.19.0/20170311034116
|
186
|
-
2.17 KB / 2.17 KB / [=========================================================================] 100.00 % 4.33 MB/s
|
187
|
-
|
188
|
-
... more Habitat output here...
|
189
|
-
|
190
|
-
[2017-03-28T13:30:18-04:00] INFO: Uploading the Habitat artifact to our Depot...
|
191
|
-
[2017-03-28T13:30:23-04:00] INFO: Upload complete!
|
1
|
+
---
|
2
|
+
title: InSpec Integration with Habitat
|
3
|
+
---
|
4
|
+
|
5
|
+
# Habitat Integration
|
6
|
+
|
7
|
+
InSpec provides an easy method to create an executable Habitat package for an InSpec profile. When run via the Habitat Supervisor, the package will run InSpec with your profile and write out its findings to a JSON file. This provides the ability to ship your compliance controls alongside your Habitat-packaged application and continuously run InSpec, providing you *Continuous Compliance.*
|
8
|
+
|
9
|
+
## What is Habitat?
|
10
|
+
|
11
|
+
Habitat by Chef is our new Application Automation tool that aims to make it easy, safe, and fast to build, deploy, and manage applications. From build dependencies, runtime dependencies, dynamic configuration, and service discovery (just to name a few), Habitat packages the automation with the application instead of relying on an underlying platform.
|
12
|
+
|
13
|
+
To learn more about Habitat and try our demos and tutorials, visit [https://www.habitat.sh](https://www.habitat.sh).
|
14
|
+
|
15
|
+
## Using the Habitat Integration
|
16
|
+
|
17
|
+
After creating a Habitat package for an InSpec profile (see CLI commands below) and uploading the package to a Habitat Depot or manually distributing to a host, start the Habitat Supervisor with your package:
|
18
|
+
|
19
|
+
```bash
|
20
|
+
hab start adamleff/inspec-profile-frontend1
|
21
|
+
```
|
22
|
+
|
23
|
+
The Habitat Supervisor will install InSpec and execute your profile in a loop. By default, the loop runs every 300 seconds but can be changed via the `sleep_time` configuration value:
|
24
|
+
|
25
|
+
```bash
|
26
|
+
HAB_INSPEC_PROFILE_FRONTEND1="sleep_time = 60" hab start adamleff/inspec-profile-frontend1
|
27
|
+
```
|
28
|
+
|
29
|
+
The Habitat Supervisor will display output like this:
|
30
|
+
|
31
|
+
```
|
32
|
+
hab start adamleff/inspec-profile-frontend1
|
33
|
+
∵ Missing package for core/hab-sup/0.17.0
|
34
|
+
» Installing core/hab-sup/0.17.0
|
35
|
+
↓ Downloading core/hab-sup/0.17.0/20170214235450
|
36
|
+
1.68 MB / 1.68 MB - [=========================================================================] 100.00 % 7.43 MB/s
|
37
|
+
|
38
|
+
... more Habitat output here ...
|
39
|
+
|
40
|
+
hab-sup(MN): Starting adamleff/inspec-profile-frontend1/0.1.0/20170328173005
|
41
|
+
hab-sup(CS): adamleff/inspec-profile-frontend1/0.1.0/20170328173005 is not installed
|
42
|
+
↓ Downloading adamleff-20160617201047 public origin key
|
43
|
+
79 B / 79 B | [===============================================================================] 100.00 % 2.64 MB/s
|
44
|
+
☑ Cached adamleff-20160617201047 public origin key
|
45
|
+
↓ Downloading chef/inspec/1.17.0/20170321214949
|
46
|
+
16.93 MB / 16.93 MB / [======================================================================] 100.00 % 10.49 MB/s
|
47
|
+
|
48
|
+
... more Habitat output here ...
|
49
|
+
|
50
|
+
★ Install of adamleff/inspec-profile-frontend1/0.1.0/20170328173005 complete with 9 new packages installed.
|
51
|
+
hab-sup(MR): Butterfly Member ID d9bd761e18c144469d755b1b97406eb2
|
52
|
+
hab-sup(MR): Starting butterfly on 0.0.0.0:9638
|
53
|
+
hab-sup(MR): Starting http-gateway on 0.0.0.0:9631
|
54
|
+
inspec-profile-frontend1.default(SR): Initializing
|
55
|
+
inspec-profile-frontend1.default(SV): Starting process as user=hab, group=hab
|
56
|
+
inspec-profile-frontend1.default(O): Executing InSpec for adamleff/inspec-profile-frontend1
|
57
|
+
inspec-profile-frontend1.default(O): InSpec run completed successfully.
|
58
|
+
inspec-profile-frontend1.default(O): sleeping for 300 seconds
|
59
|
+
```
|
60
|
+
|
61
|
+
The above sample output shows the supervisor starting, downloading the necessary dependencies for the supervisor and the InSpec profile, and then shows the supervisor running InSpec successfully.
|
62
|
+
|
63
|
+
InSpec will write a JSON file in the `${svc_var_path}/inspec_results` directory containing the results of the last InSpec run. For example, for the `adamleff/inspec-profile-frontend1` package, the InSpec results will be at:
|
64
|
+
|
65
|
+
```
|
66
|
+
/hab/svc/inspec-profile-frontend1/var/inspec_results/inspec-profile-frontend1.json
|
67
|
+
```
|
68
|
+
|
69
|
+
## InSpec Habitat CLI Commands
|
70
|
+
|
71
|
+
### inspec habitat profile create
|
72
|
+
|
73
|
+
Create a Habitat package for an InSpec profile. InSpec will validate the profile, fetch and vendor any dependencies (if necessary), and build the Habitat package with a dependency on the latest InSpec. The resulting package will be saved to the current working directory.
|
74
|
+
|
75
|
+
The package file will be named:
|
76
|
+
|
77
|
+
```
|
78
|
+
HABITAT_ORIGIN-inspec-profile-PROFILE_NAME-PROFILE_VERSION-BUILD_ID-x86_64-linux.hart
|
79
|
+
```
|
80
|
+
|
81
|
+
For example:
|
82
|
+
|
83
|
+
```
|
84
|
+
adamleff-inspec-profile-frontend1-0.1.0-20170328173005-x86_64-linux.hart
|
85
|
+
```
|
86
|
+
|
87
|
+
#### Syntax
|
88
|
+
|
89
|
+
```bash
|
90
|
+
inspec habitat profile create PROFILE_DIRECTORY
|
91
|
+
```
|
92
|
+
|
93
|
+
Example:
|
94
|
+
|
95
|
+
```bash
|
96
|
+
inspec habitat profile create ~/profiles/frontend1
|
97
|
+
```
|
98
|
+
|
99
|
+
### inspec habitat profile create
|
100
|
+
|
101
|
+
Create a Habitat package for an InSpec profile. InSpec will validate the profile, fetch and vendor any dependencies (if necessary), and build the Habitat package with a dependency on the latest InSpec. The resulting package will be saved to the current working directory.
|
102
|
+
|
103
|
+
The package can then be manually uploaded to a Habitat Depot or manually distributed to a host and installed via `hab pkg install`.
|
104
|
+
|
105
|
+
The package file will be named:
|
106
|
+
|
107
|
+
```
|
108
|
+
HABITAT_ORIGIN-inspec-profile-PROFILE_NAME-PROFILE_VERSION-BUILD_ID-x86_64-linux.hart
|
109
|
+
```
|
110
|
+
|
111
|
+
For example:
|
112
|
+
|
113
|
+
```
|
114
|
+
adamleff-inspec-profile-frontend1-0.1.0-20170328173005-x86_64-linux.hart
|
115
|
+
```
|
116
|
+
|
117
|
+
#### Syntax
|
118
|
+
|
119
|
+
```bash
|
120
|
+
inspec habitat profile create PROFILE_DIRECTORY
|
121
|
+
```
|
122
|
+
|
123
|
+
#### Example
|
124
|
+
|
125
|
+
```bash
|
126
|
+
inspec habitat profile create ~/profiles/frontend1
|
127
|
+
```
|
128
|
+
|
129
|
+
#### Example Output
|
130
|
+
|
131
|
+
```
|
132
|
+
$ habitat profile create ~/profiles/frontend1
|
133
|
+
[2017-03-28T13:29:32-04:00] INFO: Creating a Habitat artifact for profile: /Users/aleff/profiles/frontend1
|
134
|
+
[2017-03-28T13:29:32-04:00] INFO: Checking to see if Habitat is installed...
|
135
|
+
[2017-03-28T13:29:32-04:00] INFO: Copying profile contents to the work directory...
|
136
|
+
[2017-03-28T13:29:32-04:00] INFO: Generating Habitat plan at /var/folders/v5/z54gb76j2rs3wrn65hmtyf1r0000gp/T/inspec-habitat-exporter20170328-4932-kg2ltd/habitat/plan.sh...
|
137
|
+
[2017-03-28T13:29:32-04:00] INFO: Generating a Habitat run hook at /var/folders/v5/z54gb76j2rs3wrn65hmtyf1r0000gp/T/inspec-habitat-exporter20170328-4932-kg2ltd/habitat/hooks/run...
|
138
|
+
[2017-03-28T13:29:32-04:00] INFO: Generating Habitat's default.toml configuration...
|
139
|
+
[2017-03-28T13:29:32-04:00] INFO: Building our Habitat artifact...
|
140
|
+
hab-studio: Destroying Studio at /hab/studios/src (default)
|
141
|
+
hab-studio: Creating Studio at /hab/studios/src (default)
|
142
|
+
hab-studio: Importing adamleff secret origin key
|
143
|
+
» Importing origin key from standard input
|
144
|
+
★ Imported secret origin key adamleff-20160617201047.
|
145
|
+
» Installing core/hab-backline
|
146
|
+
↓ Downloading core/hab-backline/0.19.0/20170311034116
|
147
|
+
2.17 KB / 2.17 KB / [=========================================================================] 100.00 % 4.33 MB/s
|
148
|
+
|
149
|
+
... more Habitat output here...
|
150
|
+
|
151
|
+
[2017-03-28T13:30:18-04:00] INFO: Copying artifact to /Users/aleff...
|
152
|
+
```
|
153
|
+
|
154
|
+
### inspec habitat profile upload
|
155
|
+
|
156
|
+
Create and then upload a Habitat package for an InSpec profile. Like the `inspec habitat profile create` command, InSpec will validate the profile, fetch and vendor any dependencies (if necessary), and build the Habitat package with a dependency on the latest InSpec. However, instead of saving the package locally to the workstation, InSpec will upload it to the depot defined in the `HAB_DEPOT` environment variable. If `HAB_DEPOT` is not defined, the package will be uploaded to the public Habitat depot at [https://app.habitat.sh](https://app.habitat.sh).
|
157
|
+
|
158
|
+
#### Syntax
|
159
|
+
|
160
|
+
```bash
|
161
|
+
inspec habitat profile upload PROFILE_DIRECTORY
|
162
|
+
```
|
163
|
+
|
164
|
+
#### Example
|
165
|
+
|
166
|
+
```bash
|
167
|
+
inspec habitat profile upload ~/profiles/frontend1
|
168
|
+
```
|
169
|
+
|
170
|
+
#### Example Output
|
171
|
+
```
|
172
|
+
[2017-03-28T13:29:32-04:00] INFO: Creating a Habitat artifact for profile: /Users/aleff/profiles/frontend1
|
173
|
+
[2017-03-28T13:29:32-04:00] INFO: Checking to see if Habitat is installed...
|
174
|
+
[2017-03-28T13:29:32-04:00] INFO: Copying profile contents to the work directory...
|
175
|
+
[2017-03-28T13:29:32-04:00] INFO: Generating Habitat plan at /var/folders/v5/z54gb76j2rs3wrn65hmtyf1r0000gp/T/inspec-habitat-exporter20170328-4932-kg2ltd/habitat/plan.sh...
|
176
|
+
[2017-03-28T13:29:32-04:00] INFO: Generating a Habitat run hook at /var/folders/v5/z54gb76j2rs3wrn65hmtyf1r0000gp/T/inspec-habitat-exporter20170328-4932-kg2ltd/habitat/hooks/run...
|
177
|
+
[2017-03-28T13:29:32-04:00] INFO: Generating Habitat's default.toml configuration...
|
178
|
+
[2017-03-28T13:29:32-04:00] INFO: Building our Habitat artifact...
|
179
|
+
hab-studio: Destroying Studio at /hab/studios/src (default)
|
180
|
+
hab-studio: Creating Studio at /hab/studios/src (default)
|
181
|
+
hab-studio: Importing adamleff secret origin key
|
182
|
+
» Importing origin key from standard input
|
183
|
+
★ Imported secret origin key adamleff-20160617201047.
|
184
|
+
» Installing core/hab-backline
|
185
|
+
↓ Downloading core/hab-backline/0.19.0/20170311034116
|
186
|
+
2.17 KB / 2.17 KB / [=========================================================================] 100.00 % 4.33 MB/s
|
187
|
+
|
188
|
+
... more Habitat output here...
|
189
|
+
|
190
|
+
[2017-03-28T13:30:18-04:00] INFO: Uploading the Habitat artifact to our Depot...
|
191
|
+
[2017-03-28T13:30:23-04:00] INFO: Upload complete!
|
192
192
|
```
|