inspec 2.1.81 → 2.1.83

Sign up to get free protection for your applications and to get access to all the features.
Files changed (507) hide show
  1. checksums.yaml +5 -5
  2. data/.rubocop.yml +101 -101
  3. data/CHANGELOG.md +3183 -3177
  4. data/Gemfile +56 -56
  5. data/LICENSE +14 -14
  6. data/MAINTAINERS.md +33 -33
  7. data/MAINTAINERS.toml +52 -52
  8. data/README.md +453 -453
  9. data/Rakefile +349 -349
  10. data/bin/inspec +12 -12
  11. data/docs/.gitignore +2 -2
  12. data/docs/README.md +41 -40
  13. data/docs/dev/control-eval.md +61 -61
  14. data/docs/dsl_inspec.md +258 -258
  15. data/docs/dsl_resource.md +100 -100
  16. data/docs/glossary.md +99 -99
  17. data/docs/habitat.md +191 -191
  18. data/docs/inspec_and_friends.md +114 -114
  19. data/docs/matchers.md +169 -169
  20. data/docs/migration.md +293 -293
  21. data/docs/platforms.md +118 -118
  22. data/docs/plugin_kitchen_inspec.md +50 -50
  23. data/docs/profiles.md +378 -378
  24. data/docs/reporters.md +105 -105
  25. data/docs/resources/aide_conf.md.erb +75 -75
  26. data/docs/resources/apache.md.erb +67 -67
  27. data/docs/resources/apache_conf.md.erb +68 -68
  28. data/docs/resources/apt.md.erb +71 -71
  29. data/docs/resources/audit_policy.md.erb +47 -47
  30. data/docs/resources/auditd.md.erb +79 -79
  31. data/docs/resources/auditd_conf.md.erb +68 -68
  32. data/docs/resources/aws_cloudtrail_trail.md.erb +155 -155
  33. data/docs/resources/aws_cloudtrail_trails.md.erb +86 -86
  34. data/docs/resources/aws_cloudwatch_alarm.md.erb +91 -91
  35. data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +154 -154
  36. data/docs/resources/aws_config_delivery_channel.md.erb +101 -101
  37. data/docs/resources/aws_config_recorder.md.erb +86 -86
  38. data/docs/resources/aws_ec2_instance.md.erb +112 -112
  39. data/docs/resources/aws_ec2_instances.md.erb +79 -79
  40. data/docs/resources/aws_iam_access_key.md.erb +129 -129
  41. data/docs/resources/aws_iam_access_keys.md.erb +204 -204
  42. data/docs/resources/aws_iam_group.md.erb +64 -64
  43. data/docs/resources/aws_iam_groups.md.erb +49 -49
  44. data/docs/resources/aws_iam_password_policy.md.erb +82 -82
  45. data/docs/resources/aws_iam_policies.md.erb +87 -87
  46. data/docs/resources/aws_iam_policy.md.erb +245 -245
  47. data/docs/resources/aws_iam_role.md.erb +69 -69
  48. data/docs/resources/aws_iam_root_user.md.erb +76 -76
  49. data/docs/resources/aws_iam_user.md.erb +120 -120
  50. data/docs/resources/aws_iam_users.md.erb +279 -279
  51. data/docs/resources/aws_kms_key.md.erb +177 -177
  52. data/docs/resources/aws_kms_keys.md.erb +89 -89
  53. data/docs/resources/aws_rds_instance.md.erb +66 -66
  54. data/docs/resources/aws_route_table.md.erb +53 -53
  55. data/docs/resources/aws_route_tables.md.erb +55 -55
  56. data/docs/resources/aws_s3_bucket.md.erb +146 -146
  57. data/docs/resources/aws_s3_bucket_object.md.erb +89 -89
  58. data/docs/resources/aws_s3_buckets.md.erb +59 -59
  59. data/docs/resources/aws_security_group.md.erb +296 -296
  60. data/docs/resources/aws_security_groups.md.erb +97 -97
  61. data/docs/resources/aws_sns_subscription.md.erb +130 -130
  62. data/docs/resources/aws_sns_topic.md.erb +69 -69
  63. data/docs/resources/aws_sns_topics.md.erb +58 -58
  64. data/docs/resources/aws_subnet.md.erb +140 -140
  65. data/docs/resources/aws_subnets.md.erb +132 -132
  66. data/docs/resources/aws_vpc.md.erb +125 -125
  67. data/docs/resources/aws_vpcs.md.erb +125 -125
  68. data/docs/resources/azure_generic_resource.md.erb +171 -171
  69. data/docs/resources/azure_resource_group.md.erb +284 -284
  70. data/docs/resources/azure_virtual_machine.md.erb +347 -347
  71. data/docs/resources/azure_virtual_machine_data_disk.md.erb +224 -224
  72. data/docs/resources/bash.md.erb +75 -75
  73. data/docs/resources/bond.md.erb +90 -90
  74. data/docs/resources/bridge.md.erb +57 -57
  75. data/docs/resources/bsd_service.md.erb +67 -67
  76. data/docs/resources/chocolatey_package.md.erb +58 -58
  77. data/docs/resources/command.md.erb +138 -138
  78. data/docs/resources/cpan.md.erb +79 -79
  79. data/docs/resources/cran.md.erb +64 -64
  80. data/docs/resources/crontab.md.erb +89 -89
  81. data/docs/resources/csv.md.erb +54 -54
  82. data/docs/resources/dh_params.md.erb +205 -205
  83. data/docs/resources/directory.md.erb +30 -30
  84. data/docs/resources/docker.md.erb +219 -219
  85. data/docs/resources/docker_container.md.erb +103 -103
  86. data/docs/resources/docker_image.md.erb +94 -94
  87. data/docs/resources/docker_service.md.erb +114 -114
  88. data/docs/resources/elasticsearch.md.erb +242 -242
  89. data/docs/resources/etc_fstab.md.erb +125 -125
  90. data/docs/resources/etc_group.md.erb +75 -75
  91. data/docs/resources/etc_hosts.md.erb +78 -78
  92. data/docs/resources/etc_hosts_allow.md.erb +74 -74
  93. data/docs/resources/etc_hosts_deny.md.erb +74 -74
  94. data/docs/resources/file.md.erb +526 -526
  95. data/docs/resources/filesystem.md.erb +41 -41
  96. data/docs/resources/firewalld.md.erb +107 -107
  97. data/docs/resources/gem.md.erb +79 -79
  98. data/docs/resources/group.md.erb +61 -61
  99. data/docs/resources/grub_conf.md.erb +101 -101
  100. data/docs/resources/host.md.erb +86 -86
  101. data/docs/resources/http.md.erb +197 -197
  102. data/docs/resources/iis_app.md.erb +122 -122
  103. data/docs/resources/iis_site.md.erb +135 -135
  104. data/docs/resources/inetd_conf.md.erb +94 -94
  105. data/docs/resources/ini.md.erb +76 -76
  106. data/docs/resources/interface.md.erb +58 -58
  107. data/docs/resources/iptables.md.erb +64 -64
  108. data/docs/resources/json.md.erb +63 -63
  109. data/docs/resources/kernel_module.md.erb +120 -120
  110. data/docs/resources/kernel_parameter.md.erb +53 -53
  111. data/docs/resources/key_rsa.md.erb +85 -85
  112. data/docs/resources/launchd_service.md.erb +57 -57
  113. data/docs/resources/limits_conf.md.erb +75 -75
  114. data/docs/resources/login_defs.md.erb +71 -71
  115. data/docs/resources/mount.md.erb +69 -69
  116. data/docs/resources/mssql_session.md.erb +60 -60
  117. data/docs/resources/mysql_conf.md.erb +99 -99
  118. data/docs/resources/mysql_session.md.erb +74 -74
  119. data/docs/resources/nginx.md.erb +79 -79
  120. data/docs/resources/nginx_conf.md.erb +138 -138
  121. data/docs/resources/npm.md.erb +60 -60
  122. data/docs/resources/ntp_conf.md.erb +60 -60
  123. data/docs/resources/oneget.md.erb +53 -53
  124. data/docs/resources/oracledb_session.md.erb +52 -52
  125. data/docs/resources/os.md.erb +141 -141
  126. data/docs/resources/os_env.md.erb +91 -91
  127. data/docs/resources/package.md.erb +120 -120
  128. data/docs/resources/packages.md.erb +67 -67
  129. data/docs/resources/parse_config.md.erb +103 -103
  130. data/docs/resources/parse_config_file.md.erb +138 -138
  131. data/docs/resources/passwd.md.erb +141 -141
  132. data/docs/resources/pip.md.erb +67 -67
  133. data/docs/resources/port.md.erb +137 -137
  134. data/docs/resources/postgres_conf.md.erb +79 -79
  135. data/docs/resources/postgres_hba_conf.md.erb +93 -93
  136. data/docs/resources/postgres_ident_conf.md.erb +76 -76
  137. data/docs/resources/postgres_session.md.erb +69 -69
  138. data/docs/resources/powershell.md.erb +102 -102
  139. data/docs/resources/processes.md.erb +109 -109
  140. data/docs/resources/rabbitmq_config.md.erb +41 -41
  141. data/docs/resources/registry_key.md.erb +158 -158
  142. data/docs/resources/runit_service.md.erb +57 -57
  143. data/docs/resources/security_policy.md.erb +47 -47
  144. data/docs/resources/service.md.erb +121 -121
  145. data/docs/resources/shadow.md.erb +146 -146
  146. data/docs/resources/ssh_config.md.erb +73 -73
  147. data/docs/resources/sshd_config.md.erb +83 -83
  148. data/docs/resources/ssl.md.erb +119 -119
  149. data/docs/resources/sys_info.md.erb +42 -42
  150. data/docs/resources/systemd_service.md.erb +57 -57
  151. data/docs/resources/sysv_service.md.erb +57 -57
  152. data/docs/resources/upstart_service.md.erb +57 -57
  153. data/docs/resources/user.md.erb +140 -140
  154. data/docs/resources/users.md.erb +127 -127
  155. data/docs/resources/vbscript.md.erb +55 -55
  156. data/docs/resources/virtualization.md.erb +57 -57
  157. data/docs/resources/windows_feature.md.erb +47 -47
  158. data/docs/resources/windows_hotfix.md.erb +53 -53
  159. data/docs/resources/windows_task.md.erb +95 -95
  160. data/docs/resources/wmi.md.erb +81 -81
  161. data/docs/resources/x509_certificate.md.erb +151 -151
  162. data/docs/resources/xinetd_conf.md.erb +156 -156
  163. data/docs/resources/xml.md.erb +85 -85
  164. data/docs/resources/yaml.md.erb +69 -69
  165. data/docs/resources/yum.md.erb +98 -98
  166. data/docs/resources/zfs_dataset.md.erb +53 -53
  167. data/docs/resources/zfs_pool.md.erb +47 -47
  168. data/docs/ruby_usage.md +203 -203
  169. data/docs/shared/matcher_be.md.erb +1 -1
  170. data/docs/shared/matcher_cmp.md.erb +43 -43
  171. data/docs/shared/matcher_eq.md.erb +3 -3
  172. data/docs/shared/matcher_include.md.erb +1 -1
  173. data/docs/shared/matcher_match.md.erb +1 -1
  174. data/docs/shell.md +217 -217
  175. data/examples/README.md +8 -8
  176. data/examples/inheritance/README.md +65 -65
  177. data/examples/inheritance/controls/example.rb +14 -14
  178. data/examples/inheritance/inspec.yml +15 -15
  179. data/examples/kitchen-ansible/.kitchen.yml +25 -25
  180. data/examples/kitchen-ansible/Gemfile +19 -19
  181. data/examples/kitchen-ansible/README.md +53 -53
  182. data/examples/kitchen-ansible/files/nginx.repo +6 -6
  183. data/examples/kitchen-ansible/tasks/main.yml +16 -16
  184. data/examples/kitchen-ansible/test/integration/default/default.yml +5 -5
  185. data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -28
  186. data/examples/kitchen-chef/.kitchen.yml +20 -20
  187. data/examples/kitchen-chef/Berksfile +3 -3
  188. data/examples/kitchen-chef/Gemfile +19 -19
  189. data/examples/kitchen-chef/README.md +27 -27
  190. data/examples/kitchen-chef/metadata.rb +7 -7
  191. data/examples/kitchen-chef/recipes/default.rb +6 -6
  192. data/examples/kitchen-chef/recipes/nginx.rb +30 -30
  193. data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -28
  194. data/examples/kitchen-puppet/.kitchen.yml +23 -23
  195. data/examples/kitchen-puppet/Gemfile +20 -20
  196. data/examples/kitchen-puppet/Puppetfile +25 -25
  197. data/examples/kitchen-puppet/README.md +53 -53
  198. data/examples/kitchen-puppet/manifests/site.pp +33 -33
  199. data/examples/kitchen-puppet/metadata.json +11 -11
  200. data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -28
  201. data/examples/meta-profile/README.md +37 -37
  202. data/examples/meta-profile/controls/example.rb +13 -13
  203. data/examples/meta-profile/inspec.yml +13 -13
  204. data/examples/profile-attribute.yml +2 -2
  205. data/examples/profile-attribute/README.md +14 -14
  206. data/examples/profile-attribute/controls/example.rb +11 -11
  207. data/examples/profile-attribute/inspec.yml +8 -8
  208. data/examples/profile-aws/controls/iam_password_policy_expiration.rb +8 -8
  209. data/examples/profile-aws/controls/iam_password_policy_max_age.rb +8 -8
  210. data/examples/profile-aws/controls/iam_root_user_mfa.rb +8 -8
  211. data/examples/profile-aws/controls/iam_users_access_key_age.rb +8 -8
  212. data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +8 -8
  213. data/examples/profile-aws/inspec.yml +11 -11
  214. data/examples/profile-azure/controls/azure_resource_group_example.rb +24 -24
  215. data/examples/profile-azure/controls/azure_vm_example.rb +29 -29
  216. data/examples/profile-azure/inspec.yml +11 -11
  217. data/examples/profile-sensitive/README.md +29 -29
  218. data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -9
  219. data/examples/profile-sensitive/controls/sensitive.rb +9 -9
  220. data/examples/profile-sensitive/inspec.yml +8 -8
  221. data/examples/profile/README.md +48 -48
  222. data/examples/profile/controls/example.rb +23 -23
  223. data/examples/profile/controls/gordon.rb +36 -36
  224. data/examples/profile/controls/meta.rb +34 -34
  225. data/examples/profile/inspec.yml +10 -10
  226. data/examples/profile/libraries/gordon_config.rb +59 -59
  227. data/inspec.gemspec +49 -49
  228. data/lib/bundles/README.md +3 -3
  229. data/lib/bundles/inspec-artifact.rb +7 -7
  230. data/lib/bundles/inspec-artifact/README.md +1 -1
  231. data/lib/bundles/inspec-artifact/cli.rb +277 -277
  232. data/lib/bundles/inspec-compliance.rb +16 -16
  233. data/lib/bundles/inspec-compliance/.kitchen.yml +20 -20
  234. data/lib/bundles/inspec-compliance/README.md +193 -193
  235. data/lib/bundles/inspec-compliance/api.rb +360 -360
  236. data/lib/bundles/inspec-compliance/api/login.rb +193 -193
  237. data/lib/bundles/inspec-compliance/bootstrap.sh +41 -41
  238. data/lib/bundles/inspec-compliance/cli.rb +260 -260
  239. data/lib/bundles/inspec-compliance/configuration.rb +103 -103
  240. data/lib/bundles/inspec-compliance/http.rb +125 -125
  241. data/lib/bundles/inspec-compliance/support.rb +36 -36
  242. data/lib/bundles/inspec-compliance/target.rb +112 -112
  243. data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -93
  244. data/lib/bundles/inspec-habitat.rb +12 -12
  245. data/lib/bundles/inspec-habitat/cli.rb +36 -36
  246. data/lib/bundles/inspec-habitat/log.rb +10 -10
  247. data/lib/bundles/inspec-habitat/profile.rb +391 -391
  248. data/lib/bundles/inspec-init.rb +8 -8
  249. data/lib/bundles/inspec-init/README.md +31 -31
  250. data/lib/bundles/inspec-init/cli.rb +97 -97
  251. data/lib/bundles/inspec-init/templates/profile/README.md +3 -3
  252. data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -19
  253. data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -8
  254. data/lib/bundles/inspec-supermarket.rb +13 -13
  255. data/lib/bundles/inspec-supermarket/README.md +45 -45
  256. data/lib/bundles/inspec-supermarket/api.rb +84 -84
  257. data/lib/bundles/inspec-supermarket/cli.rb +73 -73
  258. data/lib/bundles/inspec-supermarket/target.rb +34 -34
  259. data/lib/fetchers/git.rb +163 -163
  260. data/lib/fetchers/local.rb +74 -74
  261. data/lib/fetchers/mock.rb +35 -35
  262. data/lib/fetchers/url.rb +247 -247
  263. data/lib/inspec.rb +24 -24
  264. data/lib/inspec/archive/tar.rb +29 -29
  265. data/lib/inspec/archive/zip.rb +19 -19
  266. data/lib/inspec/backend.rb +93 -93
  267. data/lib/inspec/base_cli.rb +368 -368
  268. data/lib/inspec/cached_fetcher.rb +66 -66
  269. data/lib/inspec/cli.rb +292 -292
  270. data/lib/inspec/completions/bash.sh.erb +45 -45
  271. data/lib/inspec/completions/fish.sh.erb +34 -34
  272. data/lib/inspec/completions/zsh.sh.erb +61 -61
  273. data/lib/inspec/control_eval_context.rb +179 -179
  274. data/lib/inspec/dependencies/cache.rb +72 -72
  275. data/lib/inspec/dependencies/dependency_set.rb +92 -92
  276. data/lib/inspec/dependencies/lockfile.rb +115 -115
  277. data/lib/inspec/dependencies/requirement.rb +123 -123
  278. data/lib/inspec/dependencies/resolver.rb +86 -86
  279. data/lib/inspec/describe.rb +27 -27
  280. data/lib/inspec/dsl.rb +66 -66
  281. data/lib/inspec/dsl_shared.rb +33 -33
  282. data/lib/inspec/env_printer.rb +157 -157
  283. data/lib/inspec/errors.rb +14 -14
  284. data/lib/inspec/exceptions.rb +12 -12
  285. data/lib/inspec/expect.rb +45 -45
  286. data/lib/inspec/fetcher.rb +45 -45
  287. data/lib/inspec/file_provider.rb +275 -275
  288. data/lib/inspec/formatters.rb +3 -3
  289. data/lib/inspec/formatters/base.rb +259 -259
  290. data/lib/inspec/formatters/json_rspec.rb +20 -20
  291. data/lib/inspec/formatters/show_progress.rb +12 -12
  292. data/lib/inspec/library_eval_context.rb +58 -58
  293. data/lib/inspec/log.rb +11 -11
  294. data/lib/inspec/metadata.rb +247 -247
  295. data/lib/inspec/method_source.rb +24 -24
  296. data/lib/inspec/objects.rb +14 -14
  297. data/lib/inspec/objects/attribute.rb +75 -75
  298. data/lib/inspec/objects/control.rb +61 -61
  299. data/lib/inspec/objects/describe.rb +92 -92
  300. data/lib/inspec/objects/each_loop.rb +36 -36
  301. data/lib/inspec/objects/list.rb +15 -15
  302. data/lib/inspec/objects/or_test.rb +40 -40
  303. data/lib/inspec/objects/ruby_helper.rb +15 -15
  304. data/lib/inspec/objects/tag.rb +27 -27
  305. data/lib/inspec/objects/test.rb +87 -87
  306. data/lib/inspec/objects/value.rb +27 -27
  307. data/lib/inspec/plugins.rb +60 -60
  308. data/lib/inspec/plugins/cli.rb +24 -24
  309. data/lib/inspec/plugins/fetcher.rb +86 -86
  310. data/lib/inspec/plugins/resource.rb +135 -135
  311. data/lib/inspec/plugins/secret.rb +15 -15
  312. data/lib/inspec/plugins/source_reader.rb +40 -40
  313. data/lib/inspec/polyfill.rb +12 -12
  314. data/lib/inspec/profile.rb +513 -513
  315. data/lib/inspec/profile_context.rb +208 -208
  316. data/lib/inspec/profile_vendor.rb +66 -66
  317. data/lib/inspec/reporters.rb +60 -60
  318. data/lib/inspec/reporters/automate.rb +76 -76
  319. data/lib/inspec/reporters/base.rb +25 -25
  320. data/lib/inspec/reporters/cli.rb +356 -356
  321. data/lib/inspec/reporters/json.rb +117 -117
  322. data/lib/inspec/reporters/json_min.rb +48 -48
  323. data/lib/inspec/reporters/junit.rb +78 -78
  324. data/lib/inspec/require_loader.rb +33 -33
  325. data/lib/inspec/resource.rb +190 -190
  326. data/lib/inspec/rule.rb +280 -280
  327. data/lib/inspec/runner.rb +345 -345
  328. data/lib/inspec/runner_mock.rb +41 -41
  329. data/lib/inspec/runner_rspec.rb +175 -175
  330. data/lib/inspec/runtime_profile.rb +26 -26
  331. data/lib/inspec/schema.rb +213 -213
  332. data/lib/inspec/secrets.rb +19 -19
  333. data/lib/inspec/secrets/yaml.rb +30 -30
  334. data/lib/inspec/shell.rb +220 -220
  335. data/lib/inspec/shell_detector.rb +90 -90
  336. data/lib/inspec/source_reader.rb +29 -29
  337. data/lib/inspec/version.rb +8 -8
  338. data/lib/matchers/matchers.rb +339 -339
  339. data/lib/resource_support/aws.rb +50 -50
  340. data/lib/resource_support/aws/aws_backend_base.rb +12 -12
  341. data/lib/resource_support/aws/aws_backend_factory_mixin.rb +12 -12
  342. data/lib/resource_support/aws/aws_plural_resource_mixin.rb +21 -21
  343. data/lib/resource_support/aws/aws_resource_mixin.rb +66 -66
  344. data/lib/resource_support/aws/aws_singular_resource_mixin.rb +24 -24
  345. data/lib/resources/aide_conf.rb +151 -151
  346. data/lib/resources/apache.rb +48 -48
  347. data/lib/resources/apache_conf.rb +149 -149
  348. data/lib/resources/apt.rb +149 -149
  349. data/lib/resources/audit_policy.rb +63 -63
  350. data/lib/resources/auditd.rb +231 -231
  351. data/lib/resources/auditd_conf.rb +46 -46
  352. data/lib/resources/aws/aws_cloudtrail_trail.rb +93 -93
  353. data/lib/resources/aws/aws_cloudtrail_trails.rb +47 -47
  354. data/lib/resources/aws/aws_cloudwatch_alarm.rb +62 -62
  355. data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +100 -100
  356. data/lib/resources/aws/aws_config_delivery_channel.rb +70 -70
  357. data/lib/resources/aws/aws_config_recorder.rb +93 -93
  358. data/lib/resources/aws/aws_ec2_instance.rb +157 -157
  359. data/lib/resources/aws/aws_ec2_instances.rb +64 -64
  360. data/lib/resources/aws/aws_iam_access_key.rb +106 -106
  361. data/lib/resources/aws/aws_iam_access_keys.rb +149 -149
  362. data/lib/resources/aws/aws_iam_group.rb +58 -58
  363. data/lib/resources/aws/aws_iam_groups.rb +52 -52
  364. data/lib/resources/aws/aws_iam_password_policy.rb +116 -116
  365. data/lib/resources/aws/aws_iam_policies.rb +53 -53
  366. data/lib/resources/aws/aws_iam_policy.rb +291 -291
  367. data/lib/resources/aws/aws_iam_role.rb +55 -55
  368. data/lib/resources/aws/aws_iam_root_user.rb +78 -78
  369. data/lib/resources/aws/aws_iam_user.rb +142 -142
  370. data/lib/resources/aws/aws_iam_users.rb +146 -146
  371. data/lib/resources/aws/aws_kms_key.rb +96 -96
  372. data/lib/resources/aws/aws_kms_keys.rb +53 -53
  373. data/lib/resources/aws/aws_rds_instance.rb +71 -71
  374. data/lib/resources/aws/aws_route_table.rb +63 -63
  375. data/lib/resources/aws/aws_route_tables.rb +60 -60
  376. data/lib/resources/aws/aws_s3_bucket.rb +137 -137
  377. data/lib/resources/aws/aws_s3_bucket_object.rb +82 -82
  378. data/lib/resources/aws/aws_s3_buckets.rb +51 -51
  379. data/lib/resources/aws/aws_security_group.rb +249 -249
  380. data/lib/resources/aws/aws_security_groups.rb +68 -68
  381. data/lib/resources/aws/aws_sns_subscription.rb +78 -78
  382. data/lib/resources/aws/aws_sns_topic.rb +53 -53
  383. data/lib/resources/aws/aws_sns_topics.rb +56 -56
  384. data/lib/resources/aws/aws_subnet.rb +88 -88
  385. data/lib/resources/aws/aws_subnets.rb +53 -53
  386. data/lib/resources/aws/aws_vpc.rb +73 -73
  387. data/lib/resources/aws/aws_vpcs.rb +52 -52
  388. data/lib/resources/azure/azure_backend.rb +377 -377
  389. data/lib/resources/azure/azure_generic_resource.rb +59 -59
  390. data/lib/resources/azure/azure_resource_group.rb +152 -152
  391. data/lib/resources/azure/azure_virtual_machine.rb +264 -264
  392. data/lib/resources/azure/azure_virtual_machine_data_disk.rb +134 -134
  393. data/lib/resources/bash.rb +35 -35
  394. data/lib/resources/bond.rb +69 -69
  395. data/lib/resources/bridge.rb +122 -122
  396. data/lib/resources/chocolatey_package.rb +78 -78
  397. data/lib/resources/command.rb +73 -73
  398. data/lib/resources/cpan.rb +58 -58
  399. data/lib/resources/cran.rb +64 -64
  400. data/lib/resources/crontab.rb +169 -169
  401. data/lib/resources/csv.rb +56 -56
  402. data/lib/resources/dh_params.rb +77 -77
  403. data/lib/resources/directory.rb +25 -25
  404. data/lib/resources/docker.rb +236 -236
  405. data/lib/resources/docker_container.rb +89 -89
  406. data/lib/resources/docker_image.rb +83 -83
  407. data/lib/resources/docker_object.rb +57 -57
  408. data/lib/resources/docker_service.rb +90 -90
  409. data/lib/resources/elasticsearch.rb +169 -169
  410. data/lib/resources/etc_fstab.rb +94 -94
  411. data/lib/resources/etc_group.rb +154 -154
  412. data/lib/resources/etc_hosts.rb +66 -66
  413. data/lib/resources/etc_hosts_allow_deny.rb +112 -112
  414. data/lib/resources/file.rb +298 -298
  415. data/lib/resources/filesystem.rb +31 -31
  416. data/lib/resources/firewalld.rb +143 -143
  417. data/lib/resources/gem.rb +70 -70
  418. data/lib/resources/groups.rb +215 -215
  419. data/lib/resources/grub_conf.rb +227 -227
  420. data/lib/resources/host.rb +306 -306
  421. data/lib/resources/http.rb +253 -253
  422. data/lib/resources/iis_app.rb +101 -101
  423. data/lib/resources/iis_site.rb +148 -148
  424. data/lib/resources/inetd_conf.rb +54 -54
  425. data/lib/resources/ini.rb +29 -29
  426. data/lib/resources/interface.rb +129 -129
  427. data/lib/resources/iptables.rb +80 -80
  428. data/lib/resources/json.rb +111 -111
  429. data/lib/resources/kernel_module.rb +107 -107
  430. data/lib/resources/kernel_parameter.rb +58 -58
  431. data/lib/resources/key_rsa.rb +63 -63
  432. data/lib/resources/limits_conf.rb +46 -46
  433. data/lib/resources/login_def.rb +57 -57
  434. data/lib/resources/mount.rb +88 -88
  435. data/lib/resources/mssql_session.rb +101 -101
  436. data/lib/resources/mysql.rb +82 -82
  437. data/lib/resources/mysql_conf.rb +127 -127
  438. data/lib/resources/mysql_session.rb +85 -85
  439. data/lib/resources/nginx.rb +96 -96
  440. data/lib/resources/nginx_conf.rb +226 -226
  441. data/lib/resources/npm.rb +48 -48
  442. data/lib/resources/ntp_conf.rb +51 -51
  443. data/lib/resources/oneget.rb +71 -71
  444. data/lib/resources/oracledb_session.rb +139 -139
  445. data/lib/resources/os.rb +36 -36
  446. data/lib/resources/os_env.rb +86 -86
  447. data/lib/resources/package.rb +370 -370
  448. data/lib/resources/packages.rb +111 -111
  449. data/lib/resources/parse_config.rb +112 -112
  450. data/lib/resources/passwd.rb +76 -76
  451. data/lib/resources/pip.rb +130 -130
  452. data/lib/resources/platform.rb +109 -109
  453. data/lib/resources/port.rb +771 -771
  454. data/lib/resources/postgres.rb +131 -131
  455. data/lib/resources/postgres_conf.rb +114 -114
  456. data/lib/resources/postgres_hba_conf.rb +90 -90
  457. data/lib/resources/postgres_ident_conf.rb +79 -79
  458. data/lib/resources/postgres_session.rb +71 -71
  459. data/lib/resources/powershell.rb +67 -67
  460. data/lib/resources/processes.rb +204 -204
  461. data/lib/resources/rabbitmq_conf.rb +51 -51
  462. data/lib/resources/registry_key.rb +297 -297
  463. data/lib/resources/security_policy.rb +180 -180
  464. data/lib/resources/service.rb +794 -794
  465. data/lib/resources/shadow.rb +159 -159
  466. data/lib/resources/ssh_conf.rb +97 -97
  467. data/lib/resources/ssl.rb +99 -99
  468. data/lib/resources/sys_info.rb +28 -28
  469. data/lib/resources/toml.rb +32 -32
  470. data/lib/resources/users.rb +654 -654
  471. data/lib/resources/vbscript.rb +68 -68
  472. data/lib/resources/virtualization.rb +247 -247
  473. data/lib/resources/windows_feature.rb +84 -84
  474. data/lib/resources/windows_hotfix.rb +35 -35
  475. data/lib/resources/windows_task.rb +102 -102
  476. data/lib/resources/wmi.rb +110 -110
  477. data/lib/resources/x509_certificate.rb +137 -137
  478. data/lib/resources/xinetd.rb +106 -106
  479. data/lib/resources/xml.rb +46 -46
  480. data/lib/resources/yaml.rb +43 -43
  481. data/lib/resources/yum.rb +180 -180
  482. data/lib/resources/zfs_dataset.rb +60 -60
  483. data/lib/resources/zfs_pool.rb +49 -49
  484. data/lib/source_readers/flat.rb +39 -39
  485. data/lib/source_readers/inspec.rb +75 -75
  486. data/lib/utils/command_wrapper.rb +27 -27
  487. data/lib/utils/convert.rb +12 -12
  488. data/lib/utils/database_helpers.rb +77 -77
  489. data/lib/utils/enumerable_delegation.rb +9 -9
  490. data/lib/utils/erlang_parser.rb +192 -192
  491. data/lib/utils/file_reader.rb +25 -25
  492. data/lib/utils/filter.rb +273 -273
  493. data/lib/utils/filter_array.rb +27 -27
  494. data/lib/utils/find_files.rb +47 -47
  495. data/lib/utils/hash.rb +41 -41
  496. data/lib/utils/json_log.rb +18 -18
  497. data/lib/utils/latest_version.rb +22 -22
  498. data/lib/utils/modulator.rb +12 -12
  499. data/lib/utils/nginx_parser.rb +105 -105
  500. data/lib/utils/object_traversal.rb +49 -49
  501. data/lib/utils/parser.rb +274 -274
  502. data/lib/utils/pkey_reader.rb +15 -15
  503. data/lib/utils/plugin_registry.rb +93 -93
  504. data/lib/utils/simpleconfig.rb +120 -120
  505. data/lib/utils/spdx.rb +13 -13
  506. data/lib/utils/spdx.txt +343 -343
  507. metadata +3 -3
data/docs/dsl_resource.md CHANGED
@@ -1,100 +1,100 @@
1
- ---
2
- title: Resource DSL
3
- ---
4
-
5
- # Resource DSL
6
-
7
- InSpec provides a mechanism for defining custom resources. These become
8
- available with their respective names and provide easy functionality to
9
- profiles.
10
-
11
- ## Resource location
12
-
13
- Resources may be added to profiles in the libraries folder:
14
-
15
- ```bash
16
- $ tree examples/profile
17
- examples/profile
18
- ...
19
- ├── libraries
20
- │   └── gordon_config.rb
21
- ```
22
-
23
- ## Resource structure
24
-
25
- The smallest possible resource takes this form:
26
-
27
- ```ruby
28
- class Tiny < Inspec.resource(1)
29
- name 'tiny'
30
- end
31
- ```
32
-
33
- Resources are written as a regular Ruby class which inherits from
34
- Inspec.resource. The number (1) specifies the version this resource
35
- plugin targets. As InSpec evolves, this interface may change and may
36
- require a higher version.
37
-
38
- The following attributes can be configured:
39
-
40
- - name - Identifier of the resource (required)
41
- - desc - Description of the resource (optional)
42
- - example - Example usage of the resource (optional)
43
- - supports - (InSpec 2.0+) Platform restrictions of the resource (optional)
44
-
45
- The following methods are available to the resource:
46
-
47
- - inspec - Contains a registry of all other resources to interact with the operating system or target in general.
48
- - skip\_resource - A resource may call this method to indicate that requirements aren't met. All tests that use this resource will be marked as skipped.
49
-
50
- The following example shows a full resource using attributes and methods
51
- to provide simple access to a configuration file:
52
-
53
- ```ruby
54
- class GordonConfig < Inspec.resource(1)
55
- name 'gordon_config'
56
-
57
- # Restrict to only run on the below platforms (if none were given, all OS's supported)
58
- supports platform_family: 'fedora'
59
- supports platform: 'centos', release: '6.9'
60
- # Supports `*` for wildcard matcher in the release
61
- supports platform: 'centos', release: '7.*'
62
-
63
- desc '
64
- Resource description ...
65
- '
66
-
67
- example '
68
- describe gordon_config do
69
- its("signal") { should eq "on" }
70
- end
71
- '
72
-
73
- # Load the configuration file on initialization
74
- def initialize(path = nil)
75
- @path = path || '/etc/gordon.conf'
76
- @params = SimpleConfig.new( read_content )
77
- end
78
-
79
- # Expose all parameters of the configuration file.
80
- def method_missing(name)
81
- @params[name]
82
- end
83
-
84
- private
85
-
86
- def read_content
87
- f = inspec.file(@path)
88
- # Test if the path exist and that it's a file
89
- if f.file?
90
- # Retrieve the file's contents
91
- f.content
92
- else
93
- # If the file doesn't exist, skip all tests that use gordon_config
94
- raise Inspec::Exceptions::ResourceSkipped, "Can't read config at #{@path}"
95
- end
96
- end
97
- end
98
- ```
99
-
100
- For a full example, see our [example resource](https://github.com/chef/inspec/blob/master/examples/profile/libraries/gordon_config.rb).
1
+ ---
2
+ title: Resource DSL
3
+ ---
4
+
5
+ # Resource DSL
6
+
7
+ InSpec provides a mechanism for defining custom resources. These become
8
+ available with their respective names and provide easy functionality to
9
+ profiles.
10
+
11
+ ## Resource location
12
+
13
+ Resources may be added to profiles in the libraries folder:
14
+
15
+ ```bash
16
+ $ tree examples/profile
17
+ examples/profile
18
+ ...
19
+ ├── libraries
20
+ │   └── gordon_config.rb
21
+ ```
22
+
23
+ ## Resource structure
24
+
25
+ The smallest possible resource takes this form:
26
+
27
+ ```ruby
28
+ class Tiny < Inspec.resource(1)
29
+ name 'tiny'
30
+ end
31
+ ```
32
+
33
+ Resources are written as a regular Ruby class which inherits from
34
+ Inspec.resource. The number (1) specifies the version this resource
35
+ plugin targets. As InSpec evolves, this interface may change and may
36
+ require a higher version.
37
+
38
+ The following attributes can be configured:
39
+
40
+ - name - Identifier of the resource (required)
41
+ - desc - Description of the resource (optional)
42
+ - example - Example usage of the resource (optional)
43
+ - supports - (InSpec 2.0+) Platform restrictions of the resource (optional)
44
+
45
+ The following methods are available to the resource:
46
+
47
+ - inspec - Contains a registry of all other resources to interact with the operating system or target in general.
48
+ - skip\_resource - A resource may call this method to indicate that requirements aren't met. All tests that use this resource will be marked as skipped.
49
+
50
+ The following example shows a full resource using attributes and methods
51
+ to provide simple access to a configuration file:
52
+
53
+ ```ruby
54
+ class GordonConfig < Inspec.resource(1)
55
+ name 'gordon_config'
56
+
57
+ # Restrict to only run on the below platforms (if none were given, all OS's supported)
58
+ supports platform_family: 'fedora'
59
+ supports platform: 'centos', release: '6.9'
60
+ # Supports `*` for wildcard matcher in the release
61
+ supports platform: 'centos', release: '7.*'
62
+
63
+ desc '
64
+ Resource description ...
65
+ '
66
+
67
+ example '
68
+ describe gordon_config do
69
+ its("signal") { should eq "on" }
70
+ end
71
+ '
72
+
73
+ # Load the configuration file on initialization
74
+ def initialize(path = nil)
75
+ @path = path || '/etc/gordon.conf'
76
+ @params = SimpleConfig.new( read_content )
77
+ end
78
+
79
+ # Expose all parameters of the configuration file.
80
+ def method_missing(name)
81
+ @params[name]
82
+ end
83
+
84
+ private
85
+
86
+ def read_content
87
+ f = inspec.file(@path)
88
+ # Test if the path exist and that it's a file
89
+ if f.file?
90
+ # Retrieve the file's contents
91
+ f.content
92
+ else
93
+ # If the file doesn't exist, skip all tests that use gordon_config
94
+ raise Inspec::Exceptions::ResourceSkipped, "Can't read config at #{@path}"
95
+ end
96
+ end
97
+ end
98
+ ```
99
+
100
+ For a full example, see our [example resource](https://github.com/chef/inspec/blob/master/examples/profile/libraries/gordon_config.rb).
data/docs/glossary.md CHANGED
@@ -1,99 +1,99 @@
1
- # InSpec Glossary
2
-
3
- ## Basic Syntax
4
- ```
5
- describe foo('/path/to/foo.txt') do
6
- its('blah') { should cmp '123' }
7
- it { should exist }
8
- it { should be_reasonable }
9
- it { should_not be_ridiculous }
10
- end
11
- ```
12
- ## Basic Elements:
13
-
14
- ### describe **foo**, where
15
-
16
- * `foo` is the _resource_
17
-
18
- ### describe foo **('/path/to/foo.txt')**, where
19
-
20
- * `'/path/to/foo.txt'` is the _resource parameter_
21
-
22
- ## Tests:
23
-
24
- ### **its('blah') { should cmp '123' }** is an _individual test_, where
25
-
26
- * `blah` is a _property_
27
- * { should cmp '123' } is a _condition statement_
28
- * `should` is the _condition_
29
- * `cmp` is the _matcher_
30
- * `'123'` is the _expected result_
31
-
32
- ### **{ should exist }** is a _condition statement_, where
33
-
34
- * `should` is the _condition_
35
- * `exist` is the _matcher_
36
-
37
- ### **{ should be\_reasonable }** is a _condition statement_, where
38
-
39
- * `should` is the _condition_
40
- * `be_reasonable` is the _matcher_
41
-
42
- ### **{ should\_not be\_ridiculous }** is a _negative condition statement_, where
43
-
44
- * `should_not` is the _negative condition_
45
- * `be_ridiculous` is the _matcher_
46
-
47
- ## Advanced Syntax
48
-
49
- ```
50
- describe foos('/path/to/foo.txt', ssl_verify: true).where { names == 'blah' } do
51
- its('jared') { should cmp >= 123 }
52
- its('jared.sort.first.monkey') { should be `loud` }
53
- its(['jared', 'monkey.with.dots']) { should be `loud` }
54
- end
55
- ```
56
-
57
- ## Advanced Elements:
58
-
59
- ### describe **foos**, where
60
-
61
- * `foos` is a _plural resource_
62
-
63
- ### describe foos **('/path/to/foo.txt', ssl_verify: true)**, where
64
-
65
- * `'/path/to/foo.txt'` and `ssl_verify: true` are the _resource parameters_. Resources take one or more parameters.
66
-
67
- ## Filters:
68
-
69
- ### describe foos ('/path/to/foo.txt', ssl_verify: true)**.where { names == 'blah' }**
70
-
71
- * `.where { names == 'blah' }` is an example of a **filter**.
72
- * `{ names == 'blah' }` is an example of a _filter clause_
73
- * Some resources support one or more filters.
74
- * Filters are used on plural resources.
75
- * Some resources, such as `etc_hosts` are explicitly plural, while others, such as `passwd` are implicitly plural.
76
-
77
- ### **{ names == 'my-name' && spots == true }** are filter criteria
78
-
79
- * `names` compares output to `blah`
80
- * `has spots` evaluates to `true` or `false`
81
-
82
- ## Properties:
83
-
84
- ### **its('jared') { should cmp >= 123 }**
85
-
86
- * `jared` is the _property_
87
-
88
- ### **{ should cmp >= 123 }** is a conditional statement that uses a matcher with an operator and expected value.
89
-
90
- * `cmp` is the _matcher_
91
- * `>=` is the operator (some matchers accept operators)
92
- * `123` is the expected value
93
-
94
- ## Properties with advanced usage:
95
-
96
- ### Some properties may have advanced usage:
97
- #### **its `('jared.sort.first.monkey') { should be `loud` }`**
98
-
99
- * `jared.sort.first.monkey` is an example of the `jared` property with an advanced usage
1
+ # InSpec Glossary
2
+
3
+ ## Basic Syntax
4
+ ```
5
+ describe foo('/path/to/foo.txt') do
6
+ its('blah') { should cmp '123' }
7
+ it { should exist }
8
+ it { should be_reasonable }
9
+ it { should_not be_ridiculous }
10
+ end
11
+ ```
12
+ ## Basic Elements:
13
+
14
+ ### describe **foo**, where
15
+
16
+ * `foo` is the _resource_
17
+
18
+ ### describe foo **('/path/to/foo.txt')**, where
19
+
20
+ * `'/path/to/foo.txt'` is the _resource parameter_
21
+
22
+ ## Tests:
23
+
24
+ ### **its('blah') { should cmp '123' }** is an _individual test_, where
25
+
26
+ * `blah` is a _property_
27
+ * { should cmp '123' } is a _condition statement_
28
+ * `should` is the _condition_
29
+ * `cmp` is the _matcher_
30
+ * `'123'` is the _expected result_
31
+
32
+ ### **{ should exist }** is a _condition statement_, where
33
+
34
+ * `should` is the _condition_
35
+ * `exist` is the _matcher_
36
+
37
+ ### **{ should be\_reasonable }** is a _condition statement_, where
38
+
39
+ * `should` is the _condition_
40
+ * `be_reasonable` is the _matcher_
41
+
42
+ ### **{ should\_not be\_ridiculous }** is a _negative condition statement_, where
43
+
44
+ * `should_not` is the _negative condition_
45
+ * `be_ridiculous` is the _matcher_
46
+
47
+ ## Advanced Syntax
48
+
49
+ ```
50
+ describe foos('/path/to/foo.txt', ssl_verify: true).where { names == 'blah' } do
51
+ its('jared') { should cmp >= 123 }
52
+ its('jared.sort.first.monkey') { should be `loud` }
53
+ its(['jared', 'monkey.with.dots']) { should be `loud` }
54
+ end
55
+ ```
56
+
57
+ ## Advanced Elements:
58
+
59
+ ### describe **foos**, where
60
+
61
+ * `foos` is a _plural resource_
62
+
63
+ ### describe foos **('/path/to/foo.txt', ssl_verify: true)**, where
64
+
65
+ * `'/path/to/foo.txt'` and `ssl_verify: true` are the _resource parameters_. Resources take one or more parameters.
66
+
67
+ ## Filters:
68
+
69
+ ### describe foos ('/path/to/foo.txt', ssl_verify: true)**.where { names == 'blah' }**
70
+
71
+ * `.where { names == 'blah' }` is an example of a **filter**.
72
+ * `{ names == 'blah' }` is an example of a _filter clause_
73
+ * Some resources support one or more filters.
74
+ * Filters are used on plural resources.
75
+ * Some resources, such as `etc_hosts` are explicitly plural, while others, such as `passwd` are implicitly plural.
76
+
77
+ ### **{ names == 'my-name' && spots == true }** are filter criteria
78
+
79
+ * `names` compares output to `blah`
80
+ * `has spots` evaluates to `true` or `false`
81
+
82
+ ## Properties:
83
+
84
+ ### **its('jared') { should cmp >= 123 }**
85
+
86
+ * `jared` is the _property_
87
+
88
+ ### **{ should cmp >= 123 }** is a conditional statement that uses a matcher with an operator and expected value.
89
+
90
+ * `cmp` is the _matcher_
91
+ * `>=` is the operator (some matchers accept operators)
92
+ * `123` is the expected value
93
+
94
+ ## Properties with advanced usage:
95
+
96
+ ### Some properties may have advanced usage:
97
+ #### **its `('jared.sort.first.monkey') { should be `loud` }`**
98
+
99
+ * `jared.sort.first.monkey` is an example of the `jared` property with an advanced usage
data/docs/habitat.md CHANGED
@@ -1,192 +1,192 @@
1
- ---
2
- title: InSpec Integration with Habitat
3
- ---
4
-
5
- # Habitat Integration
6
-
7
- InSpec provides an easy method to create an executable Habitat package for an InSpec profile. When run via the Habitat Supervisor, the package will run InSpec with your profile and write out its findings to a JSON file. This provides the ability to ship your compliance controls alongside your Habitat-packaged application and continuously run InSpec, providing you *Continuous Compliance.*
8
-
9
- ## What is Habitat?
10
-
11
- Habitat by Chef is our new Application Automation tool that aims to make it easy, safe, and fast to build, deploy, and manage applications. From build dependencies, runtime dependencies, dynamic configuration, and service discovery (just to name a few), Habitat packages the automation with the application instead of relying on an underlying platform.
12
-
13
- To learn more about Habitat and try our demos and tutorials, visit [https://www.habitat.sh](https://www.habitat.sh).
14
-
15
- ## Using the Habitat Integration
16
-
17
- After creating a Habitat package for an InSpec profile (see CLI commands below) and uploading the package to a Habitat Depot or manually distributing to a host, start the Habitat Supervisor with your package:
18
-
19
- ```bash
20
- hab start adamleff/inspec-profile-frontend1
21
- ```
22
-
23
- The Habitat Supervisor will install InSpec and execute your profile in a loop. By default, the loop runs every 300 seconds but can be changed via the `sleep_time` configuration value:
24
-
25
- ```bash
26
- HAB_INSPEC_PROFILE_FRONTEND1="sleep_time = 60" hab start adamleff/inspec-profile-frontend1
27
- ```
28
-
29
- The Habitat Supervisor will display output like this:
30
-
31
- ```
32
- hab start adamleff/inspec-profile-frontend1
33
- ∵ Missing package for core/hab-sup/0.17.0
34
- » Installing core/hab-sup/0.17.0
35
- ↓ Downloading core/hab-sup/0.17.0/20170214235450
36
- 1.68 MB / 1.68 MB - [=========================================================================] 100.00 % 7.43 MB/s
37
-
38
- ... more Habitat output here ...
39
-
40
- hab-sup(MN): Starting adamleff/inspec-profile-frontend1/0.1.0/20170328173005
41
- hab-sup(CS): adamleff/inspec-profile-frontend1/0.1.0/20170328173005 is not installed
42
- ↓ Downloading adamleff-20160617201047 public origin key
43
- 79 B / 79 B | [===============================================================================] 100.00 % 2.64 MB/s
44
- ☑ Cached adamleff-20160617201047 public origin key
45
- ↓ Downloading chef/inspec/1.17.0/20170321214949
46
- 16.93 MB / 16.93 MB / [======================================================================] 100.00 % 10.49 MB/s
47
-
48
- ... more Habitat output here ...
49
-
50
- ★ Install of adamleff/inspec-profile-frontend1/0.1.0/20170328173005 complete with 9 new packages installed.
51
- hab-sup(MR): Butterfly Member ID d9bd761e18c144469d755b1b97406eb2
52
- hab-sup(MR): Starting butterfly on 0.0.0.0:9638
53
- hab-sup(MR): Starting http-gateway on 0.0.0.0:9631
54
- inspec-profile-frontend1.default(SR): Initializing
55
- inspec-profile-frontend1.default(SV): Starting process as user=hab, group=hab
56
- inspec-profile-frontend1.default(O): Executing InSpec for adamleff/inspec-profile-frontend1
57
- inspec-profile-frontend1.default(O): InSpec run completed successfully.
58
- inspec-profile-frontend1.default(O): sleeping for 300 seconds
59
- ```
60
-
61
- The above sample output shows the supervisor starting, downloading the necessary dependencies for the supervisor and the InSpec profile, and then shows the supervisor running InSpec successfully.
62
-
63
- InSpec will write a JSON file in the `${svc_var_path}/inspec_results` directory containing the results of the last InSpec run. For example, for the `adamleff/inspec-profile-frontend1` package, the InSpec results will be at:
64
-
65
- ```
66
- /hab/svc/inspec-profile-frontend1/var/inspec_results/inspec-profile-frontend1.json
67
- ```
68
-
69
- ## InSpec Habitat CLI Commands
70
-
71
- ### inspec habitat profile create
72
-
73
- Create a Habitat package for an InSpec profile. InSpec will validate the profile, fetch and vendor any dependencies (if necessary), and build the Habitat package with a dependency on the latest InSpec. The resulting package will be saved to the current working directory.
74
-
75
- The package file will be named:
76
-
77
- ```
78
- HABITAT_ORIGIN-inspec-profile-PROFILE_NAME-PROFILE_VERSION-BUILD_ID-x86_64-linux.hart
79
- ```
80
-
81
- For example:
82
-
83
- ```
84
- adamleff-inspec-profile-frontend1-0.1.0-20170328173005-x86_64-linux.hart
85
- ```
86
-
87
- #### Syntax
88
-
89
- ```bash
90
- inspec habitat profile create PROFILE_DIRECTORY
91
- ```
92
-
93
- Example:
94
-
95
- ```bash
96
- inspec habitat profile create ~/profiles/frontend1
97
- ```
98
-
99
- ### inspec habitat profile create
100
-
101
- Create a Habitat package for an InSpec profile. InSpec will validate the profile, fetch and vendor any dependencies (if necessary), and build the Habitat package with a dependency on the latest InSpec. The resulting package will be saved to the current working directory.
102
-
103
- The package can then be manually uploaded to a Habitat Depot or manually distributed to a host and installed via `hab pkg install`.
104
-
105
- The package file will be named:
106
-
107
- ```
108
- HABITAT_ORIGIN-inspec-profile-PROFILE_NAME-PROFILE_VERSION-BUILD_ID-x86_64-linux.hart
109
- ```
110
-
111
- For example:
112
-
113
- ```
114
- adamleff-inspec-profile-frontend1-0.1.0-20170328173005-x86_64-linux.hart
115
- ```
116
-
117
- #### Syntax
118
-
119
- ```bash
120
- inspec habitat profile create PROFILE_DIRECTORY
121
- ```
122
-
123
- #### Example
124
-
125
- ```bash
126
- inspec habitat profile create ~/profiles/frontend1
127
- ```
128
-
129
- #### Example Output
130
-
131
- ```
132
- $ habitat profile create ~/profiles/frontend1
133
- [2017-03-28T13:29:32-04:00] INFO: Creating a Habitat artifact for profile: /Users/aleff/profiles/frontend1
134
- [2017-03-28T13:29:32-04:00] INFO: Checking to see if Habitat is installed...
135
- [2017-03-28T13:29:32-04:00] INFO: Copying profile contents to the work directory...
136
- [2017-03-28T13:29:32-04:00] INFO: Generating Habitat plan at /var/folders/v5/z54gb76j2rs3wrn65hmtyf1r0000gp/T/inspec-habitat-exporter20170328-4932-kg2ltd/habitat/plan.sh...
137
- [2017-03-28T13:29:32-04:00] INFO: Generating a Habitat run hook at /var/folders/v5/z54gb76j2rs3wrn65hmtyf1r0000gp/T/inspec-habitat-exporter20170328-4932-kg2ltd/habitat/hooks/run...
138
- [2017-03-28T13:29:32-04:00] INFO: Generating Habitat's default.toml configuration...
139
- [2017-03-28T13:29:32-04:00] INFO: Building our Habitat artifact...
140
- hab-studio: Destroying Studio at /hab/studios/src (default)
141
- hab-studio: Creating Studio at /hab/studios/src (default)
142
- hab-studio: Importing adamleff secret origin key
143
- » Importing origin key from standard input
144
- ★ Imported secret origin key adamleff-20160617201047.
145
- » Installing core/hab-backline
146
- ↓ Downloading core/hab-backline/0.19.0/20170311034116
147
- 2.17 KB / 2.17 KB / [=========================================================================] 100.00 % 4.33 MB/s
148
-
149
- ... more Habitat output here...
150
-
151
- [2017-03-28T13:30:18-04:00] INFO: Copying artifact to /Users/aleff...
152
- ```
153
-
154
- ### inspec habitat profile upload
155
-
156
- Create and then upload a Habitat package for an InSpec profile. Like the `inspec habitat profile create` command, InSpec will validate the profile, fetch and vendor any dependencies (if necessary), and build the Habitat package with a dependency on the latest InSpec. However, instead of saving the package locally to the workstation, InSpec will upload it to the depot defined in the `HAB_DEPOT` environment variable. If `HAB_DEPOT` is not defined, the package will be uploaded to the public Habitat depot at [https://app.habitat.sh](https://app.habitat.sh).
157
-
158
- #### Syntax
159
-
160
- ```bash
161
- inspec habitat profile upload PROFILE_DIRECTORY
162
- ```
163
-
164
- #### Example
165
-
166
- ```bash
167
- inspec habitat profile upload ~/profiles/frontend1
168
- ```
169
-
170
- #### Example Output
171
- ```
172
- [2017-03-28T13:29:32-04:00] INFO: Creating a Habitat artifact for profile: /Users/aleff/profiles/frontend1
173
- [2017-03-28T13:29:32-04:00] INFO: Checking to see if Habitat is installed...
174
- [2017-03-28T13:29:32-04:00] INFO: Copying profile contents to the work directory...
175
- [2017-03-28T13:29:32-04:00] INFO: Generating Habitat plan at /var/folders/v5/z54gb76j2rs3wrn65hmtyf1r0000gp/T/inspec-habitat-exporter20170328-4932-kg2ltd/habitat/plan.sh...
176
- [2017-03-28T13:29:32-04:00] INFO: Generating a Habitat run hook at /var/folders/v5/z54gb76j2rs3wrn65hmtyf1r0000gp/T/inspec-habitat-exporter20170328-4932-kg2ltd/habitat/hooks/run...
177
- [2017-03-28T13:29:32-04:00] INFO: Generating Habitat's default.toml configuration...
178
- [2017-03-28T13:29:32-04:00] INFO: Building our Habitat artifact...
179
- hab-studio: Destroying Studio at /hab/studios/src (default)
180
- hab-studio: Creating Studio at /hab/studios/src (default)
181
- hab-studio: Importing adamleff secret origin key
182
- » Importing origin key from standard input
183
- ★ Imported secret origin key adamleff-20160617201047.
184
- » Installing core/hab-backline
185
- ↓ Downloading core/hab-backline/0.19.0/20170311034116
186
- 2.17 KB / 2.17 KB / [=========================================================================] 100.00 % 4.33 MB/s
187
-
188
- ... more Habitat output here...
189
-
190
- [2017-03-28T13:30:18-04:00] INFO: Uploading the Habitat artifact to our Depot...
191
- [2017-03-28T13:30:23-04:00] INFO: Upload complete!
1
+ ---
2
+ title: InSpec Integration with Habitat
3
+ ---
4
+
5
+ # Habitat Integration
6
+
7
+ InSpec provides an easy method to create an executable Habitat package for an InSpec profile. When run via the Habitat Supervisor, the package will run InSpec with your profile and write out its findings to a JSON file. This provides the ability to ship your compliance controls alongside your Habitat-packaged application and continuously run InSpec, providing you *Continuous Compliance.*
8
+
9
+ ## What is Habitat?
10
+
11
+ Habitat by Chef is our new Application Automation tool that aims to make it easy, safe, and fast to build, deploy, and manage applications. From build dependencies, runtime dependencies, dynamic configuration, and service discovery (just to name a few), Habitat packages the automation with the application instead of relying on an underlying platform.
12
+
13
+ To learn more about Habitat and try our demos and tutorials, visit [https://www.habitat.sh](https://www.habitat.sh).
14
+
15
+ ## Using the Habitat Integration
16
+
17
+ After creating a Habitat package for an InSpec profile (see CLI commands below) and uploading the package to a Habitat Depot or manually distributing to a host, start the Habitat Supervisor with your package:
18
+
19
+ ```bash
20
+ hab start adamleff/inspec-profile-frontend1
21
+ ```
22
+
23
+ The Habitat Supervisor will install InSpec and execute your profile in a loop. By default, the loop runs every 300 seconds but can be changed via the `sleep_time` configuration value:
24
+
25
+ ```bash
26
+ HAB_INSPEC_PROFILE_FRONTEND1="sleep_time = 60" hab start adamleff/inspec-profile-frontend1
27
+ ```
28
+
29
+ The Habitat Supervisor will display output like this:
30
+
31
+ ```
32
+ hab start adamleff/inspec-profile-frontend1
33
+ ∵ Missing package for core/hab-sup/0.17.0
34
+ » Installing core/hab-sup/0.17.0
35
+ ↓ Downloading core/hab-sup/0.17.0/20170214235450
36
+ 1.68 MB / 1.68 MB - [=========================================================================] 100.00 % 7.43 MB/s
37
+
38
+ ... more Habitat output here ...
39
+
40
+ hab-sup(MN): Starting adamleff/inspec-profile-frontend1/0.1.0/20170328173005
41
+ hab-sup(CS): adamleff/inspec-profile-frontend1/0.1.0/20170328173005 is not installed
42
+ ↓ Downloading adamleff-20160617201047 public origin key
43
+ 79 B / 79 B | [===============================================================================] 100.00 % 2.64 MB/s
44
+ ☑ Cached adamleff-20160617201047 public origin key
45
+ ↓ Downloading chef/inspec/1.17.0/20170321214949
46
+ 16.93 MB / 16.93 MB / [======================================================================] 100.00 % 10.49 MB/s
47
+
48
+ ... more Habitat output here ...
49
+
50
+ ★ Install of adamleff/inspec-profile-frontend1/0.1.0/20170328173005 complete with 9 new packages installed.
51
+ hab-sup(MR): Butterfly Member ID d9bd761e18c144469d755b1b97406eb2
52
+ hab-sup(MR): Starting butterfly on 0.0.0.0:9638
53
+ hab-sup(MR): Starting http-gateway on 0.0.0.0:9631
54
+ inspec-profile-frontend1.default(SR): Initializing
55
+ inspec-profile-frontend1.default(SV): Starting process as user=hab, group=hab
56
+ inspec-profile-frontend1.default(O): Executing InSpec for adamleff/inspec-profile-frontend1
57
+ inspec-profile-frontend1.default(O): InSpec run completed successfully.
58
+ inspec-profile-frontend1.default(O): sleeping for 300 seconds
59
+ ```
60
+
61
+ The above sample output shows the supervisor starting, downloading the necessary dependencies for the supervisor and the InSpec profile, and then shows the supervisor running InSpec successfully.
62
+
63
+ InSpec will write a JSON file in the `${svc_var_path}/inspec_results` directory containing the results of the last InSpec run. For example, for the `adamleff/inspec-profile-frontend1` package, the InSpec results will be at:
64
+
65
+ ```
66
+ /hab/svc/inspec-profile-frontend1/var/inspec_results/inspec-profile-frontend1.json
67
+ ```
68
+
69
+ ## InSpec Habitat CLI Commands
70
+
71
+ ### inspec habitat profile create
72
+
73
+ Create a Habitat package for an InSpec profile. InSpec will validate the profile, fetch and vendor any dependencies (if necessary), and build the Habitat package with a dependency on the latest InSpec. The resulting package will be saved to the current working directory.
74
+
75
+ The package file will be named:
76
+
77
+ ```
78
+ HABITAT_ORIGIN-inspec-profile-PROFILE_NAME-PROFILE_VERSION-BUILD_ID-x86_64-linux.hart
79
+ ```
80
+
81
+ For example:
82
+
83
+ ```
84
+ adamleff-inspec-profile-frontend1-0.1.0-20170328173005-x86_64-linux.hart
85
+ ```
86
+
87
+ #### Syntax
88
+
89
+ ```bash
90
+ inspec habitat profile create PROFILE_DIRECTORY
91
+ ```
92
+
93
+ Example:
94
+
95
+ ```bash
96
+ inspec habitat profile create ~/profiles/frontend1
97
+ ```
98
+
99
+ ### inspec habitat profile create
100
+
101
+ Create a Habitat package for an InSpec profile. InSpec will validate the profile, fetch and vendor any dependencies (if necessary), and build the Habitat package with a dependency on the latest InSpec. The resulting package will be saved to the current working directory.
102
+
103
+ The package can then be manually uploaded to a Habitat Depot or manually distributed to a host and installed via `hab pkg install`.
104
+
105
+ The package file will be named:
106
+
107
+ ```
108
+ HABITAT_ORIGIN-inspec-profile-PROFILE_NAME-PROFILE_VERSION-BUILD_ID-x86_64-linux.hart
109
+ ```
110
+
111
+ For example:
112
+
113
+ ```
114
+ adamleff-inspec-profile-frontend1-0.1.0-20170328173005-x86_64-linux.hart
115
+ ```
116
+
117
+ #### Syntax
118
+
119
+ ```bash
120
+ inspec habitat profile create PROFILE_DIRECTORY
121
+ ```
122
+
123
+ #### Example
124
+
125
+ ```bash
126
+ inspec habitat profile create ~/profiles/frontend1
127
+ ```
128
+
129
+ #### Example Output
130
+
131
+ ```
132
+ $ habitat profile create ~/profiles/frontend1
133
+ [2017-03-28T13:29:32-04:00] INFO: Creating a Habitat artifact for profile: /Users/aleff/profiles/frontend1
134
+ [2017-03-28T13:29:32-04:00] INFO: Checking to see if Habitat is installed...
135
+ [2017-03-28T13:29:32-04:00] INFO: Copying profile contents to the work directory...
136
+ [2017-03-28T13:29:32-04:00] INFO: Generating Habitat plan at /var/folders/v5/z54gb76j2rs3wrn65hmtyf1r0000gp/T/inspec-habitat-exporter20170328-4932-kg2ltd/habitat/plan.sh...
137
+ [2017-03-28T13:29:32-04:00] INFO: Generating a Habitat run hook at /var/folders/v5/z54gb76j2rs3wrn65hmtyf1r0000gp/T/inspec-habitat-exporter20170328-4932-kg2ltd/habitat/hooks/run...
138
+ [2017-03-28T13:29:32-04:00] INFO: Generating Habitat's default.toml configuration...
139
+ [2017-03-28T13:29:32-04:00] INFO: Building our Habitat artifact...
140
+ hab-studio: Destroying Studio at /hab/studios/src (default)
141
+ hab-studio: Creating Studio at /hab/studios/src (default)
142
+ hab-studio: Importing adamleff secret origin key
143
+ » Importing origin key from standard input
144
+ ★ Imported secret origin key adamleff-20160617201047.
145
+ » Installing core/hab-backline
146
+ ↓ Downloading core/hab-backline/0.19.0/20170311034116
147
+ 2.17 KB / 2.17 KB / [=========================================================================] 100.00 % 4.33 MB/s
148
+
149
+ ... more Habitat output here...
150
+
151
+ [2017-03-28T13:30:18-04:00] INFO: Copying artifact to /Users/aleff...
152
+ ```
153
+
154
+ ### inspec habitat profile upload
155
+
156
+ Create and then upload a Habitat package for an InSpec profile. Like the `inspec habitat profile create` command, InSpec will validate the profile, fetch and vendor any dependencies (if necessary), and build the Habitat package with a dependency on the latest InSpec. However, instead of saving the package locally to the workstation, InSpec will upload it to the depot defined in the `HAB_DEPOT` environment variable. If `HAB_DEPOT` is not defined, the package will be uploaded to the public Habitat depot at [https://app.habitat.sh](https://app.habitat.sh).
157
+
158
+ #### Syntax
159
+
160
+ ```bash
161
+ inspec habitat profile upload PROFILE_DIRECTORY
162
+ ```
163
+
164
+ #### Example
165
+
166
+ ```bash
167
+ inspec habitat profile upload ~/profiles/frontend1
168
+ ```
169
+
170
+ #### Example Output
171
+ ```
172
+ [2017-03-28T13:29:32-04:00] INFO: Creating a Habitat artifact for profile: /Users/aleff/profiles/frontend1
173
+ [2017-03-28T13:29:32-04:00] INFO: Checking to see if Habitat is installed...
174
+ [2017-03-28T13:29:32-04:00] INFO: Copying profile contents to the work directory...
175
+ [2017-03-28T13:29:32-04:00] INFO: Generating Habitat plan at /var/folders/v5/z54gb76j2rs3wrn65hmtyf1r0000gp/T/inspec-habitat-exporter20170328-4932-kg2ltd/habitat/plan.sh...
176
+ [2017-03-28T13:29:32-04:00] INFO: Generating a Habitat run hook at /var/folders/v5/z54gb76j2rs3wrn65hmtyf1r0000gp/T/inspec-habitat-exporter20170328-4932-kg2ltd/habitat/hooks/run...
177
+ [2017-03-28T13:29:32-04:00] INFO: Generating Habitat's default.toml configuration...
178
+ [2017-03-28T13:29:32-04:00] INFO: Building our Habitat artifact...
179
+ hab-studio: Destroying Studio at /hab/studios/src (default)
180
+ hab-studio: Creating Studio at /hab/studios/src (default)
181
+ hab-studio: Importing adamleff secret origin key
182
+ » Importing origin key from standard input
183
+ ★ Imported secret origin key adamleff-20160617201047.
184
+ » Installing core/hab-backline
185
+ ↓ Downloading core/hab-backline/0.19.0/20170311034116
186
+ 2.17 KB / 2.17 KB / [=========================================================================] 100.00 % 4.33 MB/s
187
+
188
+ ... more Habitat output here...
189
+
190
+ [2017-03-28T13:30:18-04:00] INFO: Uploading the Habitat artifact to our Depot...
191
+ [2017-03-28T13:30:23-04:00] INFO: Upload complete!
192
192
  ```