RubyGems - inspec - Versions diffs - 2.2.20 → 2.2.27 - Mend

inspec 2.2.20 → 2.2.27

Files changed (50) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +29 -12
data/docs/resources/file.md.erb +10 -3
data/lib/inspec/base_cli.rb +2 -0
data/lib/inspec/cli.rb +5 -0
data/lib/inspec/dependencies/dependency_set.rb +3 -3
data/lib/inspec/dependencies/requirement.rb +18 -11
data/lib/inspec/profile.rb +9 -1
data/lib/inspec/reporters/json.rb +1 -0
data/lib/inspec/resource.rb +21 -9
data/lib/inspec/runner_rspec.rb +2 -2
data/lib/inspec/version.rb +1 -1
data/lib/resources/aide_conf.rb +3 -5
data/lib/resources/apache_conf.rb +8 -0
data/lib/resources/auditd.rb +13 -15
data/lib/resources/aws/aws_cloudtrail_trails.rb +4 -5
data/lib/resources/aws/aws_ec2_instances.rb +3 -4
data/lib/resources/aws/aws_iam_access_keys.rb +16 -18
data/lib/resources/aws/aws_iam_groups.rb +2 -2
data/lib/resources/aws/aws_iam_policies.rb +4 -5
data/lib/resources/aws/aws_iam_users.rb +17 -22
data/lib/resources/aws/aws_kms_keys.rb +4 -5
data/lib/resources/aws/aws_route_tables.rb +4 -5
data/lib/resources/aws/aws_s3_buckets.rb +3 -5
data/lib/resources/aws/aws_security_groups.rb +3 -5
data/lib/resources/aws/aws_sns_topics.rb +3 -5
data/lib/resources/aws/aws_subnets.rb +6 -8
data/lib/resources/aws/aws_vpcs.rb +6 -8
data/lib/resources/azure/azure_generic_resource.rb +7 -11
data/lib/resources/azure/azure_virtual_machine_data_disk.rb +15 -17
data/lib/resources/crontab.rb +9 -11
data/lib/resources/docker.rb +32 -38
data/lib/resources/elasticsearch.rb +24 -26
data/lib/resources/etc_fstab.rb +8 -10
data/lib/resources/etc_hosts.rb +4 -6
data/lib/resources/etc_hosts_allow_deny.rb +4 -6
data/lib/resources/file.rb +1 -1
data/lib/resources/firewalld.rb +6 -8
data/lib/resources/groups.rb +6 -8
data/lib/resources/nginx_conf.rb +4 -6
data/lib/resources/packages.rb +5 -7
data/lib/resources/passwd.rb +9 -11
data/lib/resources/port.rb +7 -9
data/lib/resources/postgres_hba_conf.rb +7 -9
data/lib/resources/postgres_ident_conf.rb +4 -6
data/lib/resources/processes.rb +13 -15
data/lib/resources/ssl.rb +5 -7
data/lib/resources/users.rb +15 -17
data/lib/resources/xinetd.rb +9 -11
metadata +2 -2

data/lib/resources/aws/aws_iam_groups.rb CHANGED

@@ -19,8 +19,8 @@ class AwsIamGroups < Inspec.resource(1)
   # Underlying FilterTable implementation.
   filter = FilterTable.create
-  filter.add(:group_names, field: :group_name)
-  filter.connect(self, :table)
+  filter.register_column(:group_names, field: :group_name)
+  filter.install_filter_methods_on_resource(self, :table)
   def to_s
     'IAM Groups'

data/lib/resources/aws/aws_iam_policies.rb CHANGED

@@ -18,11 +18,10 @@ class AwsIamPolicies < Inspec.resource(1)
   # Underlying FilterTable implementation.
   filter = FilterTable.create
-  filter.add_accessor(:entries)
-        .add(:exists?) { |x| !x.entries.empty? }
-        .add(:policy_names, field: :policy_name)
-        .add(:arns, field: :arn)
-  filter.connect(self, :table)
+  filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
+  filter.register_column(:policy_names, field: :policy_name)
+        .register_column(:arns, field: :arn)
+  filter.install_filter_methods_on_resource(self, :table)
   def to_s
     'IAM Policies'

data/lib/resources/aws/aws_iam_users.rb CHANGED

@@ -62,35 +62,30 @@ class AwsIamUsers < Inspec.resource(1)
   end
   filter = FilterTable.create
-  filter.add_accessor(:where)
-        .add_accessor(:entries)
-  # Summary methods
-  filter.add(:exists?) { |table| !table.params.empty? }
-        .add(:count) { |table| table.params.count }
   # These are included on the initial fetch
-  filter.add(:usernames, field: :user_name)
-        .add(:username) { |res| res.entries.map { |row| row[:user_name] } } # We should deprecate this; plural resources get plural properties
-        .add(:password_ever_used?, field: :password_ever_used?)
-        .add(:password_never_used?, field: :password_never_used?)
-        .add(:password_last_used_days_ago, field: :password_last_used_days_ago)
+  filter.register_column(:usernames, field: :user_name)
+        .register_column(:username) { |res| res.entries.map { |row| row[:user_name] } } # We should deprecate this; plural resources get plural properties
+        .register_column(:password_ever_used?, field: :password_ever_used?)
+        .register_column(:password_never_used?, field: :password_never_used?)
+        .register_column(:password_last_used_days_ago, field: :password_last_used_days_ago)
   # Remaining properties / criteria are handled lazily, grouped by fetcher
-  filter.add(:has_console_password?, field: :has_console_password?, lazy: method(:lazy_get_login_profile))
-        .add(:has_console_password, field: :has_console_password, lazy: method(:lazy_get_login_profile))
+  filter.register_column(:has_console_password?, field: :has_console_password?, lazy: method(:lazy_get_login_profile))
+        .register_column(:has_console_password, field: :has_console_password, lazy: method(:lazy_get_login_profile))
-  filter.add(:has_mfa_enabled?, field: :has_mfa_enabled?, lazy: method(:lazy_list_mfa_devices))
-        .add(:has_mfa_enabled, field: :has_mfa_enabled, lazy: method(:lazy_list_mfa_devices))
+  filter.register_column(:has_mfa_enabled?, field: :has_mfa_enabled?, lazy: method(:lazy_list_mfa_devices))
+        .register_column(:has_mfa_enabled, field: :has_mfa_enabled, lazy: method(:lazy_list_mfa_devices))
-  filter.add(:has_inline_policies?, field: :has_inline_policies?, lazy: method(:lazy_list_user_policies))
-        .add(:has_inline_policies, field: :has_inline_policies, lazy: method(:lazy_list_user_policies))
-        .add(:inline_policy_names, field: :inline_policy_names, style: :simple, lazy: method(:lazy_list_user_policies))
+  filter.register_column(:has_inline_policies?, field: :has_inline_policies?, lazy: method(:lazy_list_user_policies))
+        .register_column(:has_inline_policies, field: :has_inline_policies, lazy: method(:lazy_list_user_policies))
+        .register_column(:inline_policy_names, field: :inline_policy_names, style: :simple, lazy: method(:lazy_list_user_policies))
-  filter.add(:has_attached_policies?, field: :has_attached_policies?, lazy: method(:lazy_list_attached_policies))
-        .add(:has_attached_policies, field: :has_attached_policies, lazy: method(:lazy_list_attached_policies))
-        .add(:attached_policy_names, field: :attached_policy_names, style: :simple, lazy: method(:lazy_list_attached_policies))
-        .add(:attached_policy_arns, field: :attached_policy_arns, style: :simple, lazy: method(:lazy_list_attached_policies))
-  filter.connect(self, :table)
+  filter.register_column(:has_attached_policies?, field: :has_attached_policies?, lazy: method(:lazy_list_attached_policies))
+        .register_column(:has_attached_policies, field: :has_attached_policies, lazy: method(:lazy_list_attached_policies))
+        .register_column(:attached_policy_names, field: :attached_policy_names, style: :simple, lazy: method(:lazy_list_attached_policies))
+        .register_column(:attached_policy_arns, field: :attached_policy_arns, style: :simple, lazy: method(:lazy_list_attached_policies))
+  filter.install_filter_methods_on_resource(self, :table)
   def validate_params(raw_params)
     # No params yet

data/lib/resources/aws/aws_kms_keys.rb CHANGED

@@ -18,11 +18,10 @@ class AwsKmsKeys < Inspec.resource(1)
   # Underlying FilterTable implementation.
   filter = FilterTable.create
-  filter.add_accessor(:entries)
-        .add(:exists?) { |x| !x.entries.empty? }
-        .add(:key_arns, field: :key_arn)
-        .add(:key_ids, field: :key_id)
-  filter.connect(self, :table)
+  filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
+  filter.register_column(:key_arns, field: :key_arn)
+        .register_column(:key_ids, field: :key_id)
+  filter.install_filter_methods_on_resource(self, :table)
   def to_s
     'KMS Keys'

data/lib/resources/aws/aws_route_tables.rb CHANGED

@@ -11,11 +11,10 @@ class AwsRouteTables < Inspec.resource(1)
   include AwsPluralResourceMixin
   # Underlying FilterTable implementation.
   filter = FilterTable.create
-  filter.add_accessor(:entries)
-        .add(:exists?) { |x| !x.entries.empty? }
-        .add(:vpc_ids, field: :vpc_id)
-        .add(:route_table_ids, field: :route_table_id)
-  filter.connect(self, :routes_data)
+  filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
+  filter.register_column(:vpc_ids, field: :vpc_id)
+        .register_column(:route_table_ids, field: :route_table_id)
+  filter.install_filter_methods_on_resource(self, :routes_data)
   def routes_data
     @table

data/lib/resources/aws/aws_s3_buckets.rb CHANGED

@@ -14,11 +14,9 @@ class AwsS3Buckets < Inspec.resource(1)
   # Underlying FilterTable implementation.
   filter = FilterTable.create
-  filter.add_accessor(:where)
-        .add_accessor(:entries)
-        .add(:exists?) { |x| !x.entries.empty? }
-        .add(:bucket_names, field: :name)
-  filter.connect(self, :table)
+  filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
+  filter.register_column(:bucket_names, field: :name)
+  filter.install_filter_methods_on_resource(self, :table)
   def to_s
     'S3 Buckets'

data/lib/resources/aws/aws_security_groups.rb CHANGED

@@ -18,11 +18,9 @@ EOX
   # Underlying FilterTable implementation.
   filter = FilterTable.create
-  filter.add_accessor(:where)
-        .add_accessor(:entries)
-        .add(:exists?) { |x| !x.entries.empty? }
-        .add(:group_ids, field: :group_id)
-  filter.connect(self, :table)
+  filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
+  filter.register_column(:group_ids, field: :group_id)
+  filter.install_filter_methods_on_resource(self, :table)
   def to_s
     'EC2 Security Groups'

data/lib/resources/aws/aws_sns_topics.rb CHANGED

@@ -33,11 +33,9 @@ class AwsSnsTopics < Inspec.resource(1)
   # Underlying FilterTable implementation.
   filter = FilterTable.create
-  filter.add_accessor(:where)
-        .add_accessor(:entries)
-        .add(:exists?) { |x| !x.entries.empty? }
-        .add(:topic_arns, field: :topic_arn)
-  filter.connect(self, :table)
+  filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
+  filter.register_column(:topic_arns, field: :topic_arn)
+  filter.install_filter_methods_on_resource(self, :table)
   def to_s
     'EC2 SNS Topics'

data/lib/resources/aws/aws_subnets.rb CHANGED

@@ -27,14 +27,12 @@ class AwsSubnets < Inspec.resource(1)
   # Underlying FilterTable implementation.
   filter = FilterTable.create
-  filter.add_accessor(:where)
-        .add_accessor(:entries)
-        .add(:exists?) { |x| !x.entries.empty? }
-        .add(:vpc_ids, field: :vpc_id)
-        .add(:subnet_ids, field: :subnet_id)
-        .add(:cidr_blocks, field: :cidr_block)
-        .add(:states, field: :state)
-  filter.connect(self, :table)
+  filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
+  filter.register_column(:vpc_ids, field: :vpc_id)
+        .register_column(:subnet_ids, field: :subnet_id)
+        .register_column(:cidr_blocks, field: :cidr_block)
+        .register_column(:states, field: :state)
+  filter.install_filter_methods_on_resource(self, :table)
   def to_s
     'EC2 VPC Subnets'

data/lib/resources/aws/aws_vpcs.rb CHANGED

@@ -12,15 +12,13 @@ class AwsVpcs < Inspec.resource(1)
   # Underlying FilterTable implementation.
   filter = FilterTable.create
-  filter.add_accessor(:entries)
-        .add_accessor(:where)
-        .add(:exists?) { |x| !x.entries.empty? }
-        .add(:cidr_blocks, field: :cidr_block)
-        .add(:vpc_ids, field: :vpc_id)
+  filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
+  filter.register_column(:cidr_blocks, field: :cidr_block)
+        .register_column(:vpc_ids, field: :vpc_id)
   # We need a dummy here, so FilterTable will define and populate the dhcp_options_id field
-  filter.add(:dummy, field: :dhcp_options_id)
-        .add(:dhcp_options_ids) { |obj| obj.entries.map(&:dhcp_options_id).uniq }
-  filter.connect(self, :table)
+  filter.register_column(:dummy, field: :dhcp_options_id)
+        .register_column(:dhcp_options_ids) { |obj| obj.entries.map(&:dhcp_options_id).uniq }
+  filter.install_filter_methods_on_resource(self, :table)
   def validate_params(raw_params)
     # No params yet

data/lib/resources/azure/azure_generic_resource.rb CHANGED

@@ -33,17 +33,13 @@ module Inspec::Resources
     # Define the filter table so that it can be interrogated
     @filter = FilterTable.create
-    @filter.add_accessor(:count)
-           .add_accessor(:entries)
-           .add_accessor(:where)
-           .add_accessor(:contains)
-           .add(:exist?, field: 'exist?')
-           .add(:type, field: 'type')
-           .add(:name, field: 'name')
-           .add(:location, field: 'location')
-           .add(:properties, field: 'properties')
-    @filter.connect(self, :probes)
+    @filter.register_filter_method(:contains)
+           .register_column(:type, field: 'type')
+           .register_column(:name, field: 'name')
+           .register_column(:location, field: 'location')
+           .register_column(:properties, field: 'properties')
+    @filter.install_filter_methods_on_resource(self, :probes)
     def parse_resource(resource)
       # return a hash of information

data/lib/resources/azure/azure_virtual_machine_data_disk.rb CHANGED

@@ -15,23 +15,21 @@ module Inspec::Resources
     # Create a filter table so that tests on the disk can be performed
     filter = FilterTable.create
-    filter.add_accessor(:where)
-          .add_accessor(:entries)
-          .add(:exists?) { |x| !x.entries.empty? }
-          .add(:disk, field: :disk)
-          .add(:number, field: :number)
-          .add(:name, field: :name)
-          .add(:size, field: :size)
-          .add(:vhd_uri, field: :vhd_uri)
-          .add(:storage_account_name, field: :storage_account_name)
-          .add(:lun, field: :lun)
-          .add(:caching, field: :caching)
-          .add(:create_option, field: :create_option)
-          .add(:is_managed_disk?, field: :is_managed_disk?)
-          .add(:storage_account_type, field: :storage_account_type)
-          .add(:subscription_id, field: :subscription_id)
-          .add(:resource_group, field: :resource_group)
-    filter.connect(self, :datadisk_details)
+    filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
+    filter.register_column(:disk, field: :disk)
+          .register_column(:number, field: :number)
+          .register_column(:name, field: :name)
+          .register_column(:size, field: :size)
+          .register_column(:vhd_uri, field: :vhd_uri)
+          .register_column(:storage_account_name, field: :storage_account_name)
+          .register_column(:lun, field: :lun)
+          .register_column(:caching, field: :caching)
+          .register_column(:create_option, field: :create_option)
+          .register_column(:is_managed_disk?, field: :is_managed_disk?)
+          .register_column(:storage_account_type, field: :storage_account_type)
+          .register_column(:subscription_id, field: :subscription_id)
+          .register_column(:resource_group, field: :resource_group)
+    filter.install_filter_methods_on_resource(self, :datadisk_details)
     # Constructor for the resource. This calls the parent constructor to
     # get the generic resource for the specified machine. This will provide

data/lib/resources/crontab.rb CHANGED

@@ -65,24 +65,22 @@ module Inspec::Resources
     end
     filter = FilterTable.create
-    filter.add_accessor(:where)
-          .add_accessor(:entries)
-          .add(:minutes,  field: 'minute')
-          .add(:hours,    field: 'hour')
-          .add(:days,     field: 'day')
-          .add(:months,   field: 'month')
-          .add(:weekdays, field: 'weekday')
-          .add(:user,     field: 'user')
-          .add(:commands, field: 'command')
+    filter.register_column(:minutes,  field: 'minute')
+          .register_column(:hours,    field: 'hour')
+          .register_column(:days,     field: 'day')
+          .register_column(:months,   field: 'month')
+          .register_column(:weekdays, field: 'weekday')
+          .register_column(:user,     field: 'user')
+          .register_column(:commands, field: 'command')
     # rebuild the crontab line from raw content
-    filter.add(:content) { |t, _|
+    filter.register_custom_property(:content) { |t, _|
       t.entries.map do |e|
         [e.minute, e.hour, e.day, e.month, e.weekday, e.user, e.command].compact.join(' ')
       end.join("\n")
     }
-    filter.connect(self, :params)
+    filter.install_filter_methods_on_resource(self, :params)
     def to_s
       if is_system_crontab?

data/lib/resources/docker.rb CHANGED

@@ -10,25 +10,23 @@ module Inspec::Resources
   class DockerContainerFilter
     # use filtertable for containers
     filter = FilterTable.create
-    filter.add_accessor(:where)
-          .add_accessor(:entries)
-          .add(:commands,       field: 'command')
-          .add(:ids,            field: 'id')
-          .add(:images,         field: 'image')
-          .add(:labels,         field: 'labels')
-          .add(:local_volumes,  field: 'localvolumes')
-          .add(:mounts,         field: 'mounts')
-          .add(:names,          field: 'names')
-          .add(:networks,       field: 'networks')
-          .add(:ports,          field: 'ports')
-          .add(:running_for,    field: 'runningfor')
-          .add(:sizes,          field: 'size')
-          .add(:status,         field: 'status')
-          .add(:exists?) { |x| !x.entries.empty? }
-          .add(:running?) { |x|
+    filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
+    filter.register_column(:commands,       field: 'command')
+          .register_column(:ids,            field: 'id')
+          .register_column(:images,         field: 'image')
+          .register_column(:labels,         field: 'labels')
+          .register_column(:local_volumes,  field: 'localvolumes')
+          .register_column(:mounts,         field: 'mounts')
+          .register_column(:names,          field: 'names')
+          .register_column(:networks,       field: 'networks')
+          .register_column(:ports,          field: 'ports')
+          .register_column(:running_for,    field: 'runningfor')
+          .register_column(:sizes,          field: 'size')
+          .register_column(:status,         field: 'status')
+          .register_custom_matcher(:running?) { |x|
             x.where { status.downcase.start_with?('up') }
           }
-    filter.connect(self, :containers)
+    filter.install_filter_methods_on_resource(self, :containers)
     attr_reader :containers
     def initialize(containers)
@@ -38,17 +36,15 @@ module Inspec::Resources
   class DockerImageFilter
     filter = FilterTable.create
-    filter.add_accessor(:where)
-          .add_accessor(:entries)
-          .add(:ids,              field: 'id')
-          .add(:repositories,     field: 'repository')
-          .add(:tags,             field: 'tag')
-          .add(:sizes,            field: 'size')
-          .add(:digests,          field: 'digest')
-          .add(:created,          field: 'createdat')
-          .add(:created_since,    field: 'createdsize')
-          .add(:exists?) { |x| !x.entries.empty? }
-    filter.connect(self, :images)
+    filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
+    filter.register_column(:ids,              field: 'id')
+          .register_column(:repositories,     field: 'repository')
+          .register_column(:tags,             field: 'tag')
+          .register_column(:sizes,            field: 'size')
+          .register_column(:digests,          field: 'digest')
+          .register_column(:created,          field: 'createdat')
+          .register_column(:created_since,    field: 'createdsize')
+    filter.install_filter_methods_on_resource(self, :images)
     attr_reader :images
     def initialize(images)
@@ -58,16 +54,14 @@ module Inspec::Resources
   class DockerServiceFilter
     filter = FilterTable.create
-    filter.add_accessor(:where)
-          .add_accessor(:entries)
-          .add(:ids,              field: 'id')
-          .add(:names,            field: 'name')
-          .add(:modes,            field: 'mode')
-          .add(:replicas,         field: 'replicas')
-          .add(:images,           field: 'image')
-          .add(:ports,            field: 'ports')
-          .add(:exists?) { |x| !x.entries.empty? }
-    filter.connect(self, :services)
+    filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
+    filter.register_column(:ids,              field: 'id')
+          .register_column(:names,            field: 'name')
+          .register_column(:modes,            field: 'mode')
+          .register_column(:replicas,         field: 'replicas')
+          .register_column(:images,           field: 'image')
+          .register_column(:ports,            field: 'ports')
+    filter.install_filter_methods_on_resource(self, :services)
     attr_reader :services
     def initialize(services)

data/lib/resources/elasticsearch.rb CHANGED

@@ -24,35 +24,33 @@ module Inspec::Resources
     "
     filter = FilterTable.create
-    filter.add_accessor(:where)
-          .add_accessor(:entries)
-          .add(:cluster_name,          field: 'cluster_name')
-          .add(:node_name,             field: 'name')
-          .add(:transport_address,     field: 'transport_address')
-          .add(:host,                  field: 'host')
-          .add(:ip,                    field: 'ip')
-          .add(:version,               field: 'version')
-          .add(:build_hash,            field: 'build_hash')
-          .add(:total_indexing_buffer, field: 'total_indexing_buffer')
-          .add(:roles,                 field: 'roles')
-          .add(:settings,              field: 'settings')
-          .add(:os,                    field: 'os')
-          .add(:process,               field: 'process')
-          .add(:jvm,                   field: 'jvm')
-          .add(:transport,             field: 'transport')
-          .add(:http,                  field: 'http')
-          .add(:plugins,               field: 'plugins')
-          .add(:plugin_list,           field: 'plugin_list')
-          .add(:modules,               field: 'modules')
-          .add(:module_list,           field: 'module_list')
-          .add(:node_id,               field: 'node_id')
-          .add(:ingest,                field: 'ingest')
-          .add(:exists?) { |x| !x.entries.empty? }
-          .add(:node_count) { |t, _|
+    filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
+    filter.register_column(:cluster_name,          field: 'cluster_name')
+          .register_column(:node_name,             field: 'name')
+          .register_column(:transport_address,     field: 'transport_address')
+          .register_column(:host,                  field: 'host')
+          .register_column(:ip,                    field: 'ip')
+          .register_column(:version,               field: 'version')
+          .register_column(:build_hash,            field: 'build_hash')
+          .register_column(:total_indexing_buffer, field: 'total_indexing_buffer')
+          .register_column(:roles,                 field: 'roles')
+          .register_column(:settings,              field: 'settings')
+          .register_column(:os,                    field: 'os')
+          .register_column(:process,               field: 'process')
+          .register_column(:jvm,                   field: 'jvm')
+          .register_column(:transport,             field: 'transport')
+          .register_column(:http,                  field: 'http')
+          .register_column(:plugins,               field: 'plugins')
+          .register_column(:plugin_list,           field: 'plugin_list')
+          .register_column(:modules,               field: 'modules')
+          .register_column(:module_list,           field: 'module_list')
+          .register_column(:node_id,               field: 'node_id')
+          .register_column(:ingest,                field: 'ingest')
+          .register_custom_property(:node_count) { |t, _|
             t.entries.length
           }
-    filter.connect(self, :nodes)
+    filter.install_filter_methods_on_resource(self, :nodes)
     attr_reader :nodes, :url