inspec 2.3.10 → 2.3.23
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +34 -13
- data/etc/plugin_filters.json +25 -0
- data/inspec.gemspec +3 -3
- data/lib/bundles/inspec-compliance/api.rb +3 -0
- data/lib/bundles/inspec-compliance/configuration.rb +3 -0
- data/lib/bundles/inspec-compliance/http.rb +3 -0
- data/lib/bundles/inspec-compliance/support.rb +3 -0
- data/lib/bundles/inspec-compliance/target.rb +3 -0
- data/lib/inspec/objects/attribute.rb +3 -0
- data/lib/inspec/plugin/v2.rb +3 -0
- data/lib/inspec/plugin/v2/filter.rb +62 -0
- data/lib/inspec/plugin/v2/installer.rb +21 -1
- data/lib/inspec/plugin/v2/loader.rb +4 -0
- data/lib/inspec/profile.rb +3 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +25 -3
- data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +65 -11
- data/lib/plugins/inspec-plugin-manager-cli/test/unit/cli_args_test.rb +5 -1
- data/lib/resources/package.rb +1 -1
- metadata +5 -253
- data/MAINTAINERS.toml +0 -52
- data/docs/.gitignore +0 -2
- data/docs/README.md +0 -41
- data/docs/dev/control-eval.md +0 -62
- data/docs/dev/filtertable-internals.md +0 -353
- data/docs/dev/filtertable-usage.md +0 -533
- data/docs/dev/integration-testing.md +0 -31
- data/docs/dev/plugins.md +0 -323
- data/docs/dsl_inspec.md +0 -354
- data/docs/dsl_resource.md +0 -100
- data/docs/glossary.md +0 -381
- data/docs/habitat.md +0 -193
- data/docs/inspec_and_friends.md +0 -114
- data/docs/matchers.md +0 -161
- data/docs/migration.md +0 -293
- data/docs/platforms.md +0 -119
- data/docs/plugin_kitchen_inspec.md +0 -60
- data/docs/plugins.md +0 -57
- data/docs/profiles.md +0 -576
- data/docs/reporters.md +0 -170
- data/docs/resources/aide_conf.md.erb +0 -86
- data/docs/resources/apache.md.erb +0 -77
- data/docs/resources/apache_conf.md.erb +0 -78
- data/docs/resources/apt.md.erb +0 -81
- data/docs/resources/audit_policy.md.erb +0 -57
- data/docs/resources/auditd.md.erb +0 -89
- data/docs/resources/auditd_conf.md.erb +0 -78
- data/docs/resources/aws_cloudtrail_trail.md.erb +0 -165
- data/docs/resources/aws_cloudtrail_trails.md.erb +0 -96
- data/docs/resources/aws_cloudwatch_alarm.md.erb +0 -101
- data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +0 -164
- data/docs/resources/aws_config_delivery_channel.md.erb +0 -111
- data/docs/resources/aws_config_recorder.md.erb +0 -96
- data/docs/resources/aws_ebs_volume.md.erb +0 -76
- data/docs/resources/aws_ebs_volumes.md.erb +0 -86
- data/docs/resources/aws_ec2_instance.md.erb +0 -122
- data/docs/resources/aws_ec2_instances.md.erb +0 -89
- data/docs/resources/aws_elb.md.erb +0 -154
- data/docs/resources/aws_elbs.md.erb +0 -252
- data/docs/resources/aws_flow_log.md.erb +0 -128
- data/docs/resources/aws_iam_access_key.md.erb +0 -139
- data/docs/resources/aws_iam_access_keys.md.erb +0 -214
- data/docs/resources/aws_iam_group.md.erb +0 -74
- data/docs/resources/aws_iam_groups.md.erb +0 -92
- data/docs/resources/aws_iam_password_policy.md.erb +0 -92
- data/docs/resources/aws_iam_policies.md.erb +0 -97
- data/docs/resources/aws_iam_policy.md.erb +0 -264
- data/docs/resources/aws_iam_role.md.erb +0 -79
- data/docs/resources/aws_iam_root_user.md.erb +0 -86
- data/docs/resources/aws_iam_user.md.erb +0 -130
- data/docs/resources/aws_iam_users.md.erb +0 -289
- data/docs/resources/aws_kms_key.md.erb +0 -187
- data/docs/resources/aws_kms_keys.md.erb +0 -99
- data/docs/resources/aws_rds_instance.md.erb +0 -76
- data/docs/resources/aws_route_table.md.erb +0 -63
- data/docs/resources/aws_route_tables.md.erb +0 -65
- data/docs/resources/aws_s3_bucket.md.erb +0 -156
- data/docs/resources/aws_s3_bucket_object.md.erb +0 -99
- data/docs/resources/aws_s3_buckets.md.erb +0 -69
- data/docs/resources/aws_security_group.md.erb +0 -323
- data/docs/resources/aws_security_groups.md.erb +0 -107
- data/docs/resources/aws_sns_subscription.md.erb +0 -140
- data/docs/resources/aws_sns_topic.md.erb +0 -79
- data/docs/resources/aws_sns_topics.md.erb +0 -68
- data/docs/resources/aws_subnet.md.erb +0 -150
- data/docs/resources/aws_subnets.md.erb +0 -142
- data/docs/resources/aws_vpc.md.erb +0 -135
- data/docs/resources/aws_vpcs.md.erb +0 -135
- data/docs/resources/azure_generic_resource.md.erb +0 -183
- data/docs/resources/azure_resource_group.md.erb +0 -294
- data/docs/resources/azure_virtual_machine.md.erb +0 -357
- data/docs/resources/azure_virtual_machine_data_disk.md.erb +0 -234
- data/docs/resources/bash.md.erb +0 -85
- data/docs/resources/bond.md.erb +0 -100
- data/docs/resources/bridge.md.erb +0 -67
- data/docs/resources/bsd_service.md.erb +0 -77
- data/docs/resources/chocolatey_package.md.erb +0 -68
- data/docs/resources/command.md.erb +0 -176
- data/docs/resources/cpan.md.erb +0 -89
- data/docs/resources/cran.md.erb +0 -74
- data/docs/resources/crontab.md.erb +0 -103
- data/docs/resources/csv.md.erb +0 -64
- data/docs/resources/dh_params.md.erb +0 -221
- data/docs/resources/directory.md.erb +0 -40
- data/docs/resources/docker.md.erb +0 -240
- data/docs/resources/docker_container.md.erb +0 -113
- data/docs/resources/docker_image.md.erb +0 -104
- data/docs/resources/docker_plugin.md.erb +0 -80
- data/docs/resources/docker_service.md.erb +0 -124
- data/docs/resources/elasticsearch.md.erb +0 -252
- data/docs/resources/etc_fstab.md.erb +0 -135
- data/docs/resources/etc_group.md.erb +0 -85
- data/docs/resources/etc_hosts.md.erb +0 -88
- data/docs/resources/etc_hosts_allow.md.erb +0 -84
- data/docs/resources/etc_hosts_deny.md.erb +0 -84
- data/docs/resources/file.md.erb +0 -543
- data/docs/resources/filesystem.md.erb +0 -51
- data/docs/resources/firewalld.md.erb +0 -117
- data/docs/resources/gem.md.erb +0 -108
- data/docs/resources/group.md.erb +0 -71
- data/docs/resources/grub_conf.md.erb +0 -111
- data/docs/resources/host.md.erb +0 -96
- data/docs/resources/http.md.erb +0 -207
- data/docs/resources/iis_app.md.erb +0 -132
- data/docs/resources/iis_site.md.erb +0 -145
- data/docs/resources/inetd_conf.md.erb +0 -104
- data/docs/resources/ini.md.erb +0 -86
- data/docs/resources/interface.md.erb +0 -68
- data/docs/resources/iptables.md.erb +0 -74
- data/docs/resources/json.md.erb +0 -73
- data/docs/resources/kernel_module.md.erb +0 -130
- data/docs/resources/kernel_parameter.md.erb +0 -63
- data/docs/resources/key_rsa.md.erb +0 -95
- data/docs/resources/launchd_service.md.erb +0 -67
- data/docs/resources/limits_conf.md.erb +0 -85
- data/docs/resources/login_defs.md.erb +0 -81
- data/docs/resources/mount.md.erb +0 -79
- data/docs/resources/mssql_session.md.erb +0 -78
- data/docs/resources/mysql_conf.md.erb +0 -109
- data/docs/resources/mysql_session.md.erb +0 -84
- data/docs/resources/nginx.md.erb +0 -89
- data/docs/resources/nginx_conf.md.erb +0 -148
- data/docs/resources/npm.md.erb +0 -78
- data/docs/resources/ntp_conf.md.erb +0 -70
- data/docs/resources/oneget.md.erb +0 -63
- data/docs/resources/oracledb_session.md.erb +0 -103
- data/docs/resources/os.md.erb +0 -153
- data/docs/resources/os_env.md.erb +0 -101
- data/docs/resources/package.md.erb +0 -130
- data/docs/resources/packages.md.erb +0 -77
- data/docs/resources/parse_config.md.erb +0 -113
- data/docs/resources/parse_config_file.md.erb +0 -148
- data/docs/resources/passwd.md.erb +0 -151
- data/docs/resources/pip.md.erb +0 -77
- data/docs/resources/port.md.erb +0 -147
- data/docs/resources/postgres_conf.md.erb +0 -89
- data/docs/resources/postgres_hba_conf.md.erb +0 -103
- data/docs/resources/postgres_ident_conf.md.erb +0 -86
- data/docs/resources/postgres_session.md.erb +0 -79
- data/docs/resources/powershell.md.erb +0 -112
- data/docs/resources/processes.md.erb +0 -119
- data/docs/resources/rabbitmq_config.md.erb +0 -51
- data/docs/resources/registry_key.md.erb +0 -197
- data/docs/resources/runit_service.md.erb +0 -67
- data/docs/resources/security_policy.md.erb +0 -57
- data/docs/resources/service.md.erb +0 -131
- data/docs/resources/shadow.md.erb +0 -267
- data/docs/resources/ssh_config.md.erb +0 -83
- data/docs/resources/sshd_config.md.erb +0 -93
- data/docs/resources/ssl.md.erb +0 -129
- data/docs/resources/sys_info.md.erb +0 -52
- data/docs/resources/systemd_service.md.erb +0 -67
- data/docs/resources/sysv_service.md.erb +0 -67
- data/docs/resources/upstart_service.md.erb +0 -67
- data/docs/resources/user.md.erb +0 -150
- data/docs/resources/users.md.erb +0 -137
- data/docs/resources/vbscript.md.erb +0 -65
- data/docs/resources/virtualization.md.erb +0 -67
- data/docs/resources/windows_feature.md.erb +0 -69
- data/docs/resources/windows_hotfix.md.erb +0 -63
- data/docs/resources/windows_task.md.erb +0 -95
- data/docs/resources/wmi.md.erb +0 -91
- data/docs/resources/x509_certificate.md.erb +0 -161
- data/docs/resources/xinetd_conf.md.erb +0 -166
- data/docs/resources/xml.md.erb +0 -95
- data/docs/resources/yaml.md.erb +0 -79
- data/docs/resources/yum.md.erb +0 -108
- data/docs/resources/zfs_dataset.md.erb +0 -63
- data/docs/resources/zfs_pool.md.erb +0 -57
- data/docs/shared/matcher_be.md.erb +0 -1
- data/docs/shared/matcher_cmp.md.erb +0 -43
- data/docs/shared/matcher_eq.md.erb +0 -3
- data/docs/shared/matcher_include.md.erb +0 -1
- data/docs/shared/matcher_match.md.erb +0 -1
- data/docs/shell.md +0 -217
- data/docs/style.md +0 -178
- data/examples/README.md +0 -8
- data/examples/custom-resource/README.md +0 -3
- data/examples/custom-resource/controls/example.rb +0 -7
- data/examples/custom-resource/inspec.yml +0 -8
- data/examples/custom-resource/libraries/batsignal.rb +0 -20
- data/examples/custom-resource/libraries/gordon.rb +0 -21
- data/examples/inheritance/README.md +0 -65
- data/examples/inheritance/controls/example.rb +0 -14
- data/examples/inheritance/inspec.yml +0 -16
- data/examples/kitchen-ansible/.kitchen.yml +0 -25
- data/examples/kitchen-ansible/Gemfile +0 -19
- data/examples/kitchen-ansible/README.md +0 -53
- data/examples/kitchen-ansible/files/nginx.repo +0 -6
- data/examples/kitchen-ansible/tasks/main.yml +0 -16
- data/examples/kitchen-ansible/test/integration/default/default.yml +0 -5
- data/examples/kitchen-ansible/test/integration/default/web_spec.rb +0 -28
- data/examples/kitchen-chef/.kitchen.yml +0 -20
- data/examples/kitchen-chef/Berksfile +0 -3
- data/examples/kitchen-chef/Gemfile +0 -19
- data/examples/kitchen-chef/README.md +0 -27
- data/examples/kitchen-chef/metadata.rb +0 -7
- data/examples/kitchen-chef/recipes/default.rb +0 -6
- data/examples/kitchen-chef/recipes/nginx.rb +0 -30
- data/examples/kitchen-chef/test/integration/default/web_spec.rb +0 -28
- data/examples/kitchen-puppet/.kitchen.yml +0 -23
- data/examples/kitchen-puppet/Gemfile +0 -20
- data/examples/kitchen-puppet/Puppetfile +0 -25
- data/examples/kitchen-puppet/README.md +0 -53
- data/examples/kitchen-puppet/manifests/site.pp +0 -33
- data/examples/kitchen-puppet/metadata.json +0 -11
- data/examples/kitchen-puppet/modules/.gitkeep +0 -0
- data/examples/kitchen-puppet/test/integration/default/web_spec.rb +0 -28
- data/examples/meta-profile/README.md +0 -37
- data/examples/meta-profile/controls/example.rb +0 -13
- data/examples/meta-profile/inspec.yml +0 -13
- data/examples/plugins/inspec-resource-lister/Gemfile +0 -12
- data/examples/plugins/inspec-resource-lister/LICENSE +0 -13
- data/examples/plugins/inspec-resource-lister/README.md +0 -62
- data/examples/plugins/inspec-resource-lister/Rakefile +0 -40
- data/examples/plugins/inspec-resource-lister/inspec-resource-lister.gemspec +0 -45
- data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister.rb +0 -16
- data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/cli_command.rb +0 -70
- data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/plugin.rb +0 -55
- data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/version.rb +0 -10
- data/examples/plugins/inspec-resource-lister/test/fixtures/README.md +0 -24
- data/examples/plugins/inspec-resource-lister/test/functional/README.md +0 -18
- data/examples/plugins/inspec-resource-lister/test/functional/inspec_resource_lister_test.rb +0 -110
- data/examples/plugins/inspec-resource-lister/test/helper.rb +0 -26
- data/examples/plugins/inspec-resource-lister/test/unit/README.md +0 -17
- data/examples/plugins/inspec-resource-lister/test/unit/cli_args_test.rb +0 -64
- data/examples/plugins/inspec-resource-lister/test/unit/plugin_def_test.rb +0 -51
- data/examples/profile-attribute.yml +0 -2
- data/examples/profile-attribute/README.md +0 -14
- data/examples/profile-attribute/controls/example.rb +0 -11
- data/examples/profile-attribute/inspec.yml +0 -8
- data/examples/profile-aws/controls/iam_password_policy_expiration.rb +0 -8
- data/examples/profile-aws/controls/iam_password_policy_max_age.rb +0 -8
- data/examples/profile-aws/controls/iam_root_user_mfa.rb +0 -8
- data/examples/profile-aws/controls/iam_users_access_key_age.rb +0 -8
- data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +0 -8
- data/examples/profile-aws/inspec.yml +0 -11
- data/examples/profile-azure/controls/azure_resource_group_example.rb +0 -24
- data/examples/profile-azure/controls/azure_vm_example.rb +0 -29
- data/examples/profile-azure/inspec.yml +0 -11
- data/examples/profile-sensitive/README.md +0 -29
- data/examples/profile-sensitive/controls/sensitive-failures.rb +0 -9
- data/examples/profile-sensitive/controls/sensitive.rb +0 -9
- data/examples/profile-sensitive/inspec.yml +0 -8
- data/examples/profile/README.md +0 -48
- data/examples/profile/controls/example.rb +0 -24
- data/examples/profile/controls/gordon.rb +0 -36
- data/examples/profile/controls/meta.rb +0 -36
- data/examples/profile/inspec.yml +0 -11
- data/examples/profile/libraries/gordon_config.rb +0 -59
@@ -26,7 +26,7 @@ class PluginManagerCliOptions < MiniTest::Test
|
|
26
26
|
|
27
27
|
def test_search_args
|
28
28
|
arg_config = cli_class.all_commands['search'].options
|
29
|
-
assert_equal
|
29
|
+
assert_equal 3, arg_config.count, 'The search command should have 3 options'
|
30
30
|
|
31
31
|
assert_includes arg_config.keys, :all, 'The search command should have an --all option'
|
32
32
|
assert_equal :boolean, arg_config[:all].type, 'The --all option should be boolean'
|
@@ -40,6 +40,10 @@ class PluginManagerCliOptions < MiniTest::Test
|
|
40
40
|
refute_nil arg_config[:exact].description, 'The --exact option should have a description'
|
41
41
|
refute arg_config[:exact].required, 'The --exact option should not be required'
|
42
42
|
|
43
|
+
assert_includes arg_config.keys, :'include-test-fixture', 'The search command should have an --include-test-fixture option'
|
44
|
+
assert_equal :boolean, arg_config[:'include-test-fixture'].type, 'The --include-test-fixture option should be boolean'
|
45
|
+
refute arg_config[:'include-test-fixture'].required, 'The --include-test-fixture option should not be required'
|
46
|
+
|
43
47
|
assert_equal 1, cli_class.instance_method(:search).arity, 'The search command should take one argument'
|
44
48
|
end
|
45
49
|
|
data/lib/resources/package.rb
CHANGED
@@ -258,7 +258,7 @@ module Inspec::Resources
|
|
258
258
|
cmd = inspec.command("apk info -vv --no-network | grep #{package_name}")
|
259
259
|
return {} if cmd.exit_status.to_i != 0
|
260
260
|
|
261
|
-
pkg_info = cmd.stdout.split("\n").
|
261
|
+
pkg_info = cmd.stdout.split("\n").delete_if { |e| e =~ /^WARNING/i }
|
262
262
|
pkg = pkg_info[0].split(' - ')[0]
|
263
263
|
|
264
264
|
{
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: inspec
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.3.
|
4
|
+
version: 2.3.23
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dominik Richter
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-10-
|
11
|
+
date: 2018-10-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: train
|
@@ -332,259 +332,10 @@ files:
|
|
332
332
|
- Gemfile
|
333
333
|
- LICENSE
|
334
334
|
- MAINTAINERS.md
|
335
|
-
- MAINTAINERS.toml
|
336
335
|
- README.md
|
337
336
|
- Rakefile
|
338
337
|
- bin/inspec
|
339
|
-
-
|
340
|
-
- docs/README.md
|
341
|
-
- docs/dev/control-eval.md
|
342
|
-
- docs/dev/filtertable-internals.md
|
343
|
-
- docs/dev/filtertable-usage.md
|
344
|
-
- docs/dev/integration-testing.md
|
345
|
-
- docs/dev/plugins.md
|
346
|
-
- docs/dsl_inspec.md
|
347
|
-
- docs/dsl_resource.md
|
348
|
-
- docs/glossary.md
|
349
|
-
- docs/habitat.md
|
350
|
-
- docs/inspec_and_friends.md
|
351
|
-
- docs/matchers.md
|
352
|
-
- docs/migration.md
|
353
|
-
- docs/platforms.md
|
354
|
-
- docs/plugin_kitchen_inspec.md
|
355
|
-
- docs/plugins.md
|
356
|
-
- docs/profiles.md
|
357
|
-
- docs/reporters.md
|
358
|
-
- docs/resources/aide_conf.md.erb
|
359
|
-
- docs/resources/apache.md.erb
|
360
|
-
- docs/resources/apache_conf.md.erb
|
361
|
-
- docs/resources/apt.md.erb
|
362
|
-
- docs/resources/audit_policy.md.erb
|
363
|
-
- docs/resources/auditd.md.erb
|
364
|
-
- docs/resources/auditd_conf.md.erb
|
365
|
-
- docs/resources/aws_cloudtrail_trail.md.erb
|
366
|
-
- docs/resources/aws_cloudtrail_trails.md.erb
|
367
|
-
- docs/resources/aws_cloudwatch_alarm.md.erb
|
368
|
-
- docs/resources/aws_cloudwatch_log_metric_filter.md.erb
|
369
|
-
- docs/resources/aws_config_delivery_channel.md.erb
|
370
|
-
- docs/resources/aws_config_recorder.md.erb
|
371
|
-
- docs/resources/aws_ebs_volume.md.erb
|
372
|
-
- docs/resources/aws_ebs_volumes.md.erb
|
373
|
-
- docs/resources/aws_ec2_instance.md.erb
|
374
|
-
- docs/resources/aws_ec2_instances.md.erb
|
375
|
-
- docs/resources/aws_elb.md.erb
|
376
|
-
- docs/resources/aws_elbs.md.erb
|
377
|
-
- docs/resources/aws_flow_log.md.erb
|
378
|
-
- docs/resources/aws_iam_access_key.md.erb
|
379
|
-
- docs/resources/aws_iam_access_keys.md.erb
|
380
|
-
- docs/resources/aws_iam_group.md.erb
|
381
|
-
- docs/resources/aws_iam_groups.md.erb
|
382
|
-
- docs/resources/aws_iam_password_policy.md.erb
|
383
|
-
- docs/resources/aws_iam_policies.md.erb
|
384
|
-
- docs/resources/aws_iam_policy.md.erb
|
385
|
-
- docs/resources/aws_iam_role.md.erb
|
386
|
-
- docs/resources/aws_iam_root_user.md.erb
|
387
|
-
- docs/resources/aws_iam_user.md.erb
|
388
|
-
- docs/resources/aws_iam_users.md.erb
|
389
|
-
- docs/resources/aws_kms_key.md.erb
|
390
|
-
- docs/resources/aws_kms_keys.md.erb
|
391
|
-
- docs/resources/aws_rds_instance.md.erb
|
392
|
-
- docs/resources/aws_route_table.md.erb
|
393
|
-
- docs/resources/aws_route_tables.md.erb
|
394
|
-
- docs/resources/aws_s3_bucket.md.erb
|
395
|
-
- docs/resources/aws_s3_bucket_object.md.erb
|
396
|
-
- docs/resources/aws_s3_buckets.md.erb
|
397
|
-
- docs/resources/aws_security_group.md.erb
|
398
|
-
- docs/resources/aws_security_groups.md.erb
|
399
|
-
- docs/resources/aws_sns_subscription.md.erb
|
400
|
-
- docs/resources/aws_sns_topic.md.erb
|
401
|
-
- docs/resources/aws_sns_topics.md.erb
|
402
|
-
- docs/resources/aws_subnet.md.erb
|
403
|
-
- docs/resources/aws_subnets.md.erb
|
404
|
-
- docs/resources/aws_vpc.md.erb
|
405
|
-
- docs/resources/aws_vpcs.md.erb
|
406
|
-
- docs/resources/azure_generic_resource.md.erb
|
407
|
-
- docs/resources/azure_resource_group.md.erb
|
408
|
-
- docs/resources/azure_virtual_machine.md.erb
|
409
|
-
- docs/resources/azure_virtual_machine_data_disk.md.erb
|
410
|
-
- docs/resources/bash.md.erb
|
411
|
-
- docs/resources/bond.md.erb
|
412
|
-
- docs/resources/bridge.md.erb
|
413
|
-
- docs/resources/bsd_service.md.erb
|
414
|
-
- docs/resources/chocolatey_package.md.erb
|
415
|
-
- docs/resources/command.md.erb
|
416
|
-
- docs/resources/cpan.md.erb
|
417
|
-
- docs/resources/cran.md.erb
|
418
|
-
- docs/resources/crontab.md.erb
|
419
|
-
- docs/resources/csv.md.erb
|
420
|
-
- docs/resources/dh_params.md.erb
|
421
|
-
- docs/resources/directory.md.erb
|
422
|
-
- docs/resources/docker.md.erb
|
423
|
-
- docs/resources/docker_container.md.erb
|
424
|
-
- docs/resources/docker_image.md.erb
|
425
|
-
- docs/resources/docker_plugin.md.erb
|
426
|
-
- docs/resources/docker_service.md.erb
|
427
|
-
- docs/resources/elasticsearch.md.erb
|
428
|
-
- docs/resources/etc_fstab.md.erb
|
429
|
-
- docs/resources/etc_group.md.erb
|
430
|
-
- docs/resources/etc_hosts.md.erb
|
431
|
-
- docs/resources/etc_hosts_allow.md.erb
|
432
|
-
- docs/resources/etc_hosts_deny.md.erb
|
433
|
-
- docs/resources/file.md.erb
|
434
|
-
- docs/resources/filesystem.md.erb
|
435
|
-
- docs/resources/firewalld.md.erb
|
436
|
-
- docs/resources/gem.md.erb
|
437
|
-
- docs/resources/group.md.erb
|
438
|
-
- docs/resources/grub_conf.md.erb
|
439
|
-
- docs/resources/host.md.erb
|
440
|
-
- docs/resources/http.md.erb
|
441
|
-
- docs/resources/iis_app.md.erb
|
442
|
-
- docs/resources/iis_site.md.erb
|
443
|
-
- docs/resources/inetd_conf.md.erb
|
444
|
-
- docs/resources/ini.md.erb
|
445
|
-
- docs/resources/interface.md.erb
|
446
|
-
- docs/resources/iptables.md.erb
|
447
|
-
- docs/resources/json.md.erb
|
448
|
-
- docs/resources/kernel_module.md.erb
|
449
|
-
- docs/resources/kernel_parameter.md.erb
|
450
|
-
- docs/resources/key_rsa.md.erb
|
451
|
-
- docs/resources/launchd_service.md.erb
|
452
|
-
- docs/resources/limits_conf.md.erb
|
453
|
-
- docs/resources/login_defs.md.erb
|
454
|
-
- docs/resources/mount.md.erb
|
455
|
-
- docs/resources/mssql_session.md.erb
|
456
|
-
- docs/resources/mysql_conf.md.erb
|
457
|
-
- docs/resources/mysql_session.md.erb
|
458
|
-
- docs/resources/nginx.md.erb
|
459
|
-
- docs/resources/nginx_conf.md.erb
|
460
|
-
- docs/resources/npm.md.erb
|
461
|
-
- docs/resources/ntp_conf.md.erb
|
462
|
-
- docs/resources/oneget.md.erb
|
463
|
-
- docs/resources/oracledb_session.md.erb
|
464
|
-
- docs/resources/os.md.erb
|
465
|
-
- docs/resources/os_env.md.erb
|
466
|
-
- docs/resources/package.md.erb
|
467
|
-
- docs/resources/packages.md.erb
|
468
|
-
- docs/resources/parse_config.md.erb
|
469
|
-
- docs/resources/parse_config_file.md.erb
|
470
|
-
- docs/resources/passwd.md.erb
|
471
|
-
- docs/resources/pip.md.erb
|
472
|
-
- docs/resources/port.md.erb
|
473
|
-
- docs/resources/postgres_conf.md.erb
|
474
|
-
- docs/resources/postgres_hba_conf.md.erb
|
475
|
-
- docs/resources/postgres_ident_conf.md.erb
|
476
|
-
- docs/resources/postgres_session.md.erb
|
477
|
-
- docs/resources/powershell.md.erb
|
478
|
-
- docs/resources/processes.md.erb
|
479
|
-
- docs/resources/rabbitmq_config.md.erb
|
480
|
-
- docs/resources/registry_key.md.erb
|
481
|
-
- docs/resources/runit_service.md.erb
|
482
|
-
- docs/resources/security_policy.md.erb
|
483
|
-
- docs/resources/service.md.erb
|
484
|
-
- docs/resources/shadow.md.erb
|
485
|
-
- docs/resources/ssh_config.md.erb
|
486
|
-
- docs/resources/sshd_config.md.erb
|
487
|
-
- docs/resources/ssl.md.erb
|
488
|
-
- docs/resources/sys_info.md.erb
|
489
|
-
- docs/resources/systemd_service.md.erb
|
490
|
-
- docs/resources/sysv_service.md.erb
|
491
|
-
- docs/resources/upstart_service.md.erb
|
492
|
-
- docs/resources/user.md.erb
|
493
|
-
- docs/resources/users.md.erb
|
494
|
-
- docs/resources/vbscript.md.erb
|
495
|
-
- docs/resources/virtualization.md.erb
|
496
|
-
- docs/resources/windows_feature.md.erb
|
497
|
-
- docs/resources/windows_hotfix.md.erb
|
498
|
-
- docs/resources/windows_task.md.erb
|
499
|
-
- docs/resources/wmi.md.erb
|
500
|
-
- docs/resources/x509_certificate.md.erb
|
501
|
-
- docs/resources/xinetd_conf.md.erb
|
502
|
-
- docs/resources/xml.md.erb
|
503
|
-
- docs/resources/yaml.md.erb
|
504
|
-
- docs/resources/yum.md.erb
|
505
|
-
- docs/resources/zfs_dataset.md.erb
|
506
|
-
- docs/resources/zfs_pool.md.erb
|
507
|
-
- docs/shared/matcher_be.md.erb
|
508
|
-
- docs/shared/matcher_cmp.md.erb
|
509
|
-
- docs/shared/matcher_eq.md.erb
|
510
|
-
- docs/shared/matcher_include.md.erb
|
511
|
-
- docs/shared/matcher_match.md.erb
|
512
|
-
- docs/shell.md
|
513
|
-
- docs/style.md
|
514
|
-
- examples/README.md
|
515
|
-
- examples/custom-resource/README.md
|
516
|
-
- examples/custom-resource/controls/example.rb
|
517
|
-
- examples/custom-resource/inspec.yml
|
518
|
-
- examples/custom-resource/libraries/batsignal.rb
|
519
|
-
- examples/custom-resource/libraries/gordon.rb
|
520
|
-
- examples/inheritance/README.md
|
521
|
-
- examples/inheritance/controls/example.rb
|
522
|
-
- examples/inheritance/inspec.yml
|
523
|
-
- examples/kitchen-ansible/.kitchen.yml
|
524
|
-
- examples/kitchen-ansible/Gemfile
|
525
|
-
- examples/kitchen-ansible/README.md
|
526
|
-
- examples/kitchen-ansible/files/nginx.repo
|
527
|
-
- examples/kitchen-ansible/tasks/main.yml
|
528
|
-
- examples/kitchen-ansible/test/integration/default/default.yml
|
529
|
-
- examples/kitchen-ansible/test/integration/default/web_spec.rb
|
530
|
-
- examples/kitchen-chef/.kitchen.yml
|
531
|
-
- examples/kitchen-chef/Berksfile
|
532
|
-
- examples/kitchen-chef/Gemfile
|
533
|
-
- examples/kitchen-chef/README.md
|
534
|
-
- examples/kitchen-chef/metadata.rb
|
535
|
-
- examples/kitchen-chef/recipes/default.rb
|
536
|
-
- examples/kitchen-chef/recipes/nginx.rb
|
537
|
-
- examples/kitchen-chef/test/integration/default/web_spec.rb
|
538
|
-
- examples/kitchen-puppet/.kitchen.yml
|
539
|
-
- examples/kitchen-puppet/Gemfile
|
540
|
-
- examples/kitchen-puppet/Puppetfile
|
541
|
-
- examples/kitchen-puppet/README.md
|
542
|
-
- examples/kitchen-puppet/manifests/site.pp
|
543
|
-
- examples/kitchen-puppet/metadata.json
|
544
|
-
- examples/kitchen-puppet/modules/.gitkeep
|
545
|
-
- examples/kitchen-puppet/test/integration/default/web_spec.rb
|
546
|
-
- examples/meta-profile/README.md
|
547
|
-
- examples/meta-profile/controls/example.rb
|
548
|
-
- examples/meta-profile/inspec.yml
|
549
|
-
- examples/plugins/inspec-resource-lister/Gemfile
|
550
|
-
- examples/plugins/inspec-resource-lister/LICENSE
|
551
|
-
- examples/plugins/inspec-resource-lister/README.md
|
552
|
-
- examples/plugins/inspec-resource-lister/Rakefile
|
553
|
-
- examples/plugins/inspec-resource-lister/inspec-resource-lister.gemspec
|
554
|
-
- examples/plugins/inspec-resource-lister/lib/inspec-resource-lister.rb
|
555
|
-
- examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/cli_command.rb
|
556
|
-
- examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/plugin.rb
|
557
|
-
- examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/version.rb
|
558
|
-
- examples/plugins/inspec-resource-lister/test/fixtures/README.md
|
559
|
-
- examples/plugins/inspec-resource-lister/test/functional/README.md
|
560
|
-
- examples/plugins/inspec-resource-lister/test/functional/inspec_resource_lister_test.rb
|
561
|
-
- examples/plugins/inspec-resource-lister/test/helper.rb
|
562
|
-
- examples/plugins/inspec-resource-lister/test/unit/README.md
|
563
|
-
- examples/plugins/inspec-resource-lister/test/unit/cli_args_test.rb
|
564
|
-
- examples/plugins/inspec-resource-lister/test/unit/plugin_def_test.rb
|
565
|
-
- examples/profile-attribute.yml
|
566
|
-
- examples/profile-attribute/README.md
|
567
|
-
- examples/profile-attribute/controls/example.rb
|
568
|
-
- examples/profile-attribute/inspec.yml
|
569
|
-
- examples/profile-aws/controls/iam_password_policy_expiration.rb
|
570
|
-
- examples/profile-aws/controls/iam_password_policy_max_age.rb
|
571
|
-
- examples/profile-aws/controls/iam_root_user_mfa.rb
|
572
|
-
- examples/profile-aws/controls/iam_users_access_key_age.rb
|
573
|
-
- examples/profile-aws/controls/iam_users_console_users_mfa.rb
|
574
|
-
- examples/profile-aws/inspec.yml
|
575
|
-
- examples/profile-azure/controls/azure_resource_group_example.rb
|
576
|
-
- examples/profile-azure/controls/azure_vm_example.rb
|
577
|
-
- examples/profile-azure/inspec.yml
|
578
|
-
- examples/profile-sensitive/README.md
|
579
|
-
- examples/profile-sensitive/controls/sensitive-failures.rb
|
580
|
-
- examples/profile-sensitive/controls/sensitive.rb
|
581
|
-
- examples/profile-sensitive/inspec.yml
|
582
|
-
- examples/profile/README.md
|
583
|
-
- examples/profile/controls/example.rb
|
584
|
-
- examples/profile/controls/gordon.rb
|
585
|
-
- examples/profile/controls/meta.rb
|
586
|
-
- examples/profile/inspec.yml
|
587
|
-
- examples/profile/libraries/gordon_config.rb
|
338
|
+
- etc/plugin_filters.json
|
588
339
|
- inspec.gemspec
|
589
340
|
- lib/bundles/README.md
|
590
341
|
- lib/bundles/inspec-compliance/api.rb
|
@@ -658,6 +409,7 @@ files:
|
|
658
409
|
- lib/inspec/plugin/v1/registry.rb
|
659
410
|
- lib/inspec/plugin/v2.rb
|
660
411
|
- lib/inspec/plugin/v2/activator.rb
|
412
|
+
- lib/inspec/plugin/v2/filter.rb
|
661
413
|
- lib/inspec/plugin/v2/installer.rb
|
662
414
|
- lib/inspec/plugin/v2/loader.rb
|
663
415
|
- lib/inspec/plugin/v2/plugin_base.rb
|
@@ -917,7 +669,7 @@ files:
|
|
917
669
|
- lib/utils/simpleconfig.rb
|
918
670
|
- lib/utils/spdx.rb
|
919
671
|
- lib/utils/spdx.txt
|
920
|
-
homepage: https://github.com/
|
672
|
+
homepage: https://github.com/inspec/inspec
|
921
673
|
licenses:
|
922
674
|
- Apache-2.0
|
923
675
|
metadata: {}
|
data/MAINTAINERS.toml
DELETED
@@ -1,52 +0,0 @@
|
|
1
|
-
[Preamble]
|
2
|
-
title = "Maintainers"
|
3
|
-
text = """
|
4
|
-
This file lists how the InSpec project is maintained. When making changes to the
|
5
|
-
system, this file tells you who needs to review your patch - you need at least
|
6
|
-
two maintainers to provide a :+1: on your pull request. Additionally, you need
|
7
|
-
to not receive a veto from a Lieutenant or the Project Lead.
|
8
|
-
Check out [How Chef is Maintained](https://github.com/chef/chef-rfc/blob/master/rfc030-maintenance-policy.md#how-the-project-is-maintained)
|
9
|
-
for details on the process, how to become a maintainer, lieutenant, or the
|
10
|
-
project lead.
|
11
|
-
"""
|
12
|
-
|
13
|
-
[Org]
|
14
|
-
[Org.Components]
|
15
|
-
title = "Components"
|
16
|
-
|
17
|
-
[Org.Components.InSpec]
|
18
|
-
title = "InSpec"
|
19
|
-
text = """
|
20
|
-
Handles the [InSpec](https://github.com/chef/inspec) toolset.
|
21
|
-
"""
|
22
|
-
team = "inspec-maintainers"
|
23
|
-
|
24
|
-
lieutenant = "arlimus"
|
25
|
-
|
26
|
-
maintainers = [
|
27
|
-
"chris-rock",
|
28
|
-
"adamleff",
|
29
|
-
"alexpop",
|
30
|
-
"jquick"
|
31
|
-
]
|
32
|
-
|
33
|
-
[people]
|
34
|
-
[people.arlimus]
|
35
|
-
Name = "Dominik Richter"
|
36
|
-
GitHub = "arlimus"
|
37
|
-
|
38
|
-
[people.chris-rock]
|
39
|
-
Name = "Christoph Hartmann"
|
40
|
-
GitHub = "chris-rock"
|
41
|
-
|
42
|
-
[people.adamleff]
|
43
|
-
Name = "Adam Leff"
|
44
|
-
GitHub = "adamleff"
|
45
|
-
|
46
|
-
[people.alexpop]
|
47
|
-
Name = "Alex Pop"
|
48
|
-
GitHub = "alexpop"
|
49
|
-
|
50
|
-
[people.jquick]
|
51
|
-
Name = "Jared Quick"
|
52
|
-
GitHub = "jquick"
|
data/docs/.gitignore
DELETED
data/docs/README.md
DELETED
@@ -1,41 +0,0 @@
|
|
1
|
-
# InSpec documentation
|
2
|
-
|
3
|
-
This is the home of the InSpec documentation. This documentation provides an introduction to this mechanism and shows how to write custom tests.
|
4
|
-
|
5
|
-
The goal of this folder is for any community member to clone these docs, make the changes, check if they are valid, and contribute to the project.
|
6
|
-
|
7
|
-
## How to build docs
|
8
|
-
|
9
|
-
We build docs by:
|
10
|
-
|
11
|
-
1. Auto-generating docs from code
|
12
|
-
2. Transforming markdown+snippets in this folder into pure markdown in `www/source/docs`
|
13
|
-
3. Rendering them to the website via instructions in `www/`
|
14
|
-
|
15
|
-
For development, you **only need step 1**!
|
16
|
-
|
17
|
-
**1 Generate docs**
|
18
|
-
|
19
|
-
To generate all docs run:
|
20
|
-
|
21
|
-
```
|
22
|
-
bundle exec rake docs
|
23
|
-
```
|
24
|
-
|
25
|
-
You can run tasks individually. For a list of tasks run:
|
26
|
-
|
27
|
-
```
|
28
|
-
bundle exec rake --tasks docs
|
29
|
-
```
|
30
|
-
|
31
|
-
## Stability Index
|
32
|
-
|
33
|
-
Every available InSpec resource will indicate its stability. As InSpec matures, certain parts are more reliable than others. Brand new features are likely to be redesigned and marked as such.
|
34
|
-
|
35
|
-
The stability indices are as follows:
|
36
|
-
|
37
|
-
* `Stability: Deprecated` - This features will be removed in future versions, because its known for being problematic. Do not rely on it.
|
38
|
-
* `Stability: Experimental` - New features may change or are removed in future versions
|
39
|
-
* `Stability: Stable` - API is well established and proofed. Maintaining compatibility is a high priority
|
40
|
-
* `Stability: Locked` - Only security and performance fixes are allowed
|
41
|
-
|
data/docs/dev/control-eval.md
DELETED
@@ -1,62 +0,0 @@
|
|
1
|
-
# What happens when a profile file is loaded
|
2
|
-
|
3
|
-
## Consult with Harry Tuttle
|
4
|
-
|
5
|
-
[He's not from Central Services or anything.](https://youtu.be/VRfoIyx8KfU?t=2m41s)
|
6
|
-
|
7
|
-
## Tips
|
8
|
-
|
9
|
-
* In the early days of InSpec / ServerSpec, controls were called "rules". Throughout various places in the code, the word "rule" is used to mean "control". Make the mental subsitution.
|
10
|
-
* InSpec supports reading profiles from tarballs, local files, git repos, etc. So, don't count on local file reading; instead it uses a special source reader to obtain the contents of the files.
|
11
|
-
|
12
|
-
## The basics of the stack
|
13
|
-
|
14
|
-
#5 Inspec::Profile.collect_tests(include_list#Array) at lib/inspec/profile.rb:167
|
15
|
-
#4 Hash.each at lib/inspec/profile.rb:167
|
16
|
-
#3 block in Inspec::Profile.block in collect_tests(include_list#Array) at lib/inspec/profile.rb:170
|
17
|
-
#2 Inspec::ProfileContext.load_control_file(*args#Array) at lib/inspec/profile_context.rb:141
|
18
|
-
#1 Inspec::ProfileContext.control_eval_context at lib/inspec/profile_context.rb:58
|
19
|
-
#0 #<Class:Inspec::ControlEvalContext>.create(profile_context#Inspec::ProfileContext, resources_dsl#Module) at lib/inspec/control_eval_context.rb:41
|
20
|
-
|
21
|
-
## A profile context is created
|
22
|
-
|
23
|
-
Like many things in InSpec core, a profile context is an anonymous class. (verify)
|
24
|
-
|
25
|
-
Additionally, a control_eval_context is created. It is an instance of an anonymous class; it has a class<->relationship with its profile context. See `lib/inspec/control_eval_context.rb`.
|
26
|
-
|
27
|
-
## Each file's contents are instance eval'd against the control_eval_context
|
28
|
-
|
29
|
-
### DSL methods are executed at this time
|
30
|
-
|
31
|
-
So, if you have a control file with `title` in it, that will call the title method that was defined at `lib/inspec/control_eval_context.rb:60`. Importantly, this also includes the `control` DSL keyword, and also the `describe` keyword (used for bare describes).
|
32
|
-
|
33
|
-
### Each control and their block are wrapped in an anonymous class
|
34
|
-
|
35
|
-
The anonymous class generator is located at `lib/inspec/control_eval_context.rb:24`. At this point, the terminology switches from `control` to `rule`. Each context class inherits from Inspec::Rule, which provides the constructor.
|
36
|
-
|
37
|
-
The control context class also gets extended with the resource DSL, so anything in the source code for the control can use the resource DSL. This includes all resource names, but importantly, the `describe` DSL keyword.
|
38
|
-
|
39
|
-
Finally, Inspec::Rule provides the control DSL - impact, title, desc, ref, and tags.
|
40
|
-
|
41
|
-
### The block is instance_eval'd against the control context class
|
42
|
-
|
43
|
-
See `lib/inspec/rule.rb:50`. We're now in two levels of instance eval'ing - the file is gradually being eval'd against the profile context anonymous class, and the current control's block is being instance eval'd against a control context anonymous class.
|
44
|
-
|
45
|
-
At this stage, control-level metadata (impact, title, refs, tags, desc) are evaluated and set as instance vars on the control.
|
46
|
-
|
47
|
-
Any "loose" ruby in the control is also executed at this point.
|
48
|
-
|
49
|
-
And, the describe and describe.one blocks are executed.
|
50
|
-
|
51
|
-
### TODO: describe blocks are *not* instance-evaled
|
52
|
-
|
53
|
-
### The control is registered with the profile
|
54
|
-
|
55
|
-
Using the method register_control (dynamically defined on the control eval context), we check for various skip conditions. If none of them apply, the control is then registered with the profile context using register_rule.
|
56
|
-
|
57
|
-
ProfileContext.register_rule's main job is to determine the full ID of the control (within the context of the profile) and either add it to the controls list, or (if another control with the same ID exists), merge it. (This is where overriding happens).
|
58
|
-
|
59
|
-
Note: can skip a control with:
|
60
|
-
Inspec::Rule.set_skip_rule(control, msg)
|
61
|
-
|
62
|
-
## What else?
|