inspec 2.3.10 → 2.3.23

Sign up to get free protection for your applications and to get access to all the features.
Files changed (271) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +34 -13
  3. data/etc/plugin_filters.json +25 -0
  4. data/inspec.gemspec +3 -3
  5. data/lib/bundles/inspec-compliance/api.rb +3 -0
  6. data/lib/bundles/inspec-compliance/configuration.rb +3 -0
  7. data/lib/bundles/inspec-compliance/http.rb +3 -0
  8. data/lib/bundles/inspec-compliance/support.rb +3 -0
  9. data/lib/bundles/inspec-compliance/target.rb +3 -0
  10. data/lib/inspec/objects/attribute.rb +3 -0
  11. data/lib/inspec/plugin/v2.rb +3 -0
  12. data/lib/inspec/plugin/v2/filter.rb +62 -0
  13. data/lib/inspec/plugin/v2/installer.rb +21 -1
  14. data/lib/inspec/plugin/v2/loader.rb +4 -0
  15. data/lib/inspec/profile.rb +3 -1
  16. data/lib/inspec/version.rb +1 -1
  17. data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +25 -3
  18. data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +65 -11
  19. data/lib/plugins/inspec-plugin-manager-cli/test/unit/cli_args_test.rb +5 -1
  20. data/lib/resources/package.rb +1 -1
  21. metadata +5 -253
  22. data/MAINTAINERS.toml +0 -52
  23. data/docs/.gitignore +0 -2
  24. data/docs/README.md +0 -41
  25. data/docs/dev/control-eval.md +0 -62
  26. data/docs/dev/filtertable-internals.md +0 -353
  27. data/docs/dev/filtertable-usage.md +0 -533
  28. data/docs/dev/integration-testing.md +0 -31
  29. data/docs/dev/plugins.md +0 -323
  30. data/docs/dsl_inspec.md +0 -354
  31. data/docs/dsl_resource.md +0 -100
  32. data/docs/glossary.md +0 -381
  33. data/docs/habitat.md +0 -193
  34. data/docs/inspec_and_friends.md +0 -114
  35. data/docs/matchers.md +0 -161
  36. data/docs/migration.md +0 -293
  37. data/docs/platforms.md +0 -119
  38. data/docs/plugin_kitchen_inspec.md +0 -60
  39. data/docs/plugins.md +0 -57
  40. data/docs/profiles.md +0 -576
  41. data/docs/reporters.md +0 -170
  42. data/docs/resources/aide_conf.md.erb +0 -86
  43. data/docs/resources/apache.md.erb +0 -77
  44. data/docs/resources/apache_conf.md.erb +0 -78
  45. data/docs/resources/apt.md.erb +0 -81
  46. data/docs/resources/audit_policy.md.erb +0 -57
  47. data/docs/resources/auditd.md.erb +0 -89
  48. data/docs/resources/auditd_conf.md.erb +0 -78
  49. data/docs/resources/aws_cloudtrail_trail.md.erb +0 -165
  50. data/docs/resources/aws_cloudtrail_trails.md.erb +0 -96
  51. data/docs/resources/aws_cloudwatch_alarm.md.erb +0 -101
  52. data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +0 -164
  53. data/docs/resources/aws_config_delivery_channel.md.erb +0 -111
  54. data/docs/resources/aws_config_recorder.md.erb +0 -96
  55. data/docs/resources/aws_ebs_volume.md.erb +0 -76
  56. data/docs/resources/aws_ebs_volumes.md.erb +0 -86
  57. data/docs/resources/aws_ec2_instance.md.erb +0 -122
  58. data/docs/resources/aws_ec2_instances.md.erb +0 -89
  59. data/docs/resources/aws_elb.md.erb +0 -154
  60. data/docs/resources/aws_elbs.md.erb +0 -252
  61. data/docs/resources/aws_flow_log.md.erb +0 -128
  62. data/docs/resources/aws_iam_access_key.md.erb +0 -139
  63. data/docs/resources/aws_iam_access_keys.md.erb +0 -214
  64. data/docs/resources/aws_iam_group.md.erb +0 -74
  65. data/docs/resources/aws_iam_groups.md.erb +0 -92
  66. data/docs/resources/aws_iam_password_policy.md.erb +0 -92
  67. data/docs/resources/aws_iam_policies.md.erb +0 -97
  68. data/docs/resources/aws_iam_policy.md.erb +0 -264
  69. data/docs/resources/aws_iam_role.md.erb +0 -79
  70. data/docs/resources/aws_iam_root_user.md.erb +0 -86
  71. data/docs/resources/aws_iam_user.md.erb +0 -130
  72. data/docs/resources/aws_iam_users.md.erb +0 -289
  73. data/docs/resources/aws_kms_key.md.erb +0 -187
  74. data/docs/resources/aws_kms_keys.md.erb +0 -99
  75. data/docs/resources/aws_rds_instance.md.erb +0 -76
  76. data/docs/resources/aws_route_table.md.erb +0 -63
  77. data/docs/resources/aws_route_tables.md.erb +0 -65
  78. data/docs/resources/aws_s3_bucket.md.erb +0 -156
  79. data/docs/resources/aws_s3_bucket_object.md.erb +0 -99
  80. data/docs/resources/aws_s3_buckets.md.erb +0 -69
  81. data/docs/resources/aws_security_group.md.erb +0 -323
  82. data/docs/resources/aws_security_groups.md.erb +0 -107
  83. data/docs/resources/aws_sns_subscription.md.erb +0 -140
  84. data/docs/resources/aws_sns_topic.md.erb +0 -79
  85. data/docs/resources/aws_sns_topics.md.erb +0 -68
  86. data/docs/resources/aws_subnet.md.erb +0 -150
  87. data/docs/resources/aws_subnets.md.erb +0 -142
  88. data/docs/resources/aws_vpc.md.erb +0 -135
  89. data/docs/resources/aws_vpcs.md.erb +0 -135
  90. data/docs/resources/azure_generic_resource.md.erb +0 -183
  91. data/docs/resources/azure_resource_group.md.erb +0 -294
  92. data/docs/resources/azure_virtual_machine.md.erb +0 -357
  93. data/docs/resources/azure_virtual_machine_data_disk.md.erb +0 -234
  94. data/docs/resources/bash.md.erb +0 -85
  95. data/docs/resources/bond.md.erb +0 -100
  96. data/docs/resources/bridge.md.erb +0 -67
  97. data/docs/resources/bsd_service.md.erb +0 -77
  98. data/docs/resources/chocolatey_package.md.erb +0 -68
  99. data/docs/resources/command.md.erb +0 -176
  100. data/docs/resources/cpan.md.erb +0 -89
  101. data/docs/resources/cran.md.erb +0 -74
  102. data/docs/resources/crontab.md.erb +0 -103
  103. data/docs/resources/csv.md.erb +0 -64
  104. data/docs/resources/dh_params.md.erb +0 -221
  105. data/docs/resources/directory.md.erb +0 -40
  106. data/docs/resources/docker.md.erb +0 -240
  107. data/docs/resources/docker_container.md.erb +0 -113
  108. data/docs/resources/docker_image.md.erb +0 -104
  109. data/docs/resources/docker_plugin.md.erb +0 -80
  110. data/docs/resources/docker_service.md.erb +0 -124
  111. data/docs/resources/elasticsearch.md.erb +0 -252
  112. data/docs/resources/etc_fstab.md.erb +0 -135
  113. data/docs/resources/etc_group.md.erb +0 -85
  114. data/docs/resources/etc_hosts.md.erb +0 -88
  115. data/docs/resources/etc_hosts_allow.md.erb +0 -84
  116. data/docs/resources/etc_hosts_deny.md.erb +0 -84
  117. data/docs/resources/file.md.erb +0 -543
  118. data/docs/resources/filesystem.md.erb +0 -51
  119. data/docs/resources/firewalld.md.erb +0 -117
  120. data/docs/resources/gem.md.erb +0 -108
  121. data/docs/resources/group.md.erb +0 -71
  122. data/docs/resources/grub_conf.md.erb +0 -111
  123. data/docs/resources/host.md.erb +0 -96
  124. data/docs/resources/http.md.erb +0 -207
  125. data/docs/resources/iis_app.md.erb +0 -132
  126. data/docs/resources/iis_site.md.erb +0 -145
  127. data/docs/resources/inetd_conf.md.erb +0 -104
  128. data/docs/resources/ini.md.erb +0 -86
  129. data/docs/resources/interface.md.erb +0 -68
  130. data/docs/resources/iptables.md.erb +0 -74
  131. data/docs/resources/json.md.erb +0 -73
  132. data/docs/resources/kernel_module.md.erb +0 -130
  133. data/docs/resources/kernel_parameter.md.erb +0 -63
  134. data/docs/resources/key_rsa.md.erb +0 -95
  135. data/docs/resources/launchd_service.md.erb +0 -67
  136. data/docs/resources/limits_conf.md.erb +0 -85
  137. data/docs/resources/login_defs.md.erb +0 -81
  138. data/docs/resources/mount.md.erb +0 -79
  139. data/docs/resources/mssql_session.md.erb +0 -78
  140. data/docs/resources/mysql_conf.md.erb +0 -109
  141. data/docs/resources/mysql_session.md.erb +0 -84
  142. data/docs/resources/nginx.md.erb +0 -89
  143. data/docs/resources/nginx_conf.md.erb +0 -148
  144. data/docs/resources/npm.md.erb +0 -78
  145. data/docs/resources/ntp_conf.md.erb +0 -70
  146. data/docs/resources/oneget.md.erb +0 -63
  147. data/docs/resources/oracledb_session.md.erb +0 -103
  148. data/docs/resources/os.md.erb +0 -153
  149. data/docs/resources/os_env.md.erb +0 -101
  150. data/docs/resources/package.md.erb +0 -130
  151. data/docs/resources/packages.md.erb +0 -77
  152. data/docs/resources/parse_config.md.erb +0 -113
  153. data/docs/resources/parse_config_file.md.erb +0 -148
  154. data/docs/resources/passwd.md.erb +0 -151
  155. data/docs/resources/pip.md.erb +0 -77
  156. data/docs/resources/port.md.erb +0 -147
  157. data/docs/resources/postgres_conf.md.erb +0 -89
  158. data/docs/resources/postgres_hba_conf.md.erb +0 -103
  159. data/docs/resources/postgres_ident_conf.md.erb +0 -86
  160. data/docs/resources/postgres_session.md.erb +0 -79
  161. data/docs/resources/powershell.md.erb +0 -112
  162. data/docs/resources/processes.md.erb +0 -119
  163. data/docs/resources/rabbitmq_config.md.erb +0 -51
  164. data/docs/resources/registry_key.md.erb +0 -197
  165. data/docs/resources/runit_service.md.erb +0 -67
  166. data/docs/resources/security_policy.md.erb +0 -57
  167. data/docs/resources/service.md.erb +0 -131
  168. data/docs/resources/shadow.md.erb +0 -267
  169. data/docs/resources/ssh_config.md.erb +0 -83
  170. data/docs/resources/sshd_config.md.erb +0 -93
  171. data/docs/resources/ssl.md.erb +0 -129
  172. data/docs/resources/sys_info.md.erb +0 -52
  173. data/docs/resources/systemd_service.md.erb +0 -67
  174. data/docs/resources/sysv_service.md.erb +0 -67
  175. data/docs/resources/upstart_service.md.erb +0 -67
  176. data/docs/resources/user.md.erb +0 -150
  177. data/docs/resources/users.md.erb +0 -137
  178. data/docs/resources/vbscript.md.erb +0 -65
  179. data/docs/resources/virtualization.md.erb +0 -67
  180. data/docs/resources/windows_feature.md.erb +0 -69
  181. data/docs/resources/windows_hotfix.md.erb +0 -63
  182. data/docs/resources/windows_task.md.erb +0 -95
  183. data/docs/resources/wmi.md.erb +0 -91
  184. data/docs/resources/x509_certificate.md.erb +0 -161
  185. data/docs/resources/xinetd_conf.md.erb +0 -166
  186. data/docs/resources/xml.md.erb +0 -95
  187. data/docs/resources/yaml.md.erb +0 -79
  188. data/docs/resources/yum.md.erb +0 -108
  189. data/docs/resources/zfs_dataset.md.erb +0 -63
  190. data/docs/resources/zfs_pool.md.erb +0 -57
  191. data/docs/shared/matcher_be.md.erb +0 -1
  192. data/docs/shared/matcher_cmp.md.erb +0 -43
  193. data/docs/shared/matcher_eq.md.erb +0 -3
  194. data/docs/shared/matcher_include.md.erb +0 -1
  195. data/docs/shared/matcher_match.md.erb +0 -1
  196. data/docs/shell.md +0 -217
  197. data/docs/style.md +0 -178
  198. data/examples/README.md +0 -8
  199. data/examples/custom-resource/README.md +0 -3
  200. data/examples/custom-resource/controls/example.rb +0 -7
  201. data/examples/custom-resource/inspec.yml +0 -8
  202. data/examples/custom-resource/libraries/batsignal.rb +0 -20
  203. data/examples/custom-resource/libraries/gordon.rb +0 -21
  204. data/examples/inheritance/README.md +0 -65
  205. data/examples/inheritance/controls/example.rb +0 -14
  206. data/examples/inheritance/inspec.yml +0 -16
  207. data/examples/kitchen-ansible/.kitchen.yml +0 -25
  208. data/examples/kitchen-ansible/Gemfile +0 -19
  209. data/examples/kitchen-ansible/README.md +0 -53
  210. data/examples/kitchen-ansible/files/nginx.repo +0 -6
  211. data/examples/kitchen-ansible/tasks/main.yml +0 -16
  212. data/examples/kitchen-ansible/test/integration/default/default.yml +0 -5
  213. data/examples/kitchen-ansible/test/integration/default/web_spec.rb +0 -28
  214. data/examples/kitchen-chef/.kitchen.yml +0 -20
  215. data/examples/kitchen-chef/Berksfile +0 -3
  216. data/examples/kitchen-chef/Gemfile +0 -19
  217. data/examples/kitchen-chef/README.md +0 -27
  218. data/examples/kitchen-chef/metadata.rb +0 -7
  219. data/examples/kitchen-chef/recipes/default.rb +0 -6
  220. data/examples/kitchen-chef/recipes/nginx.rb +0 -30
  221. data/examples/kitchen-chef/test/integration/default/web_spec.rb +0 -28
  222. data/examples/kitchen-puppet/.kitchen.yml +0 -23
  223. data/examples/kitchen-puppet/Gemfile +0 -20
  224. data/examples/kitchen-puppet/Puppetfile +0 -25
  225. data/examples/kitchen-puppet/README.md +0 -53
  226. data/examples/kitchen-puppet/manifests/site.pp +0 -33
  227. data/examples/kitchen-puppet/metadata.json +0 -11
  228. data/examples/kitchen-puppet/modules/.gitkeep +0 -0
  229. data/examples/kitchen-puppet/test/integration/default/web_spec.rb +0 -28
  230. data/examples/meta-profile/README.md +0 -37
  231. data/examples/meta-profile/controls/example.rb +0 -13
  232. data/examples/meta-profile/inspec.yml +0 -13
  233. data/examples/plugins/inspec-resource-lister/Gemfile +0 -12
  234. data/examples/plugins/inspec-resource-lister/LICENSE +0 -13
  235. data/examples/plugins/inspec-resource-lister/README.md +0 -62
  236. data/examples/plugins/inspec-resource-lister/Rakefile +0 -40
  237. data/examples/plugins/inspec-resource-lister/inspec-resource-lister.gemspec +0 -45
  238. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister.rb +0 -16
  239. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/cli_command.rb +0 -70
  240. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/plugin.rb +0 -55
  241. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/version.rb +0 -10
  242. data/examples/plugins/inspec-resource-lister/test/fixtures/README.md +0 -24
  243. data/examples/plugins/inspec-resource-lister/test/functional/README.md +0 -18
  244. data/examples/plugins/inspec-resource-lister/test/functional/inspec_resource_lister_test.rb +0 -110
  245. data/examples/plugins/inspec-resource-lister/test/helper.rb +0 -26
  246. data/examples/plugins/inspec-resource-lister/test/unit/README.md +0 -17
  247. data/examples/plugins/inspec-resource-lister/test/unit/cli_args_test.rb +0 -64
  248. data/examples/plugins/inspec-resource-lister/test/unit/plugin_def_test.rb +0 -51
  249. data/examples/profile-attribute.yml +0 -2
  250. data/examples/profile-attribute/README.md +0 -14
  251. data/examples/profile-attribute/controls/example.rb +0 -11
  252. data/examples/profile-attribute/inspec.yml +0 -8
  253. data/examples/profile-aws/controls/iam_password_policy_expiration.rb +0 -8
  254. data/examples/profile-aws/controls/iam_password_policy_max_age.rb +0 -8
  255. data/examples/profile-aws/controls/iam_root_user_mfa.rb +0 -8
  256. data/examples/profile-aws/controls/iam_users_access_key_age.rb +0 -8
  257. data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +0 -8
  258. data/examples/profile-aws/inspec.yml +0 -11
  259. data/examples/profile-azure/controls/azure_resource_group_example.rb +0 -24
  260. data/examples/profile-azure/controls/azure_vm_example.rb +0 -29
  261. data/examples/profile-azure/inspec.yml +0 -11
  262. data/examples/profile-sensitive/README.md +0 -29
  263. data/examples/profile-sensitive/controls/sensitive-failures.rb +0 -9
  264. data/examples/profile-sensitive/controls/sensitive.rb +0 -9
  265. data/examples/profile-sensitive/inspec.yml +0 -8
  266. data/examples/profile/README.md +0 -48
  267. data/examples/profile/controls/example.rb +0 -24
  268. data/examples/profile/controls/gordon.rb +0 -36
  269. data/examples/profile/controls/meta.rb +0 -36
  270. data/examples/profile/inspec.yml +0 -11
  271. data/examples/profile/libraries/gordon_config.rb +0 -59
data/docs/style.md DELETED
@@ -1,178 +0,0 @@
1
- # InSpec profile style guide
2
-
3
- This is a set of recommended InSpec rules you should use when writing controls.
4
-
5
- ## Control files
6
-
7
- ### 1. All controls should be located in the "controls" directory and end in ".rb"
8
-
9
- Reason: Most syntax highlighters will render InSpec files correctly across a wide list of tools.
10
-
11
- Avoid: `controls/ssh_config`
12
- Use: `controls/ssh_config.rb`
13
-
14
- Avoid: `controls/ssh/config.rb`
15
- Use: `controls/ssh_config.rb`
16
-
17
- ### 2. Avoid using "controls" or "control" in the name of your control files
18
-
19
- Reason: Using `controls` in the filename again duplicates it and creates unnecessary clutter when reading it. Keep the names short and concise.
20
-
21
- Avoid: `controls/ssh_controls.rb`
22
- Use: `controls/ssh.rb`
23
-
24
-
25
- ## Code style
26
-
27
- ### 3. Avoid unnecessary parentheses in matchers
28
-
29
- Adding additional parentheses is not required and provides more readability if it is not used:
30
-
31
- Avoid: `it { should eq(value) }`
32
- Use: `it { should eq value }`
33
-
34
- The exception are matchers that require additional arguments or named arguments.
35
-
36
-
37
- ## Controls
38
-
39
- ### 4. Do not wrap controls in conditional statements
40
-
41
- Reason: This will create dynamic profiles whose controls depend on the execution. The problem here is that we cannot render the profile or provide its information before scanning a system. We want to be able to inform users of the contents of their profiles before they run them. It is valid to skip controls that are not necessary for a system, as long as you do it via `only_if` conditions. Ruby's internal conditionals will hide parts of the profile to static analysis and should thus be avoided.
42
-
43
- Avoid:
44
- ```ruby
45
- if package('..').installed?
46
- control "package-test1" do
47
- ..
48
- end
49
- end
50
- ```
51
-
52
- Use:
53
- ```ruby
54
- control "package-test1" do
55
- only_if { package('..').installed? }
56
- end
57
- ```
58
-
59
- Avoid:
60
- ```ruby
61
- case inspec.platform.name
62
- when /centos/
63
- include_controls 'centos-profile'
64
- ...
65
- ```
66
-
67
- Use: The `supports` attribute in `inspec.yml` files of the profile you want to include:
68
-
69
- ```ruby
70
- supports:
71
- - platform-name: centos
72
- ```
73
-
74
- Now whenever you run the base profile you can just `include_controls 'centos-profile'`.
75
- It will only run the included profiles is the platform matches the supported platform.
76
-
77
-
78
- ### 5. Do not include dynamic elements in the control IDs
79
-
80
- Reason: Control IDs are used to map test results to the tests and profiles. Dynamic control IDs make it impossible to map results back, since the identifier which connects tests and results may change in the process.
81
-
82
- Avoid:
83
- ```ruby
84
- control "test-file-#{name}" do
85
- ..
86
- end
87
- ```
88
-
89
- Use:
90
- ```ruby
91
- control "test-all-files" do
92
- ..
93
- end
94
- ```
95
-
96
- Sometimes you may create controls from a static list of elements. If this list stays the same no matter what system is scanned, it may be ok to do so and use it as a generator for static controls.
97
-
98
-
99
- ### 6. Avoid Ruby system calls
100
-
101
- Reason: Ruby code is executed on the system that runs InSpec. This allows
102
- InSpec to work without Ruby and rubygems being required on remote
103
- targets (servers or containers). System calls are often used to interact with
104
- the local OS or remote endpoints from a local installation.
105
- InSpec tests, however, are designed to be universally executable on all
106
- types of runtimes, including local and remote execution. We want to give
107
- users the ability to take an OS profile and execute it remotely or locally.
108
-
109
- **Avoid shelling out**
110
-
111
- Avoid: `` `ls``\`
112
- Avoid: `system("ls")`
113
- Avoid: `IO.popen("ls")`
114
- Use: `command("ls")` or `powershell("..")`
115
-
116
- Ruby's command executors will only run localy. Imagine a test like this:
117
-
118
- ```ruby
119
- describe `whoami` do
120
- it { should eq "bob\n" }
121
- end
122
- ```
123
-
124
- If you run this test on your local system and happen to be using Bob's account
125
- it will succeed. But if you were to run it against `--target alice@remote-host.com`
126
- it will still report that the user is bob instead of alice.
127
-
128
- Instead, do this:
129
-
130
- ```ruby
131
- describe command('whoami') do
132
- its('stdout') { should eq "bob\n" }
133
- end
134
- ```
135
-
136
- If the profile is pointed to a remote endpoint using the `command` resource
137
- will run it on the remote OS.
138
-
139
- **Avoid Ruby IO on files**
140
-
141
- Avoid: `File.new("filename").read`
142
- Avoid: `File.read("filename")`
143
- Avoid: `IO.read("filename")`
144
- Use: `file("filename")`
145
-
146
- Similar to the command interactions these files will only be read localy
147
- with Ruby's internal calls. If you run this test against a remote target it won't
148
- read the file from the remote endpoint, but from the local OS instead.
149
- Use the `file` resource to read files on the target system.
150
-
151
- In general, try to avoid Ruby's IO calls from within InSpec controls and
152
- use InSpec resources instead.
153
-
154
-
155
- ### 7. Avoid Ruby gem dependencies in controls
156
-
157
- In addition to avoiding system-level gems and modules you should also limit
158
- the use of external dependencies to resource packs or plugins. Gems need to be
159
- resolved, installed, vendored, and protected from conflicts. We aim to avoid
160
- exposing this complexity to users of InSpec, to make it a great tool even if
161
- you are not a developer.
162
-
163
- Developers may still use external gem dependencies but should vendor it
164
- with their plugins or resource packs.
165
-
166
-
167
- ### 8. Avoid debugging calls (in production)
168
-
169
- Reason: One of the best way to develop and explore tests is the interactive debugging shell `pry` (see the section on "Interactive Debugging with Pry" at the end of this page). However, after you finish your profile make sure you have no interactive statements included anymore. Sometimes interactive calls are hidden behind conditionals (`if` statements) that are harder to reach. These calls can easily cause trouble when an automated profiles runs into an interactive `pry` call that stops the execution and waits for user input.
170
-
171
- Avoid: `binding.pry` in production profiles
172
- Use: Use debugging calls during development only
173
-
174
- Also you may find it helpful to use the inspec logging interface:
175
-
176
- ```ruby
177
- Inspec::Log.info('Hi')
178
- ```
data/examples/README.md DELETED
@@ -1,8 +0,0 @@
1
- # InSpec examples
2
-
3
- This directory contains multiple examples that explain the usage of the InSpec:
4
-
5
- - `kitchen-chef` Test-Kitchen with [Chef and InSpec](kitchen-chef/README.md)
6
- - `kitchen-puppet` Test-Kitchen with [Puppet and InSpec](kitchen-puppet/README.md)
7
- - `kitchen-ansible` Test-Kitchen with [Ansible and InSpec](kitchen-ansible/README.md)
8
- - `profile` Example of an InSpec profile
@@ -1,3 +0,0 @@
1
- # Example Custom Resource Profile
2
-
3
- This example shows the implementation of an InSpec profile with custom resources.
@@ -1,7 +0,0 @@
1
- # encoding: utf-8
2
-
3
- describe gordon do
4
- its('crime_rate') { should be < 5 }
5
- it { should have_a_fabulous_mustache }
6
- end
7
-
@@ -1,8 +0,0 @@
1
- name: custom_resource_example
2
- title: InSpec Profile
3
- maintainer: The Authors
4
- copyright: The Authors
5
- copyright_email: you@example.com
6
- license: Apache-2.0
7
- summary: An InSpec Compliance Profile
8
- version: 0.1.0
@@ -1,20 +0,0 @@
1
- class Batsignal < Inspec.resource(1)
2
- name 'batsignal'
3
-
4
- example "
5
- describe batsignal do
6
- its('number_of_sightings)') { should eq '4' }
7
- end
8
- "
9
-
10
- def number_of_sightings
11
- local_command_call
12
- end
13
-
14
- private
15
-
16
- def local_command_call
17
- # call out to a core resource
18
- inspec.command('echo 4').stdout.to_i
19
- end
20
- end
@@ -1,21 +0,0 @@
1
- class Gordon < Inspec.resource(1)
2
- name 'gordon'
3
-
4
- example "
5
- describe gordon do
6
- its('crime_rate') { should be < 2 }
7
- it { should have_a_fabulous_mustache }
8
- end
9
- "
10
-
11
- def crime_rate
12
- # call out ot another custom resource
13
- inspec.batsignal.number_of_sightings
14
- end
15
-
16
- def has_a_fabulous_mustache?
17
- # always true
18
- true
19
- end
20
- end
21
-
@@ -1,65 +0,0 @@
1
- # Example InSpec Profile
2
-
3
- This example shows the use of InSpec [profile](../../docs/profiles.rst) inheritance.
4
-
5
- ## Verify a profile
6
-
7
- InSpec ships with built-in features to verify a profile structure.
8
-
9
- ```bash
10
- $ inspec check examples/inheritance
11
- ```
12
-
13
- ## Execute a profile
14
-
15
- To run a profile on a local machine use `inspec exec /path/to/profile`. All dependencies are automatically resolved.
16
-
17
- ```bash
18
- $ inspec exec examples/inheritance
19
- ```
20
-
21
- ## Set attributes for dependent profiles
22
-
23
- Without setting attributes, an `inspec exec` would return the following:
24
-
25
- ```
26
- $ inspec git:(master) ✗ b inspec exec examples/inheritance
27
-
28
- Profile: InSpec example inheritance (inheritance)
29
- Version: 1.0.0
30
- Target: local://
31
-
32
-
33
- ○ gordon-1.0: Verify the version number of Gordon (1 skipped)
34
- ○ Can't find file "/tmp/gordon/config.yaml"
35
- ✔ File content should match nil
36
- ✔ ssh-1: Allow only SSH Protocol 2
37
- ✔ File /bin/sh should be owned by "root"
38
-
39
- File /tmp
40
- ✔ should be directory
41
- alice should
42
- ✖ eq "bob"
43
-
44
- expected: "bob"
45
- got: "alice"
46
-
47
- (compared using ==)
48
-
49
- should eq
50
- ✖ "secret"
51
-
52
- expected: "secret"
53
- got: nil
54
-
55
- (compared using ==)
56
-
57
-
58
- Test Summary: 3 successful, 2 failures, 1 skipped
59
- ```
60
-
61
- To pass in attributes, just call:
62
-
63
- ```
64
- $ inspec exec examples/inheritance --attrs examples/profile-attribute.yml
65
- ```
@@ -1,14 +0,0 @@
1
- # encoding: utf-8
2
- # copyright: 2016, Chef Software, Inc.
3
-
4
- # manipulate controls of `profile`
5
- include_controls 'profile' do
6
- skip_control 'tmp-1.0'
7
-
8
- control 'gordon-1.0' do
9
- impact 0.0
10
- end
11
- end
12
-
13
- # load all controls of `profile-attribute`
14
- include_controls 'profile-attribute'
@@ -1,16 +0,0 @@
1
- name: inheritance
2
- title: InSpec example inheritance
3
- maintainer: Chef Software, Inc.
4
- copyright: Chef Software, Inc.
5
- copyright_email: support@chef.io
6
- license: Apache-2.0
7
- summary: Demonstrates the use of InSpec profile inheritance
8
- version: 1.0.0
9
- supports:
10
- - platform-family: unix
11
- - platform-family: windows
12
- depends:
13
- - name: profile
14
- path: ../profile
15
- - name: profile-attribute
16
- path: ../profile-attribute
@@ -1,25 +0,0 @@
1
- ---
2
- driver:
3
- name: vagrant
4
-
5
- provisioner:
6
- hosts: webservers
7
- name: ansible_playbook
8
- # Use el7 epel repo instead of the default el6
9
- ansible_yum_repo: "https://download.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm"
10
- require_chef_for_busser: false
11
- require_ruby_for_busser: false
12
- ansible_verbosity: 2
13
- ansible_verbose: true
14
- # starting playbook is at: test/integration/default/default.yml
15
-
16
- verifier:
17
- name: inspec
18
-
19
- platforms:
20
- - name: centos-7.1
21
- - name: ubuntu-12.04
22
- - name: ubuntu-14.04
23
-
24
- suites:
25
- - name: default
@@ -1,19 +0,0 @@
1
- # encoding: utf-8
2
- source 'https://rubygems.org'
3
-
4
- gem 'inspec', path: '../../.'
5
-
6
- group :test do
7
- gem 'bundler', '~> 1.5'
8
- gem 'minitest', '~> 5.5'
9
- gem 'rake', '~> 10'
10
- gem 'simplecov', '~> 0.10'
11
- end
12
-
13
- group :integration do
14
- gem 'test-kitchen', '~> 1.4'
15
- gem 'kitchen-ansible'
16
- gem 'kitchen-vagrant'
17
- gem 'kitchen-inspec'
18
- gem 'concurrent-ruby', '~> 1.0'
19
- end
@@ -1,53 +0,0 @@
1
- # Test-Kitchen - InSpec with Ansible Example
2
-
3
- This example demonstrates a complete roundtrip via [Test-Kitchen](http://kitchen.ci/).
4
-
5
- ```bash
6
- # install all dependencies
7
- $ bundle install
8
- # show all available tests
9
- $ bundle exec kitchen list
10
- Instance Driver Provisioner Verifier Transport Last Action
11
- default-centos-71 Vagrant AnsiblePlaybook Inspec Ssh <Not Created>
12
- default-ubuntu-1204 Vagrant AnsiblePlaybook Inspec Ssh <Not Created>
13
- default-ubuntu-1404 Vagrant AnsiblePlaybook Inspec Ssh <Not Created>
14
-
15
- # Now we are ready to run a complete test
16
- $ bundle exec kitchen test default-ubuntu-1404
17
- -----> Starting Kitchen (v1.4.2)
18
- -----> Cleaning up any prior instances of <default-ubuntu-1404>
19
- -----> Destroying <default-ubuntu-1404>...
20
- Finished destroying <default-ubuntu-1404> (0m0.00s).
21
- -----> Testing <default-ubuntu-1404>
22
- -----> Creating <default-ubuntu-1404>...
23
- Bringing machine 'default' up with 'virtualbox' provider...
24
- ==> default: Importing base box 'opscode-ubuntu-14.04'...
25
-
26
- ...
27
-
28
- Vagrant instance <default-ubuntu-1404> created.
29
- Finished creating <default-ubuntu-1404> (0m37.51s).
30
- -----> Converging <default-ubuntu-1404>...
31
- Preparing files for transfer
32
- Preparing playbook
33
-
34
- ...
35
-
36
- Finished converging <default-ubuntu-1404> (1m14.53s).
37
- -----> Setting up <default-ubuntu-1404>...
38
- Finished setting up <default-ubuntu-1404> (0m0.00s).
39
- -----> Verifying <default-ubuntu-1404>...
40
- .....
41
-
42
- Finished in 0.08796 seconds (files took 1 minute 52.3 seconds to load)
43
- 5 examples, 0 failures
44
-
45
- Finished verifying <default-ubuntu-1404> (0m0.27s).
46
- -----> Destroying <default-ubuntu-1404>...
47
- ==> default: Forcing shutdown of VM...
48
- ==> default: Destroying VM and associated drives...
49
- Vagrant instance <default-ubuntu-1404> destroyed.
50
- Finished destroying <default-ubuntu-1404> (0m4.41s).
51
- Finished testing <default-ubuntu-1404> (1m56.73s).
52
- -----> Kitchen is finished. (1m57.06s)
53
- ```