inspec 2.3.10 → 2.3.23

Sign up to get free protection for your applications and to get access to all the features.
Files changed (271) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +34 -13
  3. data/etc/plugin_filters.json +25 -0
  4. data/inspec.gemspec +3 -3
  5. data/lib/bundles/inspec-compliance/api.rb +3 -0
  6. data/lib/bundles/inspec-compliance/configuration.rb +3 -0
  7. data/lib/bundles/inspec-compliance/http.rb +3 -0
  8. data/lib/bundles/inspec-compliance/support.rb +3 -0
  9. data/lib/bundles/inspec-compliance/target.rb +3 -0
  10. data/lib/inspec/objects/attribute.rb +3 -0
  11. data/lib/inspec/plugin/v2.rb +3 -0
  12. data/lib/inspec/plugin/v2/filter.rb +62 -0
  13. data/lib/inspec/plugin/v2/installer.rb +21 -1
  14. data/lib/inspec/plugin/v2/loader.rb +4 -0
  15. data/lib/inspec/profile.rb +3 -1
  16. data/lib/inspec/version.rb +1 -1
  17. data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +25 -3
  18. data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +65 -11
  19. data/lib/plugins/inspec-plugin-manager-cli/test/unit/cli_args_test.rb +5 -1
  20. data/lib/resources/package.rb +1 -1
  21. metadata +5 -253
  22. data/MAINTAINERS.toml +0 -52
  23. data/docs/.gitignore +0 -2
  24. data/docs/README.md +0 -41
  25. data/docs/dev/control-eval.md +0 -62
  26. data/docs/dev/filtertable-internals.md +0 -353
  27. data/docs/dev/filtertable-usage.md +0 -533
  28. data/docs/dev/integration-testing.md +0 -31
  29. data/docs/dev/plugins.md +0 -323
  30. data/docs/dsl_inspec.md +0 -354
  31. data/docs/dsl_resource.md +0 -100
  32. data/docs/glossary.md +0 -381
  33. data/docs/habitat.md +0 -193
  34. data/docs/inspec_and_friends.md +0 -114
  35. data/docs/matchers.md +0 -161
  36. data/docs/migration.md +0 -293
  37. data/docs/platforms.md +0 -119
  38. data/docs/plugin_kitchen_inspec.md +0 -60
  39. data/docs/plugins.md +0 -57
  40. data/docs/profiles.md +0 -576
  41. data/docs/reporters.md +0 -170
  42. data/docs/resources/aide_conf.md.erb +0 -86
  43. data/docs/resources/apache.md.erb +0 -77
  44. data/docs/resources/apache_conf.md.erb +0 -78
  45. data/docs/resources/apt.md.erb +0 -81
  46. data/docs/resources/audit_policy.md.erb +0 -57
  47. data/docs/resources/auditd.md.erb +0 -89
  48. data/docs/resources/auditd_conf.md.erb +0 -78
  49. data/docs/resources/aws_cloudtrail_trail.md.erb +0 -165
  50. data/docs/resources/aws_cloudtrail_trails.md.erb +0 -96
  51. data/docs/resources/aws_cloudwatch_alarm.md.erb +0 -101
  52. data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +0 -164
  53. data/docs/resources/aws_config_delivery_channel.md.erb +0 -111
  54. data/docs/resources/aws_config_recorder.md.erb +0 -96
  55. data/docs/resources/aws_ebs_volume.md.erb +0 -76
  56. data/docs/resources/aws_ebs_volumes.md.erb +0 -86
  57. data/docs/resources/aws_ec2_instance.md.erb +0 -122
  58. data/docs/resources/aws_ec2_instances.md.erb +0 -89
  59. data/docs/resources/aws_elb.md.erb +0 -154
  60. data/docs/resources/aws_elbs.md.erb +0 -252
  61. data/docs/resources/aws_flow_log.md.erb +0 -128
  62. data/docs/resources/aws_iam_access_key.md.erb +0 -139
  63. data/docs/resources/aws_iam_access_keys.md.erb +0 -214
  64. data/docs/resources/aws_iam_group.md.erb +0 -74
  65. data/docs/resources/aws_iam_groups.md.erb +0 -92
  66. data/docs/resources/aws_iam_password_policy.md.erb +0 -92
  67. data/docs/resources/aws_iam_policies.md.erb +0 -97
  68. data/docs/resources/aws_iam_policy.md.erb +0 -264
  69. data/docs/resources/aws_iam_role.md.erb +0 -79
  70. data/docs/resources/aws_iam_root_user.md.erb +0 -86
  71. data/docs/resources/aws_iam_user.md.erb +0 -130
  72. data/docs/resources/aws_iam_users.md.erb +0 -289
  73. data/docs/resources/aws_kms_key.md.erb +0 -187
  74. data/docs/resources/aws_kms_keys.md.erb +0 -99
  75. data/docs/resources/aws_rds_instance.md.erb +0 -76
  76. data/docs/resources/aws_route_table.md.erb +0 -63
  77. data/docs/resources/aws_route_tables.md.erb +0 -65
  78. data/docs/resources/aws_s3_bucket.md.erb +0 -156
  79. data/docs/resources/aws_s3_bucket_object.md.erb +0 -99
  80. data/docs/resources/aws_s3_buckets.md.erb +0 -69
  81. data/docs/resources/aws_security_group.md.erb +0 -323
  82. data/docs/resources/aws_security_groups.md.erb +0 -107
  83. data/docs/resources/aws_sns_subscription.md.erb +0 -140
  84. data/docs/resources/aws_sns_topic.md.erb +0 -79
  85. data/docs/resources/aws_sns_topics.md.erb +0 -68
  86. data/docs/resources/aws_subnet.md.erb +0 -150
  87. data/docs/resources/aws_subnets.md.erb +0 -142
  88. data/docs/resources/aws_vpc.md.erb +0 -135
  89. data/docs/resources/aws_vpcs.md.erb +0 -135
  90. data/docs/resources/azure_generic_resource.md.erb +0 -183
  91. data/docs/resources/azure_resource_group.md.erb +0 -294
  92. data/docs/resources/azure_virtual_machine.md.erb +0 -357
  93. data/docs/resources/azure_virtual_machine_data_disk.md.erb +0 -234
  94. data/docs/resources/bash.md.erb +0 -85
  95. data/docs/resources/bond.md.erb +0 -100
  96. data/docs/resources/bridge.md.erb +0 -67
  97. data/docs/resources/bsd_service.md.erb +0 -77
  98. data/docs/resources/chocolatey_package.md.erb +0 -68
  99. data/docs/resources/command.md.erb +0 -176
  100. data/docs/resources/cpan.md.erb +0 -89
  101. data/docs/resources/cran.md.erb +0 -74
  102. data/docs/resources/crontab.md.erb +0 -103
  103. data/docs/resources/csv.md.erb +0 -64
  104. data/docs/resources/dh_params.md.erb +0 -221
  105. data/docs/resources/directory.md.erb +0 -40
  106. data/docs/resources/docker.md.erb +0 -240
  107. data/docs/resources/docker_container.md.erb +0 -113
  108. data/docs/resources/docker_image.md.erb +0 -104
  109. data/docs/resources/docker_plugin.md.erb +0 -80
  110. data/docs/resources/docker_service.md.erb +0 -124
  111. data/docs/resources/elasticsearch.md.erb +0 -252
  112. data/docs/resources/etc_fstab.md.erb +0 -135
  113. data/docs/resources/etc_group.md.erb +0 -85
  114. data/docs/resources/etc_hosts.md.erb +0 -88
  115. data/docs/resources/etc_hosts_allow.md.erb +0 -84
  116. data/docs/resources/etc_hosts_deny.md.erb +0 -84
  117. data/docs/resources/file.md.erb +0 -543
  118. data/docs/resources/filesystem.md.erb +0 -51
  119. data/docs/resources/firewalld.md.erb +0 -117
  120. data/docs/resources/gem.md.erb +0 -108
  121. data/docs/resources/group.md.erb +0 -71
  122. data/docs/resources/grub_conf.md.erb +0 -111
  123. data/docs/resources/host.md.erb +0 -96
  124. data/docs/resources/http.md.erb +0 -207
  125. data/docs/resources/iis_app.md.erb +0 -132
  126. data/docs/resources/iis_site.md.erb +0 -145
  127. data/docs/resources/inetd_conf.md.erb +0 -104
  128. data/docs/resources/ini.md.erb +0 -86
  129. data/docs/resources/interface.md.erb +0 -68
  130. data/docs/resources/iptables.md.erb +0 -74
  131. data/docs/resources/json.md.erb +0 -73
  132. data/docs/resources/kernel_module.md.erb +0 -130
  133. data/docs/resources/kernel_parameter.md.erb +0 -63
  134. data/docs/resources/key_rsa.md.erb +0 -95
  135. data/docs/resources/launchd_service.md.erb +0 -67
  136. data/docs/resources/limits_conf.md.erb +0 -85
  137. data/docs/resources/login_defs.md.erb +0 -81
  138. data/docs/resources/mount.md.erb +0 -79
  139. data/docs/resources/mssql_session.md.erb +0 -78
  140. data/docs/resources/mysql_conf.md.erb +0 -109
  141. data/docs/resources/mysql_session.md.erb +0 -84
  142. data/docs/resources/nginx.md.erb +0 -89
  143. data/docs/resources/nginx_conf.md.erb +0 -148
  144. data/docs/resources/npm.md.erb +0 -78
  145. data/docs/resources/ntp_conf.md.erb +0 -70
  146. data/docs/resources/oneget.md.erb +0 -63
  147. data/docs/resources/oracledb_session.md.erb +0 -103
  148. data/docs/resources/os.md.erb +0 -153
  149. data/docs/resources/os_env.md.erb +0 -101
  150. data/docs/resources/package.md.erb +0 -130
  151. data/docs/resources/packages.md.erb +0 -77
  152. data/docs/resources/parse_config.md.erb +0 -113
  153. data/docs/resources/parse_config_file.md.erb +0 -148
  154. data/docs/resources/passwd.md.erb +0 -151
  155. data/docs/resources/pip.md.erb +0 -77
  156. data/docs/resources/port.md.erb +0 -147
  157. data/docs/resources/postgres_conf.md.erb +0 -89
  158. data/docs/resources/postgres_hba_conf.md.erb +0 -103
  159. data/docs/resources/postgres_ident_conf.md.erb +0 -86
  160. data/docs/resources/postgres_session.md.erb +0 -79
  161. data/docs/resources/powershell.md.erb +0 -112
  162. data/docs/resources/processes.md.erb +0 -119
  163. data/docs/resources/rabbitmq_config.md.erb +0 -51
  164. data/docs/resources/registry_key.md.erb +0 -197
  165. data/docs/resources/runit_service.md.erb +0 -67
  166. data/docs/resources/security_policy.md.erb +0 -57
  167. data/docs/resources/service.md.erb +0 -131
  168. data/docs/resources/shadow.md.erb +0 -267
  169. data/docs/resources/ssh_config.md.erb +0 -83
  170. data/docs/resources/sshd_config.md.erb +0 -93
  171. data/docs/resources/ssl.md.erb +0 -129
  172. data/docs/resources/sys_info.md.erb +0 -52
  173. data/docs/resources/systemd_service.md.erb +0 -67
  174. data/docs/resources/sysv_service.md.erb +0 -67
  175. data/docs/resources/upstart_service.md.erb +0 -67
  176. data/docs/resources/user.md.erb +0 -150
  177. data/docs/resources/users.md.erb +0 -137
  178. data/docs/resources/vbscript.md.erb +0 -65
  179. data/docs/resources/virtualization.md.erb +0 -67
  180. data/docs/resources/windows_feature.md.erb +0 -69
  181. data/docs/resources/windows_hotfix.md.erb +0 -63
  182. data/docs/resources/windows_task.md.erb +0 -95
  183. data/docs/resources/wmi.md.erb +0 -91
  184. data/docs/resources/x509_certificate.md.erb +0 -161
  185. data/docs/resources/xinetd_conf.md.erb +0 -166
  186. data/docs/resources/xml.md.erb +0 -95
  187. data/docs/resources/yaml.md.erb +0 -79
  188. data/docs/resources/yum.md.erb +0 -108
  189. data/docs/resources/zfs_dataset.md.erb +0 -63
  190. data/docs/resources/zfs_pool.md.erb +0 -57
  191. data/docs/shared/matcher_be.md.erb +0 -1
  192. data/docs/shared/matcher_cmp.md.erb +0 -43
  193. data/docs/shared/matcher_eq.md.erb +0 -3
  194. data/docs/shared/matcher_include.md.erb +0 -1
  195. data/docs/shared/matcher_match.md.erb +0 -1
  196. data/docs/shell.md +0 -217
  197. data/docs/style.md +0 -178
  198. data/examples/README.md +0 -8
  199. data/examples/custom-resource/README.md +0 -3
  200. data/examples/custom-resource/controls/example.rb +0 -7
  201. data/examples/custom-resource/inspec.yml +0 -8
  202. data/examples/custom-resource/libraries/batsignal.rb +0 -20
  203. data/examples/custom-resource/libraries/gordon.rb +0 -21
  204. data/examples/inheritance/README.md +0 -65
  205. data/examples/inheritance/controls/example.rb +0 -14
  206. data/examples/inheritance/inspec.yml +0 -16
  207. data/examples/kitchen-ansible/.kitchen.yml +0 -25
  208. data/examples/kitchen-ansible/Gemfile +0 -19
  209. data/examples/kitchen-ansible/README.md +0 -53
  210. data/examples/kitchen-ansible/files/nginx.repo +0 -6
  211. data/examples/kitchen-ansible/tasks/main.yml +0 -16
  212. data/examples/kitchen-ansible/test/integration/default/default.yml +0 -5
  213. data/examples/kitchen-ansible/test/integration/default/web_spec.rb +0 -28
  214. data/examples/kitchen-chef/.kitchen.yml +0 -20
  215. data/examples/kitchen-chef/Berksfile +0 -3
  216. data/examples/kitchen-chef/Gemfile +0 -19
  217. data/examples/kitchen-chef/README.md +0 -27
  218. data/examples/kitchen-chef/metadata.rb +0 -7
  219. data/examples/kitchen-chef/recipes/default.rb +0 -6
  220. data/examples/kitchen-chef/recipes/nginx.rb +0 -30
  221. data/examples/kitchen-chef/test/integration/default/web_spec.rb +0 -28
  222. data/examples/kitchen-puppet/.kitchen.yml +0 -23
  223. data/examples/kitchen-puppet/Gemfile +0 -20
  224. data/examples/kitchen-puppet/Puppetfile +0 -25
  225. data/examples/kitchen-puppet/README.md +0 -53
  226. data/examples/kitchen-puppet/manifests/site.pp +0 -33
  227. data/examples/kitchen-puppet/metadata.json +0 -11
  228. data/examples/kitchen-puppet/modules/.gitkeep +0 -0
  229. data/examples/kitchen-puppet/test/integration/default/web_spec.rb +0 -28
  230. data/examples/meta-profile/README.md +0 -37
  231. data/examples/meta-profile/controls/example.rb +0 -13
  232. data/examples/meta-profile/inspec.yml +0 -13
  233. data/examples/plugins/inspec-resource-lister/Gemfile +0 -12
  234. data/examples/plugins/inspec-resource-lister/LICENSE +0 -13
  235. data/examples/plugins/inspec-resource-lister/README.md +0 -62
  236. data/examples/plugins/inspec-resource-lister/Rakefile +0 -40
  237. data/examples/plugins/inspec-resource-lister/inspec-resource-lister.gemspec +0 -45
  238. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister.rb +0 -16
  239. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/cli_command.rb +0 -70
  240. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/plugin.rb +0 -55
  241. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/version.rb +0 -10
  242. data/examples/plugins/inspec-resource-lister/test/fixtures/README.md +0 -24
  243. data/examples/plugins/inspec-resource-lister/test/functional/README.md +0 -18
  244. data/examples/plugins/inspec-resource-lister/test/functional/inspec_resource_lister_test.rb +0 -110
  245. data/examples/plugins/inspec-resource-lister/test/helper.rb +0 -26
  246. data/examples/plugins/inspec-resource-lister/test/unit/README.md +0 -17
  247. data/examples/plugins/inspec-resource-lister/test/unit/cli_args_test.rb +0 -64
  248. data/examples/plugins/inspec-resource-lister/test/unit/plugin_def_test.rb +0 -51
  249. data/examples/profile-attribute.yml +0 -2
  250. data/examples/profile-attribute/README.md +0 -14
  251. data/examples/profile-attribute/controls/example.rb +0 -11
  252. data/examples/profile-attribute/inspec.yml +0 -8
  253. data/examples/profile-aws/controls/iam_password_policy_expiration.rb +0 -8
  254. data/examples/profile-aws/controls/iam_password_policy_max_age.rb +0 -8
  255. data/examples/profile-aws/controls/iam_root_user_mfa.rb +0 -8
  256. data/examples/profile-aws/controls/iam_users_access_key_age.rb +0 -8
  257. data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +0 -8
  258. data/examples/profile-aws/inspec.yml +0 -11
  259. data/examples/profile-azure/controls/azure_resource_group_example.rb +0 -24
  260. data/examples/profile-azure/controls/azure_vm_example.rb +0 -29
  261. data/examples/profile-azure/inspec.yml +0 -11
  262. data/examples/profile-sensitive/README.md +0 -29
  263. data/examples/profile-sensitive/controls/sensitive-failures.rb +0 -9
  264. data/examples/profile-sensitive/controls/sensitive.rb +0 -9
  265. data/examples/profile-sensitive/inspec.yml +0 -8
  266. data/examples/profile/README.md +0 -48
  267. data/examples/profile/controls/example.rb +0 -24
  268. data/examples/profile/controls/gordon.rb +0 -36
  269. data/examples/profile/controls/meta.rb +0 -36
  270. data/examples/profile/inspec.yml +0 -11
  271. data/examples/profile/libraries/gordon_config.rb +0 -59
@@ -1,13 +0,0 @@
1
- # encoding: utf-8
2
- # copyright: 2015, The Authors
3
-
4
- # import full profile
5
- include_controls 'dev-sec/ssh-baseline'
6
-
7
- # select only individual controls
8
- include_controls 'ssl-baseline' do
9
- control "tls1.2"
10
- end
11
-
12
- # inspec knows that it cannot run Windows tests on Linux
13
- include_controls 'windows-patch-benchmark'
@@ -1,13 +0,0 @@
1
- name: meta-profile
2
- title: Meta Compliance Profile
3
- maintainer: InSpec Authors
4
- copyright: InSpec Authors
5
- copyright_email: support@chef.io
6
- license: Apache-2.0
7
- summary: InSpec Profile that is only consuming dependencies
8
- version: 0.2.0
9
- depends:
10
- - name: dev-sec/ssh-baseline # defaults to supermarket
11
- - url: https://github.com/dev-sec/ssl-baseline
12
- - name: windows-patch-benchmark
13
- url: https://github.com/chris-rock/windows-patch-benchmark
@@ -1,12 +0,0 @@
1
- # encoding: utf-8
2
- source 'https://rubygems.org'
3
-
4
- gemspec
5
-
6
- group :development do
7
- gem 'bundler'
8
- gem 'byebug'
9
- gem 'minitest'
10
- gem 'rake'
11
- gem 'rubocop', '= 0.49.1' # Need to keep in sync with main InSpec project, so config files will work
12
- end
@@ -1,13 +0,0 @@
1
- Copyright (c) 2018 Chef Software Inc.
2
-
3
- Licensed under the Apache License, Version 2.0 (the "License");
4
- you may not use this file except in compliance with the License.
5
- You may obtain a copy of the License at
6
-
7
- http://www.apache.org/licenses/LICENSE-2.0
8
-
9
- Unless required by applicable law or agreed to in writing, software
10
- distributed under the License is distributed on an "AS IS" BASIS,
11
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
- See the License for the specific language governing permissions and
13
- limitations under the License.
@@ -1,62 +0,0 @@
1
- # InSpec Plugin Example - Resource Lister
2
-
3
- This plugin provides an example of building a plugin for use with [InSpec](https://inspec.io). Its functionality is simple, but useful: list resources included with InSpec.
4
-
5
- ## To Install this as a User
6
-
7
- You will need InSpec v2.3 or later.
8
-
9
- If you want to just use this (not learn how to write a plugin), you can do so by simply running:
10
-
11
- ```
12
- you@machine $ inspec plugin install inspec-resource-lister
13
- ```
14
-
15
- You can then run:
16
-
17
- ```
18
- you@machine $ inspec plugin help listresources
19
- # ... Usage info
20
-
21
- you@machine $ inspec plugin listresources core
22
- aide_conf
23
- apache
24
- apache_conf
25
- ... snip ...
26
- yumrepo
27
- zfs_dataset
28
- zfs_pool
29
- ------------------------------
30
- 160 resources total
31
- ```
32
-
33
- ## Features of This Example Kit
34
-
35
- This example plugin is a full-fledged plugin example, with everything a real-world, industrial grade plugin would have, including:
36
-
37
- * an implementation of an InSpec CLI Command, using the InSpec PluginV2 API
38
- * documentation (you are reading it now)
39
- * tests, at the unit and functional level
40
- * a .gemspec, for packaging and publishing it as a gem
41
- * a Gemfile, for managing its dependencies
42
- * a Rakefile, for running development tasks
43
- * Rubocop linting support for using the base InSpec project rubocop.yml (See Rakefile)
44
-
45
- You are encouraged to use this plugin as a starting point for real plugins.
46
-
47
- ## Development of a Plugin
48
-
49
- [Plugin Development](https://github.com/inspec/inspec/blob/master/docs/dev/plugins.md) is documented on the `inspec` project on GitHub. Additionally, this example
50
- plugin has extensive comments explaining what is happening, and why.
51
-
52
- ### A Tour of the Plugin
53
-
54
- One nice circuit of the plugin might be:
55
- * look at the gemspec, to see what the plugin thinks it does
56
- * look at the functional tests, to see the plugin proving it does what it says
57
- * look at the unit tests, to see how the plugin claims it is internally structured
58
- * look at the Rakefile, to see how to interact with the project
59
- * look at lib/inspec-resource-lister.rb, the entry point which InSpec will always load if the plugin is installed
60
- * look at lib/inspec-resource-lister/plugin.rb, the plugin definition which InSpec uses to understand what the plugin _can_ do.
61
- * look at lib/inspec-resource-lister/cli_command.rb, the CLI Command implementation itself.
62
-
@@ -1,40 +0,0 @@
1
- # A Rakefile defines tasks to help maintain your project.
2
- # Rake provides several task templates that are useful.
3
-
4
- #------------------------------------------------------------------#
5
- # Test Runner Tasks
6
- #------------------------------------------------------------------#
7
-
8
- # This task template will make a task named 'test', and run
9
- # the tests that it finds.
10
- require 'rake/testtask'
11
-
12
- Rake::TestTask.new do |t|
13
- t.libs.push 'lib'
14
- t.test_files = FileList[
15
- 'test/unit/*_test.rb',
16
- 'test/functional/*_test.rb',
17
- ]
18
- t.verbose = true
19
- # Ideally, we'd run tests with warnings enabled,
20
- # but the dependent gems have many warnings. As this
21
- # is an example, let's disable them so the testing
22
- # experience is cleaner.
23
- t.warning = false
24
- end
25
-
26
- #------------------------------------------------------------------#
27
- # Code Style Tasks
28
- #------------------------------------------------------------------#
29
- require 'rubocop/rake_task'
30
-
31
- RuboCop::RakeTask.new(:lint) do |t|
32
- # Choices of rubocop rules to enforce are deeply personal.
33
- # Here, we set things up so that your plugin will use the Bundler-installed
34
- # inspec gem's copy of the InSpec project's rubocop.yml file (which
35
- # is indeed packaged with the inspec gem).
36
- require 'inspec/globals'
37
- inspec_rubocop_yml = File.join(Inspec.src_root, '.rubocop.yml')
38
-
39
- t.options = ['--display-cop-names', '--config', inspec_rubocop_yml]
40
- end
@@ -1,45 +0,0 @@
1
- # coding: utf-8
2
-
3
- # As plugins are usually packaged and distributed as a RubyGem,
4
- # we have to provide a .gemspec file, which controls the gembuild
5
- # and publish process. This is a fairly generic gemspec.
6
-
7
- # It is traditional in a gemspec to dynamically load the current version
8
- # from a file in the source tree. The next three lines make that happen.
9
- lib = File.expand_path('../lib', __FILE__)
10
- $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
11
- require 'inspec-resource-lister/version'
12
-
13
- Gem::Specification.new do |spec|
14
- # Importantly, all InSpec plugins must be prefixed with `inspec-` (most
15
- # plugins) or `train-` (plugins which add new connectivity features).
16
- spec.name = 'inspec-resource-lister'
17
-
18
- # It is polite to namespace your plugin under InspecPlugins::YourPluginInCamelCase
19
- spec.version = InspecPlugins::ResourceLister::VERSION
20
- spec.authors = ['Clinton Wolfe']
21
- spec.email = ['cwolfe@chef.io']
22
- spec.summary = 'InSpec Plugin example, lists available resources'
23
- spec.description = 'Example for implementing an InSpec Plugin. This simply lists available resources.'
24
- spec.homepage = 'https://github.com/inspec/inspec/tree/master/examples/plugin'
25
- spec.license = 'Apache-2.0'
26
-
27
- # Though complicated-looking, this is pretty standard for a gemspec.
28
- # It just filters what will actually be packaged in the gem (leaving
29
- # out tests, etc)
30
- spec.files = %w{
31
- README.md inspec-resource-lister.gemspec Gemfile
32
- } + Dir.glob(
33
- 'lib/**/*', File::FNM_DOTMATCH
34
- ).reject { |f| File.directory?(f) }
35
- spec.require_paths = ['lib']
36
-
37
- # If you rely on any other gems, list them here with any constraints.
38
- # This is how `inspec plugin install` is able to manage your dependencies.
39
- # For example, perhaps you are writing a thing that talks to AWS, and you
40
- # want to ensure you have `aws-sdk` in a certain version.
41
-
42
- # All plugins should mention inspec, > 2.2.78
43
- # 2.2.78 included the v2 Plugin API
44
- spec.add_dependency 'inspec', '>=2.2.78', '<4.0.0'
45
- end
@@ -1,16 +0,0 @@
1
- # encoding: utf-8
2
-
3
- # This file is known as the "entry point."
4
- # This is the file InSpec will try to load if it
5
- # thinks your plugin is installed.
6
-
7
- # The *only* thing this file should do is setup the
8
- # load path, then load the plugin definition file.
9
-
10
- # Next two lines simply add the path of the gem to the load path.
11
- # This is not needed when being loaded as a gem; but when doing
12
- # plugin development, you may need it. Either way, it's harmless.
13
- libdir = File.dirname(__FILE__)
14
- $LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
15
-
16
- require 'inspec-resource-lister/plugin'
@@ -1,70 +0,0 @@
1
- # encoding: utf-8
2
-
3
- require 'inspec/resource'
4
-
5
- module InspecPlugins::ResourceLister
6
- # This class will provide the actual CLI implementation.
7
- # Its superclass is provided by another call to Inspec.plugin,
8
- # this time with two args. The first arg specifies we are requesting
9
- # version 2 of the Plugins API. The second says we are making a CLI
10
- # Command plugin component, so please make available any DSL needed
11
- # for that.
12
- # In fact, aside from a some housekeeping DSL methods, most of the
13
- # DSL provided is that of Thor. Inspec.plugin(2, :cli_command)
14
- # promises to return a class that is a subclass of Thor. So, to add
15
- # commands, usage information, and options, use the Thor documentation.
16
- class CliCommand < Inspec.plugin(2, :cli_command)
17
- # This isn't provided by Thor, but is needed by InSpec so that it can
18
- # register the subcommand. Args are a usage message, and a short decription.
19
- # These will appear when someone has installed the plugin, and then they
20
- # run `inspec help`.
21
- subcommand_desc 'list-resources [COMMAND]', 'List resources that InSpec finds.'
22
-
23
- # The usual rhythm for a Thor CLI file is description, options, command method.
24
- # Thor just has you call DSL methods in sequence prior to each command.
25
- # Let's make a command, 'core', that lists all of the resources included with InSpec.
26
-
27
- # First, provide a usage / description. This will appear in `inspec help list-resources`.
28
- desc 'core [OPTIONS]', 'List resources that are included with InSpec.'
29
-
30
- # Let's include an option, -s, to summarize the list.
31
- # Refer to the Thors docs; there is a lot you can do here.
32
- option :summary, desc: 'Include a total at the bottom', \
33
- type: :boolean, default: true, aliases: [:s]
34
-
35
- # OK, now the actual method itself. If you provide params, you're telling Thor that
36
- # you accept CLI arguments after all options have been consumed. Let's accept a
37
- # pattern, assumed to be a wildcard substring. If we provide a default, the CLI arg becomes optional.
38
- def core(pattern = /.+/)
39
- # The code here will *only* be executed if someone actually runs
40
- # `inspec list-resources core`. So, we can lazily wait to load
41
- # expensive things here. However, InSpec has in fact already
42
- # loaded the Resources, so we don't have anything to load.
43
-
44
- # If we were passed a CLI arg, wrap the arg in Regexp matchers so
45
- # we will match anywhere in the name.
46
- unless pattern == /.+/
47
- pattern = Regexp.new('.*' + pattern + '.*')
48
- end
49
-
50
- # This gets a bit into InSpec innards; but this is simply a Hash.
51
- registry = Inspec::Resource.default_registry
52
- resource_names = registry.keys.grep(pattern).sort
53
-
54
- # One day we'll have nice UI support.
55
- resource_names.each { |name| puts name }
56
-
57
- if options[:summary]
58
- puts '-' * 30
59
- puts "#{resource_names.count} resources total"
60
- end
61
- end
62
-
63
- # A neat idea for future work would be to add another command, perhaps
64
- # 'resource-pack', which examines a possibly remote resource pack and
65
- # enumerates the resources it defines.
66
-
67
- # Another idea might be to fetch a profile, and list the resources actually
68
- # used in the controls of the profile, along with counts.
69
- end
70
- end
@@ -1,55 +0,0 @@
1
- # encoding: UTF-8
2
-
3
- # Plugin Definition file
4
- # The purpose of this file is to declare to InSpec what plugin_types (capabilities)
5
- # are included in this plugin, and provide hooks that will load them as needed.
6
-
7
- # It is important that this file load successfully and *quickly*.
8
- # Your plugin's functionality may never be used on this InSpec run; so we keep things
9
- # fast and light by only loading heavy things when they are needed.
10
-
11
- # Presumably this is light
12
- require 'inspec-resource-lister/version'
13
-
14
- # The InspecPlugins namespace is where all plugins should declare themselves.
15
- # The 'Inspec' capitalization is used throughout the InSpec source code; yes, it's
16
- # strange.
17
- module InspecPlugins
18
- # Pick a reasonable namespace here for your plugin. A reasonable choice
19
- # would be the CamelCase version of your plugin gem name.
20
- # inspec-resource-lister => ResourceLister
21
- module ResourceLister
22
- # This simple class handles the plugin definition, so calling it simply Plugin is OK.
23
- # Inspec.plugin returns various Classes, intended to be superclasses for various
24
- # plugin components. Here, the one-arg form gives you the Plugin Definition superclass,
25
- # which mainly gives you access to the hook / plugin_type DSL.
26
- # The number '2' says you are asking for version 2 of the plugin API. If there are
27
- # future versions, InSpec promises plugin API v2 will work for at least two more InSpec
28
- # major versions.
29
- class Plugin < ::Inspec.plugin(2)
30
- # Internal machine name of the plugin. InSpec will use this in errors, etc.
31
- plugin_name :'inspec-resource-lister'
32
-
33
- # Define a new CLI subcommand.
34
- # The argument here will be used to match against the command line args,
35
- # and if the user said `inspec list-resources`, this hook will get called.
36
- # Notice that you can define multiple hooks with different names, and they
37
- # don't have to match the plugin name.
38
-
39
- # We'd like this to be list-resources, but Thor does not support hyphens
40
- # see https://github.com/erikhuda/thor/pull/613
41
- cli_command :listresources do
42
- # Calling this hook doesn't mean list-resources is being executed - just
43
- # that we should be ready to do so. So, load the file that defines the
44
- # functionality.
45
- # For example, InSpec will activate this hook when `inspec help` is
46
- # executed, so that this plugin's usage message will be included in the help.
47
- require 'inspec-resource-lister/cli_command'
48
-
49
- # Having loaded our functionality, return a class that will let the
50
- # CLI engine tap into it.
51
- InspecPlugins::ResourceLister::CliCommand
52
- end
53
- end
54
- end
55
- end
@@ -1,10 +0,0 @@
1
- # encoding: UTF-8
2
-
3
- # This file simply makes it easier for CI engines to update
4
- # the version stamp, and provide a clean way for the gemspec
5
- # to learn the current version.
6
- module InspecPlugins
7
- module ResourceLister
8
- VERSION = '0.1.0'.freeze
9
- end
10
- end
@@ -1,24 +0,0 @@
1
- # Test Fixtures Area
2
-
3
- In this directory, you would place things that you need during testing. For example, if you were making a plugin that counts the number of controls in a profile, you might have a directory tree like this:
4
-
5
- ```
6
- fixtures/
7
- profiles/
8
- zero-controls/
9
- inspec.yml
10
- controls/
11
- twelve-controls/
12
- inspec.yml
13
- controls/
14
- nine.rb
15
- three.rb
16
- ```
17
-
18
- When writing your functional tests, you can point InSpec at the various test fixture profiles, and know that when it points at the zero-controls profile, it should find no controls; and when pointed at the twelve-controls profile, it should find 12.
19
-
20
- ## Using test fixtures provided with core inspec
21
-
22
- InSpec itself ships with many test fixtures - not just profiles, but attribute files, configuration directories, and more. Examine them at [the fixtures directory](https://github.com/inspec/inspec/tree/master/test/unit/mock)
23
-
24
- To use them, see the helper.rb file included in the example at test/helper.rb .
@@ -1,18 +0,0 @@
1
- # Functional Testing Area for Example Plugins
2
-
3
- ## What example tests are provided?
4
-
5
- Here, since this is a CliCommand plugin, we provide one set of functional tests:
6
-
7
- * inspec_resource_lister_test.rb - Runs `inspec resource-lister` in several circumstances, and verifies the output from the process.
8
-
9
- ## What are functional tests?
10
-
11
- Functional tests are tests that verify that your plugin works _as would be seen by a user_. Functional tests generally do not have inside knowledge about the inner workings of the plugin. However a functional test is very interested in changes that you plugin make to the outside world: exit codes, command output, changes to files on the filesystem, etc.
12
-
13
- To be picked up by the Rake tasks as tests, each test file should end in `_test.rb`.
14
-
15
- ## Unit vs Functional Tests
16
-
17
- A practical difference between unit tests and functional tests is that unit tests all run within one process, while functional tests might exercise a CLI plugin by shelling out to an inspec command in a subprocess, and examining the results.
18
-
@@ -1,110 +0,0 @@
1
- # Functional Tests for Example Plugin, Resource Lister
2
-
3
- # Functional tests are used to verify the behavior of the plugin are as expected, to a user.
4
- # Functional tests generally do not have inside knowledge of how the plugin works.
5
-
6
- # Include our test harness
7
- require_relative '../helper'
8
-
9
- # Because InSpec is a Spec-style test suite, we're going to use MiniTest::Spec
10
- # here, for familiar look and feel. However, this isn't InSpec (or RSpec) code.
11
- describe 'inspec list-resources core' do
12
- # Our helper.rb locates this library from the InSpec install that
13
- # Bundler installed for us. If we want its methods, we still must
14
- # import it. Including it here will make it available in all child
15
- # 'describe' blocks.
16
- include CorePluginFunctionalHelper
17
-
18
- # When thinking up scenarios to test, start with the simplest.
19
- # Then think of each major feature, and exercise them.
20
- # Running combinations of features makes sense if it is very likely,
21
- # or a difficult / dangerous case. You can always add more tests
22
- # here as users find subtle problems. In fact, having a user submit
23
- # a PR that creates a failing functional test is a great way to
24
- # capture the reproduction case.
25
- # The simplest case:
26
- describe "when run without an argument" do
27
-
28
- # run_inspec_process_with_this_plugin is a helper provided by
29
- # CoreFunctionalHelper. It makes the InSpec that Bundler installed
30
- # think that this plugin we are currently testing is installed as a
31
- # user plugin, by writing a plugin config file in a temp dir.
32
- # To use it, just provide a command line, minus the word `inspec`.
33
- let (:outcome) { run_inspec_process_with_this_plugin('listresources core') }
34
-
35
- # Some tests through here use minitest Expectations, which attach to all
36
- # Objects, and begin with 'must' (positive) or 'wont' (negative)
37
- # See https://ruby-doc.org/stdlib-2.1.0/libdoc/minitest/rdoc/MiniTest/Expectations.html
38
- it("should exit successfully") { outcome.exit_status.must_equal(0) }
39
- it("should be silent on stderr") { outcome.stderr.must_be_empty }
40
-
41
- # A selection of core resources, just spot checking.
42
- # This is an example of using Ruby to define sets of tests.
43
- ['process', 'service', 'user', 'file'].each do |resource_name|
44
- it "should mention the '#{resource_name}' resource" do
45
- outcome.stdout.must_include(resource_name)
46
- end
47
- end
48
-
49
- # Check for the summary
50
- it "should mention the summary" do
51
- outcome.stdout.must_include('resources total')
52
- end
53
- end
54
-
55
- # Test the search pattern feature, in a couple of ways.
56
- describe "when run with a search pattern that matches things" do
57
- # Notice that the command line is changed here:
58
- # "list all resources that have the word user in them"
59
- let (:outcome) { run_inspec_process_with_this_plugin('listresources core user') }
60
-
61
- # Should be well-behaved...
62
- it("should exit successfully") { outcome.exit_status.must_equal(0) }
63
- it("should be silent on stderr") { outcome.stderr.must_be_empty }
64
-
65
- # Here, we want to know it DID match some things, and NOT some others.
66
- ['user', 'users'].each do |resource_name|
67
- it "should mention the '#{resource_name}' resource" do
68
- outcome.stdout.must_include(resource_name)
69
- end
70
- end
71
- ['process', 'service', 'file'].each do |resource_name|
72
- it "should NOT mention the '#{resource_name}' resource" do
73
- outcome.stdout.wont_include(resource_name)
74
- end
75
- end
76
- end
77
- describe "when run with a search pattern that matches nothing" do
78
- # Unlikely we'll have a resource with the string 'autogyro' in it.
79
- let (:outcome) { run_inspec_process_with_this_plugin('listresources core autogyro') }
80
-
81
- # Should be well-behaved...
82
- it("should exit successfully") { outcome.exit_status.must_equal(0) }
83
- it("should be silent on stderr") { outcome.stderr.must_be_empty }
84
-
85
- # Output lines should be just two, for the summary.
86
- it "should only have two output lines" do
87
- outcome.stdout.split("\n").count.must_equal(2)
88
- end
89
-
90
- # Check for the summary
91
- it "should mention a zero-resource summary" do
92
- outcome.stdout.must_include('0 resources total')
93
- end
94
- end
95
-
96
- # Exercise the summary option, which defaults to 'true'.
97
- describe "when run with the no-summary flag" do
98
- # Alter the command string to include the no-summary option
99
- let(:outcome) { run_inspec_process_with_this_plugin('listresources core --no-summary') }
100
-
101
- # Should be well-behaved...
102
- it("should exit successfully") { outcome.exit_status.must_equal(0) }
103
- it("should be silent on stderr") { outcome.stderr.must_be_empty }
104
-
105
- # Check for the summary
106
- it "should NOT mention summary" do
107
- outcome.stdout.wont_include('0 resources total')
108
- end
109
- end
110
- end