inspec 2.3.10 → 2.3.23

Sign up to get free protection for your applications and to get access to all the features.
Files changed (271) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +34 -13
  3. data/etc/plugin_filters.json +25 -0
  4. data/inspec.gemspec +3 -3
  5. data/lib/bundles/inspec-compliance/api.rb +3 -0
  6. data/lib/bundles/inspec-compliance/configuration.rb +3 -0
  7. data/lib/bundles/inspec-compliance/http.rb +3 -0
  8. data/lib/bundles/inspec-compliance/support.rb +3 -0
  9. data/lib/bundles/inspec-compliance/target.rb +3 -0
  10. data/lib/inspec/objects/attribute.rb +3 -0
  11. data/lib/inspec/plugin/v2.rb +3 -0
  12. data/lib/inspec/plugin/v2/filter.rb +62 -0
  13. data/lib/inspec/plugin/v2/installer.rb +21 -1
  14. data/lib/inspec/plugin/v2/loader.rb +4 -0
  15. data/lib/inspec/profile.rb +3 -1
  16. data/lib/inspec/version.rb +1 -1
  17. data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +25 -3
  18. data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +65 -11
  19. data/lib/plugins/inspec-plugin-manager-cli/test/unit/cli_args_test.rb +5 -1
  20. data/lib/resources/package.rb +1 -1
  21. metadata +5 -253
  22. data/MAINTAINERS.toml +0 -52
  23. data/docs/.gitignore +0 -2
  24. data/docs/README.md +0 -41
  25. data/docs/dev/control-eval.md +0 -62
  26. data/docs/dev/filtertable-internals.md +0 -353
  27. data/docs/dev/filtertable-usage.md +0 -533
  28. data/docs/dev/integration-testing.md +0 -31
  29. data/docs/dev/plugins.md +0 -323
  30. data/docs/dsl_inspec.md +0 -354
  31. data/docs/dsl_resource.md +0 -100
  32. data/docs/glossary.md +0 -381
  33. data/docs/habitat.md +0 -193
  34. data/docs/inspec_and_friends.md +0 -114
  35. data/docs/matchers.md +0 -161
  36. data/docs/migration.md +0 -293
  37. data/docs/platforms.md +0 -119
  38. data/docs/plugin_kitchen_inspec.md +0 -60
  39. data/docs/plugins.md +0 -57
  40. data/docs/profiles.md +0 -576
  41. data/docs/reporters.md +0 -170
  42. data/docs/resources/aide_conf.md.erb +0 -86
  43. data/docs/resources/apache.md.erb +0 -77
  44. data/docs/resources/apache_conf.md.erb +0 -78
  45. data/docs/resources/apt.md.erb +0 -81
  46. data/docs/resources/audit_policy.md.erb +0 -57
  47. data/docs/resources/auditd.md.erb +0 -89
  48. data/docs/resources/auditd_conf.md.erb +0 -78
  49. data/docs/resources/aws_cloudtrail_trail.md.erb +0 -165
  50. data/docs/resources/aws_cloudtrail_trails.md.erb +0 -96
  51. data/docs/resources/aws_cloudwatch_alarm.md.erb +0 -101
  52. data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +0 -164
  53. data/docs/resources/aws_config_delivery_channel.md.erb +0 -111
  54. data/docs/resources/aws_config_recorder.md.erb +0 -96
  55. data/docs/resources/aws_ebs_volume.md.erb +0 -76
  56. data/docs/resources/aws_ebs_volumes.md.erb +0 -86
  57. data/docs/resources/aws_ec2_instance.md.erb +0 -122
  58. data/docs/resources/aws_ec2_instances.md.erb +0 -89
  59. data/docs/resources/aws_elb.md.erb +0 -154
  60. data/docs/resources/aws_elbs.md.erb +0 -252
  61. data/docs/resources/aws_flow_log.md.erb +0 -128
  62. data/docs/resources/aws_iam_access_key.md.erb +0 -139
  63. data/docs/resources/aws_iam_access_keys.md.erb +0 -214
  64. data/docs/resources/aws_iam_group.md.erb +0 -74
  65. data/docs/resources/aws_iam_groups.md.erb +0 -92
  66. data/docs/resources/aws_iam_password_policy.md.erb +0 -92
  67. data/docs/resources/aws_iam_policies.md.erb +0 -97
  68. data/docs/resources/aws_iam_policy.md.erb +0 -264
  69. data/docs/resources/aws_iam_role.md.erb +0 -79
  70. data/docs/resources/aws_iam_root_user.md.erb +0 -86
  71. data/docs/resources/aws_iam_user.md.erb +0 -130
  72. data/docs/resources/aws_iam_users.md.erb +0 -289
  73. data/docs/resources/aws_kms_key.md.erb +0 -187
  74. data/docs/resources/aws_kms_keys.md.erb +0 -99
  75. data/docs/resources/aws_rds_instance.md.erb +0 -76
  76. data/docs/resources/aws_route_table.md.erb +0 -63
  77. data/docs/resources/aws_route_tables.md.erb +0 -65
  78. data/docs/resources/aws_s3_bucket.md.erb +0 -156
  79. data/docs/resources/aws_s3_bucket_object.md.erb +0 -99
  80. data/docs/resources/aws_s3_buckets.md.erb +0 -69
  81. data/docs/resources/aws_security_group.md.erb +0 -323
  82. data/docs/resources/aws_security_groups.md.erb +0 -107
  83. data/docs/resources/aws_sns_subscription.md.erb +0 -140
  84. data/docs/resources/aws_sns_topic.md.erb +0 -79
  85. data/docs/resources/aws_sns_topics.md.erb +0 -68
  86. data/docs/resources/aws_subnet.md.erb +0 -150
  87. data/docs/resources/aws_subnets.md.erb +0 -142
  88. data/docs/resources/aws_vpc.md.erb +0 -135
  89. data/docs/resources/aws_vpcs.md.erb +0 -135
  90. data/docs/resources/azure_generic_resource.md.erb +0 -183
  91. data/docs/resources/azure_resource_group.md.erb +0 -294
  92. data/docs/resources/azure_virtual_machine.md.erb +0 -357
  93. data/docs/resources/azure_virtual_machine_data_disk.md.erb +0 -234
  94. data/docs/resources/bash.md.erb +0 -85
  95. data/docs/resources/bond.md.erb +0 -100
  96. data/docs/resources/bridge.md.erb +0 -67
  97. data/docs/resources/bsd_service.md.erb +0 -77
  98. data/docs/resources/chocolatey_package.md.erb +0 -68
  99. data/docs/resources/command.md.erb +0 -176
  100. data/docs/resources/cpan.md.erb +0 -89
  101. data/docs/resources/cran.md.erb +0 -74
  102. data/docs/resources/crontab.md.erb +0 -103
  103. data/docs/resources/csv.md.erb +0 -64
  104. data/docs/resources/dh_params.md.erb +0 -221
  105. data/docs/resources/directory.md.erb +0 -40
  106. data/docs/resources/docker.md.erb +0 -240
  107. data/docs/resources/docker_container.md.erb +0 -113
  108. data/docs/resources/docker_image.md.erb +0 -104
  109. data/docs/resources/docker_plugin.md.erb +0 -80
  110. data/docs/resources/docker_service.md.erb +0 -124
  111. data/docs/resources/elasticsearch.md.erb +0 -252
  112. data/docs/resources/etc_fstab.md.erb +0 -135
  113. data/docs/resources/etc_group.md.erb +0 -85
  114. data/docs/resources/etc_hosts.md.erb +0 -88
  115. data/docs/resources/etc_hosts_allow.md.erb +0 -84
  116. data/docs/resources/etc_hosts_deny.md.erb +0 -84
  117. data/docs/resources/file.md.erb +0 -543
  118. data/docs/resources/filesystem.md.erb +0 -51
  119. data/docs/resources/firewalld.md.erb +0 -117
  120. data/docs/resources/gem.md.erb +0 -108
  121. data/docs/resources/group.md.erb +0 -71
  122. data/docs/resources/grub_conf.md.erb +0 -111
  123. data/docs/resources/host.md.erb +0 -96
  124. data/docs/resources/http.md.erb +0 -207
  125. data/docs/resources/iis_app.md.erb +0 -132
  126. data/docs/resources/iis_site.md.erb +0 -145
  127. data/docs/resources/inetd_conf.md.erb +0 -104
  128. data/docs/resources/ini.md.erb +0 -86
  129. data/docs/resources/interface.md.erb +0 -68
  130. data/docs/resources/iptables.md.erb +0 -74
  131. data/docs/resources/json.md.erb +0 -73
  132. data/docs/resources/kernel_module.md.erb +0 -130
  133. data/docs/resources/kernel_parameter.md.erb +0 -63
  134. data/docs/resources/key_rsa.md.erb +0 -95
  135. data/docs/resources/launchd_service.md.erb +0 -67
  136. data/docs/resources/limits_conf.md.erb +0 -85
  137. data/docs/resources/login_defs.md.erb +0 -81
  138. data/docs/resources/mount.md.erb +0 -79
  139. data/docs/resources/mssql_session.md.erb +0 -78
  140. data/docs/resources/mysql_conf.md.erb +0 -109
  141. data/docs/resources/mysql_session.md.erb +0 -84
  142. data/docs/resources/nginx.md.erb +0 -89
  143. data/docs/resources/nginx_conf.md.erb +0 -148
  144. data/docs/resources/npm.md.erb +0 -78
  145. data/docs/resources/ntp_conf.md.erb +0 -70
  146. data/docs/resources/oneget.md.erb +0 -63
  147. data/docs/resources/oracledb_session.md.erb +0 -103
  148. data/docs/resources/os.md.erb +0 -153
  149. data/docs/resources/os_env.md.erb +0 -101
  150. data/docs/resources/package.md.erb +0 -130
  151. data/docs/resources/packages.md.erb +0 -77
  152. data/docs/resources/parse_config.md.erb +0 -113
  153. data/docs/resources/parse_config_file.md.erb +0 -148
  154. data/docs/resources/passwd.md.erb +0 -151
  155. data/docs/resources/pip.md.erb +0 -77
  156. data/docs/resources/port.md.erb +0 -147
  157. data/docs/resources/postgres_conf.md.erb +0 -89
  158. data/docs/resources/postgres_hba_conf.md.erb +0 -103
  159. data/docs/resources/postgres_ident_conf.md.erb +0 -86
  160. data/docs/resources/postgres_session.md.erb +0 -79
  161. data/docs/resources/powershell.md.erb +0 -112
  162. data/docs/resources/processes.md.erb +0 -119
  163. data/docs/resources/rabbitmq_config.md.erb +0 -51
  164. data/docs/resources/registry_key.md.erb +0 -197
  165. data/docs/resources/runit_service.md.erb +0 -67
  166. data/docs/resources/security_policy.md.erb +0 -57
  167. data/docs/resources/service.md.erb +0 -131
  168. data/docs/resources/shadow.md.erb +0 -267
  169. data/docs/resources/ssh_config.md.erb +0 -83
  170. data/docs/resources/sshd_config.md.erb +0 -93
  171. data/docs/resources/ssl.md.erb +0 -129
  172. data/docs/resources/sys_info.md.erb +0 -52
  173. data/docs/resources/systemd_service.md.erb +0 -67
  174. data/docs/resources/sysv_service.md.erb +0 -67
  175. data/docs/resources/upstart_service.md.erb +0 -67
  176. data/docs/resources/user.md.erb +0 -150
  177. data/docs/resources/users.md.erb +0 -137
  178. data/docs/resources/vbscript.md.erb +0 -65
  179. data/docs/resources/virtualization.md.erb +0 -67
  180. data/docs/resources/windows_feature.md.erb +0 -69
  181. data/docs/resources/windows_hotfix.md.erb +0 -63
  182. data/docs/resources/windows_task.md.erb +0 -95
  183. data/docs/resources/wmi.md.erb +0 -91
  184. data/docs/resources/x509_certificate.md.erb +0 -161
  185. data/docs/resources/xinetd_conf.md.erb +0 -166
  186. data/docs/resources/xml.md.erb +0 -95
  187. data/docs/resources/yaml.md.erb +0 -79
  188. data/docs/resources/yum.md.erb +0 -108
  189. data/docs/resources/zfs_dataset.md.erb +0 -63
  190. data/docs/resources/zfs_pool.md.erb +0 -57
  191. data/docs/shared/matcher_be.md.erb +0 -1
  192. data/docs/shared/matcher_cmp.md.erb +0 -43
  193. data/docs/shared/matcher_eq.md.erb +0 -3
  194. data/docs/shared/matcher_include.md.erb +0 -1
  195. data/docs/shared/matcher_match.md.erb +0 -1
  196. data/docs/shell.md +0 -217
  197. data/docs/style.md +0 -178
  198. data/examples/README.md +0 -8
  199. data/examples/custom-resource/README.md +0 -3
  200. data/examples/custom-resource/controls/example.rb +0 -7
  201. data/examples/custom-resource/inspec.yml +0 -8
  202. data/examples/custom-resource/libraries/batsignal.rb +0 -20
  203. data/examples/custom-resource/libraries/gordon.rb +0 -21
  204. data/examples/inheritance/README.md +0 -65
  205. data/examples/inheritance/controls/example.rb +0 -14
  206. data/examples/inheritance/inspec.yml +0 -16
  207. data/examples/kitchen-ansible/.kitchen.yml +0 -25
  208. data/examples/kitchen-ansible/Gemfile +0 -19
  209. data/examples/kitchen-ansible/README.md +0 -53
  210. data/examples/kitchen-ansible/files/nginx.repo +0 -6
  211. data/examples/kitchen-ansible/tasks/main.yml +0 -16
  212. data/examples/kitchen-ansible/test/integration/default/default.yml +0 -5
  213. data/examples/kitchen-ansible/test/integration/default/web_spec.rb +0 -28
  214. data/examples/kitchen-chef/.kitchen.yml +0 -20
  215. data/examples/kitchen-chef/Berksfile +0 -3
  216. data/examples/kitchen-chef/Gemfile +0 -19
  217. data/examples/kitchen-chef/README.md +0 -27
  218. data/examples/kitchen-chef/metadata.rb +0 -7
  219. data/examples/kitchen-chef/recipes/default.rb +0 -6
  220. data/examples/kitchen-chef/recipes/nginx.rb +0 -30
  221. data/examples/kitchen-chef/test/integration/default/web_spec.rb +0 -28
  222. data/examples/kitchen-puppet/.kitchen.yml +0 -23
  223. data/examples/kitchen-puppet/Gemfile +0 -20
  224. data/examples/kitchen-puppet/Puppetfile +0 -25
  225. data/examples/kitchen-puppet/README.md +0 -53
  226. data/examples/kitchen-puppet/manifests/site.pp +0 -33
  227. data/examples/kitchen-puppet/metadata.json +0 -11
  228. data/examples/kitchen-puppet/modules/.gitkeep +0 -0
  229. data/examples/kitchen-puppet/test/integration/default/web_spec.rb +0 -28
  230. data/examples/meta-profile/README.md +0 -37
  231. data/examples/meta-profile/controls/example.rb +0 -13
  232. data/examples/meta-profile/inspec.yml +0 -13
  233. data/examples/plugins/inspec-resource-lister/Gemfile +0 -12
  234. data/examples/plugins/inspec-resource-lister/LICENSE +0 -13
  235. data/examples/plugins/inspec-resource-lister/README.md +0 -62
  236. data/examples/plugins/inspec-resource-lister/Rakefile +0 -40
  237. data/examples/plugins/inspec-resource-lister/inspec-resource-lister.gemspec +0 -45
  238. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister.rb +0 -16
  239. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/cli_command.rb +0 -70
  240. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/plugin.rb +0 -55
  241. data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/version.rb +0 -10
  242. data/examples/plugins/inspec-resource-lister/test/fixtures/README.md +0 -24
  243. data/examples/plugins/inspec-resource-lister/test/functional/README.md +0 -18
  244. data/examples/plugins/inspec-resource-lister/test/functional/inspec_resource_lister_test.rb +0 -110
  245. data/examples/plugins/inspec-resource-lister/test/helper.rb +0 -26
  246. data/examples/plugins/inspec-resource-lister/test/unit/README.md +0 -17
  247. data/examples/plugins/inspec-resource-lister/test/unit/cli_args_test.rb +0 -64
  248. data/examples/plugins/inspec-resource-lister/test/unit/plugin_def_test.rb +0 -51
  249. data/examples/profile-attribute.yml +0 -2
  250. data/examples/profile-attribute/README.md +0 -14
  251. data/examples/profile-attribute/controls/example.rb +0 -11
  252. data/examples/profile-attribute/inspec.yml +0 -8
  253. data/examples/profile-aws/controls/iam_password_policy_expiration.rb +0 -8
  254. data/examples/profile-aws/controls/iam_password_policy_max_age.rb +0 -8
  255. data/examples/profile-aws/controls/iam_root_user_mfa.rb +0 -8
  256. data/examples/profile-aws/controls/iam_users_access_key_age.rb +0 -8
  257. data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +0 -8
  258. data/examples/profile-aws/inspec.yml +0 -11
  259. data/examples/profile-azure/controls/azure_resource_group_example.rb +0 -24
  260. data/examples/profile-azure/controls/azure_vm_example.rb +0 -29
  261. data/examples/profile-azure/inspec.yml +0 -11
  262. data/examples/profile-sensitive/README.md +0 -29
  263. data/examples/profile-sensitive/controls/sensitive-failures.rb +0 -9
  264. data/examples/profile-sensitive/controls/sensitive.rb +0 -9
  265. data/examples/profile-sensitive/inspec.yml +0 -8
  266. data/examples/profile/README.md +0 -48
  267. data/examples/profile/controls/example.rb +0 -24
  268. data/examples/profile/controls/gordon.rb +0 -36
  269. data/examples/profile/controls/meta.rb +0 -36
  270. data/examples/profile/inspec.yml +0 -11
  271. data/examples/profile/libraries/gordon_config.rb +0 -59
@@ -1,26 +0,0 @@
1
- # Test helper file for example plugins
2
-
3
- # This file's job is to collect any libraries needed for testing, as well as provide
4
- # any utilities to make testing a plugin easier.
5
-
6
- # InSpec core provides a number of such libraries and facilities, in the file
7
- # lib/pligins/shared/core_plugin_test_helper.rb . So, one job in this file is
8
- # to locate and load that file.
9
- require 'inspec/../plugins/shared/core_plugin_test_helper'
10
-
11
- # Also load the InSpec plugin system. We need this so we can unit-test the plugin
12
- # classes, which will rely on the plugin system.
13
- require 'inspec/plugin/v2'
14
-
15
- # Caution: loading all of InSpec (i.e. require 'inspec') may cause interference with
16
- # minitest/spec; one symptom would be appearing to have no tests.
17
- # See https://github.com/inspec/inspec/issues/3380
18
-
19
- # You can select from a number of test harnesses. Since InSpec uses Spec-style controls
20
- # in profile code, you will probably want to use something like minitest/spec, which provides
21
- # Spec-style tests.
22
- require 'minitest/spec'
23
- require 'minitest/autorun'
24
-
25
- # You might want to put some debugging tools here. We run tests to find bugs, after all.
26
- require 'byebug'
@@ -1,17 +0,0 @@
1
- # Unit Testing Area for Example Plugins
2
-
3
- ## What Example Tests are Provided?
4
-
5
- Here, since this is a CliCommand plugin, we provide two sets of unit tests:
6
-
7
- * plugin_def_test.rb - Would be useful in any plugin. Verifies that the plugin is properly detected and registered.
8
- * cli_args_test.rb - Verifies that the expected commands are present, and that they have the expected options and args.
9
-
10
- ## What are Unit Tests?
11
-
12
- Unit tests are tests that verify that the individual components of your plugin work as intended. To be picked up by the Rake tasks as tests, each test file should end in `_test.rb`.
13
-
14
- ## Unit vs Functional Tests
15
-
16
- A practical difference between unit tests and functional tests is that unit tests all run within one process, while functional tests might exercise a CLI plugin by shelling out to an inspec command in a subprocess, and examining the results.
17
-
@@ -1,64 +0,0 @@
1
- # This unit test performs some tests to verify that the command line options for
2
- # inspec-resource-lister are correct.
3
-
4
- # Include our test harness
5
- require_relative '../helper'
6
-
7
- # Load the class under test, the CliCommand definition.
8
- require 'inspec-resource-lister/cli_command'
9
-
10
- # Because InSpec is a Spec-style test suite, we're going to use MiniTest::Spec
11
- # here, for familiar look and feel. However, this isn't InSpec (or RSpec) code.
12
- describe InspecPlugins::ResourceLister::CliCommand do
13
-
14
- # When writing tests, you can use `let` to create variables that you
15
- # can reference easily.
16
-
17
- # This is the CLI Command implementation class.
18
- # It is a subclass of Thor, which is a CLI framework.
19
- # This unit test file is mostly about verifying the Thor settings.
20
- let(:cli_class) { InspecPlugins::ResourceLister::CliCommand }
21
-
22
- # This is a Hash of Structs that tells us details of options for the 'core' subcommand.
23
- let(:core_options) { cli_class.all_commands['core'].options }
24
-
25
- # To group tests together, you can nest 'describe' in minitest/spec
26
- # (that is discouraged in InSpec control code.)
27
- describe 'the core command' do
28
-
29
- # Some tests through here use minitest Expectations, which attach to all
30
- # Objects, and begin with 'must' (positive) or 'wont' (negative)
31
- # See https://ruby-doc.org/stdlib-2.1.0/libdoc/minitest/rdoc/MiniTest/Expectations.html
32
-
33
- # Option count OK?
34
- it "should take one option" do
35
- core_options.count.must_equal(1)
36
- end
37
-
38
- # Summary option
39
- describe "the summary option" do
40
- it "should be present" do
41
- core_options.keys.must_include(:summary)
42
- end
43
- it "should have a description" do
44
- core_options[:summary].description.wont_be_nil
45
- end
46
- it "should not be required" do
47
- core_options[:summary].required.wont_equal(true)
48
- end
49
- it "should have a single-letter alias" do
50
- core_options[:summary].aliases.must_include(:s)
51
- end
52
- end
53
-
54
- # Argument count
55
- # The 'core' command takes one optional argument. According to the
56
- # metaprogramming rules of Ruby, the core() method should thus have an
57
- # arity of -1. See http://ruby-doc.org/core-2.5.1/Method.html#method-i-arity
58
- # for how that number is caclulated.
59
- it "should take one optional argument" do
60
- cli_class.instance_method(:core).arity.must_equal(-1)
61
- end
62
-
63
- end
64
- end
@@ -1,51 +0,0 @@
1
- # This unit test performs some tests to verify that
2
- # the inspec-resource-lister plugin is configured correctly.
3
-
4
- # Include our test harness
5
- require_relative '../helper'
6
-
7
- # Load the class under test, the Plugin definition.
8
- require 'inspec-resource-lister/plugin'
9
-
10
- # Because InSpec is a Spec-style test suite, we're going to use MiniTest::Spec
11
- # here, for familiar look and feel. However, this isn't InSpec (or RSpec) code.
12
-
13
- describe InspecPlugins::ResourceLister::Plugin do
14
-
15
- # When writing tests, you can use `let` to create variables that you
16
- # can reference easily.
17
-
18
- # Internally, plugins are always known by a Symbol name. Convert here.
19
- let(:plugin_name) { :'inspec-resource-lister' }
20
-
21
- # The Registry knows about all plugins that ship with InSpec by
22
- # default, as well as any that are installed by the user. When a
23
- # plugin definition is loaded, it will also self-register.
24
- let(:registry) { Inspec::Plugin::V2::Registry.instance }
25
-
26
- # The plugin status record tells us what the Registry knows.
27
- # Note that you can use previously-defined 'let's.
28
- let(:status) { registry[plugin_name] }
29
-
30
- # OK, actual tests!
31
-
32
- # Does the Registry know about us at all?
33
- it "should be registered" do
34
- registry.known_plugin?(plugin_name)
35
- end
36
-
37
- # Some tests through here use minitest Expectations, which attach to all
38
- # Objects, and begin with 'must' (positive) or 'wont' (negative)
39
- # See https://ruby-doc.org/stdlib-2.1.0/libdoc/minitest/rdoc/MiniTest/Expectations.html
40
-
41
- # The plugin system had an undocumented v1 API; this should be a v2 example.
42
- it "should be an api-v2 plugin" do
43
- status.api_generation.must_equal(2)
44
- end
45
-
46
- # Plugins can support several different activator hooks, each of which has a type.
47
- # Since this is (primarily) a CliCommand plugin, we'd expect to see that among our types.
48
- it "should include a cli_command activator hook" do
49
- status.plugin_types.must_include(:cli_command)
50
- end
51
- end
@@ -1,2 +0,0 @@
1
- user: bob
2
- password: secret
@@ -1,14 +0,0 @@
1
- # Example InSpec Profile with Attributes
2
-
3
- This profile uses InSpec attributes to parameterize a profile.
4
-
5
- ## Usage
6
-
7
- ```
8
- $ inspec exec examples/profile-attribute --attrs examples/profile-attribute.yml
9
- ....
10
-
11
- Finished in 0.00178 seconds (files took 0.48529 seconds to load)
12
- 4 examples, 0 failures
13
-
14
- ```
@@ -1,11 +0,0 @@
1
- # encoding: utf-8
2
- val_user = attribute('user', default: 'alice', description: 'An identification for the user')
3
- val_password = attribute('password', description: 'A value for the password')
4
-
5
- describe val_user do
6
- it { should eq 'bob' }
7
- end
8
-
9
- describe val_password do
10
- it { should eq 'secret' }
11
- end
@@ -1,8 +0,0 @@
1
- name: profile-attribute
2
- title: InSpec Profile
3
- maintainer: The Authors
4
- copyright: The Authors
5
- copyright_email: you@example.com
6
- license: Apache-2.0
7
- summary: An InSpec Compliance Profile
8
- version: 0.1.0
@@ -1,8 +0,0 @@
1
- control 'iam_password_policy_expiration' do
2
- title 'Passwords must be set to expire'
3
- impact 1.0
4
-
5
- describe aws_iam_password_policy do
6
- it { should expire_passwords }
7
- end
8
- end
@@ -1,8 +0,0 @@
1
- control 'iam_password_policy_max_age' do
2
- title 'Passwords older than 90 days are not allowed'
3
- impact 1.0
4
-
5
- describe aws_iam_password_policy do
6
- its('max_password_age_in_days') { should cmp <=90 }
7
- end
8
- end
@@ -1,8 +0,0 @@
1
- control 'iam_root_user_mfa' do
2
- title 'MFA should be enabled for the root user'
3
- impact 1.0
4
-
5
- describe aws_iam_root_user do
6
- it { should have_mfa_enabled }
7
- end
8
- end
@@ -1,8 +0,0 @@
1
- control 'iam_users_access_key_age' do
2
- title 'No access keys may be older than 90 days'
3
- impact 1.0
4
-
5
- describe aws_iam_access_keys.where { created_days_ago > 90 } do
6
- its('entries') { should be_empty }
7
- end
8
- end
@@ -1,8 +0,0 @@
1
- control 'iam_users_console_users_mfa' do
2
- title 'Users with console access must have MFA enabled'
3
- impact 1.0
4
-
5
- describe aws_iam_users.where { has_console_password and not has_mfa_enabled } do
6
- its('entries') { should be_empty }
7
- end
8
- end
@@ -1,11 +0,0 @@
1
- name: profile-aws
2
- title: AWS Example Profile
3
- maintainer: Chef Software, Inc.
4
- copyright: Chef Software, Inc.
5
- copyright_email: support@chef.io
6
- license: Apache-2.0
7
- summary: Demonstrates the use of an InSpec Compliance Profile on AWS
8
- version: 1.0.0
9
-
10
- supports:
11
- - platform: aws
@@ -1,24 +0,0 @@
1
- control 'azure_resource_group_example' do
2
- title 'Check if the Example Resource Group matches expectations'
3
- impact 1.0
4
-
5
- describe azure_resource_group(name: 'Inspec-Azure') do
6
- # Check if the Resource Group is located in the correct region
7
- its('location') { should cmp 'westeurope' }
8
-
9
- # Check if the Resource Group has tags
10
- it { should have_tags }
11
-
12
- # Check if the number of VMs in the Resource Group is correct
13
- its('vm_count') { should eq 3 }
14
-
15
- # Check if the number of public IPs is correct
16
- its('public_ip_count') { should eq 1 }
17
-
18
- # Check if the number of Network Security Groups is correct
19
- its('nsg_count') { should eq 1 }
20
-
21
- # Check if the number of Storage Accounts is correct
22
- its('sa_count') { should eq 1 }
23
- end
24
- end
@@ -1,29 +0,0 @@
1
- control 'azure_vm_example' do
2
- title 'Check if the Example VM matches expectations'
3
- impact 1.0
4
-
5
- describe azure_generic_resource(group_name: 'Inspec-Azure', name: 'Windows-Example-VM') do
6
- # Check if the VM is located in the correct region
7
- its('location') { should cmp 'westeurope' }
8
-
9
- # Check if the VM has tags
10
- it { should_not have_tags }
11
-
12
- # Check if the VM has the correct image
13
- its('properties.storageProfile.imageReference.publisher') { should cmp 'MicrosoftWindowsServer' }
14
- its('properties.storageProfile.imageReference.offer') { should cmp 'WindowsServer' }
15
- its('properties.storageProfile.imageReference.sku') { should cmp '2016-Datacenter' }
16
-
17
- # Check if the VM has the correct size
18
- its('properties.hardwareProfile.vmSize') { should cmp 'Standard_DS2_v2' }
19
-
20
- # Check if the VM has the correct computer name
21
- its('properties.osProfile.computerName') { should eq 'SomethingObscure' }
22
-
23
- # Check if the VM has the correct admin username
24
- its('properties.osProfile.adminUsername') { should eq 'SomethingSecure' }
25
-
26
- # Check if the VM has automatic updates enabled
27
- its('properties.osProfile.windowsConfiguration.enableAutomaticUpdates') { should be true }
28
- end
29
- end
@@ -1,11 +0,0 @@
1
- name: profile-azure
2
- title: Azure Example Profile
3
- maintainer: Chef Software, Inc.
4
- copyright: Chef Software, Inc.
5
- copyright_email: support@chef.io
6
- license: Apache-2.0
7
- summary: Demonstrates the use of an InSpec Compliance Profile on Azure
8
- version: 1.0.0
9
-
10
- supports:
11
- - platform: azure
@@ -1,29 +0,0 @@
1
- # Example InSpec Profile with Sensitive failures
2
-
3
- This profile demonstrates resources flagged as sensitive
4
-
5
- ## Usage
6
-
7
- ```
8
- $ inspec exec examples/profile-sensitive
9
- ....
10
-
11
- bob should
12
- ∅ eq "billy"
13
-
14
- expected: "billy"
15
- got: "bob"
16
-
17
- (compared using ==)
18
-
19
- sensitivepassword should
20
- ∅ eq "secret"
21
- *** sensitive output suppressed ***
22
- bob should
23
- ✔ eq "bob"
24
- sensitivepassword should
25
- ✔ eq "sensitivepassword"
26
-
27
- Test Summary: 2 successful, 2 failures, 0 skipped
28
-
29
- ```
@@ -1,9 +0,0 @@
1
- # encoding: utf-8
2
-
3
- describe 'bob' do
4
- it { should eq 'billy' }
5
- end
6
-
7
- describe 'sensitivepassword', :sensitive do
8
- it { should eq 'secret' }
9
- end
@@ -1,9 +0,0 @@
1
- # encoding: utf-8
2
-
3
- describe 'bob' do
4
- it { should eq 'bob' }
5
- end
6
-
7
- describe 'sensitivepassword', :sensitive do
8
- it { should eq 'sensitivepassword' }
9
- end
@@ -1,8 +0,0 @@
1
- name: profile-sensitive
2
- title: InSpec Sensitive Profile
3
- maintainer: The Authors
4
- copyright: The Authors
5
- copyright_email: you@example.com
6
- license: Apache-2.0
7
- summary: An InSpec Compliance Profile
8
- version: 0.1.0
@@ -1,48 +0,0 @@
1
- # Example InSpec Profile
2
-
3
- This example shows the implementation of an InSpec [profile](../../docs/profiles.md).
4
-
5
- ## Verify a profile
6
-
7
- InSpec ships with built-in features to verify a profile structure.
8
-
9
- ```bash
10
- $ inspec check examples/profile
11
- Summary
12
- -------
13
- Location: examples/profile
14
- Profile: profile
15
- Controls: 4
16
- Timestamp: 2016-03-24T16:20:21+00:00
17
- Valid: true
18
-
19
- Errors
20
- ------
21
-
22
- Warnings
23
- --------
24
- ```
25
-
26
- ## Execute a profile
27
-
28
- To run all **supported** controls on a local machine use `inspec exec /path/to/profile`.
29
-
30
- ```bash
31
- $ inspec exec examples/profile
32
- ..
33
-
34
- Finished in 0.0025 seconds (files took 0.12449 seconds to load)
35
- 8 examples, 0 failures
36
- ```
37
-
38
- ## Execute a specific control from a profile
39
-
40
- To run one control from the profile use `inspec exec /path/to/profile --controls name`.
41
-
42
- ```bash
43
- $ inspec exec examples/profile --controls tmp-1.0
44
- .
45
-
46
- Finished in 0.0025 seconds (files took 0.12449 seconds to load)
47
- 1 examples, 0 failures
48
- ```