inspec 2.3.10 → 2.3.23

data/examples/plugins/inspec-resource-lister/test/helper.rb

@@ -1,26 +0,0 @@
-# Test helper file for example plugins
-
-# This file's job is to collect any libraries needed for testing, as well as provide
-# any utilities to make testing a plugin easier.
-
-# InSpec core provides a number of such libraries and facilities, in the file
-# lib/pligins/shared/core_plugin_test_helper.rb . So, one job in this file is
-# to locate and load that file.
-require 'inspec/../plugins/shared/core_plugin_test_helper'
-
-# Also load the InSpec plugin system. We need this so we can unit-test the plugin
-# classes, which will rely on the plugin system.
-require 'inspec/plugin/v2'
-
-# Caution: loading all of InSpec (i.e. require 'inspec') may cause interference with
-# minitest/spec; one symptom would be appearing to have no tests.
-# See https://github.com/inspec/inspec/issues/3380
-
-# You can select from a number of test harnesses.  Since InSpec uses Spec-style controls
-# in profile code, you will probably want to use something like minitest/spec, which provides
-# Spec-style tests.
-require 'minitest/spec'
-require 'minitest/autorun'
-
-# You might want to put some debugging tools here.  We run tests to find bugs, after all.
-require 'byebug'

data/examples/plugins/inspec-resource-lister/test/unit/README.md

@@ -1,17 +0,0 @@
-# Unit Testing Area for Example Plugins
-
-## What Example Tests are Provided?
-
-Here, since this is a CliCommand plugin, we provide two sets of unit tests:
-
- * plugin_def_test.rb - Would be useful in any plugin.  Verifies that the plugin is properly detected and registered.
- * cli_args_test.rb - Verifies that the expected commands are present, and that they have the expected options and args.
-
-## What are Unit Tests?
-
-Unit tests are tests that verify that the individual components of your plugin work as intended.  To be picked up by the Rake tasks as tests, each test file should end in `_test.rb`.
-
-## Unit vs Functional Tests
-
-A practical difference between unit tests and functional tests is that unit tests all run within one process, while functional tests might exercise a CLI plugin by shelling out to an inspec command in a subprocess, and examining the results.
-

data/examples/plugins/inspec-resource-lister/test/unit/cli_args_test.rb

@@ -1,64 +0,0 @@
-# This unit test performs some tests to verify that the command line options for
-# inspec-resource-lister are correct.
-
-# Include our test harness
-require_relative '../helper'
-
-# Load the class under test, the CliCommand definition.
-require 'inspec-resource-lister/cli_command'
-
-# Because InSpec is a Spec-style test suite, we're going to use MiniTest::Spec
-# here, for familiar look and feel. However, this isn't InSpec (or RSpec) code.
-describe InspecPlugins::ResourceLister::CliCommand do
-
-  # When writing tests, you can use `let` to create variables that you
-  # can reference easily.
-
-  # This is the CLI Command implementation class.
-  # It is a subclass of Thor, which is a CLI framework.
-  # This unit test file is mostly about verifying the Thor settings.
-  let(:cli_class) { InspecPlugins::ResourceLister::CliCommand }
-
-  # This is a Hash of Structs that tells us details of options for the 'core' subcommand.
-  let(:core_options) { cli_class.all_commands['core'].options }
-
-  # To group tests together, you can nest 'describe' in minitest/spec
-  # (that is discouraged in InSpec control code.)
-  describe 'the core command' do
-
-    # Some tests through here use minitest Expectations, which attach to all
-    # Objects, and begin with 'must' (positive) or 'wont' (negative)
-    # See https://ruby-doc.org/stdlib-2.1.0/libdoc/minitest/rdoc/MiniTest/Expectations.html
-
-    # Option count OK?
-    it "should take one option" do
-      core_options.count.must_equal(1)
-    end
-
-    # Summary option
-    describe "the summary option" do
-      it "should be present" do
-        core_options.keys.must_include(:summary)
-      end
-      it "should have a description" do
-        core_options[:summary].description.wont_be_nil
-      end
-      it "should not be required" do
-        core_options[:summary].required.wont_equal(true)
-      end
-      it "should have a single-letter alias" do
-        core_options[:summary].aliases.must_include(:s)
-      end
-    end
-
-    # Argument count
-    # The 'core' command takes one optional argument. According to the
-    # metaprogramming rules of Ruby, the core() method should thus have an
-    # arity of -1. See http://ruby-doc.org/core-2.5.1/Method.html#method-i-arity
-    # for how that number is caclulated.
-    it "should take one optional argument" do
-      cli_class.instance_method(:core).arity.must_equal(-1)
-    end
-
-  end
-end

data/examples/plugins/inspec-resource-lister/test/unit/plugin_def_test.rb

@@ -1,51 +0,0 @@
-# This unit test performs some tests to verify that
-# the inspec-resource-lister plugin is configured correctly.
-
-# Include our test harness
-require_relative '../helper'
-
-# Load the class under test, the Plugin definition.
-require 'inspec-resource-lister/plugin'
-
-# Because InSpec is a Spec-style test suite, we're going to use MiniTest::Spec
-# here, for familiar look and feel. However, this isn't InSpec (or RSpec) code.
-
-describe InspecPlugins::ResourceLister::Plugin do
-
-  # When writing tests, you can use `let` to create variables that you
-  # can reference easily.
-
-  # Internally, plugins are always known by a Symbol name. Convert here.
-  let(:plugin_name) { :'inspec-resource-lister' }
-
-  # The Registry knows about all plugins that ship with InSpec by
-  # default, as well as any that are installed by the user. When a
-  # plugin definition is loaded, it will also self-register.
-  let(:registry) { Inspec::Plugin::V2::Registry.instance }
-
-  # The plugin status record tells us what the Registry knows.
-  # Note that you can use previously-defined 'let's.
-  let(:status) { registry[plugin_name] }
-
-  # OK, actual tests!
-
-  # Does the Registry know about us at all?
-  it "should be registered" do
-    registry.known_plugin?(plugin_name)
-  end
-
-  # Some tests through here use minitest Expectations, which attach to all
-  # Objects, and begin with 'must' (positive) or 'wont' (negative)
-  # See https://ruby-doc.org/stdlib-2.1.0/libdoc/minitest/rdoc/MiniTest/Expectations.html
-
-  # The plugin system had an undocumented v1 API; this should be a v2 example.
-  it "should be an api-v2 plugin" do
-    status.api_generation.must_equal(2)
-  end
-
-  # Plugins can support several different activator hooks, each of which has a type.
-  # Since this is (primarily) a CliCommand plugin, we'd expect to see that among our types.
-  it "should include a cli_command activator hook" do
-    status.plugin_types.must_include(:cli_command)
-  end
-end

data/examples/profile-attribute.yml

@@ -1,2 +0,0 @@
-user: bob
-password: secret

data/examples/profile-attribute/README.md

@@ -1,14 +0,0 @@
-# Example InSpec Profile with Attributes
-
-This profile uses InSpec attributes to parameterize a profile.
-
-## Usage
-
-```
-$ inspec exec examples/profile-attribute --attrs examples/profile-attribute.yml
-....
-
-Finished in 0.00178 seconds (files took 0.48529 seconds to load)
-4 examples, 0 failures
-
-```

data/examples/profile-attribute/controls/example.rb

@@ -1,11 +0,0 @@
-# encoding: utf-8
-val_user = attribute('user', default: 'alice', description: 'An identification for the user')
-val_password = attribute('password', description: 'A value for the password')
-
-describe val_user do
-  it { should eq 'bob' }
-end
-
-describe val_password do
-  it { should eq 'secret' }
-end

data/examples/profile-attribute/inspec.yml

@@ -1,8 +0,0 @@
-name: profile-attribute
-title: InSpec Profile
-maintainer: The Authors
-copyright: The Authors
-copyright_email: you@example.com
-license: Apache-2.0
-summary: An InSpec Compliance Profile
-version: 0.1.0

data/examples/profile-aws/controls/iam_password_policy_expiration.rb

@@ -1,8 +0,0 @@
-control 'iam_password_policy_expiration' do
-  title 'Passwords must be set to expire'
-  impact 1.0
-
-  describe aws_iam_password_policy do
-    it { should expire_passwords }
-  end
-end

data/examples/profile-aws/controls/iam_password_policy_max_age.rb

@@ -1,8 +0,0 @@
-control 'iam_password_policy_max_age' do
-  title 'Passwords older than 90 days are not allowed'
-  impact 1.0
-
-  describe aws_iam_password_policy do
-    its('max_password_age_in_days') { should cmp <=90 }
-  end
-end

data/examples/profile-aws/controls/iam_root_user_mfa.rb

@@ -1,8 +0,0 @@
-control 'iam_root_user_mfa' do
-  title 'MFA should be enabled for the root user'
-  impact 1.0
-
-  describe aws_iam_root_user do
-    it { should have_mfa_enabled }
-  end
-end

data/examples/profile-aws/controls/iam_users_access_key_age.rb

@@ -1,8 +0,0 @@
-control 'iam_users_access_key_age' do
-  title 'No access keys may be older than 90 days'
-  impact 1.0
-
-  describe aws_iam_access_keys.where { created_days_ago > 90 } do
-    its('entries') { should be_empty }
-  end
-end

data/examples/profile-aws/controls/iam_users_console_users_mfa.rb

@@ -1,8 +0,0 @@
-control 'iam_users_console_users_mfa' do
-  title 'Users with console access must have MFA enabled'
-  impact 1.0
-
-  describe aws_iam_users.where { has_console_password and not has_mfa_enabled } do
-    its('entries') { should be_empty }
-  end
-end

data/examples/profile-aws/inspec.yml

@@ -1,11 +0,0 @@
-name: profile-aws
-title: AWS Example Profile
-maintainer: Chef Software, Inc.
-copyright: Chef Software, Inc.
-copyright_email: support@chef.io
-license: Apache-2.0
-summary: Demonstrates the use of an InSpec Compliance Profile on AWS
-version: 1.0.0
-
-supports:
-  - platform: aws

data/examples/profile-azure/controls/azure_resource_group_example.rb

@@ -1,24 +0,0 @@
-control 'azure_resource_group_example' do
-  title 'Check if the Example Resource Group matches expectations'
-  impact 1.0
-
-  describe azure_resource_group(name: 'Inspec-Azure') do
-    # Check if the Resource Group is located in the correct region
-    its('location') { should cmp 'westeurope' }
-
-    # Check if the Resource Group has tags
-    it { should have_tags }
-
-    # Check if the number of VMs in the Resource Group is correct
-    its('vm_count') { should eq 3 }
-
-    # Check if the number of public IPs is correct
-    its('public_ip_count') { should eq 1 }
-
-    # Check if the number of Network Security Groups is correct
-    its('nsg_count') { should eq 1 }
-
-    # Check if the number of Storage Accounts is correct
-    its('sa_count') { should eq 1 }
-  end
-end

data/examples/profile-azure/controls/azure_vm_example.rb

@@ -1,29 +0,0 @@
-control 'azure_vm_example' do
-  title 'Check if the Example VM matches expectations'
-  impact 1.0
-
-  describe azure_generic_resource(group_name: 'Inspec-Azure', name: 'Windows-Example-VM') do
-    # Check if the VM is located in the correct region
-    its('location') { should cmp 'westeurope' }
-
-    # Check if the VM has tags
-    it { should_not have_tags }
-
-    # Check if the VM has the correct image
-    its('properties.storageProfile.imageReference.publisher') { should cmp 'MicrosoftWindowsServer' }
-    its('properties.storageProfile.imageReference.offer') { should cmp 'WindowsServer' }
-    its('properties.storageProfile.imageReference.sku') { should cmp '2016-Datacenter' }
-
-    # Check if the VM has the correct size
-    its('properties.hardwareProfile.vmSize') { should cmp 'Standard_DS2_v2' }
-
-    # Check if the VM has the correct computer name
-    its('properties.osProfile.computerName') { should eq 'SomethingObscure' }
-
-    # Check if the VM has the correct admin username
-    its('properties.osProfile.adminUsername') { should eq 'SomethingSecure' }
-
-    # Check if the VM has automatic updates enabled
-    its('properties.osProfile.windowsConfiguration.enableAutomaticUpdates') { should be true }
-  end
-end

data/examples/profile-azure/inspec.yml

@@ -1,11 +0,0 @@
-name: profile-azure
-title: Azure Example Profile
-maintainer: Chef Software, Inc.
-copyright: Chef Software, Inc.
-copyright_email: support@chef.io
-license: Apache-2.0
-summary: Demonstrates the use of an InSpec Compliance Profile on Azure
-version: 1.0.0
-
-supports:
-  - platform: azure

data/examples/profile-sensitive/README.md

@@ -1,29 +0,0 @@
-# Example InSpec Profile with Sensitive failures
-
-This profile demonstrates resources flagged as sensitive
-
-## Usage
-
-```
-$ inspec exec examples/profile-sensitive
-....
-
-  bob should
-   ∅  eq "billy"
-
-   expected: "billy"
-        got: "bob"
-
-   (compared using ==)
-
-  sensitivepassword should
-     ∅  eq "secret"
-     *** sensitive output suppressed ***
-  bob should
-     ✔  eq "bob"
-  sensitivepassword should
-     ✔  eq "sensitivepassword"
-
-Test Summary: 2 successful, 2 failures, 0 skipped
-
-```

data/examples/profile-sensitive/controls/sensitive-failures.rb

@@ -1,9 +0,0 @@
-# encoding: utf-8
-
-describe 'bob' do
-  it { should eq 'billy' }
-end
-
-describe 'sensitivepassword', :sensitive do
-  it { should eq 'secret' }
-end

data/examples/profile-sensitive/controls/sensitive.rb

@@ -1,9 +0,0 @@
-# encoding: utf-8
-
-describe 'bob' do
-  it { should eq 'bob' }
-end
-
-describe 'sensitivepassword', :sensitive do
-  it { should eq 'sensitivepassword' }
-end

data/examples/profile-sensitive/inspec.yml

@@ -1,8 +0,0 @@
-name: profile-sensitive
-title: InSpec Sensitive Profile
-maintainer: The Authors
-copyright: The Authors
-copyright_email: you@example.com
-license: Apache-2.0
-summary: An InSpec Compliance Profile
-version: 0.1.0

data/examples/profile/README.md

@@ -1,48 +0,0 @@
-# Example InSpec Profile
-
-This example shows the implementation of an InSpec [profile](../../docs/profiles.md).
-
-## Verify a profile
-
-InSpec ships with built-in features to verify a profile structure.
-
-```bash
-$ inspec check examples/profile
-Summary
--------
-Location: examples/profile
-Profile: profile
-Controls: 4
-Timestamp: 2016-03-24T16:20:21+00:00
-Valid: true
-
-Errors
-------
-
-Warnings
---------
-```
-
-## Execute a profile
-
-To run all **supported** controls on a local machine use `inspec exec /path/to/profile`.
-
-```bash
-$ inspec exec examples/profile
-..
-
-Finished in 0.0025 seconds (files took 0.12449 seconds to load)
-8 examples, 0 failures
-```
-
-## Execute a specific control from a profile
-
-To run one control from the profile use `inspec exec /path/to/profile --controls name`.
-
-```bash
-$ inspec exec examples/profile --controls tmp-1.0
-.
-
-Finished in 0.0025 seconds (files took 0.12449 seconds to load)
-1 examples, 0 failures
-```