inspec 4.3.2 → 4.6.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +36 -38
- data/README.md +37 -21
- data/etc/deprecations.json +10 -0
- data/etc/plugin_filters.json +8 -0
- data/inspec.gemspec +38 -39
- data/lib/bundles/inspec-compliance/api.rb +1 -1
- data/lib/bundles/inspec-compliance/configuration.rb +1 -1
- data/lib/bundles/inspec-compliance/http.rb +1 -1
- data/lib/bundles/inspec-compliance/support.rb +1 -1
- data/lib/bundles/inspec-compliance/target.rb +1 -1
- data/lib/bundles/inspec-supermarket.rb +3 -7
- data/lib/bundles/inspec-supermarket/api.rb +10 -13
- data/lib/bundles/inspec-supermarket/cli.rb +12 -15
- data/lib/bundles/inspec-supermarket/target.rb +7 -11
- data/lib/fetchers/git.rb +14 -15
- data/lib/fetchers/local.rb +6 -10
- data/lib/fetchers/mock.rb +3 -5
- data/lib/fetchers/url.rb +42 -44
- data/lib/inspec.rb +23 -24
- data/lib/inspec/archive/tar.rb +2 -6
- data/lib/inspec/archive/zip.rb +3 -7
- data/lib/inspec/backend.rb +8 -9
- data/lib/inspec/base_cli.rb +64 -65
- data/lib/inspec/cached_fetcher.rb +2 -3
- data/lib/inspec/cli.rb +136 -97
- data/lib/inspec/config.rb +71 -61
- data/lib/inspec/control_eval_context.rb +22 -18
- data/lib/inspec/dependencies/cache.rb +2 -3
- data/lib/inspec/dependencies/dependency_set.rb +2 -3
- data/lib/inspec/dependencies/lockfile.rb +8 -9
- data/lib/inspec/dependencies/requirement.rb +7 -8
- data/lib/inspec/dependencies/resolver.rb +5 -7
- data/lib/inspec/describe.rb +2 -6
- data/lib/inspec/dist.rb +20 -0
- data/lib/inspec/dsl.rb +4 -7
- data/lib/inspec/dsl_shared.rb +1 -2
- data/lib/inspec/env_printer.rb +11 -12
- data/lib/inspec/errors.rb +0 -4
- data/lib/inspec/exceptions.rb +0 -1
- data/lib/inspec/expect.rb +5 -8
- data/lib/inspec/fetcher.rb +7 -10
- data/lib/inspec/file_provider.rb +24 -24
- data/lib/inspec/formatters.rb +3 -3
- data/lib/inspec/formatters/base.rb +8 -8
- data/lib/inspec/globals.rb +2 -2
- data/lib/inspec/impact.rb +5 -7
- data/lib/inspec/input_registry.rb +84 -33
- data/lib/inspec/library_eval_context.rb +3 -6
- data/lib/inspec/log.rb +1 -5
- data/lib/inspec/metadata.rb +17 -16
- data/lib/inspec/method_source.rb +5 -9
- data/lib/inspec/objects.rb +10 -12
- data/lib/inspec/objects/control.rb +7 -9
- data/lib/inspec/objects/describe.rb +9 -11
- data/lib/inspec/objects/each_loop.rb +1 -3
- data/lib/inspec/objects/input.rb +24 -26
- data/lib/inspec/objects/list.rb +4 -6
- data/lib/inspec/objects/or_test.rb +2 -4
- data/lib/inspec/objects/ruby_helper.rb +3 -5
- data/lib/inspec/objects/tag.rb +0 -2
- data/lib/inspec/objects/test.rb +9 -11
- data/lib/inspec/objects/value.rb +3 -5
- data/lib/inspec/plugin/v1.rb +2 -2
- data/lib/inspec/plugin/v1/plugin_types/cli.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/fetcher.rb +2 -5
- data/lib/inspec/plugin/v1/plugin_types/resource.rb +4 -6
- data/lib/inspec/plugin/v1/plugin_types/secret.rb +1 -5
- data/lib/inspec/plugin/v1/plugin_types/source_reader.rb +1 -5
- data/lib/inspec/plugin/v1/plugins.rb +15 -19
- data/lib/inspec/plugin/v1/registry.rb +0 -4
- data/lib/inspec/plugin/v2.rb +8 -8
- data/lib/inspec/plugin/v2/activator.rb +1 -1
- data/lib/inspec/plugin/v2/config_file.rb +6 -6
- data/lib/inspec/plugin/v2/filter.rb +13 -13
- data/lib/inspec/plugin/v2/installer.rb +36 -24
- data/lib/inspec/plugin/v2/loader.rb +28 -28
- data/lib/inspec/plugin/v2/plugin_base.rb +15 -2
- data/lib/inspec/plugin/v2/plugin_types/cli.rb +5 -5
- data/lib/inspec/plugin/v2/plugin_types/input.rb +34 -0
- data/lib/inspec/plugin/v2/plugin_types/mock.rb +1 -1
- data/lib/inspec/plugin/v2/registry.rb +7 -7
- data/lib/inspec/polyfill.rb +0 -3
- data/lib/inspec/profile.rb +55 -63
- data/lib/inspec/profile_context.rb +27 -30
- data/lib/inspec/profile_vendor.rb +6 -9
- data/lib/inspec/reporters.rb +24 -24
- data/lib/inspec/reporters/automate.rb +17 -19
- data/lib/inspec/reporters/base.rb +1 -1
- data/lib/inspec/reporters/cli.rb +88 -91
- data/lib/inspec/reporters/json.rb +2 -4
- data/lib/inspec/reporters/json_automate.rb +1 -3
- data/lib/inspec/reporters/json_min.rb +1 -3
- data/lib/inspec/reporters/junit.rb +26 -28
- data/lib/inspec/reporters/yaml.rb +1 -3
- data/lib/inspec/require_loader.rb +0 -4
- data/lib/inspec/resource.rb +4 -125
- data/lib/inspec/resources.rb +121 -0
- data/lib/{resources → inspec/resources}/aide_conf.rb +24 -25
- data/lib/{resources → inspec/resources}/apache.rb +13 -14
- data/lib/{resources → inspec/resources}/apache_conf.rb +16 -17
- data/lib/{resources → inspec/resources}/apt.rb +17 -17
- data/lib/{resources → inspec/resources}/audit_policy.rb +7 -6
- data/lib/{resources → inspec/resources}/auditd.rb +62 -64
- data/lib/{resources → inspec/resources}/auditd_conf.rb +7 -8
- data/lib/{resources → inspec/resources}/bash.rb +6 -8
- data/lib/{resources → inspec/resources}/bond.rb +15 -14
- data/lib/{resources → inspec/resources}/bridge.rb +8 -8
- data/lib/{resources → inspec/resources}/chocolatey_package.rb +10 -8
- data/lib/{resources → inspec/resources}/command.rb +11 -10
- data/lib/{resources → inspec/resources}/cpan.rb +12 -12
- data/lib/{resources → inspec/resources}/cran.rb +9 -9
- data/lib/{resources → inspec/resources}/crontab.rb +47 -48
- data/lib/{resources → inspec/resources}/csv.rb +5 -5
- data/lib/{resources → inspec/resources}/dh_params.rb +5 -7
- data/lib/{resources → inspec/resources}/directory.rb +5 -7
- data/lib/{resources → inspec/resources}/docker.rb +63 -63
- data/lib/{resources → inspec/resources}/docker_container.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_image.rb +9 -9
- data/lib/{resources → inspec/resources}/docker_object.rb +8 -13
- data/lib/{resources → inspec/resources}/docker_plugin.rb +6 -6
- data/lib/{resources → inspec/resources}/docker_service.rb +7 -7
- data/lib/{resources → inspec/resources}/elasticsearch.rb +40 -42
- data/lib/{resources → inspec/resources}/etc_fstab.rb +23 -24
- data/lib/{resources → inspec/resources}/etc_group.rb +26 -27
- data/lib/{resources → inspec/resources}/etc_hosts.rb +11 -13
- data/lib/{resources → inspec/resources}/etc_hosts_allow_deny.rb +25 -27
- data/lib/{resources → inspec/resources}/file.rb +80 -79
- data/lib/{resources → inspec/resources}/filesystem.rb +20 -15
- data/lib/{resources → inspec/resources}/firewalld.rb +26 -26
- data/lib/{resources → inspec/resources}/gem.rb +12 -12
- data/lib/{resources → inspec/resources}/groups.rb +28 -27
- data/lib/{resources → inspec/resources}/grub_conf.rb +46 -48
- data/lib/{resources → inspec/resources}/host.rb +31 -29
- data/lib/{resources → inspec/resources}/http.rb +24 -24
- data/lib/{resources → inspec/resources}/iis_app.rb +6 -7
- data/lib/{resources → inspec/resources}/iis_app_pool.rb +21 -19
- data/lib/{resources → inspec/resources}/iis_site.rb +17 -15
- data/lib/{resources → inspec/resources}/inetd_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/ini.rb +7 -8
- data/lib/{resources → inspec/resources}/interface.rb +30 -30
- data/lib/{resources → inspec/resources}/iptables.rb +8 -8
- data/lib/{resources → inspec/resources}/json.rb +8 -10
- data/lib/{resources → inspec/resources}/kernel_module.rb +15 -15
- data/lib/{resources → inspec/resources}/kernel_parameter.rb +8 -8
- data/lib/{resources → inspec/resources}/key_rsa.rb +8 -10
- data/lib/{resources → inspec/resources}/ksh.rb +6 -8
- data/lib/{resources → inspec/resources}/limits_conf.rb +8 -9
- data/lib/{resources/login_def.rb → inspec/resources/login_defs.rb} +9 -10
- data/lib/{resources → inspec/resources}/mount.rb +6 -8
- data/lib/{resources → inspec/resources}/mssql_session.rb +16 -18
- data/lib/inspec/resources/mysql.rb +81 -0
- data/lib/{resources → inspec/resources}/mysql_conf.rb +13 -14
- data/lib/{resources → inspec/resources}/mysql_session.rb +16 -16
- data/lib/{resources → inspec/resources}/nginx.rb +16 -17
- data/lib/{resources → inspec/resources}/nginx_conf.rb +26 -27
- data/lib/{resources → inspec/resources}/npm.rb +9 -10
- data/lib/{resources → inspec/resources}/ntp_conf.rb +9 -10
- data/lib/{resources → inspec/resources}/oneget.rb +8 -8
- data/lib/{resources → inspec/resources}/oracledb_session.rb +33 -34
- data/lib/{resources → inspec/resources}/os.rb +6 -8
- data/lib/{resources → inspec/resources}/os_env.rb +11 -12
- data/lib/{resources → inspec/resources}/package.rb +66 -65
- data/lib/{resources → inspec/resources}/packages.rb +13 -13
- data/lib/{resources → inspec/resources}/parse_config.rb +8 -8
- data/lib/{resources → inspec/resources}/passwd.rb +18 -19
- data/lib/{resources → inspec/resources}/pip.rb +19 -19
- data/lib/{resources → inspec/resources}/platform.rb +9 -11
- data/lib/{resources → inspec/resources}/port.rb +134 -136
- data/lib/{resources → inspec/resources}/postgres.rb +40 -32
- data/lib/{resources → inspec/resources}/postgres_conf.rb +17 -17
- data/lib/{resources → inspec/resources}/postgres_hba_conf.rb +21 -23
- data/lib/{resources → inspec/resources}/postgres_ident_conf.rb +12 -14
- data/lib/{resources → inspec/resources}/postgres_session.rb +8 -9
- data/lib/{resources → inspec/resources}/powershell.rb +17 -13
- data/lib/{resources → inspec/resources}/processes.rb +29 -29
- data/lib/{resources/rabbitmq_conf.rb → inspec/resources/rabbitmq_config.rb} +10 -11
- data/lib/{resources → inspec/resources}/registry_key.rb +14 -14
- data/lib/inspec/resources/script.rb +1 -0
- data/lib/{resources → inspec/resources}/security_identifier.rb +11 -10
- data/lib/{resources → inspec/resources}/security_policy.rb +59 -58
- data/lib/{resources → inspec/resources}/service.rb +74 -75
- data/lib/{resources → inspec/resources}/shadow.rb +44 -45
- data/lib/{resources/ssh_conf.rb → inspec/resources/ssh_config.rb} +16 -17
- data/lib/{resources → inspec/resources}/ssl.rb +28 -29
- data/lib/inspec/resources/sys_info.rb +30 -0
- data/lib/{resources → inspec/resources}/toml.rb +5 -7
- data/lib/{resources → inspec/resources}/users.rb +65 -65
- data/lib/{resources → inspec/resources}/vbscript.rb +8 -9
- data/lib/{resources → inspec/resources}/virtualization.rb +60 -62
- data/lib/{resources → inspec/resources}/windows_feature.rb +9 -9
- data/lib/{resources → inspec/resources}/windows_hotfix.rb +5 -5
- data/lib/{resources → inspec/resources}/windows_task.rb +16 -15
- data/lib/{resources → inspec/resources}/wmi.rb +7 -8
- data/lib/{resources → inspec/resources}/x509_certificate.rb +9 -11
- data/lib/{resources/xinetd.rb → inspec/resources/xinetd_conf.rb} +27 -29
- data/lib/{resources → inspec/resources}/xml.rb +7 -7
- data/lib/{resources → inspec/resources}/yaml.rb +5 -6
- data/lib/{resources → inspec/resources}/yum.rb +10 -10
- data/lib/{resources → inspec/resources}/zfs_dataset.rb +6 -6
- data/lib/{resources → inspec/resources}/zfs_pool.rb +4 -4
- data/lib/inspec/rspec_extensions.rb +24 -8
- data/lib/inspec/rule.rb +14 -15
- data/lib/inspec/runner.rb +28 -28
- data/lib/inspec/runner_mock.rb +1 -5
- data/lib/inspec/runner_rspec.rb +18 -20
- data/lib/inspec/runtime_profile.rb +2 -5
- data/lib/inspec/schema.rb +142 -143
- data/lib/inspec/secrets.rb +3 -7
- data/lib/inspec/secrets/yaml.rb +3 -5
- data/lib/inspec/shell.rb +11 -15
- data/lib/inspec/shell_detector.rb +6 -7
- data/lib/inspec/source_reader.rb +4 -8
- data/lib/inspec/ui.rb +33 -39
- data/lib/inspec/ui_table_helper.rb +12 -0
- data/lib/{utils → inspec/utils}/command_wrapper.rb +4 -8
- data/lib/{utils → inspec/utils}/convert.rb +0 -4
- data/lib/{utils → inspec/utils}/database_helpers.rb +4 -8
- data/lib/inspec/utils/deprecation.rb +6 -0
- data/lib/{utils → inspec/utils}/deprecation/config_file.rb +19 -19
- data/lib/{utils → inspec/utils}/deprecation/deprecator.rb +12 -12
- data/lib/{utils → inspec/utils}/deprecation/errors.rb +1 -1
- data/lib/{utils → inspec/utils}/deprecation/global_method.rb +2 -2
- data/lib/{utils → inspec/utils}/enumerable_delegation.rb +0 -2
- data/lib/{utils → inspec/utils}/erlang_parser.rb +61 -65
- data/lib/{utils → inspec/utils}/file_reader.rb +1 -2
- data/lib/{utils → inspec/utils}/filter.rb +30 -33
- data/lib/{utils → inspec/utils}/filter_array.rb +0 -2
- data/lib/{utils → inspec/utils}/find_files.rb +9 -12
- data/lib/{utils → inspec/utils}/hash.rb +1 -5
- data/lib/inspec/utils/json_log.rb +15 -0
- data/lib/inspec/utils/latest_version.rb +13 -0
- data/lib/{utils → inspec/utils}/modulator.rb +0 -3
- data/lib/{utils → inspec/utils}/nginx_parser.rb +31 -35
- data/lib/{utils → inspec/utils}/object_traversal.rb +0 -3
- data/lib/{utils → inspec/utils}/parser.rb +45 -45
- data/lib/{utils → inspec/utils}/pkey_reader.rb +4 -2
- data/lib/{utils → inspec/utils}/simpleconfig.rb +8 -10
- data/lib/{utils → inspec/utils}/spdx.rb +1 -4
- data/lib/{utils → inspec/utils}/spdx.txt +0 -0
- data/lib/inspec/utils/telemetry.rb +3 -3
- data/lib/inspec/utils/telemetry/collector.rb +30 -9
- data/lib/inspec/utils/telemetry/data_series.rb +3 -1
- data/lib/inspec/utils/telemetry/global_methods.rb +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +22 -25
- data/lib/plugins/inspec-artifact/lib/inspec-artifact.rb +1 -1
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/base.rb +52 -45
- data/lib/plugins/inspec-artifact/lib/inspec-artifact/cli.rb +18 -16
- data/lib/plugins/inspec-artifact/test/functional/inspec_artifact_test.rb +12 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance.rb +1 -1
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api.rb +73 -73
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/api/login.rb +66 -62
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb +59 -57
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/configuration.rb +11 -11
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/http.rb +20 -22
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/support.rb +2 -4
- data/lib/plugins/inspec-compliance/lib/inspec-compliance/target.rb +30 -27
- data/lib/plugins/inspec-compliance/test/functional/inspec_compliance_test.rb +12 -14
- data/lib/plugins/inspec-compliance/test/integration/default/cli.rb +39 -41
- data/lib/plugins/inspec-compliance/test/unit/api/login_test.rb +64 -64
- data/lib/plugins/inspec-compliance/test/unit/api_test.rb +157 -156
- data/lib/plugins/inspec-compliance/test/unit/target_test.rb +85 -85
- data/lib/plugins/inspec-habitat/Berksfile +2 -2
- data/lib/plugins/inspec-habitat/lib/inspec-habitat.rb +1 -1
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/cli.rb +15 -13
- data/lib/plugins/inspec-habitat/lib/inspec-habitat/profile.rb +64 -63
- data/lib/plugins/inspec-habitat/templates/habitat/hooks/run.erb +3 -3
- data/lib/plugins/inspec-habitat/templates/habitat/plan.sh.erb +11 -11
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/Berksfile +1 -1
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/metadata.rb +8 -8
- data/lib/plugins/inspec-habitat/test/cookbooks/inspec_habitat_fixture/recipes/default.rb +17 -17
- data/lib/plugins/inspec-habitat/test/functional/inspec_habitat_test.rb +9 -8
- data/lib/plugins/inspec-habitat/test/integration/default/inspec_habitat/controls/inspec_habitat.rb +14 -14
- data/lib/plugins/inspec-habitat/test/support/example_profile/controls/example.rb +4 -4
- data/lib/plugins/inspec-habitat/test/unit/profile_test.rb +42 -41
- data/lib/plugins/inspec-init/lib/inspec-init.rb +1 -1
- data/lib/plugins/inspec-init/lib/inspec-init/cli.rb +6 -8
- data/lib/plugins/inspec-init/lib/inspec-init/cli_plugin.rb +72 -74
- data/lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb +9 -11
- data/lib/plugins/inspec-init/lib/inspec-init/renderer.rb +4 -4
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/Gemfile +0 -1
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/inspec-plugin-template.gemspec +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/cli_command.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/plugin.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/lib/inspec-plugin-template/version.rb +0 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/functional/inspec_plugin_template_test.rb +5 -5
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/helper.rb +1 -3
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/unit/cli_args_test.rb +2 -2
- data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/unit/plugin_def_test.rb +2 -2
- data/lib/plugins/inspec-init/templates/profiles/aws/controls/example.rb +10 -11
- data/lib/plugins/inspec-init/templates/profiles/azure/controls/example.rb +4 -5
- data/lib/plugins/inspec-init/templates/profiles/gcp/controls/example.rb +10 -11
- data/lib/plugins/inspec-init/templates/profiles/os/controls/example.rb +6 -7
- data/lib/plugins/inspec-init/test/functional/inspec_init_plugin_test.rb +51 -50
- data/lib/plugins/inspec-init/test/functional/inspec_init_profile_test.rb +35 -33
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli.rb +1 -2
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +72 -70
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/plugin.rb +1 -1
- data/lib/plugins/inspec-plugin-manager-cli/test/fixtures/plugins/wrong-name/lib/wrong-name.rb +1 -1
- data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +281 -271
- data/lib/plugins/inspec-plugin-manager-cli/test/unit/cli_args_test.rb +41 -41
- data/lib/plugins/inspec-plugin-manager-cli/test/unit/plugin_def_test.rb +25 -6
- data/lib/plugins/shared/core_plugin_test_helper.rb +43 -38
- data/lib/resource_support/aws.rb +67 -67
- data/lib/resource_support/aws/aws_plural_resource_mixin.rb +4 -1
- data/lib/resource_support/aws/aws_resource_mixin.rb +4 -3
- data/lib/resource_support/aws/aws_singular_resource_mixin.rb +4 -1
- data/lib/resources/aws/aws_billing_report.rb +15 -8
- data/lib/resources/aws/aws_billing_reports.rb +10 -7
- data/lib/resources/aws/aws_cloudtrail_trail.rb +9 -5
- data/lib/resources/aws/aws_cloudtrail_trails.rb +9 -5
- data/lib/resources/aws/aws_cloudwatch_alarm.rb +9 -5
- data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +12 -8
- data/lib/resources/aws/aws_config_delivery_channel.rb +13 -9
- data/lib/resources/aws/aws_config_recorder.rb +10 -6
- data/lib/resources/aws/aws_ebs_volume.rb +12 -8
- data/lib/resources/aws/aws_ebs_volumes.rb +9 -5
- data/lib/resources/aws/aws_ec2_instance.rb +14 -11
- data/lib/resources/aws/aws_ec2_instances.rb +9 -5
- data/lib/resources/aws/aws_ecs_cluster.rb +11 -7
- data/lib/resources/aws/aws_eks_cluster.rb +13 -9
- data/lib/resources/aws/aws_elb.rb +9 -5
- data/lib/resources/aws/aws_elbs.rb +9 -5
- data/lib/resources/aws/aws_flow_log.rb +17 -13
- data/lib/resources/aws/aws_iam_access_key.rb +15 -11
- data/lib/resources/aws/aws_iam_access_keys.rb +19 -15
- data/lib/resources/aws/aws_iam_group.rb +9 -5
- data/lib/resources/aws/aws_iam_groups.rb +9 -5
- data/lib/resources/aws/aws_iam_password_policy.rb +13 -10
- data/lib/resources/aws/aws_iam_policies.rb +9 -5
- data/lib/resources/aws/aws_iam_policy.rb +16 -12
- data/lib/resources/aws/aws_iam_role.rb +9 -5
- data/lib/resources/aws/aws_iam_root_user.rb +12 -8
- data/lib/resources/aws/aws_iam_user.rb +12 -12
- data/lib/resources/aws/aws_iam_users.rb +10 -10
- data/lib/resources/aws/aws_kms_key.rb +12 -8
- data/lib/resources/aws/aws_kms_keys.rb +9 -5
- data/lib/resources/aws/aws_rds_instance.rb +11 -8
- data/lib/resources/aws/aws_route_table.rb +11 -7
- data/lib/resources/aws/aws_route_tables.rb +10 -6
- data/lib/resources/aws/aws_s3_bucket.rb +14 -11
- data/lib/resources/aws/aws_s3_bucket_object.rb +12 -9
- data/lib/resources/aws/aws_s3_buckets.rb +9 -7
- data/lib/resources/aws/aws_security_group.rb +16 -12
- data/lib/resources/aws/aws_security_groups.rb +12 -8
- data/lib/resources/aws/aws_sns_subscription.rb +15 -11
- data/lib/resources/aws/aws_sns_topic.rb +10 -6
- data/lib/resources/aws/aws_sns_topics.rb +9 -5
- data/lib/resources/aws/aws_sqs_queue.rb +18 -14
- data/lib/resources/aws/aws_subnet.rb +11 -7
- data/lib/resources/aws/aws_subnets.rb +9 -5
- data/lib/resources/aws/aws_vpc.rb +10 -6
- data/lib/resources/aws/aws_vpcs.rb +9 -5
- data/lib/resources/azure/azure_backend.rb +20 -18
- data/lib/resources/azure/azure_generic_resource.rb +13 -15
- data/lib/resources/azure/azure_resource_group.rb +17 -19
- data/lib/resources/azure/azure_virtual_machine.rb +6 -8
- data/lib/resources/azure/azure_virtual_machine_data_disk.rb +6 -8
- data/lib/source_readers/flat.rb +6 -10
- data/lib/source_readers/inspec.rb +8 -12
- metadata +141 -142
- data/lib/resources/mysql.rb +0 -82
- data/lib/resources/sys_info.rb +0 -28
- data/lib/utils/deprecation.rb +0 -6
- data/lib/utils/json_log.rb +0 -18
- data/lib/utils/latest_version.rb +0 -22
data/lib/inspec/config.rb
CHANGED
@@ -1,8 +1,12 @@
|
|
1
1
|
# Represents InSpec configuration. Merges defaults, config file options,
|
2
2
|
# and CLI arguments.
|
3
3
|
|
4
|
-
require
|
5
|
-
require
|
4
|
+
require "pp"
|
5
|
+
require "stringio"
|
6
|
+
require "forwardable"
|
7
|
+
require "thor"
|
8
|
+
require "base64"
|
9
|
+
require "inspec/base_cli"
|
6
10
|
|
7
11
|
module Inspec
|
8
12
|
class Config
|
@@ -27,7 +31,7 @@ module Inspec
|
|
27
31
|
|
28
32
|
# This makes it easy to make a config with a mock backend.
|
29
33
|
def self.mock(opts = {})
|
30
|
-
Inspec::Config.new({ backend: :mock }.merge(opts), StringIO.new(
|
34
|
+
Inspec::Config.new({ backend: :mock }.merge(opts), StringIO.new("{}"))
|
31
35
|
end
|
32
36
|
|
33
37
|
# Use this to get a cached version of the config. This prevents you from
|
@@ -58,15 +62,21 @@ module Inspec
|
|
58
62
|
return unless self[:diagnose]
|
59
63
|
puts "InSpec version: #{Inspec::VERSION}"
|
60
64
|
puts "Train version: #{Train::VERSION}"
|
61
|
-
puts
|
65
|
+
puts "Command line configuration:"
|
62
66
|
pp @cli_opts
|
63
|
-
puts
|
67
|
+
puts "JSON configuration file:"
|
64
68
|
pp @cfg_file_contents
|
65
|
-
puts
|
69
|
+
puts "Merged configuration:"
|
66
70
|
pp @merged_options
|
67
71
|
puts
|
68
72
|
end
|
69
73
|
|
74
|
+
# return all telemetry options from config
|
75
|
+
# @return [Hash]
|
76
|
+
def telemetry_options
|
77
|
+
final_options.select { |key, _| key.include?("telemetry") }
|
78
|
+
end
|
79
|
+
|
70
80
|
#-----------------------------------------------------------------------#
|
71
81
|
# Train Credential Handling
|
72
82
|
#-----------------------------------------------------------------------#
|
@@ -121,7 +131,7 @@ module Inspec
|
|
121
131
|
credentials.merge!(unprefixed_transport_options)
|
122
132
|
|
123
133
|
# If there are any prefixed options, merge them in, stripping the prefix.
|
124
|
-
transport_prefix = transport_name.downcase.tr(
|
134
|
+
transport_prefix = transport_name.downcase.tr("-", "_") + "_"
|
125
135
|
transport_options.each do |bare_option_name|
|
126
136
|
prefixed_option_name = transport_prefix + bare_option_name.to_s
|
127
137
|
if final_options.key?(prefixed_option_name)
|
@@ -140,7 +150,7 @@ module Inspec
|
|
140
150
|
|
141
151
|
# Default to local
|
142
152
|
unless @final_options.key?(:target)
|
143
|
-
credentials[:backend] =
|
153
|
+
credentials[:backend] = "local"
|
144
154
|
return
|
145
155
|
end
|
146
156
|
|
@@ -157,7 +167,7 @@ module Inspec
|
|
157
167
|
credset_name = _utc_find_credset_name(credentials, transport_name)
|
158
168
|
|
159
169
|
if credset_name
|
160
|
-
credset = @cfg_file_contents.dig(
|
170
|
+
credset = @cfg_file_contents.dig("credentials", transport_name, credset_name)
|
161
171
|
if credset
|
162
172
|
credentials.merge!(credset)
|
163
173
|
else
|
@@ -185,7 +195,7 @@ module Inspec
|
|
185
195
|
|
186
196
|
# Regardless of our situation, end up with a readable IO object
|
187
197
|
def resolve_cfg_io(cli_opts, cfg_io)
|
188
|
-
raise(ArgumentError,
|
198
|
+
raise(ArgumentError, "Inspec::Config must use an IO to read from") if cfg_io && !cfg_io.respond_to?(:read)
|
189
199
|
cfg_io ||= check_for_piped_config(cli_opts)
|
190
200
|
return cfg_io if cfg_io
|
191
201
|
|
@@ -200,10 +210,10 @@ module Inspec
|
|
200
210
|
Inspec.deprecate(:cli_option_json_config) if cli_opts.key?(:json_config)
|
201
211
|
|
202
212
|
return nil unless cli_opt
|
203
|
-
return nil unless cli_opt ==
|
213
|
+
return nil unless cli_opt == "-"
|
204
214
|
# This warning is here so that if a user invokes inspec with --config=-,
|
205
215
|
# they will have an explanation for why it appears to hang.
|
206
|
-
Inspec::Log.warn
|
216
|
+
Inspec::Log.warn "Reading JSON config from standard input" if STDIN.tty?
|
207
217
|
STDIN
|
208
218
|
end
|
209
219
|
|
@@ -212,7 +222,7 @@ module Inspec
|
|
212
222
|
Inspec.deprecate(:cli_option_json_config) if cli_opts.key?(:json_config)
|
213
223
|
|
214
224
|
if path.nil?
|
215
|
-
default_path = File.join(Inspec.config_dir,
|
225
|
+
default_path = File.join(Inspec.config_dir, "config.json")
|
216
226
|
path = default_path if File.exist?(default_path)
|
217
227
|
elsif !File.exist?(path)
|
218
228
|
raise ArgumentError, "Could not read configuration file at #{path}"
|
@@ -239,7 +249,7 @@ module Inspec
|
|
239
249
|
end
|
240
250
|
|
241
251
|
def file_version
|
242
|
-
@cfg_file_contents[
|
252
|
+
@cfg_file_contents["version"] || :legacy
|
243
253
|
end
|
244
254
|
|
245
255
|
def legacy_file?
|
@@ -251,26 +261,26 @@ module Inspec
|
|
251
261
|
# Assume everything in the file is a CLI option
|
252
262
|
@cfg_file_contents
|
253
263
|
else
|
254
|
-
@cfg_file_contents[
|
264
|
+
@cfg_file_contents["cli_options"] || {}
|
255
265
|
end
|
256
266
|
end
|
257
267
|
|
258
268
|
def config_file_reporter_options
|
259
269
|
# This is assumed to be top-level in both legacy and 1.1.
|
260
270
|
# Technically, you could sneak it in the 1.1 cli opts area.
|
261
|
-
@cfg_file_contents.key?(
|
271
|
+
@cfg_file_contents.key?("reporter") ? { "reporter" => @cfg_file_contents["reporter"] } : {}
|
262
272
|
end
|
263
273
|
|
264
274
|
#-----------------------------------------------------------------------#
|
265
275
|
# Validation
|
266
276
|
#-----------------------------------------------------------------------#
|
267
277
|
def validate_config_file_contents!
|
268
|
-
version = @cfg_file_contents[
|
278
|
+
version = @cfg_file_contents["version"]
|
269
279
|
|
270
280
|
# Assume legacy format, which is unconstrained
|
271
281
|
return unless version
|
272
282
|
|
273
|
-
unless version ==
|
283
|
+
unless version == "1.1"
|
274
284
|
raise Inspec::ConfigError::Invalid, "Unsupported config file version '#{version}' - currently supported versions: 1.1"
|
275
285
|
end
|
276
286
|
|
@@ -286,23 +296,23 @@ module Inspec
|
|
286
296
|
return if reporters.nil?
|
287
297
|
# TODO: move this into a reporter plugin type system
|
288
298
|
valid_types = [
|
289
|
-
|
290
|
-
|
291
|
-
|
292
|
-
|
293
|
-
|
294
|
-
|
295
|
-
|
296
|
-
|
297
|
-
|
298
|
-
|
299
|
-
|
299
|
+
"automate",
|
300
|
+
"cli",
|
301
|
+
"documentation",
|
302
|
+
"html",
|
303
|
+
"json",
|
304
|
+
"json-automate",
|
305
|
+
"json-min",
|
306
|
+
"json-rspec",
|
307
|
+
"junit",
|
308
|
+
"progress",
|
309
|
+
"yaml",
|
300
310
|
]
|
301
311
|
|
302
312
|
reporters.each do |reporter_name, reporter_config|
|
303
313
|
raise NotImplementedError, "'#{reporter_name}' is not a valid reporter type." unless valid_types.include?(reporter_name)
|
304
314
|
|
305
|
-
next unless reporter_name ==
|
315
|
+
next unless reporter_name == "automate"
|
306
316
|
%w{token url}.each do |option|
|
307
317
|
raise Inspec::ReporterError, "You must specify a automate #{option} via the config file." if reporter_config[option].nil?
|
308
318
|
end
|
@@ -311,10 +321,10 @@ module Inspec
|
|
311
321
|
# check to make sure we are only reporting one type to stdout
|
312
322
|
stdout_reporters = 0
|
313
323
|
reporters.each_value do |reporter_config|
|
314
|
-
stdout_reporters += 1 if reporter_config[
|
324
|
+
stdout_reporters += 1 if reporter_config["stdout"] == true
|
315
325
|
end
|
316
326
|
|
317
|
-
raise ArgumentError,
|
327
|
+
raise ArgumentError, "The option --reporter can only have a single report outputting to stdout." if stdout_reporters > 1
|
318
328
|
end
|
319
329
|
|
320
330
|
#-----------------------------------------------------------------------#
|
@@ -358,36 +368,36 @@ module Inspec
|
|
358
368
|
|
359
369
|
def finalize_parse_reporters(options) # rubocop:disable Metrics/AbcSize
|
360
370
|
# default to cli report for ad-hoc runners
|
361
|
-
options[
|
371
|
+
options["reporter"] = ["cli"] if options["reporter"].nil?
|
362
372
|
|
363
373
|
# parse out cli to proper report format
|
364
|
-
if options[
|
374
|
+
if options["reporter"].is_a?(Array)
|
365
375
|
reports = {}
|
366
|
-
options[
|
367
|
-
reporter_name, destination = report.split(
|
368
|
-
if destination.nil? || destination.strip ==
|
369
|
-
reports[reporter_name] = {
|
376
|
+
options["reporter"].each do |report|
|
377
|
+
reporter_name, destination = report.split(":", 2)
|
378
|
+
if destination.nil? || destination.strip == "-"
|
379
|
+
reports[reporter_name] = { "stdout" => true }
|
370
380
|
else
|
371
381
|
reports[reporter_name] = {
|
372
|
-
|
373
|
-
|
382
|
+
"file" => destination,
|
383
|
+
"stdout" => false,
|
374
384
|
}
|
375
|
-
reports[reporter_name][
|
385
|
+
reports[reporter_name]["target_id"] = options["target_id"] if options["target_id"]
|
376
386
|
end
|
377
387
|
end
|
378
|
-
options[
|
388
|
+
options["reporter"] = reports
|
379
389
|
end
|
380
390
|
|
381
391
|
# add in stdout if not specified
|
382
|
-
if options[
|
383
|
-
options[
|
384
|
-
options[
|
385
|
-
options[
|
386
|
-
options[
|
392
|
+
if options["reporter"].is_a?(Hash)
|
393
|
+
options["reporter"].each do |reporter_name, config|
|
394
|
+
options["reporter"][reporter_name] = {} if config.nil?
|
395
|
+
options["reporter"][reporter_name]["stdout"] = true if options["reporter"][reporter_name].empty?
|
396
|
+
options["reporter"][reporter_name]["target_id"] = options["target_id"] if options["target_id"]
|
387
397
|
end
|
388
398
|
end
|
389
399
|
|
390
|
-
validate_reporters!(options[
|
400
|
+
validate_reporters!(options["reporter"])
|
391
401
|
options
|
392
402
|
end
|
393
403
|
|
@@ -398,38 +408,38 @@ module Inspec
|
|
398
408
|
# whenever it is used, it requires a value. Handle options that were
|
399
409
|
# defined in such a way and require a value here:
|
400
410
|
%w{password sudo-password}.each do |option_name|
|
401
|
-
snake_case_option_name = option_name.tr(
|
411
|
+
snake_case_option_name = option_name.tr("-", "_").to_s
|
402
412
|
next unless options[snake_case_option_name] == -1 # Thor sets -1 for missing value - see #1918
|
403
413
|
raise ArgumentError, "Please provide a value for --#{option_name}. For example: --#{option_name}=hello."
|
404
414
|
end
|
405
415
|
|
406
416
|
# Infer `--sudo` if using `--sudo-password` without `--sudo`
|
407
|
-
if options[
|
408
|
-
options[
|
409
|
-
Inspec::Log.warn
|
417
|
+
if options["sudo_password"] && !options["sudo"]
|
418
|
+
options["sudo"] = true
|
419
|
+
Inspec::Log.warn "`--sudo-password` used without `--sudo`. Adding `--sudo`."
|
410
420
|
end
|
411
421
|
end
|
412
422
|
|
413
423
|
def finalize_compliance_login(options)
|
414
424
|
# check for compliance settings
|
415
425
|
# This is always a hash, comes from config file, not CLI opts
|
416
|
-
if options.key?(
|
417
|
-
require
|
418
|
-
InspecPlugins::Compliance::API.login(options[
|
426
|
+
if options.key?("compliance")
|
427
|
+
require "plugins/inspec-compliance/lib/inspec-compliance/api"
|
428
|
+
InspecPlugins::Compliance::API.login(options["compliance"])
|
419
429
|
end
|
420
430
|
end
|
421
431
|
|
422
432
|
class Defaults
|
423
433
|
DEFAULTS = {
|
424
434
|
exec: {
|
425
|
-
|
426
|
-
|
427
|
-
|
428
|
-
|
429
|
-
|
435
|
+
"reporter" => ["cli"],
|
436
|
+
"show_progress" => false,
|
437
|
+
"color" => true,
|
438
|
+
"create_lockfile" => true,
|
439
|
+
"backend_cache" => true,
|
430
440
|
},
|
431
441
|
shell: {
|
432
|
-
|
442
|
+
"reporter" => ["cli"],
|
433
443
|
},
|
434
444
|
}.freeze
|
435
445
|
|
@@ -1,8 +1,6 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
require 'inspec/dsl'
|
5
|
-
require 'inspec/dsl_shared'
|
1
|
+
require "inspec/dsl"
|
2
|
+
require "inspec/dsl_shared"
|
3
|
+
require "rspec/core/dsl"
|
6
4
|
|
7
5
|
module Inspec
|
8
6
|
#
|
@@ -20,22 +18,20 @@ module Inspec
|
|
20
18
|
# @param [ResourcesDSL] resources_dsl which has all resources to attach
|
21
19
|
# @return [RuleContext] the inner context of rules
|
22
20
|
def self.rule_context(resources_dsl, profile_id)
|
23
|
-
require 'rspec/core/dsl'
|
24
21
|
Class.new(Inspec::Rule) do
|
25
22
|
include RSpec::Core::DSL
|
26
23
|
with_resource_dsl resources_dsl
|
27
24
|
|
28
25
|
# allow attributes to be accessed within control blocks
|
29
|
-
|
30
|
-
define_method :attribute do |input_name, options = {}|
|
26
|
+
define_method :input do |input_name, options = {}|
|
31
27
|
if options.empty?
|
32
28
|
# Simply an access, no event here
|
33
29
|
Inspec::InputRegistry.find_or_register_input(input_name, profile_id).value
|
34
30
|
else
|
35
|
-
options[:priority]
|
31
|
+
options[:priority] ||= 20
|
36
32
|
options[:provider] = :inline_control_code
|
37
33
|
evt = Inspec::Input.infer_event(options)
|
38
|
-
Inspec::InputRegistry.find_or_register_input(input_name,
|
34
|
+
Inspec::InputRegistry.find_or_register_input(input_name, profile_id, event: evt).value
|
39
35
|
end
|
40
36
|
end
|
41
37
|
|
@@ -45,6 +41,11 @@ module Inspec
|
|
45
41
|
Inspec::InputRegistry.find_or_register_input(input_name, profile_id)
|
46
42
|
end
|
47
43
|
|
44
|
+
define_method :attribute do |name, options = {}|
|
45
|
+
Inspec.deprecate(:attrs_dsl, "Input name: #{name}, Profile: #{profile_id}")
|
46
|
+
input(name, options)
|
47
|
+
end
|
48
|
+
|
48
49
|
# Support for Control DSL plugins.
|
49
50
|
# This is called when an unknown method is encountered
|
50
51
|
# within a control block.
|
@@ -170,29 +171,27 @@ module Inspec
|
|
170
171
|
|
171
172
|
unless profile_context_owner.profile_supports_platform?
|
172
173
|
platform = inspec.platform
|
173
|
-
msg = "Profile
|
174
|
+
msg = "Profile `#{profile_context_owner.profile_id}` is not supported on platform #{platform.name}/#{platform.release}."
|
174
175
|
::Inspec::Rule.set_skip_rule(control, true, msg)
|
175
176
|
end
|
176
177
|
|
177
178
|
unless profile_context_owner.profile_supports_inspec_version?
|
178
|
-
msg = "Profile
|
179
|
+
msg = "Profile `#{profile_context_owner.profile_id}` is not supported on InSpec version (#{Inspec::VERSION})."
|
179
180
|
::Inspec::Rule.set_skip_rule(control, true, msg)
|
180
181
|
end
|
181
182
|
|
182
183
|
profile_context_owner.register_rule(control, &block) unless control.nil?
|
183
184
|
end
|
184
185
|
|
185
|
-
|
186
|
-
# TODO: deprecate name, use input()
|
187
|
-
define_method :attribute do |input_name, options = {}|
|
186
|
+
define_method :input do |input_name, options = {}|
|
188
187
|
if options.empty?
|
189
188
|
# Simply an access, no event here
|
190
189
|
Inspec::InputRegistry.find_or_register_input(input_name, profile_id).value
|
191
190
|
else
|
192
|
-
options[:priority]
|
191
|
+
options[:priority] ||= 20
|
193
192
|
options[:provider] = :inline_control_code
|
194
193
|
evt = Inspec::Input.infer_event(options)
|
195
|
-
Inspec::InputRegistry.find_or_register_input(input_name,
|
194
|
+
Inspec::InputRegistry.find_or_register_input(input_name, profile_id, event: evt).value
|
196
195
|
end
|
197
196
|
end
|
198
197
|
|
@@ -202,6 +201,11 @@ module Inspec
|
|
202
201
|
Inspec::InputRegistry.find_or_register_input(input_name, profile_id)
|
203
202
|
end
|
204
203
|
|
204
|
+
define_method :attribute do |name, options = {}|
|
205
|
+
Inspec.deprecate(:attrs_dsl, "Input name: #{name}, Profile: #{profile_id}")
|
206
|
+
input(name, options)
|
207
|
+
end
|
208
|
+
|
205
209
|
define_method :skip_control do |id|
|
206
210
|
profile_context_owner.unregister_rule(id)
|
207
211
|
end
|
@@ -229,7 +233,7 @@ module Inspec
|
|
229
233
|
|
230
234
|
def block_location(block, alternate_caller)
|
231
235
|
if block.nil?
|
232
|
-
alternate_caller[/^(.+:\d+):in .+$/, 1] ||
|
236
|
+
alternate_caller[/^(.+:\d+):in .+$/, 1] || "unknown"
|
233
237
|
else
|
234
238
|
path, line = block.source_location
|
235
239
|
"#{File.basename(path)}:#{line}"
|
@@ -1,5 +1,4 @@
|
|
1
|
-
|
2
|
-
require 'fileutils'
|
1
|
+
require "fileutils"
|
3
2
|
|
4
3
|
module Inspec
|
5
4
|
#
|
@@ -18,7 +17,7 @@ module Inspec
|
|
18
17
|
class Cache
|
19
18
|
attr_reader :path
|
20
19
|
def initialize(path = nil)
|
21
|
-
@path = path || File.join(Inspec.config_dir,
|
20
|
+
@path = path || File.join(Inspec.config_dir, "cache")
|
22
21
|
FileUtils.mkdir_p(@path) unless File.directory?(@path)
|
23
22
|
end
|
24
23
|
|
@@ -1,5 +1,4 @@
|
|
1
|
-
|
2
|
-
require 'yaml'
|
1
|
+
require "yaml"
|
3
2
|
|
4
3
|
module Inspec
|
5
4
|
class Lockfile
|
@@ -9,15 +8,15 @@ module Inspec
|
|
9
8
|
|
10
9
|
def self.from_dependency_set(dep_set)
|
11
10
|
lockfile_content = {
|
12
|
-
|
13
|
-
|
11
|
+
"lockfile_version" => CURRENT_LOCKFILE_VERSION,
|
12
|
+
"depends" => dep_set.to_array,
|
14
13
|
}
|
15
14
|
new(lockfile_content)
|
16
15
|
end
|
17
16
|
|
18
17
|
def self.from_content(content)
|
19
18
|
parsed_content = YAML.load(content)
|
20
|
-
version = parsed_content[
|
19
|
+
version = parsed_content["lockfile_version"]
|
21
20
|
raise "No lockfile_version set in #{path}!" if version.nil?
|
22
21
|
validate_lockfile_version!(version.to_i)
|
23
22
|
new(parsed_content)
|
@@ -51,15 +50,15 @@ module Inspec
|
|
51
50
|
|
52
51
|
attr_reader :version, :deps
|
53
52
|
def initialize(lockfile_content_hash)
|
54
|
-
version = lockfile_content_hash[
|
53
|
+
version = lockfile_content_hash["lockfile_version"]
|
55
54
|
@version = version.to_i
|
56
55
|
parse_content_hash(lockfile_content_hash)
|
57
56
|
end
|
58
57
|
|
59
58
|
def to_yaml
|
60
59
|
{
|
61
|
-
|
62
|
-
|
60
|
+
"lockfile_version" => CURRENT_LOCKFILE_VERSION,
|
61
|
+
"depends" => @deps.map { |i| stringify_keys(i) },
|
63
62
|
}.to_yaml
|
64
63
|
end
|
65
64
|
|
@@ -85,7 +84,7 @@ module Inspec
|
|
85
84
|
end
|
86
85
|
|
87
86
|
def parse_content_hash_1(lockfile_content_hash)
|
88
|
-
@deps = lockfile_content_hash[
|
87
|
+
@deps = lockfile_content_hash["depends"]&.map { |i| symbolize_keys(i) }
|
89
88
|
end
|
90
89
|
|
91
90
|
def mutate_hash_keys_with(hash, fun)
|