inspec 4.36.4 → 4.37.23

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 10b24a3a6b8acf495c1f064697262add72baee48809a080e6a61864377530e28
-  data.tar.gz: c296a6a217c84019b37d00313504fa03e22c393cf276ff61c3381c91693b910b
+  metadata.gz: 9c7b7ca05613e276fff9bb13c14a98aa79930cc082426541f33d0505277a7835
+  data.tar.gz: 2bd297d4af75c978c71dfc3a516f2fbb7757dec96323a59f4869ca1c19ada716
 SHA512:
-  metadata.gz: dfb6d98997e92d719dce36028d6b6a28ecc0186317cee14d3dd4c7853d95bf13390c5bade1e81a8c72bb0e8e13cc0ddc37dc9b26b5dcf34d72dc7c959ee2f3d4
-  data.tar.gz: 296b69c934282b765a9e204038bd544ca2bd058b7ddb562c0d661977de7b09a424fe218875b8054a0d972b722b1643860d34c0bf27b9643bdc07cd86ef49190d
+  metadata.gz: 693f5c2b12410258d36574364c003d320370729218b7083f0be53f9920a4fea80539d36ae5f2c42558cf1f7f48b01fd08b98a563064152e353dae328d75286d8
+  data.tar.gz: 599017125ae5e0e4f90223900de906ac6e82b8b83b08d58d121495dab27ab1d70d55aaea83a40bd362bb7b39af7703d376637ab202ab681603058e7d310d9131

data/Gemfile

@@ -28,7 +28,7 @@ group :omnibus do
 end
 
 group :test do
-  gem "chefstyle", "~> 1.7.1"
+  gem "chefstyle", "~> 2.0.3"
   gem "concurrent-ruby", "~> 1.0"
   gem "html-proofer", platforms: :ruby # do not attempt to run proofer on windows
   gem "json_schemer", ">= 0.2.1", "< 0.2.19"
@@ -48,3 +48,16 @@ end
 group :deploy do
   gem "inquirer"
 end
+
+# Only include Test Kitchen support if we are on Ruby 2.7 or higher
+# as chef-zero support requires Ruby 2.6
+# See https://github.com/inspec/inspec/pull/5341
+if Gem.ruby_version >= Gem::Version.new("2.7.0")
+  group :kitchen do
+    gem "berkshelf"
+    gem "test-kitchen", ">= 2.8"
+    gem "kitchen-inspec", ">= 2.0"
+    gem "kitchen-dokken", ">= 2.11"
+    gem "git"
+  end
+end

data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/Gemfile

@@ -1,11 +1,11 @@
-source 'https://rubygems.org'
+source "https://rubygems.org"
 
 gemspec
 
 group :development do
-  gem 'bundler'
-  gem 'byebug'
-  gem 'minitest'
-  gem 'rake'
-  gem 'rubocop', '= 0.49.1' # Need to keep in sync with main InSpec project, so config files will work
+  gem "bundler"
+  gem "byebug"
+  gem "minitest"
+  gem "rake"
+  gem "rubocop", "= 0.49.1" # Need to keep in sync with main InSpec project, so config files will work
 end

data/lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/inspec-plugin-template.gemspec

@@ -4,23 +4,23 @@
 
 # It is traditional in a gemspec to dynamically load the current version
 # from a file in the source tree.  The next three lines make that happen.
-lib = File.expand_path('../lib', __FILE__)
+lib = File.expand_path("../lib", __FILE__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require '<%= plugin_name %>/version'
+require "<%= plugin_name %>/version"
 
 Gem::Specification.new do |spec|
   # Importantly, all InSpec plugins must be prefixed with `inspec-` (most
   # plugins) or `train-` (plugins which add new connectivity features).
-  spec.name          = '<%= plugin_name %>'
+  spec.name          = "<%= plugin_name %>"
 
   # It is polite to namespace your plugin under InspecPlugins::YourPluginInCamelCase
   spec.version       = InspecPlugins::<%= module_name %>::VERSION
-  spec.authors       = ['<%= author_name %>']
-  spec.email         = ['<%= author_email %>']
-  spec.summary       = '<%= summary %>'
-  spec.description   = '<%= description %>'
-  spec.homepage      = '<%= homepage %>'
-  spec.license       = '<%= license_name %>'
+  spec.authors       = ["<%= author_name %>"]
+  spec.email         = ["<%= author_email %>"]
+  spec.summary       = "<%= summary %>"
+  spec.description   = "<%= description.is_a?(Array) ? description.join(" "): description %>"
+  spec.homepage      = "<%= homepage %>"
+  spec.license       = "<%= license_name %>"
 
   # Though complicated-looking, this is pretty standard for a gemspec.
   # It just filters what will actually be packaged in the gem (leaving
@@ -28,9 +28,9 @@ Gem::Specification.new do |spec|
   spec.files = %w{
     README.md <%= snake_case %>.gemspec Gemfile
   } + Dir.glob(
-    'lib/**/*', File::FNM_DOTMATCH
+    "lib/**/*", File::FNM_DOTMATCH
   ).reject { |f| File.directory?(f) }
-  spec.require_paths = ['lib']
+  spec.require_paths = ["lib"]
 
   # If you rely on any other gems, list them here with any constraints.
   # This is how `inspec plugin install` is able to manage your dependencies.
@@ -39,5 +39,5 @@ Gem::Specification.new do |spec|
 
   # All plugins should mention inspec, > 2.2.78
   # 2.2.78 included the v2 Plugin API
-  spec.add_dependency 'inspec', '>=2.2.78', '<4.0.0'
+  spec.add_dependency "inspec", ">= 2.2.78", "< 4.0.0"
 end

data/lib/resources/aws/aws_cloudtrail_trail.rb

@@ -36,12 +36,12 @@ class AwsCloudTrailTrail < Inspec.resource(1)
   def delivered_logs_days_ago
     query = { name: @trail_name }
     catch_aws_errors do
-      begin
-        resp = BackendFactory.create(inspec_runner).get_trail_status(query).to_h
-        ((Time.now - resp[:latest_cloud_watch_logs_delivery_time]) / (24 * 60 * 60)).to_i unless resp[:latest_cloud_watch_logs_delivery_time].nil?
-      rescue Aws::CloudTrail::Errors::TrailNotFoundException
-        nil
-      end
+
+      resp = BackendFactory.create(inspec_runner).get_trail_status(query).to_h
+      ((Time.now - resp[:latest_cloud_watch_logs_delivery_time]) / (24 * 60 * 60)).to_i unless resp[:latest_cloud_watch_logs_delivery_time].nil?
+    rescue Aws::CloudTrail::Errors::TrailNotFoundException
+      nil
+
     end
   end
 

data/lib/resources/aws/aws_iam_access_keys.rb

@@ -101,27 +101,27 @@ class AwsIamAccessKeys < Inspec.resource(1)
 
         access_key_data = []
         user_details.each_key do |username|
-          begin
-            user_keys = iam_client.list_access_keys(user_name: username)
-              .access_key_metadata
-            user_keys = user_keys.map do |metadata|
-              {
-                access_key_id: metadata.access_key_id,
-                username: username,
-                status: metadata.status,
-                create_date: metadata.create_date, # DateTime.parse(metadata.create_date),
-              }
-            end
 
-            # Copy in from user data
-            # Synthetics
-            user_keys.each do |key_info|
-              add_synthetic_fields(key_info, user_details[username])
-            end
-            access_key_data.concat(user_keys)
-          rescue Aws::IAM::Errors::NoSuchEntity # rubocop:disable Lint/HandleExceptions
-            # Swallow - a miss on search results should return an empty table
+          user_keys = iam_client.list_access_keys(user_name: username)
+            .access_key_metadata
+          user_keys = user_keys.map do |metadata|
+            {
+              access_key_id: metadata.access_key_id,
+              username: username,
+              status: metadata.status,
+              create_date: metadata.create_date, # DateTime.parse(metadata.create_date),
+            }
+          end
+
+          # Copy in from user data
+          # Synthetics
+          user_keys.each do |key_info|
+            add_synthetic_fields(key_info, user_details[username])
           end
+          access_key_data.concat(user_keys)
+        rescue Aws::IAM::Errors::NoSuchEntity # rubocop:disable Lint/HandleExceptions
+          # Swallow - a miss on search results should return an empty table
+
         end
         access_key_data
       end

data/lib/resources/aws/aws_iam_password_policy.rb

@@ -20,19 +20,19 @@ class AwsIamPasswordPolicy < Inspec.resource(1)
   # TODO: rewrite to avoid direct injection, match other resources, use AwsSingularResourceMixin
   def initialize(conn = nil)
     catch_aws_errors do
-      begin
-        if conn
-          # We're in a mocked unit test.
-          @policy = conn.iam_resource.account_password_policy
-        else
-          # Don't use the resource approach.  It's a CRUD operation
-          # - if the policy does not exist, you get back a blank object to  populate and save.
-          # Using the Client will throw an exception if no policy exists.
-          @policy = inspec_runner.backend.aws_client(Aws::IAM::Client).get_account_password_policy.password_policy
-        end
-      rescue Aws::IAM::Errors::NoSuchEntity
-        @policy = nil
+
+      if conn
+        # We're in a mocked unit test.
+        @policy = conn.iam_resource.account_password_policy
+      else
+        # Don't use the resource approach.  It's a CRUD operation
+        # - if the policy does not exist, you get back a blank object to  populate and save.
+        # Using the Client will throw an exception if no policy exists.
+        @policy = inspec_runner.backend.aws_client(Aws::IAM::Client).get_account_password_policy.password_policy
       end
+    rescue Aws::IAM::Errors::NoSuchEntity
+      @policy = nil
+
     end
   end
 

data/lib/resources/aws/aws_kms_key.rb

@@ -56,30 +56,30 @@ class AwsKmsKey < Inspec.resource(1)
 
     query = { key_id: @key_id }
     catch_aws_errors do
-      begin
-        resp = backend.describe_key(query)
-
-        @exists = true
-        @key = resp.key_metadata.to_h
-        @key_id = @key[:key_id]
-        @arn = @key[:arn]
-        @creation_date = @key[:creation_date]
-        @enabled = @key[:enabled]
-        @description = @key[:description]
-        @key_usage = @key[:key_usage]
-        @key_state = @key[:key_state]
-        @deletion_date = @key[:deletion_date]
-        @valid_to = @key[:valid_to]
-        @external = @key[:origin] == "EXTERNAL"
-        @has_key_expiration = @key[:expiration_model] == "KEY_MATERIAL_EXPIRES"
-        @managed_by_aws = @key[:key_manager] == "AWS"
-
-        resp = backend.get_key_rotation_status(query)
-        @has_rotation_enabled = resp.key_rotation_enabled unless resp.empty?
-      rescue Aws::KMS::Errors::NotFoundException
-        @exists = false
-        return
-      end
+
+      resp = backend.describe_key(query)
+
+      @exists = true
+      @key = resp.key_metadata.to_h
+      @key_id = @key[:key_id]
+      @arn = @key[:arn]
+      @creation_date = @key[:creation_date]
+      @enabled = @key[:enabled]
+      @description = @key[:description]
+      @key_usage = @key[:key_usage]
+      @key_state = @key[:key_state]
+      @deletion_date = @key[:deletion_date]
+      @valid_to = @key[:valid_to]
+      @external = @key[:origin] == "EXTERNAL"
+      @has_key_expiration = @key[:expiration_model] == "KEY_MATERIAL_EXPIRES"
+      @managed_by_aws = @key[:key_manager] == "AWS"
+
+      resp = backend.get_key_rotation_status(query)
+      @has_rotation_enabled = resp.key_rotation_enabled unless resp.empty?
+    rescue Aws::KMS::Errors::NotFoundException
+      @exists = false
+      return
+
     end
   end
 

data/lib/resources/aws/aws_rds_instance.rb

@@ -43,13 +43,13 @@ class AwsRdsInstance < Inspec.resource(1)
     backend = BackendFactory.create(inspec_runner)
     dsg_response = nil
     catch_aws_errors do
-      begin
-        dsg_response = backend.describe_db_instances(db_instance_identifier: db_instance_identifier)
-        @exists = true
-      rescue Aws::RDS::Errors::DBInstanceNotFound
-        @exists = false
-        return
-      end
+
+      dsg_response = backend.describe_db_instances(db_instance_identifier: db_instance_identifier)
+      @exists = true
+    rescue Aws::RDS::Errors::DBInstanceNotFound
+      @exists = false
+      return
+
     end
 
     if dsg_response.db_instances.empty?

data/lib/resources/aws/aws_s3_bucket.rb

@@ -85,30 +85,29 @@ class AwsS3Bucket < Inspec.resource(1)
   def fetch_bucket_policy
     backend = BackendFactory.create(inspec_runner)
     catch_aws_errors do
-      begin
-        # AWS SDK returns a StringIO, we have to read()
-        raw_policy = backend.get_bucket_policy(bucket: bucket_name).policy
-        return JSON.parse(raw_policy.read)["Statement"].map do |statement|
-          lowercase_hash = {}
-          statement.each_key { |k| lowercase_hash[k.downcase] = statement[k] }
-          @bucket_policy = OpenStruct.new(lowercase_hash)
-        end
-      rescue Aws::S3::Errors::NoSuchBucketPolicy
-        @bucket_policy = []
+
+      # AWS SDK returns a StringIO, we have to read()
+      raw_policy = backend.get_bucket_policy(bucket: bucket_name).policy
+      return JSON.parse(raw_policy.read)["Statement"].map do |statement|
+        lowercase_hash = {}
+        statement.each_key { |k| lowercase_hash[k.downcase] = statement[k] }
+        @bucket_policy = OpenStruct.new(lowercase_hash)
       end
+    rescue Aws::S3::Errors::NoSuchBucketPolicy
+      @bucket_policy = []
+
     end
   end
 
   def fetch_bucket_encryption_configuration
     @has_default_encryption_enabled ||= catch_aws_errors do
-      begin
-        !BackendFactory.create(inspec_runner)
-          .get_bucket_encryption(bucket: bucket_name)
-          .server_side_encryption_configuration
-          .nil?
-      rescue Aws::S3::Errors::ServerSideEncryptionConfigurationNotFoundError
-        false
-      end
+      !BackendFactory.create(inspec_runner)
+        .get_bucket_encryption(bucket: bucket_name)
+        .server_side_encryption_configuration
+        .nil?
+    rescue Aws::S3::Errors::ServerSideEncryptionConfigurationNotFoundError
+      false
+
     end
   end
 

data/lib/resources/aws/aws_s3_bucket_object.rb

@@ -55,16 +55,16 @@ class AwsS3BucketObject < Inspec.resource(1)
   def fetch_from_api
     backend = BackendFactory.create(inspec_runner)
     catch_aws_errors do
-      begin
-        # Just use get_object to detect if the bucket exists
-        backend.get_object(bucket: bucket_name, key: key)
-      rescue Aws::S3::Errors::NoSuchBucket
-        @exists = false
-        return
-      rescue Aws::S3::Errors::NoSuchKey
-        @exists = false
-        return
-      end
+
+      # Just use get_object to detect if the bucket exists
+      backend.get_object(bucket: bucket_name, key: key)
+    rescue Aws::S3::Errors::NoSuchBucket
+      @exists = false
+      return
+    rescue Aws::S3::Errors::NoSuchKey
+      @exists = false
+      return
+
     end
     @exists = true
   end

data/lib/resources/aws/aws_sns_subscription.rb

@@ -53,19 +53,19 @@ class AwsSnsSubscription < Inspec.resource(1)
   def fetch_from_api
     backend = BackendFactory.create(inspec_runner)
     catch_aws_errors do
-      begin
-        aws_response = backend.get_subscription_attributes(subscription_arn: @subscription_arn).attributes
-        @exists = true
-        @owner = aws_response["Owner"]
-        @raw_message_delivery = aws_response["RawMessageDelivery"].eql?("true")
-        @topic_arn = aws_response["TopicArn"]
-        @endpoint = aws_response["Endpoint"]
-        @protocol = aws_response["Protocol"]
-        @confirmation_was_authenticated = aws_response["ConfirmationWasAuthenticated"].eql?("true")
-      rescue Aws::SNS::Errors::NotFound
-        @exists = false
-        return
-      end
+
+      aws_response = backend.get_subscription_attributes(subscription_arn: @subscription_arn).attributes
+      @exists = true
+      @owner = aws_response["Owner"]
+      @raw_message_delivery = aws_response["RawMessageDelivery"].eql?("true")
+      @topic_arn = aws_response["TopicArn"]
+      @endpoint = aws_response["Endpoint"]
+      @protocol = aws_response["Protocol"]
+      @confirmation_was_authenticated = aws_response["ConfirmationWasAuthenticated"].eql?("true")
+    rescue Aws::SNS::Errors::NotFound
+      @exists = false
+      return
+
     end
   end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec
 version: !ruby/object:Gem::Version
-  version: 4.36.4
+  version: 4.37.23
 platform: ruby
 authors:
 - Chef InSpec Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-04-28 00:00:00.000000000 Z
+date: 2021-05-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: inspec-core
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 4.36.4
+        version: 4.37.23
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 4.36.4
+        version: 4.37.23
 - !ruby/object:Gem::Dependency
   name: train
   requirement: !ruby/object:Gem::Requirement