inspec 0.29.0 → 0.30.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (46) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +32 -2
  3. data/Rakefile +53 -0
  4. data/docs/cli.rst +442 -0
  5. data/examples/inheritance/inspec.yml +3 -0
  6. data/inspec.gemspec +1 -0
  7. data/lib/inspec/cli.rb +10 -1
  8. data/lib/inspec/completions/bash.sh.erb +45 -0
  9. data/lib/inspec/completions/zsh.sh.erb +61 -0
  10. data/lib/inspec/dependencies.rb +307 -0
  11. data/lib/inspec/dsl.rb +5 -20
  12. data/lib/inspec/env_printer.rb +149 -0
  13. data/lib/inspec/errors.rb +17 -0
  14. data/lib/inspec/metadata.rb +4 -0
  15. data/lib/inspec/profile.rb +12 -0
  16. data/lib/inspec/profile_context.rb +5 -2
  17. data/lib/inspec/shell.rb +7 -2
  18. data/lib/inspec/shell_detector.rb +90 -0
  19. data/lib/inspec/version.rb +1 -1
  20. data/lib/resources/postgres.rb +94 -12
  21. data/lib/resources/registry_key.rb +106 -27
  22. data/lib/utils/hash_map.rb +37 -0
  23. data/test/bench/startup.flat.txt +998 -0
  24. data/test/bench/startup.graph.html +71420 -0
  25. data/test/bench/startup.grind.dat +103554 -0
  26. data/test/bench/startup.stack.html +25015 -0
  27. data/test/bench/startup/startup.flat.txt +1005 -0
  28. data/test/bench/startup/startup.graph.html +71958 -0
  29. data/test/bench/startup/startup.grind.dat +101602 -0
  30. data/test/bench/startup/startup.stack.html +24516 -0
  31. data/test/cookbooks/os_prepare/metadata.rb +1 -0
  32. data/test/cookbooks/os_prepare/recipes/file.rb +5 -0
  33. data/test/cookbooks/os_prepare/recipes/registry_key.rb +13 -0
  34. data/test/docker_run.rb +3 -1
  35. data/test/functional/inheritance_test.rb +26 -13
  36. data/test/helper.rb +2 -2
  37. data/test/integration/default/file_spec.rb +16 -0
  38. data/test/integration/default/powershell_spec.rb +4 -1
  39. data/test/integration/default/registry_key_spec.rb +47 -4
  40. data/test/integration/default/secpol_spec.rb +4 -1
  41. data/test/integration/default/wmi_spec.rb +4 -1
  42. data/test/unit/mock/profiles/resource-tiny/inspec.yml +10 -0
  43. data/test/unit/mock/profiles/resource-tiny/libraries/resource.rb +3 -0
  44. data/test/unit/shell_detector_test.rb +78 -0
  45. metadata +47 -4
  46. data/docs/ctl_inspec.rst +0 -247
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 5774f3ee48a607acb703378f30751ca137f73baa
4
- data.tar.gz: ac25e0e4c2033ed592d167979b5be81c23d7b5ea
3
+ metadata.gz: 445532339f2a7c592cd2386791ec6dad4423b7cf
4
+ data.tar.gz: c9199103ea5e588100d2c8137e0dd4a4d8fab5d8
5
5
  SHA512:
6
- metadata.gz: 8967dac4b642852dee7ea3c21d3b80e54ea33be10a7e517e8a17fbbc93fc8d0e26f014651bf1d1bdf66f2fc9d66eb7a1f1e3fbfd93a904096078229932215da9
7
- data.tar.gz: 5ed1b7a369277b8de9c9f2c5742efb202f3b974519b8ac2575aa69642bbf372ac00c54f4bafcb4d6ccab462a41222cce311f9715a453945c08ce39a3347982fc
6
+ metadata.gz: f5cc4f2ed37f9a4797e5c44b9e478719c2b870dc80eeb4a63f8bda27268e19f885580f0e38f62a241d406e3459cbe7855b7db50bb9e7a524d6f9405b35372261
7
+ data.tar.gz: e68180568b488a72fff183bfb477d92a977c168817f5b0085420816f79e8f716bedb176bc39013abbe1b85ec53b29b855a0ae5d16a154224ddffb83e73cbb7fd
data/CHANGELOG.md CHANGED
@@ -1,7 +1,37 @@
1
1
  # Change Log
2
2
 
3
- ## [0.29.0](https://github.com/chef/inspec/tree/0.29.0) (2016-08-08)
4
- [Full Changelog](https://github.com/chef/inspec/compare/v0.28.1...0.29.0)
3
+ ## [0.30.0](https://github.com/chef/inspec/tree/0.30.0) (2016-08-12)
4
+ [Full Changelog](https://github.com/chef/inspec/compare/v0.29.0...0.30.0)
5
+
6
+ **Implemented enhancements:**
7
+
8
+ - introduce dependency resolution \(experimental\) [\#891](https://github.com/chef/inspec/pull/891) ([arlimus](https://github.com/arlimus))
9
+ - Improve windows support of omnibus installer [\#890](https://github.com/chef/inspec/pull/890) ([ksubrama](https://github.com/ksubrama))
10
+ - Add omnibus for inspec [\#658](https://github.com/chef/inspec/pull/658) ([chris-rock](https://github.com/chris-rock))
11
+
12
+ **Fixed bugs:**
13
+
14
+ - RHEL postgres data dir is not /var/lib/postgres as coded [\#494](https://github.com/chef/inspec/issues/494)
15
+ - Add readline ignore markers to color escape codes in the shell [\#900](https://github.com/chef/inspec/pull/900) ([stevendanna](https://github.com/stevendanna))
16
+
17
+ **Closed issues:**
18
+
19
+ - `inspec exec` help option does not provide any context sensitive help [\#906](https://github.com/chef/inspec/issues/906)
20
+ - Add windows MSI packaging support to omnibus [\#889](https://github.com/chef/inspec/issues/889)
21
+ - tab-completion support in the inspec command line and in the inspec shell :\) [\#607](https://github.com/chef/inspec/issues/607)
22
+
23
+ **Merged pull requests:**
24
+
25
+ - auto-generate inspec cli docs [\#911](https://github.com/chef/inspec/pull/911) ([arlimus](https://github.com/arlimus))
26
+ - move test suites to allowed failures until travis is fixed [\#904](https://github.com/chef/inspec/pull/904) ([chris-rock](https://github.com/chris-rock))
27
+ - travis experiment: lower docker concurrency [\#902](https://github.com/chef/inspec/pull/902) ([stevendanna](https://github.com/stevendanna))
28
+ - Improve detection of postgresql conf dir and data dir [\#901](https://github.com/chef/inspec/pull/901) ([stevendanna](https://github.com/stevendanna))
29
+ - Add `inspec env` command to configure shell tab-completion [\#896](https://github.com/chef/inspec/pull/896) ([stevendanna](https://github.com/stevendanna))
30
+ - Support regular expressions for Windows registry key [\#892](https://github.com/chef/inspec/pull/892) ([chris-rock](https://github.com/chris-rock))
31
+ - add integration test for windows file and directory [\#880](https://github.com/chef/inspec/pull/880) ([chris-rock](https://github.com/chris-rock))
32
+
33
+ ## [v0.29.0](https://github.com/chef/inspec/tree/v0.29.0) (2016-08-08)
34
+ [Full Changelog](https://github.com/chef/inspec/compare/v0.28.1...v0.29.0)
5
35
 
6
36
  **Implemented enhancements:**
7
37
 
data/Rakefile CHANGED
@@ -157,3 +157,56 @@ task :release_docker do
157
157
  puts "--> #{cmd}"
158
158
  sh('sh', '-c', cmd)
159
159
  end
160
+
161
+ namespace :docs do
162
+ desc 'Create cli docs'
163
+ task :cli do
164
+ res = "=====================================================\n"\
165
+ "InSpec CLI\n"\
166
+ "=====================================================\n\n"\
167
+ "Use the InSpec CLI to run tests and audits against targets "\
168
+ "using local, SSH, WinRM, or Docker connections.\n\n"
169
+
170
+ require 'inspec/cli'
171
+ cmds = Inspec::InspecCLI.all_commands
172
+ cmds.keys.sort.each do |key|
173
+ cmd = cmds[key]
174
+
175
+ res << "#{cmd.usage.split.first}\n"\
176
+ "=====================================================\n\n"
177
+
178
+ res << cmd.description.capitalize
179
+ res << "\n\n"
180
+
181
+ res << "Syntax\n"\
182
+ "-----------------------------------------------------\n\n"
183
+
184
+ res << "This subcommand has the following syntax:\n\n"\
185
+ ".. code-block:: bash\n\n"\
186
+ " $ inspec #{cmd.usage}\n\n"
187
+
188
+ opts = cmd.options.select { |_, o| !o.hide }
189
+ unless opts.empty?
190
+ res << "Options\n"\
191
+ "-----------------------------------------------------\n\n"\
192
+ "This subcommand has additional options:\n\n"
193
+
194
+ opts.keys.sort.each do |option|
195
+ opt = cmd.options[option]
196
+ # TODO: remove when UX of help is reworked 1.0
197
+ usage = opt.usage.split(', ')
198
+ .map { |x| x.tr('[]', '') }
199
+ .map { |x| x.start_with?('-') ? x : '-'+x }
200
+ .map { |x| '``' + x + '``' }
201
+ res << "#{usage.join(', ')}\n #{opt.description}\n\n"
202
+ end
203
+
204
+ end
205
+ res << "\n\n"
206
+ end
207
+
208
+ dst = 'docs/cli.rst'
209
+ File.write(dst, res)
210
+ puts "Documentation generated in #{dst.inspect}"
211
+ end
212
+ end
data/docs/cli.rst ADDED
@@ -0,0 +1,442 @@
1
+ =====================================================
2
+ InSpec CLI
3
+ =====================================================
4
+
5
+ Use the InSpec CLI to run tests and audits against targets using local, SSH, WinRM, or Docker connections.
6
+
7
+ archive
8
+ =====================================================
9
+
10
+ Archive a profile to tar.gz (default) or zip
11
+
12
+ Syntax
13
+ -----------------------------------------------------
14
+
15
+ This subcommand has the following syntax:
16
+
17
+ .. code-block:: bash
18
+
19
+ $ inspec archive PATH
20
+
21
+ Options
22
+ -----------------------------------------------------
23
+
24
+ This subcommand has additional options:
25
+
26
+ ``--ignore-errors``, ``--no-ignore-errors``
27
+ Ignore profile warnings.
28
+
29
+ ``-o``, ``--output=OUTPUT``
30
+ Save the archive to a path
31
+
32
+ ``--overwrite``, ``--no-overwrite``
33
+ Overwrite existing archive.
34
+
35
+ ``--profiles-path=PROFILES_PATH``
36
+ Folder which contains referenced profiles.
37
+
38
+ ``--tar``, ``--no-tar``
39
+ Generates a tar.gz archive.
40
+
41
+ ``--zip``, ``--no-zip``
42
+ Generates a zip archive.
43
+
44
+
45
+
46
+ check
47
+ =====================================================
48
+
49
+ Verify all tests at the specified path
50
+
51
+ Syntax
52
+ -----------------------------------------------------
53
+
54
+ This subcommand has the following syntax:
55
+
56
+ .. code-block:: bash
57
+
58
+ $ inspec check PATH
59
+
60
+ Options
61
+ -----------------------------------------------------
62
+
63
+ This subcommand has additional options:
64
+
65
+ ``--format=FORMAT``
66
+
67
+
68
+ ``--profiles-path=PROFILES_PATH``
69
+ Folder which contains referenced profiles.
70
+
71
+
72
+
73
+ compliance
74
+ =====================================================
75
+
76
+ Chef compliance commands
77
+
78
+ Syntax
79
+ -----------------------------------------------------
80
+
81
+ This subcommand has the following syntax:
82
+
83
+ .. code-block:: bash
84
+
85
+ $ inspec compliance SUBCOMMAND ...
86
+
87
+
88
+
89
+ detect
90
+ =====================================================
91
+
92
+ Detect the target os
93
+
94
+ Syntax
95
+ -----------------------------------------------------
96
+
97
+ This subcommand has the following syntax:
98
+
99
+ .. code-block:: bash
100
+
101
+ $ inspec detect
102
+
103
+ Options
104
+ -----------------------------------------------------
105
+
106
+ This subcommand has additional options:
107
+
108
+ ``-b``, ``--backend=BACKEND``
109
+ Choose a backend: local, ssh, winrm, docker.
110
+
111
+ ``--format=FORMAT``
112
+
113
+
114
+ ``--host=HOST``
115
+ Specify a remote host which is tested.
116
+
117
+ ``--json-config=JSON_CONFIG``
118
+ Read configuration from JSON file (`-` reads from stdin).
119
+
120
+ ``-i``, ``--key-files=one two three``
121
+ Login key or certificate file for a remote scan.
122
+
123
+ ``-l``, ``--log-level=LOG_LEVEL``
124
+ Set the log level: info (default), debug, warn, error
125
+
126
+ ``--password=PASSWORD``
127
+ Login password for a remote scan, if required.
128
+
129
+ ``--path=PATH``
130
+ Login path to use when connecting to the target (WinRM).
131
+
132
+ ``-p``, ``--port=N``
133
+ Specify the login port for a remote scan.
134
+
135
+ ``--self-signed``, ``--no-self-signed``
136
+ Allow remote scans with self-signed certificates (WinRM).
137
+
138
+ ``--ssl``, ``--no-ssl``
139
+ Use SSL for transport layer encryption (WinRM).
140
+
141
+ ``--sudo``, ``--no-sudo``
142
+ Run scans with sudo. Only activates on Unix and non-root user.
143
+
144
+ ``--sudo-command=SUDO_COMMAND``
145
+ Alternate command for sudo.
146
+
147
+ ``--sudo-options=SUDO_OPTIONS``
148
+ Additional sudo options for a remote scan.
149
+
150
+ ``--sudo-password=SUDO_PASSWORD``
151
+ Specify a sudo password, if it is required.
152
+
153
+ ``-t``, ``--target=TARGET``
154
+ Simple targeting option using URIs, e.g. ssh://user:pass@host:port
155
+
156
+ ``--user=USER``
157
+ The login user for a remote scan.
158
+
159
+
160
+
161
+ env
162
+ =====================================================
163
+
164
+ Output shell-appropriate completion configuration
165
+
166
+ Syntax
167
+ -----------------------------------------------------
168
+
169
+ This subcommand has the following syntax:
170
+
171
+ .. code-block:: bash
172
+
173
+ $ inspec env
174
+
175
+
176
+
177
+ exec
178
+ =====================================================
179
+
180
+ Run all test files at the specified path.
181
+
182
+ Syntax
183
+ -----------------------------------------------------
184
+
185
+ This subcommand has the following syntax:
186
+
187
+ .. code-block:: bash
188
+
189
+ $ inspec exec PATHS
190
+
191
+ Options
192
+ -----------------------------------------------------
193
+
194
+ This subcommand has additional options:
195
+
196
+ ``--attrs=one two three``
197
+ Load attributes file (experimental)
198
+
199
+ ``-b``, ``--backend=BACKEND``
200
+ Choose a backend: local, ssh, winrm, docker.
201
+
202
+ ``--color``, ``--no-color``
203
+ Use colors in output.
204
+
205
+ ``--controls=one two three``
206
+ A list of controls to run. Ignore all other tests.
207
+
208
+ ``--format=FORMAT``
209
+ Which formatter to use: cli, progress, documentation, json, json-min
210
+
211
+ ``--host=HOST``
212
+ Specify a remote host which is tested.
213
+
214
+ ``--json-config=JSON_CONFIG``
215
+ Read configuration from JSON file (`-` reads from stdin).
216
+
217
+ ``-i``, ``--key-files=one two three``
218
+ Login key or certificate file for a remote scan.
219
+
220
+ ``-l``, ``--log-level=LOG_LEVEL``
221
+ Set the log level: info (default), debug, warn, error
222
+
223
+ ``--password=PASSWORD``
224
+ Login password for a remote scan, if required.
225
+
226
+ ``--path=PATH``
227
+ Login path to use when connecting to the target (WinRM).
228
+
229
+ ``-p``, ``--port=N``
230
+ Specify the login port for a remote scan.
231
+
232
+ ``--profiles-path=PROFILES_PATH``
233
+ Folder which contains referenced profiles.
234
+
235
+ ``--self-signed``, ``--no-self-signed``
236
+ Allow remote scans with self-signed certificates (WinRM).
237
+
238
+ ``--ssl``, ``--no-ssl``
239
+ Use SSL for transport layer encryption (WinRM).
240
+
241
+ ``--sudo``, ``--no-sudo``
242
+ Run scans with sudo. Only activates on Unix and non-root user.
243
+
244
+ ``--sudo-command=SUDO_COMMAND``
245
+ Alternate command for sudo.
246
+
247
+ ``--sudo-options=SUDO_OPTIONS``
248
+ Additional sudo options for a remote scan.
249
+
250
+ ``--sudo-password=SUDO_PASSWORD``
251
+ Specify a sudo password, if it is required.
252
+
253
+ ``-t``, ``--target=TARGET``
254
+ Simple targeting option using URIs, e.g. ssh://user:pass@host:port
255
+
256
+ ``--user=USER``
257
+ The login user for a remote scan.
258
+
259
+
260
+
261
+ help
262
+ =====================================================
263
+
264
+ Describe available commands or one specific command
265
+
266
+ Syntax
267
+ -----------------------------------------------------
268
+
269
+ This subcommand has the following syntax:
270
+
271
+ .. code-block:: bash
272
+
273
+ $ inspec help [COMMAND]
274
+
275
+
276
+
277
+ init
278
+ =====================================================
279
+
280
+ Scaffolds a new project
281
+
282
+ Syntax
283
+ -----------------------------------------------------
284
+
285
+ This subcommand has the following syntax:
286
+
287
+ .. code-block:: bash
288
+
289
+ $ inspec init TEMPLATE ...
290
+
291
+
292
+
293
+ json
294
+ =====================================================
295
+
296
+ Read all tests in path and generate a json summary
297
+
298
+ Syntax
299
+ -----------------------------------------------------
300
+
301
+ This subcommand has the following syntax:
302
+
303
+ .. code-block:: bash
304
+
305
+ $ inspec json PATH
306
+
307
+ Options
308
+ -----------------------------------------------------
309
+
310
+ This subcommand has additional options:
311
+
312
+ ``--controls=one two three``
313
+ A list of controls to include. Ignore all other tests.
314
+
315
+ ``-o``, ``--output=OUTPUT``
316
+ Save the created profile to a path
317
+
318
+ ``--profiles-path=PROFILES_PATH``
319
+ Folder which contains referenced profiles.
320
+
321
+
322
+
323
+ scap
324
+ =====================================================
325
+
326
+ Scap commands
327
+
328
+ Syntax
329
+ -----------------------------------------------------
330
+
331
+ This subcommand has the following syntax:
332
+
333
+ .. code-block:: bash
334
+
335
+ $ inspec scap SUBCOMMAND ...
336
+
337
+
338
+
339
+ shell
340
+ =====================================================
341
+
342
+ Open an interactive debugging shell
343
+
344
+ Syntax
345
+ -----------------------------------------------------
346
+
347
+ This subcommand has the following syntax:
348
+
349
+ .. code-block:: bash
350
+
351
+ $ inspec shell
352
+
353
+ Options
354
+ -----------------------------------------------------
355
+
356
+ This subcommand has additional options:
357
+
358
+ ``-b``, ``--backend=BACKEND``
359
+ Choose a backend: local, ssh, winrm, docker.
360
+
361
+ ``-c``, ``--command=COMMAND``
362
+
363
+
364
+ ``--host=HOST``
365
+ Specify a remote host which is tested.
366
+
367
+ ``--json-config=JSON_CONFIG``
368
+ Read configuration from JSON file (`-` reads from stdin).
369
+
370
+ ``-i``, ``--key-files=one two three``
371
+ Login key or certificate file for a remote scan.
372
+
373
+ ``-l``, ``--log-level=LOG_LEVEL``
374
+ Set the log level: info (default), debug, warn, error
375
+
376
+ ``--password=PASSWORD``
377
+ Login password for a remote scan, if required.
378
+
379
+ ``--path=PATH``
380
+ Login path to use when connecting to the target (WinRM).
381
+
382
+ ``-p``, ``--port=N``
383
+ Specify the login port for a remote scan.
384
+
385
+ ``--self-signed``, ``--no-self-signed``
386
+ Allow remote scans with self-signed certificates (WinRM).
387
+
388
+ ``--ssl``, ``--no-ssl``
389
+ Use SSL for transport layer encryption (WinRM).
390
+
391
+ ``--sudo``, ``--no-sudo``
392
+ Run scans with sudo. Only activates on Unix and non-root user.
393
+
394
+ ``--sudo-command=SUDO_COMMAND``
395
+ Alternate command for sudo.
396
+
397
+ ``--sudo-options=SUDO_OPTIONS``
398
+ Additional sudo options for a remote scan.
399
+
400
+ ``--sudo-password=SUDO_PASSWORD``
401
+ Specify a sudo password, if it is required.
402
+
403
+ ``-t``, ``--target=TARGET``
404
+ Simple targeting option using URIs, e.g. ssh://user:pass@host:port
405
+
406
+ ``--user=USER``
407
+ The login user for a remote scan.
408
+
409
+
410
+
411
+ supermarket
412
+ =====================================================
413
+
414
+ Supermarket commands
415
+
416
+ Syntax
417
+ -----------------------------------------------------
418
+
419
+ This subcommand has the following syntax:
420
+
421
+ .. code-block:: bash
422
+
423
+ $ inspec supermarket SUBCOMMAND ...
424
+
425
+
426
+
427
+ version
428
+ =====================================================
429
+
430
+ Prints the version of this tool
431
+
432
+ Syntax
433
+ -----------------------------------------------------
434
+
435
+ This subcommand has the following syntax:
436
+
437
+ .. code-block:: bash
438
+
439
+ $ inspec version
440
+
441
+
442
+