inspec 0.30.0 → 0.31.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 445532339f2a7c592cd2386791ec6dad4423b7cf
-  data.tar.gz: c9199103ea5e588100d2c8137e0dd4a4d8fab5d8
+  metadata.gz: 7863d5430d9891f4ec8895d615bb134047a237ee
+  data.tar.gz: 7b8b6d69f358812cd69aa40042f4a6bd0a2d52b7
 SHA512:
-  metadata.gz: f5cc4f2ed37f9a4797e5c44b9e478719c2b870dc80eeb4a63f8bda27268e19f885580f0e38f62a241d406e3459cbe7855b7db50bb9e7a524d6f9405b35372261
-  data.tar.gz: e68180568b488a72fff183bfb477d92a977c168817f5b0085420816f79e8f716bedb176bc39013abbe1b85ec53b29b855a0ae5d16a154224ddffb83e73cbb7fd
+  metadata.gz: 37d29c938cc8e6d234d27aaf92bf438eff4be4d4394469468ccf7b570f91165bb1d262e0c4c0594672e6b6d520cf8fe785fe883468a74d0553eb015ab181953f
+  data.tar.gz: 72ab6035eddcb9e64bed98d64fd9f38e3e6e30839786a073b08bf3fb9c4e4728e943753c353b4b31cbc745d60096e28fee4944c10f3d4a6685ad977294119d16

data/CHANGELOG.md

@@ -1,7 +1,55 @@
 # Change Log
 
-## [0.30.0](https://github.com/chef/inspec/tree/0.30.0) (2016-08-12)
-[Full Changelog](https://github.com/chef/inspec/compare/v0.29.0...0.30.0)
+## [0.31.0](https://github.com/chef/inspec/tree/0.31.0) (2016-08-19)
+[Full Changelog](https://github.com/chef/inspec/compare/v0.30.0...0.31.0)
+
+**Implemented enhancements:**
+
+- Support writing full tests in inspec shell [\#240](https://github.com/chef/inspec/issues/240)
+- inspec shell documentation - Fix \#805 [\#925](https://github.com/chef/inspec/pull/925) ([ksubrama](https://github.com/ksubrama))
+- Windows ports with pid and process name [\#912](https://github.com/chef/inspec/pull/912) ([alexpop](https://github.com/alexpop))
+- Improve inspec shell by having it evaluate describe/control blocks. [\#909](https://github.com/chef/inspec/pull/909) ([ksubrama](https://github.com/ksubrama))
+
+**Fixed bugs:**
+
+- `inspec login help` help text inconsistent with `inspec` CLI usage [\#905](https://github.com/chef/inspec/issues/905)
+- Subcommand help outputs incorrect usage line [\#895](https://github.com/chef/inspec/issues/895)
+- `inspec compliance version` fails with stacktrace if no compliance URL is configured [\#894](https://github.com/chef/inspec/issues/894)
+- `inspec` binary occasionally exits zero on SSH failures [\#840](https://github.com/chef/inspec/issues/840)
+- inspec login fails [\#793](https://github.com/chef/inspec/issues/793)
+- ssh\_config and sshd\_config matchers should be case-insensitive [\#759](https://github.com/chef/inspec/issues/759)
+- Login succeeds but later commands fail [\#731](https://github.com/chef/inspec/issues/731)
+- passwd resource does not ignore comments [\#725](https://github.com/chef/inspec/issues/725)
+- remove tests and dev dependencies from released gem [\#924](https://github.com/chef/inspec/pull/924) ([arlimus](https://github.com/arlimus))
+- update dependencies and loosen molinillo [\#917](https://github.com/chef/inspec/pull/917) ([arlimus](https://github.com/arlimus))
+- Handle xinetd config with only one entry [\#846](https://github.com/chef/inspec/pull/846) ([chris-rock](https://github.com/chris-rock))
+
+**Closed issues:**
+
+- Document InSpec Shell [\#805](https://github.com/chef/inspec/issues/805)
+
+**Merged pull requests:**
+
+- fix functional test for compliance plugin [\#941](https://github.com/chef/inspec/pull/941) ([chris-rock](https://github.com/chris-rock))
+- give accurate information for inspec compliance login --help [\#938](https://github.com/chef/inspec/pull/938) ([vjeffrey](https://github.com/vjeffrey))
+- Document awesome where syntax for port [\#937](https://github.com/chef/inspec/pull/937) ([pburkholder](https://github.com/pburkholder))
+- Fetch deps based on urls [\#935](https://github.com/chef/inspec/pull/935) ([stevendanna](https://github.com/stevendanna))
+- Ease testing of compliance integration tests [\#934](https://github.com/chef/inspec/pull/934) ([chris-rock](https://github.com/chris-rock))
+- restructure unit tests [\#933](https://github.com/chef/inspec/pull/933) ([chris-rock](https://github.com/chris-rock))
+- return token stored message on login [\#932](https://github.com/chef/inspec/pull/932) ([vjeffrey](https://github.com/vjeffrey))
+- fail gracefully on inspec compliance profiles when bad token is provided [\#930](https://github.com/chef/inspec/pull/930) ([vjeffrey](https://github.com/vjeffrey))
+- Fix recursive deps for path-based deps [\#929](https://github.com/chef/inspec/pull/929) ([stevendanna](https://github.com/stevendanna))
+- fix integration tests for Chef Compliance [\#928](https://github.com/chef/inspec/pull/928) ([chris-rock](https://github.com/chris-rock))
+- Remove false username/passwd msg from inspec compliance login [\#927](https://github.com/chef/inspec/pull/927) ([vjeffrey](https://github.com/vjeffrey))
+- inspec compliance version fails gracefully when no server config [\#926](https://github.com/chef/inspec/pull/926) ([vjeffrey](https://github.com/vjeffrey))
+- add kitchen.yml for non-public kitchen boxes [\#922](https://github.com/chef/inspec/pull/922) ([chris-rock](https://github.com/chris-rock))
+- Ignore comment lines in /etc/passwd [\#920](https://github.com/chef/inspec/pull/920) ([stevendanna](https://github.com/stevendanna))
+- ssh\_config parse should be case insensitive [\#919](https://github.com/chef/inspec/pull/919) ([vjeffrey](https://github.com/vjeffrey))
+- add ssl resource \(early access\) [\#914](https://github.com/chef/inspec/pull/914) ([arlimus](https://github.com/arlimus))
+- Add iis\_site resource [\#907](https://github.com/chef/inspec/pull/907) ([chrisevett](https://github.com/chrisevett))
+
+## [v0.30.0](https://github.com/chef/inspec/tree/v0.30.0) (2016-08-12)
+[Full Changelog](https://github.com/chef/inspec/compare/v0.29.0...v0.30.0)
 
 **Implemented enhancements:**
 

data/Gemfile

@@ -18,10 +18,11 @@ group :test do
   gem 'rubocop', '~> 0.36.0'
   gem 'simplecov', '~> 0.10'
   gem 'concurrent-ruby', '~> 0.9'
+  gem 'mocha', '~> 1.1'
 end
 
 group :integration do
-  gem 'berkshelf', '~> 4.0'
+  gem 'berkshelf', '~> 4.3'
   gem 'test-kitchen', '~> 1.6'
   gem 'kitchen-vagrant'
   gem 'kitchen-inspec', '0.12.5'

data/docs/cli.rst

@@ -320,22 +320,6 @@ This subcommand has additional options:
 
 
 
-scap
-=====================================================
-
-Scap commands
-
-Syntax
------------------------------------------------------
-
-This subcommand has the following syntax:
-
-.. code-block:: bash
-
-   $ inspec scap SUBCOMMAND ...
-
-
-
 shell
 =====================================================
 
@@ -359,7 +343,7 @@ This subcommand has additional options:
    Choose a backend: local, ssh, winrm, docker.
 
 ``-c``, ``--command=COMMAND``
-
+   A single command string to run instead of launching the shell
 
 ``--host=HOST``
    Specify a remote host which is tested.

data/docs/resources.rst

@@ -21,6 +21,7 @@ The following InSpec audit resources are available:
 * `group <https://github.com/chef/inspec/blob/master/docs/resources.rst#group-1/>`_
 * `grub_conf`_
 * `host`_
+* `iis_site`_
 * `inetd_conf`_
 * `interface`_
 * `iptables`_
@@ -1799,6 +1800,107 @@ The following examples show how to use this InSpec audit resource.
    end
 
 
+iis_site
+=====================================================
+Tests the status, path, bindings, and application pool of an IIS website. Supported in windows 2012 and higher.
+
+**Stability: Experimental**
+
+Syntax
+-----------------------------------------------------
+An ``iis_site`` |inspec resource| block declares the IIS web site properties to be tested:
+
+.. code-block:: ruby
+describe iis_site('website') do
+  it { should exist }
+  it { should be_running }
+  it { should have_app_pool('app_pool') }
+  it { should have_binding('https :443:www.contoso.com sslFlags=0') }
+  it { should have_path('C:\\inetpub\\wwwroot') }
+end
+
+where
+
+* ``iis_site()`` must specify a web site name
+* ``'website'`` is the web site name
+* ``have_app_pool('my_app_pool')`` tests that our site belongs to the 'my_app_pool' application pool
+* ``have_binding('my_binding')`` tests that our site has the specified binding. my_binding should be in the format of the default output from the Get-Website powershell cmdlet
+
+Matchers
+-----------------------------------------------------
+This InSpec audit resource has the following matchers.
+
+exist
++++++++++++++++++++++++++++++++++++++++++++++++++++++
+The ``exist`` matcher tests if the website exists in IIS:
+
+.. code-block:: ruby
+
+   it { should exist }
+
+be_running
++++++++++++++++++++++++++++++++++++++++++++++++++++++
+The ``be_running`` matcher tests if the IIS site is running
+
+.. code-block:: ruby
+
+   it { should be_running }
+
+have_app_pool
++++++++++++++++++++++++++++++++++++++++++++++++++++++
+The ``have_app_pool`` matcher tests if the IIS site belongs in the specified application pool
+
+.. code-block:: ruby
+
+   it { should have_app_pool('Default App Pool') }
+
+have_binding
++++++++++++++++++++++++++++++++++++++++++++++++++++++
+The ``have_binding`` matcher tests if the IIS site has the specified binding
+
+.. code-block:: ruby
+
+   it { should have_binding('http :80:*' ) }
+
+have_path
++++++++++++++++++++++++++++++++++++++++++++++++++++++
+The ``have_path`` matcher tests if the IIS site is located in the specified path
+
+.. code-block:: ruby
+
+   it { should have_path('c:\\inetpub\\wwwroot\\my_site') }
+
+
+Examples
+-----------------------------------------------------
+The following examples show how to use this InSpec audit resource.
+
+**Test if a web site 'My Site' is running and is located on disk at c:\\mysite**
+
+.. code-block:: ruby
+
+   describe iis_site('My Site') do
+     it { should be_running }
+     it { should have_path('c:\\mysite') }
+   end
+
+**Test to see if 'Default Web Site' has been removed**
+
+.. code-block:: ruby
+
+   describe iis_site('Default Web Site') do
+     it { should_not exist }
+   end
+
+**Test 'New Website' is running in Default App Pool and listening on port 80 via http**
+
+.. code-block:: ruby
+
+   describe iis_site('New Website') do
+     it { should have_app_pool('app_pool') }
+     it { should have_binding('http :80:*') }
+   end
+
 
 
 inetd_conf
@@ -3462,6 +3564,18 @@ A ``port`` |inspec resource| block declares a port, and then depending on what n
 
 where the ``processes`` returns the processes listening on port 514.
 
+or:
+
+.. code-block:: ruby
+
+   describe port.where { protocol =~ /tcp/ && port > 22 && port < 80 } do
+     it { should_not be_listening }
+   end
+
+where
+
+* ``.where{}`` may specify a block to filter on attributes: port, address, protocol, process, pid, listening?
+
 Matchers
 -----------------------------------------------------
 This InSpec audit resource has the following matchers.
@@ -3554,6 +3668,20 @@ This check can be implemented in two equivalent ways:
      it { should be_listening }
    end
 
+**Test that no ports above 80 are listening**
+
+.. code-block:: ruby
+
+   describe port.where { protocol =~ /tcp/ && port > 80 } do
+     it { should_not be_listening }
+   end
+
+**Tests that only httpd and sshd are listening**
+
+   describe port.where { listening? } do
+    its('processes') { should contain_exactly('sshd','httpd') }
+   end
+
 postgres_conf
 =====================================================
 Use the ``postgres_conf`` |inspec resource| to test the contents of the configuration file for |postgresql|, typically located at ``/etc/postgresql/<version>/main/postgresql.conf`` or ``/var/lib/postgres/data/postgresql.conf``, depending on the platform.

data/docs/shell.rst

@@ -0,0 +1,130 @@
+=====================================================
+InSpec Shell Usage
+=====================================================
+
+The InSpec interactive shell is a pry based REPL that can be used to quickly run InSpec controls and tests without having to write it to a file.  Its functionality is similar to ``chef shell`` - it provides a way to exercise the InSpec DSL, its resources, tests and plugins without having to create a profile or write a test file.  See http://pryrepl.org/ for an introduction to what pry is and what it can do.
+
+
+Launching the shell
+-----------------------------------------------------
+
+If you are using InSpec from a platform-specific package (rpm, msi, etc.) or from a chef prepared shell in ChefDK, you can directly launch InSpec shell against your local machine using the following.  See https://docs.chef.io/install_dk.html#set-system-ruby for details.
+
+.. code-block:: bash
+
+    $ inspec shell
+    $ inspec help shell # This will describe inspec shell usage
+
+If you wish to connect to a remote machine (called a target within InSpec), you can use the ``-t`` flag.  We support connecting using ssh, WinRm and docker.  If no target is provided, we implicitly support the "local" target - i.e. tests running on the current machine running InSpec.  For an ssh connection, use ``-i`` for specifying ssh key files, and the ``--sudo*`` commands for requesting a privelege escalation after logging in.  For a WinRM connection, use ``--path`` to change the login path, ``--ssl`` to use SSL for transport layer encryption.
+
+.. code-block:: bash
+
+    $ inspec shell -t ssh://root@192.168.64.2:11022  # Login to remote machine using ssh as root.
+    $ inspec shell -t ssh://user@hostname:1234 -i /path/to/user_key  # Login to hostname on port 1234 as user using given ssh key.
+    $ inspec shell -t winrm://UserName:Password@windowsmachine:1234  # Login to windowsmachine over WinRM as UserName.
+    $ inspec shell -t docker://container_id # Login to a docker container.
+
+
+Using Ruby in InSpec shell
+-----------------------------------------------------
+
+Since InSpec shell is pry based, you may treat the shell as an interactive Ruby session.  You may write Ruby expressions and evaluate them.  Source high-lighting, automatic indentation and command history (using the up and down arrow keys) are available to make your experience more delightful.  You can exit the shell using ``exit``.
+
+.. code-block:: bash
+
+    $ inspec shell
+    Welcome to the interactive InSpec Shell
+    To find out how to use it, type: help
+
+    inspec> 1 + 2
+    => 3
+    inspec> exit
+
+
+Using InSpec DSL in InSpec shell
+-----------------------------------------------------
+
+InSpec shell will automatically evaluate the result of every command as if it were a test file.  If you type in a Ruby command that is not an InSpec control or test, the shell will evaluate it as if it were a regular ruby command.
+
+Bare InSpec resources are instantiated and their help text is presented.  You may also access the resource contents or other matchers that they define.  Run ``help <resource>`` to get more help on using a particular resource or see the InSpec resources documentation online.
+
+.. code-block:: bash
+
+    $ inspec shell
+    Welcome to the interactive InSpec Shell
+    To find out how to use it, type: help
+
+    inspec> file('/Users/ksubramanian').directory?
+    => true
+    inspec> os_env('HOME')
+    => Environment variable HOME
+    inspec> os_env('HOME').content
+    => /Users/ksubramanian
+    inspec> exit
+
+InSpec tests are immediately executed.
+
+
+.. code-block:: bash
+
+    inspec> describe file('/Users')     # Empty test.
+    Summary: 0 successful, 0 failures, 0 skipped
+    inspec> describe file('/Users') do  # Test with one check.
+    inspec>   it { should exist }
+    inspec> end
+      ✔  File /Users should exist
+
+    Summary: 1 successful, 0 failures, 0 skipped
+
+
+All tests in a control are immediately executed as well.  If a control is redefined in the shell, the old control's tests are destroyed and replaced with the redefinition and the control is re-run.
+
+.. code-block:: bash
+
+    inspec> control 'my_control' do
+    inspec>   describe os_env('HOME') do
+    inspec>     its('content') { should eq '/Users/ksubramanian' }
+    inspec>   end
+    inspec> end
+      ✔  my_control: Environment variable HOME content should eq "/Users/ksubramanian"
+
+      Summary: 1 successful, 0 failures, 0 skipped
+
+Syntax errors are illegal tests are also detected and reported.
+
+
+.. code-block:: bash
+
+    inspec> control 'foo' do
+    inspec>   thisisnonsense
+    inspec> end
+    NameError: undefined local variable or method `thisisnonsense' for #<#<Class:0x007fd63b571f98>:0x007fd639825cc8>
+    from /usr/local/lib/ruby/gems/2.3.0/gems/rspec-expectations-3.5.0/lib/rspec/matchers.rb:967:in `method_missing'
+    inspec> control 'foo' do
+    inspec>   describe file('wut') do
+    inspec>     its('thismakesnosense') { should cmp 'fail' }
+    inspec>   end
+    inspec> end
+      ✖  foo: File wut thismakesnosense  (undefined method `thismakesnosense' for File wut:Inspec::Resource::Registry::File)
+
+      Summary: 0 successful, 1 failures, 0 skipped
+
+
+Running a single InSpec command
+-----------------------------------------------------
+
+If you wish to run a single InSpec command and fetch its results, you may use the ``-c`` flag.  This is similar to using ``bash -c``.
+
+.. code-block:: bash
+    $ inspec shell -c 'describe file("/Users/ksubramanian") do it { should exist } end'
+
+    Target:  local://
+
+      ✔  File /Users/ksubramanian should exist
+
+    Summary: 1 successful, 0 failures, 0 skipped
+
+
+.. code-block:: bash
+    $ inspec shell --format json -c 'describe file("/Users/ksubramanian") do it { should exist } end'
+    {"version":"0.30.0","profiles":{"":{"supports":[],"controls":{"(generated from in_memory.rb:1 5aab65c33fb1f133d9244017958eef64)":{"title":null,"desc":null,"impact":0.5,"refs":[],"tags":{},"code":"          rule = rule_class.new(id, profile_id, {}) do\n            res = describe(*args, &block)\n          end\n","source_location":{"ref":"/Users/ksubramanian/repo/chef/inspec/lib/inspec/profile_context.rb","line":184},"results":[{"status":"passed","code_desc":"File /Users/ksubramanian should exist","run_time":0.000747,"start_time":"2016-08-16 11:41:40 -0400"}]}},"groups":{"in_memory.rb":{"title":null,"controls":["(generated from in_memory.rb:1 5aab65c33fb1f133d9244017958eef64)"]}},"attributes":[]}},"other_checks":[],"summary":{"duration":0.001078,"example_count":1,"failure_count":0,"skip_count":0}}

data/inspec.gemspec

@@ -17,7 +17,7 @@ Gem::Specification.new do |spec|
     README.md Rakefile MAINTAINERS.toml MAINTAINERS.md LICENSE inspec.gemspec
     Gemfile CHANGELOG.md .rubocop.yml
   } + Dir.glob(
-    '{bin,docs,examples,lib,tasks,test}/**/*', File::FNM_DOTMATCH
+    '{bin,docs,examples,lib}/**/*', File::FNM_DOTMATCH
   ).reject { |f| File.directory?(f) }
 
   spec.executables   = %w{ inspec }
@@ -34,7 +34,6 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'rspec-its', '~> 1.2'
   spec.add_dependency 'pry', '~> 0'
   spec.add_dependency 'hashie', '~> 3.4'
-  spec.add_dependency 'molinillo', '~> 0.5'
-
-  spec.add_development_dependency 'mocha', '~> 1.1'
+  spec.add_dependency 'molinillo', '~> 0'
+  spec.add_dependency 'sslshake', '~> 1'
 end

data/lib/bundles/inspec-compliance/.kitchen.yml

@@ -11,7 +11,6 @@ provisioner:
 
 verifier:
   name: inspec
-  sudo: true
 
 platforms:
   - name: ubuntu-14.04

data/lib/bundles/inspec-compliance/README.md

@@ -117,8 +117,10 @@ Pending: (Failures listed here are expected and do not affect your suite's statu
 
 Finished in 0.02862 seconds (files took 0.62628 seconds to load)
 5 examples, 0 failures, 1 pending
+```
+
+# Logout from Chef Compliance
 
-# logout from Chef Compliance
 ```
 $ inspec compliance logout
 Successfully logged out
@@ -130,11 +132,14 @@ At this point of time, InSpec is not able to pick up the token directly, therefo
 
  * run `kitchen converge`
  * open https://192.168.251.2 and log in with user `admin` and password `admin`
- * click on user->about and obtain the refresh token
+ * click on user->about and obtain the access token and the refresh token
  * run `kitchen verify` with the required env variables:
 
 ```
-COMPLIANCE_REFRESH_TOKEN=myrefreshtoken COMPLIANCE_ACCESS_TOKEN=mycompliancetoken b kitchen verify
+# both token need to be set, since the test suite runs for each token type
+export COMPLIANCE_ACCESSTOKEN='mycompliancetoken'
+export COMPLIANCE_REFRESHTOKEN='myrefreshtoken'
+kitchen verify
 -----> Starting Kitchen (v1.7.3)
 -----> Verifying <default-ubuntu-1404>...
        Search `/Users/chartmann/Development/compliance/inspec/lib/bundles/inspec-compliance/test/integration/default` for tests

data/lib/bundles/inspec-compliance/api.rb

@@ -27,16 +27,24 @@ module Compliance
       # TODO, api should not be dependent on .supported?
       response = Compliance::HTTP.get(url, config['token'], config['insecure'], !config.supported?(:oidc))
       data = response.body
-      if !data.nil?
+      response_code = response.code
+      case response_code
+      when '200'
+        msg = 'success'
         profiles = JSON.parse(data)
         # iterate over profiles
-        profiles.map do |owner, ps|
+        mapped_profiles = profiles.map do |owner, ps|
           ps.keys.map do |name|
             { org: owner, name: name }
           end
         end.flatten
+        return msg, mapped_profiles
+      when '401'
+        msg = '401 Unauthorized. Please check your token.'
+        return msg, []
       else
-        []
+        msg = "An unexpected error occurred (HTTP #{response_code}): #{response.message}"
+        return msg, []
       end
     end
 
@@ -44,8 +52,15 @@ module Compliance
     # NB this method does not use Compliance::Configuration to allow for using
     # it before we know the version (e.g. oidc or not)
     def self.version(url, insecure)
-      response = Compliance::HTTP.get(url+'/version', nil, insecure)
-      data = response.body
+      if url.nil?
+        puts "
+Server configuration information is missing.
+Please login using `inspec compliance login https://compliance.test --user admin --insecure --token 'PASTE TOKEN HERE' `
+"
+      else
+        response = Compliance::HTTP.get(url+'/version', nil, insecure)
+        data = response.body
+      end
       if !data.nil?
         JSON.parse(data)
       else
@@ -55,7 +70,7 @@ module Compliance
 
     # verifies that a profile
     def self.exist?(config, profile)
-      profiles = Compliance::API.profiles(config)
+      _msg, profiles = Compliance::API.profiles(config)
       if !profiles.empty?
         index = profiles.index { |p| "#{p[:org]}/#{p[:name]}" == profile }
         !index.nil? && index >= 0

data/lib/bundles/inspec-compliance/bootstrap.sh

@@ -20,18 +20,22 @@ sudo apt-get install chef-compliance
 sudo chef-compliance-ctl reconfigure --accept-license
 sudo chef-compliance-ctl restart
 
-# build master version of inspec
-sudo /opt/chef-compliance/embedded/bin/gem list inspec
-
-cd /inspec
-sudo /opt/chef-compliance/embedded/bin/gem build *.gemspec
-sudo /opt/chef-compliance/embedded/bin/gem install inspec*.gem
-sudo /opt/chef-compliance/embedded/bin/inspec version
-sudo /opt/chef-compliance/embedded/bin/gem list inspec
-
 # finalize setup
 cd /
 /opt/chef-compliance/embedded/service/core/bin/core setup --endpoint "http://127.0.0.1:10500/setup" --login "admin" --password "admin" --name "John Doe" --accept-eula
 
 # wget --no-check-certificate http://127.0.0.1/api/version
 # cat version
+
+# install ruby 2.3
+sudo apt-get install -y software-properties-common
+sudo apt-add-repository -y ppa:brightbox/ruby-ng
+sudo apt-get update
+sudo apt-get install -y ruby2.3 ruby2.3-dev
+ruby2.3 -v
+
+# prepare the usage of bundler
+sudo gem install bundler
+cd /inspec
+bundle install
+BUNDLE_GEMFILE=/inspec/Gemfile bundle exec inspec version

data/lib/bundles/inspec-compliance/cli.rb

@@ -9,8 +9,16 @@ module Compliance
   class ComplianceCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
     namespace 'compliance'
 
-    desc 'login SERVER', 'Log in to a Chef Compliance SERVER'
-    option :server, type: :string, desc: 'Chef Compliance Server URL'
+    # TODO: find another solution, once https://github.com/erikhuda/thor/issues/261 is fixed
+    def self.banner(command, _namespace = nil, _subcommand = false)
+      "#{basename} #{subcommand_prefix} #{command.usage}"
+    end
+
+    def self.subcommand_prefix
+      namespace
+    end
+
+    desc "login SERVER --insecure --user='USER' --token='TOKEN'", 'Log in to a Chef Compliance SERVER'
     option :insecure, aliases: :k, type: :boolean,
       desc: 'Explicitly allows InSpec to perform "insecure" SSL connections and transfers'
     option :user, type: :string, required: false,
@@ -23,36 +31,29 @@ module Compliance
       desc: 'Chef Compliance access token'
     option :refresh_token, type: :string, required: false,
       desc: 'Chef Compliance refresh token'
-    def login(server) # rubocop:disable Metrics/AbcSize, PerceivedComplexity
+    def login(server) # rubocop:disable Metrics/AbcSize
       # show warning if the Compliance Server does not support
-      if !Compliance::Configuration.new.supported?(:oidc)
-        puts 'Your server supports --user and --password only'
-      end
 
       options['server'] = server
       url = options['server'] + options['apipath']
       if !options['user'].nil? && !options['password'].nil?
         # username / password
-        success, msg = login_legacy(url, options['user'], options['password'], options['insecure'])
+        _success, msg = login_legacy(url, options['user'], options['password'], options['insecure'])
       elsif !options['user'].nil? && !options['token'].nil?
         # access token
-        success, msg = store_access_token(url, options['user'], options['token'], options['insecure'])
+        _success, msg = store_access_token(url, options['user'], options['token'], options['insecure'])
       elsif !options['refresh_token'].nil? && !options['user'].nil?
         # refresh token
-        success, msg = store_refresh_token(url, options['refresh_token'], true, options['user'], options['insecure'])
+        _success, msg = store_refresh_token(url, options['refresh_token'], true, options['user'], options['insecure'])
         # TODO: we should login with the refreshtoken here
       elsif !options['refresh_token'].nil?
-        success, msg = login_refreshtoken(url, options)
+        _success, msg = login_refreshtoken(url, options)
       else
-        puts 'Please run `inspec compliance login` with options --token or --refresh_token and --user'
+        puts 'Please run `inspec compliance login SERVER` with options --token or --refresh_token, --user, and --insecure or --not-insecure'
         exit 1
       end
 
-      if success
-        puts 'Successfully authenticated'
-      else
-        puts msg
-      end
+      puts '', msg
     end
 
     desc 'profiles', 'list all available profiles in Chef Compliance'
@@ -60,7 +61,7 @@ module Compliance
       config = Compliance::Configuration.new
       return if !loggedin(config)
 
-      profiles = Compliance::API.profiles(config)
+      msg, profiles = Compliance::API.profiles(config)
       if !profiles.empty?
         # iterate over profiles
         headline('Available profiles:')
@@ -68,7 +69,8 @@ module Compliance
           li("#{profile[:org]}/#{profile[:name]}")
         }
       else
-        puts 'Could not find any profiles'
+        puts msg, 'Could not find any profiles'
+        exit 1
       end
     end
 
@@ -160,6 +162,7 @@ module Compliance
       else
         puts 'Error during profile upload:'
         puts msg
+        exit 1
       end
     end
 
@@ -171,6 +174,7 @@ module Compliance
         puts "Chef Compliance version: #{info['version']}"
       else
         puts 'Could not determine server version.'
+        exit 1
       end
     end
 
@@ -223,7 +227,7 @@ module Compliance
           success = true
           msg = 'Successfully authenticated'
         else
-          msg = 'Reponse does not include a token'
+          msg = 'Response does not include a token'
         end
       else
         msg = "Authentication failed for Server: #{url}"

data/lib/bundles/inspec-compliance/target.rb

@@ -15,6 +15,7 @@ module Compliance
     priority 500
 
     def self.resolve(target, _opts = {})
+      return nil unless target.is_a?(String)
       # check for local scheme compliance://
       uri = URI(target)
       return nil unless URI(uri).scheme == 'compliance'