inspec 0.31.0 → 0.32.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7863d5430d9891f4ec8895d615bb134047a237ee
-  data.tar.gz: 7b8b6d69f358812cd69aa40042f4a6bd0a2d52b7
+  metadata.gz: 0d4137116907e9d6bee7f88e2a1ec7c16372ee1c
+  data.tar.gz: 0c88924d165b05a9765a940197c3b3e779ba09f1
 SHA512:
-  metadata.gz: 37d29c938cc8e6d234d27aaf92bf438eff4be4d4394469468ccf7b570f91165bb1d262e0c4c0594672e6b6d520cf8fe785fe883468a74d0553eb015ab181953f
-  data.tar.gz: 72ab6035eddcb9e64bed98d64fd9f38e3e6e30839786a073b08bf3fb9c4e4728e943753c353b4b31cbc745d60096e28fee4944c10f3d4a6685ad977294119d16
+  metadata.gz: e1016672adc6e043a2896ff1e78304f244d8f9ca7af64f8d85164e19c938916e0792df984f6c26d63d364ee03da385078d045235d42d4900704c19bec465bd25
+  data.tar.gz: 894d6fd605277f8608296b3ff0afc2f9510e8e4a6b57dde9ed5cf740d4adaf3114e89a2efd54c734792382036b1a32417bb5bb496c126fe61a47a3e88d87ea18

data/CHANGELOG.md

@@ -1,7 +1,61 @@
 # Change Log
 
-## [0.31.0](https://github.com/chef/inspec/tree/0.31.0) (2016-08-19)
-[Full Changelog](https://github.com/chef/inspec/compare/v0.30.0...0.31.0)
+## [0.32.0](https://github.com/chef/inspec/tree/0.32.0) (2016-08-26)
+[Full Changelog](https://github.com/chef/inspec/compare/v0.31.0...0.32.0)
+
+**Implemented enhancements:**
+
+- Provide SSL InSpec with full demo [\#903](https://github.com/chef/inspec/issues/903)
+- improve package resource on windows [\#86](https://github.com/chef/inspec/issues/86)
+- can check windows service startup mode now [\#968](https://github.com/chef/inspec/pull/968) ([Anirudh-Gupta](https://github.com/Anirudh-Gupta))
+- Resolved an issue checking ports on windows [\#962](https://github.com/chef/inspec/pull/962) ([chris-rock](https://github.com/chris-rock))
+
+**Fixed bugs:**
+
+- Grouping multiple `it` blocks in one `describe` blocks ruins console output during test runs [\#918](https://github.com/chef/inspec/issues/918)
+- Windows default path format causes errors with inspec check [\#672](https://github.com/chef/inspec/issues/672)
+- bugfix windows forward slashes handling [\#963](https://github.com/chef/inspec/pull/963) ([chris-rock](https://github.com/chris-rock))
+- Fix command evaluation for inspec shell -c [\#943](https://github.com/chef/inspec/pull/943) ([ksubrama](https://github.com/ksubrama))
+
+**Closed issues:**
+
+- Support sid for user resource [\#960](https://github.com/chef/inspec/issues/960)
+- Create and load Lockfiles for dependencies [\#950](https://github.com/chef/inspec/issues/950)
+- Implement test cases for inspec shell [\#942](https://github.com/chef/inspec/issues/942)
+- Transitive dependency loading [\#915](https://github.com/chef/inspec/issues/915)
+- Document InSpec OR features [\#853](https://github.com/chef/inspec/issues/853)
+- Document ini resource [\#848](https://github.com/chef/inspec/issues/848)
+- Document special service resources [\#495](https://github.com/chef/inspec/issues/495)
+
+**Merged pull requests:**
+
+- Reformat service resource docs for discoverability [\#986](https://github.com/chef/inspec/pull/986) ([stevendanna](https://github.com/stevendanna))
+- Generate documentation for the `vendor` command [\#985](https://github.com/chef/inspec/pull/985) ([stevendanna](https://github.com/stevendanna))
+- suport for ruby 2.2.2 [\#983](https://github.com/chef/inspec/pull/983) ([chris-rock](https://github.com/chris-rock))
+- Add windows user SID as 'UID' in user resource. Fix \#960 [\#982](https://github.com/chef/inspec/pull/982) ([ksubrama](https://github.com/ksubrama))
+- document ini resource [\#981](https://github.com/chef/inspec/pull/981) ([vjeffrey](https://github.com/vjeffrey))
+- Upgrade FFI to Ruby 2.3 issues on windows [\#980](https://github.com/chef/inspec/pull/980) ([ksubrama](https://github.com/ksubrama))
+- move train connection out of loop for command\_simulator [\#979](https://github.com/chef/inspec/pull/979) ([vjeffrey](https://github.com/vjeffrey))
+- Update port.rb Documentation [\#978](https://github.com/chef/inspec/pull/978) ([nvtkaszpir](https://github.com/nvtkaszpir))
+- first pass at collecting command output for demo [\#977](https://github.com/chef/inspec/pull/977) ([vjeffrey](https://github.com/vjeffrey))
+- Fix `rake` to work again [\#976](https://github.com/chef/inspec/pull/976) ([jkeiser](https://github.com/jkeiser))
+- Fix `bundle install` on Ruby 2.1.9 [\#975](https://github.com/chef/inspec/pull/975) ([jkeiser](https://github.com/jkeiser))
+- Initial control isolation support [\#973](https://github.com/chef/inspec/pull/973) ([stevendanna](https://github.com/stevendanna))
+- Allow JSON 2.x [\#972](https://github.com/chef/inspec/pull/972) ([chris-rock](https://github.com/chris-rock))
+- Add Ruby 2.3 to the test matrix, make it the primary test for most suites [\#971](https://github.com/chef/inspec/pull/971) ([jkeiser](https://github.com/jkeiser))
+- Speed up windows package lookup [\#970](https://github.com/chef/inspec/pull/970) ([ksubrama](https://github.com/ksubrama))
+- Expand relative paths based on profile location [\#965](https://github.com/chef/inspec/pull/965) ([stevendanna](https://github.com/stevendanna))
+- restructure test suites in travis [\#964](https://github.com/chef/inspec/pull/964) ([chris-rock](https://github.com/chris-rock))
+- Replace Molinillo-based resolver [\#961](https://github.com/chef/inspec/pull/961) ([stevendanna](https://github.com/stevendanna))
+- Add prototype of inspec.lock [\#949](https://github.com/chef/inspec/pull/949) ([stevendanna](https://github.com/stevendanna))
+- document OR feature [\#947](https://github.com/chef/inspec/pull/947) ([vjeffrey](https://github.com/vjeffrey))
+- print controls, then tests; print header of describe, then individual test results [\#946](https://github.com/chef/inspec/pull/946) ([vjeffrey](https://github.com/vjeffrey))
+- Add darwin helper [\#945](https://github.com/chef/inspec/pull/945) ([tas50](https://github.com/tas50))
+- Update platforms in the docs to match the code [\#944](https://github.com/chef/inspec/pull/944) ([tas50](https://github.com/tas50))
+- Add integration tests for file owner on windows [\#923](https://github.com/chef/inspec/pull/923) ([chris-rock](https://github.com/chris-rock))
+
+## [v0.31.0](https://github.com/chef/inspec/tree/v0.31.0) (2016-08-19)
+[Full Changelog](https://github.com/chef/inspec/compare/v0.30.0...v0.31.0)
 
 **Implemented enhancements:**
 

data/Gemfile

@@ -8,8 +8,12 @@ if Gem::Version.new(RUBY_VERSION) <= Gem::Version.new('1.9.3')
   gem 'net-ssh', '~> 2.9'
 end
 
-# TODO: ffi 1.9.11 is currently erroneous on windows tests
-gem 'ffi', '= 1.9.10'
+if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.2.2')
+  gem 'json', '~> 1.8'
+  gem 'rack', '< 2.0'
+end
+
+gem 'ffi', '>= 1.9.14'
 
 group :test do
   gem 'bundler', '~> 1.5'

data/MAINTAINERS.md

@@ -8,7 +8,7 @@ This file lists how the InSpec project is maintained. When making changes to the
 system, this file tells you who needs to review your patch - you need at least
 two maintainers to provide a :+1: on your pull request. Additionally, you need
 to not receive a veto from a Lieutenant or the Project Lead.
-Check out [How Chef is Maintained](https://github.com/opscode/chef-rfc/blob/master/rfc030-maintenance-policy.md#how-the-project-is-maintained)
+Check out [How Chef is Maintained](https://github.com/chef/chef-rfc/blob/master/rfc030-maintenance-policy.md#how-the-project-is-maintained)
 for details on the process, how to become a maintainer, lieutenant, or the
 project lead.
 
@@ -18,6 +18,8 @@ project lead.
 
   Handles the [InSpec](https://github.com/chef/inspec) toolset.
 
+To mention the team, use @chef/inspec-maintainers
+
 ### Lieutenant
 
 * [Dominik Richter](https://github.com/arlimus)

data/MAINTAINERS.toml

@@ -5,7 +5,7 @@ This file lists how the InSpec project is maintained. When making changes to the
 system, this file tells you who needs to review your patch - you need at least
 two maintainers to provide a :+1: on your pull request. Additionally, you need
 to not receive a veto from a Lieutenant or the Project Lead.
-Check out [How Chef is Maintained](https://github.com/opscode/chef-rfc/blob/master/rfc030-maintenance-policy.md#how-the-project-is-maintained)
+Check out [How Chef is Maintained](https://github.com/chef/chef-rfc/blob/master/rfc030-maintenance-policy.md#how-the-project-is-maintained)
 for details on the process, how to become a maintainer, lieutenant, or the
 project lead.
 """

data/README.md

@@ -170,6 +170,25 @@ Also have a look at our examples for:
 - [Using InSpec with Test Kitchen & Ansible](https://github.com/chef/inspec/tree/master/examples/kitchen-ansible)
 - [Implementing an InSpec profile](https://github.com/chef/inspec/tree/master/examples/profile)
 
+## Or tests: Testing for a OR b
+
+* Using describe.one, you can test for a or b.  The control will be marked as passing if EITHER condition is met.
+
+```ruby
+control 'or-test' do
+  impact 1.0
+  title 'This is a OR test'
+  describe.one do
+    describe ssh_config do
+      its('Protocol') { should eq('3') }
+    end
+    describe ssh_config do
+      its('Protocol') { should eq('2') }
+    end
+  end
+end
+```
+
 ## Command Line Usage
 
 ### exec
@@ -231,7 +250,7 @@ OpenSUSE | 13.1/13.2/42.1 | x86_64
 OmniOS | | x86_64
 Gentoo Linux | | x86_64
 Arch Linux | | x86_64
-HP-UX | 11.31 | ia64 
+HP-UX | 11.31 | ia64
 
 * For Windows 2008 and 2008 R2 an updated Powershell (Windows Management Framework 5.0) is required.
 

data/Rakefile

@@ -17,6 +17,13 @@ end
 desc 'Run robocop linter'
 task lint: [:rubocop]
 
+# update command output for demo
+desc 'Run inspec commands and save results to www/app/responses'
+task :update_demo do
+  commands = 'tasks/command_simulator.rb'
+  ruby commands
+end
+
 # run tests
 task default: [:test, :lint]
 
@@ -145,6 +152,7 @@ task :bump_version, [:version] do |_, args|
   check_update_requirements
   inspec_version(v)
   Rake::Task['changelog'].invoke
+  Rake::Task['docs:cli'].invoke
 end
 
 desc 'Release a new docker image'

data/docs/cli.rst

@@ -63,7 +63,7 @@ Options
 This subcommand has additional options:
 
 ``--format=FORMAT``
-
+   
 
 ``--profiles-path=PROFILES_PATH``
    Folder which contains referenced profiles.
@@ -109,7 +109,7 @@ This subcommand has additional options:
    Choose a backend: local, ssh, winrm, docker.
 
 ``--format=FORMAT``
-
+   
 
 ``--host=HOST``
    Specify a remote host which is tested.
@@ -408,6 +408,22 @@ This subcommand has the following syntax:
 
 
 
+vendor
+=====================================================
+
+Download all dependencies and generate a lockfile
+
+Syntax
+-----------------------------------------------------
+
+This subcommand has the following syntax:
+
+.. code-block:: bash
+
+   $ inspec vendor
+
+
+
 version
 =====================================================
 

data/docs/resources.rst

@@ -23,6 +23,7 @@ The following InSpec audit resources are available:
 * `host`_
 * `iis_site`_
 * `inetd_conf`_
+* `ini`_
 * `interface`_
 * `iptables`_
 * `kernel_module`_
@@ -1999,6 +2000,48 @@ then the same test will return ``false`` for ``ftp`` and the entire test will fa
    end
 
 
+ini
+=====================================================
+Use the ``ini`` |inspec resource| to test data in a INI file.
+
+**Stability: Stable**
+
+Syntax
+-----------------------------------------------------
+An ``ini`` |inspec resource| block declares the content of the ``ini`` file:
+
+.. code-block:: ruby
+
+   describe ini('path/to/ini_file.ini') do
+     its('auth_protocol') { should eq 'https' }
+   end
+
+where
+
+* ``'auth_protocol'`` is a key in the ``ini`` file
+* ``('https')`` is the expected value associated with the above key in the ``ini`` file
+
+Matchers
+-----------------------------------------------------
+This |inspec resource| matches any content in the ``ini`` file:
+
+.. code-block:: ruby
+
+   its('port') { should eq '143' }
+
+Examples
+-----------------------------------------------------
+The following examples show how to use this InSpec audit resource.
+
+For example:
+
+.. code-block:: ruby
+
+   describe ini('path/to/ini_file.ini') do
+     its('port') { should eq '143' }
+     its('server') { should eq '192.0.2.62' }
+   end
+
 
 interface
 =====================================================
@@ -2854,7 +2897,7 @@ A ``os`` |inspec resource| block declares the platform to be tested:
 
 where
 
-* ``'platform'`` is one of ``bsd``, ``debian``, ``linux``, ``redhat``, ``solaris``, ``suse``,  ``unix``, or ``windows``
+* ``'family'`` is one of ``aix``, ``bsd``, ``debian``, ``hpux``, ``linux``, ``redhat``, ``solaris``, ``suse``,  ``unix``, or ``windows``
 
 
 Matchers
@@ -4194,8 +4237,17 @@ Under some circumstances, it may be required to override the logic in place to s
     it { should be_running }
   end
 
-This is also possible with `systemd_service`, `runit_service`, `sysv_service`, `bsd_service`, and `launchd_service`.
-You can also provide the control command, for when it is not to be found at the default location.
+The following service-manager-specific resources are available:
+
+* ``systemd_service``,
+* ``runit_service``,
+* ``sysv_service``,
+* ``bsd_service``, and
+* ``launchd_service``.
+
+These resources support the same matchers as the `service` resource.
+
+You can also provide the path to the service manager's control tool. This is useful in cases when it isn't available in the current `PATH`.
 For example, if your `sv` command for services managed by Runit is not in PATH:
 
 .. code-block:: ruby

data/inspec.gemspec

@@ -26,7 +26,7 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency 'train', '>=0.16.0', '<1.0'
   spec.add_dependency 'thor', '~> 0.19'
-  spec.add_dependency 'json', '~> 1.8'
+  spec.add_dependency 'json', '>= 1.8', '< 3.0'
   spec.add_dependency 'rainbow', '~> 2'
   spec.add_dependency 'method_source', '~> 0.8'
   spec.add_dependency 'rubyzip', '~> 1.1'
@@ -34,6 +34,6 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'rspec-its', '~> 1.2'
   spec.add_dependency 'pry', '~> 0'
   spec.add_dependency 'hashie', '~> 3.4'
-  spec.add_dependency 'molinillo', '~> 0'
+  spec.add_dependency 'mixlib-log'
   spec.add_dependency 'sslshake', '~> 1'
 end

data/lib/bundles/inspec-supermarket/api.rb

@@ -1,4 +1,5 @@
 # encoding: utf-8
+# frozen_string_literal: true
 # author: Christoph Hartmann
 # author: Dominik Richter
 

data/lib/fetchers/local.rb

@@ -10,7 +10,17 @@ module Fetchers
     attr_reader :files
 
     def self.resolve(target)
-      unless target.is_a?(String) && File.exist?(target)
+      return nil unless target.is_a?(String)
+
+      # Support "urls" in the form of file://
+      if target.start_with?('file://')
+        target = target.gsub(%r{^file://}, '')
+      else
+        # support for windows paths
+        target = target.tr('\\', '/')
+      end
+
+      if !File.exist?(target)
         nil
       else
         new(target)
@@ -18,6 +28,7 @@ module Fetchers
     end
 
     def initialize(target)
+      @target = target
       if File.file?(target)
         @files = [target]
       else

data/lib/fetchers/tar.rb

@@ -19,6 +19,10 @@ module Fetchers
       new(target)
     end
 
+    def archive_path
+      target
+    end
+
     def initialize(target)
       @target = target
       @contents = {}

data/lib/fetchers/url.rb

@@ -102,5 +102,9 @@ module Fetchers
       @target = url
       @archive = self.class.download_archive(url, opts)
     end
+
+    def archive_path
+      @archive.path
+    end
   end
 end

data/lib/inspec/base_cli.rb

@@ -3,6 +3,7 @@
 # author: Dominik Richter
 
 require 'thor'
+require 'inspec/log'
 
 module Inspec
   class BaseCLI < Thor # rubocop:disable Metrics/ClassLength
@@ -128,6 +129,22 @@ module Inspec
     end
 
     def configure_logger(o)
+      #
+      # TODO(ssd): This is a big gross, but this configures the
+      # logging singleton Inspec::Log. Eventually it would be nice to
+      # move internal debug logging to use this logging singleton.
+      #
+      loc = if o.log_location
+              o.log_location
+            elsif %w{json json-min}.include?(o['format'])
+              STDERR
+            else
+              STDOUT
+            end
+
+      Inspec::Log.init(loc)
+      Inspec::Log.level = get_log_level(o.log_level)
+
       o[:logger] = Logger.new(STDOUT)
       # output json if we have activated the json formatter
       if opts['log-format'] == 'json'

data/lib/inspec/cli.rb

@@ -15,6 +15,12 @@ require 'inspec/runner_mock'
 require 'inspec/env_printer'
 
 class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
+  class_option :log_level, aliases: :l, type: :string,
+               desc: 'Set the log level: info (default), debug, warn, error'
+
+  class_option :log_location, type: :string,
+               desc: 'Location to send diagnostic log messages to. (default: STDOUT or STDERR)'
+
   class_option :diagnose, type: :boolean,
     desc: 'Show diagnostics (versions, configurations)'
 
@@ -93,6 +99,14 @@ class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
     exit 1 unless result[:summary][:valid]
   end
 
+  desc 'vendor', 'Download all dependencies and generate a lockfile'
+  def vendor(path = nil)
+    configure_logger(opts)
+    profile = Inspec::Profile.for_target('./', opts)
+    lockfile = profile.generate_lockfile(path)
+    File.write('inspec.lock', lockfile.to_yaml)
+  end
+
   desc 'archive PATH', 'archive a profile to tar.gz (default) or zip'
   profile_options
   option :output, aliases: :o, type: :string,
@@ -128,6 +142,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
   exec_options
   def exec(*targets)
     diagnose
+    configure_logger(opts)
     o = opts.dup
 
     # run tests
@@ -140,7 +155,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
   def detect
     o = opts.dup
     o[:command] = 'os.params'
-    res = run_command(o)
+    (_, res) = run_command(o)
     if opts['format'] == 'json'
       puts res.to_json
     else
@@ -162,22 +177,23 @@ class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
     diagnose
     o = opts.dup
 
-    log_device = opts['format'] == 'json' ? nil : STDOUT
+    json_output = ['json', 'json-min'].include?(opts['format'])
+    log_device = json_output ? nil : STDOUT
     o[:logger] = Logger.new(log_device)
     o[:logger].level = get_log_level(o.log_level)
 
     if o[:command].nil?
       runner = Inspec::Runner.new(o)
       return Inspec::Shell.new(runner).start
-    else
-      res = run_command(o)
-      if opts['format'] == 'json'
-        jres = res.respond_to?(:to_json) ? res.to_json : JSON.dump(res)
-        puts jres
-      else
-        puts res
-      end
     end
+
+    run_type, res = run_command(o)
+    exit res unless run_type == :ruby_eval
+
+    # No InSpec tests - just print evaluation output.
+    res = (res.respond_to?(:to_json) ? res.to_json : JSON.dump(res)) if json_output
+    puts res
+    exit 0
   rescue RuntimeError, Train::UserError => e
     $stderr.puts e.message
   end
@@ -196,9 +212,14 @@ class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
   private
 
   def run_command(opts)
-    opts[:test_collector] = Inspec::RunnerMock.new
     runner = Inspec::Runner.new(opts)
-    runner.create_context.load(opts[:command])
+    ctx = runner.create_context(opts)
+    res = ctx.load(opts[:command])
+
+    return :ruby_eval, res if ctx.rules.empty?
+
+    runner.register_rules(ctx)
+    return :rspec_run, runner.run # rubocop:disable Style/RedundantReturn
   end
 end