inspec 0.9.10 → 0.9.11

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b17924e97ef5192aed108798a10ef8b52d7c0538
-  data.tar.gz: 8c5ceda400de6c4eccd79d357219787f001e5b7d
+  metadata.gz: e40124a353cedb38fd6e7001427ff08a9c59b37d
+  data.tar.gz: c33891f1b7231567094c9dc6d591ec6dd25d503a
 SHA512:
-  metadata.gz: c76421ff13a91f6dded0fbf9ab4fda7f2d9a49b4eef102857d8c9e37b49c22d2536d2dc5810edf10f4e554d256e98ed6255ba01bbe244571a3902c3575d73b04
-  data.tar.gz: 55b9fbd3e7219024401e032a2a8fe3e63b407ae5e6eadb19e7b8d7684d265678dcbce1d4c7a51f72a536fa371dad72da4de2b6c2a9c5b686606abcd8d1392297
+  metadata.gz: 8d939386ab50b105518ff5ea8e7cfa9a8f7b8694a7db1c826afeb4ab647557449a28feb7d0538d6d7a119a9e5ee5a887cc4ff36956e10390a9fbeeea5eb0b071
+  data.tar.gz: 376392d507ea741960e619ebaaf704d775ca58f107702ffbe3f7f4742643bbeba6593245fd9fe4af7bebc462e4eced66713a2976341c2bd59a7a4ebc33878fe6

data/CHANGELOG.md

@@ -1,7 +1,26 @@
 # Change Log
 
-## [0.9.10](https://github.com/chef/inspec/tree/0.9.10) (2016-01-25)
-[Full Changelog](https://github.com/chef/inspec/compare/v0.9.9...0.9.10)
+## [0.9.11](https://github.com/chef/inspec/tree/0.9.11) (2016-01-29)
+[Full Changelog](https://github.com/chef/inspec/compare/v0.9.10...0.9.11)
+
+**Implemented enhancements:**
+
+- ec2 integration test [\#399](https://github.com/chef/inspec/pull/399) ([chris-rock](https://github.com/chris-rock))
+- add  winrm transport to Gemfile for test-kitchen [\#396](https://github.com/chef/inspec/pull/396) ([chris-rock](https://github.com/chris-rock))
+- Solaris Support [\#395](https://github.com/chef/inspec/pull/395) ([chris-rock](https://github.com/chris-rock))
+
+**Fixed bugs:**
+
+- Logging in profile processing [\#349](https://github.com/chef/inspec/issues/349)
+- runit\_service: fix resource, improve integration tests [\#401](https://github.com/chef/inspec/pull/401) ([srenatus](https://github.com/srenatus))
+- basic logging setup for `inspec exec` [\#392](https://github.com/chef/inspec/pull/392) ([srenatus](https://github.com/srenatus))
+
+**Merged pull requests:**
+
+- Readme fixes [\#390](https://github.com/chef/inspec/pull/390) ([jzohrab](https://github.com/jzohrab))
+
+## [v0.9.10](https://github.com/chef/inspec/tree/v0.9.10) (2016-01-25)
+[Full Changelog](https://github.com/chef/inspec/compare/v0.9.9...v0.9.10)
 
 **Implemented enhancements:**
 
@@ -29,6 +48,7 @@
 
 **Merged pull requests:**
 
+- 0.9.10 [\#391](https://github.com/chef/inspec/pull/391) ([chris-rock](https://github.com/chris-rock))
 - Enable appveyor for unit tests on Windows [\#361](https://github.com/chef/inspec/pull/361) ([chris-rock](https://github.com/chris-rock))
 
 ## [v0.9.9](https://github.com/chef/inspec/tree/v0.9.9) (2016-01-16)

data/Gemfile

@@ -16,6 +16,7 @@ group :integration do
   gem 'test-kitchen'
   gem 'kitchen-vagrant'
   gem 'kitchen-inspec'
+  gem 'winrm-transport', '~> 1.0'
   gem 'kitchen-ec2'
 end
 

data/README.md

@@ -230,7 +230,8 @@ bundle exec kitchen test
 ```bash
 export AWS_ACCESS_KEY_ID=enteryouryourkey
 export AWS_SECRET_ACCESS_KEY=enteryoursecreykey
-export AWS_SSH_KEY_ID=enteryoursshkeyid
+export AWS_KEYPAIR_NAME=enteryoursshkeyid
+export EC2_SSH_KEY_PATH=~/.ssh/id_aws.pem
 cd test/integration
 KITCHEN_LOCAL_YAML=.kitchen.ec2.yml bundle exec kitchen test
 ```

data/bin/inspec

@@ -107,7 +107,10 @@ class InspecCLI < Thor # rubocop:disable Metrics/ClassLength
   def exec(*tests)
     diagnose
 
-    runner = Inspec::Runner.new(opts)
+    o = opts.dup
+    o[:logger] = Logger.new(opts['format'] == 'json' ? nil : STDOUT)
+
+    runner = Inspec::Runner.new(o)
     runner.add_tests(tests)
     exit runner.run
   rescue RuntimeError => e

data/docs/dsl_resource.rst

@@ -60,7 +60,7 @@ The following example shows a full resource using attributes and methods to prov
     '
 
     # Load the configuration file on initialization
-    def initialiaze(path = nil)
+    def initialize(path = nil)
       @path = path || '/etc/gordon.conf'
       @params = SimpleConfig.new( read_content )
     end
@@ -87,4 +87,4 @@ The following example shows a full resource using attributes and methods to prov
 
 For a full example, see our `example resource`_.
 
-.. _example resource: ../examples/profile
+.. _example resource: ../examples/profile/libraries/gordon_config.rb

data/docs/profiles.rst

@@ -91,9 +91,11 @@ This list can contain simple names, names and versions, or detailed flags for th
 InSpec profile verification
 -----------------------------------------------------
 
-InSpec ships with a verification command that verifies the implementation of a profile
+InSpec ships with a verification command that verifies the implementation of a profile:
 
-$ inspec check examples/profile
+.. code-block:: bash
+
+  $ inspec check examples/profile
 
 
 InSpec profile archive
@@ -144,7 +146,7 @@ The `include_controls` keyword allows you to import all rules from an existing p
 
 **Inherit from a profile, but skip some rules**
 
-Sometimes, not all requirements can be fullfiled for a legacy application. To manage the derivation, you can skip certain controls with `skip_control`.
+Sometimes, not all requirements can be fulfilled for a legacy application. To manage the derivation, you can skip certain controls with `skip_control`.
 
 .. code-block:: bash
 

data/examples/profile/README.md

@@ -1,6 +1,6 @@
 # Example InSpec Profile
 
-This example shows the implementation of a InSpec profile.
+This example shows the implementation of an InSpec [profile](../../docs/profiles.rst).
 
 ## Verify a profile
 

data/inspec.gemspec

@@ -24,7 +24,7 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ['lib']
 
-  spec.add_dependency 'r-train', '~> 0.9', '>= 0.9.3'
+  spec.add_dependency 'r-train', '~> 0.9', '>= 0.9.6'
   spec.add_dependency 'thor', '~> 0.19'
   spec.add_dependency 'json', '~> 1.8'
   spec.add_dependency 'rainbow', '~> 2'

data/lib/inspec/version.rb

@@ -3,5 +3,5 @@
 # author: Christoph Hartmann
 
 module Inspec
-  VERSION = '0.9.10'.freeze
+  VERSION = '0.9.11'.freeze
 end

data/lib/resources/etc_group.rb

@@ -45,7 +45,7 @@ class EtcGroup < Inspec.resource(1)
 
     # skip resource if it is not supported on current OS
     return skip_resource 'The `etc_group` resource is not supported on your OS.' \
-    unless %w{ubuntu debian redhat fedora centos arch darwin freebsd wrlinux aix}.include?(inspec.os[:family])
+    unless inspec.os.unix?
   end
 
   def groups(filter = nil)

data/lib/resources/file.rb

@@ -110,7 +110,7 @@ module Inspec::Resources
     def check_file_permission_by_user(user, flag)
       if linux?
         perm_cmd = "su -s /bin/sh -c \"test -#{flag} #{path}\" #{user}"
-      elsif family == 'freebsd'
+      elsif family == 'freebsd' || solaris?
         perm_cmd = "sudo -u #{user} test -#{flag} #{path}"
       elsif family == 'aix'
         perm_cmd = "su #{user} -c test -#{flag} #{path}"
@@ -140,6 +140,10 @@ module Inspec::Resources
       inspec.os.linux?
     end
 
+    def solaris?
+      inspec.os.solaris?
+    end
+
     def family
       inspec.os[:family]
     end

data/lib/resources/package.rb

@@ -18,26 +18,28 @@ class Package < Inspec.resource(1)
     end
   "
 
-  def initialize(package_name = nil)
+  def initialize(package_name = nil) # rubocop:disable Metrics/AbcSize
     @package_name = package_name
     @name = @package_name
     @cache = nil
-
     # select package manager
     @pkgman = nil
-    case inspec.os[:family]
-    when 'ubuntu', 'debian'
+
+    os = inspec.os
+    if os.debian?
       @pkgman = Deb.new(inspec)
-    when 'redhat', 'fedora', 'centos', 'opensuse', 'wrlinux'
+    elsif os.redhat? || os.suse?
       @pkgman = Rpm.new(inspec)
-    when 'arch'
+    elsif ['arch'].include?(os[:family])
       @pkgman = Pacman.new(inspec)
-    when 'darwin'
+    elsif ['darwin'].include?(os[:family])
       @pkgman = Brew.new(inspec)
-    when 'windows'
+    elsif inspec.os.windows?
       @pkgman = WindowsPkg.new(inspec)
-    when 'aix'
+    elsif ['aix'].include?(os[:family])
       @pkgman = BffPkg.new(inspec)
+    elsif os.solaris?
+      @pkgman = SolarisPkg.new(inspec)
     else
       return skip_resource 'The `package` resource is not supported on your OS yet.'
     end
@@ -204,3 +206,55 @@ class BffPkg < PkgManagement
     }
   end
 end
+
+# Solaris
+class SolarisPkg < PkgManagement
+  def info(package_name)
+    if inspec.os[:release].to_i <= 10
+      solaris10_info(package_name)
+    else
+      solaris11_info(package_name)
+    end
+  end
+
+  # solaris 10
+  def solaris10_info(package_name)
+    cmd = inspec.command("pkginfo -l #{package_name}")
+    return nil if cmd.exit_status.to_i != 0
+
+    params = SimpleConfig.new(
+      cmd.stdout.chomp,
+      assignment_re: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
+      multiple_values: false,
+    ).params
+
+    # parse 11.10.0,REV=2006.05.18.01.46
+    v = params['VERSION'].split(',')
+    {
+      name: params['PKGINST'],
+      installed: true,
+      version: v[0] + '-' + v[1].split('=')[1],
+      type: 'pkg',
+    }
+  end
+
+  # solaris 11
+  def solaris11_info(package_name)
+    cmd = inspec.command("pkg info #{package_name}")
+    return nil if cmd.exit_status.to_i != 0
+
+    params = SimpleConfig.new(
+      cmd.stdout.chomp,
+      assignment_re: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
+      multiple_values: false,
+    ).params
+
+    {
+      name: params['Name'],
+      installed: true,
+      # 0.5.11-0.175.3.1.0.5.0
+      version: "#{params['Version']}-#{params['Branch']}",
+      type: 'pkg',
+    }
+  end
+end

data/lib/resources/port.rb

@@ -2,6 +2,8 @@
 # author: Christoph Hartmann
 # author: Dominik Richter
 
+require 'utils/parser'
+
 # Usage:
 # describe port(80) do
 #   it { should be_listening }
@@ -30,19 +32,20 @@ class Port < Inspec.resource(1)
     @port = port
     @port_manager = nil
     @cache = nil
-
-    case inspec.os[:family]
-    when 'ubuntu', 'debian', 'redhat', 'fedora', 'centos', 'arch', 'wrlinux'
+    os = inspec.os
+    if os.linux?
       @port_manager = LinuxPorts.new(inspec)
-    when 'darwin', 'aix'
+    elsif %w{darwin aix}.include?(os[:family])
       # AIX: see http://www.ibm.com/developerworks/aix/library/au-lsof.html#resources
       #      and https://www-01.ibm.com/marketing/iwm/iwm/web/reg/pick.do?source=aixbp
       # Darwin: https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man8/lsof.8.html
       @port_manager = LsofPorts.new(inspec)
-    when 'windows'
+    elsif os.windows?
       @port_manager = WindowsPorts.new(inspec)
-    when 'freebsd'
+    elsif ['freebsd'].include?(os[:family])
       @port_manager = FreeBsdPorts.new(inspec)
+    elsif os.solaris?
+      @port_manager = SolarisPorts.new(inspec)
     else
       return skip_resource 'The `port` resource is not supported on your OS yet.'
     end
@@ -332,7 +335,7 @@ class FreeBsdPorts < PortsInfo
 
   def parse_net_address(net_addr, protocol)
     case protocol
-    when 'tcp4', 'udp4'
+    when 'tcp4', 'udp4', 'tcp', 'udp'
       # replace * with 0.0.0.0
       net_addr = net_addr.gsub(/^\*:/, '0.0.0.0:') if net_addr =~ /^*:(\d+)$/
       ip_addr = URI('addr://'+net_addr)
@@ -387,3 +390,40 @@ class FreeBsdPorts < PortsInfo
     }
   end
 end
+
+class SolarisPorts < FreeBsdPorts
+  include SolarisNetstatParser
+
+  def info
+    # extract all port info
+    cmd = inspec.command('netstat -an -f inet -f inet6')
+    return nil if cmd.exit_status.to_i != 0
+
+    # parse the content
+    netstat_ports = parse_netstat(cmd.stdout)
+
+    # filter all ports, where we listen
+    listen = netstat_ports.select { |val|
+      !val['state'].nil? && 'listen'.casecmp(val['state']) == 0
+    }
+
+    # map the data
+    ports = listen.map { |val|
+      protocol = val['protocol']
+      local_addr = val['local-address']
+
+      # solaris uses 127.0.0.1.57455 instead 127.0.0.1:57455, lets convert the
+      # the last . to :
+      local_addr[local_addr.rindex('.')] = ':'
+      host, port = parse_net_address(local_addr, protocol)
+      {
+        port: port,
+        address: host,
+        protocol: protocol,
+        process: nil, # we do not have pid on solaris
+        pid: nil, # we do not have pid on solaris
+      }
+    }
+    ports
+  end
+end

data/lib/resources/service.rb

@@ -44,9 +44,9 @@ class Service < Inspec.resource(1)
   end
 
   def select_service_mgmt # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
-    family = inspec.os[:family]
+    os = inspec.os
+    family = os[:family]
 
-    case family
     # Ubuntu
     # @see: https://wiki.ubuntu.com/SystemdForUpstartUsers
     # Ubuntu 15.04 : Systemd
@@ -55,39 +55,41 @@ class Service < Inspec.resource(1)
     # Ubuntu < 15.04 : Upstart
     # Upstart runs with PID 1 as /sbin/init.
     # Systemd runs with PID 1 as /lib/systemd/systemd.
-    when 'ubuntu'
+    if %w{ubuntu}.include?(family)
       version = inspec.os[:release].to_f
       if version < 15.04
         Upstart.new(inspec, service_ctl)
       else
         Systemd.new(inspec, service_ctl)
       end
-    when 'debian'
+    elsif %w{debian}.include?(family)
       version = inspec.os[:release].to_i
       if version > 7
         Systemd.new(inspec, service_ctl)
       else
         SysV.new(inspec, service_ctl || '/usr/sbin/service')
       end
-    when 'redhat', 'fedora', 'centos'
+    elsif %w{redhat fedora centos}.include?(family)
       version = inspec.os[:release].to_i
       if (%w{ redhat centos }.include?(family) && version >= 7) || (family == 'fedora' && version >= 15)
         Systemd.new(inspec, service_ctl)
       else
         SysV.new(inspec, service_ctl || '/sbin/service')
       end
-    when 'wrlinux'
+    elsif %w{wrlinux}.include?(family)
       SysV.new(inspec, service_ctl)
-    when 'darwin'
+    elsif %w{darwin}.include?(family)
       LaunchCtl.new(inspec, service_ctl)
-    when 'windows'
+    elsif os.windows?
       WindowsSrv.new(inspec)
-    when 'freebsd'
+    elsif %w{freebsd}.include?(family)
       BSDInit.new(inspec, service_ctl)
-    when 'arch', 'opensuse'
+    elsif %w{arch opensuse}.include?(family)
       Systemd.new(inspec, service_ctl)
-    when 'aix'
+    elsif %w{aix}.include?(family)
       SrcMstr.new(inspec)
+    elsif os.solaris?
+      Svcs.new(inspec)
     end
   end
 
@@ -185,6 +187,8 @@ class SrcMstr < ServiceManager
     }
   end
 
+  private
+
   def status?
     status_cmd = inspec.command("lssrc -s #{@name}")
     return nil if status_cmd.exit_status.to_i != 0
@@ -195,8 +199,6 @@ class SrcMstr < ServiceManager
     enabled_rc_tcpip? || enabled_inittab?
   end
 
-  private
-
   # #rubocop:disable Style/TrailingComma
   def enabled_rc_tcpip?
     inspec.command(
@@ -349,14 +351,15 @@ class Runit < ServiceManager
     super
   end
 
+  # rubocop:disable Style/DoubleNegation
   def info(service_name)
     # get the status of runit service
     cmd = inspec.command("#{service_ctl} status #{service_name}")
     # return nil unless cmd.exit_status == 0 # NOTE(sr) why do we do this?
 
     installed = cmd.exit_status == 0
-    running = installed && (cmd.stdout =~ /^run:/)
-    enabled = installed && (running || (cmd.stdout =~ /normally up/) || (cmd.stdout =~ /want up/))
+    running = installed && !!(cmd.stdout =~ /^run:/)
+    enabled = installed && (running || !!(cmd.stdout =~ /normally up/) || !!(cmd.stdout =~ /want up/))
 
     {
       name: service_name,
@@ -480,6 +483,41 @@ class WindowsSrv < ServiceManager
   end
 end
 
+# Solaris services
+class Svcs < ServiceManager
+  def initialize(service_name, service_ctl = nil)
+    @service_ctl ||= 'svcs'
+    super
+  end
+
+  def info(service_name)
+    # get the status of runit service
+    cmd = inspec.command("#{service_ctl} -l #{service_name}")
+    return nil if cmd.exit_status != 0
+
+    params = SimpleConfig.new(
+      cmd.stdout.chomp,
+      assignment_re: /^(\w+)\s*(.*)$/,
+      multiple_values: false,
+    ).params
+
+    installed = cmd.exit_status == 0
+    running = installed && (params['state'] == 'online')
+    enabled = installed && (params['enabled'] == 'true')
+
+    {
+      name: service_name,
+      description: params['name'],
+      installed: installed,
+      running: running,
+      enabled: enabled,
+      type: 'svcs',
+    }
+  end
+end
+
+# specific resources for specific service managers
+
 class SystemdService < Service
   name 'systemd_service'
   desc 'Use the systemd_service InSpec audit resource to test if the named service (controlled by systemd) is installed, running and/or enabled.'