inspec 1.22.0 → 1.23.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 474a314003f5f557da8d77561757a2083f6cda14
-  data.tar.gz: a3d427af33967690bee737f8ea3fe6ebc3205fbf
+  metadata.gz: 1e8390da8233b1e2b9fe3386b5487a3b947858be
+  data.tar.gz: 6603d92295c8e8826a9035a4ac71ab6c5ffcc2e6
 SHA512:
-  metadata.gz: 5f0cdabdfa5797224c35dc08b0b9159d7f4b5f20f115789618dffd880e9e0665cee0757cd194d2ed98dbee0c0c0bab1df65e23bbe6c6e3b052cb3c412d2a6767
-  data.tar.gz: 7b2add303caa99cda92831422e170805465536cc8e1e6b83fd92003817bc1b4cdd435ef46ee4f2e30635a6031b467396e0f069374443c64c3f2ae78e0433b115
+  metadata.gz: 3c13174864bb854dd39cdc7bba7140476e6dedb16db12cb55dbd9c98b435a672740737603c6d8d79b1fca704c4a9a2c080f6399112b6eb1d1b5804cf8822f775
+  data.tar.gz: 3e69e3df1a2d04bc9d13e123a0a7957fa57b0e5307d83d6220fd1bd384155dba4cb7d2341578e71a5c9c9fa4363ba1fbbe31ea31568a8f7f99b1e01f4c8a4420

data/CHANGELOG.md

@@ -1,5 +1,26 @@
 # Change Log
 
+## [1.23.0](https://github.com/chef/inspec/tree/1.23.0) (2017-05-04)
+[Full Changelog](https://github.com/chef/inspec/compare/v1.22.0...1.23.0)
+
+**Implemented enhancements:**
+
+- Warn when using --sudo locally [\#1690](https://github.com/chef/inspec/issues/1690)
+- Error and exit when using --sudo locally [\#1741](https://github.com/chef/inspec/pull/1741) ([adamleff](https://github.com/adamleff))
+
+**Fixed bugs:**
+
+- xinetd.rb `read\_content': undefined method `empty?' for nil:NilClass [\#1729](https://github.com/chef/inspec/issues/1729)
+- Make the --no-color flag work for inspec exec [\#1749](https://github.com/chef/inspec/pull/1749) ([adamleff](https://github.com/adamleff))
+- Fix xinetd resource failing when file cannot be read [\#1746](https://github.com/chef/inspec/pull/1746) ([adamleff](https://github.com/adamleff))
+- Habitat profile bug fixes and improvements [\#1735](https://github.com/chef/inspec/pull/1735) ([rhass](https://github.com/rhass))
+
+**Merged pull requests:**
+
+- rake: lint before test [\#1755](https://github.com/chef/inspec/pull/1755) ([arlimus](https://github.com/arlimus))
+- rename old deprecations that were meant for 1.0 [\#1737](https://github.com/chef/inspec/pull/1737) ([arlimus](https://github.com/arlimus))
+- add `inspec.profile.file\(...\)` for profile files [\#1720](https://github.com/chef/inspec/pull/1720) ([arlimus](https://github.com/arlimus))
+
 ## [v1.22.0](https://github.com/chef/inspec/tree/v1.22.0) (2017-04-27)
 [Full Changelog](https://github.com/chef/inspec/compare/v1.21.0...v1.22.0)
 
@@ -2453,4 +2474,4 @@
 
 
 
-\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*
+\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*

data/Gemfile

@@ -20,6 +20,7 @@ group :test do
   gem 'ruby-progressbar', '~> 1.8'
   gem 'webmock', '~> 2.3.2'
   gem 'jsonschema', '~> 2.0.2'
+  gem 'm'
 end
 
 group :integration do

data/README.md

@@ -18,7 +18,7 @@ describe inetd_conf do
 end
 ```
 
-InSpec makes it easy to run your tests wherever you need. More options are found in our [CLI docs](http://inspec.io/docs/reference/cli/).
+InSpec makes it easy to run your tests wherever you need. More options are found in our [CLI docs](https://www.inspec.io/docs/reference/cli/).
 
 ```bash
 # run test locally
@@ -300,17 +300,17 @@ Windows | 2012+
 
 Documentation
 
- * http://inspec.io/docs/
- * http://inspec.io/docs/reference/resources/
+ * https://www.inspec.io/docs/
+ * https://www.inspec.io/docs/reference/resources/
  * https://github.com/chef/inspec/tree/master/docs
 
 Tutorials/Blogs/Podcasts:
 
- * http://inspec.io/tutorials/
+ * https://www.inspec.io/tutorials/
 
 Relationship to other tools (RSpec, Serverspec):
 
- * http://inspec.io/docs/reference/inspec_and_friends/
+ * https://www.inspec.io/docs/reference/inspec_and_friends/
 
 ## Share your Profiles
 

data/Rakefile

@@ -33,7 +33,7 @@ task :update_demo do
 end
 
 # run tests
-task default: [:test, :lint]
+task default: [:lint, :test]
 
 Rake::TestTask.new do |t|
   t.libs << 'test'

data/docs/migration.md

@@ -16,14 +16,75 @@ InSpec is a framework that allows you to run infrastructure testing as well as c
 
 The following resources are available in InSpec:
 
-[`bond`](http://inspec.io/docs/reference/resources/bond/), [`bridge`](http://inspec.io/docs/reference/resources/bridge/), [`command`](http://inspec.io/docs/reference/resources/command/), [`file`](http://inspec.io/docs/reference/resources/file/), [`group`](http://inspec.io/docs/reference/resources/group/), [`host`](http://inspec.io/docs/reference/resources/host/), [`interface`](http://inspec.io/docs/reference/resources/interface/), [`iis_website`](http://inspec.io/docs/reference/resources/iis_site/), [`iptables`](http://inspec.io/docs/reference/resources/iptables/), [`kernel_module`](http://inspec.io/docs/reference/resources/kernel_module/), [`linux_kernel_parameter`](http://inspec.io/docs/reference/resources/kernel_parameter/), [`mysql_config`](http://inspec.io/docs/reference/resources/mysql_config/), [`package`](http://inspec.io/docs/reference/resources/package/), [`port`](http://inspec.io/docs/reference/resources/port/), [`ppa`](http://inspec.io/docs/reference/resources/ppa/), [`process`](http://inspec.io/docs/reference/resources/process/), [`service`](http://inspec.io/docs/reference/resources/service/), [`user`](http://inspec.io/docs/reference/resources/user/), [`windows_feature`](http://inspec.io/docs/reference/resources/windows_feature/), [`windows_registry_key`](http://inspec.io/docs/reference/resources/windows_registry_key/), [`yumrepo`](http://inspec.io/docs/reference/resources/yum/)
+|                                         Serverspec                                         |                                        InSpec                                        |
+|:------------------------------------------------------------------------------------------:|:------------------------------------------------------------------------------------:|
+| [`bond`](http://serverspec.org/resource_types.html#bond)                                     | [`bond`](https://www.inspec.io/docs/reference/resources/bond/)                         |
+| [`bridge`](http://serverspec.org/resource_types.html#bridge)                                 | [`bridge`](https://www.inspec.io/docs/reference/resources/bridge/)                     |
+| [`command`](http://serverspec.org/resource_types.html#command)                               | [`command`](https://www.inspec.io/docs/reference/resources/command/)                   |
+| [`cron`](http://serverspec.org/resource_types.html#cron)                                     | [`crontab`](https://www.inspec.io/docs/reference/resources/crontab/)                   |
+| [`docker_container`](http://serverspec.org/resource_types.html#docker_container)             | [`docker_container`](https://www.inspec.io/docs/reference/resources/docker_container/) |
+| [`docker_image`](http://serverspec.org/resource_types.html#docker_image)                     | [`docker_image`](https://www.inspec.io/docs/reference/resources/docker_image/)         |
+| [`file`](http://serverspec.org/resource_types.html#file)                                     | [`file`](https://www.inspec.io/docs/reference/resources/file/)                         |
+| [`group`](http://serverspec.org/resource_types.html#group)                                   | [`group`](https://www.inspec.io/docs/reference/resources/group/)                       |
+| [`host`](http://serverspec.org/resource_types.html#host)                                     | [`host`](https://www.inspec.io/docs/reference/resources/host/)                         |
+| [`interface`](http://serverspec.org/resource_types.html#interface)                           | [`interface`](https://www.inspec.io/docs/reference/resources/interface/)               |
+| [`iis_website`](http://serverspec.org/resource_types.html#iis_website)                       | [`iis_website`](https://www.inspec.io/docs/reference/resources/iis_website/)           |
+| [`iis_app_pool`](http://serverspec.org/resource_types.html#iis_app_pool)                     | [`iis_website`](https://www.inspec.io/docs/reference/resources/iis_website/)           |
+| [`iptables`](http://serverspec.org/resource_types.html#iptables)                             | [`iptables`](https://www.inspec.io/docs/reference/resources/iptables/)                 |
+| [`kernel_module`](http://serverspec.org/resource_types.html#kernel_module)                   | [`kernel_module`](https://www.inspec.io/docs/reference/resources/kernel_module/)       |
+| [`linux_kernel_parameter`](http://serverspec.org/resource_types.html#linux_kernel_parameter) | [`kernel_parameter`](https://www.inspec.io/docs/reference/resources/kernel_parameter/) |
+| [`mysql_config`](http://serverspec.org/resource_types.html#mysql_config)                     | [`mysql_conf`](https://www.inspec.io/docs/reference/resources/mysql_conf/)             |
+| [`package`](http://serverspec.org/resource_types.html#package)                               | [`package`](https://www.inspec.io/docs/reference/resources/package/)                   |
+| [`port`](http://serverspec.org/resource_types.html#port)                                     | [`port`](https://www.inspec.io/docs/reference/resources/port/)                         |
+| [`ppa`](http://serverspec.org/resource_types.html#ppa)                                       | [`apt`](https://www.inspec.io/docs/reference/resources/apt/)                           |
+| [`process`](http://serverspec.org/resource_types.html#process)                               | [`processes`](https://www.inspec.io/docs/reference/resources/processes/)               |
+| [`service`](http://serverspec.org/resource_types.html#service)                               | [`service`](https://www.inspec.io/docs/reference/resources/service/)                   |
+| [`user`](http://serverspec.org/resource_types.html#user)                                     | [`user`](https://www.inspec.io/docs/reference/resources/user/)                         |
+| [`windows_feature`](http://serverspec.org/resource_types.html#windows_feature)               | [`windows_feature`](https://www.inspec.io/docs/reference/resources/windows_feature/)   |
+| [`windows_registry_key`](http://serverspec.org/resource_types.html#windows_registry_key)     | [`registry_key`](https://www.inspec.io/docs/reference/resources/registry_key/)         |
+| [`x509_certificate`](http://serverspec.org/resource_types.html#x509_certificate)             | [`x509_certificate`](https://www.inspec.io/docs/reference/resources/x509_certificate/) |
+| [`yumrepo`](http://serverspec.org/resource_types.html#yumrepo)                               | [`yum`](https://www.inspec.io/docs/reference/resources/yum/)                           |
+| [`zfs`](http://serverspec.org/resource_types.html#zfs)                                       | [`zfs_pool`](https://www.inspec.io/docs/reference/resources/zfs_pool/)                 |
 
 Some Serverspec resources are not available yet. We implement those resources based on user feedback. If you need a resource that is not available in InSpec, please open an [Github issue](https://github.com/chef/inspec/issues). The list of resources that are not available in InSpec:
 
-`cgroup`, `cron`, `default_gateway`, `docker_container`, `docker_image`, `iis_app_pool`, `ip6tables`, `ipfilter`, `ipnat`, `linux_audit_system`, `lxc`, `mail_alias`, `php_config`, `routing_table`, `selinux`, `selinux_module`, `x509_certificate`, `x509_private_key`, `zfs`
-
-In addition InSpec provides additional [resources](http://inspec.io/docs/reference/resources/) that are not available in Serverspec:
-[`apache_conf`](http://inspec.io/docs/reference/resources/apache_conf/), [`apt`](http://inspec.io/docs/reference/resources/apt/), [`audit_policy`](http://inspec.io/docs/reference/resources/audit_policy/), [`auditd_conf`](http://inspec.io/docs/reference/resources/auditd_conf/), [`bash`](http://inspec.io/docs/reference/resources/bash/), [`csv`](http://inspec.io/docs/reference/resources/csv/), [`etc_shadow`](http://inspec.io/docs/reference/resources/etc_shadow/), [`gem`](http://inspec.io/docs/reference/resources/gem/), [`grub_conf`](http://inspec.io/docs/reference/resources/grub_conf/), [`inetd_conf`](http://inspec.io/docs/reference/resources/inetd_conf/), [`ini`](http://inspec.io/docs/reference/resources/ini/), [`json`](http://inspec.io/docs/reference/resources/json/), [`npm`](http://inspec.io/docs/reference/resources/npm/), [`ntp_conf`](http://inspec.io/docs/reference/resources/ntp_conf/), [`oneget`](http://inspec.io/docs/reference/resources/oneget/), [`pip`](http://inspec.io/docs/reference/resources/pip/), [`powershell`](http://inspec.io/docs/reference/resources/powershell/), [`security_policy`](http://inspec.io/docs/reference/resources/security_policy/), [`ssh_config`](http://inspec.io/docs/reference/resources/ssh_config/), [`sshd_config`](http://inspec.io/docs/reference/resources/sshd_config/), [`sys_info`](http://inspec.io/docs/reference/resources/sys_info/)
+* [`cgroup`](http://serverspec.org/resource_types.html#cgroup)
+* [`default_gateway`](http://serverspec.org/resource_types.html#default_gateway)
+* [`ip6tables`](http://serverspec.org/resource_types.html#ip6tables)
+* [`ipfilter`](http://serverspec.org/resource_types.html#ipfilter)
+* [`ipnat`](http://serverspec.org/resource_types.html#ipnat)
+* [`linux_audit_system`](http://serverspec.org/resource_types.html#linux_audit_system)
+* [`lxc`](http://serverspec.org/resource_types.html#lxc)
+* [`mail_alias`](http://serverspec.org/resource_types.html#mail_alias)
+* [`php_config`](http://serverspec.org/resource_types.html#php_config)
+* [`routing_table`](http://serverspec.org/resource_types.html#routing_table)
+* [`selinux`](http://serverspec.org/resource_types.html#selinux)
+* [`selinux_module`](http://serverspec.org/resource_types.html#selinux_module)
+* [`x509_private_key`](http://serverspec.org/resource_types.html#x509_private_key)
+
+In addition InSpec provides additional [resources](https://www.inspec.io/docs/reference/resources/) that are not available in Serverspec:
+
+* [`apache_conf`](https://www.inspec.io/docs/reference/resources/apache_conf/)
+* [`apt`](https://www.inspec.io/docs/reference/resources/apt/)
+* [`audit_policy`](https://www.inspec.io/docs/reference/resources/audit_policy/)
+* [`auditd_conf`](https://www.inspec.io/docs/reference/resources/auditd_conf/)
+* [`bash`](https://www.inspec.io/docs/reference/resources/bash/)
+* [`csv`](https://www.inspec.io/docs/reference/resources/csv/)
+* [`etc_shadow`](https://www.inspec.io/docs/reference/resources/etc_shadow/)
+* [`gem`](https://www.inspec.io/docs/reference/resources/gem/)
+* [`grub_conf`](https://www.inspec.io/docs/reference/resources/grub_conf/)
+* [`inetd_conf`](https://www.inspec.io/docs/reference/resources/inetd_conf/)
+* [`ini`](https://www.inspec.io/docs/reference/resources/ini/)
+* [`json`](https://www.inspec.io/docs/reference/resources/json/)
+* [`npm`](https://www.inspec.io/docs/reference/resources/npm/)
+* [`ntp_conf`](https://www.inspec.io/docs/reference/resources/ntp_conf/)
+* [`oneget`](https://www.inspec.io/docs/reference/resources/oneget/)
+* [`pip`](https://www.inspec.io/docs/reference/resources/pip/)
+* [`powershell`](https://www.inspec.io/docs/reference/resources/powershell/)
+* [`security_policy`](https://www.inspec.io/docs/reference/resources/security_policy/)
+* [`ssh_config`](https://www.inspec.io/docs/reference/resources/ssh_config/)
+* [`sshd_config`](https://www.inspec.io/docs/reference/resources/sshd_config/)
+* [`sys_info`](https://www.inspec.io/docs/reference/resources/sys_info/)
 
 ## How do I migrate my Serverspec tests to InSpec
 
@@ -53,7 +114,7 @@ kitchen verify package-install-centos-72
 -----> Starting Kitchen (v1.14.2)
 -----> Verifying <package-install-centos-72>...
        Detected alternative framework tests for `inspec`
-       Loaded  
+       Loaded
 
 Target:  ssh://vagrant@127.0.0.1:2200
 

data/docs/profiles.md

@@ -17,6 +17,8 @@ A profile should have the following structure::
     │   └── control_etc.rb
     ├── libraries
     │   └── extension.rb
+    |── files
+    │   └── extras.conf
     └── inspec.yml
 
 where:
@@ -24,6 +26,7 @@ where:
 * `inspec.yml` includes the profile description (required)
 * `controls` is the directory in which all tests are located (required)
 * `libraries` is the directory in which all InSpec resource extensions are located (optional)
+* `files` is the directory with additional files that a profile can access (optional)
 * `README.md` should be used to explain the profile, its scope, and usage
 
 See a complete example profile in the InSpec open source repository: https://github.com/chef/inspec/tree/master/examples/profile
@@ -301,3 +304,39 @@ The following command runs the tests and applies the secrets specified in `profi
     $ inspec exec examples/profile-attribute --attrs examples/profile-attribute.yml
 
 See the full example in the InSpec open source repository: https://github.com/chef/inspec/tree/master/examples/profile-attribute
+
+# Profile files
+
+An InSpec profile may contain additional files that can be accessed during tests. This covers use-cases where e.g. a list of ports is provided to be tested.
+
+To access these files, they must be stored in the `files` directory at the root of a profile. They are accessed by their name relative to this folder with `inspec.profile.file(...)`.
+
+Here is an example for reading and testing a list of ports. The folder structure is:
+
+    examples/profile
+    ├── controls
+    │   ├── example.rb
+    |── files
+    │   └── services.yml
+    └── inspec.yml
+
+With `services.yml` containing:
+
+    - service_name: httpd-alpha
+      port: 80
+    - service_name: httpd-beta
+      port: 8080
+
+The tests in `example.rb` can now access this file:
+
+    my_services = yaml(content: inspec.profile.file('services.yml')).params
+
+    my_services.each do |s|
+      describe service(s['name']) do
+        it { should be_running }
+      end
+
+      describe port(s['port']) do
+        it { should be_listening }
+      end
+    end

data/docs/resources/yaml.md.erb

@@ -17,7 +17,7 @@ A `yaml` resource block declares the configuration data to be tested. Assume the
 
 This file can be queried using:
 
-    describe yaml do
+    describe yaml('filename.yml') do
       its('name') { should eq 'foo' }
       its(['array', 1]) { should eq 'one' }
     end
@@ -27,6 +27,20 @@ where
 * `name` is a configuration setting in a Yaml file
 * `should eq 'foo'` tests a value of `name` as read from a Yaml file versus the value declared in the test
 
+Like the `json` resource, the `yaml` resource can read a file, run a command, or accept content inline:
+
+    describe yaml('config.yaml') do
+      its(['driver', 'name']) { should eq 'vagrant' }
+    end
+
+    describe yaml({ command: 'retrieve_data.py --yaml' }) do
+      its('state') { should eq 'open' }
+    end
+
+    describe yaml({ content: \"key1: value1\nkey2: value2\" }) do
+      its('key2') { should cmp 'value2' }
+    end
+
 
 ## Matchers
 

data/examples/meta-profile/README.md

@@ -34,4 +34,4 @@ include_controls 'linux'
 include_controls 'windows-patch-benchmark'
 ```
 
-Further details are described in our [InSpec Docs](http://inspec.io/docs/reference/profiles/)
+Further details are described in our [InSpec Docs](https://www.inspec.io/docs/reference/profiles/)

data/lib/bundles/inspec-habitat/profile.rb

@@ -213,7 +213,7 @@ module Habitat
       # TODO: Would love to use Mixlib::ShellOut here, but it doesn't
       # seem to preserve the STDIN tty, and docker gets angry.
       Dir.chdir(work_dir) do
-        unless system(env, 'hab studio build .')
+        unless system(env, 'hab pkg build .')
           exit_with_error('Unable to build the Habitat artifact.')
         end
       end
@@ -299,33 +299,29 @@ module Habitat
 pkg_name=#{package_name}
 pkg_version=#{profile.version}
 pkg_origin=#{habitat_origin}
-pkg_source="nosuchfile.tar.gz"
-pkg_deps=(chef/inspec)
-pkg_build_deps=()
+pkg_deps=(chef/inspec core/ruby core/hab)
 pkg_svc_user=root
 EOL
 
       plan += "pkg_license='#{profile.metadata.params[:license]}'\n\n" if profile.metadata.params[:license]
 
       plan += <<-EOL
-do_download() {
-  return 0
-}
-
-do_verify() {
-  return 0
-}
-
-do_unpack() {
-  return 0
-}
 
 do_build() {
   cp -vr $PLAN_CONTEXT/../src/* $HAB_CACHE_SRC_PATH/$pkg_dirname
 }
 
 do_install() {
-  cp -R . ${pkg_prefix}/dist
+  local profile_contents
+  local excludes
+  profile_contents=($(ls))
+  excludes=(habitat results *.hart)
+
+  for item in ${excludes[@]}; do
+    profile_contents=(${profile_contents[@]/$item/})
+  done
+
+  cp -r ${profile_contents[@]} ${pkg_prefix}/dist/
 }
       EOL
 
@@ -336,15 +332,13 @@ do_install() {
       <<-EOL
 #!/bin/sh
 
-export PATH=${PATH}:$(hab pkg path core/ruby)/bin
-
 # InSpec will try to create a .cache directory in the user's home directory
 # so this needs to be someplace writeable by the hab user
 export HOME={{pkg.svc_var_path}}
 
-PROFILE_IDENT="#{habitat_origin}/#{package_name}"
+PROFILE_IDENT="{{pkg.origin}}/{{pkg.name}}"
 RESULTS_DIR="{{pkg.svc_var_path}}/inspec_results"
-RESULTS_FILE="${RESULTS_DIR}/#{package_name}.json"
+RESULTS_FILE="${RESULTS_DIR}/{{pkg.name}}.json"
 ERROR_FILE="{{pkg.svc_var_path}}/inspec.err"
 
 # Create a directory for inspec formatter output
@@ -352,10 +346,9 @@ mkdir -p {{pkg.svc_var_path}}/inspec_results
 
 while true; do
   echo "Executing InSpec for ${PROFILE_IDENT}"
-  hab pkg exec chef/inspec inspec exec $(hab pkg path ${PROFILE_IDENT})/dist --format=json > ${RESULTS_FILE} 2>${ERROR_FILE}
-  RC=$?
+  hab pkg exec chef/inspec inspec exec {{pkg.path}}/dist --format=json > ${RESULTS_FILE} 2>${ERROR_FILE}
 
-  if [ "x${RC}" == "x0" ]; then
+  if [ $? -eq 0 ]; then
     echo "InSpec run completed successfully."
   elsif [ -s ${ERROR_FILE} ]
     echo "InSpec run did NOT complete successfully. Error:"

data/lib/inspec/backend.rb

@@ -8,6 +8,27 @@ require 'train'
 
 module Inspec
   module Backend
+    module Base
+      attr_accessor :profile
+
+      # Provide a shorthand to retrieve the inspec version from within a profile
+      #
+      # @return [String] inspec version
+      def version
+        Inspec::VERSION
+      end
+
+      # Ruby internal for printing a nice name for this class
+      def to_s
+        'Inspec::Backend::Class'
+      end
+
+      # Ruby internal for pretty-printing a summary for this class
+      def inspect
+        "Inspec::Backend::Class @transport=#{backend.class}"
+      end
+    end
+
     # Create the transport backend with aggregated resources.
     #
     # @param [Hash] config for the transport backend
@@ -26,22 +47,7 @@ module Inspec
       end
 
       cls = Class.new do
-        # Ruby internal for printing a nice name for this class
-        def to_s
-          'Inspec::Backend::Class'
-        end
-
-        # Ruby internal for pretty-printing a summary for this class
-        def inspect
-          "Inspec::Backend::Class @transport=#{backend.class}"
-        end
-
-        # Provide a shorthand to retrieve the inspec version from within a profile
-        #
-        # @return [String] inspec version
-        def version
-          Inspec::VERSION
-        end
+        include Base
 
         define_method :backend do
           connection

data/lib/inspec/cli.rb

@@ -155,6 +155,13 @@ class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
     configure_logger(opts)
     o = opts.dup
 
+    # print error if user passed --sudo but with no --target
+    if opts[:sudo] && opts[:target].nil?
+      Inspec::Log.error('--sudo is only valid when running against a remote host using --target')
+      Inspec::Log.error('To run InSpec locally with elevated privileges, run `sudo inspec exec ...`')
+      exit 1
+    end
+
     # run tests
     run_tests(targets, o)
   rescue StandardError => e

data/lib/inspec/completions/fish.sh.erb

@@ -0,0 +1,34 @@
+function __fish_inspec_no_command --description 'Test if inspec has yet to be given the main command'
+  set -l cmd (commandline -opc)
+  test (count $cmd) -eq 1
+end
+
+function __fish_inspec_using_command
+  set -l cmd (commandline -opc)
+  set -q cmd[2]; and test "$argv[1]" = $cmd[2]
+end
+
+function __fish_inspec_using_command_and_no_subcommand
+  set -l cmd (commandline -opc)
+  test (count $cmd) -eq 2; and test "$argv[1]" = "$cmd[2]"
+end
+
+function __fish_inspec_using_subcommand --argument-names cmd_main cmd_sub
+    set -l cmd (commandline -opc)
+    set -q cmd[3]; and test "$cmd_main" = $cmd[2] -a "$cmd_sub" = $cmd[3]
+end
+
+<% top_level_commands_with_descriptions.each do |command_and_description| %>
+  <% command, description = command_and_description.split(':') %>
+  <% description.gsub!(/\\/, '') %>
+  # <%= command %> commands
+  complete -c inspec -f -n '__fish_inspec_no_command' -a <%= command %> -d "<%= description %>"
+  # <%= command %> help
+  complete -c inspec -f -n '__fish_inspec_using_command help' -a <%= command %> -d "<%= description %>"
+
+  <% (subcommands_with_commands_and_descriptions[command] || []).each do |command_and_description| %>
+    <% subcommand, description = command_and_description.split(':') %>
+    <% description.gsub!(/\\/, '') %>
+    complete -c inspec -f -n '__fish_inspec_using_command_and_no_subcommand <%= command %>' -a <%= subcommand %> -d "<%= description %>"
+  <% end %>
+<% end %>

data/lib/inspec/env_printer.rb

@@ -5,6 +5,14 @@ require 'shellwords'
 
 module Inspec
   class EnvPrinter
+    attr_reader :shell
+
+    EVAL_COMMANDS = {
+      'bash' => 'eval \"$(inspec env bash)\"',
+      'fish' => 'inspec env fish > ~/.config/fish/completions/inspec.fish',
+      'zsh' => 'eval \"$(inspec env zsh)\"',
+    }.freeze
+
     def initialize(command_class, shell = nil)
       if !shell
         @detected = true
@@ -56,7 +64,7 @@ module Inspec
       puts <<EOF
 # To use this, eval it in your shell
 #
-#    eval "$(inspec env #{@shell})"
+#    #{EVAL_COMMANDS[shell]}
 #
 #
 EOF

data/lib/inspec/profile.rb

@@ -13,6 +13,7 @@ require 'inspec/backend'
 require 'inspec/rule'
 require 'inspec/log'
 require 'inspec/profile_context'
+require 'inspec/runtime_profile'
 require 'inspec/dependencies/cache'
 require 'inspec/dependencies/lockfile'
 require 'inspec/dependencies/dependency_set'
@@ -82,6 +83,7 @@ module Inspec
 
     # rubocop:disable Metrics/AbcSize
     def initialize(source_reader, options = {})
+      @source_reader = source_reader
       @target = options[:target]
       @logger = options[:logger] || Logger.new(nil)
       @locked_dependencies = options[:dependencies]
@@ -91,10 +93,13 @@ module Inspec
       @cache = options[:cache] || Cache.new
       @backend = options[:backend] || Inspec::Backend.create(options.select { |k, _| k != 'target' })
       @attr_values = options[:attributes]
-      @source_reader = source_reader
       @tests_collected = false
       @libraries_loaded = false
       Metadata.finalize(@source_reader.metadata, @profile_id, options)
+
+      @runtime_profile = RuntimeProfile.new(self)
+      @backend.profile = @runtime_profile
+
       @runner_context =
         options[:profile_context] ||
         Inspec::ProfileContext.for_profile(self, @backend, @attr_values)

data/lib/inspec/rspec_json_formatter.rb

@@ -531,7 +531,7 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
   #
   def print_control(control)
     print_line(
-      color:      COLORS[control.summary_indicator] || '',
+      color:      control.summary_indicator,
       indicator:  INDICATORS[control.summary_indicator] || INDICATORS['unknown'],
       summary:    format_lines(control.summary, INDICATORS['empty']),
       id:         "#{control.id}: ",
@@ -541,7 +541,6 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
 
   def print_result(result)
     test_status = result[:status_type]
-    test_color = COLORS[test_status]
     indicator = INDICATORS[result[:status]]
     indicator = INDICATORS['empty'] if indicator.nil?
     if result[:message]
@@ -550,7 +549,7 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
       msg = result[:skip_message] || result[:code_desc]
     end
     print_line(
-      color:      test_color,
+      color:      test_status,
       indicator:  INDICATORS['small'] + indicator,
       summary:    format_lines(msg, INDICATORS['empty']),
       id: nil, profile: nil
@@ -575,7 +574,7 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
       end
       status_indicator = test[:status_type]
       print_line(
-        color:      COLORS[status_indicator] || '',
+        color:      status_indicator,
         indicator:  INDICATORS['small'] + INDICATORS[status_indicator] || INDICATORS['unknown'],
         summary:    format_lines(test_result, INDICATORS['empty']),
         id:         control_id,
@@ -586,36 +585,40 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
 
   def print_profile_summary
     summary = profile_summary
+    return unless summary['total'] > 0
 
-    s = format('Profile Summary: %s%d successful%s, %s%d failures%s, %s%d skipped%s',
-               COLORS['passed'], summary['passed'], COLORS['reset'],
-               COLORS['failed'], summary['failed']['total'], COLORS['reset'],
-               COLORS['skipped'], summary['skipped'], COLORS['reset'])
+    s = format('Profile Summary: %s, %s, %s',
+               format_with_color('passed', "#{summary['passed']} successful"),
+               format_with_color('failed', "#{summary['failed']['total']} failures"),
+               format_with_color('skipped', "#{summary['skipped']} skipped"),
+              )
     output.puts(s) if summary['total'] > 0
   end
 
   def print_tests_summary
     summary = tests_summary
 
-    s = format('Test Summary: %s%d successful%s, %s%d failures%s, %s%d skipped%s',
-               COLORS['passed'], summary['passed'], COLORS['reset'],
-               COLORS['failed'], summary['failed'], COLORS['reset'],
-               COLORS['skipped'], summary['skipped'], COLORS['reset'])
+    s = format('Test Summary: %s, %s, %s',
+               format_with_color('passed', "#{summary['passed']} successful"),
+               format_with_color('failed', "#{summary['failed']} failures"),
+               format_with_color('skipped', "#{summary['skipped']} skipped"),
+              )
+
     output.puts(s)
   end
 
   # Formats the line (called from print_line)
   def format_line(fields)
-    format = '%color%indicator%id%summary'
+    format = '%indicator%id%summary'
     format.gsub(/%\w+/) do |x|
       term = x[1..-1]
       fields.key?(term.to_sym) ? fields[term.to_sym].to_s : x
-    end + COLORS['reset']
+    end
   end
 
   # Prints line; used to print results
   def print_line(fields)
-    output.puts(format_line(fields))
+    output.puts(format_with_color(fields[:color], format_line(fields)))
   end
 
   # Helps formatting summary lines (called from within print_line arguments)
@@ -623,6 +626,13 @@ class InspecRspecCli < InspecRspecJson # rubocop:disable Metrics/ClassLength
     lines.gsub(/\n/, "\n" + indentation)
   end
 
+  def format_with_color(color_name, text)
+    return text unless RSpec.configuration.color
+    return text unless COLORS.key?(color_name)
+
+    "#{COLORS[color_name]}#{text}#{COLORS['reset']}"
+  end
+
   #
   # This class wraps a control hash object to provide a useful inteface for
   # maintaining the associated profile, ids, results, title, etc.

data/lib/inspec/runtime_profile.rb

@@ -0,0 +1,26 @@
+# encoding: utf-8
+# Copyright 2017 Chef Software
+# author: Dominik Richter
+# author: Christoph Hartmann
+
+module Inspec
+  class RuntimeProfile
+    attr_reader :files
+
+    def initialize(profile)
+      @src = profile.source_reader
+      @files = @src.data_files.keys.map do |k|
+        k.sub('files' + File::SEPARATOR, '')
+      end
+    end
+
+    # Retrieve a profile file's contents
+    #
+    # @param name [String] the name of the file
+    # @return [String] contents of the file of RuntimeError if missing
+    def file(name)
+      @src.data_files[File.join('files', name)] ||
+        raise("Cannot find file #{name} in profile.")
+    end
+  end
+end

data/lib/inspec/shell.rb

@@ -146,7 +146,7 @@ EOF
 
 #{mark 'Web Reference:'}
 
-http://inspec.io/docs/reference/resources/#{topic}
+https://www.inspec.io/docs/reference/resources/#{topic}
 
 EOF
       else
@@ -212,7 +212,7 @@ regular expression.
 
   its('content') { should_not match /^MyKey:\\s+some value/ }
 
-For more examples, see: http://inspec.io/docs/reference/matchers/
+For more examples, see: https://www.inspec.io/docs/reference/matchers/
 
       EOL
     end

data/lib/inspec/version.rb

@@ -4,5 +4,5 @@
 # author: Christoph Hartmann
 
 module Inspec
-  VERSION = '1.22.0'.freeze
+  VERSION = '1.23.0'.freeze
 end

data/lib/matchers/matchers.rb

@@ -70,7 +70,7 @@ end
 # matcher to check /etc/passwd, /etc/shadow and /etc/group
 RSpec::Matchers.define :contain_legacy_plus do
   match do |file|
-    warn '[DEPRECATION] `contain_legacy_plus` is deprecated and will be removed for InSpec 1.0. Please use `describe file(\'/etc/passwd\') do its(\'content\') { should_not match /^\+:/ } end`'
+    warn '[DEPRECATION] `contain_legacy_plus` is deprecated and will be removed in the next major version. Please use `describe file(\'/etc/passwd\') do its(\'content\') { should_not match /^\+:/ } end`'
     file.content =~ /^\+:/
   end
 end
@@ -78,7 +78,7 @@ end
 # verifies that no entry in an array contains a value
 RSpec::Matchers.define :contain_match do |regex|
   match do |arr|
-    warn '[DEPRECATION] `contain_match` is deprecated and will be removed for InSpec 1.0. See https://github.com/chef/inspec/issues/738 for more details'
+    warn '[DEPRECATION] `contain_match` is deprecated and will be removed in the next major version. See https://github.com/chef/inspec/issues/738 for more details'
     arr.inject { |result, i|
       result = i.match(regex)
       result || i.match(/$/)
@@ -88,7 +88,7 @@ end
 
 RSpec::Matchers.define :contain_duplicates do
   match do |arr|
-    warn '[DEPRECATION] `contain_duplicates` is deprecated and will be removed for InSpec 1.0. See https://github.com/chef/inspec/issues/738 for more details'
+    warn '[DEPRECATION] `contain_duplicates` is deprecated and will be removed in the next major version. See https://github.com/chef/inspec/issues/738 for more details'
     dup = arr.select { |element| arr.count(element) > 1 }
     !dup.uniq.empty?
   end

data/lib/resources/passwd.rb

@@ -62,17 +62,17 @@ module Inspec::Resources
           .add(:shells,    field: 'shell')
 
     filter.add(:count) { |t, _|
-      warn '[DEPRECATION] `passwd.count` is deprecated. Please use `passwd.entries.length` instead. It will be removed in version 1.0.0.'
+      warn '[DEPRECATION] `passwd.count` is deprecated. Please use `passwd.entries.length` instead. It will be removed in the next major version.'
       t.entries.length
     }
 
     filter.add(:usernames) { |t, x|
-      warn '[DEPRECATION] `passwd.usernames` is deprecated. Please use `passwd.users` instead. It will be removed in version 1.0.0.'
+      warn '[DEPRECATION] `passwd.usernames` is deprecated. Please use `passwd.users` instead. It will be removed in the next major version.'
       t.users(x)
     }
 
     filter.add(:username) { |t, x|
-      warn '[DEPRECATION] `passwd.username` is deprecated. Please use `passwd.users` instead. It will be removed in version 1.0.0.'
+      warn '[DEPRECATION] `passwd.username` is deprecated. Please use `passwd.users` instead. It will be removed in the next major version.'
       t.users(x)[0]
     }
 
@@ -84,7 +84,7 @@ module Inspec::Resources
     }
 
     def uid(x)
-      warn '[DEPRECATION] `passwd.uid(arg)` is deprecated. Please use `passwd.uids(arg)` instead. It will be removed in version 1.0.0.'
+      warn '[DEPRECATION] `passwd.uid(arg)` is deprecated. Please use `passwd.uids(arg)` instead. It will be removed in the next major version.'
       uids(x)
     end
 

data/lib/resources/xinetd.rb

@@ -57,7 +57,7 @@ module Inspec::Resources
       end
 
       @contents[path] = file.content
-      if @contents[path].empty? && !file.empty?
+      if @contents[path].nil? || @contents[path].empty?
         return skip_resource "Can't read file \"#{path}\""
       end
 

data/lib/resources/yaml.rb

@@ -14,8 +14,16 @@ module Inspec::Resources
     name 'yaml'
     desc 'Use the yaml InSpec audit resource to test configuration data in a YAML file.'
     example "
-      describe yaml do
-        its('name') { should eq 'foo' }
+      describe yaml('config.yaml') do
+        its(['driver', 'name']) { should eq 'vagrant' }
+      end
+
+      describe yaml({ command: 'retrieve_data.py --yaml' }) do
+        its('state') { should eq 'open' }
+      end
+
+      describe yaml({ content: \"key1: value1\nkey2: value2\" }) do
+        its('key2') { should cmp 'value2' }
       end
     "
 

data/lib/source_readers/flat.rb

@@ -20,13 +20,14 @@ module SourceReaders
       new(target, files)
     end
 
-    attr_reader :metadata, :tests, :libraries
+    attr_reader :metadata, :tests, :libraries, :data_files
 
     def initialize(target, files)
       @target = target
       @metadata = ::Inspec::Metadata.new(nil)
       @tests = load_tests(files)
       @libraries = {}
+      @data_files = {}
     end
 
     private

data/lib/source_readers/inspec.rb

@@ -23,17 +23,18 @@ module SourceReaders
       nil
     end
 
-    attr_reader :metadata, :tests, :libraries
+    attr_reader :metadata, :tests, :libraries, :data_files
 
     # This create a new instance of an InSpec profile source reader
     #
     # @param [FileProvider] target An instance of a FileProvider object that can list files and read them
     # @param [String] metadata_source eg. inspec.yml or metadata.rb
     def initialize(target, metadata_source)
-      @target    = target
-      @metadata  = load_metadata(metadata_source)
-      @tests     = load_tests
-      @libraries = load_libs
+      @target     = target
+      @metadata   = load_metadata(metadata_source)
+      @tests      = load_tests
+      @libraries  = load_libs
+      @data_files = load_data_files
     end
 
     private
@@ -62,5 +63,12 @@ module SourceReaders
       end
       Hash[tests.map { |x| [x, @target.read(x)] }]
     end
+
+    def load_data_files
+      files = @target.files.find_all do |path|
+        path.start_with?('files' + File::SEPARATOR)
+      end
+      Hash[files.map { |x| [x, @target.read(x)] }]
+    end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec
 version: !ruby/object:Gem::Version
-  version: 1.22.0
+  version: 1.23.0
 platform: ruby
 authors:
 - Dominik Richter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-04-27 00:00:00.000000000 Z
+date: 2017-05-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: train
@@ -461,6 +461,7 @@ files:
 - lib/inspec/cached_fetcher.rb
 - lib/inspec/cli.rb
 - lib/inspec/completions/bash.sh.erb
+- lib/inspec/completions/fish.sh.erb
 - lib/inspec/completions/zsh.sh.erb
 - lib/inspec/control_eval_context.rb
 - lib/inspec/dependencies/cache.rb
@@ -506,6 +507,7 @@ files:
 - lib/inspec/runner.rb
 - lib/inspec/runner_mock.rb
 - lib/inspec/runner_rspec.rb
+- lib/inspec/runtime_profile.rb
 - lib/inspec/schema.rb
 - lib/inspec/secrets.rb
 - lib/inspec/secrets/yaml.rb