inspec 1.25.1 → 1.26.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2369b96cee8091a5a6217e02655d0093ecca8a33
-  data.tar.gz: 59d26c6a3fb7df21eaa354716c1c1e5e97340038
+  metadata.gz: fecbcfd7ae1d3b85d799bc71dc2eabe989f16136
+  data.tar.gz: 20bd1251717cd160dbd5b4b8884ca2d916838f3b
 SHA512:
-  metadata.gz: d1ee1b6272be4d4e246318f20aa67a78afc9ed7a0e740ed1dae503110700a0e091aebb32b9c75c6fe3802ae539a99491b415fb1b1179517047223c814d6085cd
-  data.tar.gz: 9998bcdc5ec747c15fc2b43cea4ec91b59bf1d158c7a2bf4025865ec90b844c8048a0fa3d8ad01bf6501a3965384e39b906d5200f979a2c5cb6269abdc159523
+  metadata.gz: 3553ac4c21f7f73f70fcaed794292b013f7106a7b226ffb5500c1c9c6451d4355d10aa0526d28d32db926e6a281f5a1f48cf7bcb68255b893853020debfa8a42
+  data.tar.gz: 743f7fce23d0d50eb6d3df716c7f44d9ca1f8824fdc47df6940d77308a720146caf07eb1f6c3a47616cc230561e832b32aa89206d97ace6cea43a7e69abd5f13

data/CHANGELOG.md

@@ -1,6 +1,25 @@
 # Change Log
 
-## [v1.25.1](https://github.com/chef/inspec/tree/v1.25.1) (2017-05-19)
+## [v1.26.0](https://github.com/chef/inspec/tree/v1.26.0) (2017-05-30)
+[Full Changelog](https://github.com/chef/inspec/compare/v1.25.1...v1.26.0)
+
+**Implemented enhancements:**
+
+- Improvements to Habitat plan [\#1820](https://github.com/chef/inspec/pull/1820) ([smith](https://github.com/smith))
+
+**Fixed bugs:**
+
+- bugfix: adjust localhost+sudo test output to train update [\#1873](https://github.com/chef/inspec/pull/1873) ([arlimus](https://github.com/arlimus))
+- bugfix: do not send nil to command on unsupported OS [\#1865](https://github.com/chef/inspec/pull/1865) ([arlimus](https://github.com/arlimus))
+- bugfix: non-url servers with compliance login [\#1861](https://github.com/chef/inspec/pull/1861) ([arlimus](https://github.com/arlimus))
+- Habitat Profiles: redirect stderr to stdout [\#1826](https://github.com/chef/inspec/pull/1826) ([adamleff](https://github.com/adamleff))
+
+**Closed issues:**
+
+- Using Automate - `compliance\_profile\_name': undefined method `\[\]' for nil:NilClass \(NoMethodError\) seeing 1.25.1 Inspec  [\#1848](https://github.com/chef/inspec/issues/1848)
+- Missing filesystem size check for InSpec [\#1843](https://github.com/chef/inspec/issues/1843)
+
+## [v1.25.1](https://github.com/chef/inspec/tree/v1.25.1) (2017-05-20)
 [Full Changelog](https://github.com/chef/inspec/compare/v1.25.0...v1.25.1)
 
 **Implemented enhancements:**
@@ -70,28 +89,15 @@
 - provide `inspec.version` information [\#1719](https://github.com/chef/inspec/pull/1719) ([arlimus](https://github.com/arlimus))
 - provide the `inspec` keyword [\#1718](https://github.com/chef/inspec/pull/1718) ([arlimus](https://github.com/arlimus))
 - print and prettyprint the inspec backend class [\#1717](https://github.com/chef/inspec/pull/1717) ([arlimus](https://github.com/arlimus))
-- inspec control.to\_ruby to use newlines instead of `\n` [\#1705](https://github.com/chef/inspec/pull/1705) ([arlimus](https://github.com/arlimus))
 
 **Fixed bugs:**
 
 - pretty-print multiline control descriptions [\#1711](https://github.com/chef/inspec/pull/1711) ([arlimus](https://github.com/arlimus))
 - bugfix: unindent description misbehaviors [\#1707](https://github.com/chef/inspec/pull/1707) ([arlimus](https://github.com/arlimus))
-- handle json parse errors in docker resource [\#1706](https://github.com/chef/inspec/pull/1706) ([chris-rock](https://github.com/chris-rock))
 
 ## [v1.21.0](https://github.com/chef/inspec/tree/v1.21.0) (2017-04-24)
 [Full Changelog](https://github.com/chef/inspec/compare/v1.20.0...v1.21.0)
 
-**Implemented enhancements:**
-
-- fetch user groups while building user object [\#1681](https://github.com/chef/inspec/pull/1681) ([Happycoil](https://github.com/Happycoil))
-- update sslshake to v1.2 [\#1680](https://github.com/chef/inspec/pull/1680) ([arlimus](https://github.com/arlimus))
-
-**Fixed bugs:**
-
-- Web references in inspec shell help are wrong [\#1667](https://github.com/chef/inspec/issues/1667)
-- bugfix: solve warn on uninitialized [\#1694](https://github.com/chef/inspec/pull/1694) ([arlimus](https://github.com/arlimus))
-- fix web reference url [\#1669](https://github.com/chef/inspec/pull/1669) ([chris-rock](https://github.com/chris-rock))
-
 
 
 \* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*

data/docs/resources/interface.md.erb

@@ -4,7 +4,7 @@ title: About the interface Resource
 
 # interface
 
-Use the `interface` InSpec audit resource to test basic network adapter properties, such as name, status, state, address, and link speed (in MB/sec).
+Use the `interface` InSpec audit resource to test basic network adapter properties, such as name, status, and link speed (in MB/sec).
 
 * On Linux platforms, `/sys/class/net/#{iface}` is used as source
 * On the Windows platform, the `Get-NetAdapter` cmdlet is used as source
@@ -13,7 +13,7 @@ Use the `interface` InSpec audit resource to test basic network adapter properti
 
 An `interface` resource block declares network interface properties to be tested:
 
-    describe interface do
+    describe interface('eth0') do
       it { should be_up }
       its('speed') { should eq 1000 }
       its('name') { should eq eth0 }

data/inspec.gemspec

@@ -26,7 +26,7 @@ Gem::Specification.new do |spec|
 
   spec.required_ruby_version = '>= 2.1'
 
-  spec.add_dependency 'train', '>=0.22.0', '<1.0'
+  spec.add_dependency 'train', '>=0.24.0', '<1.0'
   spec.add_dependency 'thor', '~> 0.19'
   spec.add_dependency 'json', '>= 1.8', '< 3.0'
   spec.add_dependency 'rainbow', '~> 2'

data/lib/bundles/inspec-compliance/http.rb

@@ -10,8 +10,7 @@ module Compliance
   class HTTP
     # generic get requires
     def self.get(url, headers = nil, insecure)
-      url = "https://#{url}" if URI.parse(url).scheme.nil?
-      uri = URI.parse(url)
+      uri = _parse_url(url)
       req = Net::HTTP::Get.new(uri.path)
       if !headers.nil?
         headers.each do |key, value|
@@ -24,7 +23,7 @@ module Compliance
     # generic post request
     def self.post(url, token, insecure, basic_auth = false)
       # form request
-      uri = URI.parse(url)
+      uri = _parse_url(url)
       req = Net::HTTP::Post.new(uri.path)
       if basic_auth
         req.basic_auth token, ''
@@ -38,7 +37,7 @@ module Compliance
 
     # post a file
     def self.post_file(url, headers, file_path, insecure)
-      uri = URI.parse(url)
+      uri = _parse_url(url)
       raise "Unable to parse URL: #{url}" if uri.nil? || uri.host.nil?
       http = Net::HTTP.new(uri.host, uri.port)
 
@@ -81,5 +80,10 @@ module Compliance
       puts 'If the server uses a self-signed certificate, please re-run the login command with the --insecure option.'
       exit 1
     end
+
+    def self._parse_url(url)
+      url = "https://#{url}" if URI.parse(url).scheme.nil?
+      URI.parse(url)
+    end
   end
 end

data/lib/bundles/inspec-compliance/target.rb

@@ -87,6 +87,12 @@ EOF
           else
             %r{^#{@config['server']}/owners/(?<owner>[^/]+)/compliance/(?<id>[^/]+)/tar$}
           end.match(@target)
+
+      raise 'Unable to determine compliance profile name. This can be caused by ' \
+        'an incorrect server in your configuration. Try to login to compliance ' \
+        'via the `inspec compliance login` or `inspec compliance login_automate` ' \
+        'commands.' if m.nil?
+
       "#{m[:owner]}/#{m[:id]}"
     end
   end

data/lib/bundles/inspec-habitat/profile.rb

@@ -332,6 +332,12 @@ do_install() {
       <<-EOL
 #!/bin/sh
 
+# redirect stderr to stdout
+# ultimately, we'd like to log this somewhere useful, but due to
+# https://github.com/habitat-sh/habitat/issues/2395, we need to
+# avoid doing that for now.
+exec 2>&1
+
 # InSpec will try to create a .cache directory in the user's home directory
 # so this needs to be someplace writeable by the hab user
 export HOME={{pkg.svc_var_path}}
@@ -339,23 +345,21 @@ export HOME={{pkg.svc_var_path}}
 PROFILE_IDENT="{{pkg.origin}}/{{pkg.name}}"
 RESULTS_DIR="{{pkg.svc_var_path}}/inspec_results"
 RESULTS_FILE="${RESULTS_DIR}/{{pkg.name}}.json"
-ERROR_FILE="{{pkg.svc_var_path}}/inspec.err"
 
 # Create a directory for inspec formatter output
 mkdir -p {{pkg.svc_var_path}}/inspec_results
 
 while true; do
   echo "Executing InSpec for ${PROFILE_IDENT}"
-  inspec exec {{pkg.path}}/dist --format=json > ${RESULTS_FILE} 2>${ERROR_FILE}
+  inspec exec {{pkg.path}}/dist --format=json > ${RESULTS_FILE}
 
   if [ $? -eq 0 ]; then
     echo "InSpec run completed successfully."
-  elsif [ -s ${ERROR_FILE} ]
-    echo "InSpec run did NOT complete successfully. Error:"
-    cat ${ERROR_FILE}
   else
-    echo "InSpec run completed successfully, but there were control failures."
-    echo "Check the output at ${RESULTS_FILE} for details."
+    echo "InSpec run did not complete successfully. If you do not see any errors above,"
+    echo "control failures were detected. Check the InSpec results here for details:"
+    echo ${RESULTS_FILE}
+    echo "Otherwise, troubleshoot any errors shown above."
   fi
 
   source {{pkg.svc_config_path}}/settings.sh

data/lib/inspec/cli.rb

@@ -155,13 +155,6 @@ class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
     configure_logger(opts)
     o = opts.dup
 
-    # print error if user passed --sudo but with no --target
-    if opts[:sudo] && opts[:target].nil?
-      Inspec::Log.error('--sudo is only valid when running against a remote host using --target')
-      Inspec::Log.error('To run InSpec locally with elevated privileges, run `sudo inspec exec ...`')
-      exit 1
-    end
-
     # run tests
     run_tests(targets, o)
   rescue StandardError => e

data/lib/inspec/version.rb

@@ -4,5 +4,5 @@
 # author: Christoph Hartmann
 
 module Inspec
-  VERSION = '1.25.1'.freeze
+  VERSION = '1.26.0'.freeze
 end

data/lib/resources/gem.rb

@@ -39,16 +39,16 @@ module Inspec::Resources
       return @info if defined?(@info)
 
       cmd = inspec.command("#{@gem_binary} list --local -a -q \^#{@package_name}\$")
-      @info = {
-        installed: cmd.exit_status.zero?,
-        type: 'gem',
-      }
-      return @info unless @info[:installed]
+      return {} unless cmd.exit_status.zero?
 
       # extract package name and version
       # parses data like winrm (1.3.4, 1.3.3)
       params = /^\s*([^\(]*?)\s*\((.*?)\)\s*$/.match(cmd.stdout.chomp)
-      return {} if params.nil?
+      @info = {
+        installed: !params.nil?,
+        type: 'gem',
+      }
+      return @info unless @info[:installed]
 
       versions = params[2].split(',')
       @info[:name] = params[1]

data/lib/resources/http.rb

@@ -24,15 +24,16 @@ module Inspec::Resources
       end
     "
 
-    # rubocop:disable ParameterLists
-    def initialize(url, method: 'GET', params: nil, auth: {}, headers: {}, data: nil, ssl_verify: true)
+    def initialize(url, opts = {})
       @url = url
-      @method = method
-      @params = params
-      @auth = auth
-      @headers = headers
-      @data = data
-      @ssl_verify = ssl_verify
+      @method = opts.fetch(:method, 'GET')
+      @params = opts.fetch(:params, nil)
+      @auth = opts.fetch(:auth, {})
+      @headers = opts.fetch(:headers, {})
+      @data = opts.fetch(:data, nil)
+      @open_timeout = opts.fetch(:open_timeout, 60)
+      @read_timeout = opts.fetch(:read_timeout, 60)
+      @ssl_verify = opts.fetch(:ssl_verify, true)
     end
 
     def status
@@ -60,8 +61,8 @@ module Inspec::Resources
       conn.basic_auth @auth[:user], @auth[:pass] unless @auth.empty?
 
       # set default timeout
-      conn.options.timeout      = 5  # open/read timeout in seconds
-      conn.options.open_timeout = 3  # connection open timeout in seconds
+      conn.options.timeout      = @read_timeout  # open/read timeout in seconds
+      conn.options.open_timeout = @open_timeout  # connection open timeout in seconds
 
       @response = conn.send(@method.downcase) do |req|
         req.body = @data

data/lib/resources/interface.rb

@@ -7,7 +7,7 @@ require 'utils/convert'
 module Inspec::Resources
   class NetworkInterface < Inspec.resource(1)
     name 'interface'
-    desc 'Use the interface InSpec audit resource to test basic network adapter properties, such as name, status, state, address, and link speed (in MB/sec).'
+    desc 'Use the interface InSpec audit resource to test basic network adapter properties, such as name, status, and link speed (in MB/sec).'
     example "
       describe interface('eth0') do
         it { should exist }

data/lib/resources/postgres_conf.rb

@@ -71,6 +71,7 @@ module Inspec::Resources
 
       to_read = [@conf_path]
       until to_read.empty?
+        base_dir = File.dirname(to_read[0])
         raw_conf = read_file(to_read[0])
         @content += raw_conf
 
@@ -83,19 +84,23 @@ module Inspec::Resources
         to_read = to_read.drop(1)
         # see if there is more config files to include
 
-        to_read += include_files(params).find_all do |fp|
+        to_read += include_files(params, base_dir).find_all do |fp|
           not @files_contents.key? fp
         end
       end
       @content
     end
 
-    def include_files(params)
-      include_files = params['include'] || []
-      include_files += params['include_if_exists'] || []
+    def include_files(params, base_dir)
+      include_files = Array(params['include']) || []
+      include_files += Array(params['include_if_exists']) || []
+      include_files.map! do |f|
+        Pathname.new(f).absolute? ? f : File.join(base_dir, f)
+      end
+
       dirs = Array(params['include_dir']) || []
       dirs.each do |dir|
-        dir = File.join(@conf_dir, dir) if dir[0] != '/'
+        dir = File.join(base_dir, dir) if dir[0] != '/'
         include_files += find_files(dir, depth: 1, type: 'file')
       end
       include_files

data/lib/resources/powershell.rb

@@ -20,6 +20,7 @@ module Inspec::Resources
 
     def initialize(script)
       unless inspec.os.windows?
+        super('')
         return skip_resource 'The `script` resource is not supported on your OS yet.'
       end
       # since WinRM 2.0 and the default use of powershell for local execution in

data/lib/resources/processes.rb

@@ -32,6 +32,8 @@ module Inspec::Resources
       @list = all_cmds.find_all do |hm|
         hm[:command] =~ grep
       end
+
+      return skip_resource 'The `processes` resource is not supported on your OS yet.' if inspec.os.windows?
     end
 
     def to_s

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec
 version: !ruby/object:Gem::Version
-  version: 1.25.1
+  version: 1.26.0
 platform: ruby
 authors:
 - Dominik Richter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-05-20 00:00:00.000000000 Z
+date: 2017-05-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: train
@@ -16,7 +16,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.22.0
+        version: 0.24.0
     - - "<"
       - !ruby/object:Gem::Version
         version: '1.0'
@@ -26,7 +26,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.22.0
+        version: 0.24.0
     - - "<"
       - !ruby/object:Gem::Version
         version: '1.0'
@@ -305,7 +305,6 @@ files:
 - docs/migration.md
 - docs/plugin_kitchen_inspec.md
 - docs/profiles.md
-- docs/resources.md
 - docs/resources/apache_conf.md.erb
 - docs/resources/apt.md.erb
 - docs/resources/audit_policy.md.erb
@@ -647,7 +646,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.11
+rubygems_version: 2.5.2
 signing_key: 
 specification_version: 4
 summary: Infrastructure and compliance testing.