inspec 1.3.0 → 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +27 -3
- data/docs/dsl_resource.md +1 -1
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +5 -4
- data/lib/resources/file.rb +36 -29
- data/lib/resources/json.rb +37 -14
- data/lib/resources/service.rb +2 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ef0dc3a6c0cc982b6b612b46bcac69afd4a42ef0
|
|
4
|
+
data.tar.gz: 29537e78197748969056d139a34c50aef0f1db2a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: cc65160a882a9447c91069b4966edde3418a835d3fcb524867c67ce511df80ae4afd319f43e478c4af95999f0f0136c7bbb564ff07ed8731d7ad6b76e1974c0c
|
|
7
|
+
data.tar.gz: 37fa3f991ede6b6e69e80ee452fdd67de0be0666762f9b45b963da11e3a3e8a6d4e0706f63e3318cb5c77a89c46cd24db8582d01aaa0ea22ebce71f1537e7f8f
|
data/CHANGELOG.md
CHANGED
|
@@ -1,7 +1,32 @@
|
|
|
1
1
|
# Change Log
|
|
2
2
|
|
|
3
|
-
## [1.
|
|
4
|
-
[Full Changelog](https://github.com/chef/inspec/compare/v1.
|
|
3
|
+
## [1.4.0](https://github.com/chef/inspec/tree/1.4.0) (2016-11-04)
|
|
4
|
+
[Full Changelog](https://github.com/chef/inspec/compare/v1.3.0...1.4.0)
|
|
5
|
+
|
|
6
|
+
**Fixed bugs:**
|
|
7
|
+
|
|
8
|
+
- Windows Service State incorrectly interpretted for use in describe service. [\#1269](https://github.com/chef/inspec/issues/1269)
|
|
9
|
+
- /etc/passwd and /etc/shadow checks fail on CentOS [\#1264](https://github.com/chef/inspec/issues/1264)
|
|
10
|
+
- Listing profiles on the Supermarket should return all profiles [\#1219](https://github.com/chef/inspec/issues/1219)
|
|
11
|
+
|
|
12
|
+
**Closed issues:**
|
|
13
|
+
|
|
14
|
+
- Add file integration tests for docker [\#1277](https://github.com/chef/inspec/issues/1277)
|
|
15
|
+
- Solaris Sudo Not Always In /usr/bin/sudo [\#1265](https://github.com/chef/inspec/issues/1265)
|
|
16
|
+
- Link to robert\_config.rb is broken on inspec.io [\#1226](https://github.com/chef/inspec/issues/1226)
|
|
17
|
+
|
|
18
|
+
**Merged pull requests:**
|
|
19
|
+
|
|
20
|
+
- activate file integration tests in docker [\#1278](https://github.com/chef/inspec/pull/1278) ([chris-rock](https://github.com/chris-rock))
|
|
21
|
+
- Contain matcher maps to include matcher with warning [\#1276](https://github.com/chef/inspec/pull/1276) ([artem-sidorenko](https://github.com/artem-sidorenko))
|
|
22
|
+
- Windows Service Check for service enabled state. [\#1274](https://github.com/chef/inspec/pull/1274) ([hj70ft](https://github.com/hj70ft))
|
|
23
|
+
- fix file permission check by mask [\#1273](https://github.com/chef/inspec/pull/1273) ([chris-rock](https://github.com/chris-rock))
|
|
24
|
+
- fix \#1226 [\#1272](https://github.com/chef/inspec/pull/1272) ([chris-rock](https://github.com/chris-rock))
|
|
25
|
+
- Enable the json resource to accept command output or JSON content [\#1271](https://github.com/chef/inspec/pull/1271) ([jerearista](https://github.com/jerearista))
|
|
26
|
+
- Added tutorials for Days 8 & 9 [\#1263](https://github.com/chef/inspec/pull/1263) ([anniehedgpeth](https://github.com/anniehedgpeth))
|
|
27
|
+
|
|
28
|
+
## [v1.3.0](https://github.com/chef/inspec/tree/v1.3.0) (2016-10-28)
|
|
29
|
+
[Full Changelog](https://github.com/chef/inspec/compare/v1.2.1...v1.3.0)
|
|
5
30
|
|
|
6
31
|
**Implemented enhancements:**
|
|
7
32
|
|
|
@@ -56,7 +81,6 @@
|
|
|
56
81
|
|
|
57
82
|
- Using "cmp" Against File Mode Fails [\#1188](https://github.com/chef/inspec/issues/1188)
|
|
58
83
|
- Unexpected failures with kitchen-inspec and inspec 1.0.0 [\#1187](https://github.com/chef/inspec/issues/1187)
|
|
59
|
-
- Rspec deprecation warnings added to test summary creating invalid json file [\#952](https://github.com/chef/inspec/issues/952)
|
|
60
84
|
- update train to fix empty target URIs [\#1221](https://github.com/chef/inspec/pull/1221) ([arlimus](https://github.com/arlimus))
|
|
61
85
|
|
|
62
86
|
**Closed issues:**
|
data/docs/dsl_resource.md
CHANGED
|
@@ -90,4 +90,4 @@ class GordonConfig < Inspec.resource(1)
|
|
|
90
90
|
end
|
|
91
91
|
```
|
|
92
92
|
|
|
93
|
-
For a full example, see our [example resource](
|
|
93
|
+
For a full example, see our [example resource](https://github.com/chef/inspec/blob/master/examples/profile/libraries/gordon_config.rb).
|
data/lib/inspec/version.rb
CHANGED
data/lib/matchers/matchers.rb
CHANGED
|
@@ -216,10 +216,11 @@ RSpec::Matchers.define :have_rule do |rule|
|
|
|
216
216
|
end
|
|
217
217
|
end
|
|
218
218
|
|
|
219
|
-
#
|
|
220
|
-
RSpec::Matchers.define :contain do |
|
|
221
|
-
match do |
|
|
222
|
-
|
|
219
|
+
# deprecated
|
|
220
|
+
RSpec::Matchers.define :contain do |rule|
|
|
221
|
+
match do |resource|
|
|
222
|
+
warn "[DEPRECATION] `contain` matcher. Please use the following syntax `its('content') { should include('value') }`."
|
|
223
|
+
expect(resource).to include(rule)
|
|
223
224
|
end
|
|
224
225
|
end
|
|
225
226
|
|
data/lib/resources/file.rb
CHANGED
|
@@ -17,7 +17,7 @@ module Inspec::Resources
|
|
|
17
17
|
end
|
|
18
18
|
end
|
|
19
19
|
|
|
20
|
-
class FileResource < Inspec.resource(1)
|
|
20
|
+
class FileResource < Inspec.resource(1)
|
|
21
21
|
include FilePermissionsSelector
|
|
22
22
|
include MountParser
|
|
23
23
|
|
|
@@ -127,22 +127,35 @@ module Inspec::Resources
|
|
|
127
127
|
|
|
128
128
|
private
|
|
129
129
|
|
|
130
|
-
def file_permission_granted?(
|
|
130
|
+
def file_permission_granted?(access_type, by_usergroup, by_specific_user)
|
|
131
131
|
fail '`file_permission_granted?` is not supported on your OS' if @perms_provider.nil?
|
|
132
132
|
if by_specific_user.nil? || by_specific_user.empty?
|
|
133
|
-
|
|
134
|
-
usergroup = usergroup_for(by_usergroup, by_specific_user)
|
|
135
|
-
check_file_permission_by_mask(usergroup, access)
|
|
133
|
+
@perms_provider.check_file_permission_by_mask(file, access_type, by_usergroup, by_specific_user)
|
|
136
134
|
else
|
|
137
|
-
@perms_provider.check_file_permission_by_user(
|
|
135
|
+
@perms_provider.check_file_permission_by_user(access_type, by_specific_user, source_path)
|
|
138
136
|
end
|
|
139
137
|
end
|
|
138
|
+
end
|
|
140
139
|
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
140
|
+
class FilePermissions
|
|
141
|
+
attr_reader :inspec
|
|
142
|
+
def initialize(inspec)
|
|
143
|
+
@inspec = inspec
|
|
144
|
+
end
|
|
145
|
+
end
|
|
144
146
|
|
|
145
|
-
|
|
147
|
+
class UnixFilePermissions < FilePermissions
|
|
148
|
+
def permission_flag(access_type)
|
|
149
|
+
case access_type
|
|
150
|
+
when 'read'
|
|
151
|
+
'r'
|
|
152
|
+
when 'write'
|
|
153
|
+
'w'
|
|
154
|
+
when 'execute'
|
|
155
|
+
'x'
|
|
156
|
+
else
|
|
157
|
+
fail 'Invalid access_type provided'
|
|
158
|
+
end
|
|
146
159
|
end
|
|
147
160
|
|
|
148
161
|
def usergroup_for(usergroup, specific_user)
|
|
@@ -154,27 +167,17 @@ module Inspec::Resources
|
|
|
154
167
|
usergroup
|
|
155
168
|
end
|
|
156
169
|
end
|
|
157
|
-
end
|
|
158
170
|
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
171
|
+
def check_file_permission_by_mask(file, access_type, usergroup, specific_user)
|
|
172
|
+
usergroup = usergroup_for(usergroup, specific_user)
|
|
173
|
+
flag = permission_flag(access_type)
|
|
174
|
+
mask = file.unix_mode_mask(usergroup, flag)
|
|
175
|
+
fail 'Invalid usergroup/owner provided' if mask.nil?
|
|
176
|
+
(file.mode & mask) != 0
|
|
163
177
|
end
|
|
164
|
-
end
|
|
165
178
|
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
flag = case access_type
|
|
169
|
-
when 'read'
|
|
170
|
-
'r'
|
|
171
|
-
when 'write'
|
|
172
|
-
'w'
|
|
173
|
-
when 'execute'
|
|
174
|
-
'x'
|
|
175
|
-
else
|
|
176
|
-
fail 'Invalid access_type provided'
|
|
177
|
-
end
|
|
179
|
+
def check_file_permission_by_user(access_type, user, path)
|
|
180
|
+
flag = permission_flag(access_type)
|
|
178
181
|
if inspec.os.linux?
|
|
179
182
|
perm_cmd = "su -s /bin/sh -c \"test -#{flag} #{path}\" #{user}"
|
|
180
183
|
elsif inspec.os.bsd? || inspec.os.solaris?
|
|
@@ -193,7 +196,11 @@ module Inspec::Resources
|
|
|
193
196
|
end
|
|
194
197
|
|
|
195
198
|
class WindowsFilePermissions < FilePermissions
|
|
196
|
-
def
|
|
199
|
+
def check_file_permission_by_mask(_file, _access_type, _usergroup, _specific_user)
|
|
200
|
+
fail '`check_file_permission_by_mask` is not supported on Windows'
|
|
201
|
+
end
|
|
202
|
+
|
|
203
|
+
def check_file_permission_by_user(access_type, user, path)
|
|
197
204
|
access_rule = case access_type
|
|
198
205
|
when 'read'
|
|
199
206
|
'@(\'FullControl\', \'Modify\', \'ReadAndExecute\', \'Read\', \'ListDirectory\')'
|
data/lib/resources/json.rb
CHANGED
|
@@ -12,6 +12,15 @@ module Inspec::Resources
|
|
|
12
12
|
describe json('policyfile.lock.json') do
|
|
13
13
|
its(['cookbook_locks','omnibus','version']) { should eq('2.2.0') }
|
|
14
14
|
end
|
|
15
|
+
|
|
16
|
+
describe json({ command: 'retrieve_data.py --json' }) do
|
|
17
|
+
its('state') { should eq('open') }
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
describe json({ content: '{\"item1\": { \"status\": \"available\" } }' }) do
|
|
21
|
+
its(['item1', 'status']) { should cmp 'available' }
|
|
22
|
+
end
|
|
23
|
+
|
|
15
24
|
"
|
|
16
25
|
|
|
17
26
|
include ObjectTraverser
|
|
@@ -19,21 +28,31 @@ module Inspec::Resources
|
|
|
19
28
|
# make params readable
|
|
20
29
|
attr_reader :params
|
|
21
30
|
|
|
22
|
-
def initialize(
|
|
23
|
-
@
|
|
24
|
-
|
|
25
|
-
|
|
31
|
+
def initialize(opts)
|
|
32
|
+
@opts = opts
|
|
33
|
+
if opts.is_a?(Hash)
|
|
34
|
+
if opts.key?(:content)
|
|
35
|
+
@file_content = opts[:content]
|
|
36
|
+
elsif opts.key?(:command)
|
|
37
|
+
@command = inspec.command(opts[:command])
|
|
38
|
+
@file_content = @command.stdout
|
|
39
|
+
end
|
|
40
|
+
else
|
|
41
|
+
@path = opts
|
|
42
|
+
@file = inspec.file(@opts)
|
|
43
|
+
@file_content = @file.content
|
|
26
44
|
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
45
|
+
# check if file is available
|
|
46
|
+
if !@file.file?
|
|
47
|
+
skip_resource "Can't find file \"#{@conf_path}\""
|
|
48
|
+
return @params = {}
|
|
49
|
+
end
|
|
32
50
|
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
51
|
+
# check if file is readable
|
|
52
|
+
if @file_content.empty? && @file.size > 0
|
|
53
|
+
skip_resource "Can't read file \"#{@conf_path}\""
|
|
54
|
+
return @params = {}
|
|
55
|
+
end
|
|
37
56
|
end
|
|
38
57
|
|
|
39
58
|
@params = parse(@file_content)
|
|
@@ -61,7 +80,11 @@ module Inspec::Resources
|
|
|
61
80
|
end
|
|
62
81
|
|
|
63
82
|
def to_s
|
|
64
|
-
|
|
83
|
+
if @opts.is_a?(Hash) && @opts.key?(:content)
|
|
84
|
+
'Json content'
|
|
85
|
+
else
|
|
86
|
+
"Json #{@path}"
|
|
87
|
+
end
|
|
65
88
|
end
|
|
66
89
|
end
|
|
67
90
|
end
|
data/lib/resources/service.rb
CHANGED
|
@@ -613,7 +613,8 @@ module Inspec::Resources
|
|
|
613
613
|
def service_enabled?(service)
|
|
614
614
|
!service['WMI'].nil? &&
|
|
615
615
|
!service['WMI']['StartMode'].nil? &&
|
|
616
|
-
service['WMI']['StartMode'] == 'Auto'
|
|
616
|
+
(service['WMI']['StartMode'] == 'Auto' ||
|
|
617
|
+
service['WMI']['StartMode'] == 'Manual')
|
|
617
618
|
end
|
|
618
619
|
|
|
619
620
|
# detect if service is running
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: inspec
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dominik Richter
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-
|
|
11
|
+
date: 2016-11-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: train
|