inspec 1.46.2 → 1.47.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 275cc93db905d4d442e1c7c897a197c0123e1671
-  data.tar.gz: '097b235e017ce4fdde8e890a12e4221de4fd7330'
+  metadata.gz: 73d4de764766d6ce02f52597d9cdd3d3c5f962bf
+  data.tar.gz: 0aaec0745ed380804d6bd333711054eab7c505ea
 SHA512:
-  metadata.gz: c4424e307b2c5d474cb040e4fa023f98c9507c764edd84684cb286bf21c36a83395f5cd2d8a4f1f87d14a271e7b0a6d281eabe140065dcdd012f3780f3d390d1
-  data.tar.gz: 35a966232190612e93daac133334c5f7f2f5c705261d0155dc2758168c0f2b15865cfd52f47d635065a754f4b1f239216dd5c1574a4657024d0d92a008c6e0b4
+  metadata.gz: 93d630d3408a4c34b13504dbdc6cb07e0de5a672525db739bb7e54eff8d0971b09838ae5c14169362d3a98b58ae27af1feffb0e443733e5e92ce948786494f95
+  data.tar.gz: 49a27fd5dbe847483d31fa7d5ec357c91008596f47042d531c81c290b332b542d7caf90e56a9ae04c572b9d39cc913dda87565ec82a405aeef92e7c3d87df425

data/CHANGELOG.md

@@ -1,28 +1,43 @@
 # Change Log
 <!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
-<!-- latest_release 1.46.2 -->
-## [v1.46.2](https://github.com/chef/inspec/tree/v1.46.2) (2017-11-29)
+<!-- latest_release 1.47.0 -->
+## [v1.47.0](https://github.com/chef/inspec/tree/v1.47.0) (2017-12-04)
 
-#### Bug Fixes
-- Allow skipping/failing resources in FilterTable [#2349](https://github.com/chef/inspec/pull/2349) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
+#### New Features
+- Enable caching for backend calls [#2309](https://github.com/chef/inspec/pull/2309) ([jquick](https://github.com/jquick))
 <!-- latest_release -->
 
-<!-- release_rollup since=1.45.13 -->
-### Changes since 1.45.13 release
+<!-- release_rollup since=1.46.2 -->
+### Changes since 1.46.2 release
 
-#### Enhancements
-- allow override of attribute identifier  [#2347](https://github.com/chef/inspec/pull/2347) ([chris-rock](https://github.com/chris-rock)) <!-- 1.46.0 -->
+#### New Features
+- Enable caching for backend calls [#2309](https://github.com/chef/inspec/pull/2309) ([jquick](https://github.com/jquick)) <!-- 1.47.0 -->
+
+#### Merged Pull Requests
+- docker_image resource: properly handle registries in image strings [#2356](https://github.com/chef/inspec/pull/2356) ([adamleff](https://github.com/adamleff)) <!-- 1.46.5 -->
 
 #### Bug Fixes
-- Allow skipping/failing resources in FilterTable [#2349](https://github.com/chef/inspec/pull/2349) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.46.2 -->
-- wmi resource: properly escape quotes in WMI query [#2342](https://github.com/chef/inspec/pull/2342) ([TheLonelyGhost](https://github.com/TheLonelyGhost)) <!-- 1.46.1 -->
-- file resource: fix NilClass error when using advanced windows permissions [#2344](https://github.com/chef/inspec/pull/2344) ([TheLonelyGhost](https://github.com/TheLonelyGhost)) <!-- 1.45.17 -->
-- http resource: properly support HEAD request with remote worker [#2340](https://github.com/chef/inspec/pull/2340) ([adamleff](https://github.com/adamleff)) <!-- 1.45.16 -->
-- grub_conf resource: correct grub path for RHEL-7-based OS [#2332](https://github.com/chef/inspec/pull/2332) ([atomic111](https://github.com/atomic111)) <!-- 1.45.15 -->
-- json resource (et. al.): allow inspec check to succeed when using command [#2317](https://github.com/chef/inspec/pull/2317) ([adamleff](https://github.com/adamleff)) <!-- 1.45.14 -->
+- security_policy resource: use PID for filename instead of random [#2368](https://github.com/chef/inspec/pull/2368) ([jquick](https://github.com/jquick)) <!-- 1.46.7 -->
+- key_rsa resource: fix inline shell documentation help, wrong resource name used in examples [#2364](https://github.com/chef/inspec/pull/2364) ([eramoto](https://github.com/eramoto)) <!-- 1.46.6 -->
+- json resource: ensure params is not nil in event of read/parse failure [#2354](https://github.com/chef/inspec/pull/2354) ([adamleff](https://github.com/adamleff)) <!-- 1.46.4 -->
+- Unique export file for security policy resource [#2350](https://github.com/chef/inspec/pull/2350) ([jquick](https://github.com/jquick)) <!-- 1.46.3 -->
 <!-- release_rollup -->
 
 <!-- latest_stable_release -->
+## [v1.46.2](https://github.com/chef/inspec/tree/v1.46.2) (2017-11-29)
+
+#### Enhancements
+- allow override of attribute identifier  [#2347](https://github.com/chef/inspec/pull/2347) ([chris-rock](https://github.com/chris-rock))
+
+#### Bug Fixes
+- json resource (et. al.): allow inspec check to succeed when using command [#2317](https://github.com/chef/inspec/pull/2317) ([adamleff](https://github.com/adamleff))
+- grub_conf resource: correct grub path for RHEL-7-based OS [#2332](https://github.com/chef/inspec/pull/2332) ([atomic111](https://github.com/atomic111))
+- http resource: properly support HEAD request with remote worker [#2340](https://github.com/chef/inspec/pull/2340) ([adamleff](https://github.com/adamleff))
+- file resource: fix NilClass error when using advanced windows permissions [#2344](https://github.com/chef/inspec/pull/2344) ([TheLonelyGhost](https://github.com/TheLonelyGhost))
+- wmi resource: properly escape quotes in WMI query [#2342](https://github.com/chef/inspec/pull/2342) ([TheLonelyGhost](https://github.com/TheLonelyGhost))
+- Allow skipping/failing resources in FilterTable [#2349](https://github.com/chef/inspec/pull/2349) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
+<!-- latest_stable_release -->
+
 ## [v1.45.13](https://github.com/chef/inspec/tree/v1.45.13) (2017-11-21)
 
 #### Merged Pull Requests
@@ -30,7 +45,6 @@
 - Remove bundler install during Appveyor tests [#2322](https://github.com/chef/inspec/pull/2322) ([adamleff](https://github.com/adamleff))
 - Bump Rubocop to 0.49.1 [#2323](https://github.com/chef/inspec/pull/2323) ([adamleff](https://github.com/adamleff))
 - Bump train to 0.29.2 [#2327](https://github.com/chef/inspec/pull/2327) ([adamleff](https://github.com/adamleff))
-<!-- latest_stable_release -->
 
 ## [v1.45.9](https://github.com/chef/inspec/tree/v1.45.9) (2017-11-16)
 

data/docs/ruby_usage.md

@@ -73,7 +73,7 @@ independent of programming languages and their resolver mechanisms.
 ## Interactive Debugging with Pry
 
 Here's a sample InSpec control that users Ruby variables to instantiate
-an InSpec resource once and use the content in multipLe tests.
+an InSpec resource once and use the content in multiple tests.
 
 ```ruby
 control 'check-perl' do

data/inspec.gemspec

@@ -26,7 +26,7 @@ Gem::Specification.new do |spec|
 
   spec.required_ruby_version = '>= 2.3'
 
-  spec.add_dependency 'train', '~> 0.29', '>= 0.29.2'
+  spec.add_dependency 'train', '~> 0.30'
   spec.add_dependency 'thor', '~> 0.19'
   spec.add_dependency 'json', '>= 1.8', '< 3.0'
   spec.add_dependency 'rainbow', '~> 2'

data/lib/inspec/backend.rb

@@ -53,6 +53,18 @@ module Inspec
         raise "Can't connect to transport backend '#{name}'."
       end
 
+      # Set caching settings. We always want to enable caching for
+      # the Mock transport for testing.
+      if config[:backend_cache] || config[:backend] == :mock
+        connection.enable_cache(:file)
+        connection.enable_cache(:command)
+      elsif config[:debug_shell]
+        connection.disable_cache(:file)
+        connection.disable_cache(:command)
+      else
+        connection.disable_cache(:command)
+      end
+
       cls = Class.new do
         include Base
 

data/lib/inspec/base_cli.rb

@@ -67,6 +67,8 @@ module Inspec
         desc: 'Use the given path for caching dependencies. (default: ~/.inspec/cache)'
       option :create_lockfile, type: :boolean, default: true,
         desc: 'Write out a lockfile based on this execution (unless one already exists)'
+      option :backend_cache, type: :boolean, default: false,
+        desc: 'Allow caching for backend command output.'
     end
 
     private

data/lib/inspec/cli.rb

@@ -189,6 +189,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
   def shell_func
     diagnose
     o = opts.dup
+    o[:debug_shell] = true
 
     json_output = ['json', 'json-min'].include?(opts['format'])
     log_device = json_output ? nil : STDOUT

data/lib/inspec/version.rb

@@ -4,5 +4,5 @@
 # author: Christoph Hartmann
 
 module Inspec
-  VERSION = '1.46.2'
+  VERSION = '1.47.0'
 end

data/lib/resources/docker_image.rb

@@ -63,25 +63,19 @@ module Inspec::Resources
     private
 
     def sanitize_options(opts)
-      if !opts[:image].nil?
-        if !opts[:image].index(':').nil?
-          repo, tag = opts[:image].split(':')
-        else
-          opts[:repo] = opts[:image]
-          opts[:image] = nil
-        end
-        opts[:repo] ||= repo
-        opts[:tag] ||= tag
-      end
-
-      if !opts[:id].nil?
-        if opts[:id].index(':').nil?
-          opts[:id] = 'sha256:' + opts[:id]
-        end
-      end
+      opts.merge!(parse_components_from_image(opts[:image]))
 
+      # assume a "latest" tag if we don't have one
       opts[:tag] ||= 'latest'
-      opts[:image] ||= "#{opts[:repo]}:#{opts[:tag]}" unless opts[:repo].nil?
+
+      # if the ID isn't nil and doesn't contain a hash indicator (indicated by the presence
+      # of a colon, which separates the indicator from the actual hash), we assume it's sha256.
+      opts[:id] = 'sha256:' + opts[:id] unless opts[:id].nil? || opts[:id].include?(':')
+
+      # Assemble/reassemble the image from the repo and tag
+      opts[:image] = "#{opts[:repo]}:#{opts[:tag]}" unless opts[:repo].nil?
+
+      # return the santized opts back to the caller
       opts
     end
 
@@ -92,5 +86,39 @@ module Inspec::Resources
         (repository == opts[:repo] && tag == opts[:tag]) || (!id.nil? && !opts[:id].nil? && (id == opts[:id] || id.start_with?(opts[:id])))
       }
     end
+
+    def parse_components_from_image(image_string)
+      # if the user did not supply an image string, they likely supplied individual
+      # option parameters, such as repo and tag. Return empty data back to the caller.
+      return {} if image_string.nil?
+
+      first_colon = image_string.index(':') || -1
+      first_slash = image_string.index('/') || -1
+
+      if image_string.count(':') == 2
+        # If there are two colons in the image string, it contains a repo-with-port and a tag.
+        # example: localhost:5000/chef/inspec:1.46.3
+        partitioned_string = image_string.rpartition(':')
+        repo = partitioned_string.first
+        tag = partitioned_string.last
+      elsif image_string.count(':') == 1 && first_colon < first_slash
+        # If there's one colon in the image string, and it comes before a forward-slash,
+        # it contains a repo-with-port but no tag.
+        # example: localhost:5000/ubuntu
+        repo = image_string
+        tag = nil
+      else
+        # If there's one colon in the image string and it doesn't preceed a slash, or if
+        # there is no colon at all, then it separates the repo from the tag, if there is a tag.
+        # example: chef/inspec:1.46.3
+        # example: chef/inspec
+        # example: ubuntu:14.04
+        repo, tag = image_string.split(':')
+      end
+
+      # return the repo and tag parsed from the string, which can be merged into
+      # the rest of the user-supplied options
+      { repo: repo, tag: tag }
+    end
   end
 end

data/lib/resources/json.rb

@@ -29,6 +29,12 @@ module Inspec::Resources
     attr_reader :params, :raw_content
 
     def initialize(opts)
+      # pre-initialize @params to an empty hash. In the event that reading/parsing the data
+      # throws an exception, this allows the resource to still be called outside of a
+      # describe/test and not throw errors when a caller attempts to fetch a value from the params.
+      @params = {}
+
+      # load the raw content from the source, and then parse it
       @raw_content = load_raw_content(opts)
       @params = parse(@raw_content)
     end

data/lib/resources/key_rsa.rb

@@ -10,11 +10,11 @@ module Inspec::Resources
     name 'key_rsa'
     desc 'public/private RSA key pair test'
     example "
-      describe rsa_key('/etc/pki/www.mywebsite.com.key') do
+      describe key_rsa('/etc/pki/www.mywebsite.com.key') do
         its('public_key') { should match /BEGIN RSA PUBLIC KEY/ }
       end
 
-      describe rsa_key('/etc/pki/www.mywebsite.com.key', 'passphrase') do
+      describe key_rsa('/etc/pki/www.mywebsite.com.key', 'passphrase') do
         it { should be_private }
         it { should be_public }
       end

data/lib/resources/security_policy.rb

@@ -108,22 +108,21 @@ module Inspec::Resources
     def read_content
       return @content if defined?(@content)
 
+      # using process pid to prevent any race conditions with multiple runners
+      export_file = "win_secpol-#{Process.pid}.cfg"
+
       # export the security policy
-      cmd = inspec.command('secedit /export /cfg win_secpol.cfg')
+      cmd = inspec.command("secedit /export /cfg #{export_file}")
       return nil if cmd.exit_status.to_i != 0
 
       # store file content
-      cmd = inspec.command('Get-Content win_secpol.cfg')
+      cmd = inspec.command("Get-Content #{export_file}")
       return skip_resource "Can't read security policy" if cmd.exit_status.to_i != 0
-      @content = cmd.stdout
 
-      if @content.empty? && !file.empty?
-        return skip_resource "Can't read security policy"
-      end
-      @content
+      @content = cmd.stdout
     ensure
       # delete temp file
-      inspec.command('Remove-Item win_secpol.cfg').exit_status.to_i
+      inspec.command("Remove-Item #{export_file}").exit_status.to_i
     end
 
     def read_params

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec
 version: !ruby/object:Gem::Version
-  version: 1.46.2
+  version: 1.47.0
 platform: ruby
 authors:
 - Dominik Richter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-11-29 00:00:00.000000000 Z
+date: 2017-12-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: train
@@ -16,20 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.29'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.29.2
+        version: '0.30'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.29'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.29.2
+        version: '0.30'
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement