inspec 1.48.0 → 1.49.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: '012308b85533b4379b4dae9b2d6bb956e4716dea'
-  data.tar.gz: a621d9a79814290988494ec07da9bad51057f33b
+  metadata.gz: ff56bd489f8c7496d62120343dd41c16364bef74
+  data.tar.gz: c2fc41784be9b7695628bea807ba737ea1f0deb4
 SHA512:
-  metadata.gz: 93b4c27033acdb1e4559c48940d0c73b1d94b3b20e109ed6a3b2ecf57908143b8c133717790ff273253aa580d893ee3ecd9a75e1129d9125bbc64f2c7c2d8397
-  data.tar.gz: 8eb7fe1e83c0bba17b5ef763015c83be4952c622e80a80af68a702d829d78bed389864157cdee86352f4ae166213ddc17b4fd5fbd5455719c89c8efc3de77a30
+  metadata.gz: fc9b5edf8c20fa3b937a7215cb6aee10a3622de37d4bbfa9752666f92cbf355300b953840ee5a032be8ae3fd4a338cd0e6345be2156fab4b5d3dd008ef5193d0
+  data.tar.gz: 250b01f2dc31fd57a9321758e8ef6b4ffc47ddd025c1b0db157a842ff3ebe04467fe7e9e8f90ccf16afc3b7fbff767bab3a89d799dc4d5959000bfd76f48115e

data/.rubocop.yml

@@ -38,6 +38,8 @@ Metrics/AbcSize:
   Max: 33
 Metrics/BlockLength:
   Max: 50
+Metrics/ClassLength:
+  Enabled: false
 Metrics/CyclomaticComplexity:
   Max: 10
 Metrics/PerceivedComplexity:
@@ -60,6 +62,8 @@ Style/Encoding:
   Enabled: false
 Style/FileName:
   Enabled: false
+Style/GuardClause:
+  Enabled: false
 Style/IfUnlessModifier:
   Enabled: false
 Style/MethodMissing:

data/CHANGELOG.md

@@ -1,32 +1,57 @@
 # Change Log
 <!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
-<!-- latest_release 1.48.0 -->
-## [v1.48.0](https://github.com/chef/inspec/tree/v1.48.0) (2017-12-07)
+<!-- latest_release 1.49.2 -->
+## [v1.49.2](https://github.com/chef/inspec/tree/v1.49.2) (2018-01-04)
 
-#### Merged Pull Requests
-- Fix changelog categories, bump minor version for release [#2381](https://github.com/chef/inspec/pull/2381) ([adamleff](https://github.com/adamleff))
+#### Enhancements
+- load local dependencies in inspec shell [#2438](https://github.com/chef/inspec/pull/2438) ([arlimus](https://github.com/arlimus))
 <!-- latest_release -->
 
-<!-- release_rollup since=1.47.0 -->
-### Changes since 1.47.0 release
+<!-- release_rollup since=1.48.0 -->
+### Changes since 1.48.0 release
 
 #### Enhancements
-- Allow crontab resource to read crontab at user specified paths. [#2328](https://github.com/chef/inspec/pull/2328) ([miah](https://github.com/miah)) <!-- 1.47.7 -->
-- Update default cli options to be uniq per command type [#2378](https://github.com/chef/inspec/pull/2378) ([jquick](https://github.com/jquick)) <!-- 1.47.6 -->
+- load local dependencies in inspec shell [#2438](https://github.com/chef/inspec/pull/2438) ([arlimus](https://github.com/arlimus)) <!-- 1.49.2 -->
+- Deprecate and warn when comparing against OS name with capitals/spaces [#2397](https://github.com/chef/inspec/pull/2397) ([jquick](https://github.com/jquick)) <!-- 1.49.1 -->
+- Add platform resource and platform supports [#2393](https://github.com/chef/inspec/pull/2393) ([jquick](https://github.com/jquick)) <!-- 1.48.12 -->
+- file resource: adds `Synchronize` permission to windows ACL checks [#2399](https://github.com/chef/inspec/pull/2399) ([TheLonelyGhost](https://github.com/TheLonelyGhost)) <!-- 1.48.6 -->
+- bond resource: Add bonding mode matcher [#2414](https://github.com/chef/inspec/pull/2414) ([ehanlon](https://github.com/ehanlon)) <!-- 1.48.8 -->
 
 #### Bug Fixes
-- Allow `inspec check` to ignore `only_if` [#2250](https://github.com/chef/inspec/pull/2250) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.47.2 -->
-- Remove rainbow dependency, fix duplicate rake gem [#2374](https://github.com/chef/inspec/pull/2374) ([adamleff](https://github.com/adamleff)) <!-- 1.47.8 -->
-- Resolve merge issue with json-config vs thor defaults [#2377](https://github.com/chef/inspec/pull/2377) ([jquick](https://github.com/jquick)) <!-- 1.47.5 -->
-- Update rspec cli control summary to not uniq fails/skips [#2362](https://github.com/chef/inspec/pull/2362) ([jquick](https://github.com/jquick)) <!-- 1.47.1 -->
+- Modify `inspec json` to use `check_mode` [#2435](https://github.com/chef/inspec/pull/2435) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.48.14 -->
+- dependency chaining in libraries [#2428](https://github.com/chef/inspec/pull/2428) ([arlimus](https://github.com/arlimus)) <!-- 1.48.13 -->
+- Update apache_conf regular expression to exclude whitespace. [#2416](https://github.com/chef/inspec/pull/2416) ([miah](https://github.com/miah)) <!-- 1.48.9 -->
+- Add support for Darwin Directory Service groups [#2403](https://github.com/chef/inspec/pull/2403) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.48.4 -->
+- Fix Docker build in the Expeditor pipeline [#2432](https://github.com/chef/inspec/pull/2432) ([adamleff](https://github.com/adamleff)) <!-- 1.48.11 -->
+- Fix `x509_certificate` integration tests [#2431](https://github.com/chef/inspec/pull/2431) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.48.10 -->
+- Fix OWCA detection for `compliance login` [#2401](https://github.com/chef/inspec/pull/2401) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.48.7 -->
+- default attributes for nil and false [#2410](https://github.com/chef/inspec/pull/2410) ([arlimus](https://github.com/arlimus)) <!-- 1.48.5 -->
+- package resource: Enhance resource error handling [#2388](https://github.com/chef/inspec/pull/2388) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.48.3 -->
 
 #### Merged Pull Requests
-- Fix changelog categories, bump minor version for release [#2381](https://github.com/chef/inspec/pull/2381) ([adamleff](https://github.com/adamleff)) <!-- 1.48.0 -->
-- Fix inspec appveyor test with the new local train transport [#2376](https://github.com/chef/inspec/pull/2376) ([jquick](https://github.com/jquick)) <!-- 1.47.4 -->
-- Update command resource to check for mock backend [#2353](https://github.com/chef/inspec/pull/2353) ([jquick](https://github.com/jquick)) <!-- 1.47.3 -->
+- Bump minor version and cleanup changelog for release [#2440](https://github.com/chef/inspec/pull/2440) ([adamleff](https://github.com/adamleff)) <!-- 1.49.0 -->
+- Split unit tests from functional [#2391](https://github.com/chef/inspec/pull/2391) ([adamleff](https://github.com/adamleff)) <!-- 1.48.2 -->
 <!-- release_rollup -->
 
 <!-- latest_stable_release -->
+## [v1.48.0](https://github.com/chef/inspec/tree/v1.48.0) (2017-12-07)
+
+#### Enhancements
+- Update default cli options to be uniq per command type [#2378](https://github.com/chef/inspec/pull/2378) ([jquick](https://github.com/jquick))
+- Allow crontab resource to read crontab at user specified paths. [#2328](https://github.com/chef/inspec/pull/2328) ([miah](https://github.com/miah))
+
+#### Bug Fixes
+- Update rspec cli control summary to not uniq fails/skips [#2362](https://github.com/chef/inspec/pull/2362) ([jquick](https://github.com/jquick))
+- Resolve merge issue with json-config vs thor defaults [#2377](https://github.com/chef/inspec/pull/2377) ([jquick](https://github.com/jquick))
+- Remove rainbow dependency, fix duplicate rake gem [#2374](https://github.com/chef/inspec/pull/2374) ([adamleff](https://github.com/adamleff))
+- Allow `inspec check` to ignore `only_if` [#2250](https://github.com/chef/inspec/pull/2250) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
+
+#### Merged Pull Requests
+- Update command resource to check for mock backend [#2353](https://github.com/chef/inspec/pull/2353) ([jquick](https://github.com/jquick))
+- Fix inspec appveyor test with the new local train transport [#2376](https://github.com/chef/inspec/pull/2376) ([jquick](https://github.com/jquick))
+- Fix changelog categories, bump minor version for release [#2381](https://github.com/chef/inspec/pull/2381) ([adamleff](https://github.com/adamleff))
+<!-- latest_stable_release -->
+
 ## [v1.47.0](https://github.com/chef/inspec/tree/v1.47.0) (2017-12-04)
 
 #### New Features
@@ -40,7 +65,6 @@
 
 #### Merged Pull Requests
 - docker_image resource: properly handle registries in image strings [#2356](https://github.com/chef/inspec/pull/2356) ([adamleff](https://github.com/adamleff))
-<!-- latest_stable_release -->
 
 ## [v1.46.2](https://github.com/chef/inspec/tree/v1.46.2) (2017-11-29)
 

data/Rakefile

@@ -68,7 +68,7 @@ namespace :test do
   task :integration do
     concurrency = ENV['CONCURRENCY'] || 1
     os = ENV['OS'] || ''
-    sh('sh', '-c', "bundle exec kitchen test -c #{concurrency} #{os}")
+    sh("bundle exec kitchen test -c #{concurrency} #{os}")
   end
 
   task :ssh, [:target] do |_t, args|

data/docs/resources/bond.md.erb

@@ -37,7 +37,7 @@ The following examples show how to use this InSpec audit resource.
 ### Test parameters for bond0
 
     describe bond('bond0') do
-      its('Bonding Mode') { should eq 'IEEE 802.3ad Dynamic link aggregation' }
+      its('mode') { should eq 'IEEE 802.3ad Dynamic link aggregation' }
       its('Transmit Hash Policy') { should eq 'layer3+4 (1)' }
       its('MII Status') { should eq 'up' }
       its('MII Polling Interval (ms)') { should eq '100' }
@@ -75,6 +75,11 @@ The `interfaces` matcher tests if the named secondary interfaces are available:
 
     its('interfaces') { should eq ['eth0', 'eth1', ...] }
 
+### mode
+The `mode` matcher tests the Bonding Mode:
+
+    its('mode') { should eq 'IEEE 802.3ad Dynamic link aggregation' }
+
 ### params
 
 The `params` matcher tests arbitrary parameters for the bonded network interface:

data/docs/resources/mysql_session.md.erb

@@ -13,14 +13,14 @@ Use the `mysql_session` InSpec audit resource to test SQL commands run against a
 A `mysql_session` resource block declares the username and password to use for the session, and then the command to be run:
 
     describe mysql_session('username', 'password').query('QUERY') do
-      its('output') { should eq('') }
+      its('stdout') { should match(/expected-result/) }
     end
 
 where
 
-* `mysql_session` declares a username and password with permission to run the query
+* `mysql_session` declares a username and password, connecting locally, with permission to run the query
 * `query('QUERY')` contains the query to be run
-* `its('output') { should eq('') }` compares the results of the query against the expected result in the test
+* `its('stdout') { should eq(/expected-result/) }` compares the results of the query against the expected result in the test
 
 <br>
 
@@ -38,24 +38,36 @@ The following examples show how to use this InSpec audit resource.
 
 ### Alternate Connection: Different Host
 
-  sql = mysql_session('my_user','password','db.example.com')
+    sql = mysql_session('my_user','password','db.example.com')
 
 ### Alternate Connection: Different Port
 
-  sql = mysql_seesion('my_user','password','localhost',3307)
+    sql = mysql_session('my_user','password','localhost',3307)
 
 ### Alternate Connection: Using a socket
 
-  sql = mysql_session('my_user','password', nil, nil, '/var/lib/mysql-default/mysqld.sock')
+    sql = mysql_session('my_user','password', nil, nil, '/var/lib/mysql-default/mysqld.sock')
 
-<br>
+### Test for a successful query
 
-## Matchers
+    describe mysql_session('my_user','password').query('show tables in existing_database;') do
+      its('exit_status') { should eq(0) }
+    end
+
+### Test for a failing query
+
+    describe mysql_session('my_user','password').query('show tables in non_existent_database;') do
+      its('exit_status') { should_not eq(0) }
+    end
 
-This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
+### Test for specific error message
 
-### output
+    describe mysql_session('my_user','password').query('show tables in non_existent_database;') do
+      its('stderr') { should match(/Unknown database/) }
+    end
 
-The `output` matcher tests the results of the query:
+<br>
+
+## Matchers
 
-    its('output') { should eq(/^0/) }
+This InSpec audit resource builds a [command](https://www.inspec.io/docs/reference/resources/command) object and returns the the result object. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).

data/docs/resources/passwd.md.erb

@@ -59,7 +59,7 @@ The following examples show how to use this InSpec audit resource.
       its('count') { should eq 1 }
     end
 
-    describe passwd.filter(user: 'www-data') do
+    describe passwd.where { user == 'www-data' } do
       its('uids') { should cmp 33 }
       its('count') { should eq 1 }
     end

data/docs/resources/xml.md.erb

@@ -28,7 +28,7 @@ This file can be queried using:
     describe xml('/path/to/name.xml') do
       its('root/name') { should eq ['hello'] }
       its('root/meta/creator') { should eq ['John Doe'] }
-      its('root/array[2]/element]) { should eq ['two'] }
+      its('root/array[2]/element') { should eq ['two'] }
     end
 
 where
@@ -38,6 +38,10 @@ where
 
 <br>
 
+In the event the path contains an element which contains periods, the alternate syntax can be used:
+
+    its(['root/name.with.a.period']) { should cmp 'so_many_dots' }
+
 ## Examples
 
 The following examples show how to use this InSpec audit resource.
@@ -45,7 +49,8 @@ The following examples show how to use this InSpec audit resource.
 ### Test an AppPool's presence in an applicationHost.config file
 
     describe xml('applicationHost.config') do
-      its('configuration/system.applicationHost/applicationPools/add@name') { should contain('my_pool') }
+      # using the alternate syntax as described above because of the . in the key name
+      its(['configuration/system.applicationHost/applicationPools/add@name']) { should contain('my_pool') }
     end
 
 <br>

data/docs/shell.md

@@ -40,6 +40,28 @@ $ inspec shell -t winrm://UserName:Password@windowsmachine:1234  # Login to wind
 $ inspec shell -t docker://container_id # Login to a docker container.
 ```
 
+## Resource packs
+
+The InSpec shell may use additional keywords provided in resource packs.
+A resource pack is a profile that defines new language terms that can
+be used in InSpec. For example, the profile in `examples/profile` in
+the InSpec git repo defines a `gordon_config` resource. To use these
+resources with the InSpec shell, you will need to download and specify
+them as a dependency.
+
+To use the `gordon_config` resource that is provided in the `examples/profile`
+in the InSpec repo you can run the following:
+
+```bash
+inspec shell --depends examples/profile
+```
+
+Once inside the shell your resource will be available:
+
+```ruby
+inspec> gordon_config
+```
+
 ## Using Ruby in InSpec shell
 
 Since InSpec shell is pry based, you may treat the shell as an

data/inspec.gemspec

@@ -26,7 +26,7 @@ Gem::Specification.new do |spec|
 
   spec.required_ruby_version = '>= 2.3'
 
-  spec.add_dependency 'train', '~> 0.31', '>= 0.31.1'
+  spec.add_dependency 'train', '~> 0.32'
   spec.add_dependency 'thor', '~> 0.19'
   spec.add_dependency 'json', '>= 1.8', '< 3.0'
   spec.add_dependency 'method_source', '~> 0.8'

data/lib/bundles/inspec-artifact/cli.rb

@@ -90,8 +90,6 @@ module Artifact
 
   SIGNED_PROFILE_SUFFIX='iaf'
   SIGNED_REPORT_SUFFIX='iar'
-
-  # rubocop:disable Metrics/ClassLength
   class CLI < Inspec::BaseCLI
     namespace 'artifact'
 

data/lib/bundles/inspec-compliance/api.rb

@@ -12,7 +12,7 @@ module Compliance
 
   # API Implementation does not hold any state by itself,
   # everything will be stored in local Configuration store
-  class API # rubocop:disable Metrics/ClassLength
+  class API
     extend Compliance::API::Login
 
     # return all compliance profiles available for the user
@@ -251,11 +251,66 @@ module Compliance
     end
 
     def self.determine_server_type(url, insecure)
-      if Compliance::HTTP.get(url + '/compliance/version', nil, insecure).code == '401'
+      if target_is_automate_server?(url, insecure)
         :automate
-      elsif Compliance::HTTP.get(url + '/api/version', nil, insecure).code == '200'
+      elsif target_is_compliance_server?(url, insecure)
         :compliance
+      else
+        Inspec::Log.debug('Could not determine server type using known endpoints')
+        nil
+      end
+    end
+
+    def self.target_is_automate_server?(url, insecure)
+      automate_endpoint = '/compliance/version'
+      response = Compliance::HTTP.get(url + automate_endpoint, nil, insecure)
+      case response.code
+      when '401'
+        Inspec::Log.debug(
+          "Received 401 from #{url}#{automate_endpoint} - " \
+          'assuming target is a Chef Automate instance',
+        )
+        true
+      when '200'
+        # Chef Automate currently returns 401 for `/compliance/version` but some
+        # versions of OpsWorks Chef Automate return 200 and a Chef Manage page
+        # when unauthenticated requests are received.
+        if response.body.include?('Are You Looking For the Chef Server?')
+          Inspec::Log.debug(
+            "Received 200 from #{url}#{automate_endpoint} - " \
+            'assuming target is an OpsWorks Chef Automate instance',
+          )
+          true
+        else
+          Inspec::Log.debug(
+            "Received 200 from #{url}#{automate_endpoint} " \
+            'but did not receive the Chef Manage page - ' \
+            'assuming target is not a Chef Automate instance',
+          )
+          false
+        end
+      else
+        Inspec::Log.debug(
+          "Received unexpected status code #{response.code} " \
+          "from #{url}#{automate_endpoint} - " \
+          'assuming target is not a Chef Automate instance',
+        )
+        false
       end
     end
+
+    def self.target_is_compliance_server?(url, insecure)
+      # All versions of Chef Compliance return 200 for `/api/version`
+      compliance_endpoint = '/api/version'
+
+      response = Compliance::HTTP.get(url + compliance_endpoint, nil, insecure)
+      return false unless response.code == '200'
+
+      Inspec::Log.debug(
+        "Received 200 from #{url}#{compliance_endpoint} - " \
+        'assuming target is a Compliance server',
+      )
+      true
+    end
   end
 end

data/lib/bundles/inspec-compliance/cli.rb

@@ -6,7 +6,7 @@ require 'thor'
 require 'erb'
 
 module Compliance
-  class ComplianceCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
+  class ComplianceCLI < Inspec::BaseCLI
     namespace 'compliance'
 
     # TODO: find another solution, once https://github.com/erikhuda/thor/issues/261 is fixed

data/lib/bundles/inspec-habitat/profile.rb

@@ -6,7 +6,7 @@ require 'mixlib/shellout'
 require 'tomlrb'
 
 module Habitat
-  class Profile # rubocop:disable Metrics/ClassLength
+  class Profile
     attr_reader :options, :path, :profile
 
     def self.create(path, options = {})

data/lib/fetchers/url.rb

@@ -8,7 +8,7 @@ require 'tempfile'
 require 'open-uri'
 
 module Fetchers
-  class Url < Inspec.fetcher(1) # rubocop:disable Metrics/ClassLength
+  class Url < Inspec.fetcher(1)
     MIME_TYPES = {
       'application/x-zip-compressed' => '.zip',
       'application/zip' => '.zip',

data/lib/inspec/base_cli.rb

@@ -7,7 +7,7 @@ require 'inspec/log'
 require 'inspec/profile_vendor'
 
 module Inspec
-  class BaseCLI < Thor # rubocop:disable Metrics/ClassLength
+  class BaseCLI < Thor
     def self.target_options
       option :target, aliases: :t, type: :string,
         desc: 'Simple targeting option using URIs, e.g. ssh://user:pass@host:port'
@@ -64,6 +64,8 @@ module Inspec
       option :attrs, type: :array,
         desc: 'Load attributes file (experimental)'
       option :cache, type: :string,
+        desc: '[DEPRECATED] Please use --vendor-cache - this will be removed in InSpec 2.0'
+      option :vendor_cache, type: :string,
         desc: 'Use the given path for caching dependencies. (default: ~/.inspec/cache)'
       option :create_lockfile, type: :boolean,
         desc: 'Write out a lockfile based on this execution (unless one already exists)'

data/lib/inspec/cli.rb

@@ -15,7 +15,7 @@ require 'inspec/runner_mock'
 require 'inspec/env_printer'
 require 'inspec/schema'
 
-class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
+class Inspec::InspecCLI < Inspec::BaseCLI
   class_option :log_level, aliases: :l, type: :string,
                desc: 'Set the log level: info (default), debug, warn, error'
 
@@ -36,6 +36,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
     o = opts.dup
     o[:ignore_supports] = true
     o[:backend] = Inspec::Backend.create(target: 'mock://')
+    o[:check_mode] = true
 
     profile = Inspec::Profile.for_target(target, o)
     dst = o[:output].to_s
@@ -155,6 +156,13 @@ class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
     o = opts(:exec).dup
     configure_logger(o)
 
+    # check for deprecated --cache
+    # TODO: REMOVE for inspec 2.0
+    if o.key?('cache')
+      o[:vendor_cache] = o[:cache]
+      o[:logger].warn '[DEPRECATED] The use of `--cache` is being deprecated in InSpec 2.0. Please use `--vendor-cache` instead.'
+    end
+
     # run tests
     run_tests(targets, o)
   rescue StandardError => e
@@ -187,6 +195,8 @@ class Inspec::InspecCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
     desc: 'A single command string to run instead of launching the shell'
   option :format, type: :string, default: nil, hide: true,
     desc: 'Which formatter to use: cli, documentation, html, json, json-min, junit, progress'
+  option :depends, type: :array, default: [],
+    desc: 'A space-delimited list of local folders containing profiles whose libraries and resources will be loaded into the new shell'
   def shell_func
     diagnose
     o = opts.dup