RubyGems - inspec - Versions diffs - 1.51.25 → 2.0.16 - Mend

inspec 1.51.25 → 2.0.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (482) hide show

checksums.yaml +4 -4
data/.rubocop.yml +1 -1
data/CHANGELOG.md +24 -19
data/Gemfile +3 -1
data/LICENSE +0 -0
data/MAINTAINERS.md +0 -0
data/MAINTAINERS.toml +0 -0
data/README.md +22 -3
data/Rakefile +117 -0
data/docs/.gitignore +0 -0
data/docs/README.md +0 -0
data/docs/dsl_inspec.md +0 -0
data/docs/dsl_resource.md +0 -0
data/docs/glossary.md +0 -0
data/docs/habitat.md +0 -0
data/docs/inspec_and_friends.md +0 -0
data/docs/matchers.md +0 -0
data/docs/migration.md +0 -0
data/docs/platforms.md +119 -0
data/docs/plugin_kitchen_inspec.md +0 -0
data/docs/profiles.md +0 -0
data/docs/reporters.md +0 -0
data/docs/resources/aide_conf.md.erb +6 -8
data/docs/resources/apache.md.erb +2 -1
data/docs/resources/apache_conf.md.erb +2 -1
data/docs/resources/apt.md.erb +2 -1
data/docs/resources/audit_policy.md.erb +3 -2
data/docs/resources/auditd.md.erb +2 -1
data/docs/resources/auditd_conf.md.erb +3 -3
data/docs/resources/aws_cloudtrail_trail.md.erb +140 -0
data/docs/resources/aws_cloudtrail_trails.md.erb +81 -0
data/docs/resources/aws_cloudwatch_alarm.md.erb +86 -0
data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +151 -0
data/docs/resources/aws_ec2_instance.md.erb +106 -0
data/docs/resources/aws_iam_access_key.md.erb +123 -0
data/docs/resources/aws_iam_access_keys.md.erb +198 -0
data/docs/resources/aws_iam_group.md.erb +46 -0
data/docs/resources/aws_iam_groups.md.erb +43 -0
data/docs/resources/aws_iam_password_policy.md.erb +76 -0
data/docs/resources/aws_iam_policies.md.erb +82 -0
data/docs/resources/aws_iam_policy.md.erb +146 -0
data/docs/resources/aws_iam_role.md.erb +65 -0
data/docs/resources/aws_iam_root_user.md.erb +58 -0
data/docs/resources/aws_iam_user.md.erb +64 -0
data/docs/resources/aws_iam_users.md.erb +90 -0
data/docs/resources/aws_kms_keys.md.erb +84 -0
data/docs/resources/aws_route_table.md.erb +47 -0
data/docs/resources/aws_s3_bucket.md.erb +134 -0
data/docs/resources/aws_security_group.md.erb +152 -0
data/docs/resources/aws_security_groups.md.erb +92 -0
data/docs/resources/aws_sns_topic.md.erb +63 -0
data/docs/resources/aws_subnet.md.erb +134 -0
data/docs/resources/aws_subnets.md.erb +126 -0
data/docs/resources/aws_vpc.md.erb +120 -0
data/docs/resources/aws_vpcs.md.erb +48 -0
data/docs/resources/azure_generic_resource.md.erb +140 -0
data/docs/resources/azure_resource_group.md.erb +284 -0
data/docs/resources/azure_virtual_machine.md.erb +314 -0
data/docs/resources/azure_virtual_machine_data_disk.md.erb +182 -0
data/docs/resources/bash.md.erb +2 -1
data/docs/resources/bond.md.erb +2 -1
data/docs/resources/bridge.md.erb +5 -2
data/docs/resources/bsd_service.md.erb +3 -1
data/docs/resources/command.md.erb +2 -1
data/docs/resources/cpan.md.erb +4 -3
data/docs/resources/cran.md.erb +2 -1
data/docs/resources/crontab.md.erb +2 -1
data/docs/resources/csv.md.erb +2 -1
data/docs/resources/dh_params.md.erb +2 -1
data/docs/resources/directory.md.erb +4 -2
data/docs/resources/docker.md.erb +2 -1
data/docs/resources/docker_container.md.erb +5 -2
data/docs/resources/docker_image.md.erb +2 -1
data/docs/resources/docker_service.md.erb +2 -1
data/docs/resources/elasticsearch.md.erb +12 -1
data/docs/resources/etc_fstab.md.erb +2 -1
data/docs/resources/etc_group.md.erb +2 -1
data/docs/resources/etc_hosts.md.erb +4 -1
data/docs/resources/etc_hosts_allow.md.erb +2 -1
data/docs/resources/etc_hosts_deny.md.erb +2 -1
data/docs/resources/file.md.erb +6 -3
data/docs/resources/filesystem.md.erb +2 -1
data/docs/resources/firewalld.md.erb +4 -3
data/docs/resources/gem.md.erb +2 -1
data/docs/resources/group.md.erb +2 -1
data/docs/resources/grub_conf.md.erb +2 -2
data/docs/resources/host.md.erb +2 -1
data/docs/resources/http.md.erb +4 -7
data/docs/resources/iis_app.md.erb +3 -1
data/docs/resources/iis_site.md.erb +4 -1
data/docs/resources/inetd_conf.md.erb +2 -3
data/docs/resources/ini.md.erb +6 -2
data/docs/resources/interface.md.erb +5 -2
data/docs/resources/iptables.md.erb +2 -1
data/docs/resources/json.md.erb +2 -1
data/docs/resources/kernel_module.md.erb +2 -1
data/docs/resources/kernel_parameter.md.erb +3 -3
data/docs/resources/key_rsa.md.erb +5 -3
data/docs/resources/launchd_service.md.erb +2 -1
data/docs/resources/limits_conf.md.erb +4 -2
data/docs/resources/login_def.md.erb +2 -2
data/docs/resources/mount.md.erb +2 -1
data/docs/resources/mssql_session.md.erb +2 -1
data/docs/resources/mysql_conf.md.erb +2 -1
data/docs/resources/mysql_session.md.erb +2 -1
data/docs/resources/nginx.md.erb +1 -0
data/docs/resources/nginx_conf.md.erb +2 -1
data/docs/resources/npm.md.erb +2 -1
data/docs/resources/ntp_conf.md.erb +2 -1
data/docs/resources/oneget.md.erb +2 -1
data/docs/resources/oracledb_session.md.erb +2 -1
data/docs/resources/os.md.erb +4 -3
data/docs/resources/os_env.md.erb +2 -1
data/docs/resources/package.md.erb +3 -2
data/docs/resources/packages.md.erb +2 -1
data/docs/resources/parse_config.md.erb +2 -1
data/docs/resources/parse_config_file.md.erb +3 -2
data/docs/resources/passwd.md.erb +2 -1
data/docs/resources/pip.md.erb +2 -1
data/docs/resources/port.md.erb +2 -1
data/docs/resources/postgres_conf.md.erb +2 -1
data/docs/resources/postgres_hba_conf.md.erb +2 -1
data/docs/resources/postgres_ident_conf.md.erb +2 -1
data/docs/resources/postgres_session.md.erb +2 -1
data/docs/resources/powershell.md.erb +2 -1
data/docs/resources/processes.md.erb +3 -1
data/docs/resources/rabbitmq_config.md.erb +2 -1
data/docs/resources/registry_key.md.erb +2 -1
data/docs/resources/runit_service.md.erb +2 -1
data/docs/resources/security_policy.md.erb +2 -1
data/docs/resources/service.md.erb +2 -1
data/docs/resources/shadow.md.erb +2 -1
data/docs/resources/ssh_config.md.erb +2 -1
data/docs/resources/sshd_config.md.erb +2 -1
data/docs/resources/ssl.md.erb +2 -1
data/docs/resources/sys_info.md.erb +2 -1
data/docs/resources/systemd_service.md.erb +2 -1
data/docs/resources/sysv_service.md.erb +2 -1
data/docs/resources/upstart_service.md.erb +2 -1
data/docs/resources/user.md.erb +3 -1
data/docs/resources/users.md.erb +2 -1
data/docs/resources/vbscript.md.erb +2 -1
data/docs/resources/virtualization.md.erb +2 -1
data/docs/resources/windows_feature.md.erb +2 -1
data/docs/resources/windows_hotfix.md.erb +2 -1
data/docs/resources/windows_task.md.erb +49 -43
data/docs/resources/wmi.md.erb +2 -1
data/docs/resources/x509_certificate.md.erb +1 -0
data/docs/resources/xinetd_conf.md.erb +2 -1
data/docs/resources/xml.md.erb +2 -1
data/docs/resources/yaml.md.erb +2 -1
data/docs/resources/yum.md.erb +2 -1
data/docs/resources/zfs_dataset.md.erb +2 -1
data/docs/resources/zfs_pool.md.erb +2 -1
data/docs/ruby_usage.md +0 -0
data/docs/shared/matcher_be.md.erb +0 -0
data/docs/shared/matcher_cmp.md.erb +0 -0
data/docs/shared/matcher_eq.md.erb +0 -0
data/docs/shared/matcher_include.md.erb +0 -0
data/docs/shared/matcher_match.md.erb +0 -0
data/docs/shell.md +0 -0
data/examples/README.md +0 -0
data/examples/inheritance/README.md +0 -0
data/examples/inheritance/controls/example.rb +0 -0
data/examples/inheritance/inspec.yml +0 -0
data/examples/kitchen-ansible/.kitchen.yml +0 -0
data/examples/kitchen-ansible/Gemfile +0 -0
data/examples/kitchen-ansible/README.md +0 -0
data/examples/kitchen-ansible/files/nginx.repo +0 -0
data/examples/kitchen-ansible/tasks/main.yml +0 -0
data/examples/kitchen-ansible/test/integration/default/default.yml +0 -0
data/examples/kitchen-ansible/test/integration/default/web_spec.rb +0 -0
data/examples/kitchen-chef/.kitchen.yml +0 -0
data/examples/kitchen-chef/Berksfile +0 -0
data/examples/kitchen-chef/Gemfile +0 -0
data/examples/kitchen-chef/README.md +0 -0
data/examples/kitchen-chef/metadata.rb +0 -0
data/examples/kitchen-chef/recipes/default.rb +0 -0
data/examples/kitchen-chef/recipes/nginx.rb +0 -0
data/examples/kitchen-chef/test/integration/default/web_spec.rb +0 -0
data/examples/kitchen-puppet/.kitchen.yml +0 -0
data/examples/kitchen-puppet/Gemfile +0 -0
data/examples/kitchen-puppet/Puppetfile +0 -0
data/examples/kitchen-puppet/README.md +0 -0
data/examples/kitchen-puppet/manifests/site.pp +0 -0
data/examples/kitchen-puppet/metadata.json +0 -0
data/examples/kitchen-puppet/test/integration/default/web_spec.rb +0 -0
data/examples/meta-profile/README.md +0 -0
data/examples/meta-profile/controls/example.rb +0 -0
data/examples/meta-profile/inspec.yml +0 -0
data/examples/profile-attribute.yml +0 -0
data/examples/profile-attribute/README.md +0 -0
data/examples/profile-attribute/controls/example.rb +0 -0
data/examples/profile-attribute/inspec.yml +0 -0
data/examples/profile-aws/controls/iam_password_policy_expiration.rb +8 -0
data/examples/profile-aws/controls/iam_password_policy_max_age.rb +8 -0
data/examples/profile-aws/controls/iam_root_user_mfa.rb +8 -0
data/examples/profile-aws/controls/iam_users_access_key_age.rb +8 -0
data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +8 -0
data/examples/profile-aws/inspec.yml +11 -0
data/examples/profile-azure/controls/azure_resource_group_example.rb +24 -0
data/examples/profile-azure/controls/azure_vm_example.rb +29 -0
data/examples/profile-azure/inspec.yml +11 -0
data/examples/profile-sensitive/README.md +0 -0
data/examples/profile-sensitive/controls/sensitive-failures.rb +0 -0
data/examples/profile-sensitive/controls/sensitive.rb +0 -0
data/examples/profile-sensitive/inspec.yml +0 -0
data/examples/profile/README.md +0 -0
data/examples/profile/controls/example.rb +0 -0
data/examples/profile/controls/gordon.rb +0 -0
data/examples/profile/controls/meta.rb +0 -0
data/examples/profile/inspec.yml +0 -0
data/examples/profile/libraries/gordon_config.rb +0 -0
data/inspec.gemspec +1 -1
data/lib/bundles/README.md +0 -0
data/lib/bundles/inspec-artifact.rb +0 -0
data/lib/bundles/inspec-artifact/README.md +0 -0
data/lib/bundles/inspec-artifact/cli.rb +0 -0
data/lib/bundles/inspec-compliance.rb +0 -0
data/lib/bundles/inspec-compliance/.kitchen.yml +0 -0
data/lib/bundles/inspec-compliance/README.md +0 -0
data/lib/bundles/inspec-compliance/api/login.rb +0 -0
data/lib/bundles/inspec-compliance/bootstrap.sh +0 -0
data/lib/bundles/inspec-compliance/cli.rb +12 -35
data/lib/bundles/inspec-compliance/configuration.rb +0 -0
data/lib/bundles/inspec-compliance/http.rb +0 -0
data/lib/bundles/inspec-compliance/images/cc-token.png +0 -0
data/lib/bundles/inspec-compliance/support.rb +0 -0
data/lib/bundles/inspec-compliance/target.rb +0 -0
data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +0 -0
data/lib/bundles/inspec-habitat.rb +0 -0
data/lib/bundles/inspec-habitat/cli.rb +0 -0
data/lib/bundles/inspec-habitat/log.rb +0 -0
data/lib/bundles/inspec-habitat/profile.rb +0 -0
data/lib/bundles/inspec-init.rb +0 -0
data/lib/bundles/inspec-init/README.md +0 -0
data/lib/bundles/inspec-init/cli.rb +0 -0
data/lib/bundles/inspec-init/templates/profile/README.md +0 -0
data/lib/bundles/inspec-init/templates/profile/controls/example.rb +1 -1
data/lib/bundles/inspec-init/templates/profile/inspec.yml +0 -0
data/lib/bundles/inspec-init/templates/profile/libraries/.gitkeep +0 -0
data/lib/bundles/inspec-supermarket.rb +0 -0
data/lib/bundles/inspec-supermarket/README.md +0 -0
data/lib/bundles/inspec-supermarket/api.rb +0 -0
data/lib/bundles/inspec-supermarket/cli.rb +11 -3
data/lib/bundles/inspec-supermarket/target.rb +0 -0
data/lib/fetchers/git.rb +0 -0
data/lib/fetchers/local.rb +0 -0
data/lib/fetchers/mock.rb +0 -0
data/lib/fetchers/url.rb +0 -0
data/lib/inspec.rb +0 -0
data/lib/inspec/archive/tar.rb +0 -0
data/lib/inspec/archive/zip.rb +0 -0
data/lib/inspec/backend.rb +0 -0
data/lib/inspec/base_cli.rb +2 -4
data/lib/inspec/cached_fetcher.rb +0 -0
data/lib/inspec/cli.rb +15 -11
data/lib/inspec/completions/bash.sh.erb +0 -0
data/lib/inspec/completions/fish.sh.erb +0 -0
data/lib/inspec/completions/zsh.sh.erb +0 -0
data/lib/inspec/control_eval_context.rb +0 -0
data/lib/inspec/dependencies/cache.rb +0 -0
data/lib/inspec/dependencies/dependency_set.rb +0 -0
data/lib/inspec/dependencies/lockfile.rb +0 -0
data/lib/inspec/dependencies/requirement.rb +0 -0
data/lib/inspec/dependencies/resolver.rb +0 -0
data/lib/inspec/describe.rb +0 -0
data/lib/inspec/dsl.rb +0 -0
data/lib/inspec/dsl_shared.rb +0 -0
data/lib/inspec/env_printer.rb +0 -0
data/lib/inspec/errors.rb +0 -0
data/lib/inspec/exceptions.rb +0 -0
data/lib/inspec/expect.rb +0 -0
data/lib/inspec/fetcher.rb +0 -0
data/lib/inspec/file_provider.rb +0 -0
data/lib/inspec/formatters.rb +0 -0
data/lib/inspec/formatters/base.rb +43 -1
data/lib/inspec/formatters/json_rspec.rb +0 -0
data/lib/inspec/formatters/show_progress.rb +0 -0
data/lib/inspec/library_eval_context.rb +0 -0
data/lib/inspec/log.rb +0 -0
data/lib/inspec/metadata.rb +3 -9
data/lib/inspec/method_source.rb +0 -0
data/lib/inspec/objects.rb +0 -0
data/lib/inspec/objects/attribute.rb +0 -0
data/lib/inspec/objects/control.rb +0 -0
data/lib/inspec/objects/describe.rb +0 -0
data/lib/inspec/objects/each_loop.rb +0 -0
data/lib/inspec/objects/list.rb +0 -0
data/lib/inspec/objects/or_test.rb +0 -0
data/lib/inspec/objects/ruby_helper.rb +0 -0
data/lib/inspec/objects/tag.rb +0 -0
data/lib/inspec/objects/test.rb +0 -0
data/lib/inspec/objects/value.rb +0 -0
data/lib/inspec/plugins.rb +0 -0
data/lib/inspec/plugins/cli.rb +0 -0
data/lib/inspec/plugins/fetcher.rb +0 -0
data/lib/inspec/plugins/resource.rb +10 -9
data/lib/inspec/plugins/secret.rb +0 -0
data/lib/inspec/plugins/source_reader.rb +0 -0
data/lib/inspec/polyfill.rb +0 -0
data/lib/inspec/profile.rb +0 -0
data/lib/inspec/profile_context.rb +0 -0
data/lib/inspec/profile_vendor.rb +0 -0
data/lib/inspec/reporters.rb +0 -0
data/lib/inspec/reporters/base.rb +0 -0
data/lib/inspec/reporters/cli.rb +12 -51
data/lib/inspec/reporters/json.rb +3 -26
data/lib/inspec/reporters/json_min.rb +0 -0
data/lib/inspec/reporters/junit.rb +0 -0
data/lib/inspec/require_loader.rb +0 -0
data/lib/inspec/resource.rb +11 -1
data/lib/inspec/rule.rb +0 -0
data/lib/inspec/runner.rb +10 -8
data/lib/inspec/runner_mock.rb +0 -0
data/lib/inspec/runner_rspec.rb +18 -2
data/lib/inspec/runtime_profile.rb +0 -0
data/lib/inspec/schema.rb +25 -4
data/lib/inspec/secrets.rb +0 -0
data/lib/inspec/secrets/yaml.rb +0 -0
data/lib/inspec/shell.rb +0 -0
data/lib/inspec/shell_detector.rb +0 -0
data/lib/inspec/source_reader.rb +0 -0
data/lib/inspec/version.rb +1 -1
data/lib/matchers/matchers.rb +1 -59
data/lib/resource_support/aws.rb +40 -0
data/lib/resource_support/aws/aws_backend_base.rb +12 -0
data/lib/resource_support/aws/aws_backend_factory_mixin.rb +12 -0
data/lib/resource_support/aws/aws_plural_resource_mixin.rb +21 -0
data/lib/resource_support/aws/aws_resource_mixin.rb +66 -0
data/lib/resource_support/aws/aws_singular_resource_mixin.rb +24 -0
data/lib/resources/aide_conf.rb +1 -1
data/lib/resources/apache.rb +1 -2
data/lib/resources/apache_conf.rb +2 -4
data/lib/resources/apt.rb +1 -2
data/lib/resources/audit_policy.rb +1 -2
data/lib/resources/auditd.rb +1 -3
data/lib/resources/auditd_conf.rb +1 -2
data/lib/resources/aws/aws_cloudtrail_trail.rb +77 -0
data/lib/resources/aws/aws_cloudtrail_trails.rb +47 -0
data/lib/resources/aws/aws_cloudwatch_alarm.rb +62 -0
data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +100 -0
data/lib/resources/aws/aws_ec2_instance.rb +157 -0
data/lib/resources/aws/aws_iam_access_key.rb +106 -0
data/lib/resources/aws/aws_iam_access_keys.rb +144 -0
data/lib/resources/aws/aws_iam_group.rb +56 -0
data/lib/resources/aws/aws_iam_groups.rb +45 -0
data/lib/resources/aws/aws_iam_password_policy.rb +116 -0
data/lib/resources/aws/aws_iam_policies.rb +46 -0
data/lib/resources/aws/aws_iam_policy.rb +119 -0
data/lib/resources/aws/aws_iam_role.rb +51 -0
data/lib/resources/aws/aws_iam_root_user.rb +60 -0
data/lib/resources/aws/aws_iam_user.rb +111 -0
data/lib/resources/aws/aws_iam_users.rb +96 -0
data/lib/resources/aws/aws_kms_keys.rb +46 -0
data/lib/resources/aws/aws_route_table.rb +61 -0
data/lib/resources/aws/aws_s3_bucket.rb +115 -0
data/lib/resources/aws/aws_security_group.rb +93 -0
data/lib/resources/aws/aws_security_groups.rb +68 -0
data/lib/resources/aws/aws_sns_topic.rb +53 -0
data/lib/resources/aws/aws_subnet.rb +88 -0
data/lib/resources/aws/aws_subnets.rb +53 -0
data/lib/resources/aws/aws_vpc.rb +69 -0
data/lib/resources/aws/aws_vpcs.rb +45 -0
data/lib/resources/azure/azure_backend.rb +377 -0
data/lib/resources/azure/azure_generic_resource.rb +59 -0
data/lib/resources/azure/azure_resource_group.rb +152 -0
data/lib/resources/azure/azure_virtual_machine.rb +264 -0
data/lib/resources/azure/azure_virtual_machine_data_disk.rb +136 -0
data/lib/resources/bash.rb +1 -2
data/lib/resources/bond.rb +1 -2
data/lib/resources/bridge.rb +1 -2
data/lib/resources/command.rb +2 -2
data/lib/resources/cpan.rb +1 -3
data/lib/resources/cran.rb +1 -3
data/lib/resources/crontab.rb +1 -0
data/lib/resources/csv.rb +4 -2
data/lib/resources/dh_params.rb +1 -2
data/lib/resources/directory.rb +2 -2
data/lib/resources/docker.rb +1 -4
data/lib/resources/docker_container.rb +1 -4
data/lib/resources/docker_image.rb +1 -4
data/lib/resources/docker_object.rb +0 -0
data/lib/resources/docker_service.rb +1 -5
data/lib/resources/elasticsearch.rb +1 -0
data/lib/resources/etc_fstab.rb +1 -1
data/lib/resources/etc_group.rb +1 -2
data/lib/resources/etc_hosts.rb +1 -1
data/lib/resources/etc_hosts_allow_deny.rb +2 -1
data/lib/resources/file.rb +2 -2
data/lib/resources/filesystem.rb +1 -1
data/lib/resources/firewalld.rb +1 -1
data/lib/resources/gem.rb +2 -3
data/lib/resources/groups.rb +4 -2
data/lib/resources/grub_conf.rb +1 -1
data/lib/resources/host.rb +2 -2
data/lib/resources/http.rb +20 -22
data/lib/resources/iis_app.rb +1 -0
data/lib/resources/iis_site.rb +1 -0
data/lib/resources/inetd_conf.rb +1 -2
data/lib/resources/ini.rb +2 -2
data/lib/resources/interface.rb +2 -3
data/lib/resources/iptables.rb +1 -2
data/lib/resources/json.rb +4 -2
data/lib/resources/kernel_module.rb +1 -4
data/lib/resources/kernel_parameter.rb +1 -1
data/lib/resources/key_rsa.rb +2 -2
data/lib/resources/limits_conf.rb +1 -2
data/lib/resources/login_def.rb +1 -2
data/lib/resources/mount.rb +1 -3
data/lib/resources/mssql_session.rb +1 -3
data/lib/resources/mysql.rb +1 -2
data/lib/resources/mysql_conf.rb +2 -1
data/lib/resources/mysql_session.rb +2 -3
data/lib/resources/nginx.rb +1 -2
data/lib/resources/nginx_conf.rb +1 -2
data/lib/resources/npm.rb +2 -2
data/lib/resources/ntp_conf.rb +1 -2
data/lib/resources/oneget.rb +1 -2
data/lib/resources/oracledb_session.rb +2 -3
data/lib/resources/os.rb +2 -12
data/lib/resources/os_env.rb +2 -2
data/lib/resources/package.rb +2 -2
data/lib/resources/packages.rb +1 -2
data/lib/resources/parse_config.rb +2 -2
data/lib/resources/passwd.rb +1 -23
data/lib/resources/pip.rb +2 -2
data/lib/resources/platform.rb +19 -22
data/lib/resources/port.rb +2 -2
data/lib/resources/postgres.rb +1 -3
data/lib/resources/postgres_conf.rb +2 -3
data/lib/resources/postgres_hba_conf.rb +1 -2
data/lib/resources/postgres_ident_conf.rb +1 -2
data/lib/resources/postgres_session.rb +2 -3
data/lib/resources/powershell.rb +1 -2
data/lib/resources/processes.rb +2 -2
data/lib/resources/rabbitmq_conf.rb +1 -2
data/lib/resources/registry_key.rb +1 -1
data/lib/resources/security_policy.rb +1 -2
data/lib/resources/service.rb +8 -3
data/lib/resources/shadow.rb +1 -2
data/lib/resources/ssh_conf.rb +2 -2
data/lib/resources/ssl.rb +2 -2
data/lib/resources/sys_info.rb +2 -0
data/lib/resources/toml.rb +0 -0
data/lib/resources/users.rb +4 -2
data/lib/resources/vbscript.rb +1 -2
data/lib/resources/virtualization.rb +1 -1
data/lib/resources/windows_feature.rb +1 -2
data/lib/resources/windows_hotfix.rb +1 -1
data/lib/resources/windows_task.rb +1 -2
data/lib/resources/wmi.rb +1 -2
data/lib/resources/x509_certificate.rb +2 -2
data/lib/resources/xinetd.rb +1 -2
data/lib/resources/xml.rb +2 -1
data/lib/resources/yaml.rb +4 -2
data/lib/resources/yum.rb +1 -2
data/lib/resources/zfs_dataset.rb +1 -1
data/lib/resources/zfs_pool.rb +1 -1
data/lib/source_readers/flat.rb +0 -0
data/lib/source_readers/inspec.rb +0 -0
data/lib/utils/command_wrapper.rb +0 -0
data/lib/utils/convert.rb +0 -0
data/lib/utils/database_helpers.rb +0 -0
data/lib/utils/erlang_parser.rb +0 -0
data/lib/utils/filter.rb +0 -0
data/lib/utils/filter_array.rb +0 -0
data/lib/utils/find_files.rb +0 -0
data/lib/utils/hash.rb +0 -0
data/lib/utils/json_log.rb +0 -0
data/lib/utils/latest_version.rb +0 -0
data/lib/utils/modulator.rb +0 -0
data/lib/utils/nginx_parser.rb +0 -0
data/lib/utils/object_traversal.rb +0 -0
data/lib/utils/parser.rb +0 -0
data/lib/utils/plugin_registry.rb +0 -0
data/lib/utils/simpleconfig.rb +0 -12
data/lib/utils/spdx.rb +0 -0
data/lib/utils/spdx.txt +0 -0
metadata +81 -6
data/docs/resources/auditd_rules.md.erb +0 -116
data/lib/resources/auditd_rules.rb +0 -205

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 989b25f3c8ed378cf7ec3580045812b39866fb60
-  data.tar.gz: e84c1fc487dedd86208c9a0ff1802f05e416b4eb
+  metadata.gz: e7923a9284d909a94f986218ff9f89f5241b5952
+  data.tar.gz: e19fc206a4c814a51d24d56902b1a32b63c8a173
 SHA512:
-  metadata.gz: c5692520e23adfaccc539648a4a6a45574500a5f416d69d11fdf815cc2aeccd1022e48e4b6037818418c44429f2271bd7204250763eb66d8f8e2df024b50905e
-  data.tar.gz: 3ffa101802b8512979e14d6d9fd4578219caf589fdd4ee82704cfe78ff0c92bbaf36e1da988fe805111c48256d8d67f3d603da1eff37566a17cf1a1d78c16721
+  metadata.gz: 4e2cb5db850d22b7fba377bc6845e296fc5da8b22dd37b873dd6693a6fe564f2e84e2b2c20c5b8e041714972280ae74da02ff61703298b7a5647d39f48fd66dd
+  data.tar.gz: a71bab78912c612c454ddf3deb5d053bb5e3c61e1c4838594ba4d8d09feffd5813dd1f20e3cee90c38100717982f11ba3a8652d9b19a2974fdf215de6d9a1382

data/.rubocop.yml CHANGED

@@ -8,7 +8,7 @@ AllCops:
   - 'examples/**/*'
   - 'vendor/**/*'
   - 'lib/bundles/inspec-init/templates/**/*'
-  - 'www/tutorial/**/*'
+  - 'www/demo/**/*'
 AlignParameters:
   Enabled: true
 BlockDelimiters:

data/CHANGELOG.md CHANGED

@@ -1,39 +1,44 @@
 # Change Log
 <!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
-<!-- latest_release 1.51.25 -->
-## [v1.51.25](https://github.com/chef/inspec/tree/v1.51.25) (2018-05-10)
+<!-- latest_release 2.0.16 -->
+## [v2.0.16](https://github.com/chef/inspec/tree/v2.0.16) (2018-02-20)
 #### Merged Pull Requests
-- Backport ci verify scripts [#3038](https://github.com/chef/inspec/pull/3038) ([miah](https://github.com/miah))
+- HM Mobile IE [#2705](https://github.com/chef/inspec/pull/2705) ([hannah-radish](https://github.com/hannah-radish))
 <!-- latest_release -->
-<!-- release_rollup since=1.51.21 -->
-### Changes since 1.51.21 release
-#### Bug Fixes
-- Allow the depends key to be exposed in json profiles report 1.x [#3035](https://github.com/chef/inspec/pull/3035) ([jquick](https://github.com/jquick)) <!-- 1.51.24 -->
+<!-- release_rollup since=1.51.18 -->
+### Changes since 1.51.18 release
 #### Merged Pull Requests
-- Backport ci verify scripts [#3038](https://github.com/chef/inspec/pull/3038) ([miah](https://github.com/miah)) <!-- 1.51.25 -->
-- cmp should recognise a string being a negative int (#3007) [#3012](https://github.com/chef/inspec/pull/3012) ([james-stocks](https://github.com/james-stocks)) <!-- 1.51.23 -->
-- 1.x - Adjust version test to allow for inspec 2.x being available [#3015](https://github.com/chef/inspec/pull/3015) ([james-stocks](https://github.com/james-stocks)) <!-- 1.51.22 -->
+- HM Mobile IE [#2705](https://github.com/chef/inspec/pull/2705) ([hannah-radish](https://github.com/hannah-radish)) <!-- 2.0.16 -->
+- move /tutorial to /demo [#2700](https://github.com/chef/inspec/pull/2700) ([arlimus](https://github.com/arlimus)) <!-- 2.0.15 -->
+- HM website optimization [#2699](https://github.com/chef/inspec/pull/2699) ([hannah-radish](https://github.com/hannah-radish)) <!-- 2.0.14 -->
+- www: fix sidebar stickiness [#2698](https://github.com/chef/inspec/pull/2698) ([arlimus](https://github.com/arlimus)) <!-- 2.0.13 -->
+- Add correct `supports platform` to resources. [#2674](https://github.com/chef/inspec/pull/2674) ([miah](https://github.com/miah)) <!-- 2.0.12 -->
+- Fix legacy reporter output to file [#2667](https://github.com/chef/inspec/pull/2667) ([jquick](https://github.com/jquick)) <!-- 2.0.11 -->
+- Add example profiles for AWS/Azure [#2680](https://github.com/chef/inspec/pull/2680) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 2.0.10 -->
+- Revert download button [#2684](https://github.com/chef/inspec/pull/2684) ([hannah-radish](https://github.com/hannah-radish)) <!-- 2.0.9 -->
+- Hannah Review1 [#2683](https://github.com/chef/inspec/pull/2683) ([hannah-radish](https://github.com/hannah-radish)) <!-- 2.0.8 -->
+- Capture ArgumentErrors from aws. [#2673](https://github.com/chef/inspec/pull/2673) ([jquick](https://github.com/jquick)) <!-- 2.0.7 -->
+- Fix bundle exec calls [#2670](https://github.com/chef/inspec/pull/2670) ([jquick](https://github.com/jquick)) <!-- 2.0.6 -->
+- Fixes merge conflict messages [#2677](https://github.com/chef/inspec/pull/2677) ([kagarmoe](https://github.com/kagarmoe)) <!-- 2.0.5 -->
+- Add `Release:` to AWS `inspec detect` example [#2672](https://github.com/chef/inspec/pull/2672) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 2.0.4 -->
+- Remove duplicated encryption key test. [#2671](https://github.com/chef/inspec/pull/2671) ([juliandunn](https://github.com/juliandunn)) <!-- 2.0.3 -->
+- Prevent resources from loading if supports check fails [#2665](https://github.com/chef/inspec/pull/2665) ([jquick](https://github.com/jquick)) <!-- 2.0.2 -->
+- Add in release-2.0 changes to master [#2655](https://github.com/chef/inspec/pull/2655) ([jquick](https://github.com/jquick)) <!-- 2.0.1 -->
+- package resource: Fix Windows package detection [#2624](https://github.com/chef/inspec/pull/2624) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.51.20 -->
+- Fix the /private/var osx issue causing functional tests to fail [#2616](https://github.com/chef/inspec/pull/2616) ([jquick](https://github.com/jquick)) <!-- 1.51.19 -->
 <!-- release_rollup -->
 <!-- latest_stable_release -->
-## [v1.51.21](https://github.com/chef/inspec/tree/v1.51.21) (2018-02-20)
-#### Merged Pull Requests
-- Fix the /private/var osx issue causing functional tests to fail [#2616](https://github.com/chef/inspec/pull/2616) ([jquick](https://github.com/jquick))
-- package resource: Fix Windows package detection [#2624](https://github.com/chef/inspec/pull/2624) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
-- Fix legacy reporter output to file (inspec-v1.x) [#2689](https://github.com/chef/inspec/pull/2689) ([jquick](https://github.com/jquick))
-<!-- latest_stable_release -->
 ## [v1.51.18](https://github.com/chef/inspec/tree/v1.51.18) (2018-02-12)
 #### Merged Pull Requests
 - Force a default reporter for ad-hoc runners [#2610](https://github.com/chef/inspec/pull/2610) ([jquick](https://github.com/jquick))
 - Allow ad-hoc runners to use rspec formats. [#2621](https://github.com/chef/inspec/pull/2621) ([jquick](https://github.com/jquick))
 - Add json fields to schema and add tests. [#2618](https://github.com/chef/inspec/pull/2618) ([jquick](https://github.com/jquick))
+<!-- latest_stable_release -->
 ## [v1.51.15](https://github.com/chef/inspec/tree/v1.51.15) (2018-02-09)

data/Gemfile CHANGED

@@ -8,6 +8,7 @@ if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.2.2')
 end
 gem 'ffi', '>= 1.9.14'
+gem 'aws-sdk', '~> 2'
 group :test do
   gem 'bundler', '~> 1.5'
@@ -15,11 +16,12 @@ group :test do
   gem 'rake', '>= 10'
   gem 'rubocop', '= 0.49.1'
   gem 'simplecov', '~> 0.10'
-  gem 'concurrent-ruby', '~> 0.9'
+  gem 'concurrent-ruby', '~> 1.0'
   gem 'mocha', '~> 1.1'
   gem 'ruby-progressbar', '~> 1.8'
   gem 'webmock', '~> 2.3.2'
   gem 'jsonschema', '~> 2.0.2'
+  gem 'passgen'
   gem 'm'
 end

data/LICENSE CHANGED

File without changes

data/MAINTAINERS.md CHANGED

File without changes

data/MAINTAINERS.toml CHANGED

File without changes

data/README.md CHANGED

@@ -242,6 +242,18 @@ inspec exec test.rb --sudo [--sudo-password ...] [--sudo-options ...] [--sudo_co
 # run in a subshell
 inspec exec test.rb --shell [--shell-options ...] [--shell-command ...]
+# run a profile targeting AWS using env vars
+inspec exec test.rb -t aws://
+# or store your AWS credentials in your ~/.aws/credentials profiles file
+inspec exec test.rb -t aws://us-east-2/my-profile
+# run a profile targeting Azure using env vars
+inspec exec test.rb -t azure://
+# or store your Azure credentials in your ~/.azure/credentials profiles file
+inspec exec test.rb -t azure://subscription_id
 ```
 ### detect
@@ -322,6 +334,7 @@ You may also [browse the Supermarket for shared Compliance Profiles](https://sup
 InSpec is inspired by the wonderful [Serverspec](http://serverspec.org) project. Kudos to [mizzy](https://github.com/mizzy) and [all contributors](https://github.com/mizzy/serverspec/graphs/contributors)!
+The AWS resources were inspired by [inspec-aws](https://github.com/arothian/inspec-aws) from [arothian](https://github.com/arothian).
 ## Contribute
@@ -339,10 +352,11 @@ The InSpec community and maintainers are very active and helpful. This project b
 ## Testing InSpec
-We perform `unit` and `integration` tests.
+We offer `unit`, `integration`, and `aws` tests.
 - `unit` tests ensure the intended behaviour of the implementation
 - `integration` tests run against Docker-based VMs via test-kitchen and [kitchen-inspec](https://github.com/chef/kitchen-inspec)
+- `aws` tests exercise the AWS resources against real AWS accounts
 ### Unit tests
@@ -360,7 +374,6 @@ You may also run a single test within a file by line number:
 ```bash
 bundle exec m test/unit/resources/user_test.rb -l 123
-```
 ### Integration tests
@@ -396,14 +409,20 @@ You may test all instances in parallel with:
 bundle exec kitchen test -c
 ```
+### AWS Tests
+Use the rake task `bundle exec rake test:aws` to test the AWS resources against a pair of real AWS accounts.
+Please see TESTING_AGAINST_AWS.md for details on how to setup the needed AWS accounts to perform testing.
 ## License
 |  |  |
 | ------ | --- |
 | **Author:** | Dominik Richter (<drichter@chef.io>) |
 | **Author:** | Christoph Hartmann (<chartmann@chef.io>) |
-| **Copyright:** | Copyright (c) 2015 Chef Software Inc. |
 | **Copyright:** | Copyright (c) 2015 Vulcano Security GmbH. |
+| **Copyright:** | Copyright (c) 2017 Chef Software Inc. |
 | **License:** | Apache License, Version 2.0 |
 Licensed under the Apache License, Version 2.0 (the "License");

data/Rakefile CHANGED

@@ -4,9 +4,16 @@
 require 'bundler'
 require 'bundler/gem_tasks'
 require 'rake/testtask'
+require 'passgen'
+require 'train'
 require_relative 'tasks/maintainers'
 require_relative 'tasks/spdx'
+def prompt(message)
+  print(message)
+  STDIN.gets.chomp
+end
 # The docs tasks rely on ruby-progressbar. If we can't load it, then don't
 # load the docs tasks. This is necessary to allow this Rakefile to work
 # when the "tests" gem group in the Gemfile has been excluded, such as
@@ -84,6 +91,116 @@ namespace :test do
     sh('sh', '-c', sh_cmd)
   end
+  project_dir = File.dirname(__FILE__)
+  namespace :aws do
+    ['default', 'minimal'].each do |account|
+      integration_dir = File.join(project_dir, 'test', 'aws', account)
+      attribute_file = File.join(integration_dir, '.attribute.yml')
+      task :"setup:#{account}", :tf_workspace do |t, args|
+        tf_workspace = args[:tf_workspace] || ENV['INSPEC_TERRAFORM_ENV']
+        abort("You must either call the top-level test:aws:#{account} task, or set the INSPEC_TERRAFORM_ENV variable.") unless tf_workspace
+        puts "----> Setup"
+        abort("You must set the environment variable AWS_REGION") unless ENV['AWS_REGION']
+        puts "----> Checking for required AWS profile..."
+        sh("aws configure get aws_access_key_id --profile inspec-aws-test-#{account} > /dev/null")
+        sh("cd #{integration_dir}/build/ && terraform init")
+        sh("cd #{integration_dir}/build/ && terraform workspace new #{tf_workspace}")
+        sh("cd #{integration_dir}/build/ && AWS_PROFILE=inspec-aws-test-#{account} terraform plan")
+        sh("cd #{integration_dir}/build/ && AWS_PROFILE=inspec-aws-test-#{account} terraform apply")
+        Rake::Task["test:aws:dump_attrs:#{account}"].execute
+      end
+      task :"dump_attrs:#{account}" do
+        sh("cd #{integration_dir}/build/ && AWS_PROFILE=inspec-aws-test-#{account} terraform output > #{attribute_file}")
+        raw_output = File.read(attribute_file)
+        yaml_output = raw_output.gsub(" = ", " : ")
+        File.open(attribute_file, "w") {|file| file.puts yaml_output}
+      end
+      task :"run:#{account}" do
+        puts "----> Run"
+        sh("bundle exec inspec exec #{integration_dir}/verify -t aws://${AWS_REGION}/inspec-aws-test-#{account} --attrs #{attribute_file}")
+      end
+      task :"cleanup:#{account}", :tf_workspace do |t, args|
+        tf_workspace = args[:tf_workspace] || ENV['INSPEC_TERRAFORM_ENV']
+        abort("You must either call the top-level test:aws:#{account} task, or set the INSPEC_TERRAFORM_ENV variable.") unless tf_workspace
+        puts "----> Cleanup"
+        sh("cd #{integration_dir}/build/ && AWS_PROFILE=inspec-aws-test-#{account} terraform destroy -force")
+        sh("cd #{integration_dir}/build/ && terraform workspace select default")
+        sh("cd #{integration_dir}/build && terraform workspace delete #{tf_workspace}")
+      end
+      task :"#{account}" do
+        tf_workspace = ENV['INSPEC_TERRAFORM_ENV'] || prompt("Please enter a workspace for your integration tests to run in: ")
+        begin
+          Rake::Task["test:aws:setup:#{account}"].execute({:tf_workspace => tf_workspace})
+          Rake::Task["test:aws:run:#{account}"].execute
+        rescue
+          abort("Integration testing has failed for the #{account} account")
+        ensure
+          Rake::Task["test:aws:cleanup:#{account}"].execute({:tf_workspace => tf_workspace})
+        end
+      end
+    end
+  end
+  desc "Perform AWS Integration Tests"
+  task aws: [:'aws:default', :'aws:minimal']
+  namespace :azure do
+    # Specify the directory for the integration tests
+    integration_dir = 'test/azure'
+    task :init_workspace do
+      # Initialize terraform workspace
+      sh("cd #{integration_dir}/build/ && terraform init")
+    end
+    task :setup_integration_tests do
+      puts '----> Setup'
+      creds = Train.create('azure').connection.connect
+      # Determine the storage account name and the admin password
+      sa_name = (0...15).map { (65 + rand(26)).chr }.join.downcase
+      admin_password = Passgen::generate(length: 12, uppercase: true, lowercase: true, symbols: true, digits: true)
+      # Use the first 4 characters of the storage account to create a suffix
+      suffix = sa_name[0..3]
+      # Create the plan that can be applied to Azure
+      cmd = format("cd %s/build/ && terraform plan -var 'subscription_id=%s' -var 'client_id=%s' -var 'client_secret=%s' -var 'tenant_id=%s' -var 'storage_account_name=%s' -var 'admin_password=%s' -var 'suffix=%s' -out inspec-azure.plan", integration_dir, creds[:subscription_id], creds[:client_id], creds[:client_secret], creds[:tenant_id], sa_name, admin_password, suffix)
+      sh(cmd)
+      # Apply the plan on Azure
+      cmd = format("cd %s/build/ && terraform apply inspec-azure.plan", integration_dir)
+      sh(cmd)
+    end
+    task :run_integration_tests do
+      puts '----> Run'
+      sh("bundle exec inspec exec #{integration_dir}/verify -t azure://1e0b427a-d58b-494e-ae4f-ee558463ebbf")
+    end
+    task :cleanup_integration_tests do
+      puts '----> Cleanup'
+      creds = Train.create('azure').connection.connect
+      cmd = format("cd %s/build/ && terraform destroy -force -var 'subscription_id=%s' -var 'client_id=%s' -var 'client_secret=%s' -var 'tenant_id=%s' -var 'admin_password=dummy' -var 'storage_account_name=dummy' -var 'suffix=dummy'", integration_dir, creds[:subscription_id], creds[:client_id], creds[:client_secret], creds[:tenant_id])
+      sh(cmd)
+    end
+  end
+  desc "Perform Azure Integration Tests"
+  task :azure do
+    Rake::Task['test:azure:init_workspace'].execute
+    Rake::Task['test:azure:cleanup_integration_tests'].execute
+    Rake::Task['test:azure:setup_integration_tests'].execute
+    Rake::Task['test:azure:run_integration_tests'].execute
+    Rake::Task['test:azure:cleanup_integration_tests'].execute
+  end
 end
 # Print the current version of this gem or update it.

data/docs/.gitignore CHANGED

File without changes

data/docs/README.md CHANGED

File without changes

data/docs/dsl_inspec.md CHANGED

File without changes

data/docs/dsl_resource.md CHANGED

File without changes

data/docs/glossary.md CHANGED

File without changes

data/docs/habitat.md CHANGED

File without changes

data/docs/inspec_and_friends.md CHANGED

File without changes

data/docs/matchers.md CHANGED

File without changes

data/docs/migration.md CHANGED

File without changes

data/docs/platforms.md ADDED

@@ -0,0 +1,119 @@
+# Using InSpec 2.0 on Cloud Platforms
+We are pleased to announce that with this release of InSpec 2.0, we have expanded our platform support beyond individual machines and now include support for select AWS and Azure resources.
+With InSpec 2.0, you may now use several InSpec resources to audit properties of your cloud infrastructure - for example, an Amazon Web Services S3 bucket.
+<br>
+## AWS Platform Support in InSpec 2.0
+### Setting up AWS credentials for InSpec
+InSpec uses the standard AWS authentication mechanisms. Typically, you will create an IAM user specifically for auditing activities.
+* 1 Create an IAM user in the AWS console, with your choice of username. Check the box marked "Programmatic Access."
+* 2 On the Permissions screen, choose Direct Attach. Select the AWS-managed IAM Profile named "ReadOnlyAccess." If you wish to restrict the user further, you may do so; see individual InSpec resources to identify which permissions are required.
+* 3 After generating the key, record the Access Key ID and Secret Key.
+#### Using Environment Variables to provide credentials
+You may provide the credentials to InSpec by setting the following environment variables: `AWS_REGION`, `AWS_ACCESS_KEY_ID`, and `AWS_SECRET_KEY_ID`. You may also use `AWS_PROFILE`, or if you are using MFA, `AWS_SESSION_TOKEN`. See the [AWS Command Line Interface Docs](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html) for details.
+Once you have your environment variables set, you can verify your credentials by running:
+```bash
+you$ inspec detect -t aws://
+== Platform Details
+Name:      aws
+Families:  cloud, api
+Release:   aws-sdk-v2.10.125
+```
+#### Using the InSpec target option to provide credentials on AWS
+Look for a file in your home directory named `~/.aws/credentials`. If it does not exist, create it. Choose a name for your profile; here, we're using the name 'auditing'. Add your credentials as a new profile, in INI format:
+```bash
+[auditing]
+aws_access_key_id = AKIA....
+aws_secret_access_key = 1234....abcd
+```
+You may now run InSpec using the `--target` / `-t` option, using the format `-t aws://region/profile`.  For example, to connect to the Ohio region using a profile named 'auditing', use `-t aws://us-east-2/auditing`.
+To verify your credentials,
+```bash
+you$ inspec detect -t aws://
+== Platform Details
+Name:      aws
+Families:  cloud, api
+Release:   aws-sdk-v2.10.125
+```
+<br>
+## Azure Platform Support in InSpec 2.0
+### Setting up Azure credentials for InSpec
+To use InSpec Azure resources, you will need to create a Service Principal Name (SPN) for auditing an Azure subscription.
+This can be done on the command line or from the Azure Portal:
+* [Azure CLI](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-authenticate-service-principal-cli)
+* [PowerShell](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-authenticate-service-principal)
+* [Azure Portal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal)
+The information from the SPN can be specified either in the file `~/.azure/credentials`, as environment variables, or by using InSpec target URIs.
+#### Setting up the Azure Credentials File
+By default InSpec is configured to look at ~/.azure/credentials, and it should contain:
+```powershell
+[<SUBSCRIPTION_ID>]
+client_id = "<CLIENT_ID>"
+client_secret = "<CLIENT_SECRET>"
+tenant_id = "<TENANT_ID>"
+```
+NOTE: In the Azure web portal, these values are labeled differently:
+* The client_id is referred to as the 'Application ID'
+* The client_secret is referred to as the 'Key (Password Type)'
+* The tenant_id is referred to as the 'Directory ID'
+With the credentials are in place you may now execute InSpec:
+```bash
+inspec exec my-inspec-profile -t azure://
+```
+#### Using Environment variables to provide credentials
+You may also set the Azure credentials via environment variables:
+* `AZURE_SUBSCRIPTION_ID`
+* `AZURE_CLIENT_ID`
+* `AZURE_CLIENT_SECRET`
+* `AZURE_TENANT_ID`
+For example:
+```bash
+AZURE_SUBSCRIPTION_ID="2fbdbb02-df2e-11e6-bf01-fe55135034f3" \
+AZURE_CLIENT_ID="58dc4f6c-df2e-11e6-bf01-fe55135034f3" \
+AZURE_CLIENT_SECRET="Jibr4iwwaaZwBb6W" \
+AZURE_TENANT_ID="6ad89b58-df2e-11e6-bf01-fe55135034f3" inspec exec my-profile -t azure://
+```
+#### Using the InSpec target option to provide credentials on Azure
+If you have created a `~/.azure/credentials` file as above, you may also use the InSpec command line `--target` / `-t` option to select a subscription ID.  For example:
+```bash
+inspec exec my-profile -t azure://2fbdbb02-df2e-11e6-bf01-fe55135034f3
+```