RubyGems - inspec - Versions diffs - 1.51.25 → 2.0.16 - Mend

inspec 1.51.25 → 2.0.16

Files changed (482) hide show

checksums.yaml +4 -4
data/.rubocop.yml +1 -1
data/CHANGELOG.md +24 -19
data/Gemfile +3 -1
data/LICENSE +0 -0
data/MAINTAINERS.md +0 -0
data/MAINTAINERS.toml +0 -0
data/README.md +22 -3
data/Rakefile +117 -0
data/docs/.gitignore +0 -0
data/docs/README.md +0 -0
data/docs/dsl_inspec.md +0 -0
data/docs/dsl_resource.md +0 -0
data/docs/glossary.md +0 -0
data/docs/habitat.md +0 -0
data/docs/inspec_and_friends.md +0 -0
data/docs/matchers.md +0 -0
data/docs/migration.md +0 -0
data/docs/platforms.md +119 -0
data/docs/plugin_kitchen_inspec.md +0 -0
data/docs/profiles.md +0 -0
data/docs/reporters.md +0 -0
data/docs/resources/aide_conf.md.erb +6 -8
data/docs/resources/apache.md.erb +2 -1
data/docs/resources/apache_conf.md.erb +2 -1
data/docs/resources/apt.md.erb +2 -1
data/docs/resources/audit_policy.md.erb +3 -2
data/docs/resources/auditd.md.erb +2 -1
data/docs/resources/auditd_conf.md.erb +3 -3
data/docs/resources/aws_cloudtrail_trail.md.erb +140 -0
data/docs/resources/aws_cloudtrail_trails.md.erb +81 -0
data/docs/resources/aws_cloudwatch_alarm.md.erb +86 -0
data/docs/resources/aws_cloudwatch_log_metric_filter.md.erb +151 -0
data/docs/resources/aws_ec2_instance.md.erb +106 -0
data/docs/resources/aws_iam_access_key.md.erb +123 -0
data/docs/resources/aws_iam_access_keys.md.erb +198 -0
data/docs/resources/aws_iam_group.md.erb +46 -0
data/docs/resources/aws_iam_groups.md.erb +43 -0
data/docs/resources/aws_iam_password_policy.md.erb +76 -0
data/docs/resources/aws_iam_policies.md.erb +82 -0
data/docs/resources/aws_iam_policy.md.erb +146 -0
data/docs/resources/aws_iam_role.md.erb +65 -0
data/docs/resources/aws_iam_root_user.md.erb +58 -0
data/docs/resources/aws_iam_user.md.erb +64 -0
data/docs/resources/aws_iam_users.md.erb +90 -0
data/docs/resources/aws_kms_keys.md.erb +84 -0
data/docs/resources/aws_route_table.md.erb +47 -0
data/docs/resources/aws_s3_bucket.md.erb +134 -0
data/docs/resources/aws_security_group.md.erb +152 -0
data/docs/resources/aws_security_groups.md.erb +92 -0
data/docs/resources/aws_sns_topic.md.erb +63 -0
data/docs/resources/aws_subnet.md.erb +134 -0
data/docs/resources/aws_subnets.md.erb +126 -0
data/docs/resources/aws_vpc.md.erb +120 -0
data/docs/resources/aws_vpcs.md.erb +48 -0
data/docs/resources/azure_generic_resource.md.erb +140 -0
data/docs/resources/azure_resource_group.md.erb +284 -0
data/docs/resources/azure_virtual_machine.md.erb +314 -0
data/docs/resources/azure_virtual_machine_data_disk.md.erb +182 -0
data/docs/resources/bash.md.erb +2 -1
data/docs/resources/bond.md.erb +2 -1
data/docs/resources/bridge.md.erb +5 -2
data/docs/resources/bsd_service.md.erb +3 -1
data/docs/resources/command.md.erb +2 -1
data/docs/resources/cpan.md.erb +4 -3
data/docs/resources/cran.md.erb +2 -1
data/docs/resources/crontab.md.erb +2 -1
data/docs/resources/csv.md.erb +2 -1
data/docs/resources/dh_params.md.erb +2 -1
data/docs/resources/directory.md.erb +4 -2
data/docs/resources/docker.md.erb +2 -1
data/docs/resources/docker_container.md.erb +5 -2
data/docs/resources/docker_image.md.erb +2 -1
data/docs/resources/docker_service.md.erb +2 -1
data/docs/resources/elasticsearch.md.erb +12 -1
data/docs/resources/etc_fstab.md.erb +2 -1
data/docs/resources/etc_group.md.erb +2 -1
data/docs/resources/etc_hosts.md.erb +4 -1
data/docs/resources/etc_hosts_allow.md.erb +2 -1
data/docs/resources/etc_hosts_deny.md.erb +2 -1
data/docs/resources/file.md.erb +6 -3
data/docs/resources/filesystem.md.erb +2 -1
data/docs/resources/firewalld.md.erb +4 -3
data/docs/resources/gem.md.erb +2 -1
data/docs/resources/group.md.erb +2 -1
data/docs/resources/grub_conf.md.erb +2 -2
data/docs/resources/host.md.erb +2 -1
data/docs/resources/http.md.erb +4 -7
data/docs/resources/iis_app.md.erb +3 -1
data/docs/resources/iis_site.md.erb +4 -1
data/docs/resources/inetd_conf.md.erb +2 -3
data/docs/resources/ini.md.erb +6 -2
data/docs/resources/interface.md.erb +5 -2
data/docs/resources/iptables.md.erb +2 -1
data/docs/resources/json.md.erb +2 -1
data/docs/resources/kernel_module.md.erb +2 -1
data/docs/resources/kernel_parameter.md.erb +3 -3
data/docs/resources/key_rsa.md.erb +5 -3
data/docs/resources/launchd_service.md.erb +2 -1
data/docs/resources/limits_conf.md.erb +4 -2
data/docs/resources/login_def.md.erb +2 -2
data/docs/resources/mount.md.erb +2 -1
data/docs/resources/mssql_session.md.erb +2 -1
data/docs/resources/mysql_conf.md.erb +2 -1
data/docs/resources/mysql_session.md.erb +2 -1
data/docs/resources/nginx.md.erb +1 -0
data/docs/resources/nginx_conf.md.erb +2 -1
data/docs/resources/npm.md.erb +2 -1
data/docs/resources/ntp_conf.md.erb +2 -1
data/docs/resources/oneget.md.erb +2 -1
data/docs/resources/oracledb_session.md.erb +2 -1
data/docs/resources/os.md.erb +4 -3
data/docs/resources/os_env.md.erb +2 -1
data/docs/resources/package.md.erb +3 -2
data/docs/resources/packages.md.erb +2 -1
data/docs/resources/parse_config.md.erb +2 -1
data/docs/resources/parse_config_file.md.erb +3 -2
data/docs/resources/passwd.md.erb +2 -1
data/docs/resources/pip.md.erb +2 -1
data/docs/resources/port.md.erb +2 -1
data/docs/resources/postgres_conf.md.erb +2 -1
data/docs/resources/postgres_hba_conf.md.erb +2 -1
data/docs/resources/postgres_ident_conf.md.erb +2 -1
data/docs/resources/postgres_session.md.erb +2 -1
data/docs/resources/powershell.md.erb +2 -1
data/docs/resources/processes.md.erb +3 -1
data/docs/resources/rabbitmq_config.md.erb +2 -1
data/docs/resources/registry_key.md.erb +2 -1
data/docs/resources/runit_service.md.erb +2 -1
data/docs/resources/security_policy.md.erb +2 -1
data/docs/resources/service.md.erb +2 -1
data/docs/resources/shadow.md.erb +2 -1
data/docs/resources/ssh_config.md.erb +2 -1
data/docs/resources/sshd_config.md.erb +2 -1
data/docs/resources/ssl.md.erb +2 -1
data/docs/resources/sys_info.md.erb +2 -1
data/docs/resources/systemd_service.md.erb +2 -1
data/docs/resources/sysv_service.md.erb +2 -1
data/docs/resources/upstart_service.md.erb +2 -1
data/docs/resources/user.md.erb +3 -1
data/docs/resources/users.md.erb +2 -1
data/docs/resources/vbscript.md.erb +2 -1
data/docs/resources/virtualization.md.erb +2 -1
data/docs/resources/windows_feature.md.erb +2 -1
data/docs/resources/windows_hotfix.md.erb +2 -1
data/docs/resources/windows_task.md.erb +49 -43
data/docs/resources/wmi.md.erb +2 -1
data/docs/resources/x509_certificate.md.erb +1 -0
data/docs/resources/xinetd_conf.md.erb +2 -1
data/docs/resources/xml.md.erb +2 -1
data/docs/resources/yaml.md.erb +2 -1
data/docs/resources/yum.md.erb +2 -1
data/docs/resources/zfs_dataset.md.erb +2 -1
data/docs/resources/zfs_pool.md.erb +2 -1
data/docs/ruby_usage.md +0 -0
data/docs/shared/matcher_be.md.erb +0 -0
data/docs/shared/matcher_cmp.md.erb +0 -0
data/docs/shared/matcher_eq.md.erb +0 -0
data/docs/shared/matcher_include.md.erb +0 -0
data/docs/shared/matcher_match.md.erb +0 -0
data/docs/shell.md +0 -0
data/examples/README.md +0 -0
data/examples/inheritance/README.md +0 -0
data/examples/inheritance/controls/example.rb +0 -0
data/examples/inheritance/inspec.yml +0 -0
data/examples/kitchen-ansible/.kitchen.yml +0 -0
data/examples/kitchen-ansible/Gemfile +0 -0
data/examples/kitchen-ansible/README.md +0 -0
data/examples/kitchen-ansible/files/nginx.repo +0 -0
data/examples/kitchen-ansible/tasks/main.yml +0 -0
data/examples/kitchen-ansible/test/integration/default/default.yml +0 -0
data/examples/kitchen-ansible/test/integration/default/web_spec.rb +0 -0
data/examples/kitchen-chef/.kitchen.yml +0 -0
data/examples/kitchen-chef/Berksfile +0 -0
data/examples/kitchen-chef/Gemfile +0 -0
data/examples/kitchen-chef/README.md +0 -0
data/examples/kitchen-chef/metadata.rb +0 -0
data/examples/kitchen-chef/recipes/default.rb +0 -0
data/examples/kitchen-chef/recipes/nginx.rb +0 -0
data/examples/kitchen-chef/test/integration/default/web_spec.rb +0 -0
data/examples/kitchen-puppet/.kitchen.yml +0 -0
data/examples/kitchen-puppet/Gemfile +0 -0
data/examples/kitchen-puppet/Puppetfile +0 -0
data/examples/kitchen-puppet/README.md +0 -0
data/examples/kitchen-puppet/manifests/site.pp +0 -0
data/examples/kitchen-puppet/metadata.json +0 -0
data/examples/kitchen-puppet/test/integration/default/web_spec.rb +0 -0
data/examples/meta-profile/README.md +0 -0
data/examples/meta-profile/controls/example.rb +0 -0
data/examples/meta-profile/inspec.yml +0 -0
data/examples/profile-attribute.yml +0 -0
data/examples/profile-attribute/README.md +0 -0
data/examples/profile-attribute/controls/example.rb +0 -0
data/examples/profile-attribute/inspec.yml +0 -0
data/examples/profile-aws/controls/iam_password_policy_expiration.rb +8 -0
data/examples/profile-aws/controls/iam_password_policy_max_age.rb +8 -0
data/examples/profile-aws/controls/iam_root_user_mfa.rb +8 -0
data/examples/profile-aws/controls/iam_users_access_key_age.rb +8 -0
data/examples/profile-aws/controls/iam_users_console_users_mfa.rb +8 -0
data/examples/profile-aws/inspec.yml +11 -0
data/examples/profile-azure/controls/azure_resource_group_example.rb +24 -0
data/examples/profile-azure/controls/azure_vm_example.rb +29 -0
data/examples/profile-azure/inspec.yml +11 -0
data/examples/profile-sensitive/README.md +0 -0
data/examples/profile-sensitive/controls/sensitive-failures.rb +0 -0
data/examples/profile-sensitive/controls/sensitive.rb +0 -0
data/examples/profile-sensitive/inspec.yml +0 -0
data/examples/profile/README.md +0 -0
data/examples/profile/controls/example.rb +0 -0
data/examples/profile/controls/gordon.rb +0 -0
data/examples/profile/controls/meta.rb +0 -0
data/examples/profile/inspec.yml +0 -0
data/examples/profile/libraries/gordon_config.rb +0 -0
data/inspec.gemspec +1 -1
data/lib/bundles/README.md +0 -0
data/lib/bundles/inspec-artifact.rb +0 -0
data/lib/bundles/inspec-artifact/README.md +0 -0
data/lib/bundles/inspec-artifact/cli.rb +0 -0
data/lib/bundles/inspec-compliance.rb +0 -0
data/lib/bundles/inspec-compliance/.kitchen.yml +0 -0
data/lib/bundles/inspec-compliance/README.md +0 -0
data/lib/bundles/inspec-compliance/api/login.rb +0 -0
data/lib/bundles/inspec-compliance/bootstrap.sh +0 -0
data/lib/bundles/inspec-compliance/cli.rb +12 -35
data/lib/bundles/inspec-compliance/configuration.rb +0 -0
data/lib/bundles/inspec-compliance/http.rb +0 -0
data/lib/bundles/inspec-compliance/images/cc-token.png +0 -0
data/lib/bundles/inspec-compliance/support.rb +0 -0
data/lib/bundles/inspec-compliance/target.rb +0 -0
data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +0 -0
data/lib/bundles/inspec-habitat.rb +0 -0
data/lib/bundles/inspec-habitat/cli.rb +0 -0
data/lib/bundles/inspec-habitat/log.rb +0 -0
data/lib/bundles/inspec-habitat/profile.rb +0 -0
data/lib/bundles/inspec-init.rb +0 -0
data/lib/bundles/inspec-init/README.md +0 -0
data/lib/bundles/inspec-init/cli.rb +0 -0
data/lib/bundles/inspec-init/templates/profile/README.md +0 -0
data/lib/bundles/inspec-init/templates/profile/controls/example.rb +1 -1
data/lib/bundles/inspec-init/templates/profile/inspec.yml +0 -0
data/lib/bundles/inspec-init/templates/profile/libraries/.gitkeep +0 -0
data/lib/bundles/inspec-supermarket.rb +0 -0
data/lib/bundles/inspec-supermarket/README.md +0 -0
data/lib/bundles/inspec-supermarket/api.rb +0 -0
data/lib/bundles/inspec-supermarket/cli.rb +11 -3
data/lib/bundles/inspec-supermarket/target.rb +0 -0
data/lib/fetchers/git.rb +0 -0
data/lib/fetchers/local.rb +0 -0
data/lib/fetchers/mock.rb +0 -0
data/lib/fetchers/url.rb +0 -0
data/lib/inspec.rb +0 -0
data/lib/inspec/archive/tar.rb +0 -0
data/lib/inspec/archive/zip.rb +0 -0
data/lib/inspec/backend.rb +0 -0
data/lib/inspec/base_cli.rb +2 -4
data/lib/inspec/cached_fetcher.rb +0 -0
data/lib/inspec/cli.rb +15 -11
data/lib/inspec/completions/bash.sh.erb +0 -0
data/lib/inspec/completions/fish.sh.erb +0 -0
data/lib/inspec/completions/zsh.sh.erb +0 -0
data/lib/inspec/control_eval_context.rb +0 -0
data/lib/inspec/dependencies/cache.rb +0 -0
data/lib/inspec/dependencies/dependency_set.rb +0 -0
data/lib/inspec/dependencies/lockfile.rb +0 -0
data/lib/inspec/dependencies/requirement.rb +0 -0
data/lib/inspec/dependencies/resolver.rb +0 -0
data/lib/inspec/describe.rb +0 -0
data/lib/inspec/dsl.rb +0 -0
data/lib/inspec/dsl_shared.rb +0 -0
data/lib/inspec/env_printer.rb +0 -0
data/lib/inspec/errors.rb +0 -0
data/lib/inspec/exceptions.rb +0 -0
data/lib/inspec/expect.rb +0 -0
data/lib/inspec/fetcher.rb +0 -0
data/lib/inspec/file_provider.rb +0 -0
data/lib/inspec/formatters.rb +0 -0
data/lib/inspec/formatters/base.rb +43 -1
data/lib/inspec/formatters/json_rspec.rb +0 -0
data/lib/inspec/formatters/show_progress.rb +0 -0
data/lib/inspec/library_eval_context.rb +0 -0
data/lib/inspec/log.rb +0 -0
data/lib/inspec/metadata.rb +3 -9
data/lib/inspec/method_source.rb +0 -0
data/lib/inspec/objects.rb +0 -0
data/lib/inspec/objects/attribute.rb +0 -0
data/lib/inspec/objects/control.rb +0 -0
data/lib/inspec/objects/describe.rb +0 -0
data/lib/inspec/objects/each_loop.rb +0 -0
data/lib/inspec/objects/list.rb +0 -0
data/lib/inspec/objects/or_test.rb +0 -0
data/lib/inspec/objects/ruby_helper.rb +0 -0
data/lib/inspec/objects/tag.rb +0 -0
data/lib/inspec/objects/test.rb +0 -0
data/lib/inspec/objects/value.rb +0 -0
data/lib/inspec/plugins.rb +0 -0
data/lib/inspec/plugins/cli.rb +0 -0
data/lib/inspec/plugins/fetcher.rb +0 -0
data/lib/inspec/plugins/resource.rb +10 -9
data/lib/inspec/plugins/secret.rb +0 -0
data/lib/inspec/plugins/source_reader.rb +0 -0
data/lib/inspec/polyfill.rb +0 -0
data/lib/inspec/profile.rb +0 -0
data/lib/inspec/profile_context.rb +0 -0
data/lib/inspec/profile_vendor.rb +0 -0
data/lib/inspec/reporters.rb +0 -0
data/lib/inspec/reporters/base.rb +0 -0
data/lib/inspec/reporters/cli.rb +12 -51
data/lib/inspec/reporters/json.rb +3 -26
data/lib/inspec/reporters/json_min.rb +0 -0
data/lib/inspec/reporters/junit.rb +0 -0
data/lib/inspec/require_loader.rb +0 -0
data/lib/inspec/resource.rb +11 -1
data/lib/inspec/rule.rb +0 -0
data/lib/inspec/runner.rb +10 -8
data/lib/inspec/runner_mock.rb +0 -0
data/lib/inspec/runner_rspec.rb +18 -2
data/lib/inspec/runtime_profile.rb +0 -0
data/lib/inspec/schema.rb +25 -4
data/lib/inspec/secrets.rb +0 -0
data/lib/inspec/secrets/yaml.rb +0 -0
data/lib/inspec/shell.rb +0 -0
data/lib/inspec/shell_detector.rb +0 -0
data/lib/inspec/source_reader.rb +0 -0
data/lib/inspec/version.rb +1 -1
data/lib/matchers/matchers.rb +1 -59
data/lib/resource_support/aws.rb +40 -0
data/lib/resource_support/aws/aws_backend_base.rb +12 -0
data/lib/resource_support/aws/aws_backend_factory_mixin.rb +12 -0
data/lib/resource_support/aws/aws_plural_resource_mixin.rb +21 -0
data/lib/resource_support/aws/aws_resource_mixin.rb +66 -0
data/lib/resource_support/aws/aws_singular_resource_mixin.rb +24 -0
data/lib/resources/aide_conf.rb +1 -1
data/lib/resources/apache.rb +1 -2
data/lib/resources/apache_conf.rb +2 -4
data/lib/resources/apt.rb +1 -2
data/lib/resources/audit_policy.rb +1 -2
data/lib/resources/auditd.rb +1 -3
data/lib/resources/auditd_conf.rb +1 -2
data/lib/resources/aws/aws_cloudtrail_trail.rb +77 -0
data/lib/resources/aws/aws_cloudtrail_trails.rb +47 -0
data/lib/resources/aws/aws_cloudwatch_alarm.rb +62 -0
data/lib/resources/aws/aws_cloudwatch_log_metric_filter.rb +100 -0
data/lib/resources/aws/aws_ec2_instance.rb +157 -0
data/lib/resources/aws/aws_iam_access_key.rb +106 -0
data/lib/resources/aws/aws_iam_access_keys.rb +144 -0
data/lib/resources/aws/aws_iam_group.rb +56 -0
data/lib/resources/aws/aws_iam_groups.rb +45 -0
data/lib/resources/aws/aws_iam_password_policy.rb +116 -0
data/lib/resources/aws/aws_iam_policies.rb +46 -0
data/lib/resources/aws/aws_iam_policy.rb +119 -0
data/lib/resources/aws/aws_iam_role.rb +51 -0
data/lib/resources/aws/aws_iam_root_user.rb +60 -0
data/lib/resources/aws/aws_iam_user.rb +111 -0
data/lib/resources/aws/aws_iam_users.rb +96 -0
data/lib/resources/aws/aws_kms_keys.rb +46 -0
data/lib/resources/aws/aws_route_table.rb +61 -0
data/lib/resources/aws/aws_s3_bucket.rb +115 -0
data/lib/resources/aws/aws_security_group.rb +93 -0
data/lib/resources/aws/aws_security_groups.rb +68 -0
data/lib/resources/aws/aws_sns_topic.rb +53 -0
data/lib/resources/aws/aws_subnet.rb +88 -0
data/lib/resources/aws/aws_subnets.rb +53 -0
data/lib/resources/aws/aws_vpc.rb +69 -0
data/lib/resources/aws/aws_vpcs.rb +45 -0
data/lib/resources/azure/azure_backend.rb +377 -0
data/lib/resources/azure/azure_generic_resource.rb +59 -0
data/lib/resources/azure/azure_resource_group.rb +152 -0
data/lib/resources/azure/azure_virtual_machine.rb +264 -0
data/lib/resources/azure/azure_virtual_machine_data_disk.rb +136 -0
data/lib/resources/bash.rb +1 -2
data/lib/resources/bond.rb +1 -2
data/lib/resources/bridge.rb +1 -2
data/lib/resources/command.rb +2 -2
data/lib/resources/cpan.rb +1 -3
data/lib/resources/cran.rb +1 -3
data/lib/resources/crontab.rb +1 -0
data/lib/resources/csv.rb +4 -2
data/lib/resources/dh_params.rb +1 -2
data/lib/resources/directory.rb +2 -2
data/lib/resources/docker.rb +1 -4
data/lib/resources/docker_container.rb +1 -4
data/lib/resources/docker_image.rb +1 -4
data/lib/resources/docker_object.rb +0 -0
data/lib/resources/docker_service.rb +1 -5
data/lib/resources/elasticsearch.rb +1 -0
data/lib/resources/etc_fstab.rb +1 -1
data/lib/resources/etc_group.rb +1 -2
data/lib/resources/etc_hosts.rb +1 -1
data/lib/resources/etc_hosts_allow_deny.rb +2 -1
data/lib/resources/file.rb +2 -2
data/lib/resources/filesystem.rb +1 -1
data/lib/resources/firewalld.rb +1 -1
data/lib/resources/gem.rb +2 -3
data/lib/resources/groups.rb +4 -2
data/lib/resources/grub_conf.rb +1 -1
data/lib/resources/host.rb +2 -2
data/lib/resources/http.rb +20 -22
data/lib/resources/iis_app.rb +1 -0
data/lib/resources/iis_site.rb +1 -0
data/lib/resources/inetd_conf.rb +1 -2
data/lib/resources/ini.rb +2 -2
data/lib/resources/interface.rb +2 -3
data/lib/resources/iptables.rb +1 -2
data/lib/resources/json.rb +4 -2
data/lib/resources/kernel_module.rb +1 -4
data/lib/resources/kernel_parameter.rb +1 -1
data/lib/resources/key_rsa.rb +2 -2
data/lib/resources/limits_conf.rb +1 -2
data/lib/resources/login_def.rb +1 -2
data/lib/resources/mount.rb +1 -3
data/lib/resources/mssql_session.rb +1 -3
data/lib/resources/mysql.rb +1 -2
data/lib/resources/mysql_conf.rb +2 -1
data/lib/resources/mysql_session.rb +2 -3
data/lib/resources/nginx.rb +1 -2
data/lib/resources/nginx_conf.rb +1 -2
data/lib/resources/npm.rb +2 -2
data/lib/resources/ntp_conf.rb +1 -2
data/lib/resources/oneget.rb +1 -2
data/lib/resources/oracledb_session.rb +2 -3
data/lib/resources/os.rb +2 -12
data/lib/resources/os_env.rb +2 -2
data/lib/resources/package.rb +2 -2
data/lib/resources/packages.rb +1 -2
data/lib/resources/parse_config.rb +2 -2
data/lib/resources/passwd.rb +1 -23
data/lib/resources/pip.rb +2 -2
data/lib/resources/platform.rb +19 -22
data/lib/resources/port.rb +2 -2
data/lib/resources/postgres.rb +1 -3
data/lib/resources/postgres_conf.rb +2 -3
data/lib/resources/postgres_hba_conf.rb +1 -2
data/lib/resources/postgres_ident_conf.rb +1 -2
data/lib/resources/postgres_session.rb +2 -3
data/lib/resources/powershell.rb +1 -2
data/lib/resources/processes.rb +2 -2
data/lib/resources/rabbitmq_conf.rb +1 -2
data/lib/resources/registry_key.rb +1 -1
data/lib/resources/security_policy.rb +1 -2
data/lib/resources/service.rb +8 -3
data/lib/resources/shadow.rb +1 -2
data/lib/resources/ssh_conf.rb +2 -2
data/lib/resources/ssl.rb +2 -2
data/lib/resources/sys_info.rb +2 -0
data/lib/resources/toml.rb +0 -0
data/lib/resources/users.rb +4 -2
data/lib/resources/vbscript.rb +1 -2
data/lib/resources/virtualization.rb +1 -1
data/lib/resources/windows_feature.rb +1 -2
data/lib/resources/windows_hotfix.rb +1 -1
data/lib/resources/windows_task.rb +1 -2
data/lib/resources/wmi.rb +1 -2
data/lib/resources/x509_certificate.rb +2 -2
data/lib/resources/xinetd.rb +1 -2
data/lib/resources/xml.rb +2 -1
data/lib/resources/yaml.rb +4 -2
data/lib/resources/yum.rb +1 -2
data/lib/resources/zfs_dataset.rb +1 -1
data/lib/resources/zfs_pool.rb +1 -1
data/lib/source_readers/flat.rb +0 -0
data/lib/source_readers/inspec.rb +0 -0
data/lib/utils/command_wrapper.rb +0 -0
data/lib/utils/convert.rb +0 -0
data/lib/utils/database_helpers.rb +0 -0
data/lib/utils/erlang_parser.rb +0 -0
data/lib/utils/filter.rb +0 -0
data/lib/utils/filter_array.rb +0 -0
data/lib/utils/find_files.rb +0 -0
data/lib/utils/hash.rb +0 -0
data/lib/utils/json_log.rb +0 -0
data/lib/utils/latest_version.rb +0 -0
data/lib/utils/modulator.rb +0 -0
data/lib/utils/nginx_parser.rb +0 -0
data/lib/utils/object_traversal.rb +0 -0
data/lib/utils/parser.rb +0 -0
data/lib/utils/plugin_registry.rb +0 -0
data/lib/utils/simpleconfig.rb +0 -12
data/lib/utils/spdx.rb +0 -0
data/lib/utils/spdx.txt +0 -0
metadata +81 -6
data/docs/resources/auditd_rules.md.erb +0 -116
data/lib/resources/auditd_rules.rb +0 -205

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 989b25f3c8ed378cf7ec3580045812b39866fb60
-  data.tar.gz: e84c1fc487dedd86208c9a0ff1802f05e416b4eb
+  metadata.gz: e7923a9284d909a94f986218ff9f89f5241b5952
+  data.tar.gz: e19fc206a4c814a51d24d56902b1a32b63c8a173
 SHA512:
-  metadata.gz: c5692520e23adfaccc539648a4a6a45574500a5f416d69d11fdf815cc2aeccd1022e48e4b6037818418c44429f2271bd7204250763eb66d8f8e2df024b50905e
-  data.tar.gz: 3ffa101802b8512979e14d6d9fd4578219caf589fdd4ee82704cfe78ff0c92bbaf36e1da988fe805111c48256d8d67f3d603da1eff37566a17cf1a1d78c16721
+  metadata.gz: 4e2cb5db850d22b7fba377bc6845e296fc5da8b22dd37b873dd6693a6fe564f2e84e2b2c20c5b8e041714972280ae74da02ff61703298b7a5647d39f48fd66dd
+  data.tar.gz: a71bab78912c612c454ddf3deb5d053bb5e3c61e1c4838594ba4d8d09feffd5813dd1f20e3cee90c38100717982f11ba3a8652d9b19a2974fdf215de6d9a1382

data/.rubocop.yml CHANGED

@@ -8,7 +8,7 @@ AllCops:
   - 'examples/**/*'
   - 'vendor/**/*'
   - 'lib/bundles/inspec-init/templates/**/*'
-  - 'www/tutorial/**/*'
+  - 'www/demo/**/*'
 AlignParameters:
   Enabled: true
 BlockDelimiters:

data/CHANGELOG.md CHANGED

@@ -1,39 +1,44 @@
 # Change Log
 <!-- usage documentation: http://expeditor-docs.es.chef.io/configuration/changelog/ -->
-<!-- latest_release 1.51.25 -->
-## [v1.51.25](https://github.com/chef/inspec/tree/v1.51.25) (2018-05-10)
+<!-- latest_release 2.0.16 -->
+## [v2.0.16](https://github.com/chef/inspec/tree/v2.0.16) (2018-02-20)
 #### Merged Pull Requests
-- Backport ci verify scripts [#3038](https://github.com/chef/inspec/pull/3038) ([miah](https://github.com/miah))
+- HM Mobile IE [#2705](https://github.com/chef/inspec/pull/2705) ([hannah-radish](https://github.com/hannah-radish))
 <!-- latest_release -->
-<!-- release_rollup since=1.51.21 -->
-### Changes since 1.51.21 release
-#### Bug Fixes
-- Allow the depends key to be exposed in json profiles report 1.x [#3035](https://github.com/chef/inspec/pull/3035) ([jquick](https://github.com/jquick)) <!-- 1.51.24 -->
+<!-- release_rollup since=1.51.18 -->
+### Changes since 1.51.18 release
 #### Merged Pull Requests
-- Backport ci verify scripts [#3038](https://github.com/chef/inspec/pull/3038) ([miah](https://github.com/miah)) <!-- 1.51.25 -->
-- cmp should recognise a string being a negative int (#3007) [#3012](https://github.com/chef/inspec/pull/3012) ([james-stocks](https://github.com/james-stocks)) <!-- 1.51.23 -->
-- 1.x - Adjust version test to allow for inspec 2.x being available [#3015](https://github.com/chef/inspec/pull/3015) ([james-stocks](https://github.com/james-stocks)) <!-- 1.51.22 -->
+- HM Mobile IE [#2705](https://github.com/chef/inspec/pull/2705) ([hannah-radish](https://github.com/hannah-radish)) <!-- 2.0.16 -->
+- move /tutorial to /demo [#2700](https://github.com/chef/inspec/pull/2700) ([arlimus](https://github.com/arlimus)) <!-- 2.0.15 -->
+- HM website optimization [#2699](https://github.com/chef/inspec/pull/2699) ([hannah-radish](https://github.com/hannah-radish)) <!-- 2.0.14 -->
+- www: fix sidebar stickiness [#2698](https://github.com/chef/inspec/pull/2698) ([arlimus](https://github.com/arlimus)) <!-- 2.0.13 -->
+- Add correct `supports platform` to resources. [#2674](https://github.com/chef/inspec/pull/2674) ([miah](https://github.com/miah)) <!-- 2.0.12 -->
+- Fix legacy reporter output to file [#2667](https://github.com/chef/inspec/pull/2667) ([jquick](https://github.com/jquick)) <!-- 2.0.11 -->
+- Add example profiles for AWS/Azure [#2680](https://github.com/chef/inspec/pull/2680) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 2.0.10 -->
+- Revert download button [#2684](https://github.com/chef/inspec/pull/2684) ([hannah-radish](https://github.com/hannah-radish)) <!-- 2.0.9 -->
+- Hannah Review1 [#2683](https://github.com/chef/inspec/pull/2683) ([hannah-radish](https://github.com/hannah-radish)) <!-- 2.0.8 -->
+- Capture ArgumentErrors from aws. [#2673](https://github.com/chef/inspec/pull/2673) ([jquick](https://github.com/jquick)) <!-- 2.0.7 -->
+- Fix bundle exec calls [#2670](https://github.com/chef/inspec/pull/2670) ([jquick](https://github.com/jquick)) <!-- 2.0.6 -->
+- Fixes merge conflict messages [#2677](https://github.com/chef/inspec/pull/2677) ([kagarmoe](https://github.com/kagarmoe)) <!-- 2.0.5 -->
+- Add `Release:` to AWS `inspec detect` example [#2672](https://github.com/chef/inspec/pull/2672) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 2.0.4 -->
+- Remove duplicated encryption key test. [#2671](https://github.com/chef/inspec/pull/2671) ([juliandunn](https://github.com/juliandunn)) <!-- 2.0.3 -->
+- Prevent resources from loading if supports check fails [#2665](https://github.com/chef/inspec/pull/2665) ([jquick](https://github.com/jquick)) <!-- 2.0.2 -->
+- Add in release-2.0 changes to master [#2655](https://github.com/chef/inspec/pull/2655) ([jquick](https://github.com/jquick)) <!-- 2.0.1 -->
+- package resource: Fix Windows package detection [#2624](https://github.com/chef/inspec/pull/2624) ([jerryaldrichiii](https://github.com/jerryaldrichiii)) <!-- 1.51.20 -->
+- Fix the /private/var osx issue causing functional tests to fail [#2616](https://github.com/chef/inspec/pull/2616) ([jquick](https://github.com/jquick)) <!-- 1.51.19 -->
 <!-- release_rollup -->
 <!-- latest_stable_release -->
-## [v1.51.21](https://github.com/chef/inspec/tree/v1.51.21) (2018-02-20)
-#### Merged Pull Requests
-- Fix the /private/var osx issue causing functional tests to fail [#2616](https://github.com/chef/inspec/pull/2616) ([jquick](https://github.com/jquick))
-- package resource: Fix Windows package detection [#2624](https://github.com/chef/inspec/pull/2624) ([jerryaldrichiii](https://github.com/jerryaldrichiii))
-- Fix legacy reporter output to file (inspec-v1.x) [#2689](https://github.com/chef/inspec/pull/2689) ([jquick](https://github.com/jquick))
-<!-- latest_stable_release -->
 ## [v1.51.18](https://github.com/chef/inspec/tree/v1.51.18) (2018-02-12)
 #### Merged Pull Requests
 - Force a default reporter for ad-hoc runners [#2610](https://github.com/chef/inspec/pull/2610) ([jquick](https://github.com/jquick))
 - Allow ad-hoc runners to use rspec formats. [#2621](https://github.com/chef/inspec/pull/2621) ([jquick](https://github.com/jquick))
 - Add json fields to schema and add tests. [#2618](https://github.com/chef/inspec/pull/2618) ([jquick](https://github.com/jquick))
+<!-- latest_stable_release -->
 ## [v1.51.15](https://github.com/chef/inspec/tree/v1.51.15) (2018-02-09)

data/Gemfile CHANGED

@@ -8,6 +8,7 @@ if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.2.2')
 end
 gem 'ffi', '>= 1.9.14'
+gem 'aws-sdk', '~> 2'
 group :test do
   gem 'bundler', '~> 1.5'
@@ -15,11 +16,12 @@ group :test do
   gem 'rake', '>= 10'
   gem 'rubocop', '= 0.49.1'
   gem 'simplecov', '~> 0.10'
-  gem 'concurrent-ruby', '~> 0.9'
+  gem 'concurrent-ruby', '~> 1.0'
   gem 'mocha', '~> 1.1'
   gem 'ruby-progressbar', '~> 1.8'
   gem 'webmock', '~> 2.3.2'
   gem 'jsonschema', '~> 2.0.2'
+  gem 'passgen'
   gem 'm'
 end

data/LICENSE CHANGED

File without changes

data/MAINTAINERS.md CHANGED

File without changes

data/MAINTAINERS.toml CHANGED

File without changes

data/README.md CHANGED

@@ -242,6 +242,18 @@ inspec exec test.rb --sudo [--sudo-password ...] [--sudo-options ...] [--sudo_co
 # run in a subshell
 inspec exec test.rb --shell [--shell-options ...] [--shell-command ...]
+# run a profile targeting AWS using env vars
+inspec exec test.rb -t aws://
+# or store your AWS credentials in your ~/.aws/credentials profiles file
+inspec exec test.rb -t aws://us-east-2/my-profile
+# run a profile targeting Azure using env vars
+inspec exec test.rb -t azure://
+# or store your Azure credentials in your ~/.azure/credentials profiles file
+inspec exec test.rb -t azure://subscription_id
 ```
 ### detect
@@ -322,6 +334,7 @@ You may also [browse the Supermarket for shared Compliance Profiles](https://sup
 InSpec is inspired by the wonderful [Serverspec](http://serverspec.org) project. Kudos to [mizzy](https://github.com/mizzy) and [all contributors](https://github.com/mizzy/serverspec/graphs/contributors)!
+The AWS resources were inspired by [inspec-aws](https://github.com/arothian/inspec-aws) from [arothian](https://github.com/arothian).
 ## Contribute
@@ -339,10 +352,11 @@ The InSpec community and maintainers are very active and helpful. This project b
 ## Testing InSpec
-We perform `unit` and `integration` tests.
+We offer `unit`, `integration`, and `aws` tests.
 - `unit` tests ensure the intended behaviour of the implementation
 - `integration` tests run against Docker-based VMs via test-kitchen and [kitchen-inspec](https://github.com/chef/kitchen-inspec)
+- `aws` tests exercise the AWS resources against real AWS accounts
 ### Unit tests
@@ -360,7 +374,6 @@ You may also run a single test within a file by line number:
 ```bash
 bundle exec m test/unit/resources/user_test.rb -l 123
-```
 ### Integration tests
@@ -396,14 +409,20 @@ You may test all instances in parallel with:
 bundle exec kitchen test -c
 ```
+### AWS Tests
+Use the rake task `bundle exec rake test:aws` to test the AWS resources against a pair of real AWS accounts.
+Please see TESTING_AGAINST_AWS.md for details on how to setup the needed AWS accounts to perform testing.
 ## License
 |  |  |
 | ------ | --- |
 | **Author:** | Dominik Richter (<drichter@chef.io>) |
 | **Author:** | Christoph Hartmann (<chartmann@chef.io>) |
-| **Copyright:** | Copyright (c) 2015 Chef Software Inc. |
 | **Copyright:** | Copyright (c) 2015 Vulcano Security GmbH. |
+| **Copyright:** | Copyright (c) 2017 Chef Software Inc. |
 | **License:** | Apache License, Version 2.0 |
 Licensed under the Apache License, Version 2.0 (the "License");

data/Rakefile CHANGED

@@ -4,9 +4,16 @@
 require 'bundler'
 require 'bundler/gem_tasks'
 require 'rake/testtask'
+require 'passgen'
+require 'train'
 require_relative 'tasks/maintainers'
 require_relative 'tasks/spdx'
+def prompt(message)
+  print(message)
+  STDIN.gets.chomp
+end
 # The docs tasks rely on ruby-progressbar. If we can't load it, then don't
 # load the docs tasks. This is necessary to allow this Rakefile to work
 # when the "tests" gem group in the Gemfile has been excluded, such as
@@ -84,6 +91,116 @@ namespace :test do
     sh('sh', '-c', sh_cmd)
   end
+  project_dir = File.dirname(__FILE__)
+  namespace :aws do
+    ['default', 'minimal'].each do |account|
+      integration_dir = File.join(project_dir, 'test', 'aws', account)
+      attribute_file = File.join(integration_dir, '.attribute.yml')
+      task :"setup:#{account}", :tf_workspace do |t, args|
+        tf_workspace = args[:tf_workspace] || ENV['INSPEC_TERRAFORM_ENV']
+        abort("You must either call the top-level test:aws:#{account} task, or set the INSPEC_TERRAFORM_ENV variable.") unless tf_workspace
+        puts "----> Setup"
+        abort("You must set the environment variable AWS_REGION") unless ENV['AWS_REGION']
+        puts "----> Checking for required AWS profile..."
+        sh("aws configure get aws_access_key_id --profile inspec-aws-test-#{account} > /dev/null")
+        sh("cd #{integration_dir}/build/ && terraform init")
+        sh("cd #{integration_dir}/build/ && terraform workspace new #{tf_workspace}")
+        sh("cd #{integration_dir}/build/ && AWS_PROFILE=inspec-aws-test-#{account} terraform plan")
+        sh("cd #{integration_dir}/build/ && AWS_PROFILE=inspec-aws-test-#{account} terraform apply")
+        Rake::Task["test:aws:dump_attrs:#{account}"].execute
+      end
+      task :"dump_attrs:#{account}" do
+        sh("cd #{integration_dir}/build/ && AWS_PROFILE=inspec-aws-test-#{account} terraform output > #{attribute_file}")
+        raw_output = File.read(attribute_file)
+        yaml_output = raw_output.gsub(" = ", " : ")
+        File.open(attribute_file, "w") {|file| file.puts yaml_output}
+      end
+      task :"run:#{account}" do
+        puts "----> Run"
+        sh("bundle exec inspec exec #{integration_dir}/verify -t aws://${AWS_REGION}/inspec-aws-test-#{account} --attrs #{attribute_file}")
+      end
+      task :"cleanup:#{account}", :tf_workspace do |t, args|
+        tf_workspace = args[:tf_workspace] || ENV['INSPEC_TERRAFORM_ENV']
+        abort("You must either call the top-level test:aws:#{account} task, or set the INSPEC_TERRAFORM_ENV variable.") unless tf_workspace
+        puts "----> Cleanup"
+        sh("cd #{integration_dir}/build/ && AWS_PROFILE=inspec-aws-test-#{account} terraform destroy -force")
+        sh("cd #{integration_dir}/build/ && terraform workspace select default")
+        sh("cd #{integration_dir}/build && terraform workspace delete #{tf_workspace}")
+      end
+      task :"#{account}" do
+        tf_workspace = ENV['INSPEC_TERRAFORM_ENV'] || prompt("Please enter a workspace for your integration tests to run in: ")
+        begin
+          Rake::Task["test:aws:setup:#{account}"].execute({:tf_workspace => tf_workspace})
+          Rake::Task["test:aws:run:#{account}"].execute
+        rescue
+          abort("Integration testing has failed for the #{account} account")
+        ensure
+          Rake::Task["test:aws:cleanup:#{account}"].execute({:tf_workspace => tf_workspace})
+        end
+      end
+    end
+  end
+  desc "Perform AWS Integration Tests"
+  task aws: [:'aws:default', :'aws:minimal']
+  namespace :azure do
+    # Specify the directory for the integration tests
+    integration_dir = 'test/azure'
+    task :init_workspace do
+      # Initialize terraform workspace
+      sh("cd #{integration_dir}/build/ && terraform init")
+    end
+    task :setup_integration_tests do
+      puts '----> Setup'
+      creds = Train.create('azure').connection.connect
+      # Determine the storage account name and the admin password
+      sa_name = (0...15).map { (65 + rand(26)).chr }.join.downcase
+      admin_password = Passgen::generate(length: 12, uppercase: true, lowercase: true, symbols: true, digits: true)
+      # Use the first 4 characters of the storage account to create a suffix
+      suffix = sa_name[0..3]
+      # Create the plan that can be applied to Azure
+      cmd = format("cd %s/build/ && terraform plan -var 'subscription_id=%s' -var 'client_id=%s' -var 'client_secret=%s' -var 'tenant_id=%s' -var 'storage_account_name=%s' -var 'admin_password=%s' -var 'suffix=%s' -out inspec-azure.plan", integration_dir, creds[:subscription_id], creds[:client_id], creds[:client_secret], creds[:tenant_id], sa_name, admin_password, suffix)
+      sh(cmd)
+      # Apply the plan on Azure
+      cmd = format("cd %s/build/ && terraform apply inspec-azure.plan", integration_dir)
+      sh(cmd)
+    end
+    task :run_integration_tests do
+      puts '----> Run'
+      sh("bundle exec inspec exec #{integration_dir}/verify -t azure://1e0b427a-d58b-494e-ae4f-ee558463ebbf")
+    end
+    task :cleanup_integration_tests do
+      puts '----> Cleanup'
+      creds = Train.create('azure').connection.connect
+      cmd = format("cd %s/build/ && terraform destroy -force -var 'subscription_id=%s' -var 'client_id=%s' -var 'client_secret=%s' -var 'tenant_id=%s' -var 'admin_password=dummy' -var 'storage_account_name=dummy' -var 'suffix=dummy'", integration_dir, creds[:subscription_id], creds[:client_id], creds[:client_secret], creds[:tenant_id])
+      sh(cmd)
+    end
+  end
+  desc "Perform Azure Integration Tests"
+  task :azure do
+    Rake::Task['test:azure:init_workspace'].execute
+    Rake::Task['test:azure:cleanup_integration_tests'].execute
+    Rake::Task['test:azure:setup_integration_tests'].execute
+    Rake::Task['test:azure:run_integration_tests'].execute
+    Rake::Task['test:azure:cleanup_integration_tests'].execute
+  end
 end
 # Print the current version of this gem or update it.

data/docs/.gitignore CHANGED

File without changes

data/docs/README.md CHANGED

File without changes

data/docs/dsl_inspec.md CHANGED

File without changes

data/docs/dsl_resource.md CHANGED

File without changes

data/docs/glossary.md CHANGED

File without changes

data/docs/habitat.md CHANGED

File without changes

data/docs/inspec_and_friends.md CHANGED

File without changes

data/docs/matchers.md CHANGED

File without changes

data/docs/migration.md CHANGED

File without changes

data/docs/platforms.md ADDED

@@ -0,0 +1,119 @@
+# Using InSpec 2.0 on Cloud Platforms
+We are pleased to announce that with this release of InSpec 2.0, we have expanded our platform support beyond individual machines and now include support for select AWS and Azure resources.
+With InSpec 2.0, you may now use several InSpec resources to audit properties of your cloud infrastructure - for example, an Amazon Web Services S3 bucket.
+<br>
+## AWS Platform Support in InSpec 2.0
+### Setting up AWS credentials for InSpec
+InSpec uses the standard AWS authentication mechanisms. Typically, you will create an IAM user specifically for auditing activities.
+* 1 Create an IAM user in the AWS console, with your choice of username. Check the box marked "Programmatic Access."
+* 2 On the Permissions screen, choose Direct Attach. Select the AWS-managed IAM Profile named "ReadOnlyAccess." If you wish to restrict the user further, you may do so; see individual InSpec resources to identify which permissions are required.
+* 3 After generating the key, record the Access Key ID and Secret Key.
+#### Using Environment Variables to provide credentials
+You may provide the credentials to InSpec by setting the following environment variables: `AWS_REGION`, `AWS_ACCESS_KEY_ID`, and `AWS_SECRET_KEY_ID`. You may also use `AWS_PROFILE`, or if you are using MFA, `AWS_SESSION_TOKEN`. See the [AWS Command Line Interface Docs](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html) for details.
+Once you have your environment variables set, you can verify your credentials by running:
+```bash
+you$ inspec detect -t aws://
+== Platform Details
+Name:      aws
+Families:  cloud, api
+Release:   aws-sdk-v2.10.125
+```
+#### Using the InSpec target option to provide credentials on AWS
+Look for a file in your home directory named `~/.aws/credentials`. If it does not exist, create it. Choose a name for your profile; here, we're using the name 'auditing'. Add your credentials as a new profile, in INI format:
+```bash
+[auditing]
+aws_access_key_id = AKIA....
+aws_secret_access_key = 1234....abcd
+```
+You may now run InSpec using the `--target` / `-t` option, using the format `-t aws://region/profile`.  For example, to connect to the Ohio region using a profile named 'auditing', use `-t aws://us-east-2/auditing`.
+To verify your credentials,
+```bash
+you$ inspec detect -t aws://
+== Platform Details
+Name:      aws
+Families:  cloud, api
+Release:   aws-sdk-v2.10.125
+```
+<br>
+## Azure Platform Support in InSpec 2.0
+### Setting up Azure credentials for InSpec
+To use InSpec Azure resources, you will need to create a Service Principal Name (SPN) for auditing an Azure subscription.
+This can be done on the command line or from the Azure Portal:
+* [Azure CLI](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-authenticate-service-principal-cli)
+* [PowerShell](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-authenticate-service-principal)
+* [Azure Portal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal)
+The information from the SPN can be specified either in the file `~/.azure/credentials`, as environment variables, or by using InSpec target URIs.
+#### Setting up the Azure Credentials File
+By default InSpec is configured to look at ~/.azure/credentials, and it should contain:
+```powershell
+[<SUBSCRIPTION_ID>]
+client_id = "<CLIENT_ID>"
+client_secret = "<CLIENT_SECRET>"
+tenant_id = "<TENANT_ID>"
+```
+NOTE: In the Azure web portal, these values are labeled differently:
+* The client_id is referred to as the 'Application ID'
+* The client_secret is referred to as the 'Key (Password Type)'
+* The tenant_id is referred to as the 'Directory ID'
+With the credentials are in place you may now execute InSpec:
+```bash
+inspec exec my-inspec-profile -t azure://
+```
+#### Using Environment variables to provide credentials
+You may also set the Azure credentials via environment variables:
+* `AZURE_SUBSCRIPTION_ID`
+* `AZURE_CLIENT_ID`
+* `AZURE_CLIENT_SECRET`
+* `AZURE_TENANT_ID`
+For example:
+```bash
+AZURE_SUBSCRIPTION_ID="2fbdbb02-df2e-11e6-bf01-fe55135034f3" \
+AZURE_CLIENT_ID="58dc4f6c-df2e-11e6-bf01-fe55135034f3" \
+AZURE_CLIENT_SECRET="Jibr4iwwaaZwBb6W" \
+AZURE_TENANT_ID="6ad89b58-df2e-11e6-bf01-fe55135034f3" inspec exec my-profile -t azure://
+```
+#### Using the InSpec target option to provide credentials on Azure
+If you have created a `~/.azure/credentials` file as above, you may also use the InSpec command line `--target` / `-t` option to select a subscription ID.  For example:
+```bash
+inspec exec my-profile -t azure://2fbdbb02-df2e-11e6-bf01-fe55135034f3
+```