inspec 3.6.6 → 3.7.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 90e04c89090a258fa5a4d935ab067275c5de0a5ca7782468cfce06724a011f4f
-  data.tar.gz: e2f19a2d08ce57fa6724f645299a9e92b01b50e9098f51cbfb9f08363f30bbdc
+  metadata.gz: 5fac8050f287e7724b43ec98cc5d315849aeabe1ba832068c30eab5d1c2e990f
+  data.tar.gz: 5779e58ee9fb65084d06c3a118fff3f9f99083436f747a60230c34a857a6e71f
 SHA512:
-  metadata.gz: e9538cdecc9989f89c6fc45b0caec1a6d6c5b6ab6da029a3a128d0be5a563b376c323fd0b00a8bd7f012d7ae264f0db0bbae6de5e56ac591eaa1308d614fd8ee
-  data.tar.gz: '0709d10065ed6589747007e82f12115b011494485b555ba04ee7edfcd6cdd47d170518fa71c34792af9ae5ca1be115cb61448c6b930a13145e1422548b267190'
+  metadata.gz: f13bf3144f139198a8443ac4db6e8e0bb1c3ac38cc3c2aaec9169544d90133991888d25f98c74ff3634440fd269cf9ddfb3231b69129c7d6aedf69ef934ff335
+  data.tar.gz: 5f6587a9d8716b90b79d024f3d486a76ae8f77ec85ab72b4e0f1232261b7c0a88cf399d35c5e59ee52559d8ef946e2a6a4c9dd4ac23dd95dfb195a5c7865d419

data/Gemfile

@@ -22,7 +22,10 @@ group :test do
 end
 
 group :integration do
-  gem 'berkshelf', '~> 5.2'
+  # this version check can be removed when inspec no longer support ruby 2.3
+  if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('2.4')
+    gem 'berkshelf', '~> 7'
+  end
   gem 'test-kitchen', '>= 1.24'
   gem 'kitchen-vagrant'
   # we need winrm v2 support >= 0.15.1

data/README.md

@@ -288,9 +288,9 @@ Remote Targets
 | ---------------------------- | ------------------------------------------------ | ------------- |
 | AIX                          | 6.1, 7.1, 7.2                                    | ppc64         |
 | CentOS                       | 5, 6, 7                                          | i386, x86_64  |
-| Debian                       | 7, 8                                             | i386, x86_64  |
-| FreeBSD                      | 9, 10                                            | i386, amd64   |
-| Mac OS X                     | 10.9, 10.10, 10.11                               | x86_64        |
+| Debian                       | 7, 8, 9                                          | i386, x86_64  |
+| FreeBSD                      | 9, 10, 11                                        | i386, amd64   |
+| Mac OS X                     | 10.9, 10.10, 10.11, 10.12, 10.13, 10.14          | x86_64        |
 | Oracle Enterprise Linux      | 5, 6, 7                                          | i386, x86_64  |
 | Red Hat Enterprise Linux     | 5, 6, 7                                          | i386, x86_64  |
 | Solaris                      | 10, 11                                           | sparc, x86    |
@@ -299,7 +299,7 @@ Remote Targets
 | SUSE Linux Enterprise Server | 11, 12                                           | x86_64        |
 | Scientific Linux             | 5.x, 6.x and 7.x                                 | i386, x86_64  |
 | Fedora                       |                                                  | x86_64        |
-| OpenSUSE                     | 13.1/13.2/42.1                                   | x86_64        |
+| OpenSUSE                     | 13, 42                                           | x86_64        |
 | OmniOS                       |                                                  | x86_64        |
 | Gentoo Linux                 |                                                  | x86_64        |
 | Arch Linux                   |                                                  | x86_64        |
@@ -311,7 +311,7 @@ In addition, runtime support is provided for:
 
 | Platform | Versions |
 | -------- | -------- |
-| Debian   | 8        |
+| Debian   | 8, 9     |
 | RHEL     | 6, 7     |
 | Ubuntu   | 12.04+   |
 | Windows  | 7+       |
@@ -440,7 +440,7 @@ Please see [TESTING_AGAINST_AZURE.md](./test/integration/aws/TESTING_AGAINST_AZU
 | **Author:**    | Dominik Richter (<drichter@chef.io>)      |
 | **Author:**    | Christoph Hartmann (<chartmann@chef.io>)  |
 | **Copyright:** | Copyright (c) 2015 Vulcano Security GmbH. |
-| **Copyright:** | Copyright (c) 2017 Chef Software Inc.     |
+| **Copyright:** | Copyright (c) 2017-2018 Chef Software Inc.|
 | **License:**   | Apache License, Version 2.0               |
 
 Licensed under the Apache License, Version 2.0 (the "License");
@@ -453,4 +453,4 @@ Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
-limitations under the License. 
+limitations under the License.

data/etc/deprecations.json

@@ -14,6 +14,16 @@
     "filesystem_property_size": {
       "action": "ignore",
       "comment": "See #3778"
+    },
+    "rename_attributes_to_inputs": {
+      "action": "ignore",
+      "prefix": "InSpec Attributes are being renamed to InSpec Inputs to avoid confusion with Chef Attributes.",
+      "comment": "See #3802"
+    },
+    "aws_resources_in_resource_pack": {
+      "comment": "See #3822",
+      "action": "ignore",
+      "prefix": "AWS resources shipped with core InSpec are being to moved to a resource pack for faster iteration. Please update your profiles to depend on git@github.com:inspec/inspec-aws.git ."
     }
   }
 }

data/lib/inspec.rb

@@ -16,7 +16,7 @@ require 'inspec/runner'
 require 'inspec/shell'
 require 'inspec/formatters'
 require 'inspec/reporters'
-require 'inspec/attribute_registry'
+require 'inspec/input_registry'
 require 'inspec/rspec_extensions'
 require 'inspec/globals'
 require 'inspec/impact'

data/lib/inspec/base_cli.rb

@@ -108,7 +108,7 @@ module Inspec
         banner: 'one two:/output/file/path',
         desc: 'Enable one or more output reporters: cli, documentation, html, progress, json, json-min, json-rspec, junit, yaml'
       option :attrs, type: :array,
-        desc: 'Load attributes file (experimental)'
+        desc: 'Load one or more input files, a YAML file with values for the profile to use'
       option :create_lockfile, type: :boolean,
         desc: 'Write out a lockfile based on this execution (unless one already exists)'
       option :backend_cache, type: :boolean,

data/lib/inspec/cli.rb

@@ -216,7 +216,7 @@ class Inspec::InspecCLI < Inspec::BaseCLI
       inspec exec /path/to/profile
       ```
 
-    Local single test (doesn't allow attributes or custom resources)
+    Local single test (doesn't allow inputs or custom resources)
       ```
       inspec exec /path/to/a_test.rb
       ```

data/lib/inspec/config.rb

@@ -71,6 +71,8 @@ module Inspec
     #      transport name prefixed, which is stripped before being added
     #      to the creds hash)
     #  * the --target CLI option, which is interpreted:
+    #     - as a transport://credset format, which looks up the creds in
+    #       the config file in the credentials section
     #     - as an arbitrary URI, which is parsed by Train.unpack_target_from_uri
 
     def unpack_train_credentials
@@ -82,8 +84,9 @@ module Inspec
       credentials.merge!(_utc_generic_credentials)
 
       _utc_determine_backend(credentials)
-      credentials.merge!(Train.unpack_target_from_uri(final_options[:target] || '')) # TODO: this will be replaced with the credset work
       transport_name = credentials[:backend].to_s
+
+      _utc_merge_credset(credentials, transport_name)
       _utc_merge_transport_options(credentials, transport_name)
 
       # Convert to all-Symbol keys
@@ -137,6 +140,33 @@ module Inspec
       credentials[:backend] = transport_name.to_s # these are indeed stored in Train as Strings.
     end
 
+    def _utc_merge_credset(credentials, transport_name)
+      # Look for Config File credentials/transport_name/credset
+      credset_name = _utc_find_credset_name(credentials, transport_name)
+
+      if credset_name
+        credset = @cfg_file_contents.dig('credentials', transport_name, credset_name)
+        if credset
+          credentials.merge!(credset)
+        else
+          # OK, we had a target that looked like transport://something
+          # But we don't know what that something is - there was no
+          # matching credset with it.  Let train parse it.
+          credentials.merge!(Train.unpack_target_from_uri(final_options[:target]))
+        end
+      elsif final_options.key?(:target)
+        # Not sure what target looked like at all!
+        # Let train parse it.
+        credentials.merge!(Train.unpack_target_from_uri(final_options[:target]))
+      end
+    end
+
+    def _utc_find_credset_name(_credentials, transport_name)
+      return nil unless final_options[:target]
+      match = final_options[:target].match(%r{^#{transport_name}://(?<credset_name>[\w\d\-]+)$})
+      match ? match[:credset_name] : nil
+    end
+
     #-----------------------------------------------------------------------#
     #                         Reading Config Files
     #-----------------------------------------------------------------------#

data/lib/inspec/control_eval_context.rb

@@ -27,7 +27,7 @@ module Inspec
 
         # allow attributes to be accessed within control blocks
         define_method :attribute do |name|
-          Inspec::AttributeRegistry.find_attribute(name, profile_id).value
+          Inspec::InputRegistry.find_input(name, profile_id).value
         end
 
         # Support for Control DSL plugins.
@@ -167,12 +167,12 @@ module Inspec
           profile_context_owner.register_rule(control, &block) unless control.nil?
         end
 
-        # method for attributes; import attribute handling
+        # method for inputs; import input handling
         define_method :attribute do |name, options = nil|
           if options.nil?
-            Inspec::AttributeRegistry.find_attribute(name, profile_id).value
+            Inspec::InputRegistry.find_input(name, profile_id).value
           else
-            profile_context_owner.register_attribute(name, options)
+            profile_context_owner.register_input(name, options)
           end
         end
 

data/lib/inspec/errors.rb

@@ -18,29 +18,29 @@ module Inspec
   class ConfigError::MalformedJson < ConfigError; end
   class ConfigError::Invalid < ConfigError; end
 
-  class Attribute
+  class Input
     class Error < Inspec::Error; end
     class ValidationError < Error
-      attr_accessor :attribute_name
-      attr_accessor :attribute_value
-      attr_accessor :attribute_type
+      attr_accessor :input_name
+      attr_accessor :input_value
+      attr_accessor :input_type
     end
     class TypeError < Error
-      attr_accessor :attribute_type
+      attr_accessor :input_type
     end
     class RequiredError < Error
-      attr_accessor :attribute_name
+      attr_accessor :input_name
     end
   end
 
-  class AttributeRegistry
+  class InputRegistry
     class Error < Inspec::Error; end
-    class ProfileError < Error
+    class ProfileLookupError < Error
       attr_accessor :profile_name
     end
-    class AttributeError < Error
+    class InputLookupError < Error
       attr_accessor :profile_name
-      attr_accessor :attribute_name
+      attr_accessor :input_name
     end
   end
 

data/lib/inspec/exceptions.rb

@@ -3,8 +3,8 @@
 
 module Inspec
   module Exceptions
-    class AttributesFileDoesNotExist < ArgumentError; end
-    class AttributesFileNotReadable < ArgumentError; end
+    class InputsFileDoesNotExist < ArgumentError; end
+    class InputsFileNotReadable < ArgumentError; end
     class ResourceFailed < StandardError; end
     class ResourceSkipped < StandardError; end
     class SecretsBackendNotFound < ArgumentError; end

data/lib/inspec/{attribute_registry.rb → input_registry.rb}

@@ -1,9 +1,9 @@
 require 'forwardable'
 require 'singleton'
-require 'inspec/objects/attribute'
+require 'inspec/objects/input'
 
 module Inspec
-  class AttributeRegistry
+  class InputRegistry
     include Singleton
     extend Forwardable
 
@@ -15,54 +15,54 @@ module Inspec
 
     # These self methods are convenience methods so you dont always
     # have to specify instance when calling the registry
-    def self.find_attribute(name, profile)
-      instance.find_attribute(name, profile)
+    def self.find_input(name, profile)
+      instance.find_input(name, profile)
     end
 
-    def self.register_attribute(name, profile, options = {})
-      instance.register_attribute(name, profile, options)
+    def self.register_input(name, profile, options = {})
+      instance.register_input(name, profile, options)
     end
 
     def self.register_profile_alias(name, alias_name)
       instance.register_profile_alias(name, alias_name)
     end
 
-    def self.list_attributes_for_profile(profile)
-      instance.list_attributes_for_profile(profile)
+    def self.list_inputs_for_profile(profile)
+      instance.list_inputs_for_profile(profile)
     end
 
     def initialize
-      # this is a collection of profiles which have a value of attribute objects
+      # this is a collection of profiles which have a value of input objects
       @list = {}
 
       # this is a list of optional profile name overrides set in the inspec.yml
       @profile_aliases = {}
     end
 
-    def find_attribute(name, profile)
+    def find_input(name, profile)
       profile = @profile_aliases[profile] if !profile_exist?(profile) && @profile_aliases[profile]
       unless profile_exist?(profile)
-        error = Inspec::AttributeRegistry::ProfileError.new
+        error = Inspec::InputRegistry::ProfileLookupError.new
         error.profile_name = profile
-        raise error, "Profile '#{error.profile_name}' does not have any attributes"
+        raise error, "Profile '#{error.profile_name}' does not have any inputs"
       end
 
       unless list[profile].key?(name)
-        error = Inspec::AttributeRegistry::AttributeError.new
-        error.attribute_name = name
+        error = Inspec::InputRegistry::InputLookupError.new
+        error.input_name = name
         error.profile_name = profile
-        raise error, "Profile '#{error.profile_name}' does not have an attribute with name '#{error.attribute_name}'"
+        raise error, "Profile '#{error.profile_name}' does not have an input with name '#{error.input_name}'"
       end
       list[profile][name]
     end
 
-    def register_attribute(name, profile, options = {})
+    def register_input(name, profile, options = {})
       # check for a profile override name
       if profile_exist?(profile) && list[profile][name] && options.empty?
         list[profile][name]
       else
         list[profile] = {} unless profile_exist?(profile)
-        list[profile][name] = Inspec::Attribute.new(name, options)
+        list[profile][name] = Inspec::Input.new(name, options)
       end
     end
 
@@ -70,7 +70,7 @@ module Inspec
       @profile_aliases[name] = alias_name
     end
 
-    def list_attributes_for_profile(profile)
+    def list_inputs_for_profile(profile)
       list[profile] = {} unless profile_exist?(profile)
       list[profile]
     end

data/lib/inspec/objects.rb

@@ -1,7 +1,7 @@
 # encoding: utf-8
 
 module Inspec
-  autoload :Attribute, 'inspec/objects/attribute'
+  autoload :Input, 'inspec/objects/input'
   autoload :Tag, 'inspec/objects/tag'
   autoload :Control, 'inspec/objects/control'
   autoload :Describe, 'inspec/objects/describe'

data/lib/inspec/objects/{attribute.rb → input.rb}

@@ -2,21 +2,22 @@
 
 require 'utils/deprecation'
 
+# For backwards compatibility during the rename (see #3802),
+# maintain the Inspec::Attribute namespace for people checking for
+# Inspec::Attribute::DEFAULT_ATTRIBUTE
 module Inspec
   class Attribute
-    attr_accessor :name
-
-    VALID_TYPES = %w{
-      String
-      Numeric
-      Regexp
-      Array
-      Hash
-      Boolean
-      Any
-    }.freeze
+    # This only exists to create the Inspec::Attribute::DEFAULT_ATTRIBUTE symbol with a class
+    class DEFAULT_ATTRIBUTE; end # rubocop: disable Style/ClassAndModuleCamelCase
+  end
+end
 
-    DEFAULT_ATTRIBUTE = Class.new do
+module Inspec
+  class Input
+    # This special class is used to represent the value when an input has
+    # not been assigned a value. This allows a user to explicitly assign nil
+    # to an input.
+    class NO_VALUE_SET # rubocop: disable Style/ClassAndModuleCamelCase
       def initialize(name)
         @name = name
 
@@ -37,17 +38,49 @@ module Inspec
       end
 
       def to_s
-        "Attribute '#{@name}' does not have a value. Skipping test."
+        "Input '#{@name}' does not have a value. Skipping test."
+      end
+
+      def is_a?(klass)
+        if klass == Inspec::Attribute::DEFAULT_ATTRIBUTE
+          Inspec.deprecate(:rename_attributes_to_inputs, "Don't check for `is_a?(Inspec::Attribute::DEFAULT_ATTRIBUTE)`, check for `Inspec::Input::NO_VALUE_SET")
+          true # lie for backward compatibility
+        else
+          super(klass)
+        end
+      end
+
+      def kind_of?(klass)
+        if klass == Inspec::Attribute::DEFAULT_ATTRIBUTE
+          Inspec.deprecate(:rename_attributes_to_inputs, "Don't check for `kind_of?(Inspec::Attribute::DEFAULT_ATTRIBUTE)`, check for `Inspec::Input::NO_VALUE_SET")
+          true # lie for backward compatibility
+        else
+          super(klass)
+        end
       end
     end
+  end
+
+  class Input
+    attr_accessor :name
+
+    VALID_TYPES = %w{
+      String
+      Numeric
+      Regexp
+      Array
+      Hash
+      Boolean
+      Any
+    }.freeze
 
     def initialize(name, options = {})
       @name = name
       @opts = options
       if @opts.key?(:default)
-        Inspec.deprecate(:attrs_value_replaces_default, "attribute name: '#{name}'")
+        Inspec.deprecate(:attrs_value_replaces_default, "input name: '#{name}'")
         if @opts.key?(:value)
-          Inspec::Log.warn "Attribute #{@name} created using both :default and :value options - ignoring :default"
+          Inspec::Log.warn "Input #{@name} created using both :default and :value options - ignoring :default"
           @opts.delete(:default)
         else
           @opts[:value] = @opts.delete(:default)
@@ -104,7 +137,7 @@ module Inspec
     end
 
     def to_s
-      "Attribute #{@name} with #{@value}"
+      "Input #{@name} with #{@value}"
     end
 
     private
@@ -115,9 +148,9 @@ module Inspec
 
       # value will be set already if a secrets file was passed in
       if (!@opts.key?(:default) && value.nil?) || (@opts[:default].nil? && value.nil?)
-        error = Inspec::Attribute::RequiredError.new
-        error.attribute_name = @name
-        raise error, "Attribute '#{error.attribute_name}' is required and does not have a value."
+        error = Inspec::Input::RequiredError.new
+        error.input_name = @name
+        raise error, "Input '#{error.input_name}' is required and does not have a value."
       end
     end
 
@@ -129,9 +162,9 @@ module Inspec
       }
       type = abbreviations[type] if abbreviations.key?(type)
       if !VALID_TYPES.include?(type)
-        error = Inspec::Attribute::TypeError.new
-        error.attribute_type = type
-        raise error, "Type '#{error.attribute_type}' is not a valid attribute type."
+        error = Inspec::Input::TypeError.new
+        error.input_type = type
+        raise error, "Type '#{error.input_type}' is not a valid input type."
       end
       type
     end
@@ -168,17 +201,17 @@ module Inspec
       end
 
       if invalid_type == true
-        error = Inspec::Attribute::ValidationError.new
-        error.attribute_name = @name
-        error.attribute_value = value
-        error.attribute_type = type
-        raise error, "Attribute '#{error.attribute_name}' with value '#{error.attribute_value}' does not validate to type '#{error.attribute_type}'."
+        error = Inspec::Input::ValidationError.new
+        error.input_name = @name
+        error.input_value = value
+        error.input_type = type
+        raise error, "Input '#{error.input_name}' with value '#{error.input_value}' does not validate to type '#{error.input_type}'."
       end
     end
     # rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
 
     def value_or_dummy
-      @opts.key?(:value) ? @opts[:value] : DEFAULT_ATTRIBUTE.new(@name)
+      @opts.key?(:value) ? @opts[:value] : Inspec::Input::NO_VALUE_SET.new(@name)
     end
   end
 end

data/lib/inspec/profile.rb

@@ -5,7 +5,7 @@
 
 require 'forwardable'
 require 'openssl'
-require 'inspec/attribute_registry'
+require 'inspec/input_registry'
 require 'inspec/polyfill'
 require 'inspec/cached_fetcher'
 require 'inspec/file_provider'
@@ -97,7 +97,7 @@ module Inspec
       @profile_id = options[:id]
       @profile_name = options[:profile_name]
       @cache = options[:vendor_cache] || Cache.new
-      @attr_values = options[:attributes]
+      @input_values = options[:inputs]
       @tests_collected = false
       @libraries_loaded = false
       @check_mode = options[:check_mode] || false
@@ -120,22 +120,22 @@ module Inspec
 
       @runner_context =
         options[:profile_context] ||
-        Inspec::ProfileContext.for_profile(self, @backend, @attr_values)
+        Inspec::ProfileContext.for_profile(self, @backend, @input_values)
 
       @supports_platform = metadata.supports_platform?(@backend)
       @supports_runtime = metadata.supports_runtime?
-      register_metadata_attributes
+      register_metadata_inputs
     end
 
-    def register_metadata_attributes
+    def register_metadata_inputs # TODO: deprecate
       if metadata.params.key?(:attributes) && metadata.params[:attributes].is_a?(Array)
         metadata.params[:attributes].each do |attribute|
           attr_dup = attribute.dup
           name = attr_dup.delete(:name)
-          @runner_context.register_attribute(name, attr_dup)
+          @runner_context.register_input(name, attr_dup)
         end
       elsif metadata.params.key?(:attributes)
-        Inspec::Log.warn 'Attributes must be defined as an Array. Skipping current definition.'
+        Inspec::Log.warn 'Inputs must be defined as an Array. Skipping current definition.'
       end
     end
 
@@ -297,12 +297,12 @@ module Inspec
         group
       end
 
-      # add information about the required attributes
-      if res[:attributes].nil? || res[:attributes].empty?
-        # convert to array for backwords compatability
-        res[:attributes] = []
+      # add information about the required inputs
+      if res[:inputs].nil? || res[:inputs].empty?
+        # convert to array for backwards compatability
+        res[:inputs] = []
       else
-        res[:attributes] = res[:attributes].values.map(&:to_hash)
+        res[:inputs] = res[:inputs].values.map(&:to_hash)
       end
       res[:sha256] = sha256
       res[:parent_profile] = parent_profile unless parent_profile.nil?
@@ -530,7 +530,7 @@ module Inspec
         backend: @backend,
         parent_profile: name,
       }
-      Inspec::DependencySet.from_lockfile(lockfile, config, { attributes: @attr_values })
+      Inspec::DependencySet.from_lockfile(lockfile, config, { inputs: @input_values })
     end
 
     # Calculate this profile's SHA256 checksum. Includes metadata, dependencies,
@@ -595,7 +595,7 @@ module Inspec
         f = load_rule_filepath(prefix, rule)
         load_rule(rule, f, controls, groups)
       end
-      params[:attributes] = @runner_context.attributes
+      params[:inputs] = @runner_context.inputs
       params
     end
 

data/lib/inspec/profile_context.rb

@@ -8,17 +8,17 @@ require 'inspec/library_eval_context'
 require 'inspec/control_eval_context'
 require 'inspec/require_loader'
 require 'securerandom'
-require 'inspec/objects/attribute'
+require 'inspec/objects/input'
 
 module Inspec
   class ProfileContext
-    def self.for_profile(profile, backend, attributes)
+    def self.for_profile(profile, backend, inputs)
       new(profile.name, backend, { 'profile' => profile,
-                                   'attributes' => attributes,
+                                   'inputs' => inputs,
                                    'check_mode' => profile.check_mode })
     end
 
-    attr_reader :attributes, :backend, :profile_name, :profile_id, :resource_registry
+    attr_reader :inputs, :backend, :profile_name, :profile_id, :resource_registry
     attr_accessor :rules
     def initialize(profile_id, backend, conf)
       if backend.nil?
@@ -34,8 +34,8 @@ module Inspec
       @control_subcontexts = []
       @lib_subcontexts = []
       @require_loader = ::Inspec::RequireLoader.new
-      Inspec::AttributeRegistry.register_profile_alias(@profile_id, @profile_name) if @profile_id != @profile_name
-      @attributes = Inspec::AttributeRegistry.list_attributes_for_profile(@profile_id)
+      Inspec::InputRegistry.register_profile_alias(@profile_id, @profile_name) if @profile_id != @profile_name
+      @inputs = Inspec::InputRegistry.list_inputs_for_profile(@profile_id)
       # A local resource registry that only contains resources defined
       # in the transitive dependency tree of the loaded profile.
       @resource_registry = Inspec::Resource.new_registry
@@ -187,11 +187,11 @@ module Inspec
       end
     end
 
-    def register_attribute(name, options = {})
-      # we need to return an attribute object, to allow dermination of default values
-      attribute = Inspec::AttributeRegistry.register_attribute(name, @profile_id, options)
-      attribute.value = @conf['attributes'][name] unless @conf['attributes'].nil? || @conf['attributes'][name].nil?
-      attribute.value
+    def register_input(name, options = {})
+      # we need to return an input object, to allow dermination of values
+      input = Inspec::InputRegistry.register_input(name, @profile_id, options)
+      input.value = @conf['inputs'][name] unless @conf['inputs'].nil? || @conf['inputs'][name].nil?
+      input.value
     end
 
     def set_header(field, val)

data/lib/inspec/reporters/json.rb

@@ -107,7 +107,7 @@ module Inspec::Reporters
           copyright: p[:copyright],
           copyright_email: p[:copyright_email],
           supports: p[:supports],
-          attributes: p[:attributes],
+          attributes: (p[:inputs] ? p[:inputs] : p[:attributes]), # TODO: rename exposed field to inputs, see #3802
           parent_profile: p[:parent_profile],
           depends: p[:depends],
           groups: profile_groups(p),

data/lib/inspec/rspec_extensions.rb

@@ -1,4 +1,4 @@
-require 'inspec/attribute_registry'
+require 'inspec/input_registry'
 require 'inspec/plugin/v2'
 require 'rspec/core/example_group'
 
@@ -64,9 +64,9 @@ module Inspec
 end
 
 class RSpec::Core::ExampleGroup
-  # This DSL method allows us to access the values of attributes within InSpec tests
+  # This DSL method allows us to access the values of inputs within InSpec tests
   def attribute(name)
-    Inspec::AttributeRegistry.find_attribute(name, self.class.metadata[:profile_id]).value
+    Inspec::InputRegistry.find_input(name, self.class.metadata[:profile_id]).value
   end
   define_example_method :attribute
 

data/lib/inspec/runner.rb

@@ -32,7 +32,13 @@ module Inspec
   class Runner
     extend Forwardable
 
-    attr_reader :backend, :rules, :attributes
+    attr_reader :backend, :rules, :inputs
+
+    def attributes
+      Inspec.deprecate(:rename_attributes_to_inputs, "Don't call runner.attributes, call runner.inputs")
+      inputs
+    end
+
     def initialize(conf = {})
       @rules = []
       # If we were handed a Hash config (by audit cookbook or kitchen-inspec),
@@ -51,10 +57,10 @@ module Inspec
         RunnerRspec.new(@conf)
       end
 
-      # list of profile attributes
-      @attributes = {}
+      # list of profile inputs
+      @inputs = {}
 
-      load_attributes(@conf)
+      load_inputs(@conf)
       configure_transport
     end
 
@@ -95,7 +101,7 @@ module Inspec
           @test_collector.add_profile(requirement.profile)
         end
 
-        @attributes = profile.runner_context.attributes if @attributes.empty?
+        @inputs = profile.runner_context.inputs if @inputs.empty?
         tests = profile.collect_tests
         all_controls += tests unless tests.nil?
       end
@@ -143,25 +149,26 @@ module Inspec
       @test_collector.exit_code
     end
 
-    # determine all attributes before the execution, fetch data from secrets backend
-    def load_attributes(options)
+    # determine all inputs before the execution, fetch data from secrets backend
+    def load_inputs(options)
+      # TODO: - rename :attributes and :attrs - these are both user-visible
       options[:attributes] ||= {}
 
       secrets_targets = options[:attrs]
       return options[:attributes] if secrets_targets.nil?
 
       secrets_targets.each do |target|
-        validate_attributes_file_readability!(target)
+        validate_inputs_file_readability!(target)
 
         secrets = Inspec::SecretsBackend.resolve(target)
         if secrets.nil?
           raise Inspec::Exceptions::SecretsBackendNotFound,
-                "Cannot find parser for attributes file '#{target}'. " \
+                "Cannot find parser for inputs file '#{target}'. " \
                 'Check to make sure file has the appropriate extension.'
         end
 
-        next if secrets.attributes.nil?
-        options[:attributes].merge!(secrets.attributes)
+        next if secrets.inputs.nil?
+        options[:attributes].merge!(secrets.inputs)
       end
 
       options[:attributes]
@@ -173,7 +180,7 @@ module Inspec
     #
     # A target is a path or URL that points to a profile. Using this
     # target we generate a Profile and a ProfileContext. The content
-    # (libraries, tests, and attributes) from the Profile are loaded
+    # (libraries, tests, and inputs) from the Profile are loaded
     # into the ProfileContext.
     #
     # If the profile depends on other profiles, those profiles will be
@@ -198,7 +205,7 @@ module Inspec
                                            vendor_cache: @cache,
                                            backend: @backend,
                                            controls: @controls,
-                                           attributes: @conf[:attributes])
+                                           inputs: @conf[:attributes]) # TODO: read form :inputs here (user visible)
       raise "Could not resolve #{target} to valid input." if profile.nil?
       @target_profiles << profile if supports_profile?(profile)
     end
@@ -289,16 +296,16 @@ module Inspec
       examples.each { |e| @test_collector.add_test(e, rule) }
     end
 
-    def validate_attributes_file_readability!(target)
+    def validate_inputs_file_readability!(target)
       unless File.exist?(target)
-        raise Inspec::Exceptions::AttributesFileDoesNotExist,
-              "Cannot find attributes file '#{target}'. " \
+        raise Inspec::Exceptions::InputsFileDoesNotExist,
+              "Cannot find input file '#{target}'. " \
               'Check to make sure file exists.'
       end
 
       unless File.readable?(target)
-        raise Inspec::Exceptions::AttributesFileNotReadable,
-              "Cannot read attributes file '#{target}'. " \
+        raise Inspec::Exceptions::InputsFileNotReadable,
+              "Cannot read input file '#{target}'. " \
               'Check to make sure file is readable.'
       end
 

data/lib/inspec/schema.rb

@@ -153,7 +153,7 @@ module Inspec
           'type' => 'array',
           'items' => CONTROL_GROUP,
         },
-        'attributes' => {
+        'attributes' => { # TODO: rename to inputs, refs #3802
           'type' => 'array',
           # TODO: more detailed specification needed
         },

data/lib/inspec/secrets/yaml.rb

@@ -6,7 +6,7 @@ module Secrets
   class YAML < Inspec.secrets(1)
     name 'yaml'
 
-    attr_reader :attributes
+    attr_reader :inputs
 
     def self.resolve(target)
       unless target.is_a?(String) && File.file?(target) && ['.yml', '.yaml'].include?(File.extname(target).downcase)
@@ -17,14 +17,14 @@ module Secrets
 
     # array of yaml file paths
     def initialize(target)
-      @attributes = ::YAML.load_file(target)
+      @inputs = ::YAML.load_file(target)
 
-      if @attributes == false || !@attributes.is_a?(Hash)
+      if @inputs == false || !@inputs.is_a?(Hash)
         Inspec::Log.warn("#{self.class} unable to parse #{target}: invalid YAML or contents is not a Hash")
-        @attributes = nil
+        @inputs = nil
       end
     rescue => e
-      raise "Error reading InSpec attributes: #{e}"
+      raise "Error reading InSpec inputs: #{e}"
     end
   end
 end

data/lib/inspec/version.rb

@@ -4,5 +4,5 @@
 # author: Christoph Hartmann
 
 module Inspec
-  VERSION = '3.6.6'
+  VERSION = '3.7.1'
 end

data/lib/plugins/inspec-compliance/lib/inspec-compliance/cli.rb

@@ -141,7 +141,7 @@ module InspecPlugins
         configure_logger(o)
 
         # only run against the mock backend, otherwise we run against the local system
-        o[:backend] = Inspec::Backend.create(target: 'mock://')
+        o[:backend] = Inspec::Backend.create(Inspec::Config.mock)
         o[:check_mode] = true
         o[:vendor_cache] = Inspec::Cache.new(o[:vendor_cache])
 

data/lib/plugins/inspec-init/test/functional/inspec_init_profile_test.rb

@@ -62,15 +62,27 @@ class InitCli < MiniTest::Test
     end
   end
 
+  def test_generating_inspec_profile_aws
+    Dir.mktmpdir do |dir|
+      profile = File.join(dir, 'test-aws-profile')
+      out = run_inspec_process("init profile --platform aws test-aws-profile", prefix: "cd #{dir} &&")
+      assert_equal 0, out.exit_status
+      assert_includes out.stdout, 'Creating new profile at'
+      assert_includes out.stdout, profile
+      assert_includes Dir.entries(profile).join, 'inspec.yml'
+      assert_includes Dir.entries(profile).join, 'README.md'
+    end
+  end
+
   def test_generating_inspec_profile_os
     Dir.mktmpdir do |dir|
-      profile = File.join(dir,'test-os-profile')
+      profile = File.join(dir, 'test-os-profile')
       out = run_inspec_process("init profile --platform os test-os-profile", prefix: "cd #{dir} &&")
       assert_equal 0, out.exit_status
       assert_includes out.stdout, 'Creating new profile at'
       assert_includes out.stdout, profile
       assert_includes Dir.entries(profile).join, 'inspec.yml'
       assert_includes Dir.entries(profile).join, 'README.md'
-   end
+    end
   end
 end

data/lib/resource_support/aws/aws_resource_mixin.rb

@@ -1,5 +1,6 @@
 module AwsResourceMixin
   def initialize(resource_params = {})
+    Inspec.deprecate(:aws_resources_in_resource_pack, "Resource '#{@__resource_name__}'")
     validate_params(resource_params).each do |param, value|
       instance_variable_set(:"@#{param}", value)
     end

data/lib/resources/postgres.rb

@@ -9,6 +9,28 @@ module Inspec::Resources
 
     attr_reader :service, :data_dir, :conf_dir, :conf_path, :version, :cluster
     def initialize
+      # determine dirs and service based on versions
+      determine_dirs
+      determine_service
+
+      # print warnings if the dirs do not exist
+      verify_dirs
+
+      if !@version.nil? && !@conf_dir.empty?
+        @conf_path = File.join @conf_dir, 'postgresql.conf'
+      else
+        @conf_path = nil
+        return skip_resource 'Seems like PostgreSQL is not installed on your system'
+      end
+    end
+
+    def to_s
+      'PostgreSQL'
+    end
+
+    private
+
+    def determine_dirs
       if inspec.os.debian?
         #
         # https://wiki.debian.org/PostgreSql
@@ -33,26 +55,18 @@ module Inspec::Resources
         end
         @data_dir = locate_data_dir_location_by_version(@version)
       end
-
-      @service = 'postgresql'
-      @service += "-#{@version}" if @version.to_f >= 9.4
       @conf_dir ||= @data_dir
-
-      verify_dirs
-      if !@version.nil? && !@conf_dir.empty?
-        @conf_path = File.join @conf_dir, 'postgresql.conf'
-      else
-        @conf_path = nil
-        return skip_resource 'Seems like PostgreSQL is not installed on your system'
-      end
     end
 
-    def to_s
-      'PostgreSQL'
+    def determine_service
+      @service = 'postgresql'
+      if @version.to_i >= 10
+        @service += "-#{@version.to_i}"
+      elsif @version.to_f >= 9.4
+        @service += "-#{@version}"
+      end
     end
 
-    private
-
     def verify_dirs
       warn "Default postgresql configuration directory: #{@conf_dir} does not exist. " \
         "Postgresql may not be installed or we've misidentified the configuration " \
@@ -71,6 +85,8 @@ module Inspec::Resources
     def locate_data_dir_location_by_version(ver = @version)
       dir_list = [
         "/var/lib/pgsql/#{ver}/data",
+        # for 10, the versions are just stored in `10` although their version `10.7`
+        "/var/lib/pgsql/#{ver.to_i}/data",
         '/var/lib/pgsql/data',
         '/var/lib/postgres/data',
         '/var/lib/postgresql/data',

data/lib/utils/pkey_reader.rb

@@ -1,15 +1,15 @@
 module PkeyReader
   def read_pkey(filecontent, passphrase)
-    raise_if_default(passphrase)
+    raise_if_unset(passphrase)
 
     OpenSSL::PKey.read(filecontent, passphrase)
   rescue OpenSSL::PKey::PKeyError
     raise Inspec::Exceptions::ResourceFailed, 'passphrase error'
   end
 
-  def raise_if_default(passphrase)
-    if passphrase.is_a? Inspec::Attribute::DEFAULT_ATTRIBUTE
-      raise Inspec::Exceptions::ResourceFailed, 'Please provide default value for attribute'
+  def raise_if_unset(passphrase)
+    if passphrase.is_a? Inspec::Input::NO_VALUE_SET
+      raise Inspec::Exceptions::ResourceFailed, 'Please provide a value for input for openssl key passphrase'
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec
 version: !ruby/object:Gem::Version
-  version: 3.6.6
+  version: 3.7.1
 platform: ruby
 authors:
 - Dominik Richter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-02-12 00:00:00.000000000 Z
+date: 2019-03-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: train
@@ -386,7 +386,6 @@ files:
 - lib/inspec.rb
 - lib/inspec/archive/tar.rb
 - lib/inspec/archive/zip.rb
-- lib/inspec/attribute_registry.rb
 - lib/inspec/backend.rb
 - lib/inspec/base_cli.rb
 - lib/inspec/cached_fetcher.rb
@@ -416,15 +415,16 @@ files:
 - lib/inspec/formatters/show_progress.rb
 - lib/inspec/globals.rb
 - lib/inspec/impact.rb
+- lib/inspec/input_registry.rb
 - lib/inspec/library_eval_context.rb
 - lib/inspec/log.rb
 - lib/inspec/metadata.rb
 - lib/inspec/method_source.rb
 - lib/inspec/objects.rb
-- lib/inspec/objects/attribute.rb
 - lib/inspec/objects/control.rb
 - lib/inspec/objects/describe.rb
 - lib/inspec/objects/each_loop.rb
+- lib/inspec/objects/input.rb
 - lib/inspec/objects/list.rb
 - lib/inspec/objects/or_test.rb
 - lib/inspec/objects/ruby_helper.rb
@@ -511,11 +511,6 @@ files:
 - lib/plugins/inspec-init/lib/inspec-init/cli_plugin.rb
 - lib/plugins/inspec-init/lib/inspec-init/cli_profile.rb
 - lib/plugins/inspec-init/lib/inspec-init/renderer.rb
-- lib/plugins/inspec-init/lib/inspec-init/templates/profiles/aws/README.md
-- lib/plugins/inspec-init/lib/inspec-init/templates/profiles/aws/attributes.yml
-- lib/plugins/inspec-init/lib/inspec-init/templates/profiles/aws/controls/example.rb
-- lib/plugins/inspec-init/lib/inspec-init/templates/profiles/aws/inspec.yml
-- lib/plugins/inspec-init/lib/inspec-init/templates/profiles/aws/libraries/.gitkeep
 - lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/Gemfile
 - lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/LICENSE
 - lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/README.md
@@ -532,6 +527,11 @@ files:
 - lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/unit/README.md
 - lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/unit/cli_args_test.rb
 - lib/plugins/inspec-init/templates/plugins/inspec-plugin-template/test/unit/plugin_def_test.rb
+- lib/plugins/inspec-init/templates/profiles/aws/README.md
+- lib/plugins/inspec-init/templates/profiles/aws/attributes.yml
+- lib/plugins/inspec-init/templates/profiles/aws/controls/example.rb
+- lib/plugins/inspec-init/templates/profiles/aws/inspec.yml
+- lib/plugins/inspec-init/templates/profiles/aws/libraries/.gitkeep
 - lib/plugins/inspec-init/templates/profiles/gcp/README.md
 - lib/plugins/inspec-init/templates/profiles/gcp/attributes.yml
 - lib/plugins/inspec-init/templates/profiles/gcp/controls/example.rb