kitchen-inspec 0.13.0 → 0.14.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +15 -2
- data/README.md +60 -0
- data/kitchen-inspec.gemspec +1 -1
- data/lib/kitchen/verifier/inspec.rb +1 -0
- data/lib/kitchen/verifier/inspec_version.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 12e0244f6f8231b73abc271a20ae85f26d84d4b9
|
|
4
|
+
data.tar.gz: 8bf60418497ab80811e8bca84e6dd3f75a495712
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bcc928b7bc21bd215b60ba4886695c5dc8793e934934f3adc9b3411d72500f45fa70e539816e49fda381aa3619e688327c718158b0f407d960e45b380f819096
|
|
7
|
+
data.tar.gz: b22388950f4736a52017a66b057df4846540d62fbc2aba5e1496bbbc613bf7f93d51d4d2b01c58b8f44fd8dc919f9729057a4e385b110475b7579010830653ab
|
data/CHANGELOG.md
CHANGED
|
@@ -1,7 +1,20 @@
|
|
|
1
1
|
# Change Log
|
|
2
2
|
|
|
3
|
-
## [0.
|
|
4
|
-
[Full Changelog](https://github.com/chef/kitchen-inspec/compare/v0.
|
|
3
|
+
## [0.14.0](https://github.com/chef/kitchen-inspec/tree/0.14.0) (2016-05-25)
|
|
4
|
+
[Full Changelog](https://github.com/chef/kitchen-inspec/compare/v0.13.0...0.14.0)
|
|
5
|
+
|
|
6
|
+
**Closed issues:**
|
|
7
|
+
|
|
8
|
+
- How to verify with a local profile [\#88](https://github.com/chef/kitchen-inspec/issues/88)
|
|
9
|
+
|
|
10
|
+
**Merged pull requests:**
|
|
11
|
+
|
|
12
|
+
- update readme with remote profile handling [\#89](https://github.com/chef/kitchen-inspec/pull/89) ([chris-rock](https://github.com/chris-rock))
|
|
13
|
+
- depend on inspec 0.22+ [\#87](https://github.com/chef/kitchen-inspec/pull/87) ([chris-rock](https://github.com/chris-rock))
|
|
14
|
+
- support for sudo\_command [\#86](https://github.com/chef/kitchen-inspec/pull/86) ([jeremymv2](https://github.com/jeremymv2))
|
|
15
|
+
|
|
16
|
+
## [v0.13.0](https://github.com/chef/kitchen-inspec/tree/v0.13.0) (2016-05-10)
|
|
17
|
+
[Full Changelog](https://github.com/chef/kitchen-inspec/compare/v0.12.5...v0.13.0)
|
|
5
18
|
|
|
6
19
|
**Implemented enhancements:**
|
|
7
20
|
|
data/README.md
CHANGED
|
@@ -30,6 +30,14 @@ verifier:
|
|
|
30
30
|
name: inspec
|
|
31
31
|
```
|
|
32
32
|
|
|
33
|
+
Optionally specify sudo and sudo_command
|
|
34
|
+
```
|
|
35
|
+
verifier:
|
|
36
|
+
name: inspec
|
|
37
|
+
sudo: true
|
|
38
|
+
sudo_command: 'skittles'
|
|
39
|
+
```
|
|
40
|
+
|
|
33
41
|
### Directory Structure
|
|
34
42
|
|
|
35
43
|
By default `kitchen-inspec` expects test to be in `test/integration/%suite%` directory structure (we use Chef as provisioner here):
|
|
@@ -92,6 +100,58 @@ If you need support with other testing frameworks, we recommend to place the tes
|
|
|
92
100
|
└── web_spec.rb
|
|
93
101
|
```
|
|
94
102
|
|
|
103
|
+
### Use remote InSpec profiles
|
|
104
|
+
|
|
105
|
+
In case you want to reuse tests across multiple cookbooks, they should become an extra artifact independent of a Chef cookbook, call [InSpec profiles](https://github.com/chef/inspec/blob/master/docs/profiles.rst). Those can be easiliy added to existing local tests as demonstrated in previous sections. To include remote profiles, adapt the `verifier` attributes in `.kitchen.yml`
|
|
106
|
+
|
|
107
|
+
```
|
|
108
|
+
suites:
|
|
109
|
+
- name: default
|
|
110
|
+
verifier:
|
|
111
|
+
inspec_tests:
|
|
112
|
+
- https://github.com/dev-sec/tests-ssh-hardening
|
|
113
|
+
```
|
|
114
|
+
|
|
115
|
+
`inspec_tests` accepts all values that `inspec exec profile` would expect. We support:
|
|
116
|
+
|
|
117
|
+
* local directory eg. `/path/to/profile`
|
|
118
|
+
* github url `https://github.com/dev-sec/tests-ssh-hardening`
|
|
119
|
+
* Chef Supermarket `supermarket://hardening/ssh-hardening` (list all available profiles with `inspec supermarket profiles`)
|
|
120
|
+
* Chef Compliance `compliance://base/ssh`
|
|
121
|
+
|
|
122
|
+
The following example illustrates the usage in a `.kitchen.yml`
|
|
123
|
+
|
|
124
|
+
```
|
|
125
|
+
suites:
|
|
126
|
+
- name: contains_inspec
|
|
127
|
+
run_list:
|
|
128
|
+
- recipe[apt]
|
|
129
|
+
- recipe[yum]
|
|
130
|
+
- recipe[ssh-hardening]
|
|
131
|
+
verifier:
|
|
132
|
+
inspec_tests:
|
|
133
|
+
- https://github.com/dev-sec/tests-ssh-hardening
|
|
134
|
+
- name: supermarket
|
|
135
|
+
run_list:
|
|
136
|
+
- recipe[apt]
|
|
137
|
+
- recipe[yum]
|
|
138
|
+
- recipe[ssh-hardening]
|
|
139
|
+
verifier:
|
|
140
|
+
inspec_tests:
|
|
141
|
+
- supermarket://hardening/ssh-hardening
|
|
142
|
+
# before you are able to use the compliance plugin, you need to run
|
|
143
|
+
# insecure is only required if you use self-signed certificates
|
|
144
|
+
# $ inspec compliance login https://compliance.test --user admin --insecure --token ''
|
|
145
|
+
- name: compliance
|
|
146
|
+
run_list:
|
|
147
|
+
- recipe[apt]
|
|
148
|
+
- recipe[yum]
|
|
149
|
+
- recipe[ssh-hardening]
|
|
150
|
+
verifier:
|
|
151
|
+
inspec_tests:
|
|
152
|
+
- compliance://base/ssh
|
|
153
|
+
```
|
|
154
|
+
|
|
95
155
|
## Development
|
|
96
156
|
|
|
97
157
|
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
data/kitchen-inspec.gemspec
CHANGED
|
@@ -20,7 +20,7 @@ Gem::Specification.new do |spec|
|
|
|
20
20
|
spec.bindir = 'exe'
|
|
21
21
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
|
22
22
|
spec.require_paths = ['lib']
|
|
23
|
-
spec.add_dependency 'inspec', '>=0.
|
|
23
|
+
spec.add_dependency 'inspec', '>=0.22.0', '<1.0.0'
|
|
24
24
|
spec.add_dependency 'test-kitchen', '~> 1.6'
|
|
25
25
|
spec.add_development_dependency 'countloc', '~> 0.4'
|
|
26
26
|
spec.add_development_dependency 'bundler', '~> 1.10'
|
|
@@ -143,6 +143,7 @@ module Kitchen
|
|
|
143
143
|
'logger' => logger,
|
|
144
144
|
# pass-in sudo config from kitchen verifier
|
|
145
145
|
'sudo' => config[:sudo],
|
|
146
|
+
'sudo_command' => config[:sudo_command],
|
|
146
147
|
'host' => kitchen[:hostname],
|
|
147
148
|
'port' => kitchen[:port],
|
|
148
149
|
'user' => kitchen[:username],
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: kitchen-inspec
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.14.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Fletcher Nichol
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-05-
|
|
11
|
+
date: 2016-05-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: inspec
|
|
@@ -16,7 +16,7 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.22.0
|
|
20
20
|
- - "<"
|
|
21
21
|
- !ruby/object:Gem::Version
|
|
22
22
|
version: 1.0.0
|
|
@@ -26,7 +26,7 @@ dependencies:
|
|
|
26
26
|
requirements:
|
|
27
27
|
- - ">="
|
|
28
28
|
- !ruby/object:Gem::Version
|
|
29
|
-
version: 0.
|
|
29
|
+
version: 0.22.0
|
|
30
30
|
- - "<"
|
|
31
31
|
- !ruby/object:Gem::Version
|
|
32
32
|
version: 1.0.0
|
|
@@ -172,7 +172,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
172
172
|
version: '0'
|
|
173
173
|
requirements: []
|
|
174
174
|
rubyforge_project:
|
|
175
|
-
rubygems_version: 2.
|
|
175
|
+
rubygems_version: 2.4.6
|
|
176
176
|
signing_key:
|
|
177
177
|
specification_version: 4
|
|
178
178
|
summary: A Test Kitchen Verifier for InSpec
|