kitchen-inspec 0.12.5 → 0.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.kitchen.yml +17 -0
- data/.travis.yml +21 -18
- data/Berksfile +3 -0
- data/CHANGELOG.md +25 -2
- data/README.md +22 -0
- data/Rakefile +2 -2
- data/kitchen-inspec.gemspec +1 -1
- data/lib/kitchen/verifier/inspec.rb +23 -5
- data/lib/kitchen/verifier/inspec_version.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1550e107066496cc82de6a4c8fed0c30ad25e609
|
|
4
|
+
data.tar.gz: 27d3125555dfb9218339585fc28c8bdec9d02433
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f82e8302a41797b5af2c7760099329d377e2285942129e844840230ec78ca7981a79c66ce9d458f91c665e67955471daaef43896b3de86ee22a7e2bcbb504ce2
|
|
7
|
+
data.tar.gz: 754da22a5f8feb494d2b7329054d622c6c34fd9e04f0c449331054d76633f916b35dcbbd3e27c9bbca4f32258a4c0433d6cd5320782552457371bae1886749fc
|
data/.kitchen.yml
CHANGED
|
@@ -30,3 +30,20 @@ suites:
|
|
|
30
30
|
verifier:
|
|
31
31
|
inspec_tests:
|
|
32
32
|
- https://github.com/nathenharvey/tmp_compliance_profile
|
|
33
|
+
- name: supermarket
|
|
34
|
+
run_list:
|
|
35
|
+
- recipe[apt]
|
|
36
|
+
- recipe[ssh-hardening]
|
|
37
|
+
verifier:
|
|
38
|
+
inspec_tests:
|
|
39
|
+
- supermarket://hardening/ssh-hardening
|
|
40
|
+
# before you are able to use the compliance plugin, you need to run
|
|
41
|
+
# insecure is only required if you use self-signed certificates
|
|
42
|
+
# $ inspec compliance login https://compliance.test --user admin --insecure --token ''
|
|
43
|
+
- name: compliance
|
|
44
|
+
run_list:
|
|
45
|
+
- recipe[apt]
|
|
46
|
+
- recipe[ssh-hardening]
|
|
47
|
+
verifier:
|
|
48
|
+
inspec_tests:
|
|
49
|
+
- compliance://base/ssh
|
data/.travis.yml
CHANGED
|
@@ -1,27 +1,30 @@
|
|
|
1
|
-
---
|
|
2
1
|
sudo: required
|
|
3
2
|
language: ruby
|
|
4
3
|
cache: bundler
|
|
5
|
-
|
|
6
|
-
# necessary for docker to work
|
|
7
4
|
dist: trusty
|
|
8
5
|
services:
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
bundler_args: --without integration guard tools
|
|
12
|
-
|
|
6
|
+
- docker
|
|
7
|
+
bundler_args: "--without integration guard tools"
|
|
13
8
|
before_install:
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
9
|
+
- gem install bundler
|
|
10
|
+
- gem --version
|
|
17
11
|
matrix:
|
|
18
12
|
include:
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
13
|
+
- rvm: 1.9.3
|
|
14
|
+
- rvm: 2.0
|
|
15
|
+
- rvm: 2.1
|
|
16
|
+
- rvm: ruby-head
|
|
17
|
+
- rvm: 2.2
|
|
18
|
+
bundler_args: "--without guard tools"
|
|
19
|
+
script: bundle exec rake test:integration OS='default profile contains_inspec'
|
|
20
|
+
- rvm: 2.2
|
|
21
|
+
bundler_args: "--without guard tools"
|
|
22
|
+
script: bundle exec rake test:integration OS='supermarket'
|
|
26
23
|
allow_failures:
|
|
27
|
-
|
|
24
|
+
- rvm: ruby-head
|
|
25
|
+
deploy:
|
|
26
|
+
provider: rubygems
|
|
27
|
+
on:
|
|
28
|
+
tags: true
|
|
29
|
+
api_key:
|
|
30
|
+
secure: lfOpkVSc5+O6mSc1JXEBRuJtNrQm2WxDyClovsV1tfKb54doutDD4fOoogQFUwu3Yq9kujer8KuqZaxzRd/DwQGkTFBGt3KgMEpCUZlRLCD1v81/xnc61DU37PeZMbfdQt0OeioTcyNoBrmjCggu3nmb4dIMZgRMi69qR/OGejz1FVun1d5PmdJ8jckU/wzwttISkHzkAaY55NBEZc8oLA7ekUo+1gnKM4+0YskP6lKg7Wf3r//neTvd0qXG9iHdc1laHnSEevrMrzzcsN4oWn+MXiT7cWB1Xh/MUc4wFCy1CJnw9rmX2YT20994avApJJRu3WVZ+gt0cxVPy7sux1qCG3KcMI0ei6jJuy8akRraYwFt4/CWAZXh41SNMGkvZEQU9J/3sxhCUeS5bGm6IYYWNczFPEgWRXAGOXgFflLE6+NaCT3KtCG3G994aPCFiiz5cc/n9nrsncLsXmL+4MlF+foA2UkT44/VwQTJK1UIBKqXscghR1FzD0It/Y3Gqe+fcKb2Wq77v3dC4IBmWncXDk3LjT36+T4C0hctsaaSjopSc7CyI4HE3MkwqPqJ8PPjlz36/d+42MkNFHE6dd2wPMtWVSfC1AsNf9k79GCSU+f3lYgZK1mjvR3Hx1MZGEfgvJHpZH2S4eOqiV+c9C+PPNUXRaYRyapIa+H4qow=
|
data/Berksfile
CHANGED
data/CHANGELOG.md
CHANGED
|
@@ -1,10 +1,33 @@
|
|
|
1
1
|
# Change Log
|
|
2
2
|
|
|
3
|
-
## [0.
|
|
4
|
-
[Full Changelog](https://github.com/chef/kitchen-inspec/compare/v0.12.
|
|
3
|
+
## [0.13.0](https://github.com/chef/kitchen-inspec/tree/0.13.0) (2016-05-10)
|
|
4
|
+
[Full Changelog](https://github.com/chef/kitchen-inspec/compare/v0.12.5...0.13.0)
|
|
5
|
+
|
|
6
|
+
**Implemented enhancements:**
|
|
7
|
+
|
|
8
|
+
- Supermarket and Compliance support [\#84](https://github.com/chef/kitchen-inspec/pull/84) ([chris-rock](https://github.com/chris-rock))
|
|
9
|
+
- add more debug messages [\#82](https://github.com/chef/kitchen-inspec/pull/82) ([chris-rock](https://github.com/chris-rock))
|
|
10
|
+
|
|
11
|
+
**Fixed bugs:**
|
|
12
|
+
|
|
13
|
+
- Cannot run supermarket and compliance profiles [\#80](https://github.com/chef/kitchen-inspec/issues/80)
|
|
14
|
+
|
|
15
|
+
**Merged pull requests:**
|
|
16
|
+
|
|
17
|
+
- release via travis to rubygems on tags [\#79](https://github.com/chef/kitchen-inspec/pull/79) ([arlimus](https://github.com/arlimus))
|
|
18
|
+
- fix lint [\#77](https://github.com/chef/kitchen-inspec/pull/77) ([chris-rock](https://github.com/chris-rock))
|
|
19
|
+
- fix lint [\#76](https://github.com/chef/kitchen-inspec/pull/76) ([chris-rock](https://github.com/chris-rock))
|
|
20
|
+
- Add support for profiles\_path [\#75](https://github.com/chef/kitchen-inspec/pull/75) ([brettlangdon](https://github.com/brettlangdon))
|
|
21
|
+
- Add complete profile example to readme [\#73](https://github.com/chef/kitchen-inspec/pull/73) ([alexpop](https://github.com/alexpop))
|
|
22
|
+
- Use only the keys provided by Kitchen [\#72](https://github.com/chef/kitchen-inspec/pull/72) ([ehartmann](https://github.com/ehartmann))
|
|
23
|
+
- Support color flag [\#71](https://github.com/chef/kitchen-inspec/pull/71) ([jbussdieker](https://github.com/jbussdieker))
|
|
24
|
+
|
|
25
|
+
## [v0.12.5](https://github.com/chef/kitchen-inspec/tree/v0.12.5) (2016-03-17)
|
|
26
|
+
[Full Changelog](https://github.com/chef/kitchen-inspec/compare/v0.12.4...v0.12.5)
|
|
5
27
|
|
|
6
28
|
**Merged pull requests:**
|
|
7
29
|
|
|
30
|
+
- 0.12.5 [\#69](https://github.com/chef/kitchen-inspec/pull/69) ([arlimus](https://github.com/arlimus))
|
|
8
31
|
- allow for slightly newer versions of inspec [\#68](https://github.com/chef/kitchen-inspec/pull/68) ([arlimus](https://github.com/arlimus))
|
|
9
32
|
|
|
10
33
|
## [v0.12.4](https://github.com/chef/kitchen-inspec/tree/v0.12.4) (2016-03-15)
|
data/README.md
CHANGED
|
@@ -49,6 +49,28 @@ By default `kitchen-inspec` expects test to be in `test/integration/%suite%` dir
|
|
|
49
49
|
└── web_spec.rb
|
|
50
50
|
```
|
|
51
51
|
|
|
52
|
+
### Directory Structure with complete profile
|
|
53
|
+
|
|
54
|
+
A complete profile is used here, including a custom inspec resource named `gordon_config`:
|
|
55
|
+
|
|
56
|
+
```
|
|
57
|
+
.
|
|
58
|
+
├── Berksfile
|
|
59
|
+
├── Gemfile
|
|
60
|
+
├── README.md
|
|
61
|
+
├── metadata.rb
|
|
62
|
+
├── recipes
|
|
63
|
+
│ ├── default.rb
|
|
64
|
+
│ └── nginx.rb
|
|
65
|
+
└── test
|
|
66
|
+
└── integration
|
|
67
|
+
└── default
|
|
68
|
+
├── controls
|
|
69
|
+
│ └── gordon.rb
|
|
70
|
+
├── inspec.yml
|
|
71
|
+
└── libraries
|
|
72
|
+
└── gordon_config.rb
|
|
73
|
+
```
|
|
52
74
|
|
|
53
75
|
### Combination with other testing frameworks
|
|
54
76
|
|
data/Rakefile
CHANGED
|
@@ -122,7 +122,7 @@ end
|
|
|
122
122
|
namespace :test do
|
|
123
123
|
task :integration do
|
|
124
124
|
concurrency = ENV['CONCURRENCY'] || 1
|
|
125
|
-
|
|
126
|
-
sh('sh', '-c', "bundle exec kitchen test -c #{concurrency}")
|
|
125
|
+
os = ENV['OS'] || ''
|
|
126
|
+
sh('sh', '-c', "bundle exec kitchen test -c #{concurrency} #{os}")
|
|
127
127
|
end
|
|
128
128
|
end
|
data/kitchen-inspec.gemspec
CHANGED
|
@@ -20,7 +20,7 @@ Gem::Specification.new do |spec|
|
|
|
20
20
|
spec.bindir = 'exe'
|
|
21
21
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
|
22
22
|
spec.require_paths = ['lib']
|
|
23
|
-
spec.add_dependency 'inspec', '>=0.
|
|
23
|
+
spec.add_dependency 'inspec', '>=0.20.0', '<1.0.0'
|
|
24
24
|
spec.add_dependency 'test-kitchen', '~> 1.6'
|
|
25
25
|
spec.add_development_dependency 'countloc', '~> 0.4'
|
|
26
26
|
spec.add_development_dependency 'bundler', '~> 1.10'
|
|
@@ -30,7 +30,7 @@ module Kitchen
|
|
|
30
30
|
# InSpec verifier for Kitchen.
|
|
31
31
|
#
|
|
32
32
|
# @author Fletcher Nichol <fnichol@chef.io>
|
|
33
|
-
class Inspec < Kitchen::Verifier::Base
|
|
33
|
+
class Inspec < Kitchen::Verifier::Base # rubocop:disable Metrics/ClassLength
|
|
34
34
|
kitchen_verifier_api_version 1
|
|
35
35
|
plugin_version Kitchen::Verifier::INSPEC_VERSION
|
|
36
36
|
|
|
@@ -38,12 +38,15 @@ module Kitchen
|
|
|
38
38
|
|
|
39
39
|
# (see Base#call)
|
|
40
40
|
def call(state)
|
|
41
|
-
|
|
41
|
+
logger.debug('Initialize InSpec')
|
|
42
42
|
opts = runner_options(instance.transport, state)
|
|
43
43
|
runner = ::Inspec::Runner.new(opts)
|
|
44
|
+
|
|
45
|
+
# add each profile to runner
|
|
46
|
+
tests = collect_tests
|
|
44
47
|
tests.each { |target| runner.add_target(target, opts) }
|
|
45
48
|
|
|
46
|
-
debug("Running
|
|
49
|
+
logger.debug("Running tests from: #{tests.inspect}")
|
|
47
50
|
exit_code = runner.run
|
|
48
51
|
return if exit_code == 0
|
|
49
52
|
fail ActionFailed, "Inspec Runner returns #{exit_code}"
|
|
@@ -54,6 +57,17 @@ module Kitchen
|
|
|
54
57
|
# (see Base#load_needed_dependencies!)
|
|
55
58
|
def load_needed_dependencies!
|
|
56
59
|
require 'inspec'
|
|
60
|
+
# TODO: this should be easier. I would expect to load a single class here
|
|
61
|
+
# load supermarket plugin, this is part of the inspec gem
|
|
62
|
+
require 'bundles/inspec-supermarket/api'
|
|
63
|
+
require 'bundles/inspec-supermarket/target'
|
|
64
|
+
|
|
65
|
+
# load the compliance plugin
|
|
66
|
+
require 'bundles/inspec-compliance/configuration'
|
|
67
|
+
require 'bundles/inspec-compliance/support'
|
|
68
|
+
require 'bundles/inspec-compliance/http'
|
|
69
|
+
require 'bundles/inspec-compliance/api'
|
|
70
|
+
require 'bundles/inspec-compliance/target'
|
|
57
71
|
end
|
|
58
72
|
|
|
59
73
|
# Returns an Array of test suite filenames for the related suite currently
|
|
@@ -80,7 +94,7 @@ module Kitchen
|
|
|
80
94
|
}
|
|
81
95
|
|
|
82
96
|
base = File.join(base, 'inspec') if legacy_mode
|
|
83
|
-
logger.info("
|
|
97
|
+
logger.info("Use `#{base}` for testing")
|
|
84
98
|
|
|
85
99
|
# only return the directory if it exists
|
|
86
100
|
Pathname.new(base).exist? ? [base] : []
|
|
@@ -98,7 +112,7 @@ module Kitchen
|
|
|
98
112
|
#
|
|
99
113
|
# @return [Hash] a configuration hash of string-based keys
|
|
100
114
|
# @api private
|
|
101
|
-
def runner_options(transport, state = {})
|
|
115
|
+
def runner_options(transport, state = {}) # rubocop:disable Metrics/AbcSize
|
|
102
116
|
transport_data = transport.diagnose.merge(state)
|
|
103
117
|
if transport.is_a?(Kitchen::Transport::Ssh)
|
|
104
118
|
runner_options_for_ssh(transport_data)
|
|
@@ -110,8 +124,11 @@ module Kitchen
|
|
|
110
124
|
else
|
|
111
125
|
fail Kitchen::UserError, "Verifier #{name} does not support the #{transport.name} Transport"
|
|
112
126
|
end.tap do |runner_options|
|
|
127
|
+
# default color to true to match InSpec behavior
|
|
128
|
+
runner_options['color'] = (config[:color].nil? ? true : config[:color])
|
|
113
129
|
runner_options['format'] = config[:format] unless config[:format].nil?
|
|
114
130
|
runner_options['output'] = config[:output] unless config[:output].nil?
|
|
131
|
+
runner_options['profiles_path'] = config[:profiles_path] unless config[:profiles_path].nil?
|
|
115
132
|
end
|
|
116
133
|
end
|
|
117
134
|
|
|
@@ -137,6 +154,7 @@ module Kitchen
|
|
|
137
154
|
'max_wait_until_ready' => kitchen[:max_wait_until_ready],
|
|
138
155
|
'compression' => kitchen[:compression],
|
|
139
156
|
'compression_level' => kitchen[:compression_level],
|
|
157
|
+
'keys_only' => true,
|
|
140
158
|
}
|
|
141
159
|
opts['key_files'] = kitchen[:keys] unless kitchen[:keys].nil?
|
|
142
160
|
opts['password'] = kitchen[:password] unless kitchen[:password].nil?
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: kitchen-inspec
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.13.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Fletcher Nichol
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-
|
|
11
|
+
date: 2016-05-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: inspec
|
|
@@ -16,7 +16,7 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.20.0
|
|
20
20
|
- - "<"
|
|
21
21
|
- !ruby/object:Gem::Version
|
|
22
22
|
version: 1.0.0
|
|
@@ -26,7 +26,7 @@ dependencies:
|
|
|
26
26
|
requirements:
|
|
27
27
|
- - ">="
|
|
28
28
|
- !ruby/object:Gem::Version
|
|
29
|
-
version: 0.
|
|
29
|
+
version: 0.20.0
|
|
30
30
|
- - "<"
|
|
31
31
|
- !ruby/object:Gem::Version
|
|
32
32
|
version: 1.0.0
|
|
@@ -172,7 +172,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
172
172
|
version: '0'
|
|
173
173
|
requirements: []
|
|
174
174
|
rubyforge_project:
|
|
175
|
-
rubygems_version: 2.
|
|
175
|
+
rubygems_version: 2.5.1
|
|
176
176
|
signing_key:
|
|
177
177
|
specification_version: 4
|
|
178
178
|
summary: A Test Kitchen Verifier for InSpec
|