kitchen-inspec 0.13.0 → 0.14.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +15 -2
- data/README.md +60 -0
- data/kitchen-inspec.gemspec +1 -1
- data/lib/kitchen/verifier/inspec.rb +1 -0
- data/lib/kitchen/verifier/inspec_version.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 12e0244f6f8231b73abc271a20ae85f26d84d4b9
|
|
4
|
+
data.tar.gz: 8bf60418497ab80811e8bca84e6dd3f75a495712
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bcc928b7bc21bd215b60ba4886695c5dc8793e934934f3adc9b3411d72500f45fa70e539816e49fda381aa3619e688327c718158b0f407d960e45b380f819096
|
|
7
|
+
data.tar.gz: b22388950f4736a52017a66b057df4846540d62fbc2aba5e1496bbbc613bf7f93d51d4d2b01c58b8f44fd8dc919f9729057a4e385b110475b7579010830653ab
|
data/CHANGELOG.md
CHANGED
|
@@ -1,7 +1,20 @@
|
|
|
1
1
|
# Change Log
|
|
2
2
|
|
|
3
|
-
## [0.
|
|
4
|
-
[Full Changelog](https://github.com/chef/kitchen-inspec/compare/v0.
|
|
3
|
+
## [0.14.0](https://github.com/chef/kitchen-inspec/tree/0.14.0) (2016-05-25)
|
|
4
|
+
[Full Changelog](https://github.com/chef/kitchen-inspec/compare/v0.13.0...0.14.0)
|
|
5
|
+
|
|
6
|
+
**Closed issues:**
|
|
7
|
+
|
|
8
|
+
- How to verify with a local profile [\#88](https://github.com/chef/kitchen-inspec/issues/88)
|
|
9
|
+
|
|
10
|
+
**Merged pull requests:**
|
|
11
|
+
|
|
12
|
+
- update readme with remote profile handling [\#89](https://github.com/chef/kitchen-inspec/pull/89) ([chris-rock](https://github.com/chris-rock))
|
|
13
|
+
- depend on inspec 0.22+ [\#87](https://github.com/chef/kitchen-inspec/pull/87) ([chris-rock](https://github.com/chris-rock))
|
|
14
|
+
- support for sudo\_command [\#86](https://github.com/chef/kitchen-inspec/pull/86) ([jeremymv2](https://github.com/jeremymv2))
|
|
15
|
+
|
|
16
|
+
## [v0.13.0](https://github.com/chef/kitchen-inspec/tree/v0.13.0) (2016-05-10)
|
|
17
|
+
[Full Changelog](https://github.com/chef/kitchen-inspec/compare/v0.12.5...v0.13.0)
|
|
5
18
|
|
|
6
19
|
**Implemented enhancements:**
|
|
7
20
|
|
data/README.md
CHANGED
|
@@ -30,6 +30,14 @@ verifier:
|
|
|
30
30
|
name: inspec
|
|
31
31
|
```
|
|
32
32
|
|
|
33
|
+
Optionally specify sudo and sudo_command
|
|
34
|
+
```
|
|
35
|
+
verifier:
|
|
36
|
+
name: inspec
|
|
37
|
+
sudo: true
|
|
38
|
+
sudo_command: 'skittles'
|
|
39
|
+
```
|
|
40
|
+
|
|
33
41
|
### Directory Structure
|
|
34
42
|
|
|
35
43
|
By default `kitchen-inspec` expects test to be in `test/integration/%suite%` directory structure (we use Chef as provisioner here):
|
|
@@ -92,6 +100,58 @@ If you need support with other testing frameworks, we recommend to place the tes
|
|
|
92
100
|
└── web_spec.rb
|
|
93
101
|
```
|
|
94
102
|
|
|
103
|
+
### Use remote InSpec profiles
|
|
104
|
+
|
|
105
|
+
In case you want to reuse tests across multiple cookbooks, they should become an extra artifact independent of a Chef cookbook, call [InSpec profiles](https://github.com/chef/inspec/blob/master/docs/profiles.rst). Those can be easiliy added to existing local tests as demonstrated in previous sections. To include remote profiles, adapt the `verifier` attributes in `.kitchen.yml`
|
|
106
|
+
|
|
107
|
+
```
|
|
108
|
+
suites:
|
|
109
|
+
- name: default
|
|
110
|
+
verifier:
|
|
111
|
+
inspec_tests:
|
|
112
|
+
- https://github.com/dev-sec/tests-ssh-hardening
|
|
113
|
+
```
|
|
114
|
+
|
|
115
|
+
`inspec_tests` accepts all values that `inspec exec profile` would expect. We support:
|
|
116
|
+
|
|
117
|
+
* local directory eg. `/path/to/profile`
|
|
118
|
+
* github url `https://github.com/dev-sec/tests-ssh-hardening`
|
|
119
|
+
* Chef Supermarket `supermarket://hardening/ssh-hardening` (list all available profiles with `inspec supermarket profiles`)
|
|
120
|
+
* Chef Compliance `compliance://base/ssh`
|
|
121
|
+
|
|
122
|
+
The following example illustrates the usage in a `.kitchen.yml`
|
|
123
|
+
|
|
124
|
+
```
|
|
125
|
+
suites:
|
|
126
|
+
- name: contains_inspec
|
|
127
|
+
run_list:
|
|
128
|
+
- recipe[apt]
|
|
129
|
+
- recipe[yum]
|
|
130
|
+
- recipe[ssh-hardening]
|
|
131
|
+
verifier:
|
|
132
|
+
inspec_tests:
|
|
133
|
+
- https://github.com/dev-sec/tests-ssh-hardening
|
|
134
|
+
- name: supermarket
|
|
135
|
+
run_list:
|
|
136
|
+
- recipe[apt]
|
|
137
|
+
- recipe[yum]
|
|
138
|
+
- recipe[ssh-hardening]
|
|
139
|
+
verifier:
|
|
140
|
+
inspec_tests:
|
|
141
|
+
- supermarket://hardening/ssh-hardening
|
|
142
|
+
# before you are able to use the compliance plugin, you need to run
|
|
143
|
+
# insecure is only required if you use self-signed certificates
|
|
144
|
+
# $ inspec compliance login https://compliance.test --user admin --insecure --token ''
|
|
145
|
+
- name: compliance
|
|
146
|
+
run_list:
|
|
147
|
+
- recipe[apt]
|
|
148
|
+
- recipe[yum]
|
|
149
|
+
- recipe[ssh-hardening]
|
|
150
|
+
verifier:
|
|
151
|
+
inspec_tests:
|
|
152
|
+
- compliance://base/ssh
|
|
153
|
+
```
|
|
154
|
+
|
|
95
155
|
## Development
|
|
96
156
|
|
|
97
157
|
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
data/kitchen-inspec.gemspec
CHANGED
|
@@ -20,7 +20,7 @@ Gem::Specification.new do |spec|
|
|
|
20
20
|
spec.bindir = 'exe'
|
|
21
21
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
|
22
22
|
spec.require_paths = ['lib']
|
|
23
|
-
spec.add_dependency 'inspec', '>=0.
|
|
23
|
+
spec.add_dependency 'inspec', '>=0.22.0', '<1.0.0'
|
|
24
24
|
spec.add_dependency 'test-kitchen', '~> 1.6'
|
|
25
25
|
spec.add_development_dependency 'countloc', '~> 0.4'
|
|
26
26
|
spec.add_development_dependency 'bundler', '~> 1.10'
|
|
@@ -143,6 +143,7 @@ module Kitchen
|
|
|
143
143
|
'logger' => logger,
|
|
144
144
|
# pass-in sudo config from kitchen verifier
|
|
145
145
|
'sudo' => config[:sudo],
|
|
146
|
+
'sudo_command' => config[:sudo_command],
|
|
146
147
|
'host' => kitchen[:hostname],
|
|
147
148
|
'port' => kitchen[:port],
|
|
148
149
|
'user' => kitchen[:username],
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: kitchen-inspec
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.14.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Fletcher Nichol
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-05-
|
|
11
|
+
date: 2016-05-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: inspec
|
|
@@ -16,7 +16,7 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.22.0
|
|
20
20
|
- - "<"
|
|
21
21
|
- !ruby/object:Gem::Version
|
|
22
22
|
version: 1.0.0
|
|
@@ -26,7 +26,7 @@ dependencies:
|
|
|
26
26
|
requirements:
|
|
27
27
|
- - ">="
|
|
28
28
|
- !ruby/object:Gem::Version
|
|
29
|
-
version: 0.
|
|
29
|
+
version: 0.22.0
|
|
30
30
|
- - "<"
|
|
31
31
|
- !ruby/object:Gem::Version
|
|
32
32
|
version: 1.0.0
|
|
@@ -172,7 +172,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
172
172
|
version: '0'
|
|
173
173
|
requirements: []
|
|
174
174
|
rubyforge_project:
|
|
175
|
-
rubygems_version: 2.
|
|
175
|
+
rubygems_version: 2.4.6
|
|
176
176
|
signing_key:
|
|
177
177
|
specification_version: 4
|
|
178
178
|
summary: A Test Kitchen Verifier for InSpec
|