kitchen-inspec 0.15.2 → 0.16.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 53beb1b80e8f4c8becb8d4a858a72e25a98b3f13
-  data.tar.gz: a1e75646e0f5460d0060916120fb400634d37091
+  metadata.gz: 63e838bc0d2ff3a02dc378832b89ca238ef16c75
+  data.tar.gz: 931d2ff55d6d41bb3f0145d2c0d776046005007f
 SHA512:
-  metadata.gz: 881cbbe5e02aa3dd985bed4090ea6ed100badbe1b1fea15fb5aad706db98ca9b3fda1689dd3fb0299d1c2aafde8fcbe49b9f3347ebef41502a564c111d04e88a
-  data.tar.gz: c25af29e8f09ae4bde76714563c9d781ee9ccc21ec748d79be51568601a7835b5c165de1867bc25c4a85ec1799e09c07d0323aea57cbc4d82b2f4fffeb8ed5b5
+  metadata.gz: 60abb7285e5826d23e811dee7997477199ada4ee2a6fc33d6b6701659fc2483887c5f8cb872c75d570479ede90a4c87354fb70e8a50eeda0ba86b3efb9919fea
+  data.tar.gz: 9debf27c7213f623f4a0008c22073442932ed8d21aae7c89c07043ffbc77fbb8ea78c0057a1a29d3d8410c8514b0e0119ba1cc98a6b3f8242a477ea30382ba1c

data/.kitchen.yml

@@ -29,14 +29,46 @@ suites:
       - recipe[os_prepare]
     verifier:
       inspec_tests:
-        - https://github.com/nathenharvey/tmp_compliance_profile
+        - name: tmp
+          git: https://github.com/nathenharvey/tmp_compliance_profile.git
   - name: supermarket
     run_list:
       - recipe[apt]
       - recipe[ssh-hardening]
     verifier:
       inspec_tests:
-        - supermarket://hardening/ssh-hardening
+        - name: hardening/ssh-hardening
+  - name: backwards
+    run_list:
+      - recipe[os_prepare]
+    verifier:
+      inspec_tests:
+        - https://github.com/nathenharvey/tmp_compliance_profile.git
+  - name: duplicates
+    run_list:
+      - recipe[os_prepare]
+    verifier:
+      inspec_tests:
+        - path: ./test/integration/duplicates
+        - path: ./test/integration/duplicates
+  - name: attributes_inline
+    run_list:
+      - recipe[os_prepare]
+    verifier:
+      inspec_tests:
+        - path: ./test/integration/attributes
+      attributes:
+        user: bob
+        password: secret
+  - name: attributes_file
+    run_list:
+      - recipe[os_prepare]
+    verifier:
+      inspec_tests:
+        - test/integration/attributes
+        # - path: ./test/integration/attributes
+      attrs:
+        - test/integration/profile-attribute.yml
   # before you are able to use the compliance plugin, you need to run
   # insecure is only required if you use self-signed certificates
   # $ inspec compliance login https://compliance.test --user admin --insecure --token ''
@@ -46,4 +78,5 @@ suites:
       - recipe[ssh-hardening]
     verifier:
       inspec_tests:
-        - compliance://base/ssh
+        - name: ssh
+          compliance: base/ssh

data/.travis.yml

@@ -1,4 +1,7 @@
 sudo: required
+branches:
+  only:
+    - master
 language: ruby
 cache: bundler
 dist: trusty
@@ -14,16 +17,24 @@ matrix:
   - rvm: 2.2.5
   - rvm: 2.3.1
     bundler_args: "--without guard tools"
-    script: bundle exec rake test:integration OS='default profile contains_inspec'
+    script: bundle exec rake $SUITE
+    env: SUITE="test:integration" OS='default profile contains_inspec'
   - rvm: 2.3.1
     bundler_args: "--without guard tools"
-    script: bundle exec rake test:integration OS='supermarket'
+    script: bundle exec rake $SUITE
+    env: SUITE="test:integration" OS='backwards'
+  - rvm: 2.3.1
+    bundler_args: "--without guard tools"
+    script: bundle exec rake $SUITE
+    env: SUITE="test:integration" OS='duplicates'
+  - rvm: 2.3.1
+    bundler_args: "--without guard tools"
+    script: bundle exec rake $SUITE
+    env: SUITE="test:integration" OS='supermarket'
+  - rvm: 2.3.1
+    bundler_args: "--without guard tools"
+    script: bundle exec rake $SUITE
+    env: SUITE="test:integration" OS='attributes-inline attributes-file'
   - rvm: ruby-head
   allow_failures:
   - rvm: ruby-head
-deploy:
-  provider: rubygems
-  on:
-    tags: true
-  api_key:
-    secure: lfOpkVSc5+O6mSc1JXEBRuJtNrQm2WxDyClovsV1tfKb54doutDD4fOoogQFUwu3Yq9kujer8KuqZaxzRd/DwQGkTFBGt3KgMEpCUZlRLCD1v81/xnc61DU37PeZMbfdQt0OeioTcyNoBrmjCggu3nmb4dIMZgRMi69qR/OGejz1FVun1d5PmdJ8jckU/wzwttISkHzkAaY55NBEZc8oLA7ekUo+1gnKM4+0YskP6lKg7Wf3r//neTvd0qXG9iHdc1laHnSEevrMrzzcsN4oWn+MXiT7cWB1Xh/MUc4wFCy1CJnw9rmX2YT20994avApJJRu3WVZ+gt0cxVPy7sux1qCG3KcMI0ei6jJuy8akRraYwFt4/CWAZXh41SNMGkvZEQU9J/3sxhCUeS5bGm6IYYWNczFPEgWRXAGOXgFflLE6+NaCT3KtCG3G994aPCFiiz5cc/n9nrsncLsXmL+4MlF+foA2UkT44/VwQTJK1UIBKqXscghR1FzD0It/Y3Gqe+fcKb2Wq77v3dC4IBmWncXDk3LjT36+T4C0hctsaaSjopSc7CyI4HE3MkwqPqJ8PPjlz36/d+42MkNFHE6dd2wPMtWVSfC1AsNf9k79GCSU+f3lYgZK1mjvR3Hx1MZGEfgvJHpZH2S4eOqiV+c9C+PPNUXRaYRyapIa+H4qow=

data/CHANGELOG.md

@@ -1,7 +1,47 @@
 # Change Log
 
-## [0.15.2](https://github.com/chef/kitchen-inspec/tree/0.15.2) (2016-09-26)
-[Full Changelog](https://github.com/chef/kitchen-inspec/compare/v0.15.1...0.15.2)
+## [0.16.1](https://github.com/chef/kitchen-inspec/tree/0.16.1) (2016-11-11)
+[Full Changelog](https://github.com/chef/kitchen-inspec/compare/v0.16.0...0.16.1)
+
+**Implemented enhancements:**
+
+- Support InSpec attributes [\#108](https://github.com/chef/kitchen-inspec/issues/108)
+
+**Closed issues:**
+
+- Incorrect dependencies on 0.16 release [\#117](https://github.com/chef/kitchen-inspec/issues/117)
+
+**Merged pull requests:**
+
+- fix \#117 [\#118](https://github.com/chef/kitchen-inspec/pull/118) ([chris-rock](https://github.com/chris-rock))
+
+## [v0.16.0](https://github.com/chef/kitchen-inspec/tree/v0.16.0) (2016-11-04)
+[Full Changelog](https://github.com/chef/kitchen-inspec/compare/v0.15.2...v0.16.0)
+
+**Implemented enhancements:**
+
+- Harmonize profile location targets [\#111](https://github.com/chef/kitchen-inspec/issues/111)
+- Add host and port config options [\#110](https://github.com/chef/kitchen-inspec/pull/110) ([alexpop](https://github.com/alexpop))
+
+**Fixed bugs:**
+
+- Duplicate testing when verifier specified in suite definition [\#109](https://github.com/chef/kitchen-inspec/issues/109)
+- OS detection 2nd time with unknown value? [\#92](https://github.com/chef/kitchen-inspec/issues/92)
+
+**Closed issues:**
+
+- Message: Could not load the 'inspec' verifier from the load path. Please ensure that your transport is installed as a gem or included in your Gemfile if using Bundler. [\#105](https://github.com/chef/kitchen-inspec/issues/105)
+
+**Merged pull requests:**
+
+- add attributes support in kitchen-inspec [\#116](https://github.com/chef/kitchen-inspec/pull/116) ([chris-rock](https://github.com/chris-rock))
+- use suite names and only test master branch + PRs [\#115](https://github.com/chef/kitchen-inspec/pull/115) ([chris-rock](https://github.com/chris-rock))
+- fix duplicate testing when unique suite name [\#114](https://github.com/chef/kitchen-inspec/pull/114) ([vjeffrey](https://github.com/vjeffrey))
+- update readme to reflect harmonization of profile location targets [\#113](https://github.com/chef/kitchen-inspec/pull/113) ([vjeffrey](https://github.com/vjeffrey))
+- Make the info message clearer [\#112](https://github.com/chef/kitchen-inspec/pull/112) ([chilicheech](https://github.com/chilicheech))
+
+## [v0.15.2](https://github.com/chef/kitchen-inspec/tree/v0.15.2) (2016-09-26)
+[Full Changelog](https://github.com/chef/kitchen-inspec/compare/v0.15.1...v0.15.2)
 
 **Merged pull requests:**
 

data/README.md

@@ -46,6 +46,15 @@ verifier:
   sudo_command: 'skittles'
 ```
 
+You can also specify the host and port to be used by InSpec when targeting the node. Otherwise, it defaults to the hostname and port used by kitchen for converging.
+
+```yaml
+verifier:
+  name: inspec
+  host: 192.168.56.40
+  port: 22
+```
+
 ### Directory Structure
 
 By default `kitchen-inspec` expects test to be in `test/integration/%suite%` directory structure (we use Chef as provisioner here):
@@ -117,15 +126,16 @@ suites:
   - name: default
     verifier:
       inspec_tests:
-        - https://github.com/dev-sec/tests-ssh-hardening
+        - name: ssh-hardening
+          url: https://github.com/dev-sec/tests-ssh-hardening
 ```
 
 `inspec_tests` accepts all values that `inspec exec profile` would expect. We support:
 
-- local directory eg. `/path/to/profile`
-- github url `https://github.com/dev-sec/tests-ssh-hardening`
-- Chef Supermarket `supermarket://hardening/ssh-hardening` (list all available profiles with `inspec supermarket profiles`)
-- Chef Compliance `compliance://base/ssh`
+- local directory eg. `path: /path/to/profile`
+- github url `git: https://github.com/dev-sec/tests-ssh-hardening.git`
+- Chef Supermarket `name: hardening/ssh-hardening` # defaults to supermarket (list all available profiles with `inspec supermarket profiles`)
+- Chef Compliance `name: ssh` `compliance: base/ssh`
 
 The following example illustrates the usage in a `.kitchen.yml`
 
@@ -139,8 +149,11 @@ suites:
       - recipe[os-hardening]
     verifier:
       inspec_tests:
-        - https://github.com/dev-sec/tests-ssh-hardening
-        - https://github.com/dev-sec/tests-os-hardening
+        - path: path/to/some/local/tests
+        - name: ssh-hardening
+          url: https://github.com/dev-sec/tests-ssh-hardening/archive/master.zip
+        - name: os-hardening
+          git: https://github.com/dev-sec/tests-os-hardening.git
   - name: supermarket
     run_list:
       - recipe[apt]
@@ -148,7 +161,9 @@ suites:
       - recipe[ssh-hardening]
     verifier:
       inspec_tests:
-        - supermarket://hardening/ssh-hardening
+        - name: hardening/ssh-hardening  # name only defaults to supermarket
+        - name: ssh-supermarket  # alternatively, you can explicitly specify that the profile is from supermarket in this way
+          supermarket: hardening/ssh-hardening
   # before you are able to use the compliance plugin, you need to run
   # insecure is only required if you use self-signed certificates
   # $ inspec compliance login https://compliance.test --user admin --insecure --token ''
@@ -159,9 +174,33 @@ suites:
       - recipe[ssh-hardening]
     verifier:
       inspec_tests:
-        - compliance://base/ssh
+        - name: ssh
+          compliance: base/ssh
+```
+
+### Use attributes with your inspec profiles
+
+To run a profile with attributes defined inline, you can adapt your `.kitchen.yml`:
+
+```yaml
+    verifier:
+      inspec_tests:
+        - path: test/integration/attributes
+      attributes:
+        user: bob
+        password: secret
 ```
 
+You can also define your attributes in an external file. Adapt your `.kitchen.yml` to point to that file:
+
+```yaml
+    verifier:
+      inspec_tests:
+        - path: test/integration/attributes
+      attrs:
+        - test/integration/profile-attribute.yml
+  ```
+
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.

data/kitchen-inspec.gemspec

@@ -21,6 +21,7 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
   spec.required_ruby_version = ">= 2.1.0"
-  spec.add_dependency "inspec", ">=0.22.0", "<2.0.0"
+  spec.add_dependency "inspec", ">=0.34.0", "<2.0.0"
   spec.add_dependency "test-kitchen", "~> 1.6"
+  spec.add_dependency "hashie", "~> 3.4"
 end

data/lib/kitchen/verifier/inspec.rb

@@ -64,7 +64,15 @@ module Kitchen
       # (see Base#call)
       def call(state)
         logger.debug("Initialize InSpec")
+
+        # gather connection options
         opts = runner_options(instance.transport, state)
+
+        # add attributes
+        opts[:attrs] = config[:attrs]
+        opts[:attributes] = Hashie.stringify_keys config[:attributes] unless config[:attributes].nil?
+
+        # initialize runner
         runner = ::Inspec::Runner.new(opts)
 
         # add each profile to runner
@@ -119,10 +127,24 @@ module Kitchen
         end
 
         base = File.join(base, "inspec") if legacy_mode
-        logger.info("Use `#{base}` for testing")
+        logger.info("Using `#{base}` for testing")
 
         # only return the directory if it exists
-        Pathname.new(base).exist? ? [base] : []
+        Pathname.new(base).exist? ? [{ :path => base }] : []
+      end
+
+      # Takes config[:inspec_tests] and modifies any value with a key of :path by adding the full path
+      # @return [Array] array of modified hashes
+      # @api private
+      def resolve_config_inspec_tests
+        config[:inspec_tests].map do |test_hash|
+          if test_hash.is_a? Hash
+            test_hash = { :path => config[:kitchen_root] + "/" + test_hash[:path] } if test_hash.has_key?(:path)
+            test_hash
+          else
+            test_hash # if it's not a hash, just return it as is
+          end
+        end
       end
 
       # Returns an array of test profiles
@@ -130,7 +152,7 @@ module Kitchen
       # @api private
       def collect_tests
         # get local tests and get run list of profiles
-        (local_suite_files + config[:inspec_tests]).compact
+        (local_suite_files + resolve_config_inspec_tests).compact.uniq
       end
 
       # Returns a configuration Hash that can be passed to a `Inspec::Runner`.
@@ -169,8 +191,8 @@ module Kitchen
           # pass-in sudo config from kitchen verifier
           "sudo" => config[:sudo],
           "sudo_command" => config[:sudo_command],
-          "host" => kitchen[:hostname],
-          "port" => kitchen[:port],
+          "host" => config[:host] || kitchen[:hostname],
+          "port" => config[:port] || kitchen[:port],
           "user" => kitchen[:username],
           "keepalive" => kitchen[:keepalive],
           "keepalive_interval" => kitchen[:keepalive_interval],
@@ -196,8 +218,8 @@ module Kitchen
         opts = {
           "backend" => "winrm",
           "logger" => logger,
-          "host" => URI(kitchen[:endpoint]).hostname,
-          "port" => URI(kitchen[:endpoint]).port,
+          "host" => config[:host] || URI(kitchen[:endpoint]).hostname,
+          "port" => config[:port] || URI(kitchen[:endpoint]).port,
           "user" => kitchen[:user],
           "password" => kitchen[:password] || kitchen[:pass],
           "connection_retries" => kitchen[:connection_retries],

data/lib/kitchen/verifier/inspec_version.rb

@@ -20,6 +20,6 @@
 module Kitchen
   module Verifier
     # Version string for InSpec Kitchen verifier
-    INSPEC_VERSION = "0.15.2"
+    INSPEC_VERSION = "0.16.1"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kitchen-inspec
 version: !ruby/object:Gem::Version
-  version: 0.15.2
+  version: 0.16.1
 platform: ruby
 authors:
 - Fletcher Nichol
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2016-09-26 00:00:00.000000000 Z
+date: 2016-11-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: inspec
@@ -16,7 +16,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.22.0
+        version: 0.34.0
     - - "<"
       - !ruby/object:Gem::Version
         version: 2.0.0
@@ -26,7 +26,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.22.0
+        version: 0.34.0
     - - "<"
       - !ruby/object:Gem::Version
         version: 2.0.0
@@ -44,6 +44,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.6'
+- !ruby/object:Gem::Dependency
+  name: hashie
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
 description: A Test Kitchen Verifier for InSpec
 email:
 - fnichol@chef.io