inspec-core 2.2.112 → 2.3.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +42 -19
- data/README.md +1 -1
- data/docs/dev/integration-testing.md +31 -0
- data/docs/dev/plugins.md +4 -2
- data/docs/dsl_inspec.md +104 -4
- data/docs/plugins.md +57 -0
- data/docs/style.md +178 -0
- data/examples/plugins/inspec-resource-lister/Gemfile +12 -0
- data/examples/plugins/inspec-resource-lister/LICENSE +13 -0
- data/examples/plugins/inspec-resource-lister/README.md +62 -0
- data/examples/plugins/inspec-resource-lister/Rakefile +40 -0
- data/examples/plugins/inspec-resource-lister/inspec-resource-lister.gemspec +45 -0
- data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister.rb +16 -0
- data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/cli_command.rb +70 -0
- data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/plugin.rb +55 -0
- data/examples/plugins/inspec-resource-lister/lib/inspec-resource-lister/version.rb +10 -0
- data/examples/plugins/inspec-resource-lister/test/fixtures/README.md +24 -0
- data/examples/plugins/inspec-resource-lister/test/functional/README.md +18 -0
- data/examples/plugins/inspec-resource-lister/test/functional/inspec_resource_lister_test.rb +110 -0
- data/examples/plugins/inspec-resource-lister/test/helper.rb +26 -0
- data/examples/plugins/inspec-resource-lister/test/unit/README.md +17 -0
- data/examples/plugins/inspec-resource-lister/test/unit/cli_args_test.rb +64 -0
- data/examples/plugins/inspec-resource-lister/test/unit/plugin_def_test.rb +51 -0
- data/examples/profile/controls/example.rb +9 -8
- data/inspec-core.gemspec +1 -1
- data/lib/inspec/attribute_registry.rb +1 -1
- data/lib/inspec/globals.rb +4 -0
- data/lib/inspec/objects/control.rb +18 -3
- data/lib/inspec/plugin/v2.rb +14 -3
- data/lib/inspec/plugin/v2/activator.rb +7 -2
- data/lib/inspec/plugin/v2/installer.rb +426 -0
- data/lib/inspec/plugin/v2/loader.rb +137 -30
- data/lib/inspec/plugin/v2/registry.rb +13 -4
- data/lib/inspec/profile.rb +2 -1
- data/lib/inspec/reporters/json.rb +11 -1
- data/lib/inspec/resource.rb +6 -15
- data/lib/inspec/rule.rb +18 -9
- data/lib/inspec/runner_rspec.rb +1 -1
- data/lib/inspec/schema.rb +1 -0
- data/lib/inspec/version.rb +1 -1
- data/lib/plugins/inspec-plugin-manager-cli/README.md +6 -0
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli.rb +18 -0
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/cli_command.rb +420 -0
- data/lib/plugins/inspec-plugin-manager-cli/lib/inspec-plugin-manager-cli/plugin.rb +12 -0
- data/lib/plugins/inspec-plugin-manager-cli/test/fixtures/config_dirs/empty/.gitkeep +0 -0
- data/lib/plugins/inspec-plugin-manager-cli/test/fixtures/plugins/inspec-egg-white-omelette/lib/inspec-egg-white-omelette.rb +2 -0
- data/lib/plugins/inspec-plugin-manager-cli/test/fixtures/plugins/inspec-egg-white-omelette/lib/inspec-egg-white-omelette/.gitkeep +0 -0
- data/lib/plugins/inspec-plugin-manager-cli/test/fixtures/plugins/inspec-wrong-structure/.gitkeep +0 -0
- data/lib/plugins/inspec-plugin-manager-cli/test/fixtures/plugins/wrong-name/lib/wrong-name.rb +1 -0
- data/lib/plugins/inspec-plugin-manager-cli/test/fixtures/plugins/wrong-name/lib/wrong-name/.gitkeep +0 -0
- data/lib/plugins/inspec-plugin-manager-cli/test/functional/inspec-plugin_test.rb +651 -0
- data/lib/plugins/inspec-plugin-manager-cli/test/unit/cli_args_test.rb +71 -0
- data/lib/plugins/inspec-plugin-manager-cli/test/unit/plugin_def_test.rb +20 -0
- data/lib/plugins/shared/core_plugin_test_helper.rb +101 -2
- data/lib/plugins/things-for-train-integration.rb +14 -0
- data/lib/resources/port.rb +10 -6
- metadata +38 -11
- data/docs/ruby_usage.md +0 -204
@@ -0,0 +1,12 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
source 'https://rubygems.org'
|
3
|
+
|
4
|
+
gemspec
|
5
|
+
|
6
|
+
group :development do
|
7
|
+
gem 'bundler'
|
8
|
+
gem 'byebug'
|
9
|
+
gem 'minitest'
|
10
|
+
gem 'rake'
|
11
|
+
gem 'rubocop', '= 0.49.1' # Need to keep in sync with main InSpec project, so config files will work
|
12
|
+
end
|
@@ -0,0 +1,13 @@
|
|
1
|
+
Copyright (c) 2018 Chef Software Inc.
|
2
|
+
|
3
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
you may not use this file except in compliance with the License.
|
5
|
+
You may obtain a copy of the License at
|
6
|
+
|
7
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
|
9
|
+
Unless required by applicable law or agreed to in writing, software
|
10
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
See the License for the specific language governing permissions and
|
13
|
+
limitations under the License.
|
@@ -0,0 +1,62 @@
|
|
1
|
+
# InSpec Plugin Example - Resource Lister
|
2
|
+
|
3
|
+
This plugin provides an example of building a plugin for use with [InSpec](https://inspec.io). Its functionality is simple, but useful: list resources included with InSpec.
|
4
|
+
|
5
|
+
## To Install this as a User
|
6
|
+
|
7
|
+
You will need InSpec v2.3 or later.
|
8
|
+
|
9
|
+
If you want to just use this (not learn how to write a plugin), you can do so by simply running:
|
10
|
+
|
11
|
+
```
|
12
|
+
you@machine $ inspec plugin install inspec-resource-lister
|
13
|
+
```
|
14
|
+
|
15
|
+
You can then run:
|
16
|
+
|
17
|
+
```
|
18
|
+
you@machine $ inspec plugin help listresources
|
19
|
+
# ... Usage info
|
20
|
+
|
21
|
+
you@machine $ inspec plugin listresources core
|
22
|
+
aide_conf
|
23
|
+
apache
|
24
|
+
apache_conf
|
25
|
+
... snip ...
|
26
|
+
yumrepo
|
27
|
+
zfs_dataset
|
28
|
+
zfs_pool
|
29
|
+
------------------------------
|
30
|
+
160 resources total
|
31
|
+
```
|
32
|
+
|
33
|
+
## Features of This Example Kit
|
34
|
+
|
35
|
+
This example plugin is a full-fledged plugin example, with everything a real-world, industrial grade plugin would have, including:
|
36
|
+
|
37
|
+
* an implementation of an InSpec CLI Command, using the InSpec PluginV2 API
|
38
|
+
* documentation (you are reading it now)
|
39
|
+
* tests, at the unit and functional level
|
40
|
+
* a .gemspec, for packaging and publishing it as a gem
|
41
|
+
* a Gemfile, for managing its dependencies
|
42
|
+
* a Rakefile, for running development tasks
|
43
|
+
* Rubocop linting support for using the base InSpec project rubocop.yml (See Rakefile)
|
44
|
+
|
45
|
+
You are encouraged to use this plugin as a starting point for real plugins.
|
46
|
+
|
47
|
+
## Development of a Plugin
|
48
|
+
|
49
|
+
[Plugin Development](https://github.com/inspec/inspec/blob/master/docs/dev/plugins.md) is documented on the `inspec` project on GitHub. Additionally, this example
|
50
|
+
plugin has extensive comments explaining what is happening, and why.
|
51
|
+
|
52
|
+
### A Tour of the Plugin
|
53
|
+
|
54
|
+
One nice circuit of the plugin might be:
|
55
|
+
* look at the gemspec, to see what the plugin thinks it does
|
56
|
+
* look at the functional tests, to see the plugin proving it does what it says
|
57
|
+
* look at the unit tests, to see how the plugin claims it is internally structured
|
58
|
+
* look at the Rakefile, to see how to interact with the project
|
59
|
+
* look at lib/inspec-resource-lister.rb, the entry point which InSpec will always load if the plugin is installed
|
60
|
+
* look at lib/inspec-resource-lister/plugin.rb, the plugin definition which InSpec uses to understand what the plugin _can_ do.
|
61
|
+
* look at lib/inspec-resource-lister/cli_command.rb, the CLI Command implementation itself.
|
62
|
+
|
@@ -0,0 +1,40 @@
|
|
1
|
+
# A Rakefile defines tasks to help maintain your project.
|
2
|
+
# Rake provides several task templates that are useful.
|
3
|
+
|
4
|
+
#------------------------------------------------------------------#
|
5
|
+
# Test Runner Tasks
|
6
|
+
#------------------------------------------------------------------#
|
7
|
+
|
8
|
+
# This task template will make a task named 'test', and run
|
9
|
+
# the tests that it finds.
|
10
|
+
require 'rake/testtask'
|
11
|
+
|
12
|
+
Rake::TestTask.new do |t|
|
13
|
+
t.libs.push 'lib'
|
14
|
+
t.test_files = FileList[
|
15
|
+
'test/unit/*_test.rb',
|
16
|
+
'test/functional/*_test.rb',
|
17
|
+
]
|
18
|
+
t.verbose = true
|
19
|
+
# Ideally, we'd run tests with warnings enabled,
|
20
|
+
# but the dependent gems have many warnings. As this
|
21
|
+
# is an example, let's disable them so the testing
|
22
|
+
# experience is cleaner.
|
23
|
+
t.warning = false
|
24
|
+
end
|
25
|
+
|
26
|
+
#------------------------------------------------------------------#
|
27
|
+
# Code Style Tasks
|
28
|
+
#------------------------------------------------------------------#
|
29
|
+
require 'rubocop/rake_task'
|
30
|
+
|
31
|
+
RuboCop::RakeTask.new(:lint) do |t|
|
32
|
+
# Choices of rubocop rules to enforce are deeply personal.
|
33
|
+
# Here, we set things up so that your plugin will use the Bundler-installed
|
34
|
+
# inspec gem's copy of the InSpec project's rubocop.yml file (which
|
35
|
+
# is indeed packaged with the inspec gem).
|
36
|
+
require 'inspec/globals'
|
37
|
+
inspec_rubocop_yml = File.join(Inspec.src_root, '.rubocop.yml')
|
38
|
+
|
39
|
+
t.options = ['--display-cop-names', '--config', inspec_rubocop_yml]
|
40
|
+
end
|
@@ -0,0 +1,45 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
|
3
|
+
# As plugins are usually packaged and distributed as a RubyGem,
|
4
|
+
# we have to provide a .gemspec file, which controls the gembuild
|
5
|
+
# and publish process. This is a fairly generic gemspec.
|
6
|
+
|
7
|
+
# It is traditional in a gemspec to dynamically load the current version
|
8
|
+
# from a file in the source tree. The next three lines make that happen.
|
9
|
+
lib = File.expand_path('../lib', __FILE__)
|
10
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
11
|
+
require 'inspec-resource-lister/version'
|
12
|
+
|
13
|
+
Gem::Specification.new do |spec|
|
14
|
+
# Importantly, all InSpec plugins must be prefixed with `inspec-` (most
|
15
|
+
# plugins) or `train-` (plugins which add new connectivity features).
|
16
|
+
spec.name = 'inspec-resource-lister'
|
17
|
+
|
18
|
+
# It is polite to namespace your plugin under InspecPlugins::YourPluginInCamelCase
|
19
|
+
spec.version = InspecPlugins::ResourceLister::VERSION
|
20
|
+
spec.authors = ['Clinton Wolfe']
|
21
|
+
spec.email = ['cwolfe@chef.io']
|
22
|
+
spec.summary = 'InSpec Plugin example, lists available resources'
|
23
|
+
spec.description = 'Example for implementing an InSpec Plugin. This simply lists available resources.'
|
24
|
+
spec.homepage = 'https://github.com/inspec/inspec/tree/master/examples/plugin'
|
25
|
+
spec.license = 'Apache-2.0'
|
26
|
+
|
27
|
+
# Though complicated-looking, this is pretty standard for a gemspec.
|
28
|
+
# It just filters what will actually be packaged in the gem (leaving
|
29
|
+
# out tests, etc)
|
30
|
+
spec.files = %w{
|
31
|
+
README.md inspec-resource-lister.gemspec Gemfile
|
32
|
+
} + Dir.glob(
|
33
|
+
'lib/**/*', File::FNM_DOTMATCH
|
34
|
+
).reject { |f| File.directory?(f) }
|
35
|
+
spec.require_paths = ['lib']
|
36
|
+
|
37
|
+
# If you rely on any other gems, list them here with any constraints.
|
38
|
+
# This is how `inspec plugin install` is able to manage your dependencies.
|
39
|
+
# For example, perhaps you are writing a thing that talks to AWS, and you
|
40
|
+
# want to ensure you have `aws-sdk` in a certain version.
|
41
|
+
|
42
|
+
# All plugins should mention inspec, > 2.2.78
|
43
|
+
# 2.2.78 included the v2 Plugin API
|
44
|
+
spec.add_dependency 'inspec', '>=2.2.78', '<4.0.0'
|
45
|
+
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
|
3
|
+
# This file is known as the "entry point."
|
4
|
+
# This is the file InSpec will try to load if it
|
5
|
+
# thinks your plugin is installed.
|
6
|
+
|
7
|
+
# The *only* thing this file should do is setup the
|
8
|
+
# load path, then load the plugin definition file.
|
9
|
+
|
10
|
+
# Next two lines simply add the path of the gem to the load path.
|
11
|
+
# This is not needed when being loaded as a gem; but when doing
|
12
|
+
# plugin development, you may need it. Either way, it's harmless.
|
13
|
+
libdir = File.dirname(__FILE__)
|
14
|
+
$LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
|
15
|
+
|
16
|
+
require 'inspec-resource-lister/plugin'
|
@@ -0,0 +1,70 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
|
3
|
+
require 'inspec/resource'
|
4
|
+
|
5
|
+
module InspecPlugins::ResourceLister
|
6
|
+
# This class will provide the actual CLI implementation.
|
7
|
+
# Its superclass is provided by another call to Inspec.plugin,
|
8
|
+
# this time with two args. The first arg specifies we are requesting
|
9
|
+
# version 2 of the Plugins API. The second says we are making a CLI
|
10
|
+
# Command plugin component, so please make available any DSL needed
|
11
|
+
# for that.
|
12
|
+
# In fact, aside from a some housekeeping DSL methods, most of the
|
13
|
+
# DSL provided is that of Thor. Inspec.plugin(2, :cli_command)
|
14
|
+
# promises to return a class that is a subclass of Thor. So, to add
|
15
|
+
# commands, usage information, and options, use the Thor documentation.
|
16
|
+
class CliCommand < Inspec.plugin(2, :cli_command)
|
17
|
+
# This isn't provided by Thor, but is needed by InSpec so that it can
|
18
|
+
# register the subcommand. Args are a usage message, and a short decription.
|
19
|
+
# These will appear when someone has installed the plugin, and then they
|
20
|
+
# run `inspec help`.
|
21
|
+
subcommand_desc 'list-resources [COMMAND]', 'List resources that InSpec finds.'
|
22
|
+
|
23
|
+
# The usual rhythm for a Thor CLI file is description, options, command method.
|
24
|
+
# Thor just has you call DSL methods in sequence prior to each command.
|
25
|
+
# Let's make a command, 'core', that lists all of the resources included with InSpec.
|
26
|
+
|
27
|
+
# First, provide a usage / description. This will appear in `inspec help list-resources`.
|
28
|
+
desc 'core [OPTIONS]', 'List resources that are included with InSpec.'
|
29
|
+
|
30
|
+
# Let's include an option, -s, to summarize the list.
|
31
|
+
# Refer to the Thors docs; there is a lot you can do here.
|
32
|
+
option :summary, desc: 'Include a total at the bottom', \
|
33
|
+
type: :boolean, default: true, aliases: [:s]
|
34
|
+
|
35
|
+
# OK, now the actual method itself. If you provide params, you're telling Thor that
|
36
|
+
# you accept CLI arguments after all options have been consumed. Let's accept a
|
37
|
+
# pattern, assumed to be a wildcard substring. If we provide a default, the CLI arg becomes optional.
|
38
|
+
def core(pattern = /.+/)
|
39
|
+
# The code here will *only* be executed if someone actually runs
|
40
|
+
# `inspec list-resources core`. So, we can lazily wait to load
|
41
|
+
# expensive things here. However, InSpec has in fact already
|
42
|
+
# loaded the Resources, so we don't have anything to load.
|
43
|
+
|
44
|
+
# If we were passed a CLI arg, wrap the arg in Regexp matchers so
|
45
|
+
# we will match anywhere in the name.
|
46
|
+
unless pattern == /.+/
|
47
|
+
pattern = Regexp.new('.*' + pattern + '.*')
|
48
|
+
end
|
49
|
+
|
50
|
+
# This gets a bit into InSpec innards; but this is simply a Hash.
|
51
|
+
registry = Inspec::Resource.default_registry
|
52
|
+
resource_names = registry.keys.grep(pattern).sort
|
53
|
+
|
54
|
+
# One day we'll have nice UI support.
|
55
|
+
resource_names.each { |name| puts name }
|
56
|
+
|
57
|
+
if options[:summary]
|
58
|
+
puts '-' * 30
|
59
|
+
puts "#{resource_names.count} resources total"
|
60
|
+
end
|
61
|
+
end
|
62
|
+
|
63
|
+
# A neat idea for future work would be to add another command, perhaps
|
64
|
+
# 'resource-pack', which examines a possibly remote resource pack and
|
65
|
+
# enumerates the resources it defines.
|
66
|
+
|
67
|
+
# Another idea might be to fetch a profile, and list the resources actually
|
68
|
+
# used in the controls of the profile, along with counts.
|
69
|
+
end
|
70
|
+
end
|
@@ -0,0 +1,55 @@
|
|
1
|
+
# encoding: UTF-8
|
2
|
+
|
3
|
+
# Plugin Definition file
|
4
|
+
# The purpose of this file is to declare to InSpec what plugin_types (capabilities)
|
5
|
+
# are included in this plugin, and provide hooks that will load them as needed.
|
6
|
+
|
7
|
+
# It is important that this file load successfully and *quickly*.
|
8
|
+
# Your plugin's functionality may never be used on this InSpec run; so we keep things
|
9
|
+
# fast and light by only loading heavy things when they are needed.
|
10
|
+
|
11
|
+
# Presumably this is light
|
12
|
+
require 'inspec-resource-lister/version'
|
13
|
+
|
14
|
+
# The InspecPlugins namespace is where all plugins should declare themselves.
|
15
|
+
# The 'Inspec' capitalization is used throughout the InSpec source code; yes, it's
|
16
|
+
# strange.
|
17
|
+
module InspecPlugins
|
18
|
+
# Pick a reasonable namespace here for your plugin. A reasonable choice
|
19
|
+
# would be the CamelCase version of your plugin gem name.
|
20
|
+
# inspec-resource-lister => ResourceLister
|
21
|
+
module ResourceLister
|
22
|
+
# This simple class handles the plugin definition, so calling it simply Plugin is OK.
|
23
|
+
# Inspec.plugin returns various Classes, intended to be superclasses for various
|
24
|
+
# plugin components. Here, the one-arg form gives you the Plugin Definition superclass,
|
25
|
+
# which mainly gives you access to the hook / plugin_type DSL.
|
26
|
+
# The number '2' says you are asking for version 2 of the plugin API. If there are
|
27
|
+
# future versions, InSpec promises plugin API v2 will work for at least two more InSpec
|
28
|
+
# major versions.
|
29
|
+
class Plugin < ::Inspec.plugin(2)
|
30
|
+
# Internal machine name of the plugin. InSpec will use this in errors, etc.
|
31
|
+
plugin_name :'inspec-resource-lister'
|
32
|
+
|
33
|
+
# Define a new CLI subcommand.
|
34
|
+
# The argument here will be used to match against the command line args,
|
35
|
+
# and if the user said `inspec list-resources`, this hook will get called.
|
36
|
+
# Notice that you can define multiple hooks with different names, and they
|
37
|
+
# don't have to match the plugin name.
|
38
|
+
|
39
|
+
# We'd like this to be list-resources, but Thor does not support hyphens
|
40
|
+
# see https://github.com/erikhuda/thor/pull/613
|
41
|
+
cli_command :listresources do
|
42
|
+
# Calling this hook doesn't mean list-resources is being executed - just
|
43
|
+
# that we should be ready to do so. So, load the file that defines the
|
44
|
+
# functionality.
|
45
|
+
# For example, InSpec will activate this hook when `inspec help` is
|
46
|
+
# executed, so that this plugin's usage message will be included in the help.
|
47
|
+
require 'inspec-resource-lister/cli_command'
|
48
|
+
|
49
|
+
# Having loaded our functionality, return a class that will let the
|
50
|
+
# CLI engine tap into it.
|
51
|
+
InspecPlugins::ResourceLister::CliCommand
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
@@ -0,0 +1,10 @@
|
|
1
|
+
# encoding: UTF-8
|
2
|
+
|
3
|
+
# This file simply makes it easier for CI engines to update
|
4
|
+
# the version stamp, and provide a clean way for the gemspec
|
5
|
+
# to learn the current version.
|
6
|
+
module InspecPlugins
|
7
|
+
module ResourceLister
|
8
|
+
VERSION = '0.1.0'.freeze
|
9
|
+
end
|
10
|
+
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
# Test Fixtures Area
|
2
|
+
|
3
|
+
In this directory, you would place things that you need during testing. For example, if you were making a plugin that counts the number of controls in a profile, you might have a directory tree like this:
|
4
|
+
|
5
|
+
```
|
6
|
+
fixtures/
|
7
|
+
profiles/
|
8
|
+
zero-controls/
|
9
|
+
inspec.yml
|
10
|
+
controls/
|
11
|
+
twelve-controls/
|
12
|
+
inspec.yml
|
13
|
+
controls/
|
14
|
+
nine.rb
|
15
|
+
three.rb
|
16
|
+
```
|
17
|
+
|
18
|
+
When writing your functional tests, you can point InSpec at the various test fixture profiles, and know that when it points at the zero-controls profile, it should find no controls; and when pointed at the twelve-controls profile, it should find 12.
|
19
|
+
|
20
|
+
## Using test fixtures provided with core inspec
|
21
|
+
|
22
|
+
InSpec itself ships with many test fixtures - not just profiles, but attribute files, configuration directories, and more. Examine them at [the fixtures directory](https://github.com/inspec/inspec/tree/master/test/unit/mock)
|
23
|
+
|
24
|
+
To use them, see the helper.rb file included in the example at test/helper.rb .
|
@@ -0,0 +1,18 @@
|
|
1
|
+
# Functional Testing Area for Example Plugins
|
2
|
+
|
3
|
+
## What example tests are provided?
|
4
|
+
|
5
|
+
Here, since this is a CliCommand plugin, we provide one set of functional tests:
|
6
|
+
|
7
|
+
* inspec_resource_lister_test.rb - Runs `inspec resource-lister` in several circumstances, and verifies the output from the process.
|
8
|
+
|
9
|
+
## What are functional tests?
|
10
|
+
|
11
|
+
Functional tests are tests that verify that your plugin works _as would be seen by a user_. Functional tests generally do not have inside knowledge about the inner workings of the plugin. However a functional test is very interested in changes that you plugin make to the outside world: exit codes, command output, changes to files on the filesystem, etc.
|
12
|
+
|
13
|
+
To be picked up by the Rake tasks as tests, each test file should end in `_test.rb`.
|
14
|
+
|
15
|
+
## Unit vs Functional Tests
|
16
|
+
|
17
|
+
A practical difference between unit tests and functional tests is that unit tests all run within one process, while functional tests might exercise a CLI plugin by shelling out to an inspec command in a subprocess, and examining the results.
|
18
|
+
|
@@ -0,0 +1,110 @@
|
|
1
|
+
# Functional Tests for Example Plugin, Resource Lister
|
2
|
+
|
3
|
+
# Functional tests are used to verify the behavior of the plugin are as expected, to a user.
|
4
|
+
# Functional tests generally do not have inside knowledge of how the plugin works.
|
5
|
+
|
6
|
+
# Include our test harness
|
7
|
+
require_relative '../helper'
|
8
|
+
|
9
|
+
# Because InSpec is a Spec-style test suite, we're going to use MiniTest::Spec
|
10
|
+
# here, for familiar look and feel. However, this isn't InSpec (or RSpec) code.
|
11
|
+
describe 'inspec list-resources core' do
|
12
|
+
# Our helper.rb locates this library from the InSpec install that
|
13
|
+
# Bundler installed for us. If we want its methods, we still must
|
14
|
+
# import it. Including it here will make it available in all child
|
15
|
+
# 'describe' blocks.
|
16
|
+
include CorePluginFunctionalHelper
|
17
|
+
|
18
|
+
# When thinking up scenarios to test, start with the simplest.
|
19
|
+
# Then think of each major feature, and exercise them.
|
20
|
+
# Running combinations of features makes sense if it is very likely,
|
21
|
+
# or a difficult / dangerous case. You can always add more tests
|
22
|
+
# here as users find subtle problems. In fact, having a user submit
|
23
|
+
# a PR that creates a failing functional test is a great way to
|
24
|
+
# capture the reproduction case.
|
25
|
+
# The simplest case:
|
26
|
+
describe "when run without an argument" do
|
27
|
+
|
28
|
+
# run_inspec_process_with_this_plugin is a helper provided by
|
29
|
+
# CoreFunctionalHelper. It makes the InSpec that Bundler installed
|
30
|
+
# think that this plugin we are currently testing is installed as a
|
31
|
+
# user plugin, by writing a plugin config file in a temp dir.
|
32
|
+
# To use it, just provide a command line, minus the word `inspec`.
|
33
|
+
let (:outcome) { run_inspec_process_with_this_plugin('listresources core') }
|
34
|
+
|
35
|
+
# Some tests through here use minitest Expectations, which attach to all
|
36
|
+
# Objects, and begin with 'must' (positive) or 'wont' (negative)
|
37
|
+
# See https://ruby-doc.org/stdlib-2.1.0/libdoc/minitest/rdoc/MiniTest/Expectations.html
|
38
|
+
it("should exit successfully") { outcome.exit_status.must_equal(0) }
|
39
|
+
it("should be silent on stderr") { outcome.stderr.must_be_empty }
|
40
|
+
|
41
|
+
# A selection of core resources, just spot checking.
|
42
|
+
# This is an example of using Ruby to define sets of tests.
|
43
|
+
['process', 'service', 'user', 'file'].each do |resource_name|
|
44
|
+
it "should mention the '#{resource_name}' resource" do
|
45
|
+
outcome.stdout.must_include(resource_name)
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
# Check for the summary
|
50
|
+
it "should mention the summary" do
|
51
|
+
outcome.stdout.must_include('resources total')
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
# Test the search pattern feature, in a couple of ways.
|
56
|
+
describe "when run with a search pattern that matches things" do
|
57
|
+
# Notice that the command line is changed here:
|
58
|
+
# "list all resources that have the word user in them"
|
59
|
+
let (:outcome) { run_inspec_process_with_this_plugin('listresources core user') }
|
60
|
+
|
61
|
+
# Should be well-behaved...
|
62
|
+
it("should exit successfully") { outcome.exit_status.must_equal(0) }
|
63
|
+
it("should be silent on stderr") { outcome.stderr.must_be_empty }
|
64
|
+
|
65
|
+
# Here, we want to know it DID match some things, and NOT some others.
|
66
|
+
['user', 'users'].each do |resource_name|
|
67
|
+
it "should mention the '#{resource_name}' resource" do
|
68
|
+
outcome.stdout.must_include(resource_name)
|
69
|
+
end
|
70
|
+
end
|
71
|
+
['process', 'service', 'file'].each do |resource_name|
|
72
|
+
it "should NOT mention the '#{resource_name}' resource" do
|
73
|
+
outcome.stdout.wont_include(resource_name)
|
74
|
+
end
|
75
|
+
end
|
76
|
+
end
|
77
|
+
describe "when run with a search pattern that matches nothing" do
|
78
|
+
# Unlikely we'll have a resource with the string 'autogyro' in it.
|
79
|
+
let (:outcome) { run_inspec_process_with_this_plugin('listresources core autogyro') }
|
80
|
+
|
81
|
+
# Should be well-behaved...
|
82
|
+
it("should exit successfully") { outcome.exit_status.must_equal(0) }
|
83
|
+
it("should be silent on stderr") { outcome.stderr.must_be_empty }
|
84
|
+
|
85
|
+
# Output lines should be just two, for the summary.
|
86
|
+
it "should only have two output lines" do
|
87
|
+
outcome.stdout.split("\n").count.must_equal(2)
|
88
|
+
end
|
89
|
+
|
90
|
+
# Check for the summary
|
91
|
+
it "should mention a zero-resource summary" do
|
92
|
+
outcome.stdout.must_include('0 resources total')
|
93
|
+
end
|
94
|
+
end
|
95
|
+
|
96
|
+
# Exercise the summary option, which defaults to 'true'.
|
97
|
+
describe "when run with the no-summary flag" do
|
98
|
+
# Alter the command string to include the no-summary option
|
99
|
+
let(:outcome) { run_inspec_process_with_this_plugin('listresources core --no-summary') }
|
100
|
+
|
101
|
+
# Should be well-behaved...
|
102
|
+
it("should exit successfully") { outcome.exit_status.must_equal(0) }
|
103
|
+
it("should be silent on stderr") { outcome.stderr.must_be_empty }
|
104
|
+
|
105
|
+
# Check for the summary
|
106
|
+
it "should NOT mention summary" do
|
107
|
+
outcome.stdout.wont_include('0 resources total')
|
108
|
+
end
|
109
|
+
end
|
110
|
+
end
|