inspec 0.16.3 → 0.16.4

data/test/functional/inspec_archive_test.rb

@@ -0,0 +1,80 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+
+require 'functional/helper'
+
+describe 'inspec archive' do
+  include FunctionalHelper
+
+  it 'archive is successful' do
+    out = inspec('archive ' + example_profile + ' --overwrite')
+    out.exit_status.must_equal 0
+    out.stdout.must_match /Generate archive [^ ]*profile.tar.gz/
+    out.stdout.must_include 'Finished archive generation.'
+  end
+
+  it 'archives to output file' do
+    out = inspec('archive ' + example_profile + ' --output ' + dst.path)
+    out.stderr.must_equal ''
+    out.stdout.must_include 'Generate archive '+dst.path
+    out.stdout.must_include 'Finished archive generation.'
+    out.exit_status.must_equal 0
+    File.exist?(dst.path).must_equal true
+  end
+
+  it 'auto-archives when no --output is given' do
+    auto_dst = File.join(repo_path, 'profile.tar.gz')
+    out = inspec('archive ' + example_profile + ' --overwrite')
+    out.stderr.must_equal ''
+    out.stdout.must_include 'Generate archive '+auto_dst
+    out.stdout.must_include 'Finished archive generation.'
+    out.exit_status.must_equal 0
+    File.exist?(auto_dst).must_equal true
+  end
+
+  it 'archive on invalid archive' do
+    out = inspec('archive /proc --output ' + dst.path)
+    # out.stdout.must_equal '' => we have partial stdout output right now
+    out.stderr.must_include "Don't understand inspec profile in \"/proc\""
+    out.exit_status.must_equal 1
+    File.exist?(dst.path).must_equal false
+  end
+
+  it 'archive wont overwrite existing files' do
+    x = rand.to_s
+    File.write(dst.path, x)
+    out = inspec('archive ' + example_profile + ' --output ' + dst.path)
+    out.stderr.must_equal '' # uh...
+    out.stdout.must_include "Archive #{dst.path} exists already. Use --overwrite."
+    out.exit_status.must_equal 1
+    File.read(dst.path).must_equal x
+  end
+
+  it 'archive will overwrite files if necessary' do
+    x = rand.to_s
+    File.write(dst.path, x)
+    out = inspec('archive ' + example_profile + ' --output ' + dst.path + ' --overwrite')
+    out.stderr.must_equal ''
+    out.stdout.must_include 'Generate archive '+dst.path
+    out.exit_status.must_equal 0
+    File.read(dst.path).wont_equal x
+  end
+
+  it 'creates valid tar.gz archives' do
+    out = inspec('archive ' + example_profile + ' --output ' + dst.path + ' --tar')
+    out.stderr.must_equal ''
+    out.stdout.must_include 'Generate archive '+dst.path
+    out.exit_status.must_equal 0
+    t = Zlib::GzipReader.open(dst.path)
+    Gem::Package::TarReader.new(t).entries.map(&:header).map(&:name).must_include 'inspec.yml'
+  end
+
+  it 'creates valid zip archives' do
+    out = inspec('archive ' + example_profile + ' --output ' + dst.path + ' --zip')
+    out.stderr.must_equal ''
+    out.stdout.must_include 'Generate archive '+dst.path
+    out.exit_status.must_equal 0
+    Zip::File.new(dst.path).entries.map(&:name).must_include 'inspec.yml'
+  end
+end

data/test/functional/inspec_exec_test.rb

@@ -0,0 +1,141 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+
+require 'functional/helper'
+
+describe 'inspec exec' do
+  include FunctionalHelper
+
+  it 'can execute the profile' do
+    out = inspec('exec ' + example_profile)
+    out.stderr.must_equal ''
+    out.exit_status.must_equal 0
+    out.stdout.must_match /^Pending: /
+    out.stdout.must_include '4 examples, 0 failures, 1 pending'
+  end
+
+  it 'executes only specified controls' do
+    out = inspec('exec ' + example_profile + ' --controls tmp-1.0')
+    out.stderr.must_equal ''
+    out.exit_status.must_equal 0
+    out.stdout.must_include '1 example, 0 failures'
+  end
+
+  it 'can execute the profile with the json formatter' do
+    out = inspec('exec ' + example_profile + ' --format json')
+    out.stderr.must_equal ''
+    out.exit_status.must_equal 0
+    JSON.load(out.stdout).must_be_kind_of Hash
+  end
+
+  describe 'execute a profile with json formatting' do
+    let(:json) { JSON.load(inspec('exec ' + example_profile + ' --format json').stdout) }
+    let(:examples) { json['examples'] }
+    let(:ex1) { examples.find{|x| x['id'] == 'tmp-1.0'} }
+    let(:ex2) { examples.find{|x| x['id'] =~ /generated/} }
+    let(:ex3) { examples.find{|x| x['id'] == 'gordon-1.0'} }
+
+    it 'must have 4 examples' do
+      json['examples'].length.must_equal 4
+    end
+
+    it 'id in json' do
+      examples.find { |ex| !ex.key? 'id' }.must_be :nil?
+    end
+
+    it 'impact in json' do
+      ex1['impact'].must_equal 0.7
+      ex2['impact'].must_be :nil?
+    end
+
+    it 'status in json' do
+      ex1['status'].must_equal 'passed'
+      ex3['status'].must_equal 'pending'
+    end
+
+    it 'pending message in json' do
+      ex1['pending_message'].must_be :nil?
+      ex3['pending_message'].must_equal 'Not yet implemented'
+    end
+  end
+
+  describe 'execute a profile with fulljson formatting' do
+    let(:json) { JSON.load(inspec('exec ' + example_profile + ' --format fulljson').stdout) }
+    let(:examples) { json['examples'] }
+    let(:metadata) { json['profiles'][0] }
+    let(:ex1) { examples.find{|x| x['id'] == 'tmp-1.0'} }
+    let(:ex2) { examples.find{|x| x['id'] =~ /generated/} }
+    let(:ex3) { examples.find{|x| x['id'] == 'gordon-1.0'} }
+
+    it 'has all the metadata' do
+      metadata.must_equal({
+        "name" => "profile",
+        "title" => "InSpec Example Profile",
+        "maintainer" => "Chef Software, Inc.",
+        "copyright" => "Chef Software, Inc.",
+        "copyright_email" => "support@chef.io",
+        "license" => "Apache 2 license",
+        "summary" => "Demonstrates the use of InSpec Compliance Profile",
+        "version" => "1.0.0",
+        "supports" => [{"os-family" => "unix"}]
+      })
+    end
+
+    it 'must have 4 examples' do
+      json['examples'].length.must_equal 4
+    end
+
+    it 'id in json' do
+      examples.find { |ex| !ex.key? 'id' }.must_be :nil?
+    end
+
+    it 'title in json' do
+      ex3['title'].must_equal 'Verify the version number of Gordon'
+    end
+
+    it 'desc in json' do
+      ex3['desc'].must_equal 'An optional description...'
+    end
+
+    it 'code in json' do
+      ex3['code'].wont_be :nil?
+    end
+
+    it 'code_desc in json' do
+      ex3['code_desc'].wont_be :nil?
+    end
+
+    it 'impact in json' do
+      ex1['impact'].must_equal 0.7
+      ex2['impact'].must_be :nil?
+    end
+
+    it 'status in json' do
+      ex1['status'].must_equal 'passed'
+      ex3['status'].must_equal 'pending'
+    end
+
+    it 'ref in json' do
+      ex1['ref'].must_match %r{examples/profile/controls/example.rb$}
+    end
+
+    it 'ref_line in json' do
+      ex1['ref_line'].must_equal 14
+    end
+
+    it 'run_time in json' do
+      ex1['run_time'].wont_be :nil?
+    end
+
+    it 'start_time in json' do
+      ex1['start_time'].wont_be :nil?
+    end
+
+    it 'pending message in json' do
+      ex1['pending'].must_be :nil?
+      ex3['pending'].must_equal "Can't find file \"/tmp/gordon/config.yaml\""
+    end
+  end
+
+end

data/test/functional/inspec_json_test.rb

@@ -0,0 +1,104 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+
+require 'functional/helper'
+
+describe 'inspec json' do
+  include FunctionalHelper
+
+  it 'read the profile json' do
+    out = inspec('json ' + example_profile)
+    out.stderr.must_equal ''
+    out.exit_status.must_equal 0
+    s = out.stdout
+    JSON.load(s).must_be_kind_of Hash
+  end
+
+  describe 'json profile data' do
+    let(:json) { JSON.load(inspec('json ' + example_profile).stdout) }
+
+    it 'has a name' do
+      json['name'].must_equal 'profile'
+    end
+
+    it 'has a title' do
+      json['title'].must_equal 'InSpec Example Profile'
+    end
+
+    it 'has a summary' do
+      json['summary'].must_equal 'Demonstrates the use of InSpec Compliance Profile'
+    end
+
+    it 'has a version' do
+      json['version'].must_equal '1.0.0'
+    end
+
+    it 'has a maintainer' do
+      json['maintainer'].must_equal 'Chef Software, Inc.'
+    end
+
+    it 'has a copyright' do
+      json['copyright'].must_equal 'Chef Software, Inc.'
+    end
+
+    it 'has rules' do
+      json['rules'].length.must_equal 3 # TODO: flatten out or search deeper!
+    end
+
+    describe 'a rule' do
+      let(:rule) { json['rules']['controls/example.rb']['rules']['tmp-1.0'] }
+
+      it 'has a title' do
+        rule['title'].must_equal 'Create /tmp directory'
+      end
+
+      it 'has a description' do
+        rule['desc'].must_equal 'An optional description...'
+      end
+
+      it 'has an impact' do
+        rule['impact'].must_equal 0.7
+      end
+
+      it 'has a ref' do
+        rule['refs'].must_equal([{'ref' => 'Document A-12', 'url' => 'http://...'}])
+      end
+
+      it 'has a source location' do
+        loc = File.join(example_profile, '/controls/example.rb')
+        rule['source_location'].must_equal [loc, 8]
+      end
+
+      it 'has a the source code' do
+        rule['code'].must_match /\Acontrol \"tmp-1.0\" do.*end\n\Z/m
+      end
+    end
+  end
+
+  describe 'filter with --controls' do
+    let(:out) { inspec('json ' + example_profile + ' --controls tmp-1.0') }
+
+    it 'still succeeds' do
+      out.stderr.must_equal ''
+      out.exit_status.must_equal 0
+    end
+
+    it 'only has one control included' do
+      json = JSON.load(out.stdout)
+      grps = json['rules']
+      grps.keys.must_equal ['controls/example.rb']
+      rules = grps.values[0]['rules']
+      rules.keys.must_equal ['tmp-1.0']
+    end
+  end
+
+  it 'writes json to file' do
+    out = inspec('json ' + example_profile + ' --output ' + dst.path)
+    out.stderr.must_equal ''
+    out.exit_status.must_equal 0
+    hm = JSON.load(File.read(dst.path))
+    hm['name'].must_equal 'profile'
+    hm['rules'].length.must_equal 3 # TODO: flatten out or search deeper!
+  end
+end

data/test/functional/inspec_test.rb

@@ -0,0 +1,54 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+
+require 'functional/helper'
+
+describe 'command tests' do
+  include FunctionalHelper
+
+  describe 'detect' do
+    it 'runs well on all nodes' do
+      out = inspec('detect')
+      out.stderr.must_equal ''
+      out.exit_status.must_equal 0
+      j = JSON.load(out.stdout)
+      j.keys.must_include 'name'
+      j.keys.must_include 'family'
+      j.keys.must_include 'arch'
+      j.keys.must_include 'release'
+    end
+  end
+
+  describe 'version' do
+    it 'provides the version number on stdout' do
+      out = inspec('version')
+      out.stderr.must_equal ''
+      out.exit_status.must_equal 0
+      out.stdout.must_equal Inspec::VERSION+"\n"
+    end
+  end
+
+  describe 'shell' do
+    it 'provides a help command' do
+      out = CMD.run_command("echo \"help\nexit\" | #{exec_inspec} shell")
+      out.exit_status.must_equal 0
+      out.stdout.must_include 'Available commands:'
+      out.stdout.must_include 'You are currently running on:'
+    end
+
+    it 'exposes all resources' do
+      out = CMD.run_command("echo \"os\nexit\" | #{exec_inspec} shell")
+      out.exit_status.must_equal 0
+      out.stdout.must_match /^=> .*Operating.* .*System.* .*Detection.*$/
+    end
+  end
+
+  describe 'check' do
+    it 'verifies that a profile is ok' do
+      out = inspec('check ' + example_profile)
+      out.stdout.must_match /Valid.*true/
+      out.exit_status.must_equal 0
+    end
+  end
+end

data/test/unit/profile_context_test.rb

@@ -91,7 +91,7 @@ describe Inspec::ProfileContext do
     it 'supports empty describe calls' do
       load('describe').must_output ''
       profile.rules.keys.length.must_equal 1
-      profile.rules.keys[0].must_match /^\(generated from unknown:1 [0-9a-f]+\)$/
+      profile.rules.keys[0].must_match /^\(generated from \(eval\):1 [0-9a-f]+\)$/
       profile.rules.values[0].must_be_kind_of Inspec::Rule
     end
 
@@ -99,7 +99,7 @@ describe Inspec::ProfileContext do
       load('describe true do; it { should_eq true }; end')
         .must_output ''
       profile.rules.keys.length.must_equal 1
-      profile.rules.keys[0].must_match /^\(generated from unknown:1 [0-9a-f]+\)$/
+      profile.rules.keys[0].must_match /^\(generated from \(eval\):1 [0-9a-f]+\)$/
       profile.rules.values[0].must_be_kind_of Inspec::Rule
     end
 
@@ -108,7 +108,7 @@ describe Inspec::ProfileContext do
         .must_output ''
       profile.rules.keys.length.must_equal 3
       [0, 1, 2].each do |i|
-        profile.rules.keys[i].must_match /^\(generated from unknown:2 [0-9a-f]+\)$/
+        profile.rules.keys[i].must_match /^\(generated from \(eval\):2 [0-9a-f]+\)$/
         profile.rules.values[i].must_be_kind_of Inspec::Rule
       end
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: inspec
 version: !ruby/object:Gem::Version
-  version: 0.16.3
+  version: 0.16.4
 platform: ruby
 authors:
 - Dominik Richter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-03-23 00:00:00.000000000 Z
+date: 2016-03-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: r-train
@@ -208,11 +208,9 @@ files:
 - examples/profile/README.md
 - examples/profile/controls/example.rb
 - examples/profile/controls/gordon.rb
+- examples/profile/controls/meta.rb
 - examples/profile/inspec.yml
 - examples/profile/libraries/gordon_config.rb
-- examples/resource/controls/tiny.rb
-- examples/resource/inspec.yml
-- examples/resource/libraries/tiny.rb
 - inspec.gemspec
 - lib/bundles/README.md
 - lib/bundles/inspec-compliance.rb
@@ -360,7 +358,12 @@ files:
 - test/cookbooks/os_prepare/templates/default/sv-default-svlog-run.erb
 - test/docker_run.rb
 - test/docker_test.rb
-- test/functional/command_test.rb
+- test/functional/helper.rb
+- test/functional/inheritance_test.rb
+- test/functional/inspec_archive_test.rb
+- test/functional/inspec_exec_test.rb
+- test/functional/inspec_json_test.rb
+- test/functional/inspec_test.rb
 - test/helper.rb
 - test/integration/default/_debug_spec.rb
 - test/integration/default/apache_conf_spec.rb
@@ -617,7 +620,12 @@ test_files:
 - test/cookbooks/os_prepare/templates/default/sv-default-svlog-run.erb
 - test/docker_run.rb
 - test/docker_test.rb
-- test/functional/command_test.rb
+- test/functional/helper.rb
+- test/functional/inheritance_test.rb
+- test/functional/inspec_archive_test.rb
+- test/functional/inspec_exec_test.rb
+- test/functional/inspec_json_test.rb
+- test/functional/inspec_test.rb
 - test/helper.rb
 - test/integration/default/_debug_spec.rb
 - test/integration/default/apache_conf_spec.rb