inspec 0.30.0 → 0.31.0

data/test/docker_test.rb

@@ -1,58 +0,0 @@
-# encoding: utf-8
-# author: Dominik Richter
-
-require_relative 'docker_run'
-require_relative '../lib/inspec'
-#
-# BUGON: These requires are to get around concurrency issues with
-# autoloading in Ruby
-#
-require 'train'
-require 'train/plugins'
-require 'train/plugins/transport'
-require 'train/transports/docker'
-
-tests = ARGV
-if tests.empty?
-  puts 'Nothing to do.'
-  exit 0
-end
-
-class DockerTester
-  def initialize(tests)
-    @tests = tests
-    @docker = DockerRunner.new
-  end
-
-  def run
-    puts ['Running tests:', @tests].flatten.join("\n- ")
-    puts ''
-
-    conf = RSpec.configuration
-    reporter = conf.reporter
-    results = nil
-
-    # start reporting loop
-    reporter.report(0) do |report|
-      results = @docker.run_all do |name, container|
-        status = test_container(container, report)
-        status.all? ? nil : "Failed to run tests on #{name}"
-      end
-    end
-
-    # check if we were successful
-    failures = results.compact
-    failures.each { |f| puts "\033[31;1m#{f}\033[0m\n\n" }
-    failures.empty? or fail 'Test failures'
-  end
-
-  def test_container(container, report)
-    puts "--> run test on docker #{container.id}"
-    opts = { 'target' => "docker://#{container.id}" }
-    runner = Inspec::Runner.new(opts)
-    @tests.each { |test| runner.add_target(test, opts) }
-    runner.tests.map { |g| g.run(report) }
-  end
-end
-
-DockerTester.new(tests).run

data/test/functional/helper.rb

@@ -1,37 +0,0 @@
-# encoding: utf-8
-# author: Dominik Richter
-# author: Christoph Hartmann
-
-require 'helper'
-
-require 'minitest/hell'
-class Minitest::Test
-  parallelize_me!
-end
-
-class Module
-  include Minitest::Spec::DSL
-end
-
-module FunctionalHelper
-  let(:repo_path) { File.expand_path(File.join( __FILE__, '..', '..', '..')) }
-  let(:exec_inspec) { File.join(repo_path, 'bin', 'inspec') }
-  let(:profile_path) { File.join(repo_path, 'test', 'unit', 'mock', 'profiles') }
-  let(:examples_path) { File.join(repo_path, 'examples') }
-
-  let(:example_profile) { File.join(examples_path, 'profile') }
-  let(:example_control) { File.join(example_profile, 'controls', 'example.rb') }
-  let(:inheritance_profile) { File.join(examples_path, 'profile') }
-
-  let(:dst) {
-    # create a temporary path, but we only want an auto-clean helper
-    # so remove the file and give back the path
-    res = Tempfile.new('inspec-shred')
-    FileUtils.rm(res.path)
-    TMP_CACHE[res.path] = res
-  }
-
-  def inspec(commandline)
-    CMD.run_command("#{exec_inspec} #{commandline}")
-  end
-end

data/test/functional/inheritance_test.rb

@@ -1,62 +0,0 @@
-# encoding: utf-8
-# author: Dominik Richter
-# author: Christoph Hartmann
-
-require 'functional/helper'
-
-describe 'example inheritance profile' do
-  include FunctionalHelper
-  let(:path) { File.join(examples_path, 'inheritance') }
-
-  it 'check succeeds with --profiles-path' do
-    out = inspec('check ' + path + ' --profiles-path ' + examples_path)
-    out.stderr.must_equal ''
-    out.stdout.must_match /Valid.*true/
-    out.exit_status.must_equal 0
-  end
-
-  it 'check succeeds without --profiles-path using inspec.yml' do
-    out = inspec('check ' + path)
-    out.stderr.must_equal ''
-    out.stdout.must_match /Valid.*true/
-    out.exit_status.must_equal 0
-  end
-
-  it 'archive is successful with --profiles-path' do
-    out = inspec('archive ' + path + ' --output ' + dst.path + ' --profiles-path ' + examples_path)
-    out.stderr.must_equal ''
-    out.stdout.must_include 'Generate archive '+dst.path
-    out.stdout.must_include 'Finished archive generation.'
-    out.exit_status.must_equal 0
-    File.exist?(dst.path).must_equal true
-  end
-
-  it 'archive is successful without --profiles-path using inspec.yml' do
-    out = inspec('archive ' + path + ' --output ' + dst.path)
-    out.stderr.must_equal ''
-    out.stdout.must_include 'Generate archive '+dst.path
-    out.stdout.must_include 'Finished archive generation.'
-    out.exit_status.must_equal 0
-    File.exist?(dst.path).must_equal true
-  end
-
-  it 'read the profile json with --profiles-path' do
-    out = inspec('json ' + path + ' --profiles-path '+examples_path)
-    out.stderr.must_equal ''
-    out.exit_status.must_equal 0
-    s = out.stdout
-    hm = JSON.load(s)
-    hm['name'].must_equal 'inheritance'
-    hm['controls'].length.must_equal 3
-  end
-
-  it 'read the profile json without --profiles-path using inspec.yml' do
-    out = inspec('json ' + path)
-    out.stderr.must_equal ''
-    out.exit_status.must_equal 0
-    s = out.stdout
-    hm = JSON.load(s)
-    hm['name'].must_equal 'inheritance'
-    hm['controls'].length.must_equal 3
-  end
-end

data/test/functional/inspec_archive_test.rb

@@ -1,80 +0,0 @@
-# encoding: utf-8
-# author: Dominik Richter
-# author: Christoph Hartmann
-
-require 'functional/helper'
-
-describe 'inspec archive' do
-  include FunctionalHelper
-
-  it 'archive is successful' do
-    out = inspec('archive ' + example_profile + ' --overwrite')
-    out.exit_status.must_equal 0
-    out.stdout.must_match /Generate archive [^ ]*profile.tar.gz/
-    out.stdout.must_include 'Finished archive generation.'
-  end
-
-  it 'archives to output file' do
-    out = inspec('archive ' + example_profile + ' --output ' + dst.path)
-    out.stderr.must_equal ''
-    out.stdout.must_include 'Generate archive '+dst.path
-    out.stdout.must_include 'Finished archive generation.'
-    out.exit_status.must_equal 0
-    File.exist?(dst.path).must_equal true
-  end
-
-  it 'auto-archives when no --output is given' do
-    auto_dst = File.join(repo_path, 'profile.tar.gz')
-    out = inspec('archive ' + example_profile + ' --overwrite')
-    out.stderr.must_equal ''
-    out.stdout.must_include 'Generate archive '+auto_dst
-    out.stdout.must_include 'Finished archive generation.'
-    out.exit_status.must_equal 0
-    File.exist?(auto_dst).must_equal true
-  end
-
-  it 'archive on invalid archive' do
-    out = inspec('archive /proc --output ' + dst.path)
-    # out.stdout.must_equal '' => we have partial stdout output right now
-    out.stderr.must_include "Don't understand inspec profile in \"/proc\""
-    out.exit_status.must_equal 1
-    File.exist?(dst.path).must_equal false
-  end
-
-  it 'archive wont overwrite existing files' do
-    x = rand.to_s
-    File.write(dst.path, x)
-    out = inspec('archive ' + example_profile + ' --output ' + dst.path)
-    out.stderr.must_equal '' # uh...
-    out.stdout.must_include "Archive #{dst.path} exists already. Use --overwrite."
-    out.exit_status.must_equal 1
-    File.read(dst.path).must_equal x
-  end
-
-  it 'archive will overwrite files if necessary' do
-    x = rand.to_s
-    File.write(dst.path, x)
-    out = inspec('archive ' + example_profile + ' --output ' + dst.path + ' --overwrite')
-    out.stderr.must_equal ''
-    out.stdout.must_include 'Generate archive '+dst.path
-    out.exit_status.must_equal 0
-    File.read(dst.path).wont_equal x
-  end
-
-  it 'creates valid tar.gz archives' do
-    out = inspec('archive ' + example_profile + ' --output ' + dst.path + ' --tar')
-    out.stderr.must_equal ''
-    out.stdout.must_include 'Generate archive '+dst.path
-    out.exit_status.must_equal 0
-    t = Zlib::GzipReader.open(dst.path)
-    Gem::Package::TarReader.new(t).entries.map(&:header).map(&:name).must_include 'inspec.yml'
-  end
-
-  it 'creates valid zip archives' do
-    out = inspec('archive ' + example_profile + ' --output ' + dst.path + ' --zip')
-    out.stderr.must_equal ''
-    out.stdout.must_include 'Generate archive '+dst.path
-    out.exit_status.must_equal 0
-    Zip::File.new(dst.path).entries.map(&:name).must_include 'inspec.yml'
-  end
-end

data/test/functional/inspec_compliance_test.rb

@@ -1,61 +0,0 @@
-# encoding: utf-8
-# author: Dominik Richter
-# author: Christoph Hartmann
-
-require 'functional/helper'
-
-# basic testing without availability of any server
-describe 'inspec compliance' do
-  include FunctionalHelper
-
-  it 'help' do
-    out = inspec('compliance help')
-    out.exit_status.must_equal 0
-    out.stdout.must_include 'inspec compliance exec PROFILE'
-  end
-
-  # ensure we are logged out
-  it 'logout' do
-    out = inspec('compliance logout')
-    out.exit_status.must_equal 0
-    out.stdout.must_include ''
-  end
-
-  it 'login server url missing' do
-    out = inspec('compliance login')
-    #TODO: we need to convince thor that this is an error
-    out.exit_status.must_equal 0
-    out.stderr.must_include 'ERROR: "inspec login" was called with no arguments'
-  end
-
-  it 'login server with missing parameters' do
-    out = inspec('compliance login http://example.com')
-    out.exit_status.must_equal 1
-    #TODO: inspec should really use stderr for errors
-    out.stdout.must_include 'Please run `inspec compliance login` with options'
-  end
-
-  it 'inspec compliance profiles without authentication' do
-    out = inspec('compliance profile')
-    out.stdout.must_include 'You need to login first with `inspec compliance login`'
-    out.exit_status.must_equal 0
-  end
-
-  it 'try to upload a profile without directory' do
-    out = inspec('compliance upload')
-    out.stderr.must_include 'ERROR: "inspec upload" was called with no arguments'
-    out.exit_status.must_equal 0
-  end
-
-  it 'try to upload a profile a non-existing path' do
-    out = inspec('compliance upload /path/to/dir')
-    out.stdout.must_include 'You need to login first with `inspec compliance login`'
-    out.exit_status.must_equal 0
-  end
-
-  it 'logout' do
-    out = inspec('compliance logout')
-    out.exit_status.must_equal 0
-    out.stdout.must_include ''
-  end
-end

data/test/functional/inspec_exec_json_test.rb

@@ -1,122 +0,0 @@
-# encoding: utf-8
-# author: Dominik Richter
-# author: Christoph Hartmann
-
-require 'functional/helper'
-
-describe 'inspec exec with json formatter' do
-  include FunctionalHelper
-
-  it 'can execute a simple file with the json formatter' do
-    out = inspec('exec ' + example_control + ' --format json')
-    out.stderr.must_equal ''
-    out.exit_status.must_equal 0
-    JSON.load(out.stdout).must_be_kind_of Hash
-  end
-
-  it 'can execute the profile with the json formatter' do
-    out = inspec('exec ' + example_profile + ' --format json')
-    out.stderr.must_equal ''
-    out.exit_status.must_equal 0
-    JSON.load(out.stdout).must_be_kind_of Hash
-  end
-
-  describe 'execute a profile with json formatting' do
-    let(:json) { JSON.load(inspec('exec ' + example_profile + ' --format json').stdout) }
-    let(:profile) { json['profiles']['profile'] }
-    let(:controls) { profile['controls'] }
-    let(:ex1) { controls['tmp-1.0'] }
-    let(:ex2) {
-      k = controls.keys.find { |x| x =~ /generated/ }
-      controls[k]
-    }
-    let(:ex3) { profile['controls']['gordon-1.0'] }
-    let(:check_result) {
-      ex3['results'].find { |x| x['resource'] == 'gordon_config' }
-    }
-
-    it 'has all the metadata' do
-      actual = profile.dup
-      key = actual.delete('controls').keys
-                  .find { |x| x =~ /generated from example.rb/ }
-      actual.must_equal({
-        "name" => "profile",
-        "title" => "InSpec Example Profile",
-        "maintainer" => "Chef Software, Inc.",
-        "copyright" => "Chef Software, Inc.",
-        "copyright_email" => "support@chef.io",
-        "license" => "Apache 2 license",
-        "summary" => "Demonstrates the use of InSpec Compliance Profile",
-        "version" => "1.0.0",
-        "supports" => [{"os-family" => "unix"}],
-        "groups" => {
-          "controls/meta.rb" => {"title"=>"SSH Server Configuration", "controls"=>["ssh-1"]},
-          "controls/example.rb" => {"title"=>"/tmp profile", "controls"=>["tmp-1.0", key]},
-          "controls/gordon.rb" => {"title"=>"Gordon Config Checks", "controls"=>["gordon-1.0"]},
-        },
-        "attributes" => []
-      })
-    end
-
-    it 'must have 4 controls' do
-      controls.length.must_equal 4
-    end
-
-    it 'has an id for every control' do
-      controls.keys.find(&:nil?).must_be :nil?
-    end
-
-    it 'has no missing checks' do
-      json['other_checks'].must_equal([])
-    end
-
-    it 'has results for every control' do
-      ex1['results'].length.must_equal 1
-      ex2['results'].length.must_equal 1
-      ex3['results'].length.must_equal 2
-    end
-
-    it 'has the right result for tmp-1.0' do
-      actual = ex1.dup
-
-      src = actual.delete('source_location')
-      src['ref'].must_match %r{examples/profile/controls/example.rb$}
-      src['line'].must_equal 8
-
-      result = actual.delete('results')[0]
-      result.wont_be :nil?
-      result['status'].must_equal 'passed'
-      result['code_desc'].must_equal 'File /tmp should be directory'
-      result['run_time'].wont_be :nil?
-      result['start_time'].wont_be :nil?
-
-      actual.must_equal({
-        "title" => "Create /tmp directory",
-        "desc" => "An optional description...",
-        "impact" => 0.7,
-        "refs" => [
-          {
-            "url" => "http://...",
-            "ref" => "Document A-12"
-          }
-        ],
-        "tags" => {
-          "data" => "temp data",
-          "security" => nil
-        },
-        "code" => "control \"tmp-1.0\" do                        # A unique ID for this control\n  impact 0.7                                # The criticality, if this control fails.\n  title \"Create /tmp directory\"             # A human-readable title\n  desc \"An optional description...\"         # Describe why this is needed\n  tag data: \"temp data\"                     # A tag allows you to associate key information\n  tag \"security\"                            # to the test\n  ref \"Document A-12\", url: 'http://...'    # Additional references\n\n  describe file('/tmp') do                  # The actual test\n    it { should be_directory }\n  end\nend\n",
-      })
-    end
-  end
-
-  describe 'with a profile that is not supported on this OS/platform' do
-    let(:out) { inspec('exec ' + File.join(profile_path, 'skippy-profile-os') + ' --format json') }
-    let(:json) { JSON.load(out.stdout) }
-
-    # TODO: failure handling in json formatters...
-
-    it 'never runs the actual resource' do
-      File.exist?('/tmp/inspec_test_DONT_CREATE').must_equal false
-    end
-  end
-end

data/test/functional/inspec_exec_jsonmin_test.rb

@@ -1,59 +0,0 @@
-# encoding: utf-8
-# author: Dominik Richter
-# author: Christoph Hartmann
-
-require 'functional/helper'
-
-describe 'inspec exec' do
-  include FunctionalHelper
-
-  it 'can execute the profile with the mini json formatter' do
-    out = inspec('exec ' + example_profile + ' --format json-min')
-    out.stderr.must_equal ''
-    out.exit_status.must_equal 0
-    JSON.load(out.stdout).must_be_kind_of Hash
-  end
-
-  it 'can execute a simple file with the mini json formatter' do
-    out = inspec('exec ' + example_control + ' --format json-min')
-    out.stderr.must_equal ''
-    out.exit_status.must_equal 0
-    JSON.load(out.stdout).must_be_kind_of Hash
-  end
-
-  describe 'execute a profile with mini json formatting' do
-    let(:json) { JSON.load(inspec('exec ' + example_profile + ' --format json-min').stdout) }
-    let(:controls) { json['controls'] }
-    let(:ex1) { controls.find{|x| x['id'] == 'tmp-1.0'} }
-    let(:ex2) { controls.find{|x| x['id'] =~ /generated/} }
-    let(:ex3) { controls.find{|x| x['id'] == 'gordon-1.0'} }
-
-    it 'must have 5 examples' do
-      json['controls'].length.must_equal 5
-    end
-
-    it 'has an id' do
-      controls.find { |ex| !ex.key? 'id' }.must_be :nil?
-    end
-
-    it 'has a profile_id' do
-      controls.find { |ex| !ex.key? 'profile_id' }.must_be :nil?
-    end
-
-    it 'has a code_desc' do
-      ex1['code_desc'].must_equal 'File /tmp should be directory'
-      controls.find { |ex| !ex.key? 'code_desc' }.must_be :nil?
-    end
-
-    it 'has a status' do
-      ex1['status'].must_equal 'passed'
-      ex3['status'].must_equal 'skipped'
-    end
-
-    it 'has a skip_message' do
-      ex1['skip_message'].must_be :nil?
-      ex3['skip_message'].must_equal "Can't find file \"/tmp/gordon/config.yaml\""
-    end
-  end
-
-end

data/test/functional/inspec_exec_test.rb

@@ -1,123 +0,0 @@
-# encoding: utf-8
-# author: Dominik Richter
-# author: Christoph Hartmann
-
-require 'functional/helper'
-
-describe 'inspec exec' do
-  include FunctionalHelper
-
-  it 'can execute the profile' do
-    out = inspec('exec ' + example_profile)
-    out.stderr.must_equal ''
-    out.exit_status.must_equal 0
-    stdout = out.stdout.force_encoding(Encoding::UTF_8)
-    stdout.must_include "\n\e[32m  ✔  ssh-1: Allow only SSH Protocol 2\e[0m\n"
-    stdout.must_include "\n\e[32m  ✔  tmp-1.0: Create /tmp directory\e[0m\n"
-    stdout.must_include "
-\e[37m  ○  gordon-1.0: Verify the version number of Gordon (1 skipped)\e[0m
-\e[37m     Can't find file \"/tmp/gordon/config.yaml\"\e[0m
-"
-    stdout.must_include "\nSummary: \e[32m4 successful\e[0m, \e[31m0 failures\e[0m, \e[37m1 skipped\e[0m\n"
-  end
-
-  it 'executes a minimum metadata-only profile' do
-    out = inspec('exec ' + File.join(profile_path, 'simple-metadata'))
-    out.stderr.must_equal ''
-    out.exit_status.must_equal 0
-    out.stdout.must_equal "
-Profile: yumyum profile
-Version: unknown
-Target:  local://
-
-     No tests executed.\e[0m
-
-Summary: \e[32m0 successful\e[0m, \e[31m0 failures\e[0m, \e[37m0 skipped\e[0m
-"
-  end
-
-  it 'executes a metadata-only profile' do
-    out = inspec('exec ' + File.join(profile_path, 'complete-metadata'))
-    out.stderr.must_equal ''
-    out.exit_status.must_equal 0
-    out.stdout.must_equal "
-Profile: title (name)
-Version: 1.2.3
-Target:  local://
-
-     No tests executed.\e[0m
-
-Summary: \e[32m0 successful\e[0m, \e[31m0 failures\e[0m, \e[37m0 skipped\e[0m
-"
-  end
-
-  it 'executes a specs-only profile' do
-    out = inspec('exec ' + File.join(profile_path, 'spec_only'))
-    out.stderr.must_equal ''
-    out.exit_status.must_equal 1
-    out.stdout.force_encoding(Encoding::UTF_8).must_equal "
-Target:  local://
-
-\e[32m  ✔  working should eq \"working\"\e[0m
-\e[37m  ○  skippy This will be skipped intentionally.\e[0m
-\e[31m  ✖  failing should eq \"as intended\" (
-     expected: \"as intended\"
-          got: \"failing\"
-     
-     (compared using ==)
-     )\e[0m
-
-Summary: \e[32m1 successful\e[0m, \e[31m1 failures\e[0m, \e[37m1 skipped\e[0m
-"
-  end
-
-  it 'executes only specified controls' do
-    out = inspec('exec ' + example_profile + ' --controls tmp-1.0')
-    out.stderr.must_equal ''
-    out.exit_status.must_equal 0
-    out.stdout.must_include "\nSummary: \e[32m1 successful\e[0m, \e[31m0 failures\e[0m, \e[37m0 skipped\e[0m\n"
-  end
-
-  it 'can execute a simple file with the default formatter' do
-    out = inspec('exec ' + example_control)
-    out.stderr.must_equal ''
-    out.exit_status.must_equal 0
-    out.stdout.must_include "\nSummary: \e[32m2 successful\e[0m, \e[31m0 failures\e[0m, \e[37m0 skipped\e[0m\n"
-  end
-
-  describe 'with a profile that is not supported on this OS/platform' do
-    let(:out) { inspec('exec ' + File.join(profile_path, 'skippy-profile-os')) }
-    let(:json) { JSON.load(out.stdout) }
-
-    it 'exits with an error' do
-      out.stderr.must_match /^This OS\/platform \(.+\) is not supported by this profile.$/
-      out.exit_status.must_equal 1
-    end
-  end
-
-  describe 'with a profile that is supported on this version of inspec' do
-    let(:out) { inspec('exec ' + File.join(profile_path, 'supported_inspec')) }
-
-    it 'exits cleanly' do
-      out.stderr.must_equal ''
-      out.exit_status.must_equal 0
-    end
-  end
-
-  describe 'with a profile that is not supported on this version of inspec' do
-    let(:out) { inspec('exec ' + File.join(profile_path, 'unsupported_inspec')) }
-
-    it 'does not support this profile' do
-      out.exit_status.must_equal 1
-      out.stderr.must_equal "This profile requires InSpec version >= 99.0.0. You are running InSpec v#{Inspec::VERSION}.\n"
-    end
-  end
-
-  describe 'with a profile that loads a library and reference' do
-    let(:out) { inspec('exec ' + File.join(profile_path, 'library')) }
-
-    it 'executes the profile without error' do
-      out.exit_status.must_equal 0
-    end
-  end
-end