RubyGems - inspec - Versions diffs - 0.9.0 - Mend

inspec 0.9.0

Files changed (247) hide show

checksums.yaml +7 -0
data/.gitignore +8 -0
data/.rubocop.yml +65 -0
data/.travis.yml +23 -0
data/CHANGELOG.md +38 -0
data/Gemfile +33 -0
data/LICENSE +201 -0
data/MAINTAINERS.md +28 -0
data/MAINTAINERS.toml +42 -0
data/README.md +257 -0
data/Rakefile +47 -0
data/bin/inspec +109 -0
data/docs/ctl_inspec.rst +195 -0
data/docs/dsl_inspec.rst +182 -0
data/docs/readme.rst +100 -0
data/docs/resources.rst +4319 -0
data/docs/template.rst +51 -0
data/examples/test-kitchen/.kitchen.yml +20 -0
data/examples/test-kitchen/Berksfile +3 -0
data/examples/test-kitchen/Gemfile +21 -0
data/examples/test-kitchen/README.md +27 -0
data/examples/test-kitchen/metadata.rb +7 -0
data/examples/test-kitchen/recipes/default.rb +6 -0
data/examples/test-kitchen/recipes/nginx.rb +30 -0
data/examples/test-kitchen/test/integration/default/web_spec.rb +28 -0
data/inspec.gemspec +30 -0
data/lib/inspec.rb +20 -0
data/lib/inspec/backend.rb +42 -0
data/lib/inspec/dsl.rb +151 -0
data/lib/inspec/log.rb +34 -0
data/lib/inspec/metadata.rb +79 -0
data/lib/inspec/plugins.rb +9 -0
data/lib/inspec/plugins/resource.rb +62 -0
data/lib/inspec/profile.rb +138 -0
data/lib/inspec/profile_context.rb +170 -0
data/lib/inspec/resource.rb +76 -0
data/lib/inspec/rspec_json_formatter.rb +27 -0
data/lib/inspec/rule.rb +170 -0
data/lib/inspec/runner.rb +154 -0
data/lib/inspec/shell.rb +66 -0
data/lib/inspec/targets.rb +9 -0
data/lib/inspec/targets/core.rb +27 -0
data/lib/inspec/targets/dir.rb +67 -0
data/lib/inspec/targets/file.rb +29 -0
data/lib/inspec/targets/folder.rb +43 -0
data/lib/inspec/targets/tar.rb +34 -0
data/lib/inspec/targets/url.rb +39 -0
data/lib/inspec/targets/zip.rb +47 -0
data/lib/inspec/version.rb +7 -0
data/lib/matchers/matchers.rb +221 -0
data/lib/resources/apache.rb +29 -0
data/lib/resources/apache_conf.rb +113 -0
data/lib/resources/apt.rb +140 -0
data/lib/resources/audit_policy.rb +63 -0
data/lib/resources/auditd_conf.rb +56 -0
data/lib/resources/auditd_rules.rb +53 -0
data/lib/resources/bond.rb +65 -0
data/lib/resources/bridge.rb +114 -0
data/lib/resources/command.rb +57 -0
data/lib/resources/csv.rb +32 -0
data/lib/resources/directory.rb +15 -0
data/lib/resources/etc_group.rb +150 -0
data/lib/resources/file.rb +110 -0
data/lib/resources/gem.rb +46 -0
data/lib/resources/group.rb +132 -0
data/lib/resources/host.rb +143 -0
data/lib/resources/inetd_conf.rb +56 -0
data/lib/resources/interface.rb +127 -0
data/lib/resources/iptables.rb +65 -0
data/lib/resources/json.rb +64 -0
data/lib/resources/kernel_module.rb +40 -0
data/lib/resources/kernel_parameter.rb +55 -0
data/lib/resources/limits_conf.rb +55 -0
data/lib/resources/login_def.rb +60 -0
data/lib/resources/mysql.rb +81 -0
data/lib/resources/mysql_conf.rb +116 -0
data/lib/resources/mysql_session.rb +52 -0
data/lib/resources/npm.rb +44 -0
data/lib/resources/ntp_conf.rb +58 -0
data/lib/resources/oneget.rb +63 -0
data/lib/resources/os.rb +22 -0
data/lib/resources/os_env.rb +34 -0
data/lib/resources/package.rb +169 -0
data/lib/resources/parse_config.rb +75 -0
data/lib/resources/passwd.rb +93 -0
data/lib/resources/pip.rb +75 -0
data/lib/resources/port.rb +296 -0
data/lib/resources/postgres.rb +37 -0
data/lib/resources/postgres_conf.rb +87 -0
data/lib/resources/postgres_session.rb +59 -0
data/lib/resources/processes.rb +57 -0
data/lib/resources/registry_key.rb +54 -0
data/lib/resources/script.rb +34 -0
data/lib/resources/security_policy.rb +73 -0
data/lib/resources/service.rb +379 -0
data/lib/resources/ssh_conf.rb +75 -0
data/lib/resources/user.rb +374 -0
data/lib/resources/windows_feature.rb +77 -0
data/lib/resources/yaml.rb +23 -0
data/lib/resources/yum.rb +154 -0
data/lib/utils/convert.rb +12 -0
data/lib/utils/detect.rb +15 -0
data/lib/utils/find_files.rb +36 -0
data/lib/utils/hash.rb +13 -0
data/lib/utils/modulator.rb +12 -0
data/lib/utils/parser.rb +61 -0
data/lib/utils/simpleconfig.rb +115 -0
data/tasks/maintainers.rb +213 -0
data/test/docker_run.rb +156 -0
data/test/docker_test.rb +51 -0
data/test/helper.rb +200 -0
data/test/integration/.kitchen.yml +42 -0
data/test/integration/Berksfile +4 -0
data/test/integration/cookbooks/os_prepare/metadata.rb +8 -0
data/test/integration/cookbooks/os_prepare/recipes/apt.rb +20 -0
data/test/integration/cookbooks/os_prepare/recipes/default.rb +9 -0
data/test/integration/cookbooks/os_prepare/recipes/file.rb +21 -0
data/test/integration/cookbooks/os_prepare/recipes/package.rb +26 -0
data/test/integration/default/_debug_spec.rb +1 -0
data/test/integration/default/apt_spec.rb +42 -0
data/test/integration/default/file_spec.rb +109 -0
data/test/integration/default/group_spec.rb +32 -0
data/test/integration/default/kernel_module_spec.rb +17 -0
data/test/integration/default/kernel_parameter_spec.rb +56 -0
data/test/integration/default/package_spec.rb +11 -0
data/test/integration/default/service_spec.rb +28 -0
data/test/integration/default/user_spec.rb +44 -0
data/test/resource/command_test.rb +33 -0
data/test/resource/dsl_test.rb +45 -0
data/test/resource/file_test.rb +130 -0
data/test/resource/ssh_config.rb +9 -0
data/test/resource/sshd_config.rb +9 -0
data/test/test-extra.yaml +11 -0
data/test/test.yaml +11 -0
data/test/unit/mock/cmd/Get-NetAdapter +24 -0
data/test/unit/mock/cmd/GetUserAccount +33 -0
data/test/unit/mock/cmd/GetWin32Group +23 -0
data/test/unit/mock/cmd/PATH +1 -0
data/test/unit/mock/cmd/Resolve-DnsName +26 -0
data/test/unit/mock/cmd/Test-NetConnection +4 -0
data/test/unit/mock/cmd/auditctl +7 -0
data/test/unit/mock/cmd/auditpol +2 -0
data/test/unit/mock/cmd/brew-info-jq +1 -0
data/test/unit/mock/cmd/chage-l-root +7 -0
data/test/unit/mock/cmd/dpkg-s-curl +21 -0
data/test/unit/mock/cmd/dscl +5 -0
data/test/unit/mock/cmd/etc-apt +7 -0
data/test/unit/mock/cmd/find-etc-rc-d-name-S +12 -0
data/test/unit/mock/cmd/find-net-interface +9 -0
data/test/unit/mock/cmd/gem-list-local-a-q-rubocop +1 -0
data/test/unit/mock/cmd/get-net-tcpconnection +24 -0
data/test/unit/mock/cmd/get-netadapter-binding-bridge +4 -0
data/test/unit/mock/cmd/get-package-firefox +30 -0
data/test/unit/mock/cmd/get-package-ruby +18 -0
data/test/unit/mock/cmd/get-service-dhcp +10 -0
data/test/unit/mock/cmd/get-windows-feature +7 -0
data/test/unit/mock/cmd/getent-hosts-example.com +1 -0
data/test/unit/mock/cmd/getent-passwd-root +1 -0
data/test/unit/mock/cmd/id-chartmann +1 -0
data/test/unit/mock/cmd/id-root +1 -0
data/test/unit/mock/cmd/initctl-show-config-ssh +3 -0
data/test/unit/mock/cmd/initctl-status-ssh +1 -0
data/test/unit/mock/cmd/iptables-s +6 -0
data/test/unit/mock/cmd/launchctl-list +3 -0
data/test/unit/mock/cmd/ls-1-etc-init.d +2 -0
data/test/unit/mock/cmd/ls-sys-class-net-br +2 -0
data/test/unit/mock/cmd/lsmod +2 -0
data/test/unit/mock/cmd/lsof-np-itcp +4 -0
data/test/unit/mock/cmd/netstat-tulpen +5 -0
data/test/unit/mock/cmd/npm-ls-g--json-bower +9 -0
data/test/unit/mock/cmd/pacman-qi-curl +21 -0
data/test/unit/mock/cmd/ping-example.com +6 -0
data/test/unit/mock/cmd/pip-show-jinja2 +11 -0
data/test/unit/mock/cmd/ps-aux +3 -0
data/test/unit/mock/cmd/pw-usershow-root-7 +1 -0
data/test/unit/mock/cmd/reg_schedule +1 -0
data/test/unit/mock/cmd/rpm-qia-curl +24 -0
data/test/unit/mock/cmd/sbin_sysctl +1 -0
data/test/unit/mock/cmd/secedit-export +7 -0
data/test/unit/mock/cmd/service-e +2 -0
data/test/unit/mock/cmd/service-sendmail-onestatus +3 -0
data/test/unit/mock/cmd/service-sshd-status +1 -0
data/test/unit/mock/cmd/sockstat +5 -0
data/test/unit/mock/cmd/success +0 -0
data/test/unit/mock/cmd/systemctl-show-all-sshd +6 -0
data/test/unit/mock/cmd/win32_product +8 -0
data/test/unit/mock/cmd/yum-repolist-all +52 -0
data/test/unit/mock/files/auditd.conf +4 -0
data/test/unit/mock/files/bond0 +37 -0
data/test/unit/mock/files/etcgroup +3 -0
data/test/unit/mock/files/example.csv +6 -0
data/test/unit/mock/files/inetd.conf +2 -0
data/test/unit/mock/files/kitchen.yml +7 -0
data/test/unit/mock/files/limits.conf +5 -0
data/test/unit/mock/files/login.defs +5 -0
data/test/unit/mock/files/mysql.conf +8 -0
data/test/unit/mock/files/mysql2.conf +2 -0
data/test/unit/mock/files/ntp.conf +5 -0
data/test/unit/mock/files/passwd +2 -0
data/test/unit/mock/files/policyfile.lock.json +12 -0
data/test/unit/mock/files/ssh_config +5 -0
data/test/unit/mock/files/sshd_config +7 -0
data/test/unit/mock/profiles/empty/metadata.rb +0 -0
data/test/unit/mock/profiles/metadata/metadata.rb +1 -0
data/test/unit/profile_context_test.rb +140 -0
data/test/unit/profile_test.rb +49 -0
data/test/unit/resources/apt_test.rb +46 -0
data/test/unit/resources/audit_policy_test.rb +13 -0
data/test/unit/resources/auditd_conf_test.rb +15 -0
data/test/unit/resources/auditd_rules_test.rb +21 -0
data/test/unit/resources/bond_test.rb +24 -0
data/test/unit/resources/bridge_test.rb +56 -0
data/test/unit/resources/csv_test.rb +35 -0
data/test/unit/resources/etc_group_test.rb +37 -0
data/test/unit/resources/gem_test.rb +20 -0
data/test/unit/resources/group_test.rb +96 -0
data/test/unit/resources/host_test.rb +38 -0
data/test/unit/resources/inetd_conf_test.rb +15 -0
data/test/unit/resources/interface_test.rb +54 -0
data/test/unit/resources/iptables_test.rb +30 -0
data/test/unit/resources/json_test.rb +36 -0
data/test/unit/resources/kernel_module_test.rb +23 -0
data/test/unit/resources/kernel_parameter_test.rb +13 -0
data/test/unit/resources/limits_conf_test.rb +14 -0
data/test/unit/resources/login_def_test.rb +16 -0
data/test/unit/resources/mysql_conf_test.rb +14 -0
data/test/unit/resources/npm_test.rb +20 -0
data/test/unit/resources/ntp_conf_test.rb +16 -0
data/test/unit/resources/oneget_test.rb +45 -0
data/test/unit/resources/os_env_test.rb +13 -0
data/test/unit/resources/package_test.rb +51 -0
data/test/unit/resources/passwd_test.rb +24 -0
data/test/unit/resources/pip_test.rb +15 -0
data/test/unit/resources/port_test.rb +46 -0
data/test/unit/resources/processes_test.rb +32 -0
data/test/unit/resources/registry_key_test.rb +19 -0
data/test/unit/resources/script_test.rb +19 -0
data/test/unit/resources/security_policy_test.rb +16 -0
data/test/unit/resources/service_test.rb +116 -0
data/test/unit/resources/ssh_conf_test.rb +33 -0
data/test/unit/resources/user_test.rb +93 -0
data/test/unit/resources/windows_feature.rb +17 -0
data/test/unit/resources/yaml_test.rb +34 -0
data/test/unit/resources/yum_test.rb +68 -0
data/test/unit/simpleconfig_test.rb +80 -0
data/test/unit/utils/content_parser_test.rb +30 -0
metadata +555 -0

data/tasks/maintainers.rb ADDED Viewed

@@ -0,0 +1,213 @@
+# encoding: utf-8
+# Copyright:: Copyright (c) 2015 Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require 'rake'
+SOURCE = File.join(File.dirname(__FILE__), '..', 'MAINTAINERS.toml')
+TARGET = File.join(File.dirname(__FILE__), '..', 'MAINTAINERS.md')
+# The list of repositories that teams should own
+REPOSITORIES = ['chef/inspec']
+begin
+  require 'tomlrb'
+  require 'octokit'
+  require 'pp'
+  task default: :generate
+  namespace :maintainers do
+    desc 'Generate MarkDown version of MAINTAINERS file'
+    task :generate do
+      maintainers = Tomlrb.load_file SOURCE
+      out = "<!-- This is a generated file. Please do not edit directly -->\n\n"
+      out << "<!-- Modify MAINTAINERS.toml and run `rake maintainers:generate` to regenerate. -->\n\n"
+      out << '# ' + maintainers['Preamble']['title'] + "\n\n"
+      out << maintainers['Preamble']['text'] + "\n"
+      out << components(maintainers['people'], maintainers['Org']['Components'])
+      File.open(TARGET, 'w') { |fn|
+        fn.write out
+      }
+    end
+    desc 'Synchronize GitHub teams'
+    task :synchronize do
+      Octokit.auto_paginate = true
+      github_teams
+      prepare_teams(source['Org']['Components'].dup)
+      sync_teams!
+    end
+  end
+  def github
+    @github ||= Octokit::Client.new(netrc: true)
+  end
+  def source
+    @source ||= Tomlrb.load_file SOURCE
+  end
+  def teams
+    @teams ||= { 'inspec-maintainers' => { 'title' => 'Maintainers of the InSpec toolset' } }
+  end
+  def add_members(team, name)
+    teams['inspec-maintainers']['members'] ||= []
+    teams['inspec-maintainers']['members'] << name
+    teams[team] ||= {}
+    teams[team]['members'] ||= []
+    teams[team]['members'] << name
+  end
+  def set_team_title(team, title)
+    teams[team] ||= {}
+    teams[team]['title'] = title
+  end
+  def gh_teams
+    @gh_teams ||= {}
+  end
+  # we have to resolve team names to ids. While we're at it, we can get the privacy
+  # setting, so we know whether we need to update it
+  def github_teams
+    github.org_teams('chef').each do |team|
+      gh_teams[team[:slug]] = { 'id' => team[:id], 'privacy' => team[:privacy] }
+    end
+  end
+  def get_github_team(team)
+    github.team_members(gh_teams[team]['id']).map do |member|
+      member[:login]
+    end.sort.uniq.map(&:downcase)
+  rescue
+    []
+  end
+  def create_team(team)
+    puts "creating new github team: #{team} with title: #{teams[team]['title']} "
+    t = github.create_team('chef', name: team, description: teams[team]['title'],
+                       privacy: 'closed', repo_names: REPOSITORIES,
+                       accept: 'application/vnd.github.ironman-preview+json')
+    gh_teams[team] = { 'id' => t[:id], 'privacy' => t[:privacy] }
+  end
+  def compare_teams(current, desired)
+    # additions are the subtraction of the current state from the desired state
+    # deletions are the subtraction of the desired state from the current state
+    [desired - current, current - desired]
+  end
+  def prepare_teams(cmp)
+    %w{text paths}.each { |k| cmp.delete(k) }
+    if cmp.key?('team')
+      team = cmp.delete('team')
+      add_members(team, cmp.delete('lieutenant')) if cmp.key?('lieutenant')
+      add_members(team, cmp.delete('maintainers')) if cmp.key?('maintainers')
+      set_team_title(team, cmp.delete('title'))
+    else
+      %w{maintainers lieutenant title}.each { |k| cmp.delete(k) }
+    end
+    cmp.each { |_k, v| prepare_teams(v) }
+  end
+  def update_team(team, additions, deletions)
+    create_team(team) unless gh_teams.key?(team)
+    update_team_privacy(team)
+    add_team_members(team, additions)
+    remove_team_members(team, deletions)
+  rescue
+    puts "failed for #{team}"
+  end
+  def update_team_privacy(_team)
+    # return
+    # return if gh_teams[team]['privacy'] == 'closed'
+    # puts "Setting #{team} privacy to closed from #{gh_teams[team]['privacy']}"
+    # github.update_team(gh_teams[team]['id'], privacy: 'closed',
+    #                    accept: 'application/vnd.github.ironman-preview+json')
+  end
+  def add_team_members(team, additions)
+    additions.each do |member|
+      puts "Adding #{member} to #{team}"
+      github.add_team_membership(gh_teams[team]['id'], member, role: 'member',
+                                 accept: 'application/vnd.github.ironman-preview+json')
+    end
+  end
+  def remove_team_members(team, deletions)
+    deletions.each do |member|
+      puts "Removing #{member} from #{team}"
+      github.remove_team_membership(gh_teams[team]['id'], member,
+                                    accept: 'application/vnd.github.ironman-preview+json')
+    end
+  end
+  def sync_teams!
+    teams.each do |name, details|
+      current = get_github_team(name)
+      desired = details['members'].flatten.sort.uniq.map(&:downcase)
+      additions, deletions = compare_teams(current, desired)
+      update_team(name, additions, deletions)
+    end
+  end
+  def get_person(person)
+    source['people'][person]
+  end
+  def components(list, cmp)
+    out = '## ' + cmp.delete('title') + "\n\n"
+    out << cmp.delete('text') + "\n" if cmp.key?('text')
+    out << "To mention the team, use @chef/#{cmp.delete('team')}\n\n" if cmp.key?('team')
+    if cmp.key?('lieutenant')
+      out << "### Lieutenant\n\n"
+      out << person(list, cmp.delete('lieutenant')) + "\n\n"
+    end
+    out << maintainers(list, cmp.delete('maintainers')) + "\n" if cmp.key?('maintainers')
+    cmp.delete('paths')
+    cmp.each { |_k, v| out << components(list, v) }
+    out
+  end
+  def maintainers(list, people)
+    o = "### Maintainers\n\n"
+    people.each do |p|
+      o << person(list, p) + "\n"
+    end
+    o
+  end
+  # rubocop:disable Metrics/AbcSize
+  def person(list, person)
+    if list[person].key?('GitHub')
+      out = "* [#{list[person]['Name']}](https://github.com/#{list[person]['GitHub']})"
+    else
+      out = "* #{list[person]['Name']}"
+    end
+    out << "\n  * IRC - #{list[person]['IRC']}" if list[person].key?('IRC')
+    out << "\n  * [@#{list[person]['Twitter']}](https://twitter.com/#{list[person]['Twitter']})" if list[person].key?('Twitter')
+    out << "\n  * [#{list[person]['email']}](mailto:#{list[person]['email']})" if list[person].key?('email')
+    out << "\n  * #{list[person]['phone']}" if list[person].key?('phone')
+    out << "\n  * [ServerFault](#{list[person]['ServerFault']})" if list[person].key?('ServerFault')
+    out
+  end
+  # rubocop:enable all
+rescue LoadError
+  STDERR.puts "\n*** TomlRb not available.\n\n"
+end

data/test/docker_run.rb ADDED Viewed

@@ -0,0 +1,156 @@
+# encoding: utf-8
+# author: Dominik Richter
+require 'docker'
+require 'yaml'
+require 'concurrent'
+class DockerRunner
+  def initialize(conf_path = nil)
+    @conf_path = conf_path ||
+                 ENV['config']
+    if @conf_path.nil?
+      fail "You must provide a configuration file with docker boxes"
+    end
+    unless File.file?(@conf_path)
+      fail "Can't find configuration in #{@conf_path}"
+    end
+    @conf = YAML.load_file(@conf_path)
+    if @conf.nil? or @conf.empty?
+      fail "Can't read coniguration in #{@conf_path}"
+    end
+    if @conf['images'].nil?
+      fail "You must configure test images in your #{@conf_path}"
+    end
+    @images = docker_images_by_tag
+    @image_pull_tickets = Concurrent::Semaphore.new(2)
+    @docker_run_tickets = Concurrent::Semaphore.new(5)
+  end
+  def run_all(&block)
+    fail 'You must provide a block for run_all' unless block_given?
+    promises = @conf['images'].map do |id|
+      run_on_target(id, &block)
+    end
+    # wait for all tests to be finished
+    sleep(0.1) until promises.all?(&:fulfilled?)
+    # return resulting values
+    promises.map(&:value)
+  end
+  def run_on_target(name, &block)
+    pr = Concurrent::Promise.new {
+      begin
+        container = start_container(name)
+        res = block.call(name, container)
+      # special rescue block to handle not implemented error
+      rescue NotImplementedError => err
+        raise err.message
+      end
+      # always stop the container
+      stop_container(container)
+      res
+    }.execute
+    # failure handling
+    pr.rescue do |err|
+      msg = "\033[31;1m#{err.message}\033[0m"
+      puts msg
+      msg + "\n" + err.backtrace.join("\n")
+    end
+  end
+  def provision_image(image, prov, files)
+    return image if prov['script'].nil?
+    path = File.join(File.dirname(@conf_path), prov['script'])
+    unless File.file?(path)
+      puts "Can't find script file #{path}"
+      return image
+    end
+    puts "    script #{path}"
+    dst = "/bootstrap#{files.length}.sh"
+    files.push(dst)
+    image.insert_local('localPath' => path, 'outputPath' => dst)
+  end
+  def bootstrap_image(name, image)
+    files = []
+    provisions = Array(@conf['provision'])
+    puts "--> provision docker #{name}" unless provisions.empty?
+    provisions.each do |prov|
+      image = provision_image(image, prov, files)
+    end
+    [image, files]
+  end
+  def start_container(name, version = nil)
+    unless name.include?(':')
+      version ||= 'latest'
+      name = "#{name}:#{version}"
+    end
+    puts "--> schedule docker #{name}"
+    image = @images[name]
+    if image.nil?
+      puts "\033[35;1m--> pull docker images #{name} "\
+           "(this may take a while)\033[0m"
+      @image_pull_tickets.acquire(1)
+      puts "... start pull image #{name}"
+      image = Docker::Image.create('fromImage' => name)
+      @image_pull_tickets.release(1)
+      unless image.nil?
+        puts "\033[35;1m--> pull docker images finished for #{name}\033[0m"
+      end
+    end
+    fail "Can't find nor pull docker image #{name}" if image.nil?
+    image, scripts = bootstrap_image(name, image)
+    @docker_run_tickets.acquire(1)
+    puts "--> start docker #{name}"
+    container = Docker::Container.create(
+      'Cmd' => %w{sleep 3600},
+      'Image' => image.id,
+      'OpenStdin' => true,
+    )
+    container.start
+    scripts.each do |script|
+      container.exec(%w{chmod +x}.push(script))
+      container.exec(%w{sh -c}.push(script))
+    end
+    container
+  end
+  def stop_container(container)
+    @docker_run_tickets.release(1)
+    puts "--> killrm docker #{container.id}"
+    container.kill
+    container.delete(force: true)
+  end
+  private
+  # get all docker image tags
+  def docker_images_by_tag
+    images = {}
+    Docker::Image.all.map do |img|
+      Array(img.info['RepoTags']).each do |tag|
+        images[tag] = img
+      end
+    end
+    images
+  end
+end

data/test/docker_test.rb ADDED Viewed

@@ -0,0 +1,51 @@
+# encoding: utf-8
+# author: Dominik Richter
+require_relative 'docker_run'
+require_relative '../lib/inspec'
+tests = ARGV
+if tests.empty?
+  puts 'Nothing to do.'
+  exit 0
+end
+class DockerTester
+  def initialize(tests)
+    @tests = tests
+    @docker = DockerRunner.new
+  end
+  def run
+    puts ['Running tests:', @tests].flatten.join("\n- ")
+    puts ''
+    conf = RSpec.configuration
+    reporter = conf.reporter
+    results = nil
+    # start reporting loop
+    reporter.report(0) do |report|
+      results = @docker.run_all do |name, container|
+        status = test_container(container, report)
+        status.all? ? nil : "Failed to run tests on #{name}"
+      end
+    end
+    # check if we were successful
+    failures = results.compact
+    failures.each { |f| puts "\033[31;1m#{f}\033[0m\n\n" }
+    failures.empty? or fail 'Test failures'
+  end
+  def test_container(container, report)
+    puts "--> run test on docker #{container.id}"
+    opts = { 'target' => "docker://#{container.id}" }
+    runner = Inspec::Runner.new(opts)
+    runner.add_tests(@tests)
+    tests = runner.tests.ordered_example_groups
+    tests.map { |g| g.run(report) }
+  end
+end
+DockerTester.new(tests).run

data/test/helper.rb ADDED Viewed

@@ -0,0 +1,200 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+require 'minitest/autorun'
+require 'minitest/spec'
+require 'simplecov'
+SimpleCov.start do
+  add_filter '/test/'
+  add_group 'Resources', 'lib/resources'
+  add_group 'Matchers', 'lib/matchers'
+  add_group 'Backends', 'lib/inspec/backend'
+end
+require 'inspec/resource'
+require 'inspec/backend'
+require 'inspec/profile'
+class MockLoader
+  # pass the os identifier to emulate a specific operating system
+  def initialize(os = nil)
+    # collects emulation operating systems
+    @operating_systems = {
+      arch:       { family: 'arch', release: nil, arch: nil },
+      centos5:    { family: 'redhat', release: '5.11', arch: 'x86_64' },
+      centos6:    { family: 'redhat', release: '6.6', arch: 'x86_64' },
+      centos7:    { family: 'redhat', release: '7.1.1503', arch: 'x86_64' },
+      debian6:    { family: 'debian', release: '6', arch: 'x86_64' },
+      debian7:    { family: 'debian', release: '7', arch: 'x86_64' },
+      debian8:    { family: 'debian', release: '8', arch: 'x86_64' },
+      freebsd9:   { family: 'freebsd', release: '9', arch: 'amd64' },
+      freebsd10:  { family: 'freebsd', release: '10', arch: 'amd64' },
+      osx104:     { family: 'darwin', release: '10.10.4', arch: nil, name: 'mac_os_x' },
+      ubuntu1204: { family: 'ubuntu', release: '12.04', arch: 'x86_64' },
+      ubuntu1404: { family: 'ubuntu', release: '14.04', arch: 'x86_64' },
+      ubuntu1504: { family: 'ubuntu', release: '15.04', arch: 'x86_64' },
+      windows:    { family: 'windows', release: nil, arch: nil },
+      undefined:  { family: nil, release: nil, arch: nil },
+    }
+    # selects operating system
+    @os = @operating_systems[os || :ubuntu1404]
+  end
+  def backend
+    return @backend if defined?(@backend)
+    scriptpath = ::File.realpath(::File.dirname(__FILE__))
+    # create mock backend
+    @backend = Inspec::Backend.create({ backend: :mock })
+    mock = @backend.backend
+    # set os emulation
+    mock.mock_os(@os)
+    # create all mock files
+    local = Train.create('local').connection
+    mockfile = lambda { |x|
+      path = ::File.join(scriptpath, '/unit/mock/files', x)
+      local.file(path)
+    }
+    mockdir = lambda { |x|
+      md = Object.new
+      class << md
+        attr_accessor :isdir
+      end
+      md.isdir = x
+      def md.directory?
+        isdir
+      end
+      md
+    }
+    mock.files = {
+      '/proc/net/bonding/bond0' => mockfile.call('bond0'),
+      '/etc/ssh/ssh_config' => mockfile.call('ssh_config'),
+      '/etc/ssh/sshd_config' => mockfile.call('sshd_config'),
+      '/etc/passwd' => mockfile.call('passwd'),
+      '/etc/ntp.conf' => mockfile.call('ntp.conf'),
+      '/etc/login.defs' => mockfile.call('login.defs'),
+      '/etc/security/limits.conf' => mockfile.call('limits.conf'),
+      '/etc/inetd.conf' => mockfile.call('inetd.conf'),
+      '/etc/group' => mockfile.call('etcgroup'),
+      '/etc/audit/auditd.conf' => mockfile.call('auditd.conf'),
+      '/etc/mysql/my.cnf' => mockfile.call('mysql.conf'),
+      '/etc/mysql/mysql2.conf' => mockfile.call('mysql2.conf'),
+      'kitchen.yml' => mockfile.call('kitchen.yml'),
+      'example.csv' => mockfile.call('example.csv'),
+      'policyfile.lock.json' => mockfile.call('policyfile.lock.json'),
+      '/sys/class/net/br0/bridge' => mockdir.call(true),
+    }
+    # create all mock commands
+    cmd = lambda {|x|
+      stdout = ::File.read(::File.join(scriptpath, '/unit/mock/cmd/'+x))
+      mock.mock_command('', stdout, '', 0)
+    }
+    empty = lambda {
+      mock.mock_command('', '', '', 0)
+    }
+    mock.commands = {
+      'ps aux' => cmd.call('ps-aux'),
+      'type win_secpol.cfg' => cmd.call('secedit-export'),
+      'secedit /export /cfg win_secpol.cfg' => cmd.call('success'),
+      'del win_secpol.cfg' => cmd.call('success'),
+      'su - root -c \'echo $PATH\'' => cmd.call('PATH'),
+      '(Get-Item \'Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule\').GetValue(\'Start\')' => cmd.call('reg_schedule'),
+      'Auditpol /get /subcategory:\'User Account Management\' /r' => cmd.call('auditpol'),
+      '/sbin/auditctl -l' => cmd.call('auditctl'),
+      'yum -v repolist all'  => cmd.call('yum-repolist-all'),
+      'dpkg -s curl' => cmd.call('dpkg-s-curl'),
+      'rpm -qia curl' => cmd.call('rpm-qia-curl'),
+      'pacman -Qi curl' => cmd.call('pacman-qi-curl'),
+      'gem list --local -a -q ^rubocop$' => cmd.call('gem-list-local-a-q-rubocop'),
+      'npm ls -g --json bower' => cmd.call('npm-ls-g--json-bower'),
+      'pip show jinja2' => cmd.call('pip-show-jinja2'),
+      "Get-Package -Name 'Mozilla Firefox' | ConvertTo-Json" => cmd.call('get-package-firefox'),
+      "Get-Package -Name 'Ruby 2.1.6-p336-x64' | ConvertTo-Json" => cmd.call('get-package-ruby'),
+      "New-Object -Type PSObject | Add-Member -MemberType NoteProperty -Name Service -Value (Get-Service -Name dhcp| Select-Object -Property Name, DisplayName, Status) -PassThru | Add-Member -MemberType NoteProperty -Name WMI -Value (Get-WmiObject -Class Win32_Service | Where-Object {$_.Name -eq 'dhcp' -or $_.DisplayName -eq 'dhcp'} | Select-Object -Property StartMode) -PassThru | ConvertTo-Json" => cmd.call('get-service-dhcp'),
+      "Get-WindowsFeature | Where-Object {$_.Name -eq 'dhcp' -or $_.DisplayName -eq 'dhcp'} | Select-Object -Property Name,DisplayName,Description,Installed,InstallState | ConvertTo-Json" => cmd.call('get-windows-feature'),
+      'lsmod' => cmd.call('lsmod'),
+      '/sbin/sysctl -q -n net.ipv4.conf.all.forwarding' => cmd.call('sbin_sysctl'),
+      # ports on windows
+      'Get-NetTCPConnection | Select-Object -Property State, Caption, Description, LocalAddress, LocalPort, RemoteAddress, RemotePort, DisplayName, Status | ConvertTo-Json' => cmd.call('get-net-tcpconnection'),
+      # ports on mac
+      'lsof -nP -iTCP -iUDP -sTCP:LISTEN' => cmd.call('lsof-np-itcp'),
+      # ports on linux
+      'netstat -tulpen' => cmd.call('netstat-tulpen'),
+      # ports on freebsd
+      'sockstat -46l' => cmd.call('sockstat'),
+      # packages on windows
+      "Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -eq 'Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161'} | Select-Object -Property Name,Version,Vendor,PackageCode,Caption,Description | ConvertTo-Json" => cmd.call('win32_product'),
+      # service status upstart on ubuntu
+      'initctl status ssh' => cmd.call('initctl-status-ssh'),
+      # service config for upstart on ubuntu
+      'initctl show-config ssh' => cmd.call('initctl-show-config-ssh'),
+      # show ssh service Centos 7
+      'systemctl show --all sshd' => cmd.call('systemctl-show-all-sshd'),
+      # services on macos
+      'launchctl list' => cmd.call('launchctl-list'),
+      # services on freebsd 10
+      'service -e' => cmd.call('service-e'),
+      'service sendmail onestatus' => cmd.call('service-sendmail-onestatus'),
+      # services for system 5 e.g. centos6, debian 6
+      'service sshd status' => cmd.call('service-sshd-status'),
+      'find /etc/rc*.d -name S*' => cmd.call('find-etc-rc-d-name-S'),
+      'ls -1 /etc/init.d/' => cmd.call('ls-1-etc-init.d'),
+      # user information for linux
+      'id root' => cmd.call('id-root'),
+      'getent passwd root' => cmd.call('getent-passwd-root'),
+      'chage -l root' => cmd.call('chage-l-root'),
+      # user info for mac
+      'id chartmann' => cmd.call('id-chartmann'),
+      'dscl -q . -read /Users/chartmann NFSHomeDirectory PrimaryGroupID RecordName UniqueID UserShell' => cmd.call('dscl'),
+      # user info for freebsd
+      'pw usershow root -7' => cmd.call('pw-usershow-root-7'),
+      # user info for windows
+      '650b6b72a66316418b25421a54afe21a230704558082914c54711904bb10e370' => cmd.call('GetUserAccount'),
+      # group info for windows
+      'Get-WmiObject Win32_Group | Select-Object -Property Caption, Domain, Name, SID, LocalAccount | ConvertTo-Json' => cmd.call('GetWin32Group'),
+      # network interface
+      '9e80f048a1af5a0f6ab8a465e46ea5ed5ba6587e9b5e54a7a0c0a1a02bb6f663' => cmd.call('find-net-interface'),
+      'c33821dece09c8b334e03a5bb9daefdf622007f73af4932605e758506584ec3f' => empty.call,
+      'Get-NetAdapter | Select-Object -Property Name, InterfaceDescription, Status, State, MacAddress, LinkSpeed, ReceiveLinkSpeed, TransmitLinkSpeed, Virtual | ConvertTo-Json' => cmd.call('Get-NetAdapter'),
+      # bridge on linux
+      'ls -1 /sys/class/net/br0/brif/' => cmd.call('ls-sys-class-net-br'),
+      # bridge on Windows
+      'Get-NetAdapterBinding -ComponentID ms_bridge | Get-NetAdapter | Select-Object -Property Name, InterfaceDescription | ConvertTo-Json' => cmd.call('get-netadapter-binding-bridge'),
+      # host for Windows
+      'Resolve-DnsName –Type A microsoft.com | ConvertTo-Json' => cmd.call('Resolve-DnsName'),
+      'Test-NetConnection -ComputerName microsoft.com | Select-Object -Property ComputerName, PingSucceeded | ConvertTo-Json' => cmd.call('Test-NetConnection'),
+      # host for Linux
+      'getent hosts example.com' => cmd.call('getent-hosts-example.com'),
+      'ping -w 1 -c 1 example.com' => cmd.call('ping-example.com'),
+      # apt
+      "find /etc/apt/ -name *.list -exec sh -c 'cat {} || echo -n' \\;" => cmd.call('etc-apt'),
+      # iptables
+      'iptables  -S' => cmd.call('iptables-s'),
+    }
+    @backend
+  end
+  # loads a resource class and instantiates the class with the given arguments
+  def load_resource(resource, *args)
+    # initialize resource with backend and parameters
+    @resource_class = Inspec::Resource.registry[resource]
+    @resource = @resource_class.new(backend, resource, *args)
+  end
+end
+def load_resource(*args)
+  m = MockLoader.new(:ubuntu1404)
+  m.send('load_resource', *args)
+end