RubyGems - inspec - Versions diffs - 0.9.0 - Mend

inspec 0.9.0

Files changed (247) hide show

checksums.yaml +7 -0
data/.gitignore +8 -0
data/.rubocop.yml +65 -0
data/.travis.yml +23 -0
data/CHANGELOG.md +38 -0
data/Gemfile +33 -0
data/LICENSE +201 -0
data/MAINTAINERS.md +28 -0
data/MAINTAINERS.toml +42 -0
data/README.md +257 -0
data/Rakefile +47 -0
data/bin/inspec +109 -0
data/docs/ctl_inspec.rst +195 -0
data/docs/dsl_inspec.rst +182 -0
data/docs/readme.rst +100 -0
data/docs/resources.rst +4319 -0
data/docs/template.rst +51 -0
data/examples/test-kitchen/.kitchen.yml +20 -0
data/examples/test-kitchen/Berksfile +3 -0
data/examples/test-kitchen/Gemfile +21 -0
data/examples/test-kitchen/README.md +27 -0
data/examples/test-kitchen/metadata.rb +7 -0
data/examples/test-kitchen/recipes/default.rb +6 -0
data/examples/test-kitchen/recipes/nginx.rb +30 -0
data/examples/test-kitchen/test/integration/default/web_spec.rb +28 -0
data/inspec.gemspec +30 -0
data/lib/inspec.rb +20 -0
data/lib/inspec/backend.rb +42 -0
data/lib/inspec/dsl.rb +151 -0
data/lib/inspec/log.rb +34 -0
data/lib/inspec/metadata.rb +79 -0
data/lib/inspec/plugins.rb +9 -0
data/lib/inspec/plugins/resource.rb +62 -0
data/lib/inspec/profile.rb +138 -0
data/lib/inspec/profile_context.rb +170 -0
data/lib/inspec/resource.rb +76 -0
data/lib/inspec/rspec_json_formatter.rb +27 -0
data/lib/inspec/rule.rb +170 -0
data/lib/inspec/runner.rb +154 -0
data/lib/inspec/shell.rb +66 -0
data/lib/inspec/targets.rb +9 -0
data/lib/inspec/targets/core.rb +27 -0
data/lib/inspec/targets/dir.rb +67 -0
data/lib/inspec/targets/file.rb +29 -0
data/lib/inspec/targets/folder.rb +43 -0
data/lib/inspec/targets/tar.rb +34 -0
data/lib/inspec/targets/url.rb +39 -0
data/lib/inspec/targets/zip.rb +47 -0
data/lib/inspec/version.rb +7 -0
data/lib/matchers/matchers.rb +221 -0
data/lib/resources/apache.rb +29 -0
data/lib/resources/apache_conf.rb +113 -0
data/lib/resources/apt.rb +140 -0
data/lib/resources/audit_policy.rb +63 -0
data/lib/resources/auditd_conf.rb +56 -0
data/lib/resources/auditd_rules.rb +53 -0
data/lib/resources/bond.rb +65 -0
data/lib/resources/bridge.rb +114 -0
data/lib/resources/command.rb +57 -0
data/lib/resources/csv.rb +32 -0
data/lib/resources/directory.rb +15 -0
data/lib/resources/etc_group.rb +150 -0
data/lib/resources/file.rb +110 -0
data/lib/resources/gem.rb +46 -0
data/lib/resources/group.rb +132 -0
data/lib/resources/host.rb +143 -0
data/lib/resources/inetd_conf.rb +56 -0
data/lib/resources/interface.rb +127 -0
data/lib/resources/iptables.rb +65 -0
data/lib/resources/json.rb +64 -0
data/lib/resources/kernel_module.rb +40 -0
data/lib/resources/kernel_parameter.rb +55 -0
data/lib/resources/limits_conf.rb +55 -0
data/lib/resources/login_def.rb +60 -0
data/lib/resources/mysql.rb +81 -0
data/lib/resources/mysql_conf.rb +116 -0
data/lib/resources/mysql_session.rb +52 -0
data/lib/resources/npm.rb +44 -0
data/lib/resources/ntp_conf.rb +58 -0
data/lib/resources/oneget.rb +63 -0
data/lib/resources/os.rb +22 -0
data/lib/resources/os_env.rb +34 -0
data/lib/resources/package.rb +169 -0
data/lib/resources/parse_config.rb +75 -0
data/lib/resources/passwd.rb +93 -0
data/lib/resources/pip.rb +75 -0
data/lib/resources/port.rb +296 -0
data/lib/resources/postgres.rb +37 -0
data/lib/resources/postgres_conf.rb +87 -0
data/lib/resources/postgres_session.rb +59 -0
data/lib/resources/processes.rb +57 -0
data/lib/resources/registry_key.rb +54 -0
data/lib/resources/script.rb +34 -0
data/lib/resources/security_policy.rb +73 -0
data/lib/resources/service.rb +379 -0
data/lib/resources/ssh_conf.rb +75 -0
data/lib/resources/user.rb +374 -0
data/lib/resources/windows_feature.rb +77 -0
data/lib/resources/yaml.rb +23 -0
data/lib/resources/yum.rb +154 -0
data/lib/utils/convert.rb +12 -0
data/lib/utils/detect.rb +15 -0
data/lib/utils/find_files.rb +36 -0
data/lib/utils/hash.rb +13 -0
data/lib/utils/modulator.rb +12 -0
data/lib/utils/parser.rb +61 -0
data/lib/utils/simpleconfig.rb +115 -0
data/tasks/maintainers.rb +213 -0
data/test/docker_run.rb +156 -0
data/test/docker_test.rb +51 -0
data/test/helper.rb +200 -0
data/test/integration/.kitchen.yml +42 -0
data/test/integration/Berksfile +4 -0
data/test/integration/cookbooks/os_prepare/metadata.rb +8 -0
data/test/integration/cookbooks/os_prepare/recipes/apt.rb +20 -0
data/test/integration/cookbooks/os_prepare/recipes/default.rb +9 -0
data/test/integration/cookbooks/os_prepare/recipes/file.rb +21 -0
data/test/integration/cookbooks/os_prepare/recipes/package.rb +26 -0
data/test/integration/default/_debug_spec.rb +1 -0
data/test/integration/default/apt_spec.rb +42 -0
data/test/integration/default/file_spec.rb +109 -0
data/test/integration/default/group_spec.rb +32 -0
data/test/integration/default/kernel_module_spec.rb +17 -0
data/test/integration/default/kernel_parameter_spec.rb +56 -0
data/test/integration/default/package_spec.rb +11 -0
data/test/integration/default/service_spec.rb +28 -0
data/test/integration/default/user_spec.rb +44 -0
data/test/resource/command_test.rb +33 -0
data/test/resource/dsl_test.rb +45 -0
data/test/resource/file_test.rb +130 -0
data/test/resource/ssh_config.rb +9 -0
data/test/resource/sshd_config.rb +9 -0
data/test/test-extra.yaml +11 -0
data/test/test.yaml +11 -0
data/test/unit/mock/cmd/Get-NetAdapter +24 -0
data/test/unit/mock/cmd/GetUserAccount +33 -0
data/test/unit/mock/cmd/GetWin32Group +23 -0
data/test/unit/mock/cmd/PATH +1 -0
data/test/unit/mock/cmd/Resolve-DnsName +26 -0
data/test/unit/mock/cmd/Test-NetConnection +4 -0
data/test/unit/mock/cmd/auditctl +7 -0
data/test/unit/mock/cmd/auditpol +2 -0
data/test/unit/mock/cmd/brew-info-jq +1 -0
data/test/unit/mock/cmd/chage-l-root +7 -0
data/test/unit/mock/cmd/dpkg-s-curl +21 -0
data/test/unit/mock/cmd/dscl +5 -0
data/test/unit/mock/cmd/etc-apt +7 -0
data/test/unit/mock/cmd/find-etc-rc-d-name-S +12 -0
data/test/unit/mock/cmd/find-net-interface +9 -0
data/test/unit/mock/cmd/gem-list-local-a-q-rubocop +1 -0
data/test/unit/mock/cmd/get-net-tcpconnection +24 -0
data/test/unit/mock/cmd/get-netadapter-binding-bridge +4 -0
data/test/unit/mock/cmd/get-package-firefox +30 -0
data/test/unit/mock/cmd/get-package-ruby +18 -0
data/test/unit/mock/cmd/get-service-dhcp +10 -0
data/test/unit/mock/cmd/get-windows-feature +7 -0
data/test/unit/mock/cmd/getent-hosts-example.com +1 -0
data/test/unit/mock/cmd/getent-passwd-root +1 -0
data/test/unit/mock/cmd/id-chartmann +1 -0
data/test/unit/mock/cmd/id-root +1 -0
data/test/unit/mock/cmd/initctl-show-config-ssh +3 -0
data/test/unit/mock/cmd/initctl-status-ssh +1 -0
data/test/unit/mock/cmd/iptables-s +6 -0
data/test/unit/mock/cmd/launchctl-list +3 -0
data/test/unit/mock/cmd/ls-1-etc-init.d +2 -0
data/test/unit/mock/cmd/ls-sys-class-net-br +2 -0
data/test/unit/mock/cmd/lsmod +2 -0
data/test/unit/mock/cmd/lsof-np-itcp +4 -0
data/test/unit/mock/cmd/netstat-tulpen +5 -0
data/test/unit/mock/cmd/npm-ls-g--json-bower +9 -0
data/test/unit/mock/cmd/pacman-qi-curl +21 -0
data/test/unit/mock/cmd/ping-example.com +6 -0
data/test/unit/mock/cmd/pip-show-jinja2 +11 -0
data/test/unit/mock/cmd/ps-aux +3 -0
data/test/unit/mock/cmd/pw-usershow-root-7 +1 -0
data/test/unit/mock/cmd/reg_schedule +1 -0
data/test/unit/mock/cmd/rpm-qia-curl +24 -0
data/test/unit/mock/cmd/sbin_sysctl +1 -0
data/test/unit/mock/cmd/secedit-export +7 -0
data/test/unit/mock/cmd/service-e +2 -0
data/test/unit/mock/cmd/service-sendmail-onestatus +3 -0
data/test/unit/mock/cmd/service-sshd-status +1 -0
data/test/unit/mock/cmd/sockstat +5 -0
data/test/unit/mock/cmd/success +0 -0
data/test/unit/mock/cmd/systemctl-show-all-sshd +6 -0
data/test/unit/mock/cmd/win32_product +8 -0
data/test/unit/mock/cmd/yum-repolist-all +52 -0
data/test/unit/mock/files/auditd.conf +4 -0
data/test/unit/mock/files/bond0 +37 -0
data/test/unit/mock/files/etcgroup +3 -0
data/test/unit/mock/files/example.csv +6 -0
data/test/unit/mock/files/inetd.conf +2 -0
data/test/unit/mock/files/kitchen.yml +7 -0
data/test/unit/mock/files/limits.conf +5 -0
data/test/unit/mock/files/login.defs +5 -0
data/test/unit/mock/files/mysql.conf +8 -0
data/test/unit/mock/files/mysql2.conf +2 -0
data/test/unit/mock/files/ntp.conf +5 -0
data/test/unit/mock/files/passwd +2 -0
data/test/unit/mock/files/policyfile.lock.json +12 -0
data/test/unit/mock/files/ssh_config +5 -0
data/test/unit/mock/files/sshd_config +7 -0
data/test/unit/mock/profiles/empty/metadata.rb +0 -0
data/test/unit/mock/profiles/metadata/metadata.rb +1 -0
data/test/unit/profile_context_test.rb +140 -0
data/test/unit/profile_test.rb +49 -0
data/test/unit/resources/apt_test.rb +46 -0
data/test/unit/resources/audit_policy_test.rb +13 -0
data/test/unit/resources/auditd_conf_test.rb +15 -0
data/test/unit/resources/auditd_rules_test.rb +21 -0
data/test/unit/resources/bond_test.rb +24 -0
data/test/unit/resources/bridge_test.rb +56 -0
data/test/unit/resources/csv_test.rb +35 -0
data/test/unit/resources/etc_group_test.rb +37 -0
data/test/unit/resources/gem_test.rb +20 -0
data/test/unit/resources/group_test.rb +96 -0
data/test/unit/resources/host_test.rb +38 -0
data/test/unit/resources/inetd_conf_test.rb +15 -0
data/test/unit/resources/interface_test.rb +54 -0
data/test/unit/resources/iptables_test.rb +30 -0
data/test/unit/resources/json_test.rb +36 -0
data/test/unit/resources/kernel_module_test.rb +23 -0
data/test/unit/resources/kernel_parameter_test.rb +13 -0
data/test/unit/resources/limits_conf_test.rb +14 -0
data/test/unit/resources/login_def_test.rb +16 -0
data/test/unit/resources/mysql_conf_test.rb +14 -0
data/test/unit/resources/npm_test.rb +20 -0
data/test/unit/resources/ntp_conf_test.rb +16 -0
data/test/unit/resources/oneget_test.rb +45 -0
data/test/unit/resources/os_env_test.rb +13 -0
data/test/unit/resources/package_test.rb +51 -0
data/test/unit/resources/passwd_test.rb +24 -0
data/test/unit/resources/pip_test.rb +15 -0
data/test/unit/resources/port_test.rb +46 -0
data/test/unit/resources/processes_test.rb +32 -0
data/test/unit/resources/registry_key_test.rb +19 -0
data/test/unit/resources/script_test.rb +19 -0
data/test/unit/resources/security_policy_test.rb +16 -0
data/test/unit/resources/service_test.rb +116 -0
data/test/unit/resources/ssh_conf_test.rb +33 -0
data/test/unit/resources/user_test.rb +93 -0
data/test/unit/resources/windows_feature.rb +17 -0
data/test/unit/resources/yaml_test.rb +34 -0
data/test/unit/resources/yum_test.rb +68 -0
data/test/unit/simpleconfig_test.rb +80 -0
data/test/unit/utils/content_parser_test.rb +30 -0
metadata +555 -0

data/docs/template.rst ADDED Viewed

@@ -0,0 +1,51 @@
+resource_name
+=====================================================
+Use the ``resource_name`` audit resource to xxxxx.
+Syntax
+-----------------------------------------------------
+A ``resource_name`` audit resource block declares xxxxx. For example:
+.. code-block:: ruby
+   describe xxxxx(xxxxx) do
+     it { should xxxxx }
+   end
+where
+* ``xxxxx`` must specify xxxxx
+* xxxxx
+* ``xxxxx`` is a valid matcher for this audit resource
+Matchers
+-----------------------------------------------------
+This audit resource has the following matchers.
+xxxxx
++++++++++++++++++++++++++++++++++++++++++++++++++++++
+The ``xxxxx`` matcher tests if xxxxx. For example:
+.. code-block:: ruby
+   it { should xxxxx }
+xxxxx
++++++++++++++++++++++++++++++++++++++++++++++++++++++
+The ``xxxxx`` matcher tests if xxxxx. For example:
+.. code-block:: ruby
+   it { should xxxxx }
+Examples
+-----------------------------------------------------
+The following examples show how to use this audit resource in a recipe.
+**xxxxx**
+xxxxx
+**xxxxx**
+xxxxx

data/examples/test-kitchen/.kitchen.yml ADDED Viewed

@@ -0,0 +1,20 @@
+---
+driver:
+  name: vagrant
+provisioner:
+  name: chef_solo
+verifier:
+  name: inspec
+platforms:
+  - name: centos-7.1
+  - name: ubuntu-12.04
+  - name: ubuntu-14.04
+suites:
+  - name: default
+    run_list:
+      - recipe[prepare]
+    attributes:

data/examples/test-kitchen/Berksfile ADDED Viewed

@@ -0,0 +1,3 @@
+source 'https://supermarket.chef.io'
+metadata

data/examples/test-kitchen/Gemfile ADDED Viewed

@@ -0,0 +1,21 @@
+# encoding: utf-8
+source 'https://rubygems.org'
+gem 'inspec', path: '../../.'
+gem 'train', git: 'git@github.com:chef/train.git'
+group :test do
+  gem 'bundler', '~> 1.5'
+  gem 'minitest', '~> 5.5'
+  gem 'rake', '~> 10'
+  gem 'rubocop', '~> 0.33.0'
+  gem 'simplecov', '~> 0.10'
+end
+group :integration do
+  gem 'berkshelf', '~> 4.0'
+  gem 'test-kitchen', '~> 1.4'
+  gem 'kitchen-vagrant'
+  gem 'kitchen-inspec', git: 'git@github.com:chef/kitchen-inspec.git'
+  gem 'concurrent-ruby', '~> 0.9'
+end

data/examples/test-kitchen/README.md ADDED Viewed

@@ -0,0 +1,27 @@
+# InSpec Test-Kitchen Example
+This example demonstrates a complete roundtrip via [Test-Kitchen](http://kitchen.ci/).
+```bash
+# install all dependencies
+$ bundle install
+# show all available tests
+$ bundle exec kitchen list
+Instance             Driver   Provisioner  Verifier  Transport  Last Action
+default-centos-71    Vagrant  ChefSolo     InSpec    Ssh        <Not Created>
+default-ubuntu-1204  Vagrant  ChefSolo     InSpec    Ssh        <Not Created>
+default-ubuntu-1404  Vagrant  ChefSolo     InSpec    Ssh        <Not Created>
+# Now we are ready to run a complete test
+$ bundle exec kitchen test default-ubuntu-1404
+-----> Starting Kitchen (v1.4.2)
+-----> Verifying <default-ubuntu-1404>...
+...
+Finished in 0.03241 seconds (files took 0.22475 seconds to load)
+5 examples, 0 failures
+       Finished verifying <default-ubuntu-1404> (0m0.16s).
+-----> Kitchen is finished. (0m0.82s)
+```

data/examples/test-kitchen/metadata.rb ADDED Viewed

@@ -0,0 +1,7 @@
+name 'prepare'
+maintainer 'Chef Software, Inc.'
+maintainer_email 'support@chef.io'
+description 'This cookbook prepares the test operating systems'
+version '1.0.0'
+depends 'apt'
+depends 'yum'

data/examples/test-kitchen/recipes/default.rb ADDED Viewed

@@ -0,0 +1,6 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+# install nginx
+include_recipe('prepare::nginx')

data/examples/test-kitchen/recipes/nginx.rb ADDED Viewed

@@ -0,0 +1,30 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+# install repositories for nginx
+case node['platform']
+when 'ubuntu'
+  include_recipe('apt')
+  # if ubuntu, install
+  apt_repository 'nginx-php' do
+    uri 'ppa:nginx/stable'
+    distribution node['lsb']['codename']
+  end
+when 'centos'
+  # add repo for Centos 7
+  yum_repository 'nginx' do
+    description 'Nginx Repo'
+    baseurl 'http://nginx.org/packages/centos/7/x86_64'
+    gpgkey 'http://nginx.org/keys/nginx_signing.key'
+    action :create
+  end
+end
+# install nginx package
+package 'nginx'
+# start the service
+service 'nginx' do
+  action :start
+end

data/examples/test-kitchen/test/integration/default/web_spec.rb ADDED Viewed

@@ -0,0 +1,28 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+# use basic tests
+describe package('nginx') do
+  it { should be_installed }
+end
+# extend tests with metadata
+rule '01' do
+  impact 0.7
+  title 'Verify nginx service'
+  desc 'Ensures nginx service is up and running'
+  describe service('nginx') do
+    it { should be_enabled }
+    it { should be_installed }
+    it { should be_running }
+  end
+end
+# implement os dependent tests
+web_user = 'www-data'
+web_user = 'nginx' if os[:family] == 'centos'
+describe user(web_user) do
+  it { should exist }
+end

data/inspec.gemspec ADDED Viewed

@@ -0,0 +1,30 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'inspec/version'
+Gem::Specification.new do |spec|
+  spec.name          = 'inspec'
+  spec.version       = Inspec::VERSION
+  spec.authors       = ['Dominik Richter']
+  spec.email         = ['dominik.richter@gmail.com']
+  spec.summary       = 'Validate Inspec compliance checks'
+  spec.description   = 'Validate Inspec compliance checks.'
+  spec.homepage      = 'https://github.com/chef/inspec'
+  spec.license       = 'Apache 2.0'
+  spec.files         = `hash git 2>/dev/null && git ls-files -z`.split("\x0").find_all { |x| x !~ /^\.delivery/ }
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ['lib']
+  spec.add_dependency 'r-train', '~> 0.9'
+  spec.add_dependency 'thor', '~> 0.19'
+  spec.add_dependency 'json', '~> 1.8'
+  spec.add_dependency 'rainbow', '~> 2'
+  spec.add_dependency 'method_source', '~> 0.8'
+  spec.add_dependency 'rubyzip', '~> 1.1'
+  spec.add_dependency 'rspec', '~> 3.3'
+  spec.add_dependency 'rspec-its', '~> 1.2'
+  spec.add_dependency 'pry', '~> 0.10'
+end

data/lib/inspec.rb ADDED Viewed

@@ -0,0 +1,20 @@
+# encoding: utf-8
+# copyright: 2015, Dominik Richter
+# license: All rights reserved
+# author: Dominik Richter
+# author: Christoph Hartmann
+Encoding.default_external = Encoding::UTF_8
+Encoding.default_internal = Encoding::UTF_8
+libdir = File.dirname(__FILE__)
+$LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
+require 'inspec/version'
+require 'inspec/profile'
+require 'inspec/resource'
+require 'inspec/rspec_json_formatter'
+require 'inspec/rule'
+require 'inspec/runner'
+require 'inspec/shell'
+require 'matchers/matchers'

data/lib/inspec/backend.rb ADDED Viewed

@@ -0,0 +1,42 @@
+# encoding: utf-8
+# copyright: 2015, Dominik Richter
+# license: All rights reserved
+# author: Dominik Richter
+# author: Christoph Hartmann
+require 'train'
+module Inspec
+  module Backend
+    # Create the transport backend with aggregated resources.
+    #
+    # @param [Hash] config for the transport backend
+    # @return [TransportBackend] enriched transport instance
+    def self.create(config)
+      conf = Train.target_config(config)
+      name = conf[:backend] || :local
+      transport = Train.create(name, conf)
+      if transport.nil?
+        fail "Can't find transport backend '#{name}'."
+      end
+      connection = transport.connection
+      if connection.nil?
+        fail "Can't connect to transport backend '#{name}'."
+      end
+      cls = Class.new do
+        define_method :backend do
+          connection
+        end
+        Inspec::Resource.registry.each do |id, r|
+          define_method id.to_sym do |*args|
+            r.new(self, id.to_s, *args)
+          end
+        end
+      end
+      cls.new
+    end
+  end
+end

data/lib/inspec/dsl.rb ADDED Viewed

@@ -0,0 +1,151 @@
+# encoding: utf-8
+# copyright: 2015, Dominik Richter
+# license: All rights reserved
+# author: Dominik Richter
+# author: Christoph Hartmann
+module Inspec::DSL
+  def require_controls(id, &block)
+    ::Inspec::DSL.load_spec_files_for_profile self, id, false, &block
+  end
+  def include_controls(id, &block)
+    ::Inspec::DSL.load_spec_files_for_profile self, id, true, &block
+  end
+  alias_method :require_rules, :require_controls
+  alias_method :include_rules, :include_controls
+  # Register a given rule with RSpec and
+  # let it run. This happens after everything
+  # else is merged in.
+  def self.execute_rule(r, profile_id)
+    checks = r.instance_variable_get(:@checks)
+    fid = InspecBaseRule.full_id(r, profile_id)
+    checks.each do |m, a, b|
+      # check if the resource is skippable and skipped
+      if a.is_a?(Array) && !a.empty? &&
+         a[0].respond_to?(:resource_skipped) &&
+         !a[0].resource_skipped.nil?
+        cres = ::Inspec::Rule.__send__(m, *a) do
+          it a[0].resource_skipped
+        end
+      else
+        # execute the method
+        cres = ::Inspec::Rule.__send__(m, *a, &b)
+      end
+      if m == 'describe'
+        set_rspec_ids(cres, fid)
+      end
+    end
+  end
+  private
+  # merge two rules completely; all defined
+  # fields from src will be overwritten in dst
+  def self.merge_rules(dst, src)
+    InspecBaseRule.merge dst, src
+  end
+  # Attach an ID attribute to the
+  # metadata of all examples
+  # TODO: remove this once IDs are in rspec-core
+  def self.set_rspec_ids(obj, id)
+    obj.examples.each {|ex|
+      ex.metadata[:id] = id
+    }
+    obj.children.each {|c|
+      set_rspec_ids(c, id)
+    }
+  end
+  def self.load_spec_file_for_profile(profile_id, file, rule_registry, only_ifs)
+    raw = File.read(file)
+    # TODO: error-handling
+    ctx = Inspec::ProfileContext.new(profile_id, rule_registry, only_ifs)
+    ctx.instance_eval(raw, file, 1)
+  end
+  def self.load_spec_files_for_profile(bind_context, profile_id, include_all, &block)
+    # get all spec files
+    files = get_spec_files_for_profile profile_id
+    # load all rules from spec files
+    rule_registry = {}
+    # TODO: handling of only_ifs
+    only_ifs = []
+    files.each do |file|
+      load_spec_file_for_profile(profile_id, file, rule_registry, only_ifs)
+    end
+    # interpret the block and create a set of rules from it
+    block_registry = {}
+    if block_given?
+      ctx = Inspec::ProfileContext.new(profile_id, block_registry, only_ifs)
+      ctx.instance_eval(&block)
+    end
+    # if all rules are not included, select only the ones
+    # that were defined in the block
+    unless include_all
+      remove = rule_registry.keys - block_registry.keys
+      remove.each { |key| rule_registry.delete(key) }
+    end
+    # merge the rules in the block_registry (adjustments) with
+    # the rules in the rule_registry (included)
+    block_registry.each do |id, r|
+      org = rule_registry[id]
+      if org.nil?
+        # TODO: print error because we write alter a rule that doesn't exist
+      elsif r.nil?
+        rule_registry.delete(id)
+      else
+        merge_rules(org, r)
+      end
+    end
+    # finally register all combined rules
+    rule_registry.each do |_id, rule|
+      bind_context.__register_rule rule
+    end
+  end
+  def self.get_spec_files_for_profile(id)
+    base_path = '/etc/inspec/tests'
+    path = File.join(base_path, id)
+    # find all files to be included
+    files = []
+    if File.directory? path
+      # include all library paths, if they exist
+      libdir = File.join(path, 'lib')
+      if File.directory? libdir and !$LOAD_PATH.include?(libdir)
+        $LOAD_PATH.unshift(libdir)
+      end
+      files = Dir[File.join(path, 'spec', '*_spec.rb')]
+    end
+    files
+  end
+end
+module Inspec::GlobalDSL
+  def __register_rule(r)
+    # make sure the profile id is attached to the rule
+    ::Inspec::DSL.execute_rule(r, __profile_id)
+  end
+  def __unregister_rule(_id)
+  end
+end
+module Inspec::DSLHelper
+  def self.bind_dsl(scope)
+    (class << scope; self; end).class_exec do
+      include Inspec::DSL
+      include Inspec::GlobalDSL
+    end
+  end
+end
+::Inspec::DSLHelper.bind_dsl(self)