RubyGems - inspec - Versions diffs - 0.9.0 - Mend

inspec 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (247) hide show

checksums.yaml +7 -0
data/.gitignore +8 -0
data/.rubocop.yml +65 -0
data/.travis.yml +23 -0
data/CHANGELOG.md +38 -0
data/Gemfile +33 -0
data/LICENSE +201 -0
data/MAINTAINERS.md +28 -0
data/MAINTAINERS.toml +42 -0
data/README.md +257 -0
data/Rakefile +47 -0
data/bin/inspec +109 -0
data/docs/ctl_inspec.rst +195 -0
data/docs/dsl_inspec.rst +182 -0
data/docs/readme.rst +100 -0
data/docs/resources.rst +4319 -0
data/docs/template.rst +51 -0
data/examples/test-kitchen/.kitchen.yml +20 -0
data/examples/test-kitchen/Berksfile +3 -0
data/examples/test-kitchen/Gemfile +21 -0
data/examples/test-kitchen/README.md +27 -0
data/examples/test-kitchen/metadata.rb +7 -0
data/examples/test-kitchen/recipes/default.rb +6 -0
data/examples/test-kitchen/recipes/nginx.rb +30 -0
data/examples/test-kitchen/test/integration/default/web_spec.rb +28 -0
data/inspec.gemspec +30 -0
data/lib/inspec.rb +20 -0
data/lib/inspec/backend.rb +42 -0
data/lib/inspec/dsl.rb +151 -0
data/lib/inspec/log.rb +34 -0
data/lib/inspec/metadata.rb +79 -0
data/lib/inspec/plugins.rb +9 -0
data/lib/inspec/plugins/resource.rb +62 -0
data/lib/inspec/profile.rb +138 -0
data/lib/inspec/profile_context.rb +170 -0
data/lib/inspec/resource.rb +76 -0
data/lib/inspec/rspec_json_formatter.rb +27 -0
data/lib/inspec/rule.rb +170 -0
data/lib/inspec/runner.rb +154 -0
data/lib/inspec/shell.rb +66 -0
data/lib/inspec/targets.rb +9 -0
data/lib/inspec/targets/core.rb +27 -0
data/lib/inspec/targets/dir.rb +67 -0
data/lib/inspec/targets/file.rb +29 -0
data/lib/inspec/targets/folder.rb +43 -0
data/lib/inspec/targets/tar.rb +34 -0
data/lib/inspec/targets/url.rb +39 -0
data/lib/inspec/targets/zip.rb +47 -0
data/lib/inspec/version.rb +7 -0
data/lib/matchers/matchers.rb +221 -0
data/lib/resources/apache.rb +29 -0
data/lib/resources/apache_conf.rb +113 -0
data/lib/resources/apt.rb +140 -0
data/lib/resources/audit_policy.rb +63 -0
data/lib/resources/auditd_conf.rb +56 -0
data/lib/resources/auditd_rules.rb +53 -0
data/lib/resources/bond.rb +65 -0
data/lib/resources/bridge.rb +114 -0
data/lib/resources/command.rb +57 -0
data/lib/resources/csv.rb +32 -0
data/lib/resources/directory.rb +15 -0
data/lib/resources/etc_group.rb +150 -0
data/lib/resources/file.rb +110 -0
data/lib/resources/gem.rb +46 -0
data/lib/resources/group.rb +132 -0
data/lib/resources/host.rb +143 -0
data/lib/resources/inetd_conf.rb +56 -0
data/lib/resources/interface.rb +127 -0
data/lib/resources/iptables.rb +65 -0
data/lib/resources/json.rb +64 -0
data/lib/resources/kernel_module.rb +40 -0
data/lib/resources/kernel_parameter.rb +55 -0
data/lib/resources/limits_conf.rb +55 -0
data/lib/resources/login_def.rb +60 -0
data/lib/resources/mysql.rb +81 -0
data/lib/resources/mysql_conf.rb +116 -0
data/lib/resources/mysql_session.rb +52 -0
data/lib/resources/npm.rb +44 -0
data/lib/resources/ntp_conf.rb +58 -0
data/lib/resources/oneget.rb +63 -0
data/lib/resources/os.rb +22 -0
data/lib/resources/os_env.rb +34 -0
data/lib/resources/package.rb +169 -0
data/lib/resources/parse_config.rb +75 -0
data/lib/resources/passwd.rb +93 -0
data/lib/resources/pip.rb +75 -0
data/lib/resources/port.rb +296 -0
data/lib/resources/postgres.rb +37 -0
data/lib/resources/postgres_conf.rb +87 -0
data/lib/resources/postgres_session.rb +59 -0
data/lib/resources/processes.rb +57 -0
data/lib/resources/registry_key.rb +54 -0
data/lib/resources/script.rb +34 -0
data/lib/resources/security_policy.rb +73 -0
data/lib/resources/service.rb +379 -0
data/lib/resources/ssh_conf.rb +75 -0
data/lib/resources/user.rb +374 -0
data/lib/resources/windows_feature.rb +77 -0
data/lib/resources/yaml.rb +23 -0
data/lib/resources/yum.rb +154 -0
data/lib/utils/convert.rb +12 -0
data/lib/utils/detect.rb +15 -0
data/lib/utils/find_files.rb +36 -0
data/lib/utils/hash.rb +13 -0
data/lib/utils/modulator.rb +12 -0
data/lib/utils/parser.rb +61 -0
data/lib/utils/simpleconfig.rb +115 -0
data/tasks/maintainers.rb +213 -0
data/test/docker_run.rb +156 -0
data/test/docker_test.rb +51 -0
data/test/helper.rb +200 -0
data/test/integration/.kitchen.yml +42 -0
data/test/integration/Berksfile +4 -0
data/test/integration/cookbooks/os_prepare/metadata.rb +8 -0
data/test/integration/cookbooks/os_prepare/recipes/apt.rb +20 -0
data/test/integration/cookbooks/os_prepare/recipes/default.rb +9 -0
data/test/integration/cookbooks/os_prepare/recipes/file.rb +21 -0
data/test/integration/cookbooks/os_prepare/recipes/package.rb +26 -0
data/test/integration/default/_debug_spec.rb +1 -0
data/test/integration/default/apt_spec.rb +42 -0
data/test/integration/default/file_spec.rb +109 -0
data/test/integration/default/group_spec.rb +32 -0
data/test/integration/default/kernel_module_spec.rb +17 -0
data/test/integration/default/kernel_parameter_spec.rb +56 -0
data/test/integration/default/package_spec.rb +11 -0
data/test/integration/default/service_spec.rb +28 -0
data/test/integration/default/user_spec.rb +44 -0
data/test/resource/command_test.rb +33 -0
data/test/resource/dsl_test.rb +45 -0
data/test/resource/file_test.rb +130 -0
data/test/resource/ssh_config.rb +9 -0
data/test/resource/sshd_config.rb +9 -0
data/test/test-extra.yaml +11 -0
data/test/test.yaml +11 -0
data/test/unit/mock/cmd/Get-NetAdapter +24 -0
data/test/unit/mock/cmd/GetUserAccount +33 -0
data/test/unit/mock/cmd/GetWin32Group +23 -0
data/test/unit/mock/cmd/PATH +1 -0
data/test/unit/mock/cmd/Resolve-DnsName +26 -0
data/test/unit/mock/cmd/Test-NetConnection +4 -0
data/test/unit/mock/cmd/auditctl +7 -0
data/test/unit/mock/cmd/auditpol +2 -0
data/test/unit/mock/cmd/brew-info-jq +1 -0
data/test/unit/mock/cmd/chage-l-root +7 -0
data/test/unit/mock/cmd/dpkg-s-curl +21 -0
data/test/unit/mock/cmd/dscl +5 -0
data/test/unit/mock/cmd/etc-apt +7 -0
data/test/unit/mock/cmd/find-etc-rc-d-name-S +12 -0
data/test/unit/mock/cmd/find-net-interface +9 -0
data/test/unit/mock/cmd/gem-list-local-a-q-rubocop +1 -0
data/test/unit/mock/cmd/get-net-tcpconnection +24 -0
data/test/unit/mock/cmd/get-netadapter-binding-bridge +4 -0
data/test/unit/mock/cmd/get-package-firefox +30 -0
data/test/unit/mock/cmd/get-package-ruby +18 -0
data/test/unit/mock/cmd/get-service-dhcp +10 -0
data/test/unit/mock/cmd/get-windows-feature +7 -0
data/test/unit/mock/cmd/getent-hosts-example.com +1 -0
data/test/unit/mock/cmd/getent-passwd-root +1 -0
data/test/unit/mock/cmd/id-chartmann +1 -0
data/test/unit/mock/cmd/id-root +1 -0
data/test/unit/mock/cmd/initctl-show-config-ssh +3 -0
data/test/unit/mock/cmd/initctl-status-ssh +1 -0
data/test/unit/mock/cmd/iptables-s +6 -0
data/test/unit/mock/cmd/launchctl-list +3 -0
data/test/unit/mock/cmd/ls-1-etc-init.d +2 -0
data/test/unit/mock/cmd/ls-sys-class-net-br +2 -0
data/test/unit/mock/cmd/lsmod +2 -0
data/test/unit/mock/cmd/lsof-np-itcp +4 -0
data/test/unit/mock/cmd/netstat-tulpen +5 -0
data/test/unit/mock/cmd/npm-ls-g--json-bower +9 -0
data/test/unit/mock/cmd/pacman-qi-curl +21 -0
data/test/unit/mock/cmd/ping-example.com +6 -0
data/test/unit/mock/cmd/pip-show-jinja2 +11 -0
data/test/unit/mock/cmd/ps-aux +3 -0
data/test/unit/mock/cmd/pw-usershow-root-7 +1 -0
data/test/unit/mock/cmd/reg_schedule +1 -0
data/test/unit/mock/cmd/rpm-qia-curl +24 -0
data/test/unit/mock/cmd/sbin_sysctl +1 -0
data/test/unit/mock/cmd/secedit-export +7 -0
data/test/unit/mock/cmd/service-e +2 -0
data/test/unit/mock/cmd/service-sendmail-onestatus +3 -0
data/test/unit/mock/cmd/service-sshd-status +1 -0
data/test/unit/mock/cmd/sockstat +5 -0
data/test/unit/mock/cmd/success +0 -0
data/test/unit/mock/cmd/systemctl-show-all-sshd +6 -0
data/test/unit/mock/cmd/win32_product +8 -0
data/test/unit/mock/cmd/yum-repolist-all +52 -0
data/test/unit/mock/files/auditd.conf +4 -0
data/test/unit/mock/files/bond0 +37 -0
data/test/unit/mock/files/etcgroup +3 -0
data/test/unit/mock/files/example.csv +6 -0
data/test/unit/mock/files/inetd.conf +2 -0
data/test/unit/mock/files/kitchen.yml +7 -0
data/test/unit/mock/files/limits.conf +5 -0
data/test/unit/mock/files/login.defs +5 -0
data/test/unit/mock/files/mysql.conf +8 -0
data/test/unit/mock/files/mysql2.conf +2 -0
data/test/unit/mock/files/ntp.conf +5 -0
data/test/unit/mock/files/passwd +2 -0
data/test/unit/mock/files/policyfile.lock.json +12 -0
data/test/unit/mock/files/ssh_config +5 -0
data/test/unit/mock/files/sshd_config +7 -0
data/test/unit/mock/profiles/empty/metadata.rb +0 -0
data/test/unit/mock/profiles/metadata/metadata.rb +1 -0
data/test/unit/profile_context_test.rb +140 -0
data/test/unit/profile_test.rb +49 -0
data/test/unit/resources/apt_test.rb +46 -0
data/test/unit/resources/audit_policy_test.rb +13 -0
data/test/unit/resources/auditd_conf_test.rb +15 -0
data/test/unit/resources/auditd_rules_test.rb +21 -0
data/test/unit/resources/bond_test.rb +24 -0
data/test/unit/resources/bridge_test.rb +56 -0
data/test/unit/resources/csv_test.rb +35 -0
data/test/unit/resources/etc_group_test.rb +37 -0
data/test/unit/resources/gem_test.rb +20 -0
data/test/unit/resources/group_test.rb +96 -0
data/test/unit/resources/host_test.rb +38 -0
data/test/unit/resources/inetd_conf_test.rb +15 -0
data/test/unit/resources/interface_test.rb +54 -0
data/test/unit/resources/iptables_test.rb +30 -0
data/test/unit/resources/json_test.rb +36 -0
data/test/unit/resources/kernel_module_test.rb +23 -0
data/test/unit/resources/kernel_parameter_test.rb +13 -0
data/test/unit/resources/limits_conf_test.rb +14 -0
data/test/unit/resources/login_def_test.rb +16 -0
data/test/unit/resources/mysql_conf_test.rb +14 -0
data/test/unit/resources/npm_test.rb +20 -0
data/test/unit/resources/ntp_conf_test.rb +16 -0
data/test/unit/resources/oneget_test.rb +45 -0
data/test/unit/resources/os_env_test.rb +13 -0
data/test/unit/resources/package_test.rb +51 -0
data/test/unit/resources/passwd_test.rb +24 -0
data/test/unit/resources/pip_test.rb +15 -0
data/test/unit/resources/port_test.rb +46 -0
data/test/unit/resources/processes_test.rb +32 -0
data/test/unit/resources/registry_key_test.rb +19 -0
data/test/unit/resources/script_test.rb +19 -0
data/test/unit/resources/security_policy_test.rb +16 -0
data/test/unit/resources/service_test.rb +116 -0
data/test/unit/resources/ssh_conf_test.rb +33 -0
data/test/unit/resources/user_test.rb +93 -0
data/test/unit/resources/windows_feature.rb +17 -0
data/test/unit/resources/yaml_test.rb +34 -0
data/test/unit/resources/yum_test.rb +68 -0
data/test/unit/simpleconfig_test.rb +80 -0
data/test/unit/utils/content_parser_test.rb +30 -0
metadata +555 -0

data/docs/template.rst ADDED Viewed

@@ -0,0 +1,51 @@
+resource_name
+=====================================================
+Use the ``resource_name`` audit resource to xxxxx.
+Syntax
+-----------------------------------------------------
+A ``resource_name`` audit resource block declares xxxxx. For example:
+.. code-block:: ruby
+   describe xxxxx(xxxxx) do
+     it { should xxxxx }
+   end
+where
+* ``xxxxx`` must specify xxxxx
+* xxxxx
+* ``xxxxx`` is a valid matcher for this audit resource
+Matchers
+-----------------------------------------------------
+This audit resource has the following matchers.
+xxxxx
++++++++++++++++++++++++++++++++++++++++++++++++++++++
+The ``xxxxx`` matcher tests if xxxxx. For example:
+.. code-block:: ruby
+   it { should xxxxx }
+xxxxx
++++++++++++++++++++++++++++++++++++++++++++++++++++++
+The ``xxxxx`` matcher tests if xxxxx. For example:
+.. code-block:: ruby
+   it { should xxxxx }
+Examples
+-----------------------------------------------------
+The following examples show how to use this audit resource in a recipe.
+**xxxxx**
+xxxxx
+**xxxxx**
+xxxxx

data/examples/test-kitchen/.kitchen.yml ADDED Viewed

@@ -0,0 +1,20 @@
+---
+driver:
+  name: vagrant
+provisioner:
+  name: chef_solo
+verifier:
+  name: inspec
+platforms:
+  - name: centos-7.1
+  - name: ubuntu-12.04
+  - name: ubuntu-14.04
+suites:
+  - name: default
+    run_list:
+      - recipe[prepare]
+    attributes:

data/examples/test-kitchen/Berksfile ADDED Viewed

@@ -0,0 +1,3 @@
+source 'https://supermarket.chef.io'
+metadata

data/examples/test-kitchen/Gemfile ADDED Viewed

@@ -0,0 +1,21 @@
+# encoding: utf-8
+source 'https://rubygems.org'
+gem 'inspec', path: '../../.'
+gem 'train', git: 'git@github.com:chef/train.git'
+group :test do
+  gem 'bundler', '~> 1.5'
+  gem 'minitest', '~> 5.5'
+  gem 'rake', '~> 10'
+  gem 'rubocop', '~> 0.33.0'
+  gem 'simplecov', '~> 0.10'
+end
+group :integration do
+  gem 'berkshelf', '~> 4.0'
+  gem 'test-kitchen', '~> 1.4'
+  gem 'kitchen-vagrant'
+  gem 'kitchen-inspec', git: 'git@github.com:chef/kitchen-inspec.git'
+  gem 'concurrent-ruby', '~> 0.9'
+end

data/examples/test-kitchen/README.md ADDED Viewed

@@ -0,0 +1,27 @@
+# InSpec Test-Kitchen Example
+This example demonstrates a complete roundtrip via [Test-Kitchen](http://kitchen.ci/).
+```bash
+# install all dependencies
+$ bundle install
+# show all available tests
+$ bundle exec kitchen list
+Instance             Driver   Provisioner  Verifier  Transport  Last Action
+default-centos-71    Vagrant  ChefSolo     InSpec    Ssh        <Not Created>
+default-ubuntu-1204  Vagrant  ChefSolo     InSpec    Ssh        <Not Created>
+default-ubuntu-1404  Vagrant  ChefSolo     InSpec    Ssh        <Not Created>
+# Now we are ready to run a complete test
+$ bundle exec kitchen test default-ubuntu-1404
+-----> Starting Kitchen (v1.4.2)
+-----> Verifying <default-ubuntu-1404>...
+...
+Finished in 0.03241 seconds (files took 0.22475 seconds to load)
+5 examples, 0 failures
+       Finished verifying <default-ubuntu-1404> (0m0.16s).
+-----> Kitchen is finished. (0m0.82s)
+```

data/examples/test-kitchen/metadata.rb ADDED Viewed

@@ -0,0 +1,7 @@
+name 'prepare'
+maintainer 'Chef Software, Inc.'
+maintainer_email 'support@chef.io'
+description 'This cookbook prepares the test operating systems'
+version '1.0.0'
+depends 'apt'
+depends 'yum'

data/examples/test-kitchen/recipes/default.rb ADDED Viewed

@@ -0,0 +1,6 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+# install nginx
+include_recipe('prepare::nginx')

data/examples/test-kitchen/recipes/nginx.rb ADDED Viewed

@@ -0,0 +1,30 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+# install repositories for nginx
+case node['platform']
+when 'ubuntu'
+  include_recipe('apt')
+  # if ubuntu, install
+  apt_repository 'nginx-php' do
+    uri 'ppa:nginx/stable'
+    distribution node['lsb']['codename']
+  end
+when 'centos'
+  # add repo for Centos 7
+  yum_repository 'nginx' do
+    description 'Nginx Repo'
+    baseurl 'http://nginx.org/packages/centos/7/x86_64'
+    gpgkey 'http://nginx.org/keys/nginx_signing.key'
+    action :create
+  end
+end
+# install nginx package
+package 'nginx'
+# start the service
+service 'nginx' do
+  action :start
+end

data/examples/test-kitchen/test/integration/default/web_spec.rb ADDED Viewed

@@ -0,0 +1,28 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+# use basic tests
+describe package('nginx') do
+  it { should be_installed }
+end
+# extend tests with metadata
+rule '01' do
+  impact 0.7
+  title 'Verify nginx service'
+  desc 'Ensures nginx service is up and running'
+  describe service('nginx') do
+    it { should be_enabled }
+    it { should be_installed }
+    it { should be_running }
+  end
+end
+# implement os dependent tests
+web_user = 'www-data'
+web_user = 'nginx' if os[:family] == 'centos'
+describe user(web_user) do
+  it { should exist }
+end

data/inspec.gemspec ADDED Viewed

@@ -0,0 +1,30 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'inspec/version'
+Gem::Specification.new do |spec|
+  spec.name          = 'inspec'
+  spec.version       = Inspec::VERSION
+  spec.authors       = ['Dominik Richter']
+  spec.email         = ['dominik.richter@gmail.com']
+  spec.summary       = 'Validate Inspec compliance checks'
+  spec.description   = 'Validate Inspec compliance checks.'
+  spec.homepage      = 'https://github.com/chef/inspec'
+  spec.license       = 'Apache 2.0'
+  spec.files         = `hash git 2>/dev/null && git ls-files -z`.split("\x0").find_all { |x| x !~ /^\.delivery/ }
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ['lib']
+  spec.add_dependency 'r-train', '~> 0.9'
+  spec.add_dependency 'thor', '~> 0.19'
+  spec.add_dependency 'json', '~> 1.8'
+  spec.add_dependency 'rainbow', '~> 2'
+  spec.add_dependency 'method_source', '~> 0.8'
+  spec.add_dependency 'rubyzip', '~> 1.1'
+  spec.add_dependency 'rspec', '~> 3.3'
+  spec.add_dependency 'rspec-its', '~> 1.2'
+  spec.add_dependency 'pry', '~> 0.10'
+end

data/lib/inspec.rb ADDED Viewed

@@ -0,0 +1,20 @@
+# encoding: utf-8
+# copyright: 2015, Dominik Richter
+# license: All rights reserved
+# author: Dominik Richter
+# author: Christoph Hartmann
+Encoding.default_external = Encoding::UTF_8
+Encoding.default_internal = Encoding::UTF_8
+libdir = File.dirname(__FILE__)
+$LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
+require 'inspec/version'
+require 'inspec/profile'
+require 'inspec/resource'
+require 'inspec/rspec_json_formatter'
+require 'inspec/rule'
+require 'inspec/runner'
+require 'inspec/shell'
+require 'matchers/matchers'

data/lib/inspec/backend.rb ADDED Viewed

@@ -0,0 +1,42 @@
+# encoding: utf-8
+# copyright: 2015, Dominik Richter
+# license: All rights reserved
+# author: Dominik Richter
+# author: Christoph Hartmann
+require 'train'
+module Inspec
+  module Backend
+    # Create the transport backend with aggregated resources.
+    #
+    # @param [Hash] config for the transport backend
+    # @return [TransportBackend] enriched transport instance
+    def self.create(config)
+      conf = Train.target_config(config)
+      name = conf[:backend] || :local
+      transport = Train.create(name, conf)
+      if transport.nil?
+        fail "Can't find transport backend '#{name}'."
+      end
+      connection = transport.connection
+      if connection.nil?
+        fail "Can't connect to transport backend '#{name}'."
+      end
+      cls = Class.new do
+        define_method :backend do
+          connection
+        end
+        Inspec::Resource.registry.each do |id, r|
+          define_method id.to_sym do |*args|
+            r.new(self, id.to_s, *args)
+          end
+        end
+      end
+      cls.new
+    end
+  end
+end

data/lib/inspec/dsl.rb ADDED Viewed

@@ -0,0 +1,151 @@
+# encoding: utf-8
+# copyright: 2015, Dominik Richter
+# license: All rights reserved
+# author: Dominik Richter
+# author: Christoph Hartmann
+module Inspec::DSL
+  def require_controls(id, &block)
+    ::Inspec::DSL.load_spec_files_for_profile self, id, false, &block
+  end
+  def include_controls(id, &block)
+    ::Inspec::DSL.load_spec_files_for_profile self, id, true, &block
+  end
+  alias_method :require_rules, :require_controls
+  alias_method :include_rules, :include_controls
+  # Register a given rule with RSpec and
+  # let it run. This happens after everything
+  # else is merged in.
+  def self.execute_rule(r, profile_id)
+    checks = r.instance_variable_get(:@checks)
+    fid = InspecBaseRule.full_id(r, profile_id)
+    checks.each do |m, a, b|
+      # check if the resource is skippable and skipped
+      if a.is_a?(Array) && !a.empty? &&
+         a[0].respond_to?(:resource_skipped) &&
+         !a[0].resource_skipped.nil?
+        cres = ::Inspec::Rule.__send__(m, *a) do
+          it a[0].resource_skipped
+        end
+      else
+        # execute the method
+        cres = ::Inspec::Rule.__send__(m, *a, &b)
+      end
+      if m == 'describe'
+        set_rspec_ids(cres, fid)
+      end
+    end
+  end
+  private
+  # merge two rules completely; all defined
+  # fields from src will be overwritten in dst
+  def self.merge_rules(dst, src)
+    InspecBaseRule.merge dst, src
+  end
+  # Attach an ID attribute to the
+  # metadata of all examples
+  # TODO: remove this once IDs are in rspec-core
+  def self.set_rspec_ids(obj, id)
+    obj.examples.each {|ex|
+      ex.metadata[:id] = id
+    }
+    obj.children.each {|c|
+      set_rspec_ids(c, id)
+    }
+  end
+  def self.load_spec_file_for_profile(profile_id, file, rule_registry, only_ifs)
+    raw = File.read(file)
+    # TODO: error-handling
+    ctx = Inspec::ProfileContext.new(profile_id, rule_registry, only_ifs)
+    ctx.instance_eval(raw, file, 1)
+  end
+  def self.load_spec_files_for_profile(bind_context, profile_id, include_all, &block)
+    # get all spec files
+    files = get_spec_files_for_profile profile_id
+    # load all rules from spec files
+    rule_registry = {}
+    # TODO: handling of only_ifs
+    only_ifs = []
+    files.each do |file|
+      load_spec_file_for_profile(profile_id, file, rule_registry, only_ifs)
+    end
+    # interpret the block and create a set of rules from it
+    block_registry = {}
+    if block_given?
+      ctx = Inspec::ProfileContext.new(profile_id, block_registry, only_ifs)
+      ctx.instance_eval(&block)
+    end
+    # if all rules are not included, select only the ones
+    # that were defined in the block
+    unless include_all
+      remove = rule_registry.keys - block_registry.keys
+      remove.each { |key| rule_registry.delete(key) }
+    end
+    # merge the rules in the block_registry (adjustments) with
+    # the rules in the rule_registry (included)
+    block_registry.each do |id, r|
+      org = rule_registry[id]
+      if org.nil?
+        # TODO: print error because we write alter a rule that doesn't exist
+      elsif r.nil?
+        rule_registry.delete(id)
+      else
+        merge_rules(org, r)
+      end
+    end
+    # finally register all combined rules
+    rule_registry.each do |_id, rule|
+      bind_context.__register_rule rule
+    end
+  end
+  def self.get_spec_files_for_profile(id)
+    base_path = '/etc/inspec/tests'
+    path = File.join(base_path, id)
+    # find all files to be included
+    files = []
+    if File.directory? path
+      # include all library paths, if they exist
+      libdir = File.join(path, 'lib')
+      if File.directory? libdir and !$LOAD_PATH.include?(libdir)
+        $LOAD_PATH.unshift(libdir)
+      end
+      files = Dir[File.join(path, 'spec', '*_spec.rb')]
+    end
+    files
+  end
+end
+module Inspec::GlobalDSL
+  def __register_rule(r)
+    # make sure the profile id is attached to the rule
+    ::Inspec::DSL.execute_rule(r, __profile_id)
+  end
+  def __unregister_rule(_id)
+  end
+end
+module Inspec::DSLHelper
+  def self.bind_dsl(scope)
+    (class << scope; self; end).class_exec do
+      include Inspec::DSL
+      include Inspec::GlobalDSL
+    end
+  end
+end
+::Inspec::DSLHelper.bind_dsl(self)