RubyGems - inspec - Versions diffs - 0.9.0 - Mend

inspec 0.9.0

Files changed (247) hide show

checksums.yaml +7 -0
data/.gitignore +8 -0
data/.rubocop.yml +65 -0
data/.travis.yml +23 -0
data/CHANGELOG.md +38 -0
data/Gemfile +33 -0
data/LICENSE +201 -0
data/MAINTAINERS.md +28 -0
data/MAINTAINERS.toml +42 -0
data/README.md +257 -0
data/Rakefile +47 -0
data/bin/inspec +109 -0
data/docs/ctl_inspec.rst +195 -0
data/docs/dsl_inspec.rst +182 -0
data/docs/readme.rst +100 -0
data/docs/resources.rst +4319 -0
data/docs/template.rst +51 -0
data/examples/test-kitchen/.kitchen.yml +20 -0
data/examples/test-kitchen/Berksfile +3 -0
data/examples/test-kitchen/Gemfile +21 -0
data/examples/test-kitchen/README.md +27 -0
data/examples/test-kitchen/metadata.rb +7 -0
data/examples/test-kitchen/recipes/default.rb +6 -0
data/examples/test-kitchen/recipes/nginx.rb +30 -0
data/examples/test-kitchen/test/integration/default/web_spec.rb +28 -0
data/inspec.gemspec +30 -0
data/lib/inspec.rb +20 -0
data/lib/inspec/backend.rb +42 -0
data/lib/inspec/dsl.rb +151 -0
data/lib/inspec/log.rb +34 -0
data/lib/inspec/metadata.rb +79 -0
data/lib/inspec/plugins.rb +9 -0
data/lib/inspec/plugins/resource.rb +62 -0
data/lib/inspec/profile.rb +138 -0
data/lib/inspec/profile_context.rb +170 -0
data/lib/inspec/resource.rb +76 -0
data/lib/inspec/rspec_json_formatter.rb +27 -0
data/lib/inspec/rule.rb +170 -0
data/lib/inspec/runner.rb +154 -0
data/lib/inspec/shell.rb +66 -0
data/lib/inspec/targets.rb +9 -0
data/lib/inspec/targets/core.rb +27 -0
data/lib/inspec/targets/dir.rb +67 -0
data/lib/inspec/targets/file.rb +29 -0
data/lib/inspec/targets/folder.rb +43 -0
data/lib/inspec/targets/tar.rb +34 -0
data/lib/inspec/targets/url.rb +39 -0
data/lib/inspec/targets/zip.rb +47 -0
data/lib/inspec/version.rb +7 -0
data/lib/matchers/matchers.rb +221 -0
data/lib/resources/apache.rb +29 -0
data/lib/resources/apache_conf.rb +113 -0
data/lib/resources/apt.rb +140 -0
data/lib/resources/audit_policy.rb +63 -0
data/lib/resources/auditd_conf.rb +56 -0
data/lib/resources/auditd_rules.rb +53 -0
data/lib/resources/bond.rb +65 -0
data/lib/resources/bridge.rb +114 -0
data/lib/resources/command.rb +57 -0
data/lib/resources/csv.rb +32 -0
data/lib/resources/directory.rb +15 -0
data/lib/resources/etc_group.rb +150 -0
data/lib/resources/file.rb +110 -0
data/lib/resources/gem.rb +46 -0
data/lib/resources/group.rb +132 -0
data/lib/resources/host.rb +143 -0
data/lib/resources/inetd_conf.rb +56 -0
data/lib/resources/interface.rb +127 -0
data/lib/resources/iptables.rb +65 -0
data/lib/resources/json.rb +64 -0
data/lib/resources/kernel_module.rb +40 -0
data/lib/resources/kernel_parameter.rb +55 -0
data/lib/resources/limits_conf.rb +55 -0
data/lib/resources/login_def.rb +60 -0
data/lib/resources/mysql.rb +81 -0
data/lib/resources/mysql_conf.rb +116 -0
data/lib/resources/mysql_session.rb +52 -0
data/lib/resources/npm.rb +44 -0
data/lib/resources/ntp_conf.rb +58 -0
data/lib/resources/oneget.rb +63 -0
data/lib/resources/os.rb +22 -0
data/lib/resources/os_env.rb +34 -0
data/lib/resources/package.rb +169 -0
data/lib/resources/parse_config.rb +75 -0
data/lib/resources/passwd.rb +93 -0
data/lib/resources/pip.rb +75 -0
data/lib/resources/port.rb +296 -0
data/lib/resources/postgres.rb +37 -0
data/lib/resources/postgres_conf.rb +87 -0
data/lib/resources/postgres_session.rb +59 -0
data/lib/resources/processes.rb +57 -0
data/lib/resources/registry_key.rb +54 -0
data/lib/resources/script.rb +34 -0
data/lib/resources/security_policy.rb +73 -0
data/lib/resources/service.rb +379 -0
data/lib/resources/ssh_conf.rb +75 -0
data/lib/resources/user.rb +374 -0
data/lib/resources/windows_feature.rb +77 -0
data/lib/resources/yaml.rb +23 -0
data/lib/resources/yum.rb +154 -0
data/lib/utils/convert.rb +12 -0
data/lib/utils/detect.rb +15 -0
data/lib/utils/find_files.rb +36 -0
data/lib/utils/hash.rb +13 -0
data/lib/utils/modulator.rb +12 -0
data/lib/utils/parser.rb +61 -0
data/lib/utils/simpleconfig.rb +115 -0
data/tasks/maintainers.rb +213 -0
data/test/docker_run.rb +156 -0
data/test/docker_test.rb +51 -0
data/test/helper.rb +200 -0
data/test/integration/.kitchen.yml +42 -0
data/test/integration/Berksfile +4 -0
data/test/integration/cookbooks/os_prepare/metadata.rb +8 -0
data/test/integration/cookbooks/os_prepare/recipes/apt.rb +20 -0
data/test/integration/cookbooks/os_prepare/recipes/default.rb +9 -0
data/test/integration/cookbooks/os_prepare/recipes/file.rb +21 -0
data/test/integration/cookbooks/os_prepare/recipes/package.rb +26 -0
data/test/integration/default/_debug_spec.rb +1 -0
data/test/integration/default/apt_spec.rb +42 -0
data/test/integration/default/file_spec.rb +109 -0
data/test/integration/default/group_spec.rb +32 -0
data/test/integration/default/kernel_module_spec.rb +17 -0
data/test/integration/default/kernel_parameter_spec.rb +56 -0
data/test/integration/default/package_spec.rb +11 -0
data/test/integration/default/service_spec.rb +28 -0
data/test/integration/default/user_spec.rb +44 -0
data/test/resource/command_test.rb +33 -0
data/test/resource/dsl_test.rb +45 -0
data/test/resource/file_test.rb +130 -0
data/test/resource/ssh_config.rb +9 -0
data/test/resource/sshd_config.rb +9 -0
data/test/test-extra.yaml +11 -0
data/test/test.yaml +11 -0
data/test/unit/mock/cmd/Get-NetAdapter +24 -0
data/test/unit/mock/cmd/GetUserAccount +33 -0
data/test/unit/mock/cmd/GetWin32Group +23 -0
data/test/unit/mock/cmd/PATH +1 -0
data/test/unit/mock/cmd/Resolve-DnsName +26 -0
data/test/unit/mock/cmd/Test-NetConnection +4 -0
data/test/unit/mock/cmd/auditctl +7 -0
data/test/unit/mock/cmd/auditpol +2 -0
data/test/unit/mock/cmd/brew-info-jq +1 -0
data/test/unit/mock/cmd/chage-l-root +7 -0
data/test/unit/mock/cmd/dpkg-s-curl +21 -0
data/test/unit/mock/cmd/dscl +5 -0
data/test/unit/mock/cmd/etc-apt +7 -0
data/test/unit/mock/cmd/find-etc-rc-d-name-S +12 -0
data/test/unit/mock/cmd/find-net-interface +9 -0
data/test/unit/mock/cmd/gem-list-local-a-q-rubocop +1 -0
data/test/unit/mock/cmd/get-net-tcpconnection +24 -0
data/test/unit/mock/cmd/get-netadapter-binding-bridge +4 -0
data/test/unit/mock/cmd/get-package-firefox +30 -0
data/test/unit/mock/cmd/get-package-ruby +18 -0
data/test/unit/mock/cmd/get-service-dhcp +10 -0
data/test/unit/mock/cmd/get-windows-feature +7 -0
data/test/unit/mock/cmd/getent-hosts-example.com +1 -0
data/test/unit/mock/cmd/getent-passwd-root +1 -0
data/test/unit/mock/cmd/id-chartmann +1 -0
data/test/unit/mock/cmd/id-root +1 -0
data/test/unit/mock/cmd/initctl-show-config-ssh +3 -0
data/test/unit/mock/cmd/initctl-status-ssh +1 -0
data/test/unit/mock/cmd/iptables-s +6 -0
data/test/unit/mock/cmd/launchctl-list +3 -0
data/test/unit/mock/cmd/ls-1-etc-init.d +2 -0
data/test/unit/mock/cmd/ls-sys-class-net-br +2 -0
data/test/unit/mock/cmd/lsmod +2 -0
data/test/unit/mock/cmd/lsof-np-itcp +4 -0
data/test/unit/mock/cmd/netstat-tulpen +5 -0
data/test/unit/mock/cmd/npm-ls-g--json-bower +9 -0
data/test/unit/mock/cmd/pacman-qi-curl +21 -0
data/test/unit/mock/cmd/ping-example.com +6 -0
data/test/unit/mock/cmd/pip-show-jinja2 +11 -0
data/test/unit/mock/cmd/ps-aux +3 -0
data/test/unit/mock/cmd/pw-usershow-root-7 +1 -0
data/test/unit/mock/cmd/reg_schedule +1 -0
data/test/unit/mock/cmd/rpm-qia-curl +24 -0
data/test/unit/mock/cmd/sbin_sysctl +1 -0
data/test/unit/mock/cmd/secedit-export +7 -0
data/test/unit/mock/cmd/service-e +2 -0
data/test/unit/mock/cmd/service-sendmail-onestatus +3 -0
data/test/unit/mock/cmd/service-sshd-status +1 -0
data/test/unit/mock/cmd/sockstat +5 -0
data/test/unit/mock/cmd/success +0 -0
data/test/unit/mock/cmd/systemctl-show-all-sshd +6 -0
data/test/unit/mock/cmd/win32_product +8 -0
data/test/unit/mock/cmd/yum-repolist-all +52 -0
data/test/unit/mock/files/auditd.conf +4 -0
data/test/unit/mock/files/bond0 +37 -0
data/test/unit/mock/files/etcgroup +3 -0
data/test/unit/mock/files/example.csv +6 -0
data/test/unit/mock/files/inetd.conf +2 -0
data/test/unit/mock/files/kitchen.yml +7 -0
data/test/unit/mock/files/limits.conf +5 -0
data/test/unit/mock/files/login.defs +5 -0
data/test/unit/mock/files/mysql.conf +8 -0
data/test/unit/mock/files/mysql2.conf +2 -0
data/test/unit/mock/files/ntp.conf +5 -0
data/test/unit/mock/files/passwd +2 -0
data/test/unit/mock/files/policyfile.lock.json +12 -0
data/test/unit/mock/files/ssh_config +5 -0
data/test/unit/mock/files/sshd_config +7 -0
data/test/unit/mock/profiles/empty/metadata.rb +0 -0
data/test/unit/mock/profiles/metadata/metadata.rb +1 -0
data/test/unit/profile_context_test.rb +140 -0
data/test/unit/profile_test.rb +49 -0
data/test/unit/resources/apt_test.rb +46 -0
data/test/unit/resources/audit_policy_test.rb +13 -0
data/test/unit/resources/auditd_conf_test.rb +15 -0
data/test/unit/resources/auditd_rules_test.rb +21 -0
data/test/unit/resources/bond_test.rb +24 -0
data/test/unit/resources/bridge_test.rb +56 -0
data/test/unit/resources/csv_test.rb +35 -0
data/test/unit/resources/etc_group_test.rb +37 -0
data/test/unit/resources/gem_test.rb +20 -0
data/test/unit/resources/group_test.rb +96 -0
data/test/unit/resources/host_test.rb +38 -0
data/test/unit/resources/inetd_conf_test.rb +15 -0
data/test/unit/resources/interface_test.rb +54 -0
data/test/unit/resources/iptables_test.rb +30 -0
data/test/unit/resources/json_test.rb +36 -0
data/test/unit/resources/kernel_module_test.rb +23 -0
data/test/unit/resources/kernel_parameter_test.rb +13 -0
data/test/unit/resources/limits_conf_test.rb +14 -0
data/test/unit/resources/login_def_test.rb +16 -0
data/test/unit/resources/mysql_conf_test.rb +14 -0
data/test/unit/resources/npm_test.rb +20 -0
data/test/unit/resources/ntp_conf_test.rb +16 -0
data/test/unit/resources/oneget_test.rb +45 -0
data/test/unit/resources/os_env_test.rb +13 -0
data/test/unit/resources/package_test.rb +51 -0
data/test/unit/resources/passwd_test.rb +24 -0
data/test/unit/resources/pip_test.rb +15 -0
data/test/unit/resources/port_test.rb +46 -0
data/test/unit/resources/processes_test.rb +32 -0
data/test/unit/resources/registry_key_test.rb +19 -0
data/test/unit/resources/script_test.rb +19 -0
data/test/unit/resources/security_policy_test.rb +16 -0
data/test/unit/resources/service_test.rb +116 -0
data/test/unit/resources/ssh_conf_test.rb +33 -0
data/test/unit/resources/user_test.rb +93 -0
data/test/unit/resources/windows_feature.rb +17 -0
data/test/unit/resources/yaml_test.rb +34 -0
data/test/unit/resources/yum_test.rb +68 -0
data/test/unit/simpleconfig_test.rb +80 -0
data/test/unit/utils/content_parser_test.rb +30 -0
metadata +555 -0

data/lib/inspec/log.rb ADDED Viewed

@@ -0,0 +1,34 @@
+# encoding: utf-8
+# Copyright 2015 Dominik Richter. All rights reserved.
+# author: Dominik Richter
+# author: Christoph Hartmann
+require 'rainbow/ext/string'
+module Inspec
+  class Log
+    def initialize(opts = {})
+      @quiet = opts[:quiet] || false
+    end
+    def show(msg)
+      puts msg unless @quiet
+    end
+    def info(msg)
+      show '  .  '.color(:white) + msg
+    end
+    def error(msg)
+      show '  ✖  '.color(:red).bright + msg
+    end
+    def warn(msg)
+      show '  !  '.color(:yellow).bright + msg
+    end
+    def ok(msg)
+      show '  ✔  '.color(:green).bright + msg
+    end
+  end
+end

data/lib/inspec/metadata.rb ADDED Viewed

@@ -0,0 +1,79 @@
+# encoding: utf-8
+# Copyright 2015 Dominik Richter. All rights reserved.
+# author: Dominik Richter
+# author: Christoph Hartmann
+require 'logger'
+module Inspec
+  # Extract metadata.rb information
+  class Metadata
+    attr_reader :params
+    def initialize(logger = nil)
+      @logger = logger || Logger.new(nil)
+      @params = {}
+      @missing_methods = []
+    end
+    %w{
+      name
+      title
+      maintainer
+      maintainer_email
+      copyright
+      copyright_email
+      license
+      summary
+      description
+      version
+    }.each do |name|
+      define_method name.to_sym do |arg|
+        params[name.to_sym] = arg
+      end
+    end
+    def supports(sth, version = nil)
+      params[:supports] ||= []
+      params[:supports].push(
+        {
+          os:      sth,
+          version: version,
+        },
+      )
+    end
+    def valid?
+      is_valid = true
+      %w{ name title version summary }.each do |field|
+        next unless params[field.to_sym].nil?
+        @logger.error("Missing profile #{field} in metadata.rb")
+        is_valid = false
+      end
+      %w{ maintainer copyright }.each do |field|
+        next unless params[field.to_sym].nil?
+        @logger.warn("Missing profile #{field} in metadata.rb")
+        is_valid = false
+      end
+      is_valid && @missing_methods.empty?
+    end
+    def method_missing(sth, *args)
+      @logger.warn "metadata.rb doesn't support: #{sth} #{args}"
+      @missing_methods.push(sth)
+    end
+    def self.from_file(path, profile_id, logger = nil)
+      logger ||= Logger.new(nil)
+      unless File.file?(path)
+        logger.error "Can't find metadata file #{path}"
+        return nil
+      end
+      res = Metadata.new(logger)
+      res.instance_eval(File.read(path), path, 1)
+      res.params[:name] = profile_id.to_s unless profile_id.to_s.empty?
+      res
+    end
+  end
+end

data/lib/inspec/plugins.rb ADDED Viewed

@@ -0,0 +1,9 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+module Inspec
+  module Plugins
+    autoload :Resource, 'inspec/plugins/resource'
+  end
+end

data/lib/inspec/plugins/resource.rb ADDED Viewed

@@ -0,0 +1,62 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+module Inspec
+  module Plugins
+    class Resource
+      def self.name(name = nil)
+        return if name.nil?
+        Inspec::Plugins::Resource.__register(name, self)
+      end
+      def self.__register(name, obj)
+        # rubocop:disable Lint/NestedMethodDefinition
+        cl = Class.new(obj) do
+          # add some common methods
+          include Inspec::Plugins::ResourceCommon
+          def initialize(backend, name, *args)
+            # attach the backend to this instance
+            @__backend_runner__ = backend
+            @__resource_name__ = name
+            # call the resource initializer
+            super(*args)
+          end
+          def inspec
+            @__backend_runner__
+          end
+        end
+        # rubocop:enable Lint/NestedMethodDefinition
+        # add the resource to the registry by name
+        Inspec::Resource.registry[name] = cl
+      end
+      # Define methods which are available to all resources
+      # and may be overwritten.
+      # Print the name of the resource
+      def to_s
+        @__resource_name__
+      end
+      # Overwrite inspect to provide better output to RSpec results.
+      #
+      # @return [String] full name of the resource
+      def inspect
+        to_s
+      end
+    end
+    module ResourceCommon
+      def resource_skipped
+        @resource_skipped
+      end
+      def skip_resource(message)
+        @resource_skipped = message
+      end
+    end
+  end
+end

data/lib/inspec/profile.rb ADDED Viewed

@@ -0,0 +1,138 @@
+# encoding: utf-8
+# Copyright 2015 Dominik Richter. All rights reserved.
+# author: Dominik Richter
+# author: Christoph Hartmann
+require 'inspec/metadata'
+module Inspec
+  class Profile # rubocop:disable Metrics/ClassLength
+    def self.from_path(path, options = nil)
+      opt = {}
+      options.each { |k, v| opt[k.to_sym] = v } unless options.nil?
+      opt[:path] = path
+      Profile.new(opt)
+    end
+    attr_reader :params
+    attr_reader :metadata
+    def initialize(options = nil)
+      @options = options || {}
+      @profile_id = options[:id] || nil
+      @params = {}
+      @logger = options[:logger] || Logger.new(nil)
+      @path = @options[:path]
+      fail 'Cannot read an empty path.' if @path.nil? || @path.empty?
+      fail "Cannot find directory #{@path}" unless File.directory?(@path)
+      @metadata = read_metadata
+      @params = @metadata.params unless @metadata.nil?
+      @params[:rules] = rules = {}
+      @runner = Runner.new(
+        id: @profile_id,
+        backend: :mock,
+      )
+      @runner.add_tests([@path])
+      @runner.rules.each do |id, rule|
+        file = rule.instance_variable_get(:@__file)
+        rules[file] ||= {}
+        rules[file][id] = {
+          title: rule.title,
+          desc: rule.desc,
+          impact: rule.impact,
+          checks: rule.instance_variable_get(:@checks),
+          code: rule.instance_variable_get(:@__code),
+          group_title: rule.instance_variable_get(:@__group_title),
+        }
+      end
+    end
+    def info
+      res = @params.dup
+      rules = {}
+      res[:rules].each do |gid, group|
+        next if gid.to_s.empty?
+        path = gid.sub(File.join(@path, ''), '')
+        rules[path] = { title: path, rules: {} }
+        group.each do |id, rule|
+          next if id.to_s.empty?
+          data = rule.dup
+          data.delete(:checks)
+          data[:impact] ||= 0.5
+          data[:impact] = 1.0 if data[:impact] > 1.0
+          data[:impact] = 0.0 if data[:impact] < 0.0
+          rules[path][:rules][id] = data
+          # TODO: temporarily flatten the group down; replace this with
+          # proper hierarchy later on
+          rules[path][:title] = data[:group_title]
+        end
+      end
+      res[:rules] = rules
+      res
+    end
+    # Check if the profile is internall well-structured. The logger will be
+    # used to print information on errors and warnings which are found.
+    #
+    # @return [Boolean] true if no errors were found, false otherwise
+    def check # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+      no_errors = true
+      no_warnings = true
+      warn = lambda { |msg|
+        @logger.warn(msg)
+        no_warnings = false
+      }
+      error = lambda { |msg|
+        @logger.error(msg)
+        no_warnings = no_errors = false
+      }
+      @logger.info "Checking profile in #{@path}"
+      if @params[:name].to_s.empty?
+        error.call('No profile name defined')
+      elsif !(@params[:name].to_s =~ %r{^\S+\/\S+$})
+        error.call('Profile name must be defined as: OWNER/ID')
+      end
+      warn.call('No version defined') if @params[:name].to_s.empty?
+      warn.call('No title defined') if @params[:name].to_s.empty?
+      warn.call('No maintainer defined') if @params[:name].to_s.empty?
+      warn.call('No supports defined') if @params[:name].empty?
+      @logger.info 'Metadata OK.' if no_warnings
+      no_warnings = true
+      if @params[:name].empty?
+        warn.call('No rules were found.')
+      else
+        @logger.debug "Found #{@params[:name].length} rules."
+      end
+      # iterate over hash of groups
+      @params[:rules].each do |group, rules_array|
+        @logger.debug "Verify all rules in  #{group}"
+        rules_array.each do |id, rule|
+          error.call('Avoid rules with empty IDs') if id.nil? or id.empty?
+          warn.call("Rule #{id} has no title") if rule[:title].to_s.empty?
+          warn.call("Rule #{id} has no description") if rule[:desc].to_s.empty?
+          warn.call("Rule #{id} has impact > 1.0") if rule[:impact].to_f > 1.0
+          warn.call("Rule #{id} has impact < 0.0") if rule[:impact].to_f < 0.0
+          warn.call("Rule #{id} has no tests defined") if rule[:checks].nil? or rule[:checks].empty?
+        end
+      end
+      @logger.info 'Rule definitions OK.' if no_warnings
+      no_errors
+    end
+    private
+    def read_metadata
+      mpath = File.join(@path, 'metadata.rb')
+      @metadata = Metadata.from_file(mpath, @profile_id, @logger)
+    end
+  end
+end

data/lib/inspec/profile_context.rb ADDED Viewed

@@ -0,0 +1,170 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+require 'inspec/rule'
+require 'inspec/dsl'
+require 'rspec/core/dsl'
+module Inspec
+  class ProfileContext # rubocop:disable Metrics/ClassLength
+    attr_reader :rules, :only_ifs
+    def initialize(profile_id, backend, profile_registry = {}, only_ifs = [])
+      if backend.nil?
+        fail 'ProfileContext is initiated with a backend == nil. ' \
+             'This is a backend error which must be fixed upstream.'
+      end
+      @profile_id = profile_id
+      @rules = profile_registry
+      @only_ifs = only_ifs
+      dsl = create_inner_dsl(backend)
+      outer_dsl = create_outer_dsl(dsl)
+      ctx = create_context(outer_dsl)
+      @profile_context = ctx.new
+    end
+    def load(content, source = nil, line = nil)
+      @current_load = { file: source }
+      @profile_context.instance_eval(content, source || 'unknown', line || 1)
+    end
+    def unregister_rule(id)
+      full_id = Inspec::Rule.full_id(@profile_id, id)
+      @rules[full_id] = nil
+    end
+    def register_rule(r)
+      # get the full ID
+      r.instance_variable_set(:@__file, @current_load[:file])
+      r.instance_variable_set(:@__group_title, @current_load[:title])
+      full_id = Inspec::Rule.full_id(@profile_id, r)
+      if full_id.nil?
+        # TODO: error
+        return
+      end
+      # add the rule to the registry
+      existing = @rules[full_id]
+      if existing.nil?
+        @rules[full_id] = r
+      else
+        Inspec::Rule.merge(existing, r)
+      end
+    end
+    def set_header(field, val)
+      @current_load[field] = val
+    end
+    private
+    # Creates the inner DSL which includes all resources for
+    # creating tests. It is always connected to one target,
+    # which is specified via the backend argument.
+    #
+    # @param backend [BackendRunner] exposing the target to resources
+    # @return [InnerDSLModule]
+    def create_inner_dsl(backend)
+      Module.new do
+        Inspec::Resource.registry.each do |id, r|
+          define_method id.to_sym do |*args|
+            r.new(backend, id.to_s, *args)
+          end
+        end
+      end
+    end
+    # Creates the outer DSL which includes all methods for creating
+    # tests and control structures.
+    #
+    # @param dsl [InnerDSLModule] which contains all resources
+    # @return [OuterDSLClass]
+    def create_outer_dsl(dsl)
+      rule_class = Class.new(Inspec::Rule) do
+        include RSpec::Core::DSL
+        include dsl
+      end
+      # rubocop:disable Lint/NestedMethodDefinition
+      Class.new do
+        include dsl
+        define_method :control do |*args, &block|
+          id = args[0]
+          opts = args[1] || {}
+          # Skip the control if the resource triggered a skip;
+          # However: when this is run on a mock backend, do not skip it.
+          # This is e.g. relevant for JSON generation, where we need all
+          # controls.
+          return if @skip_profile && os[:family] != 'unknown'
+          __register_rule rule_class.new(id, opts, &block)
+        end
+        alias_method :rule, :control
+        define_method :describe do |*args, &block|
+          path = block.source_location[0]
+          line = block.source_location[1]
+          id = "#{File.basename(path)}:#{line}"
+          rule = rule_class.new(id, {}) do
+            describe(*args, &block)
+          end
+          __register_rule rule, &block
+        end
+        # TODO: mock method for attributes; import attribute handling
+        define_method :attributes do |_name, _options|
+          nil
+        end
+        def skip_rule(id)
+          __unregister_rule id
+        end
+        def only_if(&block)
+          return unless block_given?
+          @skip_profile = !block.call
+        end
+      end
+      # rubocop:enable all
+    end
+    # Creates the heart of the profile context:
+    # An instantiated object which has all resources registered to it
+    # and exposes them to the a test file. The profile context serves as a
+    # container for all profiles which are registered. Within the context
+    # profiles get access to all DSL calls for creating tests and controls.
+    #
+    # @param outer_dsl [OuterDSLClass]
+    # @return [ProfileContextClass]
+    def create_context(outer_dsl)
+      profile_context_owner = self
+      # rubocop:disable Lint/NestedMethodDefinition
+      Class.new(outer_dsl) do
+        include Inspec::DSL
+        define_method :title do |arg|
+          profile_context_owner.set_header(:title, arg)
+        end
+        define_method :__register_rule do |*args|
+          profile_context_owner.register_rule(*args)
+        end
+        define_method :__unregister_rule do |*args|
+          profile_context_owner.unregister_rule(*args)
+        end
+        def to_s
+          'Profile Context Run'
+        end
+      end
+      # rubocop:enable all
+    end
+  end
+end