inspec 0.9.5 → 0.9.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +58 -8
- data/README.md +8 -39
- data/Rakefile +74 -9
- data/bin/inspec +66 -10
- data/docs/ctl_inspec.rst +7 -1
- data/docs/inspec_and_friends.rst +1 -1
- data/docs/resources.rst +51 -45
- data/examples/README.md +7 -0
- data/examples/kitchen-ansible/.kitchen.yml +25 -0
- data/examples/kitchen-ansible/Gemfile +20 -0
- data/examples/kitchen-ansible/README.md +53 -0
- data/examples/kitchen-ansible/files/nginx.repo +6 -0
- data/examples/kitchen-ansible/tasks/main.yml +16 -0
- data/examples/kitchen-ansible/test/integration/default/default.yml +5 -0
- data/examples/{test-kitchen → kitchen-ansible}/test/integration/default/web_spec.rb +0 -0
- data/examples/{test-kitchen → kitchen-chef}/.kitchen.yml +1 -1
- data/examples/{test-kitchen → kitchen-chef}/Berksfile +0 -0
- data/examples/{test-kitchen → kitchen-chef}/Gemfile +1 -2
- data/examples/{test-kitchen → kitchen-chef}/README.md +1 -1
- data/examples/{test-kitchen → kitchen-chef}/metadata.rb +0 -0
- data/examples/{test-kitchen → kitchen-chef}/recipes/default.rb +0 -0
- data/examples/{test-kitchen → kitchen-chef}/recipes/nginx.rb +0 -0
- data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -0
- data/examples/kitchen-puppet/.kitchen.yml +22 -0
- data/examples/kitchen-puppet/Gemfile +21 -0
- data/examples/kitchen-puppet/Puppetfile +25 -0
- data/examples/kitchen-puppet/README.md +53 -0
- data/examples/kitchen-puppet/manifests/site.pp +33 -0
- data/examples/kitchen-puppet/metadata.json +11 -0
- data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -0
- data/inspec.gemspec +2 -0
- data/lib/inspec/plugins/resource.rb +21 -0
- data/lib/inspec/shell.rb +73 -11
- data/lib/inspec/version.rb +1 -1
- data/lib/matchers/matchers.rb +43 -0
- data/lib/resources/apache_conf.rb +12 -9
- data/lib/resources/apt.rb +7 -0
- data/lib/resources/audit_policy.rb +6 -6
- data/lib/resources/auditd_conf.rb +6 -7
- data/lib/resources/auditd_rules.rb +9 -8
- data/lib/resources/bond.rb +6 -6
- data/lib/resources/bridge.rb +7 -0
- data/lib/resources/command.rb +10 -8
- data/lib/resources/csv.rb +6 -5
- data/lib/resources/directory.rb +6 -0
- data/lib/resources/etc_group.rb +9 -1
- data/lib/resources/file.rb +72 -61
- data/lib/resources/gem.rb +6 -4
- data/lib/resources/group.rb +7 -0
- data/lib/resources/host.rb +6 -0
- data/lib/resources/inetd_conf.rb +8 -8
- data/lib/resources/ini.rb +6 -6
- data/lib/resources/interface.rb +8 -8
- data/lib/resources/iptables.rb +6 -0
- data/lib/resources/json.rb +6 -5
- data/lib/resources/kernel_module.rb +6 -5
- data/lib/resources/kernel_parameter.rb +6 -4
- data/lib/resources/limits_conf.rb +6 -6
- data/lib/resources/login_def.rb +6 -0
- data/lib/resources/mysql_conf.rb +6 -0
- data/lib/resources/mysql_session.rb +7 -0
- data/lib/resources/npm.rb +6 -4
- data/lib/resources/ntp_conf.rb +7 -7
- data/lib/resources/oneget.rb +6 -0
- data/lib/resources/os.rb +8 -0
- data/lib/resources/os_env.rb +6 -0
- data/lib/resources/package.rb +8 -1
- data/lib/resources/parse_config.rb +14 -0
- data/lib/resources/passwd.rb +7 -0
- data/lib/resources/pip.rb +6 -0
- data/lib/resources/port.rb +22 -11
- data/lib/resources/postgres_conf.rb +6 -0
- data/lib/resources/postgres_session.rb +8 -0
- data/lib/resources/processes.rb +17 -1
- data/lib/resources/registry_key.rb +7 -0
- data/lib/resources/script.rb +11 -0
- data/lib/resources/security_policy.rb +6 -1
- data/lib/resources/service.rb +10 -0
- data/lib/resources/ssh_conf.rb +6 -0
- data/lib/resources/user.rb +9 -2
- data/lib/resources/windows_feature.rb +6 -0
- data/lib/resources/yaml.rb +6 -0
- data/lib/resources/yum.rb +7 -0
- data/lib/utils/find_files.rb +15 -7
- data/test/helper.rb +9 -0
- data/test/integration/.kitchen.yml +3 -0
- data/test/integration/test/integration/default/compare_matcher_spec.rb +19 -0
- data/test/integration/test/integration/default/etc_group.rb +13 -0
- data/test/integration/test/integration/default/os_spec.rb +13 -0
- data/test/integration/test/integration/default/port_spec.rb +1 -1
- data/test/unit/mock/cmd/find-apache2-conf-enabled +1 -0
- data/test/unit/mock/cmd/find-apache2-ports-conf +1 -0
- data/test/unit/mock/cmd/ps-aux +2 -0
- data/test/unit/mock/files/apache2.conf +14 -0
- data/test/unit/mock/files/ports.conf +6 -0
- data/test/unit/mock/files/serve-cgi-bin.conf +20 -0
- data/test/unit/resources/apache_conf_test.rb +31 -0
- data/test/unit/resources/file_test.rb +181 -0
- data/test/unit/resources/package_test.rb +9 -0
- data/test/unit/resources/port_test.rb +33 -13
- data/test/unit/resources/processes_test.rb +6 -0
- data/test/unit/resources/service_test.rb +10 -0
- data/test/unit/resources/user_test.rb +12 -0
- data/test/unit/utils/find_files_test.rb +23 -0
- metadata +61 -16
- data/bin/inspec.orig +0 -115
- data/lib/resources/.service.rb.swp +0 -0
- data/test/unit/mock/profiles/rules/metadata.rb +0 -2
- data/test/unit/mock/profiles/rules/test/test.rb +0 -6
data/examples/README.md
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
# InSpec examples
|
|
2
|
+
|
|
3
|
+
This directory contains multiple examples that explain the usage of the InSpec:
|
|
4
|
+
|
|
5
|
+
- `kitchen-chef` Test-Kitchen with [Chef and InSpec](kitchen-chef/README.md)
|
|
6
|
+
- `kitchen-puppet` Test-Kitchen with [Puppet and InSpec](kitchen-puppet/README.md)
|
|
7
|
+
- `kitchen-ansible` Test-Kitchen with [Ansible and InSpec](kitchen-ansible/README.md)
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
---
|
|
2
|
+
driver:
|
|
3
|
+
name: vagrant
|
|
4
|
+
|
|
5
|
+
provisioner:
|
|
6
|
+
hosts: webservers
|
|
7
|
+
name: ansible_playbook
|
|
8
|
+
# Use el7 epel repo instead of the default el6
|
|
9
|
+
ansible_yum_repo: "https://download.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm"
|
|
10
|
+
require_chef_for_busser: false
|
|
11
|
+
require_ruby_for_busser: false
|
|
12
|
+
ansible_verbosity: 2
|
|
13
|
+
ansible_verbose: true
|
|
14
|
+
# starting playbook is at: test/integration/default/default.yml
|
|
15
|
+
|
|
16
|
+
verifier:
|
|
17
|
+
name: inspec
|
|
18
|
+
|
|
19
|
+
platforms:
|
|
20
|
+
- name: centos-7.1
|
|
21
|
+
- name: ubuntu-12.04
|
|
22
|
+
- name: ubuntu-14.04
|
|
23
|
+
|
|
24
|
+
suites:
|
|
25
|
+
- name: default
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
source 'https://rubygems.org'
|
|
3
|
+
|
|
4
|
+
gem 'inspec', path: '../../.'
|
|
5
|
+
|
|
6
|
+
group :test do
|
|
7
|
+
gem 'bundler', '~> 1.5'
|
|
8
|
+
gem 'minitest', '~> 5.5'
|
|
9
|
+
gem 'rake', '~> 10'
|
|
10
|
+
gem 'rubocop', '~> 0.33.0'
|
|
11
|
+
gem 'simplecov', '~> 0.10'
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
group :integration do
|
|
15
|
+
gem 'test-kitchen', '~> 1.4'
|
|
16
|
+
gem 'kitchen-ansible'
|
|
17
|
+
gem 'kitchen-vagrant'
|
|
18
|
+
gem 'kitchen-inspec'
|
|
19
|
+
gem 'concurrent-ruby', '~> 0.9'
|
|
20
|
+
end
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
# Test-Kitchen - InSpec with Ansible Example
|
|
2
|
+
|
|
3
|
+
This example demonstrates a complete roundtrip via [Test-Kitchen](http://kitchen.ci/).
|
|
4
|
+
|
|
5
|
+
```bash
|
|
6
|
+
# install all dependencies
|
|
7
|
+
$ bundle install
|
|
8
|
+
# show all available tests
|
|
9
|
+
$ bundle exec kitchen list
|
|
10
|
+
Instance Driver Provisioner Verifier Transport Last Action
|
|
11
|
+
default-centos-71 Vagrant AnsiblePlaybook Inspec Ssh <Not Created>
|
|
12
|
+
default-ubuntu-1204 Vagrant AnsiblePlaybook Inspec Ssh <Not Created>
|
|
13
|
+
default-ubuntu-1404 Vagrant AnsiblePlaybook Inspec Ssh <Not Created>
|
|
14
|
+
|
|
15
|
+
# Now we are ready to run a complete test
|
|
16
|
+
$ bundle exec kitchen test default-ubuntu-1404
|
|
17
|
+
-----> Starting Kitchen (v1.4.2)
|
|
18
|
+
-----> Cleaning up any prior instances of <default-ubuntu-1404>
|
|
19
|
+
-----> Destroying <default-ubuntu-1404>...
|
|
20
|
+
Finished destroying <default-ubuntu-1404> (0m0.00s).
|
|
21
|
+
-----> Testing <default-ubuntu-1404>
|
|
22
|
+
-----> Creating <default-ubuntu-1404>...
|
|
23
|
+
Bringing machine 'default' up with 'virtualbox' provider...
|
|
24
|
+
==> default: Importing base box 'opscode-ubuntu-14.04'...
|
|
25
|
+
|
|
26
|
+
...
|
|
27
|
+
|
|
28
|
+
Vagrant instance <default-ubuntu-1404> created.
|
|
29
|
+
Finished creating <default-ubuntu-1404> (0m37.51s).
|
|
30
|
+
-----> Converging <default-ubuntu-1404>...
|
|
31
|
+
Preparing files for transfer
|
|
32
|
+
Preparing playbook
|
|
33
|
+
|
|
34
|
+
...
|
|
35
|
+
|
|
36
|
+
Finished converging <default-ubuntu-1404> (1m14.53s).
|
|
37
|
+
-----> Setting up <default-ubuntu-1404>...
|
|
38
|
+
Finished setting up <default-ubuntu-1404> (0m0.00s).
|
|
39
|
+
-----> Verifying <default-ubuntu-1404>...
|
|
40
|
+
.....
|
|
41
|
+
|
|
42
|
+
Finished in 0.08796 seconds (files took 1 minute 52.3 seconds to load)
|
|
43
|
+
5 examples, 0 failures
|
|
44
|
+
|
|
45
|
+
Finished verifying <default-ubuntu-1404> (0m0.27s).
|
|
46
|
+
-----> Destroying <default-ubuntu-1404>...
|
|
47
|
+
==> default: Forcing shutdown of VM...
|
|
48
|
+
==> default: Destroying VM and associated drives...
|
|
49
|
+
Vagrant instance <default-ubuntu-1404> destroyed.
|
|
50
|
+
Finished destroying <default-ubuntu-1404> (0m4.41s).
|
|
51
|
+
Finished testing <default-ubuntu-1404> (1m56.73s).
|
|
52
|
+
-----> Kitchen is finished. (1m57.06s)
|
|
53
|
+
```
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
---
|
|
2
|
+
- name: create nginx yum repo if OS family is RedHat
|
|
3
|
+
copy: src=nginx.repo dest=/etc/yum.repos.d/
|
|
4
|
+
owner=root group=root mode=0644
|
|
5
|
+
when: (ansible_os_family == "RedHat" and ansible_distribution_major_version == "7")
|
|
6
|
+
|
|
7
|
+
- name: ensure nginx is at the latest version if OS family is RedHat
|
|
8
|
+
yum: name=nginx state=latest
|
|
9
|
+
when: ansible_os_family == "RedHat"
|
|
10
|
+
|
|
11
|
+
- name: ensure nginx is at the latest version if OS family is Debian
|
|
12
|
+
apt: name=nginx state=latest
|
|
13
|
+
when: ansible_os_family == "Debian"
|
|
14
|
+
|
|
15
|
+
- name: ensure nginx is running (and enable it at boot)
|
|
16
|
+
service: name=nginx state=started enabled=yes
|
|
File without changes
|
|
File without changes
|
|
@@ -2,7 +2,6 @@
|
|
|
2
2
|
source 'https://rubygems.org'
|
|
3
3
|
|
|
4
4
|
gem 'inspec', path: '../../.'
|
|
5
|
-
gem 'r-train', git: 'git@github.com:chef/train.git'
|
|
6
5
|
|
|
7
6
|
group :test do
|
|
8
7
|
gem 'bundler', '~> 1.5'
|
|
@@ -16,6 +15,6 @@ group :integration do
|
|
|
16
15
|
gem 'berkshelf', '~> 4.0'
|
|
17
16
|
gem 'test-kitchen', '~> 1.4'
|
|
18
17
|
gem 'kitchen-vagrant'
|
|
19
|
-
gem 'kitchen-inspec'
|
|
18
|
+
gem 'kitchen-inspec'
|
|
20
19
|
gem 'concurrent-ruby', '~> 0.9'
|
|
21
20
|
end
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
# author: Christoph Hartmann
|
|
3
|
+
# author: Dominik Richter
|
|
4
|
+
|
|
5
|
+
# use basic tests
|
|
6
|
+
describe package('nginx') do
|
|
7
|
+
it { should be_installed }
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
# extend tests with metadata
|
|
11
|
+
control '01' do
|
|
12
|
+
impact 0.7
|
|
13
|
+
title 'Verify nginx service'
|
|
14
|
+
desc 'Ensures nginx service is up and running'
|
|
15
|
+
describe service('nginx') do
|
|
16
|
+
it { should be_enabled }
|
|
17
|
+
it { should be_installed }
|
|
18
|
+
it { should be_running }
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
# implement os dependent tests
|
|
23
|
+
web_user = 'www-data'
|
|
24
|
+
web_user = 'nginx' if os[:family] == 'centos'
|
|
25
|
+
|
|
26
|
+
describe user(web_user) do
|
|
27
|
+
it { should exist }
|
|
28
|
+
end
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
---
|
|
2
|
+
driver:
|
|
3
|
+
name: vagrant
|
|
4
|
+
|
|
5
|
+
provisioner:
|
|
6
|
+
name: puppet_apply
|
|
7
|
+
# Not installing chef since inspec is used for testing
|
|
8
|
+
require_chef_for_busser: false
|
|
9
|
+
manifests_path: manifests
|
|
10
|
+
|
|
11
|
+
verifier:
|
|
12
|
+
name: inspec
|
|
13
|
+
|
|
14
|
+
platforms:
|
|
15
|
+
- name: centos-7.1
|
|
16
|
+
- name: ubuntu-12.04
|
|
17
|
+
- name: ubuntu-14.04
|
|
18
|
+
|
|
19
|
+
suites:
|
|
20
|
+
- name: default
|
|
21
|
+
provisioner:
|
|
22
|
+
manifest: site.pp
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
source 'https://rubygems.org'
|
|
3
|
+
|
|
4
|
+
gem 'inspec', path: '../../.'
|
|
5
|
+
|
|
6
|
+
group :test do
|
|
7
|
+
gem 'bundler', '~> 1.5'
|
|
8
|
+
gem 'minitest', '~> 5.5'
|
|
9
|
+
gem 'rake', '~> 10'
|
|
10
|
+
gem 'rubocop', '~> 0.33.0'
|
|
11
|
+
gem 'simplecov', '~> 0.10'
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
group :integration do
|
|
15
|
+
gem 'test-kitchen', '~> 1.4'
|
|
16
|
+
gem 'kitchen-vagrant'
|
|
17
|
+
gem 'kitchen-puppet'
|
|
18
|
+
gem 'librarian-puppet'
|
|
19
|
+
gem 'kitchen-inspec'
|
|
20
|
+
gem 'concurrent-ruby', '~> 0.9'
|
|
21
|
+
end
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
#!/usr/bin/env ruby
|
|
2
|
+
#^syntax detection
|
|
3
|
+
|
|
4
|
+
forge "https://forgeapi.puppetlabs.com"
|
|
5
|
+
|
|
6
|
+
# use dependencies defined in metadata.json
|
|
7
|
+
metadata
|
|
8
|
+
|
|
9
|
+
# use dependencies defined in Modulefile
|
|
10
|
+
# modulefile
|
|
11
|
+
|
|
12
|
+
# A module from the Puppet Forge
|
|
13
|
+
# mod 'puppetlabs-stdlib'
|
|
14
|
+
|
|
15
|
+
# A module from git
|
|
16
|
+
# mod 'puppetlabs-ntp',
|
|
17
|
+
# :git => 'git://github.com/puppetlabs/puppetlabs-ntp.git'
|
|
18
|
+
|
|
19
|
+
# A module from a git branch/tag
|
|
20
|
+
# mod 'puppetlabs-apt',
|
|
21
|
+
# :git => 'https://github.com/puppetlabs/puppetlabs-apt.git',
|
|
22
|
+
# :ref => '1.4.x'
|
|
23
|
+
|
|
24
|
+
# A module from Github pre-packaged tarball
|
|
25
|
+
# mod 'puppetlabs-apache', '0.6.0', :github_tarball => 'puppetlabs/puppetlabs-apache'
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
# Test-Kitchen - InSpec with Puppet Example
|
|
2
|
+
|
|
3
|
+
This example demonstrates a complete roundtrip via [Test-Kitchen](http://kitchen.ci/).
|
|
4
|
+
|
|
5
|
+
```bash
|
|
6
|
+
# install all dependencies
|
|
7
|
+
$ bundle install
|
|
8
|
+
# show all available tests
|
|
9
|
+
$ bundle exec kitchen list
|
|
10
|
+
Instance Driver Provisioner Verifier Transport Last Action
|
|
11
|
+
default-centos-71 Vagrant PuppetApply Inspec Ssh <Not Created>
|
|
12
|
+
default-ubuntu-1204 Vagrant PuppetApply Inspec Ssh <Not Created>
|
|
13
|
+
default-ubuntu-1404 Vagrant PuppetApply Inspec Ssh <Not Created>
|
|
14
|
+
|
|
15
|
+
# Now we are ready to run a complete test
|
|
16
|
+
$ bundle exec kitchen test default-ubuntu-1404
|
|
17
|
+
-----> Starting Kitchen (v1.4.2)
|
|
18
|
+
-----> Cleaning up any prior instances of <default-ubuntu-1404>
|
|
19
|
+
-----> Destroying <default-ubuntu-1404>...
|
|
20
|
+
Finished destroying <default-ubuntu-1404> (0m0.00s).
|
|
21
|
+
-----> Testing <default-ubuntu-1404>
|
|
22
|
+
-----> Creating <default-ubuntu-1404>...
|
|
23
|
+
Bringing machine 'default' up with 'virtualbox' provider...
|
|
24
|
+
==> default: Importing base box 'opscode-ubuntu-14.04'...
|
|
25
|
+
|
|
26
|
+
...
|
|
27
|
+
|
|
28
|
+
Vagrant instance <default-ubuntu-1404> created.
|
|
29
|
+
Finished creating <default-ubuntu-1404> (0m33.62s).
|
|
30
|
+
-----> Converging <default-ubuntu-1404>...
|
|
31
|
+
Preparing files for transfer
|
|
32
|
+
|
|
33
|
+
...
|
|
34
|
+
|
|
35
|
+
Finished converging <default-ubuntu-1404> (0m48.95s).
|
|
36
|
+
-----> Setting up <default-ubuntu-1404>...
|
|
37
|
+
Finished setting up <default-ubuntu-1404> (0m0.00s).
|
|
38
|
+
-----> Verifying <default-ubuntu-1404>...
|
|
39
|
+
.....
|
|
40
|
+
|
|
41
|
+
Finished in 0.08278 seconds (files took 1 minute 22.81 seconds to load)
|
|
42
|
+
5 examples, 0 failures
|
|
43
|
+
|
|
44
|
+
Finished verifying <default-ubuntu-1404> (0m0.22s).
|
|
45
|
+
-----> Destroying <default-ubuntu-1404>...
|
|
46
|
+
==> default: Forcing shutdown of VM...
|
|
47
|
+
==> default: Destroying VM and associated drives...
|
|
48
|
+
Vagrant instance <default-ubuntu-1404> destroyed.
|
|
49
|
+
Finished destroying <default-ubuntu-1404> (0m3.97s).
|
|
50
|
+
Finished testing <default-ubuntu-1404> (1m26.79s).
|
|
51
|
+
-----> Kitchen is finished. (1m27.34s)
|
|
52
|
+
|
|
53
|
+
```
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
# == Class prepare::site
|
|
2
|
+
#
|
|
3
|
+
|
|
4
|
+
# Install nginx from package repos
|
|
5
|
+
case $osfamily {
|
|
6
|
+
'RedHat': {
|
|
7
|
+
yumrepo { 'nginx':
|
|
8
|
+
descr => 'Nginx Repo',
|
|
9
|
+
baseurl => 'http://nginx.org/packages/centos/7/x86_64',
|
|
10
|
+
gpgkey => 'http://nginx.org/keys/nginx_signing.key',
|
|
11
|
+
enabled => 1
|
|
12
|
+
}
|
|
13
|
+
|
|
14
|
+
package { 'nginx':
|
|
15
|
+
require => [Yumrepo[nginx]],
|
|
16
|
+
ensure => 'latest'
|
|
17
|
+
}
|
|
18
|
+
}
|
|
19
|
+
'Debian': {
|
|
20
|
+
package { 'nginx':
|
|
21
|
+
ensure => 'latest'
|
|
22
|
+
}
|
|
23
|
+
}
|
|
24
|
+
default: {
|
|
25
|
+
fail("Unsupported platform: ${osfamily}/${operatingsystem}")
|
|
26
|
+
}
|
|
27
|
+
}
|
|
28
|
+
|
|
29
|
+
# Start the service
|
|
30
|
+
service { 'nginx':
|
|
31
|
+
enable => 'true',
|
|
32
|
+
ensure => 'running'
|
|
33
|
+
}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "prepare",
|
|
3
|
+
"version": "0.1.0",
|
|
4
|
+
"author": "support@chef.io",
|
|
5
|
+
"summary": "This module prepares the test operating systems",
|
|
6
|
+
"license": "Apache-2.0",
|
|
7
|
+
"source": "https://github.com/chef/inspec/examples/kitchen-puppet",
|
|
8
|
+
"project_page": "https://github.com/chef/inspec/examples/kitchen-puppet",
|
|
9
|
+
"issues_url": "https://github.com/chef/inspec/issues",
|
|
10
|
+
"dependencies": []
|
|
11
|
+
}
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
# author: Christoph Hartmann
|
|
3
|
+
# author: Dominik Richter
|
|
4
|
+
|
|
5
|
+
# use basic tests
|
|
6
|
+
describe package('nginx') do
|
|
7
|
+
it { should be_installed }
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
# extend tests with metadata
|
|
11
|
+
control '01' do
|
|
12
|
+
impact 0.7
|
|
13
|
+
title 'Verify nginx service'
|
|
14
|
+
desc 'Ensures nginx service is up and running'
|
|
15
|
+
describe service('nginx') do
|
|
16
|
+
it { should be_enabled }
|
|
17
|
+
it { should be_installed }
|
|
18
|
+
it { should be_running }
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
# implement os dependent tests
|
|
23
|
+
web_user = 'www-data'
|
|
24
|
+
web_user = 'nginx' if os[:family] == 'centos'
|
|
25
|
+
|
|
26
|
+
describe user(web_user) do
|
|
27
|
+
it { should exist }
|
|
28
|
+
end
|
data/inspec.gemspec
CHANGED
|
@@ -7,9 +7,20 @@ module Inspec
|
|
|
7
7
|
class Resource
|
|
8
8
|
def self.name(name = nil)
|
|
9
9
|
return if name.nil?
|
|
10
|
+
@name = name
|
|
10
11
|
Inspec::Plugins::Resource.__register(name, self)
|
|
11
12
|
end
|
|
12
13
|
|
|
14
|
+
def self.desc(description = nil)
|
|
15
|
+
return if description.nil?
|
|
16
|
+
Inspec::Resource.registry[@name].desc(description)
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def self.example(example = nil)
|
|
20
|
+
return if example.nil?
|
|
21
|
+
Inspec::Resource.registry[@name].example(example)
|
|
22
|
+
end
|
|
23
|
+
|
|
13
24
|
def self.__register(name, obj)
|
|
14
25
|
# rubocop:disable Lint/NestedMethodDefinition
|
|
15
26
|
cl = Class.new(obj) do
|
|
@@ -23,6 +34,16 @@ module Inspec
|
|
|
23
34
|
super(*args)
|
|
24
35
|
end
|
|
25
36
|
|
|
37
|
+
def self.desc(description = nil)
|
|
38
|
+
return @description if description.nil?
|
|
39
|
+
@description = description
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
def self.example(example = nil)
|
|
43
|
+
return @example if example.nil?
|
|
44
|
+
@example = example
|
|
45
|
+
end
|
|
46
|
+
|
|
26
47
|
def inspec
|
|
27
48
|
@__backend_runner__
|
|
28
49
|
end
|