inspec 0.9.7 → 0.9.8

data/test/integration/test/integration/default/file_spec.rb

@@ -108,4 +108,33 @@ if os.unix?
     its('type') { should eq :directory }
   end
 
+  # for server spec compatibility
+  # Do not use `.with` or `.only_with`, this syntax is deprecated and will be removed
+  # in InSpec version 1
+  describe file('/mnt/iso-disk') do
+    it { should be_mounted }
+    it { should be_mounted.with( :type => 'iso9660' ) }
+    it { should be_mounted.with( :type => 'iso9660', :options => { :ro => true } ) }
+    it { should be_mounted.with( :type => 'iso9660', :device => '/root/alpine-3.3.0-x86_64.iso' ) }
+    it { should_not be_mounted.with( :type => 'ext4' ) }
+    it { should_not be_mounted.with( :type => 'xfs' ) }
+  end
+
+  # compare with exact match
+  # also see mount_spec.rb
+  describe file('/mnt/iso-disk') do
+    it { should be_mounted.only_with( {
+      :device=>"/root/alpine-3.3.0-x86_64.iso",
+      :type=>"iso9660",
+      :options=>{
+        :ro=>true}
+      })
+    }
+  end
+
+elsif os.windows?
+  describe file('C:\\Windows') do
+    it { should exist }
+    it { should be_directory }
+  end
 end

data/test/integration/test/integration/default/ini_spec.rb

@@ -1,5 +1,11 @@
 # encoding: utf-8
 
-describe ini('/tmp/example.ini') do
+if os.unix?
+  filename = '/tmp/example.ini'
+else
+  filename = 'c:/windows/temp/example.ini'
+end
+
+describe ini(filename) do
   its(['client','port']) { should eq('3306') }
 end

data/test/integration/test/integration/default/json_spec.rb

@@ -1,5 +1,11 @@
 # encoding: utf-8
 
-describe json('/tmp/example.json') do
+if os.unix?
+  filename = '/tmp/example.json'
+else
+  filename = 'c:/windows/temp/example.json'
+end
+
+describe json(filename) do
   its(['cookbook_locks','omnibus','version']) { should eq('2.2.0') }
 end

data/test/integration/test/integration/default/mount_spec.rb

@@ -0,0 +1,10 @@
+# encoding: utf-8
+
+# instead of `.with` or `.only_with` we recommend to use the `mount` resource
+describe mount '/mnt/iso-disk' do
+  it { should be_mounted }
+  its('count') { should eq  1 }
+  its('device') { should eq '/root/alpine-3.3.0-x86_64.iso' }
+  its('type') { should eq  'iso9660' }
+  its('options') { should eq  ['ro'] }
+end

data/test/integration/test/integration/default/yaml_spec.rb

@@ -1,5 +1,11 @@
 # encoding: utf-8
 
-describe yaml('/tmp/example.yml') do
+if os.unix?
+  filename = '/tmp/example.yml'
+else
+  filename = 'c:/windows/temp/example.yml'
+end
+
+describe yaml(filename) do
  its(['driver','name']) { should eq('vagrant') }
 end

data/test/serverspec/.kitchen.yml

@@ -0,0 +1,18 @@
+---
+driver:
+  name: vagrant
+
+provisioner:
+  name: chef_zero
+
+verifier:
+  name: inspec
+  sudo: true
+
+platforms:
+  - name: ubuntu-14.04
+
+suites:
+  - name: default
+    run_list:
+    attributes:

data/test/serverspec/.kitchen/default-ubuntu-1404.yml

@@ -0,0 +1,6 @@
+---
+hostname: 127.0.0.1
+port: '2205'
+username: vagrant
+ssh_key: "/Users/chartmann/Development/vulcano/vulcano-cli/test/serverspec/.kitchen/kitchen-vagrant/kitchen-serverspec-default-ubuntu-1404/.vagrant/machines/default/virtualbox/private_key"
+last_action: verify

data/test/serverspec/.kitchen/kitchen-vagrant/kitchen-serverspec-default-ubuntu-1404/.vagrant/machines/default/virtualbox/action_set_name

@@ -0,0 +1 @@
+1449613760

data/test/serverspec/.kitchen/kitchen-vagrant/kitchen-serverspec-default-ubuntu-1404/.vagrant/machines/default/virtualbox/creator_uid

@@ -0,0 +1 @@
+501

data/test/serverspec/.kitchen/kitchen-vagrant/kitchen-serverspec-default-ubuntu-1404/.vagrant/machines/default/virtualbox/id

@@ -0,0 +1 @@
+0f519e32-868a-4bbb-be75-3e784c785917

data/test/serverspec/.kitchen/kitchen-vagrant/kitchen-serverspec-default-ubuntu-1404/.vagrant/machines/default/virtualbox/index_uuid

@@ -0,0 +1 @@
+f66024948ae34585a7b1d6c7e08ba4a1

data/test/serverspec/.kitchen/kitchen-vagrant/kitchen-serverspec-default-ubuntu-1404/.vagrant/machines/default/virtualbox/private_key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA1KWrGcypqQFzz4ZFYjHBqk/d4QV9c6JYO9xV7mNWmLknpivT
+ry976zBqeV923vUvZ2vndMtI+Z7tg5YpsaJCdbNuc078AyjzG+ahVPWrcMLa+hyk
+VuzLgqyrlWLRc5PcB4JSVVDIVzamarMz9Xo7MOv2KjQBeBSRPQCAWXlrC0zcop5g
+QGgokclPYF780JGBVTFt00y1AS6ZKUbin+YB9RzuQetixe8QIQfKCrljMJeQ9Ppt
+bW2Fiyukfg0YAc3SLZnNyrLWtqgLgCkk86jICKr0cZeqeIeZ8Qojo9ERDi5igItg
+0HP+W2P47k42NUXTZZ8tZ54HmJ/pWsnclJN5WwIDAQABAoIBADzEOujce384Uwfy
+rtEottcci6NKFld9BQnWJRhCevSZtKLf01Y0k4zaARM+HJIKLsm3JCVUEj6DFAyO
+VMvWOne4FtAMuieNBCvs9B17Nsq6ZCklFjFg6acmAMJnwsLsdewPacfHlfiWPWgw
+XaDAlTmdtHLK+cB+4CI2incHI3fOsbfus/EhT9rNrUhw3Zn5/dq0TaEO5amp8QEN
+/Tblo2LpqEjudqvPO3Yud5WZb1ByFjE1FvPglgrPAsXztInKSHYaURjQ8K6CFNhg
+ITmqBF5Da9Ha8u9pCTPP6a4/FQkK0JcOuiTgy3EIWTa+Ioqz3VWhX4/qXWgQdyAH
+74jWh4ECgYEA78k8s3ZtCKoVCgZWDVn6Y1cLiAJkl0bMS4sUMwDCHYaghDa5mXiz
+CbkIw/3MGPooXMQhwewJxex0LXEFJhHDyvjIP1G2CE0qEOiScOhSTKeEney/50Xe
+ZC/neay57IlQUNBRfJVokjMTUX40+xahpuS24FKWuv5IbtZcbgek8VkCgYEA4wam
+FAW574ORmqyfi0FXCZarMmaNQnay3IEDk+NWtg67P+gbz7j6UAmYsqqaVOdaAfOs
+DQlu/F/8uESaqlgpRdyH+LkKrIUDBJ6E90XoY21KgYhb6Dyq14iVaVyPt2GMP8+C
+0JtYn2uEPShC4KvzIKw6ywqdCvTqrnRBeiGuVdMCgYBhSnZtnoxo6pG0ypNZwXtd
+mTDdk5L66kf0Es80Tod0cW5plsbBpX6HYGNVGoIYVE/SK+ZCh6IDg4gz89qR8r1N
+epnNTzsbrSt3RtY8J5dU8NdXOHs4vFmarvEtpk6d0a0bzRpzATA3ua+J7jpS8oDO
+dZhZ9kigQJJlHmbMYh+jqQKBgAGEa9u6ZhG5uWFlQfO2ThScUyyVDuCg1nUuz41P
+eabh1lKJBJaQz+t1BPY8uadTnIBi1oWHyJwbMB8zJi15RV1YKfh5lB6vDOQdAxp7
+9x+i/Vp8RND6htHF8emwWq2JE1zh0CgAwcje+RVHjZrey1Muk34D5iTKmj7sO/vK
++dVNAoGBAIphTIYzt1D73qtagNdp5v4qAs87HviY6Us5PC3Hfewm1zqBofeY/DAw
+l/6zjmUNPnTvvV6eiFDPvSgoXeKlO7fCY0Jbpr88Izm/jfClSSdRXPHD59ZS8w6Q
+0xKjdXvfwmxo8xHKheB1tuiHSTPNlq/eSEFEDw7U51L8pcm2Mx7w
+-----END RSA PRIVATE KEY-----

data/test/serverspec/.kitchen/kitchen-vagrant/kitchen-serverspec-default-ubuntu-1404/.vagrant/machines/default/virtualbox/synced_folders

@@ -0,0 +1 @@
+{}

data/test/serverspec/.kitchen/kitchen-vagrant/kitchen-serverspec-default-ubuntu-1404/Vagrantfile

@@ -0,0 +1,9 @@
+Vagrant.configure("2") do |c|
+  c.berkshelf.enabled = false if Vagrant.has_plugin?("vagrant-berkshelf")
+  c.vm.box = "opscode-ubuntu-14.04"
+  c.vm.box_url = "https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_ubuntu-14.04_chef-provisionerless.box"
+  c.vm.hostname = "default-ubuntu-1404"
+  c.vm.synced_folder ".", "/vagrant", disabled: true
+  c.vm.provider :virtualbox do |p|
+  end
+end

data/test/serverspec/.kitchen/logs/default-ubuntu-1404.log

@@ -0,0 +1,2 @@
+I, [2015-12-08T23:48:01.367628 #25801]  INFO -- default-ubuntu-1404: -----> Verifying <default-ubuntu-1404>...
+I, [2015-12-08T23:48:01.990146 #25801]  INFO -- default-ubuntu-1404: Finished verifying <default-ubuntu-1404> (0m0.62s).

data/test/serverspec/.kitchen/logs/kitchen.log

@@ -0,0 +1,3 @@
+I, [2015-12-08T23:48:00.475985 #25801]  INFO -- Kitchen: -----> Starting Kitchen (v1.4.2)
+I, [2015-12-08T23:48:01.367571 #25801]  INFO -- Kitchen: -----> Verifying <default-ubuntu-1404>...
+I, [2015-12-08T23:48:01.990267 #25801]  INFO -- Kitchen: -----> Kitchen is finished. (0m1.51s)

data/test/serverspec/Berksfile

@@ -0,0 +1,3 @@
+source 'https://supermarket.chef.io'
+
+cookbook 'apt'

data/test/serverspec/Berksfile.lock

@@ -0,0 +1,5 @@
+DEPENDENCIES
+  apt
+
+GRAPH
+  apt (2.9.2)

data/test/serverspec/TODO.md

@@ -0,0 +1,2 @@
+- nested describe
+- require 'serverspec'

data/test/serverspec/test/integration/default/serverspec/os_spec.rb

@@ -0,0 +1,25 @@
+# encoding: utf-8
+
+require 'spec_helper'
+
+describe command('find / -name \'.rhosts\' | wc -l ') do
+  its(:stdout) { should match(/^0/) }
+end
+
+describe command('find / -name \'hosts.equiv\' | wc -l ') do
+  its(:stdout) { should match(/^0/) }
+end
+
+describe file('/etc/shadow') do
+  it { should exist }
+  it { should be_file }
+  it { should be_owned_by 'root' }
+end
+
+describe command('echo $PATH | grep -ci \'\.\'') do
+  its(:stdout) { should match(/^0/) }
+end
+
+describe file('/etc/login.defs') do
+  its(:content) { should match(/^SU_NAME\s*su/) }
+end

data/test/serverspec/test/integration/default/serverspec/spec_helper.rb

@@ -0,0 +1,48 @@
+# encoding: utf-8
+
+if ENV['STANDALONE_SPEC']
+
+  # require 'serverspec'
+  require 'pathname'
+  require 'net/ssh'
+  require 'highline/import'
+
+  set :backend, :ssh
+
+  RSpec.configure do |c|
+
+    if ENV['ASK_SUDO_PASSWORD']
+      c.sudo_password = ask('Enter sudo password: ') { |q| q.echo = false }
+    else
+      c.sudo_password = ENV['SUDO_PASSWORD']
+    end
+
+    options = {}
+
+    if ENV['ASK_LOGIN_PASSWORD']
+      options[:password] = ask("\nEnter login password: ") { |q| q.echo = false }
+    else
+      options[:password] = ENV['LOGIN_PASSWORD']
+    end
+
+    if ENV['ASK_LOGIN_USERNAME']
+      options[:user] = ask("\nEnter login username: ") { |q| q.echo = false }
+    else
+      options[:user] = ENV['LOGIN_USERNAME'] || ENV['user'] || Etc.getlogin
+    end
+
+    if options[:user].nil?
+      puts 'specify login user env LOGIN_USERNAME= or user='
+      exit 1
+    end
+
+    c.host = ENV['TARGET_HOST']
+    c.ssh_options = options.merge(Net::SSH::Config.for(c.host))
+
+  end
+
+else
+#   require 'serverspec'
+#
+  set :backend, :exec
+end

data/test/serverspec/test/integration/default/serverspec/sysctl_spec.rb

@@ -0,0 +1,37 @@
+# encoding: utf-8
+
+require 'spec_helper'
+
+# do we support nested syntax
+# describe 'IP V4 networking' do
+
+  context linux_kernel_parameter('net.ipv4.ip_forward') do
+    its(:value) { should eq 0 }
+  end
+
+  context linux_kernel_parameter('net.ipv4.conf.all.forwarding') do
+    its(:value) { should eq 0 }
+  end
+
+# end
+
+# describe 'ExecShield' do
+
+  # check if we find the nx flag
+  if command('cat /proc/cpuinfo').stdout =~ /^flags.*?:.*? nx( .*?)?$/
+    true
+  else
+    # if no nx flag is present, we require exec-shield
+    context 'No nx flag detected' do
+      it 'require kernel.exec-shield' do
+        context linux_kernel_parameter('kernel.exec-shield') do
+          its(:value) { should eq 1 }
+        end
+      end
+    end
+  end
+
+  context linux_kernel_parameter('kernel.randomize_va_space') do
+    its(:value) { should eq 2 }
+  end
+# end

data/test/unit/metadata_test.rb

@@ -0,0 +1,69 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+
+require 'helper'
+require 'inspec/metadata'
+
+describe 'metadata with supported operating systems' do
+  describe 'running on ubuntu 14.04' do
+    let (:backend) { MockLoader.new(:ubuntu1404).backend }
+
+    # Description of method
+    #
+    # @param [Type] params describe params
+    # @return [Type] description of returned object
+    def create_meta(params)
+      res = Inspec::Metadata.from_yaml('mock', "---", nil)
+      # manually inject supported parameters
+      res.params[:supports] = params
+      Inspec::Metadata.finalize(res, 'mock')
+      res
+    end
+
+    it 'load a profile with empty supports clause' do
+      m = create_meta(nil)
+      m.supports_transport?(backend).must_equal true
+    end
+
+    it 'loads a profile which supports os ubuntu' do
+      m = create_meta({ 'os' => 'ubuntu' })
+      m.supports_transport?(backend).must_equal true
+    end
+
+    it 'loads a profile which supports os name ubuntu' do
+      m = create_meta({ 'os-name' => 'ubuntu' })
+      m.supports_transport?(backend).must_equal true
+    end
+
+    it 'loads a profile which supports os family linux' do
+      m = create_meta({ 'os-family' => 'linux' })
+      m.supports_transport?(backend).must_equal true
+    end
+
+    it 'loads a profile which supports release 14.04' do
+      m = create_meta({ 'release' => '14.04' })
+      m.supports_transport?(backend).must_equal true
+    end
+
+    it 'rejects a profile which supports release 12.04' do
+      m = create_meta({ 'release' => '12.04' })
+      m.supports_transport?(backend).must_equal false
+    end
+
+    it 'loads a profile which supports ubuntu 14.04' do
+      m = create_meta({ 'os-name' => 'ubuntu', 'release' => '14.04' })
+      m.supports_transport?(backend).must_equal true
+    end
+
+    it 'rejects a profile which supports ubuntu 12.04' do
+      m = create_meta({ 'os-name' => 'ubuntu', 'release' => '12.04' })
+      m.supports_transport?(backend).must_equal false
+    end
+
+    it 'reject unsupported os' do
+      m = create_meta({ 'os-name' => 'windows' })
+      m.supports_transport?(backend).must_equal false
+    end
+  end
+end

data/test/unit/mock/cmd/mount

@@ -0,0 +1 @@
+/dev/xvda1 on / type ext4 (rw,discard)

data/test/unit/mock/cmd/mount-multiple

@@ -0,0 +1,2 @@
+/root/alpine-3.3.0-x86_64.iso on /mnt/iso-disk type iso9660 (ro)
+/root/alpine-3.3.0-x86_64_2.iso on /mnt/iso-disk type iso9660 (ro)

data/test/unit/mock/profiles/complete-meta/metadata.rb

@@ -0,0 +1,7 @@
+name 'name'
+version '1.2.3'
+maintainer 'bob'
+title 'title'
+copyright 'left'
+summary 'nothing'
+supports nil

data/test/unit/mock/profiles/complete-profile/controls/filesystem_spec.rb

@@ -0,0 +1,16 @@
+# encoding: utf-8
+# copyright: 2015, Chef Software, Inc
+# license: All rights reserved
+
+title 'Proc Filesystem Configuration'
+
+control 'test01' do
+  impact 0.5
+  title 'Catchy title'
+  desc '
+    There should always be a /proc
+  '
+  describe file('/proc') do
+    it { should be_mounted }
+  end
+end

data/test/unit/mock/profiles/complete-profile/inspec.yml

@@ -0,0 +1,10 @@
+name: complete
+title: complete example profile
+maintainer: Chef Software, Inc.
+copyright: Chef Software, Inc.
+copyright_email: support@chef.io
+license: Proprietary, All rights reserved
+summary: Testing stub
+version: 1.0.0
+supports:
+- os-family: linux

data/test/unit/profile_context_test.rb

@@ -34,7 +34,7 @@ describe Inspec::ProfileContext do
       load('describe true do; it { should_eq true }; end')
         .must_output ''
       profile.rules.keys.length.must_equal 1
-      profile.rules.keys[0].must_match /^unknown:1 [0-9a-f]+$/
+      profile.rules.keys[0].must_match /^\(generated from unknown:1 [0-9a-f]+\)$/
       profile.rules.values[0].must_be_kind_of Inspec::Rule
     end
 
@@ -43,7 +43,7 @@ describe Inspec::ProfileContext do
         .must_output ''
       profile.rules.keys.length.must_equal 3
       [0, 1, 2].each do |i|
-        profile.rules.keys[i].must_match /^unknown:2 [0-9a-f]+$/
+        profile.rules.keys[i].must_match /^\(generated from unknown:2 [0-9a-f]+\)$/
         profile.rules.values[i].must_be_kind_of Inspec::Rule
       end
     end

data/test/unit/profile_test.rb

@@ -4,11 +4,6 @@
 
 require 'helper'
 
-def load_profile(name)
-  pwd = File.dirname(__FILE__)
-  Inspec::Profile.from_path("#{pwd}/mock/profiles/#{name}")
-end
-
 describe Inspec::Profile do
   before {
     # mock up the profile runner
@@ -16,13 +11,20 @@ describe Inspec::Profile do
     # currently it's stopped at test runner conflicts
     class Inspec::Profile::Runner
       def initialize(opts) end
-      def add_tests(tests) end
+      def add_tests(tests, options=nil) end
       def rules
         {}
       end
     end
   }
 
+  let(:logger) { Minitest::Mock.new }
+  let(:home) { File.dirname(__FILE__) }
+
+  def load_profile(name, opts = {})
+    Inspec::Profile.from_path("#{home}/mock/profiles/#{name}", opts)
+  end
+
   describe 'with empty profile' do
     let(:profile) { load_profile('empty') }
 
@@ -46,4 +48,59 @@ describe Inspec::Profile do
       profile.params[:rules].must_equal({})
     end
   end
+
+  describe 'when checking' do
+    describe 'an empty profile' do
+      let(:profile) { load_profile('empty', {logger: logger}) }
+
+      it 'prints loads of warnings' do
+        logger.expect :info, nil, ["Checking profile in #{home}/mock/profiles/empty"]
+        logger.expect :warn, nil, ['The use of `metadata.rb` is deprecated. Use `inspec.yml`.']
+        logger.expect :error, nil, ['Missing profile name in metadata.rb']
+        logger.expect :error, nil, ['Missing profile version in metadata.rb']
+        logger.expect :warn, nil, ['Missing profile title in metadata.rb']
+        logger.expect :warn, nil, ['Missing profile summary in metadata.rb']
+        logger.expect :warn, nil, ['Missing profile maintainer in metadata.rb']
+        logger.expect :warn, nil, ['Missing profile copyright in metadata.rb']
+        logger.expect :warn, nil, ['No controls or tests were defined.']
+
+        profile.check
+        logger.verify
+      end
+    end
+
+    describe 'a complete metadata profile' do
+      let(:profile) { load_profile('complete-meta', {logger: logger}) }
+
+      it 'prints ok messages' do
+        logger.expect :info, nil, ["Checking profile in #{home}/mock/profiles/complete-meta"]
+        logger.expect :warn, nil, ['The use of `metadata.rb` is deprecated. Use `inspec.yml`.']
+        logger.expect :info, nil, ['Metadata OK.']
+        logger.expect :warn, nil, ["Profile uses deprecated `test` directory, rename it to `controls`"]
+        logger.expect :warn, nil, ['No controls or tests were defined.']
+
+        profile.check
+        logger.verify
+      end
+    end
+
+    describe 'a complete metadata profile with controls' do
+      let(:profile) { load_profile('complete-profile', {logger: logger, ignore_supports: true}) }
+
+      it 'prints ok messages and counts the rules' do
+        logger.expect :info, nil, ["Checking profile in #{home}/mock/profiles/complete-profile"]
+        logger.expect :info, nil, ['Metadata OK.']
+
+        # TODO: cannot load rspec in unit tests, therefore we get a loading warn
+        # RSpec does not work with minitest tests
+        logger.expect :warn, nil, ['No controls or tests were defined.']
+        # we expect that this should work:
+        # logger.expect :info, nil, ['Found 1 rules.']
+        # logger.expect :info, nil, ['Rule definitions OK.']
+
+        profile.check
+        logger.verify
+      end
+    end
+  end
 end