inspec 1.0.0.beta2 → 1.0.0.beta3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +41 -2
- data/Gemfile +4 -0
- data/Rakefile +2 -1
- data/docs/.gitignore +2 -0
- data/docs/README.md +21 -1
- data/docs/resources/apache_conf.md.erb +75 -0
- data/docs/resources/apt.md.erb +84 -0
- data/docs/resources/audit_policy.md.erb +61 -0
- data/docs/resources/auditd_conf.md.erb +79 -0
- data/docs/resources/auditd_rules.md.erb +132 -0
- data/docs/resources/bash.md.erb +84 -0
- data/docs/resources/bond.md.erb +97 -0
- data/docs/resources/bridge.md.erb +67 -0
- data/docs/resources/bsd_service.md.erb +76 -0
- data/docs/resources/command.md.erb +151 -0
- data/docs/resources/csv.md.erb +62 -0
- data/docs/resources/directory.md.erb +43 -0
- data/docs/resources/etc_group.md.erb +116 -0
- data/docs/resources/etc_passwd.md.erb +155 -0
- data/docs/resources/etc_shadow.md.erb +149 -0
- data/docs/resources/file.md.erb +460 -0
- data/docs/resources/gem.md.erb +73 -0
- data/docs/resources/group.md.erb +74 -0
- data/docs/resources/grub_conf.md.erb +115 -0
- data/docs/resources/host.md.erb +85 -0
- data/docs/resources/iis_site.md.erb +142 -0
- data/docs/resources/inetd_conf.md.erb +99 -0
- data/docs/resources/ini.md.erb +69 -0
- data/docs/resources/interface.md.erb +66 -0
- data/docs/resources/iptables.md.erb +70 -0
- data/docs/resources/json.md.erb +76 -0
- data/docs/resources/kernel_module.md.erb +60 -0
- data/docs/resources/kernel_parameter.md.erb +72 -0
- data/docs/resources/launchd_service.md.erb +76 -0
- data/docs/resources/limits_conf.md.erb +80 -0
- data/docs/resources/login_def.md.erb +77 -0
- data/docs/resources/mount.md.erb +83 -0
- data/docs/resources/mysql_conf.md.erb +102 -0
- data/docs/resources/mysql_session.md.erb +63 -0
- data/docs/resources/npm.md.erb +75 -0
- data/docs/resources/ntp_conf.md.erb +76 -0
- data/docs/resources/oneget.md.erb +67 -0
- data/docs/resources/os.md.erb +154 -0
- data/docs/resources/os_env.md.erb +98 -0
- data/docs/resources/package.md.erb +115 -0
- data/docs/resources/parse_config.md.erb +122 -0
- data/docs/resources/parse_config_file.md.erb +143 -0
- data/docs/resources/pip.md.erb +74 -0
- data/docs/resources/port.md.erb +150 -0
- data/docs/resources/postgres_conf.md.erb +90 -0
- data/docs/resources/postgres_session.md.erb +75 -0
- data/docs/resources/powershell.md.erb +116 -0
- data/docs/resources/process.md.erb +73 -0
- data/docs/resources/registry_key.md.erb +149 -0
- data/docs/resources/runit_service.md.erb +76 -0
- data/docs/resources/security_policy.md.erb +61 -0
- data/docs/resources/service.md.erb +135 -0
- data/docs/resources/ssh_config.md.erb +94 -0
- data/docs/resources/sshd_config.md.erb +97 -0
- data/docs/resources/ssl.md.erb +133 -0
- data/docs/resources/sys_info.md.erb +55 -0
- data/docs/resources/systemd_service.md.erb +76 -0
- data/docs/resources/sysv_service.md.erb +76 -0
- data/docs/resources/upstart_service.md.erb +76 -0
- data/docs/resources/user.md.erb +154 -0
- data/docs/resources/users.md.erb +140 -0
- data/docs/resources/vbscript.md.erb +69 -0
- data/docs/resources/windows_feature.md.erb +61 -0
- data/docs/resources/wmi.md.erb +95 -0
- data/docs/resources/xinetd_conf.md.erb +170 -0
- data/docs/resources/yaml.md.erb +69 -0
- data/docs/resources/yum.md.erb +103 -0
- data/docs/ruby_usage.md +154 -0
- data/docs/shared/matcher_be.md.erb +1 -0
- data/docs/shared/matcher_cmp.md.erb +45 -0
- data/docs/shared/matcher_eq.md.erb +3 -0
- data/docs/shared/matcher_include.md.erb +1 -0
- data/docs/shared/matcher_match.md.erb +1 -0
- data/lib/fetchers/url.rb +27 -29
- data/lib/inspec/cached_fetcher.rb +67 -0
- data/lib/inspec/dependencies/requirement.rb +6 -7
- data/lib/inspec/objects/each_loop.rb +5 -2
- data/lib/inspec/plugins/fetcher.rb +2 -0
- data/lib/inspec/profile.rb +9 -41
- data/lib/inspec/resource.rb +1 -1
- data/lib/inspec/rspec_json_formatter.rb +11 -5
- data/lib/inspec/version.rb +1 -1
- data/lib/resources/groups.rb +190 -0
- data/lib/resources/users.rb +3 -2
- metadata +79 -6
- data/docs/cli.rst +0 -448
- data/docs/resources.rst +0 -4836
- data/docs/ruby_usage.rst +0 -145
- data/lib/resources/group.rb +0 -137
@@ -0,0 +1,63 @@
|
|
1
|
+
---
|
2
|
+
title: About the mysql_session Resource
|
3
|
+
---
|
4
|
+
|
5
|
+
# mysql_session
|
6
|
+
|
7
|
+
Use the `mysql_session` InSpec audit resource to test SQL commands run against a MySQL database.
|
8
|
+
|
9
|
+
# Syntax
|
10
|
+
|
11
|
+
A `mysql_session` resource block declares the username and password to use for the session, and then the command to be run:
|
12
|
+
|
13
|
+
describe mysql_session('username', 'password').query('QUERY') do
|
14
|
+
its('output') { should eq('') }
|
15
|
+
end
|
16
|
+
|
17
|
+
where
|
18
|
+
|
19
|
+
* `mysql_session` declares a username and password with permission to run the query
|
20
|
+
* `query('QUERY')` contains the query to be run
|
21
|
+
* `its('output') { should eq('') }` compares the results of the query against the expected result in the test
|
22
|
+
|
23
|
+
# Matchers
|
24
|
+
|
25
|
+
This InSpec audit resource has the following matchers:
|
26
|
+
|
27
|
+
## be
|
28
|
+
|
29
|
+
<%= partial "/shared/matcher_be" %>
|
30
|
+
|
31
|
+
## cmp
|
32
|
+
|
33
|
+
<%= partial "/shared/matcher_cmp" %>
|
34
|
+
|
35
|
+
## eq
|
36
|
+
|
37
|
+
<%= partial "/shared/matcher_eq" %>
|
38
|
+
|
39
|
+
## include
|
40
|
+
|
41
|
+
<%= partial "/shared/matcher_include" %>
|
42
|
+
|
43
|
+
## match
|
44
|
+
|
45
|
+
<%= partial "/shared/matcher_match" %>
|
46
|
+
|
47
|
+
## output
|
48
|
+
|
49
|
+
The `output` matcher tests the results of the query:
|
50
|
+
|
51
|
+
its('output') { should eq(/^0/) }
|
52
|
+
|
53
|
+
# Examples
|
54
|
+
|
55
|
+
The following examples show how to use this InSpec audit resource.
|
56
|
+
|
57
|
+
## Test for matching databases
|
58
|
+
|
59
|
+
sql = mysql_session('my_user','password')
|
60
|
+
|
61
|
+
describe sql.query('show databases like \'test\';') do
|
62
|
+
its('stdout') { should_not match(/test/) }
|
63
|
+
end
|
@@ -0,0 +1,75 @@
|
|
1
|
+
---
|
2
|
+
title: About the npm Resource
|
3
|
+
---
|
4
|
+
|
5
|
+
# npm
|
6
|
+
|
7
|
+
Use the `npm` InSpec audit resource to test if a global NPM package is installed. NPM is the the package manager for Node.js packages (https://docs.npmjs.com), such as Bower and StatsD.
|
8
|
+
|
9
|
+
|
10
|
+
# Syntax
|
11
|
+
|
12
|
+
A `npm` resource block declares a package and (optionally) a package version:
|
13
|
+
|
14
|
+
describe gem('npm_package_name') do
|
15
|
+
it { should be_installed }
|
16
|
+
end
|
17
|
+
|
18
|
+
where
|
19
|
+
|
20
|
+
* `('npm_package_name')` must specify an NPM package, such as `'bower'` or `'statsd'`
|
21
|
+
* `be_installed` is a valid matcher for this resource
|
22
|
+
|
23
|
+
|
24
|
+
# Matchers
|
25
|
+
|
26
|
+
This InSpec audit resource has the following matchers:
|
27
|
+
|
28
|
+
## be
|
29
|
+
|
30
|
+
<%= partial "/shared/matcher_be" %>
|
31
|
+
|
32
|
+
## be_installed
|
33
|
+
|
34
|
+
The `be_installed` matcher tests if the named Gem package and package version (if specified) is installed:
|
35
|
+
|
36
|
+
it { should be_installed }
|
37
|
+
|
38
|
+
## cmp
|
39
|
+
|
40
|
+
<%= partial "/shared/matcher_cmp" %>
|
41
|
+
|
42
|
+
## eq
|
43
|
+
|
44
|
+
<%= partial "/shared/matcher_eq" %>
|
45
|
+
|
46
|
+
## include
|
47
|
+
|
48
|
+
<%= partial "/shared/matcher_include" %>
|
49
|
+
|
50
|
+
## match
|
51
|
+
|
52
|
+
<%= partial "/shared/matcher_match" %>
|
53
|
+
|
54
|
+
## version
|
55
|
+
|
56
|
+
The `version` matcher tests if the named package version is on the system:
|
57
|
+
|
58
|
+
its('version') { should eq '1.2.3' }
|
59
|
+
|
60
|
+
# Examples
|
61
|
+
|
62
|
+
The following examples show how to use this InSpec audit resource.
|
63
|
+
|
64
|
+
## Verify that bower is installed, with a specific version
|
65
|
+
|
66
|
+
describe npm('bower') do
|
67
|
+
it { should be_installed }
|
68
|
+
its('version') { should eq '1.4.1' }
|
69
|
+
end
|
70
|
+
|
71
|
+
## Verify that statsd is not installed
|
72
|
+
|
73
|
+
describe npm('statsd') do
|
74
|
+
it { should_not be_installed }
|
75
|
+
end
|
@@ -0,0 +1,76 @@
|
|
1
|
+
---
|
2
|
+
title: About the ntp_conf Resource
|
3
|
+
---
|
4
|
+
|
5
|
+
# ntp_conf
|
6
|
+
|
7
|
+
Use the `ntp_conf` InSpec audit resource to test the synchronization settings defined in the `ntp.conf` file. This file is typically located at `/etc/ntp.conf`.
|
8
|
+
|
9
|
+
|
10
|
+
# Syntax
|
11
|
+
|
12
|
+
An `ntp_conf` resource block declares the synchronization settings that should be tested:
|
13
|
+
|
14
|
+
describe ntp_conf('path') do
|
15
|
+
its('setting_name') { should eq 'value' }
|
16
|
+
end
|
17
|
+
|
18
|
+
where
|
19
|
+
|
20
|
+
* `'setting_name'` is a synchronization setting defined in the `ntp.conf` file
|
21
|
+
* `('path')` is the non-default path to the `ntp.conf` file
|
22
|
+
* `{ should eq 'value' }` is the value that is expected
|
23
|
+
|
24
|
+
|
25
|
+
# Matchers
|
26
|
+
|
27
|
+
This resource matches any service that is listed in the `ntp.conf` file:
|
28
|
+
|
29
|
+
its('server') { should_not eq nil }
|
30
|
+
|
31
|
+
or:
|
32
|
+
|
33
|
+
its('restrict') { should include '-4 default kod notrap nomodify nopeer noquery'}
|
34
|
+
|
35
|
+
For example:
|
36
|
+
|
37
|
+
describe ntp_conf do
|
38
|
+
its('server') { should_not eq nil }
|
39
|
+
its('restrict') { should include '-4 default kod notrap nomodify nopeer noquery'}
|
40
|
+
end
|
41
|
+
|
42
|
+
|
43
|
+
## be
|
44
|
+
|
45
|
+
<%= partial "/shared/matcher_be" %>
|
46
|
+
|
47
|
+
## cmp
|
48
|
+
|
49
|
+
<%= partial "/shared/matcher_cmp" %>
|
50
|
+
|
51
|
+
## eq
|
52
|
+
|
53
|
+
<%= partial "/shared/matcher_eq" %>
|
54
|
+
|
55
|
+
## include
|
56
|
+
|
57
|
+
<%= partial "/shared/matcher_include" %>
|
58
|
+
|
59
|
+
## match
|
60
|
+
|
61
|
+
<%= partial "/shared/matcher_match" %>
|
62
|
+
|
63
|
+
# Examples
|
64
|
+
|
65
|
+
The following examples show how to use this InSpec audit resource.
|
66
|
+
|
67
|
+
## Test for clock drift against named servers
|
68
|
+
|
69
|
+
describe ntp_conf do
|
70
|
+
its('driftfile') { should eq '/var/lib/ntp/ntp.drift' }
|
71
|
+
its('server') { should eq [
|
72
|
+
0.ubuntu.pool.ntp.org,
|
73
|
+
1.ubuntu.pool.ntp.org,
|
74
|
+
2.ubuntu.pool.ntp.org
|
75
|
+
] }
|
76
|
+
end
|
@@ -0,0 +1,67 @@
|
|
1
|
+
---
|
2
|
+
title: About the oneget Resource
|
3
|
+
---
|
4
|
+
|
5
|
+
# oneget
|
6
|
+
|
7
|
+
Use the `oneget` InSpec audit resource to test if the named package and/or package version is installed on the system. This resource uses Oneget, which is `part of the Windows Management Framework 5.0 and Windows 10 <https://github.com/OneGet/oneget>`__. This resource uses the `Get-Package` cmdlet to return all of the package names in the Oneget repository.
|
8
|
+
|
9
|
+
# Syntax
|
10
|
+
|
11
|
+
A `oneget` resource block declares a package and (optionally) a package version:
|
12
|
+
|
13
|
+
describe oneget('name') do
|
14
|
+
it { should be_installed }
|
15
|
+
end
|
16
|
+
|
17
|
+
where
|
18
|
+
|
19
|
+
* `('name')` must specify the name of a package, such as `'VLC'`
|
20
|
+
* `be_installed` is a valid matcher for this resource
|
21
|
+
|
22
|
+
|
23
|
+
# Matchers
|
24
|
+
|
25
|
+
This InSpec audit resource has the following matchers:
|
26
|
+
|
27
|
+
## be
|
28
|
+
|
29
|
+
<%= partial "/shared/matcher_be" %>
|
30
|
+
|
31
|
+
## be_installed
|
32
|
+
|
33
|
+
The `be_installed` matcher tests if the named package is installed on the system:
|
34
|
+
|
35
|
+
it { should be_installed }
|
36
|
+
|
37
|
+
## cmp
|
38
|
+
|
39
|
+
<%= partial "/shared/matcher_cmp" %>
|
40
|
+
|
41
|
+
## eq
|
42
|
+
|
43
|
+
<%= partial "/shared/matcher_eq" %>
|
44
|
+
|
45
|
+
## include
|
46
|
+
|
47
|
+
<%= partial "/shared/matcher_include" %>
|
48
|
+
|
49
|
+
## match
|
50
|
+
|
51
|
+
<%= partial "/shared/matcher_match" %>
|
52
|
+
|
53
|
+
## version
|
54
|
+
|
55
|
+
The `version` matcher tests if the named package version is on the system:
|
56
|
+
|
57
|
+
its('version') { should eq '1.2.3' }
|
58
|
+
|
59
|
+
# Examples
|
60
|
+
|
61
|
+
The following examples show how to use this InSpec audit resource.
|
62
|
+
|
63
|
+
## Test if VLC is installed
|
64
|
+
|
65
|
+
describe oneget('VLC') do
|
66
|
+
it { should be_installed }
|
67
|
+
end
|
@@ -0,0 +1,154 @@
|
|
1
|
+
---
|
2
|
+
title: About the os Resource
|
3
|
+
---
|
4
|
+
|
5
|
+
# os
|
6
|
+
|
7
|
+
Use the `os` InSpec audit resource to test the platform on which the system is running.
|
8
|
+
|
9
|
+
# Syntax
|
10
|
+
|
11
|
+
An `os` resource block declares the platform to be tested. The platform may specified via matcher or control block name. For example, using a matcher:
|
12
|
+
|
13
|
+
describe os[:family] do
|
14
|
+
it { should eq 'platform_name' }
|
15
|
+
end
|
16
|
+
|
17
|
+
or using the block name:
|
18
|
+
|
19
|
+
describe os[:family_name] do
|
20
|
+
...
|
21
|
+
end
|
22
|
+
|
23
|
+
* `'platform_name'` (a string) or `:family_name` (a symbol) is one of `aix`, `bsd`, `darwin`, `debian`, `hpux`, `linux`, `redhat`, `solaris`, `suse`, `unix`, or `windows`
|
24
|
+
|
25
|
+
# Matchers
|
26
|
+
|
27
|
+
This InSpec audit resource has the following matchers:
|
28
|
+
|
29
|
+
## be
|
30
|
+
|
31
|
+
<%= partial "/shared/matcher_be" %>
|
32
|
+
|
33
|
+
## cmp
|
34
|
+
|
35
|
+
<%= partial "/shared/matcher_cmp" %>
|
36
|
+
|
37
|
+
## eq
|
38
|
+
|
39
|
+
<%= partial "/shared/matcher_eq" %>
|
40
|
+
|
41
|
+
## include
|
42
|
+
|
43
|
+
<%= partial "/shared/matcher_include" %>
|
44
|
+
|
45
|
+
## match
|
46
|
+
|
47
|
+
<%= partial "/shared/matcher_match" %>
|
48
|
+
|
49
|
+
# os.family? Helpers
|
50
|
+
|
51
|
+
The `os` audit resource includes a collection of helpers that enable more granular testing of platforms, platform names, architectures, and releases. Use any of the following platform-specific helpers to test for specific platforms:
|
52
|
+
|
53
|
+
* `aix?`
|
54
|
+
* `bsd?` (including Darwin, FreeBSD, NetBSD, and OpenBSD)
|
55
|
+
* `darwin?`
|
56
|
+
* `debian?`
|
57
|
+
* `hpux?`
|
58
|
+
* `linux?` (including Alpine Linux, Amazon Linux, ArchLinux, CoreOS, Exherbo, Fedora, Gentoo, and Slackware)
|
59
|
+
* `redhat?`
|
60
|
+
* `solaris?` (including Nexenta Core, OmniOS, Open Indiana, Solaris Open, and SmartOS)
|
61
|
+
* `suse?`
|
62
|
+
* `unix?`
|
63
|
+
* `windows?`
|
64
|
+
|
65
|
+
For example, to test for Darwin use:
|
66
|
+
|
67
|
+
describe os.bsd? do
|
68
|
+
it { should eq true }
|
69
|
+
end
|
70
|
+
|
71
|
+
To test for Windows use:
|
72
|
+
|
73
|
+
describe os.windows? do
|
74
|
+
it { should eq true }
|
75
|
+
end
|
76
|
+
|
77
|
+
and to test for Redhat use:
|
78
|
+
|
79
|
+
describe os.redhat? do
|
80
|
+
it { should eq true }
|
81
|
+
end
|
82
|
+
|
83
|
+
Use the following helpers to test for operating system names, releases, and architectures:
|
84
|
+
|
85
|
+
describe os.name do
|
86
|
+
it { should eq 'foo' }
|
87
|
+
end
|
88
|
+
|
89
|
+
describe os.release do
|
90
|
+
it { should eq 'foo' }
|
91
|
+
end
|
92
|
+
|
93
|
+
describe os.arch do
|
94
|
+
it { should eq 'foo' }
|
95
|
+
end
|
96
|
+
|
97
|
+
# os[:family] Symbols
|
98
|
+
|
99
|
+
Use `os[:family]` to enable more granular testing of platforms, platform names, architectures, and releases. Use any of the following platform-specific symbols to test for specific platforms:
|
100
|
+
|
101
|
+
* `:aix`
|
102
|
+
* `:bsd` For platforms that are part of the Berkeley OS family: `:darwin`, `:freebsd`, `:netbsd`, and `:openbsd`.
|
103
|
+
* `:debian`
|
104
|
+
* `:hpux`
|
105
|
+
* `:linux`. For platforms that are part of the Linux family: `:alpine`, `:amazon`, `:arch`, `:coreos`, `:exherbo`, `:fedora`, `:gentoo`, and `:slackware`.
|
106
|
+
* `:redhat`
|
107
|
+
* `:solaris`. For platforms that are part of the Solaris family: `:nexentacore`, `:omnios`, `:openindiana`, `:opensolaris`, and `:smartos`.
|
108
|
+
* `:suse`
|
109
|
+
* `:unix`
|
110
|
+
* `:windows`
|
111
|
+
|
112
|
+
For example, both of the following tests should have the same result:
|
113
|
+
|
114
|
+
if os[:family] == 'debian'
|
115
|
+
describe port(69) do
|
116
|
+
its('processes') { should include 'in.tftpd' }
|
117
|
+
end
|
118
|
+
elsif os[:family] == 'rhel'
|
119
|
+
describe port(69) do
|
120
|
+
its('processes') { should include 'xinetd' }
|
121
|
+
end
|
122
|
+
end
|
123
|
+
|
124
|
+
if os[:debian]
|
125
|
+
describe port(69) do
|
126
|
+
its('processes') { should include 'in.tftpd' }
|
127
|
+
end
|
128
|
+
elsif os[:rhel]
|
129
|
+
describe port(69) do
|
130
|
+
its('processes') { should include 'xinetd' }
|
131
|
+
end
|
132
|
+
end
|
133
|
+
|
134
|
+
# Examples
|
135
|
+
|
136
|
+
The following examples show how to use this InSpec audit resource.
|
137
|
+
|
138
|
+
## Test for RedHat
|
139
|
+
|
140
|
+
describe os[:family] do
|
141
|
+
it { should eq 'redhat' }
|
142
|
+
end
|
143
|
+
|
144
|
+
## Test for Ubuntu
|
145
|
+
|
146
|
+
describe os[:family] do
|
147
|
+
it { should eq 'debian' }
|
148
|
+
end
|
149
|
+
|
150
|
+
## Test for Microsoft Windows
|
151
|
+
|
152
|
+
describe os[:family] do
|
153
|
+
it { should eq 'windows' }
|
154
|
+
end
|
@@ -0,0 +1,98 @@
|
|
1
|
+
---
|
2
|
+
title: About the os_env Resource
|
3
|
+
---
|
4
|
+
|
5
|
+
# os_env
|
6
|
+
|
7
|
+
Use the `os_env` InSpec audit resource to test the environment variables for the platform on which the system is running.
|
8
|
+
|
9
|
+
# Syntax
|
10
|
+
|
11
|
+
A `os_env` resource block declares an environment variable, and then declares its value:
|
12
|
+
|
13
|
+
describe os_env('VARIABLE') do
|
14
|
+
its('matcher') { should eq 1 }
|
15
|
+
end
|
16
|
+
|
17
|
+
where
|
18
|
+
|
19
|
+
* `('VARIABLE')` must specify an environment variable, such as `PATH`
|
20
|
+
* `matcher` is a valid matcher for this resource
|
21
|
+
|
22
|
+
|
23
|
+
# Matchers
|
24
|
+
|
25
|
+
This InSpec audit resource has the following matchers:
|
26
|
+
|
27
|
+
## be
|
28
|
+
|
29
|
+
<%= partial "/shared/matcher_be" %>
|
30
|
+
|
31
|
+
## cmp
|
32
|
+
|
33
|
+
<%= partial "/shared/matcher_cmp" %>
|
34
|
+
|
35
|
+
## content
|
36
|
+
|
37
|
+
The `content` matcher return the value of the environment variable:
|
38
|
+
|
39
|
+
its('content') { should eq '/usr/local/bin:/usr/local/sbin:/usr/sbin:/usr/bin:/sbin' }
|
40
|
+
|
41
|
+
## eq
|
42
|
+
|
43
|
+
<%= partial "/shared/matcher_eq" %>
|
44
|
+
|
45
|
+
## include
|
46
|
+
|
47
|
+
<%= partial "/shared/matcher_include" %>
|
48
|
+
|
49
|
+
## match
|
50
|
+
|
51
|
+
<%= partial "/shared/matcher_match" %>
|
52
|
+
|
53
|
+
## split
|
54
|
+
|
55
|
+
The `split` splits the content with the `:` deliminator:
|
56
|
+
|
57
|
+
its('split') { should include (':') }
|
58
|
+
|
59
|
+
or:
|
60
|
+
|
61
|
+
its('split') { should_not include ('.') }
|
62
|
+
|
63
|
+
Use `-1` to test for cases where there is a trailing colon (`:`), such as `dir1::dir2:`:
|
64
|
+
|
65
|
+
its('split') { should include ('-1') }
|
66
|
+
|
67
|
+
# Examples
|
68
|
+
|
69
|
+
The following examples show how to use this InSpec audit resource.
|
70
|
+
|
71
|
+
## Test the PATH environment variable
|
72
|
+
|
73
|
+
describe os_env('PATH') do
|
74
|
+
its('split') { should_not include('') }
|
75
|
+
its('split') { should_not include('.') }
|
76
|
+
end
|
77
|
+
|
78
|
+
## Test Habitat environment variables
|
79
|
+
|
80
|
+
Habitat uses the `os_env` resource to test environment variables. The environment variables are first defined in a whitespace array, after which each environment variable is tested:
|
81
|
+
|
82
|
+
hab_env_vars = %w(HAB_AUTH_TOKEN
|
83
|
+
HAB_CACHE_KEY_PATH
|
84
|
+
HAB_DEPOT_URL
|
85
|
+
HAB_ORG
|
86
|
+
HAB_ORIGIN
|
87
|
+
HAB_ORIGIN_KEYS
|
88
|
+
HAB_RING
|
89
|
+
HAB_RING_KEY
|
90
|
+
HAB_STUDIOS_HOME
|
91
|
+
HAB_STUDIO_ROOT
|
92
|
+
HAB_USER)
|
93
|
+
|
94
|
+
hab_env_vars.each do |e|
|
95
|
+
describe os_env(e) do
|
96
|
+
its('content') { should eq nil }
|
97
|
+
end
|
98
|
+
end
|