inspec 1.0.0.beta2 → 1.0.0.beta3

data/docs/resources/package.md.erb

@@ -0,0 +1,115 @@
+---
+title: About the package Resource
+---
+
+# package
+
+Use the `package` InSpec audit resource to test if the named package and/or package version is installed on the system.
+
+
+# Syntax
+
+A `package` resource block declares a package and (optionally) a package version:
+
+    describe package('name') do
+      it { should be_installed }
+    end
+
+where
+
+* `('name')` must specify the name of a package, such as `'nginx'`
+* `be_installed` is a valid matcher for this resource
+
+# Matchers
+
+This InSpec audit resource has the following matchers:
+
+## be
+
+<%= partial "/shared/matcher_be" %>
+
+## be_installed
+
+The `be_installed` matcher tests if the named package is installed on the system:
+
+    it { should be_installed }
+
+## cmp
+
+<%= partial "/shared/matcher_cmp" %>
+
+## eq
+
+<%= partial "/shared/matcher_eq" %>
+
+## include
+
+<%= partial "/shared/matcher_include" %>
+
+## match
+
+<%= partial "/shared/matcher_match" %>
+
+## version
+
+The `version` matcher tests if the named package version is on the system:
+
+    its('version') { should eq '1.2.3' }
+
+# Examples
+
+The following examples show how to use this InSpec audit resource.
+
+## Test if nginx version 1.9.5 is installed
+
+    describe package('nginx') do
+      it { should be_installed }
+      its('version') { should eq 1.9.5 }
+    end
+
+## Test that a package is not installed
+
+    describe package('some_package') do
+      it { should_not be_installed }
+    end
+
+## Test if telnet is installed
+
+    describe package('telnetd') do
+      it { should_not be_installed }
+    end
+
+    describe inetd_conf do
+      its('telnet') { should eq nil }
+    end
+
+## Test if ClamAV (an antivirus engine) is installed and running
+
+    describe package('clamav') do
+      it { should be_installed }
+      its('version') { should eq '0.98.7' }
+    end
+
+    describe service('clamd') do
+      it { should_not be_enabled }
+      it { should_not be_installed }
+      it { should_not be_running }
+    end
+
+## Verify if Memcached is installed, enabled, and running
+
+Memcached is an in-memory key-value store that helps improve the performance of database-driven websites and can be installed, maintained, and tested using the `memcached` cookbook (maintained by Chef). The following example is from the `memcached` cookbook and shows how to use a combination of the `package`, `service`, and `port` InSpec audit resources to test if Memcached is installed, enabled, and running:
+
+    describe package('memcached') do
+      it { should be_installed }
+    end
+
+    describe service('memcached') do
+      it { should be_installed }
+      it { should be_enabled }
+      it { should be_running }
+    end
+
+    describe port(11_211) do
+      it { should be_listening }
+    end

data/docs/resources/parse_config.md.erb

@@ -0,0 +1,122 @@
+---
+title: About the parse_config Resource
+---
+
+# parse_config
+
+Use the `parse_config` InSpec audit resource to test arbitrary configuration files.
+
+# Syntax
+
+A `parse_config` resource block declares the location of the configuration setting to be tested, and then what value is to be tested. Because this resource relies on arbitrary configuration files, the test itself is often arbitrary and relies on custom Ruby code:
+
+    output = command('some-command').stdout
+
+    describe parse_config(output, { data_config_option: value } ) do
+      its('setting') { should eq 1 }
+    end
+
+or:
+
+    audit = command('/sbin/auditctl -l').stdout
+      options = {
+        assignment_re: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
+        multiple_values: true
+      }
+
+    describe parse_config(audit, options) do
+      its('setting') { should eq 1 }
+    end
+
+where each test
+
+* Must declare the location of the configuration file to be tested
+* Must declare one (or more) settings to be tested
+* May run a command to `stdout`, and then run the test against that output
+* May use options to define how configuration data is to be parsed
+
+# Matchers
+
+This InSpec audit resource has the following matchers:
+
+## assignment_re
+
+Use `assignment_re` to test a key value using a regular expression:
+
+    'key = value'
+
+may be tested using the following regular expression, which determines assignment from key to value:
+
+    assignment_re: /^\s*([^=]*?)\s*=\s*(.*?)\s*$/
+
+## be
+
+<%= partial "/shared/matcher_be" %>
+
+## cmp
+
+<%= partial "/shared/matcher_cmp" %>
+
+## comment_char
+
+Use `comment_char` to test for comments in a configuration file:
+
+    comment_char: '#'
+
+## eq
+
+<%= partial "/shared/matcher_eq" %>
+
+## include
+
+<%= partial "/shared/matcher_include" %>
+
+## key_vals
+
+Use `key_vals` to test how many values a key contains:
+
+    key = a b c
+
+contains three values. To test that value to ensure it only contains one, use:
+
+    key_vals: 1
+
+## match
+
+<%= partial "/shared/matcher_match" %>
+
+## multiple_values
+
+Use `multiple_values` if the source file uses the same key multiple times. All values will be aggregated in an array:
+
+    # # file structure:
+    # key = a
+    # key = b
+    # key2 = c
+    params['key'] = ['a', 'b']
+    params['key2'] = ['c']
+
+To use plain key value mapping, use `multiple_values: false`:
+
+    # # file structure:
+    # key = a
+    # key = b
+    # key2 = c
+    params['key'] = 'b'
+    params['key2'] = 'c'
+
+## standalone_comments
+
+Use `standalone_comments` to parse comments as a line, otherwise inline comments are allowed:
+
+    'key = value # comment'
+    params['key'] = 'value # comment'
+
+Use `standalone_comments: false`, to parse the following:
+
+    'key = value # comment'
+    params['key'] = 'value'
+
+# Examples
+
+None.

data/docs/resources/parse_config_file.md.erb

@@ -0,0 +1,143 @@
+---
+title: About the parse_config_file Resource
+---
+
+# parse_config_file
+
+Use the `parse_config_file` InSpec audit resource to test arbitrary configuration files. It works in the same way as `parse_config`. Instead of using a command output, this resource works with files.
+
+# Syntax
+
+A `parse_config_file` InSpec audit resource block declares the location of the configuration file to be tested, and then which settings in that file are to be tested.
+
+    describe parse_config_file('/path/to/file', { data_config_option: value } ) do
+      its('setting') { should eq 1 }
+    end
+
+or:
+
+    options = {
+      assignment_re: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
+      multiple_values: true
+    }
+
+    describe parse_config_file('path/to/file', options) do
+      its('setting') { should eq 1 }
+    end
+
+where each test
+
+* Must declare the location of the configuration file to be tested
+* Must declare one (or more) settings to be tested
+* May run a command to `stdout`, and then run the test against that output
+* May use options to define how configuration data is to be parsed
+
+# Options
+
+This resource supports the following options for parsing configuration data. Use them in an `options` block stated outside of (and immediately before) the actual test:
+
+    options = {
+        assignment_re: /^\s*([^:]*?)\s*:\s*(.*?)\s*$/,
+        multiple_values: true
+      }
+    describe parse_config_file('path/to/file',  options) do
+      its('setting') { should eq 1 }
+    end
+
+# Matchers
+
+This InSpec audit resource has the following matchers:
+
+## assignment_re
+
+Use `assignment_re` to test a key value using a regular expression:
+
+    'key = value'
+
+may be tested using the following regular expression, which determines assignment from key to value:
+
+    assignment_re: /^\s*([^=]*?)\s*=\s*(.*?)\s*$/
+
+## be
+
+<%= partial "/shared/matcher_be" %>
+
+## cmp
+
+<%= partial "/shared/matcher_cmp" %>
+
+## comment_char
+
+Use `comment_char` to test for comments in a configuration file:
+
+    comment_char: '#'
+
+## eq
+
+<%= partial "/shared/matcher_eq" %>
+
+## include
+
+<%= partial "/shared/matcher_include" %>
+
+## key_vals
+
+Use `key_vals` to test how many values a key contains:
+
+    key = a b c
+
+contains three values. To test that value to ensure it only contains one, use:
+
+    key_vals: 1
+
+## match
+
+<%= partial "/shared/matcher_match" %>
+
+## multiple_values
+
+Use `multiple_values` if the source file uses the same key multiple times. All values will be aggregated in an array:
+
+    # # file structure:
+    # key = a
+    # key = b
+    # key2 = c
+    params['key'] = ['a', 'b']
+    params['key2'] = ['c']
+
+To use plain key value mapping, use `multiple_values: false`:
+
+    # # file structure:
+    # key = a
+    # key = b
+    # key2 = c
+    params['key'] = 'b'
+    params['key2'] = 'c'
+
+## standalone_comments
+
+Use `standalone_comments` to parse comments as a line, otherwise inline comments are allowed:
+
+    'key = value # comment'
+    params['key'] = 'value # comment'
+
+Use `standalone_comments: false`, to parse the following:
+
+    'key = value # comment'
+    params['key'] = 'value'
+
+# Examples
+
+The following examples show how to use this InSpec audit resource.
+
+## Test a configuration setting
+
+    describe parse_config_file('/path/to/file.conf') do
+     its('PARAM_X') { should eq 'Y' }
+    end
+
+## Use options, and then test a configuration setting
+
+    describe parse_config_file('/path/to/file.conf', { multiple_values: true }) do
+     its('PARAM_X') { should include 'Y' }
+    end

data/docs/resources/pip.md.erb

@@ -0,0 +1,74 @@
+---
+title: About the pip Resource
+---
+
+# pip
+
+Use the `pip` InSpec audit resource to test packages that are installed using the Python PIP installer.
+
+# Syntax
+
+A `pip` resource block declares a package and (optionally) a package version:
+
+    describe pip('Jinja2') do
+      it { should be_installed }
+    end
+
+where
+
+* `'Jinja2'` is the name of the package
+* `be_installed` tests to see if the `Jinja2` package is installed
+
+
+# Matchers
+
+This InSpec audit resource has the following matchers:
+
+## be
+
+<%= partial "/shared/matcher_be" %>
+
+## be_installed
+
+The `be_installed` matcher tests if the named package is installed on the system:
+
+    it { should be_installed }
+
+## cmp
+
+<%= partial "/shared/matcher_cmp" %>
+
+## eq
+
+<%= partial "/shared/matcher_eq" %>
+
+## include
+
+<%= partial "/shared/matcher_include" %>
+
+## match
+
+<%= partial "/shared/matcher_match" %>
+
+## version
+
+The `version` matcher tests if the named package version is on the system:
+
+    its('version') { should eq '1.2.3' }
+
+# Examples
+
+The following examples show how to use this InSpec audit resource.
+
+## Test if Jinja2 is installed on the system
+
+    describe pip('Jinja2') do
+      it { should be_installed }
+    end
+
+## Test if Jinja2 2.8 is installed on the system
+
+    describe pip('Jinja2') do
+      it { should be_installed }
+      its('version') { should eq '2.8' }
+    end