Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2025-01-10 04:09:12 +00:00
Code Issues Projects Releases Packages Wiki Activity
inspec/lib/resources/packages.rb

87 lines
2.2 KiB
Ruby
Raw Normal View History

add "packages" resource This pull request adds a packages resource so that we can check for pattern matches against all the packages on a system. This initially implements only dpkg support for debian-based platforms so we can cover this use case: ```ruby describe packages(/^xserver-xorg.*/) do its("list") { should be_empty } end ``` This uses FilterTable so we can supply additional queries, too. ```ruby describe packages(/vi.+/).where { status != 'installed' } do its('statuses') { should be_empty } end ``` Users can specify the name as a string or a regular expression. If it is a string, we will escape it and convert it to a regular expression to use in matching against the full returned list of packages. If it is a regular expression, we take that as is and use it to filter the results. While some package management systems such as `dpkg` can take a shell glob argument to filter their results, we eschew this and require a regular expression to match multiple package names because we will need this to work across other platforms in the future. This means that the following: ```ruby packages("vim") ``` Will return *all* the "vim" packages on the system. The `packages` resource will take `"vim"`, turn it into `/vim/`, and greedily match anything with "vim" in the name. To match only a single package named `vim`, it needs to be an anchored regular expression. ```ruby packages(/^vim$/) ``` Signed-off-by: Joshua Timberman <joshua@chef.io> Use entries instead of list Added a few more tests and non installed package in output Signed-off-by: Alex Pop <apop@chef.io> fix lint Signed-off-by: Alex Pop <apop@chef.io> Signed-off-by: Joshua Timberman <joshua@chef.io>
2017-02-03 20:42:55 +00:00
# encoding: utf-8
# copyright: 2017, Chef Software, Inc. <legal@chef.io>
# author: Joshua Timberman
# author: Alex Pop
# license: All rights reserved
require 'utils/filter'
module Inspec::Resources
class Packages < Inspec.resource(1)
name 'packages'
desc 'Use the packages InSpec audit resource to test properties for multiple packages installed on the system'
example "
describe packages(/xserver-xorg.*/) do
its('entries') { should be_empty }
end
describe packages('vim').entries.length do
it { should be > 1 }
end
describe packages(/vi.+/).where { status != 'installed' } do
its('statuses') { should be_empty }
end
"
def initialize(pattern)
@pattern = pattern_regexp(pattern)
all_pkgs = package_list
@list = all_pkgs.find_all do |hm|
hm[:name] =~ pattern_regexp(pattern)
end
end
def to_s
"Packages #{@pattern.class == String ? @pattern : @pattern.inspect}"
end
filter = FilterTable.create
filter.add_accessor(:where)
.add_accessor(:entries)
.add(:statuses, field: 'status', style: :simple)
.add(:names, field: 'name')
.add(:versions, field: 'version')
.connect(self, :filtered_packages)
private
def pattern_regexp(p)
if p.class == String
Regexp.new(Regexp.escape(p))
elsif p.class == Regexp
p
else
fail 'invalid name argument to packages resource, please use a "string" or /regexp/'
end
end
def filtered_packages
@list
end
def package_list
os = inspec.os
if os.debian?
command = "dpkg-query -W -f='${db:Status-Abbrev} ${Package} ${Version}\\n'"
else
fail "packages resource is not yet supported on #{os.name}"
end
build_package_list(command)
end
Package = Struct.new(:status, :name, :version)
def build_package_list(command)
cmd = inspec.command(command)
all = cmd.stdout.split("\n")[1..-1]
return [] if all.nil?
all.map do |m|
a = m.split
a[0] = 'installed' if a[0] =~ /^.i/
a[2] = a[2].split(':').last
Package.new(*a)
end
end
end
end
Reference in a new issue Copy permalink