inspec/lib/resources/docker_image.rb

87 lines
2.2 KiB
Ruby
Raw Normal View History

# encoding: utf-8
#
# Copyright 2017, Christoph Hartmann
#
# author: Christoph Hartmann
# author: Patrick Muench
# author: Dominik Richter
require_relative 'docker_object'
module Inspec::Resources
class DockerImage < Inspec.resource(1)
include Inspec::Resources::DockerObject
name 'docker_image'
desc ''
example "
describe docker_image('alpine:latest') do
it { should exist }
its('id') { should_not eq '' }
its('image') { should eq 'alpine:latest' }
its('repo') { should eq 'alpine' }
its('tag') { should eq 'latest' }
end
describe docker_image('alpine:latest') do
it { should exist }
end
describe docker_image(id: '4a415e366388') do
it { should exist }
end
"
def initialize(opts = {})
# do sanitizion of input values
o = opts.dup
o = { image: opts } if opts.is_a?(String)
@opts = sanitize_options(o)
end
def image
"#{repo}:#{tag}" if object_info.entries.size == 1
end
def repo
object_info.repositories[0] if object_info.entries.size == 1
end
def tag
object_info.tags[0] if object_info.entries.size == 1
end
def to_s
img = @opts[:image] || @opts[:id]
"Docker Image #{img}"
end
private
def sanitize_options(opts)
opts.merge!(parse_components_from_image(opts[:image]))
# assume a "latest" tag if we don't have one
opts[:tag] ||= 'latest'
# if the ID isn't nil and doesn't contain a hash indicator (indicated by the presence
# of a colon, which separates the indicator from the actual hash), we assume it's sha256.
opts[:id] = 'sha256:' + opts[:id] unless opts[:id].nil? || opts[:id].include?(':')
# Assemble/reassemble the image from the repo and tag
opts[:image] = "#{opts[:repo]}:#{opts[:tag]}" unless opts[:repo].nil?
# return the santized opts back to the caller
opts
end
def object_info
return @info if defined?(@info)
opts = @opts
@info = inspec.docker.images.where {
(repository == opts[:repo] && tag == opts[:tag]) || (!id.nil? && !opts[:id].nil? && (id == opts[:id] || id.start_with?(opts[:id])))
}
end
end
end