inspec/lib/plugins/inspec-compliance/test/integration/default/cli.rb

# options
inspec_bin = 'BUNDLE_GEMFILE=/inspec/Gemfile bundle exec inspec'
api_url = 'https://0.0.0.0'
profile = '/inspec/examples/profile'

user = command('whoami').stdout.strip
pwd = command('pwd').stdout.strip
puts "Run test as #{user} in path #{pwd}"

# TODO: determine tokens automatically, define in kitchen yml
access_token = ENV['COMPLIANCE_ACCESSTOKEN']
refresh_token = ENV['COMPLIANCE_REFRESHTOKEN']

%w{refresh_token access_token}.each do |type| # rubocop:disable Metrics/BlockLength
  case type
  when 'access_token'
    token_options = "--token '#{access_token}'"
  when 'refresh_token'
    token_options = "--refresh_token '#{refresh_token}'"
  end

  # verifies that the help command works
  describe command("#{inspec_bin} compliance help") do
    its('stdout') { should include 'inspec compliance help [COMMAND]' }
    its('stderr') { should eq '' }
    its('exit_status') { should eq 0 }
  end

  # version command fails gracefully when server not configured
  describe command("#{inspec_bin} compliance version") do
    its('stdout') { should include 'Server configuration information is missing' }
    its('stderr') { should eq '' }
    its('exit_status') { should eq 1 }
  end

  # submitting a wrong token should have an exit of 0
  describe command("#{inspec_bin} compliance login #{api_url} --insecure --user 'admin' --token 'wrong-token'") do
    its('stdout') { should include 'token stored' }
  end

  # compliance login --help should give an accurate message for login
  describe command("#{inspec_bin} compliance login --help") do
    its('stdout') { should include "inspec compliance login SERVER --insecure --user='USER' --token='TOKEN'" }
    its('exit_status') { should eq 0 }
  end

  # profiles command fails gracefully when token/server info is incorrect
  describe command("#{inspec_bin} compliance profiles") do
    its('stdout') { should include '401 Unauthorized. Please check your token' }
    its('stderr') { should eq '' }
    its('exit_status') { should eq 1 }
  end

  # login via access token token
  describe command("#{inspec_bin} compliance login #{api_url} --insecure --user 'admin' #{token_options}") do
    its('stdout') { should include 'token', 'stored' }
    its('stdout') { should_not include 'Your server supports --user and --password only' }
    its('stderr') { should eq '' }
    its('exit_status') { should eq 0 }
  end

  # see available resources
  describe command("#{inspec_bin} compliance profiles") do
    its('stdout') { should include 'base/ssh' }
    its('stderr') { should eq '' }
    its('exit_status') { should eq 0 }
  end

  # upload a compliance profile
  describe command("#{inspec_bin} compliance upload #{profile} --overwrite") do
    its('stdout') { should include 'Profile is valid' }
    its('stdout') { should include 'Successfully uploaded profile' }
    its('stdout') { should_not include 'error(s)' }
    its('stderr') { should eq '' }
    its('exit_status') { should eq 0 }
  end

  # returns the version of the server
  describe command("#{inspec_bin} compliance version") do
    its('stdout') { should include 'Chef Compliance version:' }
    its('stderr') { should eq '' }
    its('exit_status') { should eq 0 }
  end

  # logout
  describe command("#{inspec_bin} compliance logout") do
    its('stdout') { should include 'Successfully logged out' }
    its('stderr') { should eq '' }
    its('exit_status') { should eq 0 }
  end
end