inspec/test/functional/inspec_exec_json_test.rb

198 lines
8.3 KiB
Ruby
Raw Normal View History

# encoding: utf-8
# author: Dominik Richter
# author: Christoph Hartmann
require 'functional/helper'
require 'jsonschema'
describe 'inspec exec with json formatter' do
include FunctionalHelper
it 'can execute a simple file and validate the json schema' do
out = inspec('exec ' + example_control + ' --reporter json --no-create-lockfile')
out.stderr.must_equal ''
out.exit_status.must_equal 0
data = JSON.parse(out.stdout)
sout = inspec('schema exec-json')
schema = JSON.parse(sout.stdout)
JSON::Schema.validate(data, schema)
end
it 'can execute a profile and validate the json schema' do
out = inspec('exec ' + example_profile + ' --reporter json --no-create-lockfile')
out.stderr.must_equal ''
out.exit_status.must_equal 101
data = JSON.parse(out.stdout)
sout = inspec('schema exec-json')
schema = JSON.parse(sout.stdout)
JSON::Schema.validate(data, schema)
end
it 'can execute a simple file while using end of options after reporter cli option' do
out = inspec('exec --no-create-lockfile --reporter json -- ' + example_control)
out.stderr.must_equal ''
out.exit_status.must_equal 0
data = JSON.parse(out.stdout)
sout = inspec('schema exec-json')
schema = JSON.parse(sout.stdout)
JSON::Schema.validate(data, schema)
end
it 'can execute a profile and validate the json schema with target_id' do
out = inspec('exec ' + example_profile + ' --reporter json --no-create-lockfile --target-id 1d3e399f-4d71-4863-ac54-84d437fbc444')
out.stderr.must_equal ''
out.exit_status.must_equal 101
data = JSON.parse(out.stdout)
data['platform']['target_id'].must_equal '1d3e399f-4d71-4863-ac54-84d437fbc444'
sout = inspec('schema exec-json')
schema = JSON.parse(sout.stdout)
JSON::Schema.validate(data, schema)
end
Inspec 3.0 (#3512) * Remove deprecated yumrepo. (#3435) * Remove deprecations for cli `--format` and metadata.rb (#3452) * Remove deprecated database_helpers stderr/stdout methods. Update deprecation text for processes/apache. * Remove deprecations for `--format` and metadata.rb Remove deprecated `format` code. Remove deprecated code test and change json-config format test to use reporter. Remove deprecated metadata.rb code Remove deprecation notice for old supports syntax. Deprecate metadata.rb from source_reader Remove rubocop disables as they are no longer required for this code block. Remove deprecated legacy metadata.rb mock profiles. Remove deprecated metadata.rb profile tests. Remove deprecated yumrepo test. * Allow inspec-3.0 branch to be tested. * Allow appveyor to test inspec-3.0 branch * Change runner tests to use reporter rather than format. Remove deprecated `supports: linux` tests. * Remove skip from inherited profiles from showing up in reporting (breaking change) (#3332) * Skip loading dependency profiles if they are unsupported on the current platform. Skip loading dependencies if they are unsupported on the current platform. Wrap our log and next in a conditional checking if the platform is supported. Change a `if !` into a `unless` Check if the backend is a Train Mock Connection and if so say that the profile does support the platform. While iterating through tests being loaded skip when the platform is unsupported. We now log a WARN when a profile is skipped due to unsupported platform, so lets check that. Modified existing test to log that there are 0 skipped tests, instead of 2. Add functional test that loads profile-support-skip with a json reporter to check that our controls are not loaded and that stderr contains our warning. * Rather than iterating through each test return before recursion if the platform is unsupported. * Resolve tests using a supported platform different from testing platform Add a control to `test/unit/mock/profiles/complete-profile` that would work on any OS with a Internet connection. This allows the profile to execute on any OS with success. `filesystem_spec.rb` was a control that would only work on Linux and some BSD's. We want profile tests to consistently work across development and testing platforms, and not get 'skipped' in some cases. Travis-CI tests on Linux, Inspec Dev team uses Linux and MacOS, Appveyor tests on Windows Also Updated `file_provider_test.rb` for `complete-profile` content changes. If you `MockLoader.load_profile` on a unsupported platform you might not hit the usual skip. Lets handle situations where the tests array in Profile#load_checks_params could be nil. * Use safe navigation rather than checking if tests is nil. Update tests to point to unsupported_inspec and account for WARN changes. Make unsupported_inspec profile support os-family 'unsupported_inspec' * Fix skip bug when using include/require controls. (#3487) * Fix skip bug when using include/require controls. * fix test and feedback. * Remove need for UUID detection for Automate report (#3507) * Add json metadata for skipped profiles (#3495) * Add skip metadata to json reports * Unify skip messages. * Update with status field. * Add testing. * Fix tests. * lint * Add skip exit codes for profile skips. * Update website for 3.0 launch Add `plugins` to sidebar. Change 2.0 -> 3.0 in slim files. Update 3.0 features list. * Fix comments * Update float to numeric. * Change Float to numeric. * updated feature list and impact doc * Change "What's new in InSpec 3.0" -> "Announcing InSpec 3.0" * Bump VERSION to 3.0.0 (#3511) * Remove 3.0 testing checks. * Fix azure link.
2018-10-15 22:25:27 +00:00
it 'does not report skipped dependent profiles' do
out = inspec('exec ' + File.join(profile_path, 'unsupported_dependencies', 'wrapper-profile') + ' --reporter json --no-create-lockfile')
out.stderr.must_include "WARN: Skipping profile: 'child_profile' on unsupported platform:"
out.stderr.must_include "WARN: Skipping profile: 'child_profile2' on unsupported platform:"
out.exit_status.must_equal 0
data = JSON.parse(out.stdout)
data['profiles'].count.must_equal 1
profile = data['profiles'].first
profile['controls'].count.must_equal 1
end
it 'flags skipped profiles with correct status' do
out = inspec('exec ' + File.join(profile_path, 'unsupported_dependencies', 'wrapper-profile') + ' --reporter json --no-create-lockfile')
out.exit_status.must_equal 0
data = JSON.parse(out.stdout)
data['profiles'].count.must_equal 1
profile = data['profiles'].first
profile['status'].must_equal 'loaded'
profile['depends'].count.must_equal 2
profile['depends'].each do |d|
d['status'].must_equal 'skipped'
d['skip_message'].must_include "Skipping profile: "
end
end
it 'flags loaded profiles with correct status' do
out = inspec('exec ' + File.join(profile_path, 'dependencies', 'inheritance') + ' --reporter json --no-create-lockfile')
out.exit_status.must_equal 0
data = JSON.parse(out.stdout)
profile = data['profiles'].first
profile['status'].must_equal 'loaded'
profile['depends'].count.must_equal 2
profile['depends'].each do |d|
d['status'].must_equal 'loaded'
d.key?('skip_message').must_equal false
end
end
it 'flags profile with correct status when not supported' do
out = inspec('exec ' + File.join(profile_path, 'skippy-profile-os') + ' --reporter json --no-create-lockfile')
out.exit_status.must_equal 101
data = JSON.parse(out.stdout)
profile = data['profiles'].first
profile['status'].must_equal 'skipped'
profile['skip_message'].must_include "Skipping profile: 'skippy' on unsupported platform:"
end
describe 'execute a profile with json formatting' do
let(:json) { JSON.load(inspec('exec ' + example_profile + ' --reporter json --no-create-lockfile').stdout) }
2016-07-04 09:47:46 +00:00
let(:profile) { json['profiles'][0] }
let(:controls) { profile['controls'] }
2016-07-04 09:47:46 +00:00
let(:ex1) { controls.find { |x| x['id'] == 'tmp-1.0' } }
let(:ex2) { controls.find { |x| x['id'] =~ /generated/ } }
let(:ex3) { profile['controls'].find { |x| x['id'] == 'gordon-1.0' } }
let(:check_result) {
ex3['results'].find { |x| x['resource'] == 'gordon_config' }
}
2016-07-04 09:47:46 +00:00
it 'has only one profile' do
json['profiles'].must_be_kind_of(Array)
json['profiles'].length.must_equal 1
end
it 'maps impact symbols to numbers' do
ex3['impact'].must_equal 0.9
end
it 'has all the metadata' do
actual = profile.dup
2016-07-04 09:47:46 +00:00
key = actual.delete('controls')
.find { |x| x['id'] =~ /generated from example.rb/ }['id']
groups = actual.delete('groups')
actual.must_equal({
2016-09-16 21:59:31 +00:00
"name" => "profile",
"title" => "InSpec Example Profile",
"maintainer" => "Chef Software, Inc.",
"copyright" => "Chef Software, Inc.",
"copyright_email" => "support@chef.io",
"license" => "Apache-2.0",
"summary" => "Demonstrates the use of InSpec Compliance Profile",
"version" => "1.0.0",
"sha256" => "7acce309d89d995a908fcd1c7daaaae65954d252d4de1b90ae52416b4e67d2f3",
"supports" => [{"platform-family" => "unix"}, {"platform-family"=>"windows"}],
Inspec 3.0 (#3512) * Remove deprecated yumrepo. (#3435) * Remove deprecations for cli `--format` and metadata.rb (#3452) * Remove deprecated database_helpers stderr/stdout methods. Update deprecation text for processes/apache. * Remove deprecations for `--format` and metadata.rb Remove deprecated `format` code. Remove deprecated code test and change json-config format test to use reporter. Remove deprecated metadata.rb code Remove deprecation notice for old supports syntax. Deprecate metadata.rb from source_reader Remove rubocop disables as they are no longer required for this code block. Remove deprecated legacy metadata.rb mock profiles. Remove deprecated metadata.rb profile tests. Remove deprecated yumrepo test. * Allow inspec-3.0 branch to be tested. * Allow appveyor to test inspec-3.0 branch * Change runner tests to use reporter rather than format. Remove deprecated `supports: linux` tests. * Remove skip from inherited profiles from showing up in reporting (breaking change) (#3332) * Skip loading dependency profiles if they are unsupported on the current platform. Skip loading dependencies if they are unsupported on the current platform. Wrap our log and next in a conditional checking if the platform is supported. Change a `if !` into a `unless` Check if the backend is a Train Mock Connection and if so say that the profile does support the platform. While iterating through tests being loaded skip when the platform is unsupported. We now log a WARN when a profile is skipped due to unsupported platform, so lets check that. Modified existing test to log that there are 0 skipped tests, instead of 2. Add functional test that loads profile-support-skip with a json reporter to check that our controls are not loaded and that stderr contains our warning. * Rather than iterating through each test return before recursion if the platform is unsupported. * Resolve tests using a supported platform different from testing platform Add a control to `test/unit/mock/profiles/complete-profile` that would work on any OS with a Internet connection. This allows the profile to execute on any OS with success. `filesystem_spec.rb` was a control that would only work on Linux and some BSD's. We want profile tests to consistently work across development and testing platforms, and not get 'skipped' in some cases. Travis-CI tests on Linux, Inspec Dev team uses Linux and MacOS, Appveyor tests on Windows Also Updated `file_provider_test.rb` for `complete-profile` content changes. If you `MockLoader.load_profile` on a unsupported platform you might not hit the usual skip. Lets handle situations where the tests array in Profile#load_checks_params could be nil. * Use safe navigation rather than checking if tests is nil. Update tests to point to unsupported_inspec and account for WARN changes. Make unsupported_inspec profile support os-family 'unsupported_inspec' * Fix skip bug when using include/require controls. (#3487) * Fix skip bug when using include/require controls. * fix test and feedback. * Remove need for UUID detection for Automate report (#3507) * Add json metadata for skipped profiles (#3495) * Add skip metadata to json reports * Unify skip messages. * Update with status field. * Add testing. * Fix tests. * lint * Add skip exit codes for profile skips. * Update website for 3.0 launch Add `plugins` to sidebar. Change 2.0 -> 3.0 in slim files. Update 3.0 features list. * Fix comments * Update float to numeric. * Change Float to numeric. * updated feature list and impact doc * Change "What's new in InSpec 3.0" -> "Announcing InSpec 3.0" * Bump VERSION to 3.0.0 (#3511) * Remove 3.0 testing checks. * Fix azure link.
2018-10-15 22:25:27 +00:00
"status" => "loaded",
2016-05-07 18:17:09 +00:00
"attributes" => []
})
2016-07-04 09:47:46 +00:00
groups.sort_by { |x| x['id'] }.must_equal([
{"id"=>"controls/example.rb", "title"=>"/tmp profile", "controls"=>["tmp-1.0", key]},
{"id"=>"controls/gordon.rb", "title"=>"Gordon Config Checks", "controls"=>["gordon-1.0"]},
2016-09-16 21:59:31 +00:00
{"id"=>"controls/meta.rb", "title"=>"SSH Server Configuration", "controls"=>["ssh-1"]},
2016-07-04 09:47:46 +00:00
])
end
it 'must have 4 controls' do
controls.length.must_equal 4
end
it 'has an id for every control' do
2016-07-04 09:47:46 +00:00
controls.find { |x| x['id'].nil? }.must_be :nil?
end
it 'has results for every control' do
ex1['results'].length.must_equal 1
ex2['results'].length.must_equal 1
ex3['results'].length.must_equal 2
end
it 'has the right result for tmp-1.0' do
actual = ex1.dup
src = actual.delete('source_location')
src['ref'].must_match %r{test/unit/mock/profiles/old-examples/profile/controls/example.rb$}
src['line'].must_equal 7
result = actual.delete('results')[0]
result.wont_be :nil?
result['status'].must_equal 'passed'
result['code_desc'].must_equal 'File /tmp should be directory'
result['run_time'].wont_be :nil?
result['start_time'].wont_be :nil?
actual.must_equal({
"id"=>"tmp-1.0",
"title"=>"Create /tmp directory",
"desc"=>"An optional description...",
"descriptions"=>[{"label"=>"default", "data"=>"An optional description..."}, {"label"=>"label", "data"=>"An optional description with a label"}],
"impact"=>0.7,
"refs"=>[{"url"=>"http://...", "ref"=>"Document A-12"}],
"tags"=>{"data"=>"temp data", "security"=>nil},
"code"=>"control \"tmp-1.0\" do # A unique ID for this control\n impact 0.7 # The criticality, if this control fails.\n title \"Create /tmp directory\" # A human-readable title\n desc \"An optional description...\" # Describe why this is needed\n desc \"label\", \"An optional description with a label\" # Pair a part of the description with a label\n tag data: \"temp data\" # A tag allows you to associate key information\n tag \"security\" # to the test\n ref \"Document A-12\", url: 'http://...' # Additional references\n\n describe file('/tmp') do # The actual test\n it { should be_directory }\n end\nend\n"
})
end
end
describe 'with a profile that is not supported on this OS/platform' do
let(:out) { inspec('exec ' + File.join(profile_path, 'skippy-profile-os') + ' --reporter json --no-create-lockfile') }
let(:json) { JSON.load(out.stdout) }
# TODO: failure handling in json formatters...
it 'never runs the actual resource' do
File.exist?('/tmp/inspec_test_DONT_CREATE').must_equal false
end
end
end