2016-11-09 14:41:48 +00:00
|
|
|
# encoding: utf-8
|
|
|
|
# author: Christoph Hartmann
|
|
|
|
require 'functional/helper'
|
2017-06-12 12:01:26 +00:00
|
|
|
require 'tmpdir'
|
2016-11-09 14:41:48 +00:00
|
|
|
|
|
|
|
describe 'example inheritance profile' do
|
|
|
|
include FunctionalHelper
|
2016-11-09 17:12:22 +00:00
|
|
|
let(:inheritance_path) { File.join(examples_path, 'inheritance') }
|
|
|
|
let(:meta_path) { File.join(examples_path, 'meta-profile') }
|
2016-11-09 14:41:48 +00:00
|
|
|
|
|
|
|
it 'can vendor profile dependencies' do
|
2017-06-12 12:01:26 +00:00
|
|
|
prepare_examples('inheritance') do |dir|
|
|
|
|
out = inspec('vendor ' + dir + ' --overwrite')
|
|
|
|
out.stderr.must_equal ''
|
|
|
|
out.stdout.must_include "Dependencies for profile #{dir} successfully vendored to #{dir}/vendor"
|
|
|
|
out.exit_status.must_equal 0
|
|
|
|
|
|
|
|
File.exist?(File.join(dir, 'vendor')).must_equal true
|
|
|
|
File.exist?(File.join(dir, 'inspec.lock')).must_equal true
|
|
|
|
end
|
2016-11-09 14:41:48 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'can vendor profile dependencies from the profile path' do
|
2017-06-12 12:01:26 +00:00
|
|
|
prepare_examples('inheritance') do |dir|
|
|
|
|
out = inspec('vendor --overwrite', "cd #{dir} &&")
|
|
|
|
out.stderr.must_equal ''
|
|
|
|
out.exit_status.must_equal 0
|
2018-02-13 14:04:30 +00:00
|
|
|
# this fixes the osx /var symlink to /private/var causing this test to fail
|
|
|
|
out.stdout.gsub!('/private/var', '/var')
|
2017-06-12 12:01:26 +00:00
|
|
|
out.stdout.must_include "Dependencies for profile #{dir} successfully vendored to #{dir}/vendor"
|
|
|
|
|
|
|
|
File.exist?(File.join(dir, 'vendor')).must_equal true
|
|
|
|
File.exist?(File.join(dir, 'inspec.lock')).must_equal true
|
2016-11-29 23:12:47 +00:00
|
|
|
end
|
2016-11-09 14:41:48 +00:00
|
|
|
end
|
2016-11-09 17:12:22 +00:00
|
|
|
|
2018-05-31 17:53:14 +00:00
|
|
|
it 'can vendor profile dependencies from git' do
|
|
|
|
git_depends_path = File.join(profile_path, 'git-depends')
|
|
|
|
|
|
|
|
Dir.mktmpdir do |tmpdir|
|
|
|
|
FileUtils.cp_r(git_depends_path + '/.', tmpdir)
|
|
|
|
File.exist?(File.join(tmpdir, 'vendor')).must_equal false
|
|
|
|
|
|
|
|
out = inspec('vendor ' + tmpdir + ' --overwrite')
|
|
|
|
out.stderr.must_equal ''
|
|
|
|
out.exit_status.must_equal 0
|
|
|
|
|
|
|
|
out.stdout.must_include "Dependencies for profile #{tmpdir} successfully vendored to #{tmpdir}/vendor"
|
|
|
|
|
|
|
|
File.exist?(File.join(tmpdir, 'vendor')).must_equal true
|
|
|
|
File.exist?(File.join(tmpdir, 'inspec.lock')).must_equal true
|
2018-07-05 17:54:53 +00:00
|
|
|
# Check that our vendor directory exists
|
|
|
|
Dir.glob(File.join(tmpdir, 'vendor', '*')).length.must_equal 1
|
|
|
|
# Check that our vendor directory has contents
|
|
|
|
Dir.glob(File.join(tmpdir, 'vendor', '*', '*')).length.must_be :>=, 8
|
2018-05-31 17:53:14 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-11-09 17:12:22 +00:00
|
|
|
it 'ensure nothing is loaded from external source if vendored profile is used' do
|
2017-06-12 12:01:26 +00:00
|
|
|
prepare_examples('meta-profile') do |dir|
|
|
|
|
out = inspec('vendor ' + dir + ' --overwrite')
|
|
|
|
out.stderr.must_equal ''
|
|
|
|
out.exit_status.must_equal 0
|
|
|
|
|
|
|
|
File.exist?(File.join(dir, 'vendor')).must_equal true
|
|
|
|
File.exist?(File.join(dir, 'inspec.lock')).must_equal true
|
|
|
|
|
|
|
|
out = inspec('exec ' + dir + ' -l debug --no-create-lockfile')
|
2018-02-14 16:54:20 +00:00
|
|
|
out.stderr.must_equal ''
|
2017-06-12 12:01:26 +00:00
|
|
|
out.stdout.must_include 'Using cached dependency for {:url=>"https://github.com/dev-sec/ssh-baseline/archive/master.tar.gz"'
|
|
|
|
out.stdout.must_include 'Using cached dependency for {:url=>"https://github.com/dev-sec/ssl-baseline/archive/master.tar.gz"'
|
|
|
|
out.stdout.must_include 'Using cached dependency for {:url=>"https://github.com/chris-rock/windows-patch-benchmark/archive/master.tar.gz"'
|
|
|
|
out.stdout.wont_include 'Fetching URL:'
|
|
|
|
out.stdout.wont_include 'Fetched archive moved to:'
|
2016-11-29 23:12:47 +00:00
|
|
|
end
|
2016-11-09 17:12:22 +00:00
|
|
|
end
|
|
|
|
|
2016-11-30 09:19:26 +00:00
|
|
|
it 'ensure json/check command do not fetch remote profiles if vendored' do
|
2017-06-12 12:01:26 +00:00
|
|
|
prepare_examples('meta-profile') do |dir|
|
|
|
|
out = inspec('vendor ' + dir + ' --overwrite')
|
|
|
|
out.stderr.must_equal ''
|
|
|
|
out.exit_status.must_equal 0
|
2016-11-29 12:39:29 +00:00
|
|
|
|
2017-06-12 12:01:26 +00:00
|
|
|
out = inspec('json ' + dir + ' --output ' + dst.path)
|
2018-03-22 12:25:45 +00:00
|
|
|
out.stderr.must_equal ''
|
2017-06-12 12:01:26 +00:00
|
|
|
out.exit_status.must_equal 0
|
2016-11-29 12:39:29 +00:00
|
|
|
|
2017-06-12 12:01:26 +00:00
|
|
|
hm = JSON.load(File.read(dst.path))
|
|
|
|
hm['name'].must_equal 'meta-profile'
|
|
|
|
hm['controls'].length.must_be :>=, 78
|
|
|
|
|
|
|
|
# out.stdout.scan(/Copy .* to cache directory/).length.must_equal 3
|
|
|
|
# out.stdout.scan(/Dependency does not exist in the cache/).length.must_equal 1
|
|
|
|
out.stdout.scan(/Fetching URL:/).length.must_equal 0
|
2016-11-29 12:39:29 +00:00
|
|
|
|
2017-06-12 12:01:26 +00:00
|
|
|
# execute check command
|
|
|
|
out = inspec('check ' + dir + ' -l debug')
|
|
|
|
# stderr may have warnings included; only test if something went wrong
|
|
|
|
out.stderr.must_equal('') if out.exit_status != 0
|
|
|
|
out.exit_status.must_equal 0
|
2016-11-29 12:39:29 +00:00
|
|
|
|
2017-06-12 12:01:26 +00:00
|
|
|
out.stdout.scan(/Fetching URL:/).length.must_equal 0
|
|
|
|
end
|
2016-11-29 12:39:29 +00:00
|
|
|
end
|
2016-11-29 23:12:47 +00:00
|
|
|
|
|
|
|
it 'use lockfile in tarball' do
|
2017-06-12 12:01:26 +00:00
|
|
|
prepare_examples('meta-profile') do |dir|
|
|
|
|
# ensure the profile is vendored and packaged as tar
|
|
|
|
out = inspec('vendor ' + dir + ' --overwrite')
|
2018-03-22 12:25:45 +00:00
|
|
|
out.stderr.must_equal ''
|
|
|
|
out.exit_status.must_equal 0
|
|
|
|
|
2017-06-12 12:01:26 +00:00
|
|
|
out = inspec('archive ' + dir + ' --overwrite')
|
2018-03-22 12:25:45 +00:00
|
|
|
out.stderr.must_equal ''
|
2017-06-12 12:01:26 +00:00
|
|
|
out.exit_status.must_equal 0
|
|
|
|
|
|
|
|
# execute json command
|
|
|
|
out = inspec('json meta-profile-0.2.0.tar.gz -l debug')
|
|
|
|
# stderr may have warnings included; only test if something went wrong
|
|
|
|
out.stderr.must_equal('') if out.exit_status != 0
|
|
|
|
out.exit_status.must_equal 0
|
|
|
|
|
|
|
|
out.stdout.scan(/Fetching URL:/).length.must_equal 0
|
|
|
|
end
|
2016-11-29 23:12:47 +00:00
|
|
|
end
|
2017-12-12 16:28:07 +00:00
|
|
|
|
|
|
|
it 'can move vendor files into custom vendor cache' do
|
|
|
|
prepare_examples('meta-profile') do |dir|
|
|
|
|
out = inspec('vendor ' + dir + ' --overwrite')
|
|
|
|
out.stderr.must_equal ''
|
|
|
|
out.exit_status.must_equal 0
|
|
|
|
|
|
|
|
File.exist?(File.join(dir, 'vendor')).must_equal true
|
|
|
|
File.exist?(File.join(dir, 'inspec.lock')).must_equal true
|
|
|
|
File.exist?(File.join(dir, 'vendor_cache')).must_equal false
|
|
|
|
|
2018-07-05 18:19:41 +00:00
|
|
|
# Run `inspec exec` to create vendor cache
|
|
|
|
inspec('exec ' + dir + ' --vendor-cache ' + dir + '/vendor_cache')
|
2017-12-12 16:28:07 +00:00
|
|
|
|
|
|
|
File.exist?(File.join(dir, 'vendor_cache')).must_equal true
|
2018-07-05 18:19:41 +00:00
|
|
|
vendor_files = Dir.entries("#{dir}/vendor/").sort
|
|
|
|
vendor_cache_files = Dir.entries("#{dir}/vendor_cache/").sort
|
2017-12-12 16:28:07 +00:00
|
|
|
vendor_files.must_equal vendor_cache_files
|
|
|
|
end
|
|
|
|
end
|
2016-11-09 14:41:48 +00:00
|
|
|
end
|