2017-04-24 14:47:03 +00:00
|
|
|
---
|
|
|
|
title: About the docker_image Resource
|
2018-02-16 00:28:15 +00:00
|
|
|
platform: linux
|
2017-04-24 14:47:03 +00:00
|
|
|
---
|
|
|
|
|
|
|
|
# docker_image
|
|
|
|
|
2018-03-14 15:01:12 +00:00
|
|
|
Use the `docker_image` InSpec audit resource to verify a Docker image.
|
2017-04-24 14:47:03 +00:00
|
|
|
|
2017-10-03 21:35:10 +00:00
|
|
|
<br>
|
|
|
|
|
2018-08-09 12:34:49 +00:00
|
|
|
## Availability
|
|
|
|
|
|
|
|
### Installation
|
|
|
|
|
|
|
|
This resource is distributed along with InSpec itself. You can use it automatically.
|
|
|
|
|
|
|
|
### Version
|
|
|
|
|
|
|
|
This resource first became available in v1.21.0 of InSpec.
|
|
|
|
|
2017-04-24 14:47:03 +00:00
|
|
|
## Syntax
|
|
|
|
|
|
|
|
A `docker_image` resource block declares the image:
|
|
|
|
|
|
|
|
describe docker_image('alpine:latest') do
|
|
|
|
it { should exist }
|
|
|
|
its('id') { should eq 'sha256:4a415e...a526' }
|
|
|
|
its('repo') { should eq 'alpine' }
|
|
|
|
its('tag') { should eq 'latest' }
|
|
|
|
end
|
|
|
|
|
2018-02-02 13:13:04 +00:00
|
|
|
<br>
|
|
|
|
|
|
|
|
## Resource Parameter Examples
|
|
|
|
|
2017-04-24 14:47:03 +00:00
|
|
|
The resource allows you to pass in an image id:
|
|
|
|
|
|
|
|
describe docker_image(id: alpine_id) do
|
|
|
|
...
|
|
|
|
end
|
|
|
|
|
|
|
|
If the tag is missing for an image, `latest` is assumed as default:
|
|
|
|
|
|
|
|
describe docker_image('alpine') do
|
|
|
|
...
|
|
|
|
end
|
|
|
|
|
|
|
|
You can also pass in repository and tag as separate values
|
|
|
|
|
|
|
|
describe docker_image(repo: 'alpine', tag: 'latest') do
|
|
|
|
...
|
|
|
|
end
|
|
|
|
|
2017-10-03 21:35:10 +00:00
|
|
|
<br>
|
|
|
|
|
2018-02-02 13:13:04 +00:00
|
|
|
## Property Examples
|
2017-10-03 21:35:10 +00:00
|
|
|
|
2018-02-02 13:13:04 +00:00
|
|
|
### id
|
|
|
|
|
|
|
|
The `id` property returns the full image id:
|
|
|
|
|
|
|
|
its('id') { should eq 'sha256:4a415e3663882fbc554ee830889c68a33b3585503892cc718a4698e91ef2a526' }
|
|
|
|
|
|
|
|
### image
|
|
|
|
|
|
|
|
The `image` property tests the value of the image. It is a combination of `repository/tag`:
|
|
|
|
|
|
|
|
its('image') { should eq 'alpine:latest' }
|
|
|
|
|
|
|
|
### repo
|
|
|
|
|
|
|
|
The `repo` property tests the value of the repository name:
|
|
|
|
|
|
|
|
its('repo') { should eq 'alpine' }
|
|
|
|
|
|
|
|
### tag
|
|
|
|
|
|
|
|
The `tag` property tests the value of image tag:
|
|
|
|
|
|
|
|
its('tag') { should eq 'latest' }
|
2017-10-03 21:35:10 +00:00
|
|
|
|
2018-03-14 15:01:12 +00:00
|
|
|
### Test a Docker image
|
2017-10-03 21:35:10 +00:00
|
|
|
|
|
|
|
describe docker_image('alpine:latest') do
|
|
|
|
it { should exist }
|
|
|
|
its('id') { should eq 'sha256:4a415e...a526' }
|
|
|
|
its('image') { should eq 'alpine:latest' }
|
|
|
|
its('repo') { should eq 'alpine' }
|
|
|
|
its('tag') { should eq 'latest' }
|
|
|
|
end
|
|
|
|
|
|
|
|
<br>
|
2017-04-24 14:47:03 +00:00
|
|
|
|
|
|
|
## Matchers
|
|
|
|
|
2018-02-16 03:07:18 +00:00
|
|
|
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
2017-04-24 14:47:03 +00:00
|
|
|
|
|
|
|
### exist
|
|
|
|
|
|
|
|
The `exist` matcher tests if the image is available on the node:
|
|
|
|
|
|
|
|
it { should exist }
|
|
|
|
|