inspec/test/functional/inspec_check_test.rb

103 lines
3.6 KiB
Ruby
Raw Normal View History

# author: Dominik Richter
# author: Christoph Hartmann
require 'functional/helper'
require 'jsonschema'
require 'tmpdir'
describe 'inspec check' do
include FunctionalHelper
describe 'inspec check with json formatter' do
it 'can check a profile and produce valid JSON' do
out = inspec('check ' + example_profile + ' --format json')
out.exit_status.must_equal 0
JSON.parse(out.stdout)
end
end
describe 'inspec check with special characters in path' do
it 'can check a profile with special characters in its path' do
out = inspec('check ' + File.join(profile_path, '{{special-path}}'))
out.exit_status.must_equal 0
end
end
describe 'inspec check with skipping/failing a resource in FilterTable' do
it 'can check a profile containing resource exceptions' do
out = inspec('check ' + File.join(profile_path, 'profile-with-resource-exceptions'))
out.exit_status.must_equal 0
end
end
describe 'inspec check with a profile containing only_if' do
it 'ignores the `only_if`' do
out = inspec('check ' + File.join(profile_path, 'only-if-os-nope'))
out.exit_status.must_equal 0
end
end
describe 'inspec check with a aws profile' do
it 'ignore train connection error' do
out = inspec('check ' + File.join(examples_path, 'profile-aws'))
out.exit_status.must_equal 0
end
end
describe 'inspec check with a azure profile' do
it 'ignore train connection error' do
out = inspec('check ' + File.join(examples_path, 'profile-azure'))
out.exit_status.must_equal 0
end
end
describe 'inspec check with alternate cache dir' do
it 'writes to the alternate cache dir' do
Dir.mktmpdir do |tmpdir|
cache_dir = File.join(tmpdir, "inspec_check_test_cache")
File.exist?(cache_dir).must_equal false
out = inspec('check ' + integration_test_path + ' --vendor-cache ' + cache_dir)
out.exit_status.must_equal 0
File.exist?(cache_dir).must_equal true
end
end
end
describe 'inspec check for lockfile and dependencies' do
it 'can check a profile where a lock file is not required' do
out = inspec('check ' + File.join(profile_path, 'profile-lock-notrequired'))
out.exit_status.must_equal 0
end
it 'can check a profile where a lock file is required' do
out = inspec('check ' + File.join(profile_path, 'profile-lock-required'))
out.exit_status.must_equal 1
out.stdout.must_include 'profile needs to be vendored with `inspec vendor`.'
end
it 'can check a profile where lock file and inspec.yml are in synnc' do
out = inspec('check ' + File.join(profile_path, 'profile-lock-insync'))
out.exit_status.must_equal 0
end
it 'can check a profile where lock file and inspec.yml are in not synnc' do
out = inspec('check ' + File.join(profile_path, 'profile-lock-outofsync'))
out.exit_status.must_equal 1
out.stdout.must_include 'inspec.yml and inspec.lock are out-of-sync. Please re-vendor with `inspec vendor`.'
out.stdout.must_include 'Cannot find linux-baseline in lockfile. Please re-vendor with `inspec vendor`.'
end
end
describe 'inspec check with invalid `include_controls` reference' do
it 'raises an error matching /Cannot load \'invalid_name\'/' do
invalid_profile = File.join(profile_path, 'invalid-include-controls')
out = inspec('check ' + invalid_profile)
out.exit_status.must_equal 1
out.stderr.must_match /Cannot load 'no_such_profile'/
out.stderr.must_match /not listed as a dependency/
end
end
end