2017-08-15 18:41:24 +00:00
|
|
|
# encoding: utf-8
|
|
|
|
# author: Dominik Richter
|
|
|
|
# author: Christoph Hartmann
|
|
|
|
|
|
|
|
require 'functional/helper'
|
|
|
|
require 'jsonschema'
|
2018-08-07 16:12:41 +00:00
|
|
|
require 'tmpdir'
|
2017-08-15 18:41:24 +00:00
|
|
|
|
2017-09-23 07:16:25 +00:00
|
|
|
describe 'inspec check' do
|
2017-08-15 18:41:24 +00:00
|
|
|
include FunctionalHelper
|
|
|
|
|
2017-09-23 07:16:25 +00:00
|
|
|
describe 'inspec check with json formatter' do
|
|
|
|
it 'can check a profile and produce valid JSON' do
|
|
|
|
out = inspec('check ' + integration_test_path + ' --format json')
|
|
|
|
out.exit_status.must_equal 0
|
|
|
|
JSON.parse(out.stdout)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'inspec check with special characters in path' do
|
|
|
|
it 'can check a profile with special characters in its path' do
|
|
|
|
out = inspec('check ' + File.join(profile_path, '{{special-path}}'))
|
|
|
|
out.exit_status.must_equal 0
|
|
|
|
end
|
2017-08-15 18:41:24 +00:00
|
|
|
end
|
2017-11-29 12:32:40 +00:00
|
|
|
|
|
|
|
describe 'inspec check with skipping/failing a resource in FilterTable' do
|
2018-02-23 20:28:54 +00:00
|
|
|
it 'can check a profile containing resource exceptions' do
|
2017-11-29 12:32:40 +00:00
|
|
|
out = inspec('check ' + File.join(profile_path, 'profile-with-resource-exceptions'))
|
|
|
|
out.exit_status.must_equal 0
|
|
|
|
end
|
|
|
|
end
|
2017-12-05 13:13:41 +00:00
|
|
|
|
|
|
|
describe 'inspec check with a profile containing only_if' do
|
|
|
|
it 'ignores the `only_if`' do
|
|
|
|
out = inspec('check ' + File.join(profile_path, 'only-if-os-nope'))
|
|
|
|
out.exit_status.must_equal 0
|
|
|
|
end
|
|
|
|
end
|
2018-02-26 16:01:23 +00:00
|
|
|
|
|
|
|
describe 'inspec check with a aws profile' do
|
|
|
|
it 'ignore train connection error' do
|
|
|
|
out = inspec('check ' + File.join(examples_path, 'profile-aws'))
|
|
|
|
out.exit_status.must_equal 0
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'inspec check with a azure profile' do
|
|
|
|
it 'ignore train connection error' do
|
|
|
|
out = inspec('check ' + File.join(examples_path, 'profile-azure'))
|
|
|
|
out.exit_status.must_equal 0
|
|
|
|
end
|
|
|
|
end
|
2018-08-07 16:12:41 +00:00
|
|
|
|
|
|
|
describe 'inspec check with alternate cache dir' do
|
|
|
|
it 'writes to the alternate cache dir' do
|
|
|
|
Dir.mktmpdir do |tmpdir|
|
|
|
|
cache_dir = File.join(tmpdir, "inspec_check_test_cache")
|
|
|
|
|
|
|
|
File.exist?(cache_dir).must_equal false
|
|
|
|
out = inspec('check ' + integration_test_path + ' --vendor-cache ' + cache_dir)
|
|
|
|
out.exit_status.must_equal 0
|
|
|
|
|
|
|
|
File.exist?(cache_dir).must_equal true
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2018-10-25 18:44:29 +00:00
|
|
|
|
|
|
|
describe 'inspec check for lockfile and dependencies' do
|
|
|
|
it 'can check a profile where a lock file is not required' do
|
|
|
|
out = inspec('check ' + File.join(profile_path, 'profile-lock-notrequired'))
|
|
|
|
out.exit_status.must_equal 0
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'can check a profile where a lock file is required' do
|
|
|
|
out = inspec('check ' + File.join(profile_path, 'profile-lock-required'))
|
|
|
|
out.exit_status.must_equal 1
|
|
|
|
out.stdout.must_include 'profile needs to be vendored with `inspec vendor`.'
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'can check a profile where lock file and inspec.yml are in synnc' do
|
|
|
|
out = inspec('check ' + File.join(profile_path, 'profile-lock-insync'))
|
|
|
|
out.exit_status.must_equal 0
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'can check a profile where lock file and inspec.yml are in not synnc' do
|
|
|
|
out = inspec('check ' + File.join(profile_path, 'profile-lock-outofsync'))
|
|
|
|
out.exit_status.must_equal 1
|
|
|
|
out.stdout.must_include 'inspec.yml and inspec.lock are out-of-sync. Please re-vendor with `inspec vendor`.'
|
|
|
|
out.stdout.must_include 'Cannot find linux-baseline in lockfile. Please re-vendor with `inspec vendor`.'
|
2019-01-30 06:36:27 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'inspec check with invalid `include_controls` reference' do
|
|
|
|
it 'raises an error matching /Cannot load \'invalid_name\'/' do
|
|
|
|
invalid_profile = File.join(profile_path, 'invalid-include-controls')
|
|
|
|
out = inspec('check ' + invalid_profile)
|
|
|
|
out.exit_status.must_equal 1
|
2019-01-30 17:26:04 +00:00
|
|
|
out.stderr.must_match /Cannot load 'no_such_profile'/
|
|
|
|
out.stderr.must_match /not listed as a dependency/
|
2019-01-30 06:36:27 +00:00
|
|
|
end
|
2018-10-25 18:44:29 +00:00
|
|
|
end
|
2017-08-15 18:41:24 +00:00
|
|
|
end
|