2016-11-09 14:41:48 +00:00
# encoding: utf-8
# author: Christoph Hartmann
require 'functional/helper'
2017-06-12 12:01:26 +00:00
require 'tmpdir'
2016-11-09 14:41:48 +00:00
describe 'example inheritance profile' do
include FunctionalHelper
2016-11-09 17:12:22 +00:00
let ( :inheritance_path ) { File . join ( examples_path , 'inheritance' ) }
let ( :meta_path ) { File . join ( examples_path , 'meta-profile' ) }
2016-11-09 14:41:48 +00:00
it 'can vendor profile dependencies' do
2017-06-12 12:01:26 +00:00
prepare_examples ( 'inheritance' ) do | dir |
out = inspec ( 'vendor ' + dir + ' --overwrite' )
out . stderr . must_equal ''
out . stdout . must_include " Dependencies for profile #{ dir } successfully vendored to #{ dir } /vendor "
out . exit_status . must_equal 0
File . exist? ( File . join ( dir , 'vendor' ) ) . must_equal true
File . exist? ( File . join ( dir , 'inspec.lock' ) ) . must_equal true
end
2016-11-09 14:41:48 +00:00
end
it 'can vendor profile dependencies from the profile path' do
2017-06-12 12:01:26 +00:00
prepare_examples ( 'inheritance' ) do | dir |
out = inspec ( 'vendor --overwrite' , " cd #{ dir } && " )
out . stderr . must_equal ''
out . exit_status . must_equal 0
out . stdout . must_include " Dependencies for profile #{ dir } successfully vendored to #{ dir } /vendor "
File . exist? ( File . join ( dir , 'vendor' ) ) . must_equal true
File . exist? ( File . join ( dir , 'inspec.lock' ) ) . must_equal true
2016-11-29 23:12:47 +00:00
end
2016-11-09 14:41:48 +00:00
end
2016-11-09 17:12:22 +00:00
it 'ensure nothing is loaded from external source if vendored profile is used' do
2017-06-12 12:01:26 +00:00
prepare_examples ( 'meta-profile' ) do | dir |
out = inspec ( 'vendor ' + dir + ' --overwrite' )
out . stderr . must_equal ''
out . exit_status . must_equal 0
File . exist? ( File . join ( dir , 'vendor' ) ) . must_equal true
File . exist? ( File . join ( dir , 'inspec.lock' ) ) . must_equal true
out = inspec ( 'exec ' + dir + ' -l debug --no-create-lockfile' )
2018-01-05 20:17:37 +00:00
out . stderr . must_equal " [DEPRECATED] The use of inspec.yml `supports:inspec` is deprecated and will be removed in InSpec 2.0. Please use `inspec_version` instead. \n "
2017-06-12 12:01:26 +00:00
out . stdout . must_include 'Using cached dependency for {:url=>"https://github.com/dev-sec/ssh-baseline/archive/master.tar.gz"'
out . stdout . must_include 'Using cached dependency for {:url=>"https://github.com/dev-sec/ssl-baseline/archive/master.tar.gz"'
out . stdout . must_include 'Using cached dependency for {:url=>"https://github.com/chris-rock/windows-patch-benchmark/archive/master.tar.gz"'
out . stdout . wont_include 'Fetching URL:'
out . stdout . wont_include 'Fetched archive moved to:'
2016-11-29 23:12:47 +00:00
end
2016-11-09 17:12:22 +00:00
end
2016-11-30 09:19:26 +00:00
it 'ensure json/check command do not fetch remote profiles if vendored' do
2017-06-12 12:01:26 +00:00
prepare_examples ( 'meta-profile' ) do | dir |
out = inspec ( 'vendor ' + dir + ' --overwrite' )
out . stderr . must_equal ''
out . exit_status . must_equal 0
2016-11-29 12:39:29 +00:00
2017-06-12 12:01:26 +00:00
out = inspec ( 'json ' + dir + ' --output ' + dst . path )
out . exit_status . must_equal 0
2016-11-29 12:39:29 +00:00
2017-06-12 12:01:26 +00:00
hm = JSON . load ( File . read ( dst . path ) )
hm [ 'name' ] . must_equal 'meta-profile'
hm [ 'controls' ] . length . must_be :>= , 78
# out.stdout.scan(/Copy .* to cache directory/).length.must_equal 3
# out.stdout.scan(/Dependency does not exist in the cache/).length.must_equal 1
out . stdout . scan ( / Fetching URL: / ) . length . must_equal 0
2016-11-29 12:39:29 +00:00
2017-06-12 12:01:26 +00:00
# execute check command
out = inspec ( 'check ' + dir + ' -l debug' )
# stderr may have warnings included; only test if something went wrong
out . stderr . must_equal ( '' ) if out . exit_status != 0
out . exit_status . must_equal 0
2016-11-29 12:39:29 +00:00
2017-06-12 12:01:26 +00:00
out . stdout . scan ( / Fetching URL: / ) . length . must_equal 0
end
2016-11-29 12:39:29 +00:00
end
2016-11-29 23:12:47 +00:00
it 'use lockfile in tarball' do
2017-06-12 12:01:26 +00:00
prepare_examples ( 'meta-profile' ) do | dir |
# ensure the profile is vendored and packaged as tar
out = inspec ( 'vendor ' + dir + ' --overwrite' )
out = inspec ( 'archive ' + dir + ' --overwrite' )
out . exit_status . must_equal 0
# execute json command
out = inspec ( 'json meta-profile-0.2.0.tar.gz -l debug' )
# stderr may have warnings included; only test if something went wrong
out . stderr . must_equal ( '' ) if out . exit_status != 0
out . exit_status . must_equal 0
out . stdout . scan ( / Fetching URL: / ) . length . must_equal 0
end
2016-11-29 23:12:47 +00:00
end
2017-12-12 16:28:07 +00:00
it 'can move vendor files into custom vendor cache' do
prepare_examples ( 'meta-profile' ) do | dir |
out = inspec ( 'vendor ' + dir + ' --overwrite' )
out . stderr . must_equal ''
out . exit_status . must_equal 0
File . exist? ( File . join ( dir , 'vendor' ) ) . must_equal true
File . exist? ( File . join ( dir , 'inspec.lock' ) ) . must_equal true
File . exist? ( File . join ( dir , 'vendor_cache' ) ) . must_equal false
exec_out = inspec ( 'exec ' + dir + ' --vendor-cache ' + dir + '/vendor_cache' )
File . exist? ( File . join ( dir , 'vendor_cache' ) ) . must_equal true
vendor_files = Dir . entries ( " #{ dir } /vendor/ " )
vendor_cache_files = Dir . entries ( " #{ dir } /vendor_cache/ " )
vendor_files . must_equal vendor_cache_files
end
end
2016-11-09 14:41:48 +00:00
end
