2019-06-11 22:24:35 +00:00
|
|
|
require "functional/helper"
|
|
|
|
require "tmpdir"
|
2017-08-15 18:41:24 +00:00
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
describe "inspec check" do
|
2017-08-15 18:41:24 +00:00
|
|
|
include FunctionalHelper
|
|
|
|
|
2019-09-17 00:40:51 +00:00
|
|
|
parallelize_me!
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
describe "inspec check with json formatter" do
|
|
|
|
it "can check a profile and produce valid JSON" do
|
|
|
|
out = inspec("check " + example_profile + " --format json")
|
2019-07-23 01:44:43 +00:00
|
|
|
|
2017-09-23 07:16:25 +00:00
|
|
|
JSON.parse(out.stdout)
|
2019-07-23 01:44:43 +00:00
|
|
|
assert_exit_code 0, out
|
2017-09-23 07:16:25 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
describe "inspec check with special characters in path" do
|
|
|
|
it "can check a profile with special characters in its path" do
|
|
|
|
out = inspec("check " + File.join(profile_path, "{{special-path}}"))
|
2019-07-23 01:44:43 +00:00
|
|
|
|
|
|
|
assert_exit_code 0, out
|
2017-09-23 07:16:25 +00:00
|
|
|
end
|
2017-08-15 18:41:24 +00:00
|
|
|
end
|
2017-11-29 12:32:40 +00:00
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
describe "inspec check with skipping/failing a resource in FilterTable" do
|
|
|
|
it "can check a profile containing resource exceptions" do
|
|
|
|
out = inspec("check " + File.join(profile_path, "profile-with-resource-exceptions"))
|
2019-07-23 01:44:43 +00:00
|
|
|
|
|
|
|
assert_exit_code 0, out
|
2017-11-29 12:32:40 +00:00
|
|
|
end
|
|
|
|
end
|
2017-12-05 13:13:41 +00:00
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
describe "inspec check with a profile containing only_if" do
|
|
|
|
it "ignores the `only_if`" do
|
|
|
|
out = inspec("check " + File.join(profile_path, "only-if-os-nope"))
|
2019-07-23 01:44:43 +00:00
|
|
|
|
|
|
|
assert_exit_code 0, out
|
2017-12-05 13:13:41 +00:00
|
|
|
end
|
|
|
|
end
|
2018-02-26 16:01:23 +00:00
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
describe "inspec check with a aws profile" do
|
|
|
|
it "ignore train connection error" do
|
|
|
|
out = inspec("check " + File.join(examples_path, "profile-aws"))
|
2022-03-10 13:02:11 +00:00
|
|
|
assert_exit_code 3, out
|
2018-02-26 16:01:23 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
describe "inspec check with a azure profile" do
|
|
|
|
it "ignore train connection error" do
|
|
|
|
out = inspec("check " + File.join(examples_path, "profile-azure"))
|
2019-07-23 01:44:43 +00:00
|
|
|
|
2022-03-10 13:02:11 +00:00
|
|
|
assert_exit_code 3, out
|
2018-02-26 16:01:23 +00:00
|
|
|
end
|
|
|
|
end
|
2018-08-07 16:12:41 +00:00
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
describe "inspec check with alternate cache dir" do
|
|
|
|
it "writes to the alternate cache dir" do
|
2018-08-07 16:12:41 +00:00
|
|
|
Dir.mktmpdir do |tmpdir|
|
|
|
|
cache_dir = File.join(tmpdir, "inspec_check_test_cache")
|
2019-09-30 22:31:55 +00:00
|
|
|
_(File.exist?(cache_dir)).must_equal false
|
2019-11-09 03:08:20 +00:00
|
|
|
good_profile_path = File.join(repo_path, "test/fixtures/profiles/complete-profile")
|
2019-10-17 21:55:58 +00:00
|
|
|
out = inspec("check #{good_profile_path} --vendor-cache #{cache_dir}")
|
2018-08-07 16:12:41 +00:00
|
|
|
|
2019-09-30 22:31:55 +00:00
|
|
|
_(File.exist?(cache_dir)).must_equal true
|
2019-07-23 01:44:43 +00:00
|
|
|
assert_exit_code 0, out
|
2018-08-07 16:12:41 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2018-10-25 18:44:29 +00:00
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
describe "inspec check for lockfile and dependencies" do
|
|
|
|
it "can check a profile where a lock file is not required" do
|
|
|
|
out = inspec("check " + File.join(profile_path, "profile-lock-notrequired"))
|
2019-07-23 01:44:43 +00:00
|
|
|
|
|
|
|
assert_exit_code 0, out
|
2018-10-25 18:44:29 +00:00
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "can check a profile where a lock file is required" do
|
|
|
|
out = inspec("check " + File.join(profile_path, "profile-lock-required"))
|
2019-07-23 01:44:43 +00:00
|
|
|
|
2019-09-30 22:31:55 +00:00
|
|
|
_(out.stdout).must_include "profile needs to be vendored with `inspec vendor`."
|
2019-07-23 01:44:43 +00:00
|
|
|
assert_exit_code 1, out
|
2018-10-25 18:44:29 +00:00
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "can check a profile where lock file and inspec.yml are in synnc" do
|
|
|
|
out = inspec("check " + File.join(profile_path, "profile-lock-insync"))
|
2019-07-23 01:44:43 +00:00
|
|
|
|
|
|
|
assert_exit_code 0, out
|
2018-10-25 18:44:29 +00:00
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
it "can check a profile where lock file and inspec.yml are in not synnc" do
|
|
|
|
out = inspec("check " + File.join(profile_path, "profile-lock-outofsync"))
|
2019-07-23 01:44:43 +00:00
|
|
|
|
2019-09-30 22:31:55 +00:00
|
|
|
_(out.stdout).must_include "inspec.yml and inspec.lock are out-of-sync. Please re-vendor with `inspec vendor`."
|
|
|
|
_(out.stdout).must_include "Cannot find linux-baseline in lockfile. Please re-vendor with `inspec vendor`."
|
2019-07-23 01:44:43 +00:00
|
|
|
assert_exit_code 1, out
|
2019-01-30 06:36:27 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
describe "inspec check with invalid `include_controls` reference" do
|
|
|
|
it "raises an error matching /Cannot load 'invalid_name'/" do
|
|
|
|
invalid_profile = File.join(profile_path, "invalid-include-controls")
|
|
|
|
out = inspec("check " + invalid_profile)
|
2019-07-23 01:44:43 +00:00
|
|
|
|
2019-09-30 22:31:55 +00:00
|
|
|
_(out.stderr).must_match(/Cannot load 'no_such_profile'/)
|
|
|
|
_(out.stderr).must_match(/not listed as a dependency/)
|
2019-07-23 01:44:43 +00:00
|
|
|
assert_exit_code 1, out
|
2019-01-30 06:36:27 +00:00
|
|
|
end
|
2018-10-25 18:44:29 +00:00
|
|
|
end
|
2019-08-27 03:19:18 +00:00
|
|
|
|
|
|
|
describe "inspec check with unsatisfied runtime version constraint" do
|
|
|
|
it "should enforce runtime version constraint" do
|
|
|
|
out = inspec("check #{profile_path}/unsupported_inspec")
|
2019-09-30 22:31:55 +00:00
|
|
|
_(out.stdout).must_include "The current inspec version #{Inspec::VERSION}"
|
|
|
|
_(out.stdout).must_include ">= 99.0.0"
|
2019-08-27 03:19:18 +00:00
|
|
|
assert_exit_code 1, out
|
|
|
|
end
|
|
|
|
end
|
2021-08-16 10:17:22 +00:00
|
|
|
|
|
|
|
describe "inspec check also check for cookstyle offenses" do
|
2022-04-14 16:17:10 +00:00
|
|
|
it "finds no offenses in a complete profile when --with-cookstyle option is provided" do
|
2021-11-16 04:53:18 +00:00
|
|
|
skip if windows? # see #5723
|
2022-04-14 16:17:10 +00:00
|
|
|
out = inspec("check #{profile_path}/complete-profile --with-cookstyle")
|
2021-08-25 10:29:13 +00:00
|
|
|
_(out.stdout).must_match(/No errors, warnings, or offenses/)
|
2021-08-16 10:17:22 +00:00
|
|
|
assert_exit_code 0, out
|
|
|
|
end
|
|
|
|
|
2022-04-14 16:17:10 +00:00
|
|
|
it "fails and returns offenses in a profile when --with-cookstyle option is provided" do
|
2021-11-16 04:53:18 +00:00
|
|
|
skip if windows? # see #5723
|
2022-04-14 16:17:10 +00:00
|
|
|
out = inspec("check #{profile_path}/inputs/metadata-basic --with-cookstyle")
|
2021-08-18 10:03:36 +00:00
|
|
|
_(out.stdout).must_match(/1 offenses/)
|
2021-08-16 10:17:22 +00:00
|
|
|
assert_exit_code 1, out
|
|
|
|
end
|
|
|
|
end
|
2017-08-15 18:41:24 +00:00
|
|
|
end
|