inspec/test/unit/profiles/profile_test.rb

370 lines
14 KiB
Ruby
Raw Normal View History

2015-10-26 21:51:21 +00:00
# encoding: utf-8
require 'helper'
2016-01-16 07:00:52 +00:00
require 'inspec/profile_context'
2015-10-26 21:51:21 +00:00
describe Inspec::Profile do
let(:logger) { Minitest::Mock.new }
let(:home) { MockLoader.home }
2016-02-03 14:42:33 +00:00
2016-01-16 15:27:28 +00:00
describe 'with an empty profile' do
let(:profile) { MockLoader.load_profile('empty-metadata') }
2016-01-16 15:27:28 +00:00
it 'has a default name containing the original target' do
profile.params[:name].must_match(/tests from .*empty-metadata/)
2016-01-16 15:27:28 +00:00
end
it 'has no controls' do
profile.params[:controls].must_equal({})
2016-01-16 15:27:28 +00:00
end
end
describe 'with simple metadata in profile' do
let(:profile_id) { 'simple-metadata' }
let(:profile) { MockLoader.load_profile(profile_id) }
2016-01-16 15:27:28 +00:00
it 'has metadata' do
profile.params[:name].must_equal 'yumyum profile'
end
it 'has no controls' do
profile.params[:controls].must_equal({})
2016-01-16 15:27:28 +00:00
end
it 'can overwrite the profile ID' do
testID = rand.to_s
res = MockLoader.load_profile(profile_id, id: testID)
res.params[:name].must_equal testID
end
2016-01-16 15:27:28 +00:00
end
describe 'SHA256 sums' do
it 'works on an empty profile' do
MockLoader.load_profile('empty-metadata').sha256.must_equal 'ee95f4cf4258402604d4cc581a672bbd2f73d212b09cd4bcf1c5984e97e68963'
end
it 'works on a complete profile' do
Inspec 3.0 (#3512) * Remove deprecated yumrepo. (#3435) * Remove deprecations for cli `--format` and metadata.rb (#3452) * Remove deprecated database_helpers stderr/stdout methods. Update deprecation text for processes/apache. * Remove deprecations for `--format` and metadata.rb Remove deprecated `format` code. Remove deprecated code test and change json-config format test to use reporter. Remove deprecated metadata.rb code Remove deprecation notice for old supports syntax. Deprecate metadata.rb from source_reader Remove rubocop disables as they are no longer required for this code block. Remove deprecated legacy metadata.rb mock profiles. Remove deprecated metadata.rb profile tests. Remove deprecated yumrepo test. * Allow inspec-3.0 branch to be tested. * Allow appveyor to test inspec-3.0 branch * Change runner tests to use reporter rather than format. Remove deprecated `supports: linux` tests. * Remove skip from inherited profiles from showing up in reporting (breaking change) (#3332) * Skip loading dependency profiles if they are unsupported on the current platform. Skip loading dependencies if they are unsupported on the current platform. Wrap our log and next in a conditional checking if the platform is supported. Change a `if !` into a `unless` Check if the backend is a Train Mock Connection and if so say that the profile does support the platform. While iterating through tests being loaded skip when the platform is unsupported. We now log a WARN when a profile is skipped due to unsupported platform, so lets check that. Modified existing test to log that there are 0 skipped tests, instead of 2. Add functional test that loads profile-support-skip with a json reporter to check that our controls are not loaded and that stderr contains our warning. * Rather than iterating through each test return before recursion if the platform is unsupported. * Resolve tests using a supported platform different from testing platform Add a control to `test/unit/mock/profiles/complete-profile` that would work on any OS with a Internet connection. This allows the profile to execute on any OS with success. `filesystem_spec.rb` was a control that would only work on Linux and some BSD's. We want profile tests to consistently work across development and testing platforms, and not get 'skipped' in some cases. Travis-CI tests on Linux, Inspec Dev team uses Linux and MacOS, Appveyor tests on Windows Also Updated `file_provider_test.rb` for `complete-profile` content changes. If you `MockLoader.load_profile` on a unsupported platform you might not hit the usual skip. Lets handle situations where the tests array in Profile#load_checks_params could be nil. * Use safe navigation rather than checking if tests is nil. Update tests to point to unsupported_inspec and account for WARN changes. Make unsupported_inspec profile support os-family 'unsupported_inspec' * Fix skip bug when using include/require controls. (#3487) * Fix skip bug when using include/require controls. * fix test and feedback. * Remove need for UUID detection for Automate report (#3507) * Add json metadata for skipped profiles (#3495) * Add skip metadata to json reports * Unify skip messages. * Update with status field. * Add testing. * Fix tests. * lint * Add skip exit codes for profile skips. * Update website for 3.0 launch Add `plugins` to sidebar. Change 2.0 -> 3.0 in slim files. Update 3.0 features list. * Fix comments * Update float to numeric. * Change Float to numeric. * updated feature list and impact doc * Change "What's new in InSpec 3.0" -> "Announcing InSpec 3.0" * Bump VERSION to 3.0.0 (#3511) * Remove 3.0 testing checks. * Fix azure link.
2018-10-15 22:25:27 +00:00
MockLoader.load_profile('complete-profile').sha256.must_equal '25cf05093c695d807e488b04e3551f19de900c1d2b0cbfadb476a5786efa7323'
end
end
describe 'code info' do
let(:profile_id) { 'complete-profile' }
Inspec 3.0 (#3512) * Remove deprecated yumrepo. (#3435) * Remove deprecations for cli `--format` and metadata.rb (#3452) * Remove deprecated database_helpers stderr/stdout methods. Update deprecation text for processes/apache. * Remove deprecations for `--format` and metadata.rb Remove deprecated `format` code. Remove deprecated code test and change json-config format test to use reporter. Remove deprecated metadata.rb code Remove deprecation notice for old supports syntax. Deprecate metadata.rb from source_reader Remove rubocop disables as they are no longer required for this code block. Remove deprecated legacy metadata.rb mock profiles. Remove deprecated metadata.rb profile tests. Remove deprecated yumrepo test. * Allow inspec-3.0 branch to be tested. * Allow appveyor to test inspec-3.0 branch * Change runner tests to use reporter rather than format. Remove deprecated `supports: linux` tests. * Remove skip from inherited profiles from showing up in reporting (breaking change) (#3332) * Skip loading dependency profiles if they are unsupported on the current platform. Skip loading dependencies if they are unsupported on the current platform. Wrap our log and next in a conditional checking if the platform is supported. Change a `if !` into a `unless` Check if the backend is a Train Mock Connection and if so say that the profile does support the platform. While iterating through tests being loaded skip when the platform is unsupported. We now log a WARN when a profile is skipped due to unsupported platform, so lets check that. Modified existing test to log that there are 0 skipped tests, instead of 2. Add functional test that loads profile-support-skip with a json reporter to check that our controls are not loaded and that stderr contains our warning. * Rather than iterating through each test return before recursion if the platform is unsupported. * Resolve tests using a supported platform different from testing platform Add a control to `test/unit/mock/profiles/complete-profile` that would work on any OS with a Internet connection. This allows the profile to execute on any OS with success. `filesystem_spec.rb` was a control that would only work on Linux and some BSD's. We want profile tests to consistently work across development and testing platforms, and not get 'skipped' in some cases. Travis-CI tests on Linux, Inspec Dev team uses Linux and MacOS, Appveyor tests on Windows Also Updated `file_provider_test.rb` for `complete-profile` content changes. If you `MockLoader.load_profile` on a unsupported platform you might not hit the usual skip. Lets handle situations where the tests array in Profile#load_checks_params could be nil. * Use safe navigation rather than checking if tests is nil. Update tests to point to unsupported_inspec and account for WARN changes. Make unsupported_inspec profile support os-family 'unsupported_inspec' * Fix skip bug when using include/require controls. (#3487) * Fix skip bug when using include/require controls. * fix test and feedback. * Remove need for UUID detection for Automate report (#3507) * Add json metadata for skipped profiles (#3495) * Add skip metadata to json reports * Unify skip messages. * Update with status field. * Add testing. * Fix tests. * lint * Add skip exit codes for profile skips. * Update website for 3.0 launch Add `plugins` to sidebar. Change 2.0 -> 3.0 in slim files. Update 3.0 features list. * Fix comments * Update float to numeric. * Change Float to numeric. * updated feature list and impact doc * Change "What's new in InSpec 3.0" -> "Announcing InSpec 3.0" * Bump VERSION to 3.0.0 (#3511) * Remove 3.0 testing checks. * Fix azure link.
2018-10-15 22:25:27 +00:00
let(:code) { "control 'test01' do\n impact 0.5\n title 'Catchy title'\n desc '\n example.com should always exist.\n '\n describe host('example.com') do\n it { should be_resolvable }\n end\nend\n" }
let(:loc) { {:ref=>"controls/host_spec.rb", :line=>6} }
it 'gets code from an uncompressed profile' do
info = MockLoader.load_profile(profile_id).info
info[:controls][0][:code].must_equal code
loc[:ref] = File.join(MockLoader.profile_path(profile_id), loc[:ref])
info[:controls][0][:source_location].must_equal loc
end
it 'gets code on zip profiles' do
path = MockLoader.profile_zip(profile_id)
info = MockLoader.load_profile(path).info
info[:controls][0][:code].must_equal code
info[:controls][0][:source_location].must_equal loc
end
it 'gets code on tgz profiles' do
path = MockLoader.profile_tgz(profile_id)
info = MockLoader.load_profile(path).info
info[:controls][0][:code].must_equal code
info[:controls][0][:source_location].must_equal loc
end
end
describe 'code info with supports override' do
let(:profile_id) { 'skippy-profile-os' }
it 'overrides os-name and os-family' do
path = MockLoader.profile_zip(profile_id)
info = MockLoader.load_profile(path).info
info[:supports][0][:"platform-family"].must_equal "definitely_not_supported"
info[:supports][1][:"platform-name"].must_equal "definitely_also_not_supported"
end
end
Inspec 3.0 (#3512) * Remove deprecated yumrepo. (#3435) * Remove deprecations for cli `--format` and metadata.rb (#3452) * Remove deprecated database_helpers stderr/stdout methods. Update deprecation text for processes/apache. * Remove deprecations for `--format` and metadata.rb Remove deprecated `format` code. Remove deprecated code test and change json-config format test to use reporter. Remove deprecated metadata.rb code Remove deprecation notice for old supports syntax. Deprecate metadata.rb from source_reader Remove rubocop disables as they are no longer required for this code block. Remove deprecated legacy metadata.rb mock profiles. Remove deprecated metadata.rb profile tests. Remove deprecated yumrepo test. * Allow inspec-3.0 branch to be tested. * Allow appveyor to test inspec-3.0 branch * Change runner tests to use reporter rather than format. Remove deprecated `supports: linux` tests. * Remove skip from inherited profiles from showing up in reporting (breaking change) (#3332) * Skip loading dependency profiles if they are unsupported on the current platform. Skip loading dependencies if they are unsupported on the current platform. Wrap our log and next in a conditional checking if the platform is supported. Change a `if !` into a `unless` Check if the backend is a Train Mock Connection and if so say that the profile does support the platform. While iterating through tests being loaded skip when the platform is unsupported. We now log a WARN when a profile is skipped due to unsupported platform, so lets check that. Modified existing test to log that there are 0 skipped tests, instead of 2. Add functional test that loads profile-support-skip with a json reporter to check that our controls are not loaded and that stderr contains our warning. * Rather than iterating through each test return before recursion if the platform is unsupported. * Resolve tests using a supported platform different from testing platform Add a control to `test/unit/mock/profiles/complete-profile` that would work on any OS with a Internet connection. This allows the profile to execute on any OS with success. `filesystem_spec.rb` was a control that would only work on Linux and some BSD's. We want profile tests to consistently work across development and testing platforms, and not get 'skipped' in some cases. Travis-CI tests on Linux, Inspec Dev team uses Linux and MacOS, Appveyor tests on Windows Also Updated `file_provider_test.rb` for `complete-profile` content changes. If you `MockLoader.load_profile` on a unsupported platform you might not hit the usual skip. Lets handle situations where the tests array in Profile#load_checks_params could be nil. * Use safe navigation rather than checking if tests is nil. Update tests to point to unsupported_inspec and account for WARN changes. Make unsupported_inspec profile support os-family 'unsupported_inspec' * Fix skip bug when using include/require controls. (#3487) * Fix skip bug when using include/require controls. * fix test and feedback. * Remove need for UUID detection for Automate report (#3507) * Add json metadata for skipped profiles (#3495) * Add skip metadata to json reports * Unify skip messages. * Update with status field. * Add testing. * Fix tests. * lint * Add skip exit codes for profile skips. * Update website for 3.0 launch Add `plugins` to sidebar. Change 2.0 -> 3.0 in slim files. Update 3.0 features list. * Fix comments * Update float to numeric. * Change Float to numeric. * updated feature list and impact doc * Change "What's new in InSpec 3.0" -> "Announcing InSpec 3.0" * Bump VERSION to 3.0.0 (#3511) * Remove 3.0 testing checks. * Fix azure link.
2018-10-15 22:25:27 +00:00
describe 'skips loading on unsupported platform' do
let(:profile_id) { 'windows-only' }
it 'loads our profile but skips loading controls' do
info = MockLoader.load_profile(profile_id).info
info[:controls].must_be_empty
end
end
describe 'when checking' do
2016-01-16 15:27:28 +00:00
describe 'an empty profile' do
let(:profile_id) { 'empty-metadata' }
it 'prints loads of warnings' do
logger.expect :info, nil, ["Checking profile in #{home}/mock/profiles/#{profile_id}"]
logger.expect :error, nil, ["Missing profile version in inspec.yml"]
logger.expect :warn, nil, ["Missing profile summary in inspec.yml"]
logger.expect :warn, nil, ["Missing profile maintainer in inspec.yml"]
logger.expect :warn, nil, ["Missing profile copyright in inspec.yml"]
logger.expect :warn, nil, ["Missing profile license in inspec.yml"]
2016-01-16 15:27:28 +00:00
logger.expect :warn, nil, ['No controls or tests were defined.']
result = MockLoader.load_profile(profile_id, {logger: logger}).check
2016-02-04 17:46:23 +00:00
# verify logger output
2016-01-16 15:27:28 +00:00
logger.verify
2016-02-04 17:46:23 +00:00
# verify hash result
result[:summary][:valid].must_equal false
result[:summary][:location].must_equal "#{home}/mock/profiles/#{profile_id}"
result[:summary][:profile].must_match(/tests from .*empty-metadata/)
2016-02-04 17:46:23 +00:00
result[:summary][:controls].must_equal 0
result[:errors].length.must_equal 1
result[:warnings].length.must_equal 5
2016-01-16 15:27:28 +00:00
end
end
2016-01-16 15:27:28 +00:00
describe 'a complete metadata profile' do
let(:profile_id) { 'complete-metadata' }
let(:profile) { MockLoader.load_profile(profile_id, {logger: logger}) }
2016-01-16 15:27:28 +00:00
it 'prints ok messages' do
logger.expect :info, nil, ["Checking profile in #{home}/mock/profiles/#{profile_id}"]
logger.expect :info, nil, ['Metadata OK.']
logger.expect :warn, nil, ['No controls or tests were defined.']
2016-02-04 17:46:23 +00:00
result = profile.check
# verify logger output
2016-01-16 15:27:28 +00:00
logger.verify
2016-02-04 17:46:23 +00:00
# verify hash result
result[:summary][:valid].must_equal true
result[:summary][:location].must_equal "#{home}/mock/profiles/#{profile_id}"
result[:summary][:profile].must_equal 'name'
result[:summary][:controls].must_equal 0
result[:errors].length.must_equal 0
result[:warnings].length.must_equal 1
2016-01-16 15:27:28 +00:00
end
end
describe 'a complete metadata profile with controls' do
let(:profile_id) { 'complete-profile' }
it 'prints ok messages and counts the controls' do
logger.expect :info, nil, ["Checking profile in #{home}/mock/profiles/#{profile_id}"]
logger.expect :info, nil, ['Metadata OK.']
2016-02-04 17:05:40 +00:00
logger.expect :info, nil, ['Found 1 controls.']
logger.expect :info, nil, ['Control definitions OK.']
result = MockLoader.load_profile(profile_id, {logger: logger}).check
2016-02-04 17:46:23 +00:00
# verify logger output
logger.verify
2016-02-04 17:46:23 +00:00
# verify hash result
result[:summary][:valid].must_equal true
result[:summary][:location].must_equal "#{home}/mock/profiles/#{profile_id}"
result[:summary][:profile].must_equal 'complete'
result[:summary][:controls].must_equal 1
result[:errors].length.must_equal 0
result[:warnings].length.must_equal 0
end
end
2016-02-03 14:42:33 +00:00
describe 'a complete metadata profile with controls in a tarball' do
let(:profile_id) { 'complete-profile' }
let(:profile_path) { MockLoader.profile_tgz(profile_id) }
let(:profile) { MockLoader.load_profile(profile_path, {logger: logger}) }
2016-02-03 14:42:33 +00:00
it 'prints ok messages and counts the controls' do
2016-02-03 14:42:33 +00:00
logger.expect :info, nil, ["Checking profile in #{home}/mock/profiles/#{profile_id}"]
logger.expect :info, nil, ['Metadata OK.']
2016-02-04 17:05:40 +00:00
logger.expect :info, nil, ['Found 1 controls.']
logger.expect :info, nil, ['Control definitions OK.']
2016-02-03 14:42:33 +00:00
result = MockLoader.load_profile(profile_id, {logger: logger}).check
2016-02-04 17:46:23 +00:00
# verify logger output
logger.verify
# verify hash result
result[:summary][:valid].must_equal true
result[:summary][:location].must_equal "#{home}/mock/profiles/#{profile_id}"
result[:summary][:profile].must_equal 'complete'
result[:summary][:controls].must_equal 1
result[:errors].length.must_equal 0
result[:warnings].length.must_equal 0
2016-02-03 14:42:33 +00:00
end
end
describe 'a complete metadata profile with controls in zipfile' do
let(:profile_id) { 'complete-profile' }
let(:profile_path) { MockLoader.profile_zip(profile_id) }
let(:profile) { MockLoader.load_profile(profile_path, {logger: logger}) }
2016-02-03 14:42:33 +00:00
it 'prints ok messages and counts the controls' do
2016-02-03 14:42:33 +00:00
logger.expect :info, nil, ["Checking profile in #{home}/mock/profiles/#{profile_id}"]
logger.expect :info, nil, ['Metadata OK.']
2016-02-04 17:05:40 +00:00
logger.expect :info, nil, ['Found 1 controls.']
logger.expect :info, nil, ['Control definitions OK.']
2016-02-03 14:42:33 +00:00
result = MockLoader.load_profile(profile_id, {logger: logger}).check
2016-02-04 17:46:23 +00:00
# verify logger output
2016-02-03 14:42:33 +00:00
logger.verify
2016-02-04 17:46:23 +00:00
# verify hash result
result[:summary][:valid].must_equal true
result[:summary][:location].must_equal "#{home}/mock/profiles/#{profile_id}"
result[:summary][:profile].must_equal 'complete'
result[:summary][:controls].must_equal 1
result[:errors].length.must_equal 0
result[:warnings].length.must_equal 0
2016-02-03 14:42:33 +00:00
end
end
describe 'a complete metadata profile with controls in zipfile' do
let(:profile_id) { 'complete-profile' }
let(:profile_path) { MockLoader.profile_zip(profile_id) }
let(:profile) { MockLoader.load_profile(profile_path, {logger: logger}) }
it 'prints ok messages and counts the controls' do
logger.expect :info, nil, ["Checking profile in #{home}/mock/profiles/#{profile_id}"]
logger.expect :info, nil, ['Metadata OK.']
logger.expect :info, nil, ['Found 1 controls.']
logger.expect :info, nil, ['Control definitions OK.']
result = MockLoader.load_profile(profile_id, {logger: logger}).check
# verify logger output
logger.verify
# verify hash result
result[:summary][:valid].must_equal true
result[:summary][:location].must_equal "#{home}/mock/profiles/#{profile_id}"
result[:summary][:profile].must_equal 'complete'
result[:summary][:controls].must_equal 1
result[:errors].length.must_equal 0
result[:warnings].length.must_equal 0
end
end
describe 'shows error if version is invalid' do
let(:profile_id) { 'invalid-version' }
let(:profile_path) { MockLoader.profile_zip(profile_id) }
let(:profile) { MockLoader.load_profile(profile_path, {logger: logger}) }
it 'prints ok messages and counts the controls' do
logger.expect :info, nil, ["Checking profile in #{home}/mock/profiles/#{profile_id}"]
logger.expect :warn, nil, ['No controls or tests were defined.']
logger.expect :error, nil, ['Version needs to be in SemVer format']
result = MockLoader.load_profile(profile_id, {logger: logger}).check
# verify logger output
logger.verify
# verify hash result
result[:summary][:valid].must_equal false
result[:summary][:location].must_equal "#{home}/mock/profiles/#{profile_id}"
result[:summary][:profile].must_equal 'invalid-version'
result[:summary][:controls].must_equal 0
result[:errors].length.must_equal 1
result[:warnings].length.must_equal 1
end
end
describe 'a profile with a slash in the name' do
let(:profile_path) { 'slash-in-name/not-allowed' } # Slashes allowed here
let(:profile_name) { 'slash-in-name/not-allowed' } # But not here
it 'issues an error' do
logger.expect :info, nil, ["Checking profile in #{home}/mock/profiles/#{profile_path}"]
logger.expect :error, nil, ["The profile name (#{profile_name}) contains a slash which " \
'is not permitted. Please remove all slashes from `inspec.yml`.']
logger.expect :info, nil, ['Found 1 controls.']
logger.expect :info, nil, ['Control definitions OK.']
result = MockLoader.load_profile(profile_path, {logger: logger}).check
logger.verify
result[:warnings].length.must_equal 0
result[:errors].length.must_equal 1
end
end
describe 'shows warning if license is invalid' do
let(:profile_id) { 'license-invalid' }
let(:profile_path) { MockLoader.profile_zip(profile_id) }
let(:profile) { MockLoader.load_profile(profile_path, {logger: logger}) }
it 'prints ok messages and counts the controls' do
logger.expect :info, nil, ["Checking profile in #{home}/mock/profiles/#{profile_id}"]
logger.expect :warn, nil, ["License 'Invalid License Name' needs to be in SPDX format. See https://spdx.org/licenses/."]
logger.expect :warn, nil, ['No controls or tests were defined.']
logger.expect :info, nil, ["Metadata OK."]
result = MockLoader.load_profile(profile_id, {logger: logger}).check
# verify logger output
logger.verify
# verify hash result
result[:summary][:valid].must_equal true
result[:summary][:location].must_equal "#{home}/mock/profiles/#{profile_id}"
result[:summary][:profile].must_equal 'license-invalid'
result[:summary][:controls].must_equal 0
result[:errors].length.must_equal 0
result[:warnings].length.must_equal 2
end
describe 'shows no warning if license is spdx' do
let(:profile_id) { 'license-spdx' }
let(:profile_path) { MockLoader.profile_zip(profile_id) }
let(:profile) { MockLoader.load_profile(profile_path, {logger: logger}) }
it 'prints ok messages and counts the controls' do
logger.expect :info, nil, ["Checking profile in #{home}/mock/profiles/#{profile_id}"]
logger.expect :warn, nil, ['No controls or tests were defined.']
logger.expect :info, nil, ["Metadata OK."]
result = MockLoader.load_profile(profile_id, {logger: logger}).check
# verify logger output
logger.verify
# verify hash result
result[:summary][:valid].must_equal true
result[:summary][:location].must_equal "#{home}/mock/profiles/#{profile_id}"
result[:summary][:profile].must_equal 'license-spdx'
result[:summary][:controls].must_equal 0
result[:errors].length.must_equal 0
result[:warnings].length.must_equal 1
end
end
describe 'accepts proprietary license' do
let(:profile_id) { 'license-proprietary' }
let(:profile_path) { MockLoader.profile_zip(profile_id) }
let(:profile) { MockLoader.load_profile(profile_path, {logger: logger}) }
it 'prints ok messages and counts the controls' do
logger.expect :info, nil, ["Checking profile in #{home}/mock/profiles/#{profile_id}"]
logger.expect :warn, nil, ['No controls or tests were defined.']
logger.expect :info, nil, ["Metadata OK."]
result = MockLoader.load_profile(profile_id, {logger: logger}).check
# verify logger output
logger.verify
# verify hash result
result[:summary][:valid].must_equal true
result[:summary][:location].must_equal "#{home}/mock/profiles/#{profile_id}"
result[:summary][:profile].must_equal 'license-proprietary'
result[:summary][:controls].must_equal 0
result[:errors].length.must_equal 0
result[:warnings].length.must_equal 1
end
end
end
end
2015-10-26 21:51:21 +00:00
end