Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-10 07:04:15 +00:00
Code Issues Projects Releases Packages Wiki Activity

Adds podman resources. (#6183)

Browse source 
* CFINSPEC-368 Adds podman resource. Adds PodmanContainerFilter to handle podman.containers plural resource

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* Fix lint errors

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* Adds style simple to the filter table fields to flatten the array

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* CFINSPEC-368 Updated podman resource to work with podman images plural resource

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* CFINSPEC-368 Updated podman resource to work with podman networks plural resource

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* CFINSPEC-368 Updated podman resource to work with podman pods  plural resource

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* CFINSPEC-368 Updated podman resource to work with info and version parameter

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* CFINSPEC-368 Updated podman resource to work  with podman volumes plural resource. Also updated the docs to add pods, networks and other resource parameters details.

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* CFINSPEC-368 Updated podman resource to aspect object id to verify values of specified Podman object.

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* Updated docs

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* Updated column names to keep them same as the field names

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* Adds style simple to commands column for podman containers plural resource

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* CFINSPEC-360 Adds podman_container resource. Adds podman_object module

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* Fixed the require path

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* Fixed deprecation warning in unit test

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* Fixed indentation issue in the docs.

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* Renamed the methods names

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* Adds skip resource test

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* Updated podman.images to fetch only high level information as using query with low level information does not have required fields and represents the data in different way.

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* added method to parse command which uses format option to fetch specific placeholders

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* Update the podman,containers to fetch only high level information

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* Update podman.networks to fetch only hight level information

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* Removed style for where it is not required

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* Lint fix and some code improvisation

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* It turn out to be the docker object module can be utilized but still there is scope to rename that module to generic and not specific if going to use with other container management tools

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* Missing file in earlier commit

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* Content Review

Signed-off-by: Deepa Kumaraswamy <dkumaras@progress.com>

* CFINSPEC-361: Test for podman_image matchers and properties

Signed-off-by: Sonu Saha <sonu.saha@progress.com>

* CFINSPEC-361: Add podman_image matchers and properties

Signed-off-by: Sonu Saha <sonu.saha@progress.com>

* CFINSPEC-361: Documentation for podman_image matchers and properties

Signed-off-by: Sonu Saha <sonu.saha@progress.com>

* CFINSPEC-361: Fix Rubocop lint issues

Signed-off-by: Sonu Saha <sonu.saha@progress.com>

* CFINSPEC-361: Test for more properties

Signed-off-by: Sonu Saha <sonu.saha@progress.com>

* CFINSPEC-361: Add more podman_image properties

Signed-off-by: Sonu Saha <sonu.saha@progress.com>

* CFINSPEC-361: Documentation for podman_image properties

Signed-off-by: Sonu Saha <sonu.saha@progress.com>

* CFINSPEC-361: Test for low-level information of image

Signed-off-by: Sonu Saha <sonu.saha@progress.com>

* CFINSPEC-361: Add inspec_info property to test low-level info

Signed-off-by: Sonu Saha <sonu.saha@progress.com>

* CFINSPEC-361: Documentation for inspec_info property

Signed-off-by: Sonu Saha <sonu.saha@progress.com>

* CFINSPEC-361: Modify resource id to avoid dependency on other methods

Signed-off-by: Sonu Saha <sonu.saha@progress.com>

* CFINSPEC-361: Decouple podman_image from podman plural resource

Signed-off-by: Sonu Saha <sonu.saha@progress.com>

* CFINSPEC-361: Modify unit test and reqd fixtures

Signed-off-by: Sonu Saha <sonu.saha@progress.com>

* CFINSPEC-361: Handle nil scenario of inspect_info

Signed-off-by: Sonu Saha <sonu.saha@progress.com>

* CFINSPEC-361: Add missing property: id

Signed-off-by: Sonu Saha <sonu.saha@progress.com>

* CFINSPEC-361: Update documentation

Signed-off-by: Sonu Saha <sonu.saha@progress.com>

* CFINSPEC-361: Rename method and attribute name as suggested

Signed-off-by: Sonu Saha <sonu.saha@progress.com>

* CFINSPEC-361: Add stderr message in exception

Signed-off-by: Sonu Saha <sonu.saha@progress.com>

* CFINSPEC-361: Remove comment

Signed-off-by: Sonu Saha <sonu.saha@progress.com>

* CFINSPEC-361: Move json_key mapping to a method

Signed-off-by: Sonu Saha <sonu.saha@progress.com>

* Content Review

Signed-off-by: Deepa Kumaraswamy <dkumaras@progress.com>

* CFINSPEC-361: Remove exception and add nil

Signed-off-by: Sonu Saha <sonu.saha@progress.com>

* CFINSPEC-351: failing tests for podman_network resource

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* CFINSPEC-351 Adds podman_network resource properties

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* Fixed typo in the test

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* Refactored the code for podman_image to handle non exisiting image and for creating dynamic methods for properties

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* Uncommented the image test

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* Update the example for podman_network

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* Missing test fixture file

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* Adds doc for podman_network resource

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* Doc Review

Signed-off-by: Deepa Kumaraswamy <dkumaras@progress.com>

* Adds module for podman to group all common methods

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* Updated code to match the stderr string for non existing image and network. Also added the test for the same. Added code comments.

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

* TEST: Add failing test for podman_volume (CFINSPEC-351)

Signed-off-by: Sonu Saha <sonu.saha@progress.com>

* RESOURCE: Add podman_volume properties & matcher (CFINSPEC-351)

Signed-off-by: Sonu Saha <sonu.saha@progress.com>

* TEST: Add mock cmds and fixtures for test to pass (CFINSPEC-351)

Signed-off-by: Sonu Saha <sonu.saha@progress.com>

* DOCS: Update documentation for podman_volume (CFINSPEC-351)

Signed-off-by: Sonu Saha <sonu.saha@progress.com>

* TEST: Add failing test for podman_pod (CFINSPEC-351)

Signed-off-by: Sonu Saha <sonu.saha@progress.com>

* RESOURCE: Add podman_pod properties & matcher (CFINSPEC-351)

Signed-off-by: Sonu Saha <sonu.saha@progress.com>

* TEST: Add mock cmds and fixtures for test to pass (CFINSPEC-351)

Signed-off-by: Sonu Saha <sonu.saha@progress.com>

* DOCS: Update documentation for podman_pod (CFINSPEC-351)

Signed-off-by: Sonu Saha <sonu.saha@progress.com>

* DOCS: Update properties of podman_volume (CFINSPEC-351)

Signed-off-by: Sonu Saha <sonu.saha@progress.com>

* LINT: Remove trailing whitespaces (CFINSPEC-351)

Signed-off-by: Sonu Saha <sonu.saha@progress.com>

* REFACTOR: Extend existing fixture, remove new fixtures (CFINSPEC-351)

Signed-off-by: Sonu Saha <sonu.saha@progress.com>

* Content Review

Signed-off-by: Deepa Kumaraswamy <dkumaras@progress.com>

Co-authored-by: Deepa Kumaraswamy <dkumaras@progress.com>
Co-authored-by: Sonu Saha <sonu.saha@progress.com>
This commit is contained in:
Vasundhara Jagdale 2022-08-04 18:43:45 +05:30 committed by GitHub
parent b7ddac9dcc
commit 183d09c534
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
33 changed files with 2641 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

218
docs-chef-io/content/inspec/resources/podman.md Normal file
View file

@ -0,0 +1,218 @@
+++
title = "podman resource"
draft = false
gh_repo = "inspec"
platform = "unix"
[menu]
[menu.inspec]
title = "podman"
identifier = "inspec/resources/os/podman.md podman resource"
parent = "inspec/resources/os"
+++
Use the `podman` Chef InSpec audit resource to test the configuration data for the Podman resources.
## Availability
### Installation
This resource is distributed with Chef InSpec and is automatically available for use.
## Syntax
A `podman` resource block allows you to write a test for many `containers`.
```ruby
describe podman.containers do
its('ids') { should include "591270d8d80d26671fd6ed622f367fbe19004d16e3b519c292313feb5f22e7f7" }
its('images) { should include "docker.io/library/ubuntu:latest" }
end
```
Or, if you want to query a specific `container`:
```ruby
describe podman.containers.where(id: "591270d8d80d26671fd6ed622f367fbe19004d16e3b519c292313feb5f22e7f7") do
its('status') { should include "Up 44 hours ago" }
end
```
> Where
>
> - `.where()` specifies a specific item and value to which the resource parameters are compared.
> - `commands`, `created_at`, `ids`, `images`, `names`, `status`, `image_ids`, `labels`, `mounts`, `networks`, `pods`, `ports`, `running_for`, and `sizes` are valid parameters for `containers`.
The `podman` resource block also allows you to write a test for many `images`.
```ruby
describe podman.images do
its('repositories') { should_not include 'docker.io/library/nginx' }
end
```
Or, if you want to query a specific `image`:
```ruby
describe podman.images.where(id: "c7db653c4397e6a4d1e468bb7c6400c022c62623bdb87c173d54bac7995b6d8f") do
it { should exist }
end
```
> Where
>
> - `.where()` specifies a specific filter and expected value, against which parameters are compared.
> - `repositories`, `tags`, `sizes`, `digests`, `history`, `created_at`, `history`, and`created_since` are valid parameters for `images`.
The `podman` resource block also allows you to write a test for many `networks`.
```ruby
describe podman.networks do
its("names") { should include "podman" }
end
```
Or, if you want to query a specific `network`:
```ruby
describe podman.networks.where(id: "c7db653c4397e6a4d1e468bb7c6400c022c62623bdb87c173d54bac7995b6d8f") do
it { should exist }
end
```
> Where
>
> - `.where()` specifies a specific filter and expected value, against which parameters are compared.
> - `ids`, `names`, `drivers`, `network_interfaces`, `created`, `subnets`, `ipv6_enabled`, `internal`, `dns_enabled`, `options`, `labels`, and `ipam_options` are valid parameters for `networks`.
The `podman` resource block also allows you to write a test for many `pods`.
```ruby
describe podman.pods do
its("names") { should include "cranky_allen" }
end
```
Or, if you want to query a specific `pod`:
```ruby
describe podman.pods.where(id: "95cadbb84df71e6374fceb3fd89ee3b8f2c7e1a831062cd9cea7d0e3e4b1dbcc") do
it { should exist }
end
```
> Where
>
> - `.where()` may specify a specific filter and expected value, against which parameters are compared.
> - `ids`, `cgroups`, `containers`, `created`, `infraids`, `names`, `namespaces`, `networks`, `status`, and `labels` are valid parameters for `pods`.
## Examples
The following examples show how to use this Chef InSpec audit resource.
### Returns all running containers
```ruby
podman.containers.running?.ids.each do |id|
describe podman.object(id) do
its('State.Health.Status') { should eq 'healthy' }
end
end
```
## Resource Parameter Examples
### containers
`containers` returns information about containers as returned by [podman ps -a](https://docs.podman.io/en/latest/markdown/podman.1.html).
```ruby
describe podman.containers do
its("ids") { should include "591270d8d80d26671fd6ed622f367fbe19004d16e3b519c292313feb5f22e7f7" }
its("labels") { should include "maintainer" => "NGINX Docker Maintainers \u003cdocker-maint@nginx.com\u003e" }
its('names') { should include "sweet_mendeleev" }
its("images") { should include "docker.io/library/nginx:latest" }
end
```
### images
`images` returns information about a Podman image as returned by [podman images -a](https://docs.podman.io/en/latest/markdown/podman-images.1.html).
```ruby
describe podman.images do
its('ids') { should include 'sha256:c7db653c4397e6a4d1e468bb7c6400c022c62623bdb87c173d54bac7995b6d8f ' }
its('sizes') { should_not include '80.3 GB' }
its('repositories") { should include "docker.io/library/nginx"}
end
```
### pods
`pods` returns information about pods as returned by [podman pod ps](https://docs.podman.io/en/latest/markdown/podman-pod-ps.1.html).
```ruby
describe podman.pods do
its("ids") { should include "95cadbb84df71e6374fceb3fd89ee3b8f2c7e1a831062cd9cea7d0e3e4b1dbcc" }
its("containers") { should eq [{ "Id" => "a218dfc58fa28e0c58c55e508e5b57084876b42e894b98073c69c45dea06cbb2", "Names" => "95cadbb84df7-infra", "Status" => "running" } ]}
its("names") { should include "cranky_allen" }
end
```
### networks
`networks` returns information about a Podman network as returned by [podman network ls](https://docs.podman.io/en/latest/markdown/podman-network-ls.1.html).
```ruby
describe podman.networks do
its("names") { should include "podman" }
its("ids") { should include "2f259bab93aaaaa2542ba43ef33eb990d0999ee1b9924b557b7be53c0b7a1bb9" }
its("ipv6_enabled") { should eq [false] }
end
```
### volumes
`volumes` returns information about a Podman volume as returned by [podman volume ls](https://docs.podman.io/en/latest/markdown/podman-volume-ls.1.html).
```ruby
describe podman.volumes do
its('names') { should include 'ae6be9ba838b9b150de47657229bb9b67142dbdb3d1ddbc5efa245cf1e95536a' }
its('drivers') { should include 'local' }
end
```
### info
`info` returns the parsed result of [podman info](https://docs.podman.io/en/latest/markdown/podman-info.1.html).
```ruby
describe podman.info do
its("host.os") { should eq "linux" }
end
```
### version
`version` returns the parsed result of [podman version](https://docs.podman.io/en/latest/markdown/podman-version.1.html)
```ruby
describe podman.version do
its("Client.Version") { should eq "4.1.0"}
its('Server.Version') { should eq '4.1.0'}
end
```
### object('id')
`object` returns low-level information about Podman objects as returned by [podman inspect](https://docs.podman.io/en/latest/markdown/podman-inspect.1.html).
```ruby
describe docker.object(id) do
its('State.Running') { should eq true }
end
```
## Matchers
For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).

149
docs-chef-io/content/inspec/resources/podman_container.md Normal file
View file

@ -0,0 +1,149 @@
+++
title = "podman_container resource"
draft = false
gh_repo = "inspec"
platform = "unix"
[menu]
[menu.inspec]
title = "podman_container"
identifier = "inspec/resources/os/podman_container.md podman_container resource"
parent = "inspec/resources/os"
+++
Use the `podman_container` Chef InSpec audit resource to test the ...
## Availability
### Installation
This resource is distributed with Chef InSpec and is automatically available for use.
## Syntax
A `podman_container` Chef InSpec audit resource ...
```ruby
describe podman_container("sweet_mendeleev") do
it { should exist }
it { should be_running }
its("id") { should eq "591270d8d80d26671fd6ed622f367fbe19004d16e3b519c292313feb5f22e7f7" }
its("image") { should eq "docker.io/library/nginx:latest" }
its("labels") { should include "maintainer"=>"NGINX Docker Maintainers <docker-maint@nginx.com>" }
its("ports") { should eq nil }
end
```
## Resource Parameter Examples
### name
The container name can be provided with the `name` resource parameter.
```ruby
describe podman_container(name: 'an-echo-server') do
it { should exist }
it { should be_running }
end
```
### container ID
Alternatively, you can pass the container ID.
```ruby
describe podman_container(id: '71b5df59442b') do
it { should exist }
it { should be_running }
end
```
## Properties
## Property Examples
The following examples show how to use this Chef InSpec resource.
### id
The `id` property tests the container ID.
```ruby
its('id') { should eq '71b5df59...442b' }
```
### image
The `image` property tests the value of the container image.
```ruby
its('image') { should eq 'docker.io/library/nginx:latest' }
```
### labels
The `labels` property tests the value of container image labels.
```ruby
its('labels') { should eq "maintainer" => "NGINX Docker Maintainers <docker-maint@nginx.com>" }
```
### ports
The `ports` property tests the value of the Podmans ports.
```ruby
its('ports') { should eq '0.0.0.0:1234->1234/tcp' }
```
### command
The `command` property tests the value of the container run command.
```ruby
its('command') { should eq 'nc -ll -p 1234 -e /bin/cat' }
```
## Matchers
For a full list of available matchers, please visit our [matchers page](/inspec/matchers/). The specific matchers of this resource are: `exist` and `be_running`.
### exist
The `exist` matcher specifies if the container exists.
```ruby
it { should exist }
```
### be_running
The `be_running` matcher checks if the container is running.
```ruby
it { should be_running }
```
## Examples
The following examples show how to use this Chef InSpec audit resource.
### Ensures container exists
The below test passes if the container `sweet_mendeleev` exists as part of the Podman instances.
```ruby
describe podman_container('sweet_mendeleev') do
it { should exist }
end
```
### Ensures container is in running status
The below test passes if the container `sweet_mendeleev` exists as part of the Podman instances and the status is running.
```ruby
describe podman_container('sweet_mendeleev') do
it { should be_running }
end
```

189
docs-chef-io/content/inspec/resources/podman_image.md Normal file
View file

@ -0,0 +1,189 @@
+++
title = "podman_image resource"
draft = false
gh_repo = "inspec"
platform = "unix"
[menu]
[menu.inspec]
title = "podman_image"
identifier = "inspec/resources/os/podman_image.md podman_image resource"
parent = "inspec/resources/os"
+++
Use the `podman_image` Chef InSpec audit resource to test the properties of a container image on Podman.
## Availability
### Installation
This resource is distributed with Chef InSpec and is automatically available for use.
## Syntax
A `podman_image` Chef InSpec audit resource aids in testing the properties of a container image on Podman.
```ruby
describe podman_image("docker.io/library/busybox") do
it { should exist }
its("id") { should eq "3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6" }
its("repo_tags") { should include "docker.io/library/busybox:latest" }
its("size") { should eq 1636053 }
its("os") { should eq "linux" }
end
```
> where
>
> - `id`, `repo_tags`, `size`, and `os` are properties of this resource to fetch the respective value of the container image.
> - `exist` is a matcher of this resource.
### Resource Parameter Examples
- The resource allows you to pass an image name. If the tag is missing for an image, `latest` is assumed as default.
```ruby
describe podman_image("docker.io/library/busybox") do
it { should exist }
end
```
- The resource allows you to pass the repository and tag values as separate values.
```ruby
describe podman_image(repo: "docker.io/library/busybox", tag: "latest") do
it { should exist }
end
```
- The resource allows you to pass with an image ID.
```ruby
describe podman_image(id: "8847e9bf6df8") do
it { should exist }
end
```
## Properties
### id
The `id` property returns the full image ID.
```ruby
its("id") { should eq "3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6" }
```
### repo_tags
The `repo_tags` property tests the value of the repository name.
```ruby
its("repo_tags") { should include "docker.io/library/busybox:latest" }
```
### size
The `size` property tests the size of the image in bytes
```ruby
its("size") { should eq 1636053 }
```
### digest
The `digest` property tests the value of the image digest.
```ruby
its("digest") { should eq "sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83" }
```
### created_at
The `created_at` property tests the time of the image creation.
```ruby
its("created_at") { should eq "2022-06-08T00:39:28.175020858Z" }
```
### version
The `version` property tests the version of the image.
```ruby
its("version") { should eq "20.10.12" }
```
### names_history
The `names_history` property tests the names history of the image.
```ruby
its("names_history") { should include "docker.io/library/busybox:latest" }
```
### repo_digests
The `repo_digests` tests the digest of the repository of the given image.
```ruby
its("repo_digests") { should include "docker.io/library/busybox@sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a" }
```
### architecture
The `architecture` tests the architecture of the given image.
```ruby
its("architecture") { should eq "arm64" }
```
### os
The `os` property tests the operating system of the given image.
```ruby
its("os") { should eq "linux" }
```
### virtual_size
The `virtual_size` property tests the virtual size of the given image.
```ruby
its("virtual_size") { should eq 1636053 }
```
## Matchers
For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
### exist
The `exist` matcher tests if the image is available on Podman.
```ruby
it { should exist }
```
## Examples
### Test if an image exists on Podman and verify the various image properties
```ruby
describe podman_image("docker.io/library/busybox") do
it { should exist }
its("id") { should eq "3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6" }
its("repo_tags") { should include "docker.io/library/busybox:latest" }
its("size") { should eq 1636053 }
its("digest") { should eq "sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83" }
its("created_at") { should eq "2022-06-08T00:39:28.175020858Z" }
its("version") { should eq "20.10.12" }
its("names_history") { should include "docker.io/library/busybox:latest" }
its("repo_digests") { should include "docker.io/library/busybox@sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a" }
its("architecture") { should eq "arm64" }
its("os") { should eq "linux" }
its("virtual_size") { should eq 1636053 }
its("resource_id") { should eq "docker.io/library/busybox:latest" }
end
```

189
docs-chef-io/content/inspec/resources/podman_network.md Normal file
View file

@ -0,0 +1,189 @@
+++
title = "podman_network resource"
draft = false
gh_repo = "inspec"
platform = "unix"
[menu]
[menu.inspec]
title = "podman_network"
identifier = "inspec/resources/os/podman_network.md podman_network resource"
parent = "inspec/resources/os"
+++
Use the `podman_network` Chef InSpec audit resource to test the properties of existing Podman networks.
## Availability
### Installation
This resource is distributed with Chef InSpec and is automatically available for use.
## Syntax
A `podman_network` Chef InSpec audit resource aids in testing the properties of a Podman network.
```ruby
describe podman_network("minikube") do
it { should exist }
its("id") { should eq "3a7c94d937d5f3a0f1a9b1610589945aedfbe56207fd5d32fc8154aa1a8b007f" }
its("name") { should eq "minikube" }
its("ipv6_enabled") { should eq false }
its("network_interface") { should eq "podman1" }
end
```
> where
>
> - `id`, `name`, `ipv6_enabled`, and `network_interface` are properties of this resource to fetch the respective value of the Podman network.
> - `exist` is a matcher of this resource.
### Resource Parameter Examples
- The resource allows you to pass a network name.
```ruby
describe podman_network("minikube") do
it { should exist }
end
```
- The resource allows you to pass with a Network ID.
```ruby
describe podman_network("3a7c94d937d5") do
it { should exist }
end
```
## Properties
### id
The `id` property returns the full Podman Network ID.
```ruby
its("id") { should eq "3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6" }
```
### name
The `name` property tests the value of the Podman network name.
```ruby
its("name") { should eq "minikube" }
```
### ipv6_enabled
The `ipv6_enabled` property tests whether ipv6 is enabled on the Podman network.
```ruby
its("ipv6_enabled") { should eq true }
```
### network_interface
The `network_interface` property tests the value of the network interface settings on the Podman network.
```ruby
its("network_interface") { should eq "podman0" }
```
### created
The `created` property tests the timestamp when the Podman network was created.
```ruby
its("created") { should eq "2022-07-06T08:51:11.735432521+05:30" }
```
### subnets
The `subnets` property tests the list of subnets on the Podman network.
```ruby
its("subnets") { should inclue "gateway"=>"192.168.49.1", "subnet"=>"192.168.49.0/24" }
```
### dns_enabled
The `dns_enabled` property tests whether the Podman network has DNS enabled.
```ruby
its("dns_enabled") { should be false }
```
### internal
The `internal` property tests whether the specified Podman network is internal.
```ruby
its("internal") { should eq true }
```
### ipam_options
The `ipam_options` property tests the IPAM options of the given Podman network.
```ruby
its("ipam_options") { should eq "driver" => "host-local" }
```
### labels
The `labels` property tests the labels set for the specified Podman network.
```ruby
its("labels") { should eq "created_by.minikube.sigs.k8s.io"=>"true", "name.minikube.sigs.k8s.io"=>"minikube" }
```
### driver
The `driver` property tests the value of the Podman network driver.
```ruby
its("driver") { should eq "bridge" }
```
### options
The `options` property tests the network options for the specified Podman network.
```ruby
its("options") { should eq nil }
```
## Matchers
For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
### exist
The `exist` matcher tests if the specified network is available on Podman.
```ruby
it { should exist }
```
## Examples
### Tests if a given Podman network exists and verifies the various network properties
```ruby
describe podman_network("minikube") do
it { should exist }
its("id") { should eq "3a7c94d937d5f3a0f1a9b1610589945aedfbe56207fd5d32fc8154aa1a8b007f" }
its("name") { should eq "minikube" }
its("ipv6_enabled") { should eq false }
its("network_interface") { should eq "podman1" }
its("subnets") { should include "gateway"=>"192.168.49.1", "subnet"=>"192.168.49.0/24" }
its("dns_enabled") { should eq true }
its("internal") { should eq false }
its("created") { should eq "2022-07-06T08:51:11.735432521+05:30" }
its("ipam_options") { should eq "driver" => "host-local" }
its("labels") { should eq "created_by.minikube.sigs.k8s.io"=>"true", "name.minikube.sigs.k8s.io"=>"minikube" }
its("driver") { should eq "bridge" }
its("options") { should eq nil }
end
```

210
docs-chef-io/content/inspec/resources/podman_pod.md Normal file
View file

@ -0,0 +1,210 @@
+++
title = "podman_pod resource"
draft = false
gh_repo = "inspec"
platform = "unix"
[menu]
[menu.inspec]
title = "podman_pod"
identifier = "inspec/resources/os/podman_pod.md podman_pod resource"
parent = "inspec/resources/os"
+++
Use the `podman_pod` Chef InSpec audit resource to test the properties of a pod on Podman.
## Availability
### Installation
This resource is distributed with Chef InSpec and is automatically available for use.
## Syntax
A `podman_pod` Chef InSpec audit resource aids in testing the properties of a pod on Podman.
```ruby
describe podman_pod("nginx-frontend") do
it { should exist }
its("id") { should eq "fcfe4d471cfface0d1b39bce23af7d31ab8736cd68c0360ade0b4afe364f79d4" }
its("name") { should eq "nginx-frontend" }
its("created_at") { should eq "2022-07-14T15:47:47.978078124+05:30" }
its("create_command") { should include "new:nginx-frontend" }
its("state") { should eq "Running" }
end
```
> where
>
> - `'nginx-frontend'` is the name of the pod. Pod ID and Pod names are valid parameters accepted by `podman_pod`.
> - `'id'`, `'name'`, `'created_at'`, `'create_command'`, and `'state'`, are properties of this resource to fetch the respective value of the podman pod.
> - `exist` is a matcher of this resource.
## Properties
- Properties of the resources are: `'id'`, `'name'`, `'created_at'`, `'create_command'`, `'state'`, `'hostname'`, `'create_cgroup'`, `'cgroup_parent'`, `cgroup_path`, `'create_infra'`, `'infra_container_id'`, `'infra_config'`, `'shared_namespaces'`, `'num_containers'`, and `'containers'`
### `id`
The `id` property returns the id of the pod.
```ruby
its("id") { should eq "fcfe4d471cfface0d1b39bce23af7d31ab8736cd68c0360ade0b4afe364f79d4" }
```
### `name`
The `name` property returns the name of the pod.
```ruby
its("name") { should eq "nginx-frontend" }
```
### `created_at`
The `created_at` property returns the creation date of the pod.
```ruby
its("created_at") { should eq "2022-07-14T15:47:47.978078124+05:30" }
```
### `create_command`
The `create_command` property returns an array of commands used to create the pod.
```ruby
its("create_command") { should include "new:nginx-frontend" }
```
### `state`
The `state` property returns the state of the pod.
```ruby
its("state") { should eq "Running" }
```
### `hostname`
The `hostname` property returns the hostname of the pod.
```ruby
its("hostname") { should eq "" }
```
### `create_cgroup`
The `create_cgroup` property returns a boolean value for cgroup creation of the pod.
```ruby
its("create_cgroup") { should eq true }
```
### `cgroup_parent`
The `cgroup_parent` property returns the name of the cgroup parent of the pod.
```ruby
its("cgroup_parent") { should eq "user.slice" }
```
### `cgroup_path`
The `cgroup_path` property returns the path of the cgroup parent of the pod.
```ruby
its("cgroup_path") { should eq "user.slice/user-libpod_pod_fcfe4d471cfface0d1b39bce23af7d31ab8736cd68c0360ade0b4afe364f79d4.slice" }
```
### `create_infra`
The `create_infra` property returns a boolean value for the pod infra creation.
```ruby
its("create_infra") { should eq true }
```
### `infra_container_id`
The `infra_container_id` property returns the infra container ID of the pod.
```ruby
its("infra_container_id") { should eq "727538044b32a165934729dc2d47d9d5e981b6496aebfad7de470f7e76ea4251" }
```
### `infra_config`
The `infra_config` property returns a hash of the infra configuration of the pod.
```ruby
its("infra_config") { should include "DNSOption" }
```
### `shared_namespaces`
The `shared_namespaces` property returns an array of shared namespaces of the pod.
```ruby
its("shared_namespaces") { should include "ipc" }
```
### `num_containers`
The `num_containers` property returns the number of containers in the pod.
```ruby
its("num_containers") { should eq 2 }
```
### `containers`
The `containers` property returns an array of hashes about the information of containers in the pod.
```ruby
its("containers") { should_not be nil }
```
## Matchers
For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
### exist
The `exist` matcher tests if the pod is available on Podman.
```ruby
it { should exist }
```
## Examples
### Test if a pod exists on Podman and verifies pod properties
```ruby
describe podman_pod("nginx-frontend") do
it { should exist }
its("id") { should eq "fcfe4d471cfface0d1b39bce23af7d31ab8736cd68c0360ade0b4afe364f79d4" }
its("name") { should eq "nginx-frontend" }
its("created_at") { should eq "2022-07-14T15:47:47.978078124+05:30" }
its("create_command") { should include "new:nginx-frontend" }
its("state") { should eq "Running" }
its("hostname") { should eq "" }
its("create_cgroup") { should eq true }
its("cgroup_parent") { should eq "user.slice" }
its("cgroup_path") { should eq "user.slice/user-libpod_pod_fcfe4d471cfface0d1b39bce23af7d31ab8736cd68c0360ade0b4afe364f79d4.slice" }
its("create_infra") { should eq true }
its("infra_container_id") { should eq "727538044b32a165934729dc2d47d9d5e981b6496aebfad7de470f7e76ea4251" }
its("infra_config") { should include "DNSOption" }
its("shared_namespaces") { should include "ipc" }
its("num_containers") { should eq 2 }
its("containers") { should_not be nil }
end
```
### Test if a pod does not exist on Podman
```ruby
describe podman_pod("non_existing_pod") do
it { should_not exist }
end
```

155
docs-chef-io/content/inspec/resources/podman_volume.md Normal file
View file

@ -0,0 +1,155 @@
+++
title = "podman_volume resource"
draft = false
gh_repo = "inspec"
platform = "unix"
[menu]
[menu.inspec]
title = "podman_volume"
identifier = "inspec/resources/os/podman_volume.md podman_volume resource"
parent = "inspec/resources/os"
+++
Use the `podman_volume` Chef InSpec audit resource to test the properties of a volume on Podman.
## Availability
### Installation
This resource is distributed with Chef InSpec and is automatically available for use.
## Syntax
A `podman_volume` Chef InSpec audit resource aids in testing the properties of a volume on Podman.
```ruby
describe podman_volume("my_volume") do
it { should exist }
its("name") { should eq "my_volume" }
its("driver") { should eq "local" }
its("mountpoint") { should eq "/var/home/core/.local/share/containers/storage/volumes/my_volume/_data" }
its("created_at") { should eq "2022-07-14T13:21:19.965421792+05:30" }
end
```
> where
>
> - `'name'`, `'driver'`, `'mountpoint'`, and `'created_at'` are properties of this resource to fetch the respective value of the podman volume.
> - `exist` is a matcher of this resource.
## Properties
- Properties of the resources: `name`, `driver`, `mountpoint`, `created_at`, `labels`, `scope`, `options`, `mount_count`, `needs_copy_up`, and `needs_chown`.
### name
The `name` property returns the name of the volume.
```ruby
its("name") { should eq "my_volume" }
```
### driver
The `driver` property returns the value for the volume's driver environment.
```ruby
its("driver") { should eq "local" }
```
### mountpoint
The `mountpoint` property returns the value for the volume's mount path.
```ruby
its("mountpoint") { should eq "/var/home/core/.local/share/containers/storage/volumes/my_volume/_data" }
```
### created_at
The `created_at` property returns the creation date of the volume.
```ruby
its("created_at") { should eq "2022-07-14T13:21:19.965421792+05:30" }
```
### labels
The `labels` property returns the labels associated with the volume.
```ruby
its("labels") { should eq({}) }
```
### scope
The `scope` property returns the scope of the volume.
```ruby
its("scope") { should eq "local" }
```
### options
The `options` property returns the options associated with the volume.
```ruby
its("options") { should eq({}) }
```
### mount_count
The `mount_count` property returns the **MountCount** value from the volume's inspect information.
```ruby
its("mount_count") { should eq 0 }
```
### needs_copy_up
The `needs_copy_up` property returns the **NeedsCopyUp** value from the volume's inspect information.
```ruby
its("needs_copy_up") { should eq true }
```
### needs_chown
The `needs_chown` property returns the **NeedsChown** value from the volume's inspect information.
```ruby
its("needs_chown") { should eq true }
```
## Matchers
For a full list of available matchers, please visit our [matchers page](/inspec/matchers/).
### exist
The `exist` matcher tests if the volume is available on Podman.
```ruby
it { should exist }
```
## Examples
### Test if a volume exists on Podman and verifies volume properties
```ruby
describe podman_volume("my_volume") do
it { should exist }
its("name") { should eq "my_volume" }
its("driver") { should eq "local" }
its("mountpoint") { should eq "/var/home/core/.local/share/containers/storage/volumes/my_volume/_data" }
its("created_at") { should eq "2022-07-14T13:21:19.965421792+05:30" }
its("labels") { should eq({}) }
its("scope") { should eq "local" }
its("options") { should eq({}) }
its("mount_count") { should eq 0 }
its("needs_copy_up") { should eq true }
its("needs_chown") { should eq true }
end
```

353
lib/inspec/resources/podman.rb Normal file
View file

@ -0,0 +1,353 @@
require "inspec/resources/command"
require "inspec/utils/filter"
require "hashie/mash"
module Inspec::Resources
class Podman < Inspec.resource(1)
# Resource requires an internal name.
name "podman"
# Restrict to only run on the below platforms (if none were given,
# all OS's and cloud API's supported)
supports platform: "unix"
desc "A resource to retrieve information about podman"
example <<~EXAMPLE
describe podman.containers do
its('images') { should include "docker.io/library/ubuntu:latest" }
end
describe podman.images do
its('names') { should_not include "docker.io/library/ubuntu:latest" }
end
describe podman.pods do
its("ids") { should include "95cadbb84df71e6374fceb3fd89ee3b8f2c7e1a831062cd9cea7d0e3e4b1dbcc" }
end
describe podman.info.host do
its("os") { should eq "linux"}
end
describe podman.version do
its("Client.Version") { should eq "4.1.0"}
end
podman.containers.ids.each do |id|
# call podman inspect for a specific container id
describe podman.object(id) do
its("State.OciVersion") { should eq "1.0.2-dev" }
its("State.Running") { should eq true}
end
end
EXAMPLE
def containers
PodmanContainerFilter.new(parse_containers)
end
def images
PodmanImageFilter.new(parse_images)
end
def networks
PodmanNetworkFilter.new(parse_networks)
end
def pods
PodmanPodFilter.new(parse_pods)
end
def volumes
PodmanVolumeFilter.new(parse_volumes)
end
def version
return @version if defined?(@version)
sub_cmd = "version --format json"
output = run_command(sub_cmd)
@version = Hashie::Mash.new(JSON.parse(output))
rescue JSON::ParserError => _e
Hashie::Mash.new({})
end
def info
return @info if defined?(@info)
sub_cmd = "info --format json"
output = run_command(sub_cmd)
@info = Hashie::Mash.new(JSON.parse(output))
rescue JSON::ParserError => _e
Hashie::Mash.new({})
end
# returns information about podman objects
def object(id)
return @inspect if defined?(@inspect)
output = run_command("inspect #{id} --format json")
data = JSON.parse(output)
data = data[0] if data.is_a?(Array)
@inspect = Hashie::Mash.new(data)
rescue JSON::ParserError => _e
Hashie::Mash.new({})
end
def to_s
"Podman"
end
private
# Calls the run_command method to get all podman containers and parse the command output.
# Returns the parsed command output.
def parse_containers
labels = %w{ID Image ImageID Command CreatedAt RunningFor Status Pod Ports Size Names Networks Labels Mounts}
parse_json_command(labels, "ps -a --no-trunc --size")
end
# Calls the run_command method to get all podman images and parse the command output.
# Returns the parsed command output.
def parse_images
labels = %w{ID Repository Tag Size Digest CreatedAt CreatedSince History}
parse_json_command(labels, "images -a --no-trunc")
end
# Calls the run_command method to get all podman network list and parse the command output.
# Returns the parsed command output.
def parse_networks
labels = %w{ID Name Driver Labels Options IPAMOptions Created Internal IPv6Enabled DNSEnabled NetworkInterface Subnets}
parse_json_command(labels, "network ls --no-trunc")
end
# Calls the run_command method to get all podman pod list and parse the command output.
# Returns the parsed command output.
def parse_pods
sub_cmd = "pod ps --no-trunc --format json"
output = run_command(sub_cmd)
parse(output)
end
# Calls the run_command method to get all podman volume list and parse the command output.
# Returns the parsed command output.
def parse_volumes
sub_cmd = "volume ls --format json"
output = run_command(sub_cmd)
parse(output)
end
# Runs the given podman command on the host machine on which podman is installed
# Returns the command output or raises the command execution error.
def run_command(subcommand)
result = inspec.command("podman #{subcommand}")
if result.stderr.empty?
result.stdout
else
raise "Error while running command \'podman #{subcommand}\' : #{result.stderr}"
end
end
def parse_json_command(labels, subcommand)
# build command
format = labels.map { |label| "\"#{label}\": {{json .#{label}}}" }
raw = inspec.command("podman #{subcommand} --format '{#{format.join(", ")}}'").stdout
output = []
raw.each_line do |entry|
# convert all keys to lower_case to work well with ruby and filter table
row = JSON.parse(entry).map do |key, value|
[key.downcase, value]
end.to_h
# ensure all keys are there
row = ensure_keys(row, labels)
output.push(row)
end
output
rescue JSON::ParserError => _e
warn "Could not parse `podman #{subcommand}` output"
[]
end
def ensure_keys(entry, labels)
labels.each do |key|
entry[key.downcase] = nil unless entry.key?(key.downcase)
end
entry
end
# Method to parse JDON content.
# Returns: Parsed data.
def parse(content)
require "json" unless defined?(JSON)
output = JSON.parse(content)
parsed_output = []
output.each do |entry|
entry = entry.map do |k, v|
[k.downcase, v]
end.to_h
parsed_output << entry
end
parsed_output
rescue => e
raise Inspec::Exceptions::ResourceFailed, "Unable to parse command JSON output: #{e.message}"
end
end
# class for podman.containers plural resource
class PodmanContainerFilter
filter = FilterTable.create
filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
filter.register_column(:commands, field: "command")
.register_column(:ids, field: "id")
.register_column(:created_at, field: "createdat")
.register_column(:images, field: "image")
.register_column(:names, field: "names")
.register_column(:status, field: "status")
.register_column(:image_ids, field: "image_id")
.register_column(:labels, field: "labels", style: :simple)
.register_column(:mounts, field: "mounts")
.register_column(:networks, field: "networks")
.register_column(:pods, field: "pod")
.register_column(:ports, field: "ports")
.register_column(:sizes, field: "size")
.register_column(:running_for, field: "running_for")
.register_custom_matcher(:running?) do |x|
x.where { status.downcase.start_with?("up") }
end
filter.install_filter_methods_on_resource(self, :containers)
attr_reader :containers
def initialize(containers)
@containers = containers
end
def to_s
"Podman Containers"
end
def resource_id
"Podman Containers"
end
end
# class for podman.images plural resource
class PodmanImageFilter
filter = FilterTable.create
filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
filter.register_column(:ids, field: "id")
.register_column(:repositories, field: "repository")
.register_column(:tags, field: "tag")
.register_column(:sizes, field: "size")
.register_column(:digests, field: "digest")
.register_column(:created_at, field: "createdat")
.register_column(:created_since, field: "createdsince")
.register_column(:history, field: "history")
filter.install_filter_methods_on_resource(self, :images)
attr_reader :images
def initialize(images)
@images = images
end
def to_s
"Podman Images"
end
def resource_id
"Podman Images"
end
end
class PodmanNetworkFilter
filter = FilterTable.create
filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
.register_column(:ids, field: "id")
.register_column(:names, field: "name")
.register_column(:drivers, field: "driver")
.register_column(:network_interfaces, field: "networkinterface")
.register_column(:created, field: "created")
.register_column(:subnets, field: "subnets")
.register_column(:ipv6_enabled, field: "ipv6enabled")
.register_column(:internal, field: "internal")
.register_column(:dns_enabled, field: "dnsenabled")
.register_column(:ipam_options, field: "ipamoptions")
.register_column(:options, field: "options")
.register_column(:labels, field: "labels")
filter.install_filter_methods_on_resource(self, :networks)
attr_reader :networks
def initialize(networks)
@networks = networks
end
def to_s
"Podman Networks"
end
def resource_id
"Podman Networks"
end
end
class PodmanPodFilter
filter = FilterTable.create
filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
.register_column(:ids, field: "id")
.register_column(:cgroups, field: "cgroup")
.register_column(:containers, field: "containers")
.register_column(:created, field: "created")
.register_column(:infraids, field: "infraid")
.register_column(:names, field: "name")
.register_column(:namespaces, field: "namespace")
.register_column(:networks, field: "networks")
.register_column(:status, field: "status")
.register_column(:labels, field: "labels")
filter.install_filter_methods_on_resource(self, :pods)
attr_reader :pods
def initialize(pods)
@pods = pods
end
def to_s
"Podman Pods"
end
def resource_id
"Podman Pods"
end
end
class PodmanVolumeFilter
filter = FilterTable.create
filter.register_custom_matcher(:exists?) { |x| !x.entries.empty? }
.register_column(:names, field: "name")
.register_column(:drivers, field: "driver")
.register_column(:mountpoints, field: "mountpoint")
.register_column(:createdat, field: "createdat")
.register_column(:labels, field: "labels")
.register_column(:scopes, field: "scope")
.register_column(:options, field: "options")
.register_column(:mountcount, field: "mountcount")
.register_column(:needscopyup, field: "needscopyup")
.register_column(:needschown, field: "needschown")
filter.install_filter_methods_on_resource(self, :volumes)
attr_reader :volumes
def initialize(volumes)
@volumes = volumes
end
def to_s
"Podman Volumes"
end
def resource_id
"Podman Volumes"
end
end
end

84
lib/inspec/resources/podman_container.rb Normal file
View file

@ -0,0 +1,84 @@
require "inspec/resources/podman"
require_relative "docker_object"
# Change module if required
module Inspec::Resources
class PodmanContainer < Inspec.resource(1)
include Inspec::Resources::DockerObject
name "podman_container"
supports platform: "unix"
desc "Inspec core resource to retrieve information about podman container"
example <<~EXAMPLE
describe podman_container("sweet_mendeleev") do
it { should exist }
it { should be_running }
its("id") { should eq "591270d8d80d26671fd6ed622f367fbe19004d16e3b519c292313feb5f22e7f7" }
its("image") { should eq "docker.io/library/nginx:latest" }
its("labels") { should include "maintainer"=>"NGINX Docker Maintainers <docker-maint@nginx.com>" }
its("ports") { should eq nil }
end
describe podman_container(id: "591270d8d80d2667") do
it { should exist }
it { should be_running }
end
EXAMPLE
def initialize(opts = {})
skip_resource "The `podman_container` resource is not yet available on your OS." unless inspec.os.unix?
# if a string is provided, we expect it is the name
if opts.is_a?(String)
@opts = { name: opts }
else
@opts = opts
end
end
def running?
status.downcase.start_with?("up") if object_info.entries.length == 1
end
def status
object_info.status[0] if object_info.entries.length == 1
end
def labels
object_info.labels
end
def ports
object_info.ports[0] if object_info.entries.length == 1
end
def command
return unless object_info.entries.length == 1
object_info.commands[0]
end
def image
object_info.images[0] if object_info.entries.length == 1
end
def resource_id
object_info.ids[0] || @opts[:id] || @opts[:name] || ""
end
def to_s
name = @opts[:name] || @opts[:id]
"Podman Container #{name}"
end
private
def object_info
return @info if defined?(@info)
opts = @opts
@info = inspec.podman.containers.where { names == opts[:name] || (!id.nil? && !opts[:id].nil? && (id == opts[:id] || id.start_with?(opts[:id]))) }
end
end
end

108
lib/inspec/resources/podman_image.rb Normal file
View file

@ -0,0 +1,108 @@
require "inspec/resources/command"
require_relative "docker_object"
require "inspec/utils/podman"
module Inspec::Resources
class PodmanImage < Inspec.resource(1)
include Inspec::Resources::DockerObject
include Inspec::Utils::Podman
name "podman_image"
supports platform: "unix"
desc "InSpec core resource to retrieve information about podman image"
example <<~EXAMPLE
describe podman_image("docker.io/library/busybox") do
it { should exist }
its("repo_tags") { should include "docker.io/library/busybox:latest" }
its("size") { should eq 1636053 }
its("resource_id") { should eq "docker.io/library/busybox:latest" }
end
describe podman_image("docker.io/library/busybox:latest") do
it { should exist }
end
describe podman_image(repo: "docker.io/library/busybox", tag: "latest") do
it { should exist }
end
describe podman_image(id: "3c19bafed223") do
it { should exist }
end
EXAMPLE
attr_reader :opts, :image_info
def initialize(opts)
skip_resource "The `podman_image` resource is not yet available on your OS." unless inspec.os.unix?
opts = { image: opts } if opts.is_a?(String)
@opts = sanitize_options(opts)
raise Inspec::Exceptions::ResourceFailed, "Podman is not running. Please make sure it is installed and running." unless podman_running?
@image_info = get_image_info
end
LABELS = {
"id" => "ID",
"repo_tags" => "RepoTags",
"size" => "Size",
"digest" => "Digest",
"created_at" => "Created",
"version" => "Version",
"names_history" => "NamesHistory",
"repo_digests" => "RepoDigests",
"architecture" => "Architecture",
"os" => "Os",
"virtual_size" => "VirtualSize",
}.freeze
## This creates all the required properties methods dynamically.
LABELS.each do |k, v|
define_method(k) do
image_info[k.to_s]
end
end
def exist?
! image_info.empty?
end
def resource_id
opts[:id] || opts[:image] || ""
end
def to_s
"podman_image #{resource_id}"
end
private
def sanitize_options(opts)
opts.merge!(parse_components_from_image(opts[:image]))
# assume a "latest" tag if we don't have one
opts[:tag] ||= "latest"
# Assemble/reassemble the image from the repo and tag
opts[:image] = "#{opts[:repo]}:#{opts[:tag]}" unless opts[:repo].nil?
opts
end
def get_image_info
current_image = opts[:id] || opts[:image] || opts[:repo] + ":" + opts[:tag]
json_key_label = generate_go_template(LABELS)
podman_inspect_cmd = inspec.command("podman image inspect #{current_image} --format '{#{json_key_label}}'")
if podman_inspect_cmd.exit_status == 0
parse_command_output(podman_inspect_cmd.stdout)
elsif podman_inspect_cmd.stderr =~ /failed to find image/
{}
else
raise Inspec::Exceptions::ResourceFailed, "Unable to retrieve podman image information for #{current_image}.\nError message: #{podman_inspect_cmd.stderr}"
end
end
end
end

81
lib/inspec/resources/podman_network.rb Normal file
View file

@ -0,0 +1,81 @@
require "inspec/resources/command"
require "inspec/utils/podman"
module Inspec::Resources
class PodmanNetwork < Inspec.resource(1)
include Inspec::Utils::Podman
name "podman_network"
supports platform: "unix"
desc "InSpec core resource to retrive information about the given Podman network"
example <<~EXAMPLE
describe podman_network("podman") do
it { should exist }
end
describe podman_network("3a7c94d937d5f3a0f1a9b1610589945aedfbe56207fd5d32fc8154aa1a8b007f") do
its("driver") { should eq bridge }
end
EXAMPLE
LABELS = {
id: "ID",
name: "Name",
driver: "Driver",
labels: "Labels",
options: "Options",
ipam_options: "IPAMOptions",
internal: "Internal",
created: "Created",
ipv6_enabled: "IPv6Enabled",
dns_enabled: "DNSEnabled",
network_interface: "NetworkInterface",
subnets: "Subnets",
}.freeze
attr_reader :param, :network_info
def initialize(param)
skip_resource "The `podman_network` resource is not yet available on your OS." unless inspec.os.unix?
@param = param
raise Inspec::Exceptions::ResourceFailed, "Podman is not running. Please make sure it is installed and running." unless podman_running?
@network_info = get_network_info
end
## This creates all the required properties methods dynamically.
LABELS.each do |k, v|
define_method(k) do
network_info[k.to_s]
end
end
def exist?
!network_info.empty?
end
def resource_id
id || param || ""
end
def to_s
"podman_network #{resource_id}"
end
private
def get_network_info
go_template_format = generate_go_template(LABELS)
result = inspec.command("podman network inspect #{param} --format '{#{go_template_format}}'")
if result.exit_status == 0
parse_command_output(result.stdout)
elsif result.stderr =~ /network not found/
{}
else
raise Inspec::Exceptions::ResourceFailed, "Unable to retrieve podman network information for #{param}.\nError message: #{result.stderr}"
end
end
end
end

101
lib/inspec/resources/podman_pod.rb Normal file
View file

@ -0,0 +1,101 @@
require "inspec/resources/command"
require "inspec/utils/podman"
module Inspec::Resources
class PodmanPod < Inspec.resource(1)
include Inspec::Utils::Podman
name "podman_pod"
supports platform: "unix"
desc "InSpec core resource to retrieve information about podman pod"
example <<~EXAMPLE
describe podman_pod("nginx-frontend") do
it { should exist }
its("id") { should eq "fcfe4d471cfface0d1b39bce23af7d31ab8736cd68c0360ade0b4afe364f79d4" }
its("name") { should eq "nginx-frontend" }
its("created_at") { should eq "2022-07-14T15:47:47.978078124+05:30" }
its("create_command") { should include "new:nginx-frontend" }
its("state") { should eq "Running" }
its("hostname") { should eq "" }
its("create_cgroup") { should eq true }
its("cgroup_parent") { should eq "user.slice" }
its("cgroup_path") { should eq "user.slice/user-libpod_pod_fcfe4d471cfface0d1b39bce23af7d31ab8736cd68c0360ade0b4afe364f79d4.slice" }
its("create_infra") { should eq true }
its("infra_container_id") { should eq "727538044b32a165934729dc2d47d9d5e981b6496aebfad7de470f7e76ea4251" }
its("infra_config") { should include "DNSOption" }
its("shared_namespaces") { should include "ipc" }
its("num_containers") { should eq 2 }
its("containers") { should_not be nil }
end
describe podman_pod("non-existing-pod") do
it { should_not exist }
end
EXAMPLE
attr_reader :pod_info, :pod_id
def initialize(pod_id)
skip_resource "The `podman_pod` resource is not yet available on your OS." unless inspec.os.unix?
raise Inspec::Exceptions::ResourceFailed, "Podman is not running. Please make sure it is installed and running." unless podman_running?
@pod_id = pod_id
@pod_info = get_pod_info
end
LABELS = {
"id" => "ID",
"name" => "Name",
"created_at" => "Created",
"create_command" => "CreateCommand",
"state" => "State",
"hostname" => "Hostname",
"create_cgroup" => "CreateCgroup",
"cgroup_parent" => "CgroupParent",
"cgroup_path" => "CgroupPath",
"create_infra" => "CreateInfra",
"infra_container_id" => "InfraContainerID",
"infra_config" => "InfraConfig",
"shared_namespaces" => "SharedNamespaces",
"num_containers" => "NumContainers",
"containers" => "Containers",
}.freeze
# This creates all the required properties methods dynamically.
LABELS.each do |k, _|
define_method(k) do
pod_info[k.to_s]
end
end
def exist?
!pod_info.empty?
end
def resource_id
pod_id
end
def to_s
"Podman Pod #{resource_id}"
end
private
def get_pod_info
json_key_label = generate_go_template(LABELS)
inspect_pod_cmd = inspec.command("podman pod inspect #{pod_id} --format '{#{json_key_label}}'")
if inspect_pod_cmd.exit_status == 0
parse_command_output(inspect_pod_cmd.stdout)
elsif inspect_pod_cmd.stderr =~ /no pod with name or ID/
{}
else
raise Inspec::Exceptions::ResourceFailed, "Unable to retrieve podman pod information for #{pod_id}.\nError message: #{inspect_pod_cmd.stderr}"
end
end
end
end

87
lib/inspec/resources/podman_volume.rb Normal file
View file

@ -0,0 +1,87 @@
require "inspec/resources/command"
require "inspec/utils/podman"
module Inspec::Resources
class PodmanVolume < Inspec.resource(1)
include Inspec::Utils::Podman
name "podman_volume"
supports platform: "unix"
desc "InSpec core resource to retrieve information about podman volume"
example <<~EXAMPLE
describe podman_volume("my_volume") do
it { should exist }
its("name") { should eq "my_volume" }
its("driver") { should eq "local" }
its("mountpoint") { should eq "/var/home/core/.local/share/containers/storage/volumes/my_volume/_data" }
its("created_at") { should eq "2022-07-14T13:21:19.965421792+05:30" }
its("labels") { should eq({}) }
its("scope") { should eq "local" }
its("options") { should eq({}) }
its("mount_count") { should eq 0 }
its("needs_copy_up") { should eq true }
its("needs_chown") { should eq true }
end
EXAMPLE
attr_reader :volume_info, :volume_name
def initialize(volume_name)
skip_resource "The `podman_volume` resource is not yet available on your OS." unless inspec.os.unix?
raise Inspec::Exceptions::ResourceFailed, "Podman is not running. Please make sure it is installed and running." unless podman_running?
@volume_name = volume_name
@volume_info = get_volume_info
end
LABELS = {
"name" => "Name",
"driver" => "Driver",
"mountpoint" => "Mountpoint",
"created_at" => "CreatedAt",
"labels" => "Labels",
"scope" => "Scope",
"options" => "Options",
"mount_count" => "MountCount",
"needs_copy_up" => "NeedsCopyUp",
"needs_chown" => "NeedsChown",
}.freeze
# This creates all the required properties methods dynamically.
LABELS.each do |k, _|
define_method(k) do
volume_info[k.to_s]
end
end
def exist?
!volume_info.empty?
end
def resource_id
volume_name
end
def to_s
"podman_volume #{resource_id}"
end
private
def get_volume_info
json_key_label = generate_go_template(LABELS)
inspect_volume_cmd = inspec.command("podman volume inspect #{volume_name} --format '{#{json_key_label}}'")
if inspect_volume_cmd.exit_status == 0
parse_command_output(inspect_volume_cmd.stdout)
elsif inspect_volume_cmd.stderr =~ /inspecting object: no such/
{}
else
raise Inspec::Exceptions::ResourceFailed, "Unable to retrieve podman volume information for #{volume_name}.\nError message: #{inspect_volume_cmd.stderr}"
end
end
end
end

24
lib/inspec/utils/podman.rb Normal file
View file

@ -0,0 +1,24 @@
require "inspec/resources/command"
module Inspec
module Utils
module Podman
def podman_running?
inspec.command("podman version").exit_status == 0
end
# Generates the template in this format using labels hash: "\"id\": {{json .ID}}, \"name\": {{json .Name}}",
def generate_go_template(labels)
(labels.map { |k, v| "\"#{k}\": {{json .#{v}}}" }).join(", ")
end
def parse_command_output(output)
require "json" unless defined?(JSON)
JSON.parse(output)
rescue JSON::ParserError => _e
warn "Could not parse the command output"
{}
end
end
end
end

6
test/fixtures/cmd/podman-errors vendored Normal file
View file

@ -0,0 +1,6 @@
Error: inspecting object: network min: network not found
Error: inspecting object: unable to inspect \"abc\": failed to find image abc: abc: image not known
Error: no pod with name or ID non_existing_pod found: no such pod
[]
error inspecting object: no such object: "non_existing_volume"
Error: inspecting object: no such object: "volume"

4
test/fixtures/cmd/podman-images-a vendored Normal file
View file

@ -0,0 +1,4 @@
{ "id": "sha256:c7db653c4397e6a4d1e468bb7c6400c022c62623bdb87c173d54bac7995b6d8f", "repository": "localhost/podman-pause", "tag": "4.1.0-1651853754", "size": "816 kB", "digest": "sha256:e6e9fffed42f600c811af34569268c07d063f12507457493c608d944a1fdac3f", "createdat": "2022-07-01 07:38:09 +0000 UTC", "createdsince": "5 days ago", "history": "localhost/podman-pause:4.1.0-1651853754" }
{ "id": "sha256:55f4b40fe486a5b734b46bb7bf28f52fa31426bf23be068c8e7b19e58d9b8deb", "repository": "docker.io/library/nginx", "tag": "latest", "size": "146 MB", "digest": "sha256:10f14ffa93f8dedf1057897b745e5ac72ac5655c299dade0aa434c71557697ea", "createdat": "2022-06-23 04:13:24 +0000 UTC", "createdsince": "13 days ago", "history": "docker.io/library/nginx:latest" }
{ "id": "sha256:27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee", "repository": "docker.io/library/ubuntu", "tag": "latest", "size": "80.3 MB", "digest": "sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac", "createdat": "2022-06-06 22:21:26 +0000 UTC", "createdsince": "4 weeks ago", "history": "docker.io/library/ubuntu:latest" }
{ "id": "sha256:3a66698e604003f7822a0c73e9da50e090fda9a99fe1f2e1e2e7fe796cc803d5", "repository": "registry.fedoraproject.org/fedora", "tag": "latest", "size": "169 MB", "digest": "sha256:38813cf0913241b7f13c7057e122f7c3cfa2e7c427dca3194f933d94612e280b", "createdat": "2022-05-06 10:11:58 +0000 UTC", "createdsince": "2 months ago", "history": "registry.fedoraproject.org/fedora:latest" }

150
test/fixtures/cmd/podman-info vendored Normal file
View file

@ -0,0 +1,150 @@
{
"host": {
"arch": "amd64",
"buildahVersion": "1.26.1",
"cgroupManager": "systemd",
"cgroupVersion": "v2",
"cgroupControllers": [
"cpu",
"io",
"memory",
"pids"
],
"conmon": {
"package": "conmon-2.1.0-2.fc36.x86_64",
"path": "/usr/bin/conmon",
"version": "conmon version 2.1.0, commit: "
},
"cpus": 1,
"cpuUtilization": {
"userPercent": 0.03,
"systemPercent": 0.09,
"idlePercent": 99.89
},
"distribution": {
"distribution": "fedora",
"variant": "coreos",
"version": "36"
},
"eventLogger": "journald",
"hostname": "localhost.localdomain",
"idMappings": {
"gidmap": [
{
"container_id": 0,
"host_id": 1000,
"size": 1
},
{
"container_id": 1,
"host_id": 100000,
"size": 1000000
}
],
"uidmap": [
{
"container_id": 0,
"host_id": 1005691005,
"size": 1
},
{
"container_id": 1,
"host_id": 100000,
"size": 1000000
}
]
},
"kernel": "5.17.5-300.fc36.x86_64",
"logDriver": "journald",
"memFree": 1668063232,
"memTotal": 2066817024,
"networkBackend": "netavark",
"ociRuntime": {
"name": "crun",
"package": "crun-1.4.4-1.fc36.x86_64",
"path": "/usr/bin/crun",
"version": "crun version 1.4.4\ncommit: 6521fcc5806f20f6187eb933f9f45130c86da230\nspec: 1.0.0\n+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL"
},
"os": "linux",
"remoteSocket": {
"path": "/run/user/1005691005/podman/podman.sock",
"exists": true
},
"serviceIsRemote": true,
"security": {
"apparmorEnabled": false,
"capabilities": "CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT",
"rootless": true,
"seccompEnabled": true,
"seccompProfilePath": "/usr/share/containers/seccomp.json",
"selinuxEnabled": true
},
"slirp4netns": {
"executable": "/usr/bin/slirp4netns",
"package": "slirp4netns-1.2.0-0.2.beta.0.fc36.x86_64",
"version": "slirp4netns version 1.2.0-beta.0\ncommit: 477db14a24ff1a3de3a705e51ca2c4c1fe3dda64\nlibslirp: 4.6.1\nSLIRP_CONFIG_VERSION_MAX: 3\nlibseccomp: 2.5.3"
},
"swapFree": 0,
"swapTotal": 0,
"uptime": "12h 40m 12.19s (Approximately 0.50 days)",
"linkmode": "dynamic"
},
"store": {
"configFile": "/var/home/core/.config/containers/storage.conf",
"containerStore": {
"number": 5,
"paused": 0,
"running": 3,
"stopped": 2
},
"graphDriverName": "overlay",
"graphOptions": {
},
"graphRoot": "/var/home/core/.local/share/containers/storage",
"graphRootAllocated": 106825756672,
"graphRootUsed": 2833563648,
"graphStatus": {
"Backing Filesystem": "xfs",
"Native Overlay Diff": "true",
"Supports d_type": "true",
"Using metacopy": "false"
},
"imageCopyTmpDir": "/var/tmp",
"imageStore": {
"number": 4
},
"runRoot": "/run/user/1005691005/containers",
"volumePath": "/var/home/core/.local/share/containers/storage/volumes"
},
"registries": {
"search": [
"docker.io"
]
},
"plugins": {
"volume": [
"local"
],
"network": [
"bridge",
"macvlan"
],
"log": [
"k8s-file",
"none",
"passthrough",
"journald"
]
},
"version": {
"APIVersion": "4.1.0",
"Version": "4.1.0",
"GoVersion": "go1.18",
"GitCommit": "",
"BuiltTime": "Fri May 6 21:45:54 2022",
"Built": 1651853754,
"OsArch": "linux/amd64",
"Os": "linux"
}
}

10
test/fixtures/cmd/podman-inspec vendored Normal file
View file

@ -0,0 +1,10 @@
[
{
"Id": "591270d8d80d26671fd6ed622f367fbe19004d16e3b519c292313feb5f22e7f7",
"Created": "2022-06-28T16:34:10.965113607+05:30",
"Path": "/docker-entrypoint.sh",
"Args": [
"/bin/bash"
]
}
]

1
test/fixtures/cmd/podman-inspect-info vendored Normal file
View file

@ -0,0 +1 @@
{"id": "3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6", "repo_tags": ["docker.io/library/busybox:latest"], "size": 1636053, "digest": "sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83", "created_at": "2022-06-08T00:39:28.175020858Z", "version": "20.10.12", "names_history": ["docker.io/library/busybox:latest"], "repo_digests": ["docker.io/library/busybox@sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a","docker.io/library/busybox@sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83"], "architecture": "arm64", "os": "linux", "virtual_size": 1636053}

1
test/fixtures/cmd/podman-network vendored Normal file
View file

@ -0,0 +1 @@
{ "id": "3a7c94d937d5f3a0f1a9b1610589945aedfbe56207fd5d32fc8154aa1a8b007f", "name": "minikube", "driver": "bridge", "labels": {"created_by.minikube.sigs.k8s.io": "true", "name.minikube.sigs.k8s.io": "minikube"}, "options": null, "ipam_options": {"driver": "host-local"}, "internal": false, "created": "2022-07-10T19:37:11.656610731+05:30", "ipv6_enabled": false, "dns_enabled": true, "network_interface": "podman1", "subnets": [{"subnet": "192.168.49.0/24", "gateway": "192.168.49.1"}] }

1
test/fixtures/cmd/podman-network-ls vendored Normal file
View file

@ -0,0 +1 @@
{ "id": "2f259bab93aaaaa2542ba43ef33eb990d0999ee1b9924b557b7be53c0b7a1bb9", "name": "podman", "driver": "bridge", "labels": "", "options": null, "IpamOptions": {"driver":"host-local"}, "created": "2022-07-06T10:32:00.879655095+05:30", "internal": false, "Ipv6Enabled": false, "DnsEnabled": false, "NetworkInterface": "podman0", "Subnets": [{"subnet":"10.88.0.0/16","gateway":"10.88.0.1"}] }

1
test/fixtures/cmd/podman-pod-inspect vendored Normal file
View file

@ -0,0 +1 @@
{"id": "fcfe4d471cfface0d1b39bce23af7d31ab8736cd68c0360ade0b4afe364f79d4", "name": "nginx-frontend", "created_at": "2022-07-14T15:47:47.978078124+05:30", "create_command": ["podman","run","-dt","--pod","new:nginx-frontend","-p","8080:80","nginx"], "state": "Running", "hostname": "", "create_cgroup": true, "cgroup_parent": "user.slice", "cgroup_path": "user.slice/user-libpod_pod_fcfe4d471cfface0d1b39bce23af7d31ab8736cd68c0360ade0b4afe364f79d4.slice", "create_infra": true, "infra_container_id": "727538044b32a165934729dc2d47d9d5e981b6496aebfad7de470f7e76ea4251", "infra_config": {"PortBindings":{"80/tcp":[{"HostIp":"","HostPort":"8080"}]},"HostNetwork":false,"StaticIP":"","StaticMAC":"","NoManageResolvConf":false,"DNSServer":null,"DNSSearch":null,"DNSOption":null,"NoManageHosts":false,"HostAdd":null,"Networks":["podman"],"NetworkOptions":null,"pid_ns":"private","userns":"host"}, "shared_namespaces": ["uts","ipc","net"], "num_containers": 2, "containers": [{"Id":"3c8a4782f3401033a2ff2bedd9c002762c9c47e6194ceafbb6cfed8312b24de9","Name":"epic_hodgkin","State":"running"},{"Id":"727538044b32a165934729dc2d47d9d5e981b6496aebfad7de470f7e76ea4251","Name":"fcfe4d471cff-infra","State":"running"}]}

29
test/fixtures/cmd/podman-pod-ps vendored Normal file
View file

@ -0,0 +1,29 @@
[
{
"Cgroup": "user.slice",
"Containers": [
{
"Id": "a218dfc58fa28e0c58c55e508e5b57084876b42e894b98073c69c45dea06cbb2",
"Names": "95cadbb84df7-infra",
"Status": "running"
},
{
"Id": "b36abf69b8af6f8a8305ab2d9b209c2acaeece41dbc4f242f8e45caf6e02504b",
"Names": "pensive_mccarthy",
"Status": "running"
}
],
"Created": "2022-07-01T13:08:09.662082101+05:30",
"Id": "95cadbb84df71e6374fceb3fd89ee3b8f2c7e1a831062cd9cea7d0e3e4b1dbcc",
"InfraId": "a218dfc58fa28e0c58c55e508e5b57084876b42e894b98073c69c45dea06cbb2",
"Name": "cranky_allen",
"Namespace": "",
"Networks": [
"podman"
],
"Status": "Running",
"Labels": {
}
}
]

5
test/fixtures/cmd/podman-ps-a vendored Normal file
View file

@ -0,0 +1,5 @@
{ "id": "591270d8d80d26671fd6ed622f367fbe19004d16e3b519c292313feb5f22e7f7", "image": "docker.io/library/nginx:latest", "image_id": "55f4b40fe486a5b734b46bb7bf28f52fa31426bf23be068c8e7b19e58d9b8deb", "command": "/bin/bash", "createdat": "2022-06-28 16:34:10.965113607 +0530 IST", "running_for": "8 days ago", "status": "Up 13 hours ago", "pod": "", "ports": "", "size": "12B (virtual 142MB)", "names": "sweet_mendeleev", "networks": "podman", "labels": {"maintainer":"NGINX Docker Maintainers <docker-maint@nginx.com>"}, "mounts": [] }
{ "id": "64b5562346d6b52fd40d790b34e9f18ba3b8745649c302b79ba5399d4ea00b36", "image": "docker.io/library/ubuntu:latest", "image_id": "27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee", "command": "/bin/bash", "createdat": "2022-06-29 08:48:45.195339311 +0530 IST", "running_for": "7 days ago", "status": "Up 13 hours ago", "pod": "", "ports": "", "size": "12B (virtual 77.8MB)", "names": "wizardly_torvalds", "networks": "podman", "labels": null, "mounts": [] }
{ "id": "437e70c45633de74be7a87ed8d94c442a3bfe0a1cdd293d5184a4af1765d8cf5", "image": "registry.fedoraproject.org/fedora:latest", "image_id": "3a66698e604003f7822a0c73e9da50e090fda9a99fe1f2e1e2e7fe796cc803d5", "command": "/bin/bash", "createdat": "2022-06-29 13:40:20.414848724 +0530 IST", "running_for": "7 days ago", "status": "Created", "pod": "", "ports": "", "size": "0B (virtual 163MB)", "names": "confident_bell", "networks": "podman", "labels": {"license":"MIT","name":"fedora","vendor":"Fedora Project","version":"36"}, "mounts": [] }
{ "id": "a218dfc58fa28e0c58c55e508e5b57084876b42e894b98073c69c45dea06cbb2", "image": "localhost/podman-pause:4.1.0-1651853754", "image_id": "c7db653c4397e6a4d1e468bb7c6400c022c62623bdb87c173d54bac7995b6d8f", "command": "", "createdat": "2022-07-01 13:08:09.685404054 +0530 IST", "running_for": "5 days ago", "status": "Created", "pod": "95cadbb84df71e6374fceb3fd89ee3b8f2c7e1a831062cd9cea7d0e3e4b1dbcc", "ports": "", "size": "12B (virtual 812kB)", "names": "95cadbb84df7-infra", "networks": "podman", "labels": {"io.buildah.version":"1.26.1"}, "mounts": [] }
{ "id": "b36abf69b8af6f8a8305ab2d9b209c2acaeece41dbc4f242f8e45caf6e02504b", "image": "docker.io/library/ubuntu:latest", "image_id": "27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee", "command": "bash", "createdat": "2022-07-01 22:05:09.624021187 +0530 IST", "running_for": "4 days ago", "status": "Created", "pod": "95cadbb84df71e6374fceb3fd89ee3b8f2c7e1a831062cd9cea7d0e3e4b1dbcc", "ports": "", "size": "12B (virtual 77.8MB)", "names": "pensive_mccarthy", "networks": "", "labels": null, "mounts": [] }

1
test/fixtures/cmd/podman-version vendored Normal file
View file

@ -0,0 +1 @@
{"Client":{"APIVersion":"4.1.0","Version":"4.1.0","GoVersion":"go1.18.1","GitCommit":"","BuiltTime":"Fri May 6 01:37:47 2022","Built":1651781267,"OsArch":"darwin/amd64","Os":"darwin"},"Server":{"APIVersion":"4.1.0","Version":"4.1.0","GoVersion":"go1.18","GitCommit":"","BuiltTime":"Fri May 6 21:45:54 2022","Built":1651853754,"OsArch":"linux/amd64","Os":"linux"}}

1
test/fixtures/cmd/podman-volume-inspect vendored Normal file
View file

@ -0,0 +1 @@
{"name": "my_volume", "driver": "local", "mountpoint": "/var/home/core/.local/share/containers/storage/volumes/my_volume/_data", "created_at": "2022-07-14T13:21:19.965421792+05:30", "labels": {}, "scope": "local", "options": {}, "mount_count": 0, "needs_copy_up": true, "needs_chown": true}

18
test/fixtures/cmd/podman-volume-ls vendored Normal file
View file

@ -0,0 +1,18 @@
[
{
"Name": "ae6be9ba838b9b150de47657229bb9b67142dbdb3d1ddbc5efa245cf1e95536a",
"Driver": "local",
"Mountpoint": "/var/home/core/.local/share/containers/storage/volumes/ae6be9ba838b9b150de47657229bb9b67142dbdb3d1ddbc5efa245cf1e95536a/_data",
"CreatedAt": "2022-07-02T12:40:37.012062614+05:30",
"Labels": {
},
"Scope": "local",
"Options": {
},
"MountCount": 0,
"NeedsCopyUp": true,
"NeedsChown": true
}
]

19
test/helpers/mock_loader.rb
View file

@ -681,6 +681,25 @@ class MockLoader
# file resource windows inherit
"(Get-Acl 'C:/ExamlpeFolder').access| Where-Object {$_.IsInherited -eq $true} | measure | % { $_.Count }" => cmd.call("windows_file_inherit_output"),
# podman
%{podman ps -a --no-trunc --size --format '{\"ID\": {{json .ID}}, \"Image\": {{json .Image}}, \"ImageID\": {{json .ImageID}}, \"Command\": {{json .Command}}, \"CreatedAt\": {{json .CreatedAt}}, \"RunningFor\": {{json .RunningFor}}, \"Status\": {{json .Status}}, \"Pod\": {{json .Pod}}, \"Ports\": {{json .Ports}}, \"Size\": {{json .Size}}, \"Names\": {{json .Names}}, \"Networks\": {{json .Networks}}, \"Labels\": {{json .Labels}}, \"Mounts\": {{json .Mounts}}}'} => cmd.call("podman-ps-a"),
%{podman images -a --no-trunc --format '{\"ID\": {{json .ID}}, \"Repository\": {{json .Repository}}, \"Tag\": {{json .Tag}}, \"Size\": {{json .Size}}, \"Digest\": {{json .Digest}}, \"CreatedAt\": {{json .CreatedAt}}, \"CreatedSince\": {{json .CreatedSince}}, \"History\": {{json .History}}}'} => cmd.call("podman-images-a"),
%{podman network ls --no-trunc --format '{\"ID\": {{json .ID}}, \"Name\": {{json .Name}}, \"Driver\": {{json .Driver}}, \"Labels\": {{json .Labels}}, \"Options\": {{json .Options}}, \"IPAMOptions\": {{json .IPAMOptions}}, \"Created\": {{json .Created}}, \"Internal\": {{json .Internal}}, \"IPv6Enabled\": {{json .IPv6Enabled}}, \"DNSEnabled\": {{json .DNSEnabled}}, \"NetworkInterface\": {{json .NetworkInterface}}, \"Subnets\": {{json .Subnets}}}'} => cmd.call("podman-network-ls"),
"podman pod ps --no-trunc --format json" => cmd.call("podman-pod-ps"),
"podman info --format json" => cmd.call("podman-info"),
"podman version --format json" => cmd.call("podman-version"),
"podman volume ls --format json" => cmd.call("podman-volume-ls"),
"podman inspect 591270d8d80d --format json" => cmd.call("podman-inspec"),
"podman image inspect docker.io/library/busybox:latest --format '{\"id\": {{json .ID}}, \"repo_tags\": {{json .RepoTags}}, \"size\": {{json .Size}}, \"digest\": {{json .Digest}}, \"created_at\": {{json .Created}}, \"version\": {{json .Version}}, \"names_history\": {{json .NamesHistory}}, \"repo_digests\": {{json .RepoDigests}}, \"architecture\": {{json .Architecture}}, \"os\": {{json .Os}}, \"virtual_size\": {{json .VirtualSize}}}'" => cmd.call("podman-inspect-info"),
"podman image inspect not-exist:latest --format '{\"id\": {{json .ID}}, \"repo_tags\": {{json .RepoTags}}, \"size\": {{json .Size}}, \"digest\": {{json .Digest}}, \"created_at\": {{json .Created}}, \"version\": {{json .Version}}, \"names_history\": {{json .NamesHistory}}, \"repo_digests\": {{json .RepoDigests}}, \"architecture\": {{json .Architecture}}, \"os\": {{json .Os}}, \"virtual_size\": {{json .VirtualSize}}}'" => cmd_stderr.call("podman-errors"),
"podman network inspect minikube --format '{\"id\": {{json .ID}}, \"name\": {{json .Name}}, \"driver\": {{json .Driver}}, \"labels\": {{json .Labels}}, \"options\": {{json .Options}}, \"ipam_options\": {{json .IPAMOptions}}, \"internal\": {{json .Internal}}, \"created\": {{json .Created}}, \"ipv6_enabled\": {{json .IPv6Enabled}}, \"dns_enabled\": {{json .DNSEnabled}}, \"network_interface\": {{json .NetworkInterface}}, \"subnets\": {{json .Subnets}}}'" => cmd.call("podman-network"),
"podman network inspect not-exist --format '{\"id\": {{json .ID}}, \"name\": {{json .Name}}, \"driver\": {{json .Driver}}, \"labels\": {{json .Labels}}, \"options\": {{json .Options}}, \"ipam_options\": {{json .IPAMOptions}}, \"internal\": {{json .Internal}}, \"created\": {{json .Created}}, \"ipv6_enabled\": {{json .IPv6Enabled}}, \"dns_enabled\": {{json .DNSEnabled}}, \"network_interface\": {{json .NetworkInterface}}, \"subnets\": {{json .Subnets}}}'" => cmd_stderr.call("podman-errors"),
"podman version" => empty.call,
"podman volume inspect my_volume --format '{\"name\": {{json .Name}}, \"driver\": {{json .Driver}}, \"mountpoint\": {{json .Mountpoint}}, \"created_at\": {{json .CreatedAt}}, \"labels\": {{json .Labels}}, \"scope\": {{json .Scope}}, \"options\": {{json .Options}}, \"mount_count\": {{json .MountCount}}, \"needs_copy_up\": {{json .NeedsCopyUp}}, \"needs_chown\": {{json .NeedsChown}}}'" => cmd.call("podman-volume-inspect"),
"podman volume inspect non_existing_volume --format '{\"name\": {{json .Name}}, \"driver\": {{json .Driver}}, \"mountpoint\": {{json .Mountpoint}}, \"created_at\": {{json .CreatedAt}}, \"labels\": {{json .Labels}}, \"scope\": {{json .Scope}}, \"options\": {{json .Options}}, \"mount_count\": {{json .MountCount}}, \"needs_copy_up\": {{json .NeedsCopyUp}}, \"needs_chown\": {{json .NeedsChown}}}'" => cmd_stderr.call("podman-errors"),
"podman pod inspect nginx-frontend --format '{\"id\": {{json .ID}}, \"name\": {{json .Name}}, \"created_at\": {{json .Created}}, \"create_command\": {{json .CreateCommand}}, \"state\": {{json .State}}, \"hostname\": {{json .Hostname}}, \"create_cgroup\": {{json .CreateCgroup}}, \"cgroup_parent\": {{json .CgroupParent}}, \"cgroup_path\": {{json .CgroupPath}}, \"create_infra\": {{json .CreateInfra}}, \"infra_container_id\": {{json .InfraContainerID}}, \"infra_config\": {{json .InfraConfig}}, \"shared_namespaces\": {{json .SharedNamespaces}}, \"num_containers\": {{json .NumContainers}}, \"containers\": {{json .Containers}}}'" => cmd.call("podman-pod-inspect"),
"podman pod inspect non_existing_pod --format '{\"id\": {{json .ID}}, \"name\": {{json .Name}}, \"created_at\": {{json .Created}}, \"create_command\": {{json .CreateCommand}}, \"state\": {{json .State}}, \"hostname\": {{json .Hostname}}, \"create_cgroup\": {{json .CreateCgroup}}, \"cgroup_parent\": {{json .CgroupParent}}, \"cgroup_path\": {{json .CgroupPath}}, \"create_infra\": {{json .CreateInfra}}, \"infra_container_id\": {{json .InfraContainerID}}, \"infra_config\": {{json .InfraConfig}}, \"shared_namespaces\": {{json .SharedNamespaces}}, \"num_containers\": {{json .NumContainers}}, \"containers\": {{json .Containers}}}'" => cmd_stderr.call("podman-errors"),
}
if @platform && (@platform[:name] == "windows" || @platform[:name] == "freebsd")

31
test/unit/resources/podman_container_test.rb Normal file
View file

@ -0,0 +1,31 @@
require "inspec/globals"
require "#{Inspec.src_root}/test/helper"
require_relative "../../../lib/inspec/resources/podman_container"
describe Inspec::Resources::PodmanContainer do
it "check container parsing" do
resource = load_resource("podman_container", "sweet_mendeleev")
_(resource.exist?).must_equal true
_(resource.command).must_equal "/bin/bash"
_(resource.status).must_equal "Up 13 hours ago"
_(resource.running?).must_equal true
_(resource.labels).must_include("maintainer" => "NGINX Docker Maintainers <docker-maint@nginx.com>")
_(resource.image).must_equal "docker.io/library/nginx:latest"
_(resource.ports).must_equal ""
end
it "prints as a podman resource" do
resource = load_resource("podman_container", "sweet_mendeleev")
_(resource.to_s).must_equal "Podman Container sweet_mendeleev"
end
it "prints the resource id of the current resource" do
resource = load_resource("podman_container", "sweet_mendeleev")
_(resource.resource_id).must_equal "591270d8d80d26671fd6ed622f367fbe19004d16e3b519c292313feb5f22e7f7"
end
it "skips the resource for unsupported platform" do
resource = MockLoader.new(:mock).load_resource("podman_container", "sweet_mendeleev")
_(resource.resource_skipped?).must_equal true
end
end

37
test/unit/resources/podman_image_test.rb Normal file
View file

@ -0,0 +1,37 @@
# If we can load the InSpec globals definition file...
require "inspec/globals"
require "#{Inspec.src_root}/test/helper"
require_relative "../../../lib/inspec/resources/podman_image"
describe Inspec::Resources::PodmanImage do
it "test podman image properties and matchers" do
resource = MockLoader.new("unix".to_sym).load_resource("podman_image", "docker.io/library/busybox")
_(resource.exist?).must_equal true
_(resource.id).must_equal "3c19bafed22355e11a608c4b613d87d06b9cdd37d378e6e0176cbc8e7144d5c6"
_(resource.repo_tags).must_include "docker.io/library/busybox:latest"
_(resource.created_at).must_equal "2022-06-08T00:39:28.175020858Z"
_(resource.version).must_equal "20.10.12"
_(resource.size).must_equal 1636053
_(resource.digest).must_equal "sha256:3614ca5eacf0a3a1bcc361c939202a974b4902b9334ff36eb29ffe9011aaad83"
_(resource.names_history).must_include "docker.io/library/busybox:latest"
_(resource.repo_digests).must_include "docker.io/library/busybox@sha256:2c5e2045f35086c019e80c86880fd5b7c7a619878b59e3b7592711e1781df51a"
_(resource.architecture).must_equal "arm64"
_(resource.os).must_equal "linux"
_(resource.virtual_size).must_equal 1636053
_(resource.resource_id).must_equal "docker.io/library/busybox:latest"
_(resource.to_s).must_equal "podman_image docker.io/library/busybox:latest"
end
it "test for a non-existing container image" do
resource = MockLoader.new("ubuntu".to_sym).load_resource("podman_image", "not-exist")
_(resource.exist?).must_equal false
assert_nil resource.repo_tags
assert_nil resource.size
assert_nil resource.digest
assert_nil resource.names_history
assert_nil resource.os
assert_nil resource.virtual_size
assert_nil resource.architecture
assert_nil resource.repo_digests
end
end

125
test/unit/resources/podman_network_test.rb Normal file
View file

@ -0,0 +1,125 @@
require "inspec/globals"
require "#{Inspec.src_root}/test/helper"
require_relative "../../../lib/inspec/resources/podman_network"
describe Inspec::Resources::PodmanNetwork do
describe "when Podman Network with given name exist" do
let(:resource) { MockLoader.new(:unix).load_resource("podman_network", "minikube") }
describe "exist?" do
it "returns true" do
_(resource.exist?).must_equal true
end
end
describe "id" do
it "returns the id of the network" do
_(resource.id).must_equal "3a7c94d937d5f3a0f1a9b1610589945aedfbe56207fd5d32fc8154aa1a8b007f"
end
end
describe "name" do
it "returns the name of the network" do
_(resource.name).must_equal "minikube"
end
end
describe "network_interface" do
it "returns the network_interface of the network" do
_(resource.network_interface).must_equal "podman1"
end
end
describe "driver" do
it "returns the driver details of the network" do
_(resource.driver).must_equal "bridge"
end
end
describe "labels" do
it "returns the labels of the network" do
_(resource.labels).must_equal "created_by.minikube.sigs.k8s.io" => "true", "name.minikube.sigs.k8s.io" => "minikube"
end
end
describe "options" do
it "returns the options of the network" do
assert_nil resource.options
end
end
describe "ipv6_enabled" do
it "returns the true if the ipv6 is enabled for the network" do
_(resource.ipv6_enabled).must_equal false
end
end
describe "ipam_options" do
it "returns the ipam options values for the Network" do
_(resource.ipam_options).must_equal "driver" => "host-local"
end
end
describe "dns_enabled" do
it "returns true if dns is enabled for the network" do
_(resource.dns_enabled).must_equal true
end
end
describe "subnets" do
it "returns the subnet list for the network" do
_(resource.subnets).must_equal [{ "subnet" => "192.168.49.0/24", "gateway" => "192.168.49.1" }]
end
end
describe "internal" do
it "returns true if the network is internal" do
_(resource.internal).must_equal false
end
end
describe "created" do
it "returns the timestamp when the network was created" do
_(resource.created).must_equal "2022-07-10T19:37:11.656610731+05:30"
end
end
describe "to_s" do
it "returns the Podman Nework resource name string" do
_(resource.to_s).must_equal "podman_network 3a7c94d937d5f3a0f1a9b1610589945aedfbe56207fd5d32fc8154aa1a8b007f"
end
end
describe "resource_id" do
it "returns the resource id for the current resource" do
_(resource.resource_id).must_equal "3a7c94d937d5f3a0f1a9b1610589945aedfbe56207fd5d32fc8154aa1a8b007f"
end
end
end
describe "when Podman Network with given name does not exist" do
let(:resource) { MockLoader.new(:unix).load_resource("podman_network", "not-exist") }
describe "exist?" do
it "returns false" do
_(resource.exist?).must_equal false
end
end
describe "all other properties" do
it "returns nil" do
assert_nil resource.name
assert_nil resource.driver
assert_nil resource.ipv6_enabled
assert_nil resource.dns_enabled
assert_nil resource.options
assert_nil resource.ipam_options
assert_nil resource.subnets
assert_nil resource.created
assert_nil resource.internal
assert_nil resource.network_interface
assert_nil resource.labels
end
end
end
end

50
test/unit/resources/podman_pod_test.rb Normal file
View file

@ -0,0 +1,50 @@
require "inspec/globals"
require "#{Inspec.src_root}/test/helper"
require_relative "../../../lib/inspec/resources/podman_pod"
describe Inspec::Resources::PodmanPod do
it "checks podman pod parameter and works correctly" do
resource = MockLoader.new("unix".to_sym).load_resource("podman_pod", "nginx-frontend")
_(resource.exist?).must_equal true
_(resource.id).must_equal "fcfe4d471cfface0d1b39bce23af7d31ab8736cd68c0360ade0b4afe364f79d4"
_(resource.name).must_equal "nginx-frontend"
_(resource.created_at).must_equal "2022-07-14T15:47:47.978078124+05:30"
_(resource.create_command).must_include "new:nginx-frontend"
_(resource.create_command).must_include "podman"
_(resource.state).must_equal "Running"
_(resource.hostname).must_equal ""
_(resource.create_cgroup).must_equal true
_(resource.cgroup_parent).must_equal "user.slice"
_(resource.cgroup_path).must_equal "user.slice/user-libpod_pod_fcfe4d471cfface0d1b39bce23af7d31ab8736cd68c0360ade0b4afe364f79d4.slice"
_(resource.create_infra).must_equal true
_(resource.infra_container_id).must_equal "727538044b32a165934729dc2d47d9d5e981b6496aebfad7de470f7e76ea4251"
_(resource.infra_config).must_include "DNSOption"
_(resource.shared_namespaces).must_include "net"
_(resource.shared_namespaces).must_include "ipc"
_(resource.num_containers).must_equal 2
_(resource.containers).must_be_kind_of Array
_(resource.resource_id).must_equal "nginx-frontend"
_(resource.to_s).must_equal "Podman Pod nginx-frontend"
end
it "checks for a non-existing podman pod" do
resource = MockLoader.new("unix".to_sym).load_resource("podman_pod", "non_existing_pod")
_(resource.exist?).must_equal false
assert_nil resource.name
assert_nil resource.created_at
assert_nil resource.create_command
assert_nil resource.state
assert_nil resource.hostname
assert_nil resource.create_cgroup
assert_nil resource.cgroup_parent
assert_nil resource.cgroup_path
assert_nil resource.create_infra
assert_nil resource.infra_container_id
assert_nil resource.infra_config
assert_nil resource.shared_namespaces
assert_nil resource.num_containers
assert_nil resource.containers
_(resource.resource_id).must_equal "non_existing_pod"
_(resource.to_s).must_equal "Podman Pod non_existing_pod"
end
end

163
test/unit/resources/podman_test.rb Normal file
View file

@ -0,0 +1,163 @@
require "inspec/globals"
require "#{Inspec.src_root}/test/helper"
require_relative "../../../lib/inspec/resources/podman"
describe Inspec::Resources::Podman do
let(:resource) { load_resource("podman") }
it "prints as a Podman resource" do
_(resource.to_s).must_equal "Podman"
end
it "prints as Podman containers plural resource" do
_(resource.containers.to_s).must_equal "Podman Containers"
end
it "prints the resource id of Podman containers plural resource" do
_(resource.containers.resource_id).must_equal "Podman Containers"
end
it "returns the parsed details of Podman containers" do
_(resource.containers.exists?).must_equal true
_(resource.containers.commands).must_equal ["/bin/bash", "/bin/bash", "/bin/bash", "", "bash"]
_(resource.containers.ids).must_equal %w{591270d8d80d26671fd6ed622f367fbe19004d16e3b519c292313feb5f22e7f7 64b5562346d6b52fd40d790b34e9f18ba3b8745649c302b79ba5399d4ea00b36 437e70c45633de74be7a87ed8d94c442a3bfe0a1cdd293d5184a4af1765d8cf5 a218dfc58fa28e0c58c55e508e5b57084876b42e894b98073c69c45dea06cbb2 b36abf69b8af6f8a8305ab2d9b209c2acaeece41dbc4f242f8e45caf6e02504b}
_(resource.containers.images).must_equal %w{docker.io/library/nginx:latest docker.io/library/ubuntu:latest registry.fedoraproject.org/fedora:latest localhost/podman-pause:4.1.0-1651853754 docker.io/library/ubuntu:latest}
_(resource.containers.names).must_equal %w{sweet_mendeleev wizardly_torvalds confident_bell 95cadbb84df7-infra pensive_mccarthy}
_(resource.containers.status).must_equal ["Up 13 hours ago", "Up 13 hours ago", "Created", "Created", "Created"]
_(resource.containers.image_ids).must_include "55f4b40fe486a5b734b46bb7bf28f52fa31426bf23be068c8e7b19e58d9b8deb"
_(resource.containers.labels).must_include "maintainer" => "NGINX Docker Maintainers <docker-maint@nginx.com>"
_(resource.containers.mounts).must_include []
_(resource.containers.pods).must_include "95cadbb84df71e6374fceb3fd89ee3b8f2c7e1a831062cd9cea7d0e3e4b1dbcc"
_(resource.containers.ports).must_include ""
_(resource.containers.sizes).must_include "12B (virtual 142MB)"
_(resource.containers.created_at).must_include "2022-06-29 08:48:45.195339311 +0530 IST"
_(resource.containers.networks).must_include "podman"
_(resource.containers.running_for).must_include "8 days ago"
end
it "returns false if container with specific id does not exist" do
_(resource.containers.where(id: "979453ff4b40fe486a5b734b46bb7bf28f52fa31426bf23be068c8e7b19e58d9b8deb").exists?).must_equal false
end
it "prints as Podman images plural resource" do
_(resource.images.to_s).must_equal "Podman Images"
end
it "prints the resource id of Podman images plural resource" do
_(resource.images.resource_id).must_equal "Podman Images"
end
it "returns the parsed details of podman images" do
_(resource.images.exists?).must_equal true
_(resource.images.ids).must_equal %w{sha256:c7db653c4397e6a4d1e468bb7c6400c022c62623bdb87c173d54bac7995b6d8f sha256:55f4b40fe486a5b734b46bb7bf28f52fa31426bf23be068c8e7b19e58d9b8deb sha256:27941809078cc9b2802deb2b0bb6feed6c236cde01e487f200e24653533701ee sha256:3a66698e604003f7822a0c73e9da50e090fda9a99fe1f2e1e2e7fe796cc803d5}
_(resource.images.repositories).must_equal %w{localhost/podman-pause docker.io/library/nginx docker.io/library/ubuntu registry.fedoraproject.org/fedora}
_(resource.images.tags).must_equal %w{4.1.0-1651853754 latest latest latest}
_(resource.images.sizes).must_equal ["816 kB", "146 MB", "80.3 MB", "169 MB"]
_(resource.images.digests).must_equal %w{sha256:e6e9fffed42f600c811af34569268c07d063f12507457493c608d944a1fdac3f sha256:10f14ffa93f8dedf1057897b745e5ac72ac5655c299dade0aa434c71557697ea sha256:b6b83d3c331794420340093eb706a6f152d9c1fa51b262d9bf34594887c2c7ac sha256:38813cf0913241b7f13c7057e122f7c3cfa2e7c427dca3194f933d94612e280b}
_(resource.images.history).must_equal %w{localhost/podman-pause:4.1.0-1651853754 docker.io/library/nginx:latest docker.io/library/ubuntu:latest registry.fedoraproject.org/fedora:latest}
_(resource.images.created_since).must_equal ["5 days ago", "13 days ago", "4 weeks ago", "2 months ago"]
_(resource.images.created_at).must_equal ["2022-07-01 07:38:09 +0000 UTC", "2022-06-23 04:13:24 +0000 UTC", "2022-06-06 22:21:26 +0000 UTC", "2022-05-06 10:11:58 +0000 UTC"]
end
it "returns false if image with specific id does not exist" do
_(resource.images.where(id: "979453ff4b40fe486a5b734b46bb7bf28f52fa31426bf23be068c8e7b19e58d9b8deb").exists?).must_equal false
end
it "prints as Podman networks plural resource" do
_(resource.networks.to_s).must_equal "Podman Networks"
end
it "prints the resource id of Podman networks plural resource" do
_(resource.networks.resource_id).must_equal "Podman Networks"
end
it "returns the parsed details of podman networks" do
_(resource.networks.exists?).must_equal true
_(resource.networks.ids).must_equal %w{2f259bab93aaaaa2542ba43ef33eb990d0999ee1b9924b557b7be53c0b7a1bb9}
_(resource.networks.names).must_equal %w{podman}
_(resource.networks.drivers).must_equal %w{bridge}
_(resource.networks.network_interfaces).must_equal %w{podman0}
_(resource.networks.created).must_equal %w{2022-07-06T10:32:00.879655095+05:30}
_(resource.networks.subnets).must_equal [[{ "subnet" => "10.88.0.0/16", "gateway" => "10.88.0.1" }]]
_(resource.networks.ipv6_enabled).must_equal [false]
_(resource.networks.internal).must_equal [false]
_(resource.networks.dns_enabled).must_equal [false]
_(resource.networks.ipam_options).must_equal [{ "driver" => "host-local" }]
_(resource.networks.labels).must_equal [""]
_(resource.networks.options).must_include nil
end
it "returns false if network with specific id does not exist" do
_(resource.networks.where(id: "979453ff4b40fe486a5b734b46bb7bf28f52fa31426bf23be068c8e7b19e58d9b8deb").exists?).must_equal false
end
it "returns true if network with specific id exist" do
_(resource.networks.where(id: "2f259bab93aaaaa2542ba43ef33eb990d0999ee1b9924b557b7be53c0b7a1bb9").exists?).must_equal true
end
it "prints as Podman pods plural resource" do
_(resource.pods.to_s).must_equal "Podman Pods"
end
it "prints the resource id of Podman pods plural resource" do
_(resource.pods.resource_id).must_equal "Podman Pods"
end
it "returns the parsed details of podman pods" do
_(resource.pods.ids).must_equal %w{95cadbb84df71e6374fceb3fd89ee3b8f2c7e1a831062cd9cea7d0e3e4b1dbcc}
_(resource.pods.cgroups).must_equal %w{user.slice}
_(resource.pods.containers).must_equal [[{ "Id" => "a218dfc58fa28e0c58c55e508e5b57084876b42e894b98073c69c45dea06cbb2", "Names" => "95cadbb84df7-infra", "Status" => "running" }, { "Id" => "b36abf69b8af6f8a8305ab2d9b209c2acaeece41dbc4f242f8e45caf6e02504b", "Names" => "pensive_mccarthy", "Status" => "running" }]]
_(resource.pods.created).must_equal %w{2022-07-01T13:08:09.662082101+05:30}
_(resource.pods.infraids).must_equal %w{a218dfc58fa28e0c58c55e508e5b57084876b42e894b98073c69c45dea06cbb2}
_(resource.pods.names).must_equal %w{cranky_allen}
_(resource.pods.namespaces).must_equal [""]
_(resource.pods.networks).must_equal [["podman"]]
_(resource.pods.status).must_equal %w{Running}
_(resource.pods.labels).must_equal [{}]
end
it "returns false if pod with specific id does not exist" do
_(resource.pods.where(id: "979453ff4b40fe486a5b734b46bb7bf28f52fa31426bf23be068c8e7b19e58d9b8deb").exists?).must_equal false
end
it "checks podman info parsing" do
_(resource.info.host.os).must_equal "linux"
_(resource.info.version.Version).must_equal "4.1.0"
end
it "checks podman version parsing" do
_(resource.version.Server.Version).must_equal "4.1.0"
_(resource.version.Client.Version).must_equal "4.1.0"
end
it "prints as Podman volumes plural resource" do
_(resource.volumes.to_s).must_equal "Podman Volumes"
end
it "prints the resource id of Podman volumes plural resource" do
_(resource.volumes.resource_id).must_equal "Podman Volumes"
end
it "returns parsed details of podman volumes" do
_(resource.volumes.names).must_equal %w{ae6be9ba838b9b150de47657229bb9b67142dbdb3d1ddbc5efa245cf1e95536a}
_(resource.volumes.drivers).must_equal %w{local}
_(resource.volumes.mountpoints).must_equal %w{/var/home/core/.local/share/containers/storage/volumes/ae6be9ba838b9b150de47657229bb9b67142dbdb3d1ddbc5efa245cf1e95536a/_data}
_(resource.volumes.createdat).must_equal %w{2022-07-02T12:40:37.012062614+05:30}
_(resource.volumes.labels).must_equal [{}]
_(resource.volumes.scopes).must_equal %w{local}
_(resource.volumes.options).must_equal [{}]
_(resource.volumes.mountcount).must_equal [0]
_(resource.volumes.needscopyup).must_equal [true]
_(resource.volumes.needschown).must_equal [true]
end
it "returns false if volume with specific name does not exist" do
_(resource.volumes.where(name: "6bb7bf28f52fa31426bf23be068c8e7b19e58d9b8deb").exists?).must_equal false
end
it "check podman object parsing" do
_(resource.object("591270d8d80d").Id).must_equal "591270d8d80d26671fd6ed622f367fbe19004d16e3b519c292313feb5f22e7f7"
_(resource.object("591270d8d80d").Path).must_equal "/docker-entrypoint.sh"
end
end

40
test/unit/resources/podman_volume_test.rb Normal file
View file

@ -0,0 +1,40 @@
require "inspec/globals"
require "#{Inspec.src_root}/test/helper"
require_relative "../../../lib/inspec/resources/podman_volume"
describe Inspec::Resources::PodmanVolume do
it "checks podman volume parameter and works correctly" do
resource = MockLoader.new("unix".to_sym).load_resource("podman_volume", "my_volume")
_(resource.exist?).must_equal true
_(resource.name).must_equal "my_volume"
_(resource.driver).must_equal "local"
_(resource.mountpoint).must_equal "/var/home/core/.local/share/containers/storage/volumes/my_volume/_data"
_(resource.created_at).must_equal "2022-07-14T13:21:19.965421792+05:30"
_(resource.labels).must_equal({})
_(resource.scope).must_equal "local"
_(resource.options).must_equal({})
_(resource.mount_count).must_equal 0
_(resource.needs_copy_up).must_equal true
_(resource.needs_chown).must_equal true
_(resource.resource_id).must_equal "my_volume"
_(resource.to_s).must_equal "podman_volume my_volume"
end
it "checks for a non-existing podman volume" do
resource = MockLoader.new("unix".to_sym).load_resource("podman_volume", "non_existing_volume")
_(resource.exist?).must_equal false
assert_nil resource.name
assert_nil resource.driver
assert_nil resource.mountpoint
assert_nil resource.created_at
assert_nil resource.labels
assert_nil resource.scope
assert_nil resource.options
assert_nil resource.mount_count
assert_nil resource.needs_copy_up
assert_nil resource.needs_chown
_(resource.resource_id).must_equal "non_existing_volume"
_(resource.to_s).must_equal "podman_volume non_existing_volume"
end
end