mirror of
https://github.com/inspec/inspec
synced 2024-11-22 20:53:11 +00:00
Merge pull request #6108 from inspec/nm/add-resource-id-group-3
CFINSPEC-264 Group 3 - Added resource_id in resources
This commit is contained in:
commit
3f9b234160
14 changed files with 54 additions and 1 deletions
|
@ -92,6 +92,10 @@ module Inspec::Resources
|
||||||
"Docker Container #{name}"
|
"Docker Container #{name}"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def resource_id
|
||||||
|
object_info.ids[0] || @opts[:id] || @opts[:name] || ""
|
||||||
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
def object_info
|
def object_info
|
||||||
|
|
|
@ -72,6 +72,10 @@ module Inspec::Resources
|
||||||
"Docker Image #{img}"
|
"Docker Image #{img}"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def resource_id
|
||||||
|
object_info.ids[0] || @opts[:id] || @opts[:image] || ""
|
||||||
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
def sanitize_options(opts)
|
def sanitize_options(opts)
|
||||||
|
|
|
@ -50,6 +50,10 @@ module Inspec::Resources
|
||||||
"Docker plugin #{plugin}"
|
"Docker plugin #{plugin}"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def resource_id
|
||||||
|
id || @opts[:id] || @opts[:name] || ""
|
||||||
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
def object_info
|
def object_info
|
||||||
|
|
|
@ -73,6 +73,10 @@ module Inspec::Resources
|
||||||
"Docker Service #{service}"
|
"Docker Service #{service}"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def resource_id
|
||||||
|
object_info.ids[0] || @opts[:id] || @opts[:name] || ""
|
||||||
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
def sanitize_options(opts)
|
def sanitize_options(opts)
|
||||||
|
|
|
@ -95,6 +95,10 @@ module Inspec::Resources
|
||||||
"/etc/group"
|
"/etc/group"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def resource_id
|
||||||
|
@path
|
||||||
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
def parse_group(path)
|
def parse_group(path)
|
||||||
|
|
|
@ -37,6 +37,10 @@ module Inspec::Resources
|
||||||
"hosts.allow Configuration"
|
"hosts.allow Configuration"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def resource_id
|
||||||
|
@conf_path
|
||||||
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
def read_content
|
def read_content
|
||||||
|
@ -110,5 +114,6 @@ module Inspec::Resources
|
||||||
def to_s
|
def to_s
|
||||||
"hosts.deny Configuration"
|
"hosts.deny Configuration"
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -35,11 +35,12 @@ module Inspec::Resources
|
||||||
end
|
end
|
||||||
EXAMPLE
|
EXAMPLE
|
||||||
|
|
||||||
attr_reader :file, :mount_options
|
attr_reader :file, :mount_options, :path
|
||||||
def initialize(path)
|
def initialize(path)
|
||||||
# select permissions style
|
# select permissions style
|
||||||
@perms_provider = select_file_perms_style(inspec.os)
|
@perms_provider = select_file_perms_style(inspec.os)
|
||||||
@file = inspec.backend.file(path)
|
@file = inspec.backend.file(path)
|
||||||
|
@path = path
|
||||||
end
|
end
|
||||||
|
|
||||||
%w{
|
%w{
|
||||||
|
@ -217,6 +218,10 @@ module Inspec::Resources
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def resource_id
|
||||||
|
path
|
||||||
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
def file_permission_granted?(access_type, by_usergroup, by_specific_user)
|
def file_permission_granted?(access_type, by_usergroup, by_specific_user)
|
||||||
|
|
|
@ -12,6 +12,7 @@ describe "Inspec::Resources::DockerContainer" do
|
||||||
_(resource.tag).must_be_nil
|
_(resource.tag).must_be_nil
|
||||||
_(resource.command).must_equal "/bin/sh"
|
_(resource.command).must_equal "/bin/sh"
|
||||||
_(resource.ports).must_equal ""
|
_(resource.ports).must_equal ""
|
||||||
|
_(resource.resource_id).must_equal "d94f854370d2b02912e8fc636502bc72b74fbd567a7eba3fc6a52045bb28904e"
|
||||||
end
|
end
|
||||||
|
|
||||||
it "check container parsing for alpine" do
|
it "check container parsing for alpine" do
|
||||||
|
@ -23,6 +24,7 @@ describe "Inspec::Resources::DockerContainer" do
|
||||||
_(resource.command).must_equal "/bin/bash"
|
_(resource.command).must_equal "/bin/bash"
|
||||||
_(resource.ports).must_equal ""
|
_(resource.ports).must_equal ""
|
||||||
_(resource.labels).must_equal ["app=example", "version=1.5.4"]
|
_(resource.labels).must_equal ["app=example", "version=1.5.4"]
|
||||||
|
_(resource.resource_id).must_equal "3def9aa450f8bd772c3d5b07e27ec934e5f58575e955367a0aca2d93e0687536"
|
||||||
end
|
end
|
||||||
|
|
||||||
it "returns an empty array when parsing a container with no labels specified" do
|
it "returns an empty array when parsing a container with no labels specified" do
|
||||||
|
|
|
@ -10,6 +10,7 @@ describe "Inspec::Resources::DockerImage" do
|
||||||
_(resource.tag).must_equal "latest"
|
_(resource.tag).must_equal "latest"
|
||||||
_(resource.image).must_equal "alpine:latest"
|
_(resource.image).must_equal "alpine:latest"
|
||||||
_(resource.repo).must_equal "alpine"
|
_(resource.repo).must_equal "alpine"
|
||||||
|
_(resource.resource_id).must_equal "sha256:4a415e3663882fbc554ee830889c68a33b3585503892cc718a4698e91ef2a526"
|
||||||
end
|
end
|
||||||
|
|
||||||
# Test case for inspect image information handled by inspection and method_missing
|
# Test case for inspect image information handled by inspection and method_missing
|
||||||
|
@ -19,6 +20,7 @@ describe "Inspec::Resources::DockerImage" do
|
||||||
_(resource["Config.Cmd"]).must_include "bash"
|
_(resource["Config.Cmd"]).must_include "bash"
|
||||||
_(resource.inspection).must_include "Architecture"
|
_(resource.inspection).must_include "Architecture"
|
||||||
_(resource.inspection.Architecture).must_equal "arm64"
|
_(resource.inspection.Architecture).must_equal "arm64"
|
||||||
|
_(resource.resource_id).must_equal "ubuntu:latest"
|
||||||
end
|
end
|
||||||
|
|
||||||
# Test case for inspect image information with invalid keys
|
# Test case for inspect image information with invalid keys
|
||||||
|
|
|
@ -10,6 +10,7 @@ describe "Inspec::Resources::DockerContainer" do
|
||||||
_(resource.version).must_equal "18.03.1-ce-aws1"
|
_(resource.version).must_equal "18.03.1-ce-aws1"
|
||||||
_(resource.enabled?).must_equal false
|
_(resource.enabled?).must_equal false
|
||||||
_(resource.exist?).must_equal true
|
_(resource.exist?).must_equal true
|
||||||
|
_(resource.resource_id).must_equal "771d3ee7c7ea"
|
||||||
end
|
end
|
||||||
|
|
||||||
it "check plugin parsing for store/weaveworks/net-plugin" do
|
it "check plugin parsing for store/weaveworks/net-plugin" do
|
||||||
|
@ -18,6 +19,7 @@ describe "Inspec::Resources::DockerContainer" do
|
||||||
_(resource.version).must_equal "2.3.0"
|
_(resource.version).must_equal "2.3.0"
|
||||||
_(resource.enabled?).must_equal true
|
_(resource.enabled?).must_equal true
|
||||||
_(resource.exist?).must_equal true
|
_(resource.exist?).must_equal true
|
||||||
|
_(resource.resource_id).must_equal "6ea8176de74b"
|
||||||
end
|
end
|
||||||
|
|
||||||
it "check plugin parsing when there are no plugins" do
|
it "check plugin parsing when there are no plugins" do
|
||||||
|
@ -26,6 +28,7 @@ describe "Inspec::Resources::DockerContainer" do
|
||||||
assert_nil resource.version
|
assert_nil resource.version
|
||||||
assert_nil resource.id
|
assert_nil resource.id
|
||||||
assert_nil resource.enabled?
|
assert_nil resource.enabled?
|
||||||
|
_(resource.resource_id).must_equal ""
|
||||||
_(resource.exist?).must_equal false
|
_(resource.exist?).must_equal false
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -14,6 +14,7 @@ describe "Inspec::Resources::DockerService" do
|
||||||
_(resource.replicas).must_equal "3/3"
|
_(resource.replicas).must_equal "3/3"
|
||||||
_(resource.mode).must_equal "replicated"
|
_(resource.mode).must_equal "replicated"
|
||||||
_(resource.ports).must_equal "*:1234->1234/tcp"
|
_(resource.ports).must_equal "*:1234->1234/tcp"
|
||||||
|
_(resource.resource_id).must_equal "2ghswegspre1"
|
||||||
end
|
end
|
||||||
|
|
||||||
it "check docker service from id" do
|
it "check docker service from id" do
|
||||||
|
@ -26,6 +27,7 @@ describe "Inspec::Resources::DockerService" do
|
||||||
_(resource.replicas).must_equal "3/3"
|
_(resource.replicas).must_equal "3/3"
|
||||||
_(resource.mode).must_equal "replicated"
|
_(resource.mode).must_equal "replicated"
|
||||||
_(resource.ports).must_equal "*:1234->1234/tcp"
|
_(resource.ports).must_equal "*:1234->1234/tcp"
|
||||||
|
_(resource.resource_id).must_equal "2ghswegspre1"
|
||||||
end
|
end
|
||||||
|
|
||||||
it "check docker service from image" do
|
it "check docker service from image" do
|
||||||
|
@ -38,6 +40,7 @@ describe "Inspec::Resources::DockerService" do
|
||||||
_(resource.replicas).must_equal "3/3"
|
_(resource.replicas).must_equal "3/3"
|
||||||
_(resource.mode).must_equal "replicated"
|
_(resource.mode).must_equal "replicated"
|
||||||
_(resource.ports).must_equal "*:1234->1234/tcp"
|
_(resource.ports).must_equal "*:1234->1234/tcp"
|
||||||
|
_(resource.resource_id).must_equal "2ghswegspre1"
|
||||||
end
|
end
|
||||||
|
|
||||||
it "prints as a docker_image resource" do
|
it "prints as a docker_image resource" do
|
||||||
|
|
|
@ -9,6 +9,7 @@ describe "Inspec::Resources::EtcGroup" do
|
||||||
_(resource.gids).must_equal [0, 33, 999, 1000]
|
_(resource.gids).must_equal [0, 33, 999, 1000]
|
||||||
_(resource.groups).must_equal %w{ root www-data GroupWithCaps sftpusers }
|
_(resource.groups).must_equal %w{ root www-data GroupWithCaps sftpusers }
|
||||||
_(resource.users).must_equal %w{ www-data root sftponly }
|
_(resource.users).must_equal %w{ www-data root sftponly }
|
||||||
|
_(resource.resource_id).must_equal "/etc/group"
|
||||||
end
|
end
|
||||||
|
|
||||||
it "verify group filter with no users" do
|
it "verify group filter with no users" do
|
||||||
|
|
|
@ -23,6 +23,9 @@ describe "Inspec::Resources::EtcHostsAllow" do
|
||||||
it "has a to_s" do
|
it "has a to_s" do
|
||||||
_(resource.to_s).must_equal "hosts.allow Configuration"
|
_(resource.to_s).must_equal "hosts.allow Configuration"
|
||||||
end
|
end
|
||||||
|
it "has a resource_id" do
|
||||||
|
_(resource.resource_id).must_equal "/etc/hosts.allow"
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "#parse_line" do
|
describe "#parse_line" do
|
||||||
|
@ -73,5 +76,8 @@ describe "Inspec::Resources::EtcHostsDeny" do
|
||||||
it "has a to_s" do
|
it "has a to_s" do
|
||||||
_(resource.to_s).must_equal "hosts.deny Configuration"
|
_(resource.to_s).must_equal "hosts.deny Configuration"
|
||||||
end
|
end
|
||||||
|
it "has a resource_id" do
|
||||||
|
_(resource.resource_id).must_equal "/etc/hosts.deny"
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -10,6 +10,7 @@ describe Inspec::Resources::FileResource do
|
||||||
resource.stubs(:exist?).returns(true)
|
resource.stubs(:exist?).returns(true)
|
||||||
resource.stubs(:mounted?).returns(true)
|
resource.stubs(:mounted?).returns(true)
|
||||||
resource.stubs(:source_path).returns("/fakepath/fakefile")
|
resource.stubs(:source_path).returns("/fakepath/fakefile")
|
||||||
|
resource.stubs(:path).returns("/fakepath/fakefile")
|
||||||
resource.stubs(:file).returns(file)
|
resource.stubs(:file).returns(file)
|
||||||
resource.stubs(:content).returns("content")
|
resource.stubs(:content).returns("content")
|
||||||
resource.stubs(:mode).returns(000)
|
resource.stubs(:mode).returns(000)
|
||||||
|
@ -34,6 +35,7 @@ describe Inspec::Resources::FileResource do
|
||||||
_(resource.suid).must_equal true
|
_(resource.suid).must_equal true
|
||||||
_(resource.sgid).must_equal true
|
_(resource.sgid).must_equal true
|
||||||
_(resource.sticky).must_equal true
|
_(resource.sticky).must_equal true
|
||||||
|
_(resource.resource_id).must_equal "/fakepath/fakefile"
|
||||||
_(proc { resource.send(:more_permissive_than?, nil) }).must_raise(ArgumentError)
|
_(proc { resource.send(:more_permissive_than?, nil) }).must_raise(ArgumentError)
|
||||||
_(proc { resource.send(:more_permissive_than?, 0700) }).must_raise(ArgumentError)
|
_(proc { resource.send(:more_permissive_than?, 0700) }).must_raise(ArgumentError)
|
||||||
end
|
end
|
||||||
|
@ -43,6 +45,7 @@ describe Inspec::Resources::FileResource do
|
||||||
resource.stubs(:exist?).returns(true)
|
resource.stubs(:exist?).returns(true)
|
||||||
resource.stubs(:mounted?).returns(true)
|
resource.stubs(:mounted?).returns(true)
|
||||||
resource.stubs(:content).returns("content")
|
resource.stubs(:content).returns("content")
|
||||||
|
resource.stubs(:path).returns("C:/fakepath/fakefile")
|
||||||
resource.stubs(:file_permission_granted?).with("read", "by_usergroup", "by_specific_user").returns("test_result")
|
resource.stubs(:file_permission_granted?).with("read", "by_usergroup", "by_specific_user").returns("test_result")
|
||||||
resource.stubs(:file_permission_granted?).with("write", "by_usergroup", "by_specific_user").returns("test_result")
|
resource.stubs(:file_permission_granted?).with("write", "by_usergroup", "by_specific_user").returns("test_result")
|
||||||
resource.stubs(:file_permission_granted?).with("execute", "by_usergroup", "by_specific_user").returns("test_result")
|
resource.stubs(:file_permission_granted?).with("execute", "by_usergroup", "by_specific_user").returns("test_result")
|
||||||
|
@ -51,6 +54,7 @@ describe Inspec::Resources::FileResource do
|
||||||
_(resource.content).must_equal "content"
|
_(resource.content).must_equal "content"
|
||||||
_(resource.exist?).must_equal true
|
_(resource.exist?).must_equal true
|
||||||
_(resource.mounted?).must_equal true
|
_(resource.mounted?).must_equal true
|
||||||
|
_(resource.resource_id).must_equal "C:/fakepath/fakefile"
|
||||||
_(resource.readable?("by_usergroup", "by_specific_user")).must_equal "test_result"
|
_(resource.readable?("by_usergroup", "by_specific_user")).must_equal "test_result"
|
||||||
_(resource.allowed?("read", by: "by_usergroup", by_user: "by_specific_user")).must_equal "test_result"
|
_(resource.allowed?("read", by: "by_usergroup", by_user: "by_specific_user")).must_equal "test_result"
|
||||||
_(resource.writable?("by_usergroup", "by_specific_user")).must_equal "test_result"
|
_(resource.writable?("by_usergroup", "by_specific_user")).must_equal "test_result"
|
||||||
|
@ -117,6 +121,8 @@ describe Inspec::Resources::FileResource do
|
||||||
it "when file does not exist" do
|
it "when file does not exist" do
|
||||||
resource = MockLoader.new(:ubuntu).load_resource("file", "file_does_not_exist")
|
resource = MockLoader.new(:ubuntu).load_resource("file", "file_does_not_exist")
|
||||||
assert_nil(resource.send(:more_permissive_than?, nil))
|
assert_nil(resource.send(:more_permissive_than?, nil))
|
||||||
|
resource.stubs(:path).returns("file_does_not_exist")
|
||||||
|
_(resource.resource_id).must_equal "file_does_not_exist"
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue