mirror of
https://github.com/inspec/inspec
synced 2024-11-25 06:00:29 +00:00
chefstyle -a cleanup
Signed-off-by: Miah Johnson <miah@chia-pet.org>
This commit is contained in:
parent
c458897ad1
commit
e46018a517
56 changed files with 246 additions and 218 deletions
4
Rakefile
4
Rakefile
|
@ -72,8 +72,6 @@ namespace :test do
|
|||
end
|
||||
|
||||
task :isolated do
|
||||
clean = true
|
||||
|
||||
failures = Dir[*GLOBS]
|
||||
failures.reject! do |file|
|
||||
system(Gem.ruby, "-Ilib:test", file)
|
||||
|
@ -278,8 +276,6 @@ namespace :test do
|
|||
|
||||
puts "----> Generating Plan"
|
||||
|
||||
result = sh("cd #{integration_dir}/build/ && terraform workspace select #{tf_workspace}")
|
||||
|
||||
sh("cd #{integration_dir}/build/ && terraform plan -out inspec-azure.plan")
|
||||
end
|
||||
|
||||
|
|
|
@ -30,7 +30,7 @@ describe "inspec list-resources core" do
|
|||
# think that this plugin we are currently testing is installed as a
|
||||
# user plugin, by writing a plugin config file in a temp dir.
|
||||
# To use it, just provide a command line, minus the word `inspec`.
|
||||
let (:outcome) { run_inspec_process_with_this_plugin("listresources core") }
|
||||
let(:outcome) { run_inspec_process_with_this_plugin("listresources core") }
|
||||
|
||||
# Some tests through here use minitest Expectations, which attach to all
|
||||
# Objects, and begin with 'must' (positive) or 'wont' (negative)
|
||||
|
@ -56,7 +56,7 @@ describe "inspec list-resources core" do
|
|||
describe "when run with a search pattern that matches things" do
|
||||
# Notice that the command line is changed here:
|
||||
# "list all resources that have the word user in them"
|
||||
let (:outcome) { run_inspec_process_with_this_plugin("listresources core user") }
|
||||
let(:outcome) { run_inspec_process_with_this_plugin("listresources core user") }
|
||||
|
||||
# Should be well-behaved...
|
||||
it("should exit successfully") { outcome.exit_status.must_equal(0) }
|
||||
|
@ -76,7 +76,7 @@ describe "inspec list-resources core" do
|
|||
end
|
||||
describe "when run with a search pattern that matches nothing" do
|
||||
# Unlikely we'll have a resource with the string 'autogyro' in it.
|
||||
let (:outcome) { run_inspec_process_with_this_plugin("listresources core autogyro") }
|
||||
let(:outcome) { run_inspec_process_with_this_plugin("listresources core autogyro") }
|
||||
|
||||
# Should be well-behaved...
|
||||
it("should exit successfully") { outcome.exit_status.must_equal(0) }
|
||||
|
|
|
@ -29,9 +29,13 @@ module InspecPlugins
|
|||
def self.keygen(options)
|
||||
key = KEY_ALG.new KEY_BITS
|
||||
puts "Generating private key"
|
||||
open "#{options['keyname']}.pem.key", "w" do |io| io.write key.to_pem end
|
||||
open "#{options['keyname']}.pem.key", "w" do |io|
|
||||
io.write key.to_pem
|
||||
end
|
||||
puts "Generating public key"
|
||||
open "#{options['keyname']}.pem.pub", "w" do |io| io.write key.public_key.to_pem end
|
||||
open "#{options['keyname']}.pem.pub", "w" do |io|
|
||||
io.write key.public_key.to_pem
|
||||
end
|
||||
end
|
||||
|
||||
def self.profile_sign(options)
|
||||
|
|
|
@ -25,7 +25,6 @@ class ArtifactCli < Minitest::Test
|
|||
Dir.mktmpdir do |dir|
|
||||
unique_key_name = SecureRandom.uuid()
|
||||
install_dir = File.join(dir, SecureRandom.uuid())
|
||||
profile = File.join(dir, "profile")
|
||||
FileUtils.mkdir(install_dir)
|
||||
|
||||
# create profile
|
||||
|
|
|
@ -6,7 +6,7 @@ describe InspecPlugins::Compliance::Fetcher do
|
|||
let(:config) { { "server" => "myserver" } }
|
||||
|
||||
describe "the check_compliance_token method" do
|
||||
let(:fetcher) { fetcher = InspecPlugins::Compliance::Fetcher.new("a/bad/url", config) }
|
||||
let(:fetcher) { InspecPlugins::Compliance::Fetcher.new("a/bad/url", config) }
|
||||
|
||||
it "returns without error if token is set" do
|
||||
config["token"] = "my-token"
|
||||
|
|
|
@ -30,7 +30,7 @@ describe 'inspec list-resources core' do
|
|||
# think that this plugin we are currently testing is installed as a
|
||||
# user plugin, by writing a plugin config file in a temp dir.
|
||||
# To use it, just provide a command line, minus the word `inspec`.
|
||||
let (:outcome) { run_inspec_process_with_this_plugin('listresources core') }
|
||||
let(:outcome) { run_inspec_process_with_this_plugin("listresources core") }
|
||||
|
||||
# Some tests through here use minitest Expectations, which attach to all
|
||||
# Objects, and begin with 'must' (positive) or 'wont' (negative)
|
||||
|
@ -56,7 +56,7 @@ describe 'inspec list-resources core' do
|
|||
describe "when run with a search pattern that matches things" do
|
||||
# Notice that the command line is changed here:
|
||||
# "list all resources that have the word user in them"
|
||||
let (:outcome) { run_inspec_process_with_this_plugin('listresources core user') }
|
||||
let(:outcome) { run_inspec_process_with_this_plugin("listresources core user") }
|
||||
|
||||
# Should be well-behaved...
|
||||
it("should exit successfully") { outcome.exit_status.must_equal(0) }
|
||||
|
@ -76,7 +76,7 @@ describe 'inspec list-resources core' do
|
|||
end
|
||||
describe "when run with a search pattern that matches nothing" do
|
||||
# Unlikely we'll have a resource with the string 'autogyro' in it.
|
||||
let (:outcome) { run_inspec_process_with_this_plugin('listresources core autogyro') }
|
||||
let(:outcome) { run_inspec_process_with_this_plugin("listresources core autogyro") }
|
||||
|
||||
# Should be well-behaved...
|
||||
it("should exit successfully") { outcome.exit_status.must_equal(0) }
|
||||
|
|
|
@ -56,7 +56,7 @@ class InitPluginCli < Minitest::Test
|
|||
/spec\.license\s+=\s+'Apache-2\.0'/,
|
||||
],
|
||||
File.join(plugin, "lib", plugin + ".rb") => [
|
||||
/require\s'#{plugin}\/plugin'/,
|
||||
/require\s"#{plugin}\/plugin"/,
|
||||
],
|
||||
File.join(plugin, "lib", plugin, "plugin.rb") => [
|
||||
/require\s'#{plugin}\/version'/,
|
||||
|
|
|
@ -41,7 +41,7 @@ class AwsIamPolicy < Inspec.resource(1)
|
|||
end
|
||||
|
||||
def attached?
|
||||
!attachment_count.zero?
|
||||
attachment_count > 0
|
||||
end
|
||||
|
||||
def attached_users
|
||||
|
|
|
@ -240,7 +240,7 @@ class AzureResourceDynamicMethods
|
|||
value
|
||||
end
|
||||
when "Hash"
|
||||
value.count.zero? ? return_value = value : return_value = AzureResourceProbe.new(value)
|
||||
value.count == 0 ? return_value = value : return_value = AzureResourceProbe.new(value)
|
||||
object.define_singleton_method name do
|
||||
return_value
|
||||
end
|
||||
|
|
|
@ -67,6 +67,7 @@ module Inspec
|
|||
end
|
||||
|
||||
module FunctionalHelper
|
||||
extend Minitest::Spec::DSL
|
||||
let(:repo_path) do
|
||||
path = File.expand_path(File.join( __FILE__, "..", "..", ".."))
|
||||
# fix for vagrant repo pathing
|
||||
|
|
|
@ -95,8 +95,8 @@ describe "inspec check" do
|
|||
invalid_profile = File.join(profile_path, "invalid-include-controls")
|
||||
out = inspec("check " + invalid_profile)
|
||||
out.exit_status.must_equal 1
|
||||
out.stderr.must_match /Cannot load 'no_such_profile'/
|
||||
out.stderr.must_match /not listed as a dependency/
|
||||
out.stderr.must_match(/Cannot load 'no_such_profile'/)
|
||||
out.stderr.must_match(/not listed as a dependency/)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -16,28 +16,26 @@ describe "inspec exec automate" do
|
|||
end
|
||||
|
||||
let(:invocation) do
|
||||
cmd = "exec "
|
||||
cmd += example_profile + " "
|
||||
cmd += "--config " + config_path
|
||||
"exec #{example_profile} --config #{config_path}"
|
||||
end
|
||||
|
||||
let(:run_result) { run_inspec_process(invocation) }
|
||||
|
||||
describe "when the the URL is fake" do
|
||||
let(:config_data) do
|
||||
data = <<~EOF
|
||||
{
|
||||
<<~END
|
||||
{
|
||||
"reporter": {
|
||||
"automate" : {
|
||||
"stdout" : false,
|
||||
"url" : "https://fake_url_a2.com/data-collector/v0/",
|
||||
"token" : "faketoken123",
|
||||
"insecure" : true,
|
||||
"node_uuid" : "test123"
|
||||
}
|
||||
}
|
||||
"automate": {
|
||||
"stdout": false,
|
||||
"url": "https://fake_url_a2.com/data-collector/v0/",
|
||||
"token": "faketoken123",
|
||||
"insecure": true,
|
||||
"node_uuid": "test123"
|
||||
}
|
||||
}
|
||||
EOF
|
||||
}
|
||||
END
|
||||
end
|
||||
|
||||
it "should fail" do
|
||||
|
@ -49,23 +47,23 @@ describe "inspec exec automate" do
|
|||
|
||||
describe "when outputting to $stdout" do
|
||||
let(:config_data) do
|
||||
data = <<~EOF
|
||||
{
|
||||
"reporter": {
|
||||
"json-automate" : {
|
||||
"stdout" : true,
|
||||
"job_uuid" : "test123",
|
||||
"roles" : ["stuff"],
|
||||
"environment": "prod",
|
||||
"node_name": "some_node",
|
||||
"passthrough": {
|
||||
"projects": ["alpha", "beta"],
|
||||
"another_tramp_datum": "another_value"
|
||||
}
|
||||
<<~END
|
||||
{
|
||||
"reporter": {
|
||||
"json-automate": {
|
||||
"stdout": true,
|
||||
"job_uuid": "test123",
|
||||
"roles": ["stuff"],
|
||||
"environment": "prod",
|
||||
"node_name": "some_node",
|
||||
"passthrough": {
|
||||
"projects": ["alpha", "beta"],
|
||||
"another_tramp_datum": "another_value"
|
||||
}
|
||||
}
|
||||
}
|
||||
EOF
|
||||
}
|
||||
END
|
||||
end
|
||||
|
||||
it "should include tramp data" do
|
||||
|
|
|
@ -130,7 +130,7 @@ describe "inspec exec with json formatter" do
|
|||
"license" => "Apache-2.0",
|
||||
"summary" => "Demonstrates the use of InSpec Compliance Profile",
|
||||
"version" => "1.0.0",
|
||||
"sha256" => "96ede55ede8ec4aba0f063e810dc4292821bd7b3ed47717efa33b00a155cda2f",
|
||||
"sha256" => "c8e0826741fdd105b96e61730f266220a02a1b8c1ad3bb9445fe6d801b657891",
|
||||
"supports" => [{ "platform-family" => "unix" }, { "platform-family" => "windows" }],
|
||||
"status" => "loaded",
|
||||
"attributes" => [],
|
||||
|
@ -171,6 +171,22 @@ describe "inspec exec with json formatter" do
|
|||
result["run_time"].wont_be :nil?
|
||||
result["start_time"].wont_be :nil?
|
||||
|
||||
example_rb_code = <<~END
|
||||
control "tmp-1.0" do # A unique ID for this control
|
||||
impact 0.7 # The criticality, if this control fails.
|
||||
title "Create /tmp directory" # A human-readable title
|
||||
desc "An optional description..." # Describe why this is needed
|
||||
desc "label", "An optional description with a label" # Pair a part of the description with a label
|
||||
tag data: "temp data" # A tag allows you to associate key information
|
||||
tag "security" # to the test
|
||||
ref "Document A-12", url: "http://..." # Additional references
|
||||
|
||||
describe file("/tmp") do # The actual test
|
||||
it { should be_directory }
|
||||
end
|
||||
end
|
||||
END
|
||||
|
||||
actual.must_equal({
|
||||
"id" => "tmp-1.0",
|
||||
"title" => "Create /tmp directory",
|
||||
|
@ -179,7 +195,7 @@ describe "inspec exec with json formatter" do
|
|||
"impact" => 0.7,
|
||||
"refs" => [{ "url" => "http://...", "ref" => "Document A-12" }],
|
||||
"tags" => { "data" => "temp data", "security" => nil },
|
||||
"code" => "control \"tmp-1.0\" do # A unique ID for this control\n impact 0.7 # The criticality, if this control fails.\n title \"Create /tmp directory\" # A human-readable title\n desc \"An optional description...\" # Describe why this is needed\n desc \"label\", \"An optional description with a label\" # Pair a part of the description with a label\n tag data: \"temp data\" # A tag allows you to associate key information\n tag \"security\" # to the test\n ref \"Document A-12\", url: 'http://...' # Additional references\n\n describe file('/tmp') do # The actual test\n it { should be_directory }\n end\nend\n",
|
||||
"code" => example_rb_code,
|
||||
})
|
||||
end
|
||||
end
|
||||
|
|
|
@ -483,7 +483,21 @@ Test Summary: \e[38;5;41m2 successful\e[0m, 0 failures, 0 skipped\n"
|
|||
controls.count.must_equal 2
|
||||
|
||||
# check for json override
|
||||
expected_value = " control 'pro1-con2' do\n impact 0.999\n title 'Profile 1 - Control 2-updated'\n desc 'Profile 1 - Control 2 description-updated'\n desc 'overwrite me', 'it is overwritten'\n desc 'new entry', 'this is appended to the description list'\n tag 'password-updated'\n ref 'Section 3.5.2.1', url: 'https://example.com'\n describe file('/etc/passwd') do\n it { should exist }\n end\n end\n"
|
||||
# TODO: Brittle test expects the leading spaces.
|
||||
expected_value = <<-END
|
||||
control "pro1-con2" do
|
||||
impact 0.999
|
||||
title "Profile 1 - Control 2-updated"
|
||||
desc "Profile 1 - Control 2 description-updated"
|
||||
desc "overwrite me", "it is overwritten"
|
||||
desc "new entry", "this is appended to the description list"
|
||||
tag "password-updated"
|
||||
ref "Section 3.5.2.1", url: "https://example.com"
|
||||
describe file("/etc/passwd") do
|
||||
it { should exist }
|
||||
end
|
||||
end
|
||||
END
|
||||
override["code"].must_equal expected_value
|
||||
override["impact"].must_equal 0.999
|
||||
override["descriptions"].must_equal([
|
||||
|
@ -503,7 +517,18 @@ Test Summary: \e[38;5;41m2 successful\e[0m, 0 failures, 0 skipped\n"
|
|||
child_profile["parent_profile"].must_equal "wrapper-override"
|
||||
|
||||
# check for original code on child profile
|
||||
expected_value = "control 'pro1-con2' do\n impact 0.9\n title 'Profile 1 - Control 2'\n desc 'Profile 1 - Control 2 description'\n desc 'overwrite me', 'overwrite this'\n tag 'password'\n describe file('/etc/passwdddddddddd') do\n it { should exist }\n end\nend\n"
|
||||
expected_value = <<~END
|
||||
control "pro1-con2" do
|
||||
impact 0.9
|
||||
title "Profile 1 - Control 2"
|
||||
desc "Profile 1 - Control 2 description"
|
||||
desc "overwrite me", "overwrite this"
|
||||
tag "password"
|
||||
describe file("/etc/passwdddddddddd") do
|
||||
it { should exist }
|
||||
end
|
||||
end
|
||||
END
|
||||
child_control["code"].must_equal expected_value
|
||||
end
|
||||
end
|
||||
|
|
|
@ -29,7 +29,7 @@ describe "The license acceptance mechanism" do
|
|||
license_persist_path = File.join(tmp_home, ".chef", "accepted_licenses", "inspec")
|
||||
|
||||
File.exist?(license_persist_path).must_equal false # Sanity check
|
||||
run_result = run_inspec_process("shell -c platform.family --chef-license accept", env: { "HOME" => tmp_home })
|
||||
run_inspec_process("shell -c platform.family --chef-license accept", env: { "HOME" => tmp_home })
|
||||
File.exist?(license_persist_path).must_equal true
|
||||
|
||||
license_persist_contents = YAML.load(File.read(license_persist_path))
|
||||
|
|
|
@ -34,7 +34,8 @@ describe "Deprecation Facility Behavior" do
|
|||
json_result[1]["message"].must_include "This should fail"
|
||||
json_result[1]["message"].must_include "(used at"
|
||||
json_result[1]["message"].must_include "test/unit/mock/profiles/deprecation/typical/controls/typical.rb"
|
||||
json_result[1]["message"].must_include "typical.rb:10" # Line number check
|
||||
# TODO: Brittle Test
|
||||
json_result[1]["message"].must_include "typical.rb:11" # Line number check
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -56,7 +57,8 @@ describe "Deprecation Facility Behavior" do
|
|||
deprecation_line.must_include "This should fail"
|
||||
deprecation_line.must_include "(used at"
|
||||
deprecation_line.must_include "test/unit/mock/profiles/deprecation/bare/controls/bare.rb"
|
||||
deprecation_line.must_include "bare.rb:2"
|
||||
# TODO: Brittle Test
|
||||
deprecation_line.must_include "bare.rb:3"
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -80,6 +82,7 @@ describe "Deprecation Facility Behavior" do
|
|||
deprecation_line.must_include "This should exit"
|
||||
deprecation_line.must_include "(used at" # Beginning of a single-frame stack locator
|
||||
deprecation_line.must_include "test/unit/mock/profiles/deprecation/typical/controls/typical.rb" # Frame should have been identified as coming from the test profile
|
||||
# TODO: Brittle Test
|
||||
deprecation_line.must_include "typical.rb:27" # Line number check
|
||||
|
||||
# The reporter should not fire
|
||||
|
@ -106,6 +109,7 @@ describe "Deprecation Facility Behavior" do
|
|||
deprecation_line.must_include "This should exit" # Specific deprecation message
|
||||
deprecation_line.must_include "(used at" # Beginning of a single-frame stack locator
|
||||
deprecation_line.must_include "test/unit/mock/profiles/deprecation/typical/controls/typical.rb" # Frame should have been identified as coming from the test profile
|
||||
# TODO: Brittle Test
|
||||
deprecation_line.must_include "typical.rb:44" # Line number check
|
||||
|
||||
# The reporter should not fire
|
||||
|
@ -134,6 +138,7 @@ describe "Deprecation Facility Behavior" do
|
|||
deprecation_line.must_include "This should warn" # Specific deprecation message
|
||||
deprecation_line.must_include "(used at" # Beginning of a single-frame stack locator
|
||||
deprecation_line.must_include "test/unit/mock/profiles/deprecation/typical/controls/typical.rb" # Frame should have been identified as coming from the test profile
|
||||
# TODO: Brittle Test
|
||||
deprecation_line.must_include "typical.rb:61" # Line number check
|
||||
end
|
||||
end
|
||||
|
@ -157,6 +162,7 @@ describe "Deprecation Facility Behavior" do
|
|||
deprecation_line.must_include "DEPRECATION"
|
||||
deprecation_line.must_include "(used at" # Beginning of a single-frame stack locator
|
||||
deprecation_line.must_include "test/unit/mock/profiles/deprecation/typical/controls/typical.rb" # Frame should have been identified as coming from the test profile
|
||||
# TODO: Brittle Test
|
||||
deprecation_line.must_include "typical.rb:77" # Line number check
|
||||
end
|
||||
end
|
||||
|
|
|
@ -35,8 +35,7 @@ describe "InSpec UI behavior" do
|
|||
run_result.exit_status.must_equal 0
|
||||
expected = <<-EOT
|
||||
|
||||
───────────────────────────────── \e[1m\e[37mBig News!\e[0m ─────────────────────────────────
|
||||
|
||||
───────────────────────────────── \e[1m\e[37mBig News!\e[0m ───────────────────────────────── \n
|
||||
EOT
|
||||
show_spaces(run_result.stdout).must_equal show_spaces(expected)
|
||||
end
|
||||
|
@ -102,8 +101,7 @@ describe "InSpec UI behavior" do
|
|||
run_result.exit_status.must_equal 0
|
||||
expected = <<~EOT
|
||||
|
||||
--------------------------------- Big News! ---------------------------------
|
||||
|
||||
--------------------------------- Big News! --------------------------------- \n
|
||||
+----------------------+----------+-----------+
|
||||
| Band | Coolness | Nerd Cred |
|
||||
+----------------------+----------+-----------+
|
||||
|
|
|
@ -35,7 +35,7 @@ describe "Inspec::Config" do
|
|||
# Note that since unit tests are randomized, we have no idea what is in
|
||||
# the cache. We just want to validate that we get the same thing.
|
||||
it "should cache the config object" do
|
||||
cfg_1 = Inspec::Config.new # in the unlikely event we are the first unit test
|
||||
Inspec::Config.new # in the unlikely event we are the first unit test
|
||||
|
||||
# Type check
|
||||
cfg_cached = Inspec::Config.cached
|
||||
|
@ -46,7 +46,7 @@ describe "Inspec::Config" do
|
|||
cfg_2.must_equal cfg_cached
|
||||
|
||||
# Cached value unaffected by later instance creation
|
||||
cfg_3 = Inspec::Config.new(shoe_size: 9)
|
||||
Inspec::Config.new(shoe_size: 9)
|
||||
cfg_4 = Inspec::Config.cached
|
||||
cfg_4.must_equal cfg_cached
|
||||
end
|
||||
|
@ -281,7 +281,7 @@ describe "Inspec::Config" do
|
|||
it "assumes `--sudo` if `--sudo-password` is used without it" do
|
||||
@mock_logger = Minitest::Mock.new
|
||||
@mock_logger.expect(:warn, nil, [/Adding `--sudo`./])
|
||||
Inspec::Log.stub :warn, proc { |message| @mock_logger.warn(message) } do
|
||||
Inspec::Log.stub :warn, (proc { |message| @mock_logger.warn(message) }) do
|
||||
cfg = Inspec::Config.new("sudo_password" => "somepass")
|
||||
cfg.key?("sudo").must_equal true
|
||||
end
|
||||
|
@ -349,7 +349,6 @@ describe "Inspec::Config" do
|
|||
it "should be able to unpack #{target_uri}" do
|
||||
# let() caching breaks things here
|
||||
cfg_io = StringIO.new(ConfigTestHelper.fixture(file_fixture_name))
|
||||
cli_opts = { target: target_uri }
|
||||
cfg = Inspec::Config.new({ target: target_uri }, cfg_io)
|
||||
creds = cfg.unpack_train_credentials
|
||||
creds.count.must_equal 2
|
||||
|
@ -381,7 +380,7 @@ describe "Inspec::Config" do
|
|||
cfg_io = StringIO.new(ConfigTestHelper.fixture(file_fixture_name))
|
||||
cfg = Inspec::Config.new({ target: target_uri }, cfg_io)
|
||||
|
||||
assert_raises(Train::UserError) { creds = cfg.unpack_train_credentials }
|
||||
assert_raises(Train::UserError) { cfg.unpack_train_credentials }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -21,7 +21,7 @@ describe Fetchers::Url do
|
|||
@mock_logger = Minitest::Mock.new
|
||||
@mock_logger.expect(:warn, nil, [/URL target.*transformed/])
|
||||
|
||||
Inspec::Log.stub :warn, proc { |message| @mock_logger.warn(message) } do
|
||||
Inspec::Log.stub :warn, (proc { |message| @mock_logger.warn(message) }) do
|
||||
yield
|
||||
end
|
||||
|
||||
|
|
|
@ -116,7 +116,7 @@ describe "Inspec::Input and Events" do
|
|||
lines.shift # Not testing the inputs top line here
|
||||
|
||||
lines.each do |line|
|
||||
line.must_match /^\s\s([a-z]+:\s\'.+\',\s)*?([a-z]+:\s\'.+\')$/ # key: 'value', key: 'value' ...
|
||||
line.must_match(/^\s\s([a-z]+:\s\'.+\',\s)*?([a-z]+:\s\'.+\')$/) # key: 'value', key: 'value' ...
|
||||
end
|
||||
|
||||
lines[0].must_include "action: 'create',"
|
||||
|
|
|
@ -138,7 +138,6 @@ describe Inspec::InputRegistry do
|
|||
describe "when multiple CLI --attrs option args are provided and all have inputs" do
|
||||
let(:sources) { { cli_input_files: ["file1.yaml", "file2.yaml"] } }
|
||||
it "returns a hash containing all the inputs" do
|
||||
options = { attrs: ["file1.yaml", "file2.yaml"] }
|
||||
secrets1 = mock
|
||||
secrets1.stubs(:inputs).returns({ key1: "value1" })
|
||||
secrets2 = mock
|
||||
|
|
|
@ -27,7 +27,7 @@ describe "type validation" do
|
|||
Inspec::BaseCLI.inspec_cli_command = :exec
|
||||
input = Inspec::Input.new("test_input", required: true)
|
||||
ex = assert_raises(Inspec::Input::RequiredError) { input.value }
|
||||
ex.message.must_match /Input 'test_input' is required and does not have a value./
|
||||
ex.message.must_match(/Input 'test_input' is required and does not have a value./)
|
||||
Inspec::BaseCLI.inspec_cli_command = nil
|
||||
end
|
||||
end
|
||||
|
@ -95,7 +95,7 @@ describe "type validation" do
|
|||
it "returns an error if a invalid type is sent" do
|
||||
opts[:type] = "dressing"
|
||||
ex = assert_raises(Inspec::Input::TypeError) { input }
|
||||
ex.message.must_match /Type 'Dressing' is not a valid input type./
|
||||
ex.message.must_match(/Type 'Dressing' is not a valid input type./)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -4,11 +4,9 @@ title 'Host example.com lookup'
|
|||
|
||||
control 'test01' do
|
||||
impact 0.5
|
||||
title 'Catchy title'
|
||||
desc '
|
||||
example.com should always exist.
|
||||
'
|
||||
describe host('example.com') do
|
||||
title "Catchy title"
|
||||
desc "example.com should always exist."
|
||||
describe host("example.com") do
|
||||
it { should be_resolvable }
|
||||
end
|
||||
end
|
||||
|
|
|
@ -3,14 +3,14 @@
|
|||
title '/tmp profile'
|
||||
|
||||
# you add controls here
|
||||
control "tmp-1.0" do # A unique ID for this control
|
||||
control 'tmp-1.0' do # A unique ID for this control
|
||||
impact 0.7 # The criticality, if this control fails.
|
||||
title "Create /tmp directory" # A human-readable title
|
||||
desc "An optional description..." # Describe why this is needed
|
||||
desc "label", "An optional description with a label" # Pair a part of the description with a label
|
||||
tag data: "temp data" # A tag allows you to associate key information
|
||||
tag "security" # to the test
|
||||
ref "Document A-12", url: 'http://...' # Additional references
|
||||
title 'Create /tmp directory' # A human-readable title
|
||||
desc 'An optional description...' # Describe why this is needed
|
||||
desc 'label', 'An optional description with a label' # Pair a part of the description with a label
|
||||
tag data: 'temp data' # A tag allows you to associate key information
|
||||
tag 'security' # to the test
|
||||
ref 'Document A-12', url: 'http://...' # Additional references
|
||||
|
||||
describe file('/tmp') do # The actual test
|
||||
it { should be_directory }
|
||||
|
|
|
@ -125,7 +125,7 @@ class PluginInstallerInstallationTests < Minitest::Test
|
|||
refute_operator reg, :known_plugin?, plugin_name
|
||||
refute_operator reg, :loaded_plugin?, plugin_name
|
||||
|
||||
result = @installer.install("inspec-test-fixture", gem_file: gem_file)
|
||||
@installer.install("inspec-test-fixture", gem_file: gem_file)
|
||||
|
||||
base = @installer.gem_path
|
||||
spec_path = "#{base}/specifications/inspec-test-fixture-0.1.0.gemspec"
|
||||
|
|
|
@ -44,13 +44,13 @@ class PluginLoaderTests < Minitest::Test
|
|||
|
||||
def test_constructor_should_not_load_anything_automatically
|
||||
reg = Inspec::Plugin::V2::Registry.instance
|
||||
loader = Inspec::Plugin::V2::Loader.new
|
||||
Inspec::Plugin::V2::Loader.new
|
||||
assert_equal 0, reg.loaded_count, "\nRegistry load count"
|
||||
end
|
||||
|
||||
def test_constructor_should_detect_bundled_plugins
|
||||
reg = Inspec::Plugin::V2::Registry.instance
|
||||
loader = Inspec::Plugin::V2::Loader.new
|
||||
Inspec::Plugin::V2::Loader.new
|
||||
@bundled_plugins.each do |bundled_plugin_name|
|
||||
assert reg.known_plugin?(bundled_plugin_name), "\n#{bundled_plugin_name} should be detected as a bundled plugin"
|
||||
end
|
||||
|
@ -58,7 +58,7 @@ class PluginLoaderTests < Minitest::Test
|
|||
|
||||
def test_constructor_should_detect_core_plugins
|
||||
reg = Inspec::Plugin::V2::Registry.instance
|
||||
loader = Inspec::Plugin::V2::Loader.new
|
||||
Inspec::Plugin::V2::Loader.new
|
||||
@core_plugins.each do |core_plugin_name|
|
||||
assert reg.known_plugin?(core_plugin_name), "\n#{core_plugin_name} should be detected as a core plugin"
|
||||
end
|
||||
|
@ -66,7 +66,7 @@ class PluginLoaderTests < Minitest::Test
|
|||
|
||||
def test_constructor_should_skip_bundles_when_option_is_set
|
||||
reg = Inspec::Plugin::V2::Registry.instance
|
||||
loader = Inspec::Plugin::V2::Loader.new(omit_bundles: true)
|
||||
Inspec::Plugin::V2::Loader.new(omit_bundles: true)
|
||||
@bundled_plugins.each do |bundled_plugin_name|
|
||||
refute reg.known_plugin?(bundled_plugin_name), "\n#{bundled_plugin_name} should not be detected when omit_bundles is set"
|
||||
end
|
||||
|
@ -74,7 +74,7 @@ class PluginLoaderTests < Minitest::Test
|
|||
|
||||
def test_constructor_should_skip_core_when_option_is_set
|
||||
reg = Inspec::Plugin::V2::Registry.instance
|
||||
loader = Inspec::Plugin::V2::Loader.new(omit_core_plugins: true)
|
||||
Inspec::Plugin::V2::Loader.new(omit_core_plugins: true)
|
||||
@core_plugins.each do |core_plugin_name|
|
||||
refute reg.known_plugin?(core_plugin_name), "\n#{core_plugin_name} should not be detected when omit_core_plugins is set"
|
||||
end
|
||||
|
@ -83,7 +83,7 @@ class PluginLoaderTests < Minitest::Test
|
|||
def test_constructor_when_using_home_dir_detects_declared_plugins
|
||||
ENV["HOME"] = File.join(@config_dir_path, "fakehome")
|
||||
reg = Inspec::Plugin::V2::Registry.instance
|
||||
loader = Inspec::Plugin::V2::Loader.new
|
||||
Inspec::Plugin::V2::Loader.new
|
||||
assert reg.known_plugin?(:'inspec-test-home-marker'), "\ninspec-test-home-marker should be detected as a plugin"
|
||||
end
|
||||
|
||||
|
@ -94,7 +94,7 @@ class PluginLoaderTests < Minitest::Test
|
|||
def test_constructor_when_the_plugin_config_is_absent_it_detects_bundled_plugins
|
||||
ENV["INSPEC_CONFIG_DIR"] = File.join(@config_dir_path, "empty")
|
||||
reg = Inspec::Plugin::V2::Registry.instance
|
||||
loader = Inspec::Plugin::V2::Loader.new
|
||||
Inspec::Plugin::V2::Loader.new
|
||||
@bundled_plugins.each do |bundled_plugin_name|
|
||||
assert reg.known_plugin?(bundled_plugin_name), "\n#{bundled_plugin_name} should be detected as a bundled plugin"
|
||||
end
|
||||
|
@ -232,8 +232,7 @@ class PluginLoaderTests < Minitest::Test
|
|||
ENV["INSPEC_CONFIG_DIR"] = File.join(@config_dir_path, "train-test-fixture")
|
||||
|
||||
reg = Inspec::Plugin::V2::Registry.instance
|
||||
loader = nil
|
||||
assert_silent { loader = Inspec::Plugin::V2::Loader.new }
|
||||
assert_silent { Inspec::Plugin::V2::Loader.new }
|
||||
|
||||
plugin_name = :'train-test-fixture'
|
||||
assert(reg.known_plugin?(plugin_name), "The train plugin should be known after loader init")
|
||||
|
|
|
@ -60,7 +60,6 @@ describe "Inspec::Plugin::V2::ConfigFile" do
|
|||
let(:fixture_name) { "nonesuch" }
|
||||
it "creates a empty datastructure" do
|
||||
Dir.mktmpdir do |tmp_dir|
|
||||
constructor_arg = File.join(tmp_dir, "plugins.json")
|
||||
config_file_obj.count.must_equal 0
|
||||
end
|
||||
end
|
||||
|
|
|
@ -14,7 +14,7 @@ describe "metadata with supported operating systems" do
|
|||
end
|
||||
|
||||
describe "running on ubuntu 14.04" do
|
||||
let (:backend) { MockLoader.new(:ubuntu1404).backend }
|
||||
let(:backend) { MockLoader.new(:ubuntu1404).backend }
|
||||
|
||||
it "provides all metadata content" do
|
||||
s = "---\nname: hello #{rand}"
|
||||
|
|
|
@ -33,9 +33,9 @@ describe Inspec::Profile do
|
|||
end
|
||||
|
||||
it "can overwrite the profile ID" do
|
||||
testID = rand.to_s
|
||||
res = MockLoader.load_profile(profile_id, id: testID)
|
||||
res.params[:name].must_equal testID
|
||||
testid = rand.to_s
|
||||
res = MockLoader.load_profile(profile_id, id: testid)
|
||||
res.params[:name].must_equal testid
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -45,13 +45,15 @@ describe Inspec::Profile do
|
|||
end
|
||||
|
||||
it "works on a complete profile" do
|
||||
MockLoader.load_profile("complete-profile").sha256.must_equal "f63142e0e4c62469339eab2c16fee2ead2e3dd781492a1dcb1a218424e4d90b3"
|
||||
MockLoader.load_profile("complete-profile").sha256.must_equal "deeabf92dda1cdb8c5a559f26aff6112c126cc504c4379b651a66fde1c082e2a"
|
||||
end
|
||||
end
|
||||
|
||||
describe "code info" do
|
||||
let(:profile_id) { "complete-profile" }
|
||||
let(:code) { "control 'test01' do\n impact 0.5\n title 'Catchy title'\n desc '\n example.com should always exist.\n '\n describe host('example.com') do\n it { should be_resolvable }\n end\nend\n" }
|
||||
|
||||
let(:code) { "control \"test01\" do\n impact 0.5\n title \"Catchy title\"\n desc \"example.com should always exist.\"\n describe host(\"example.com\") do\n it { should be_resolvable }\n end\nend\n" }
|
||||
|
||||
let(:loc) { { ref: "controls/host_spec.rb", line: 5 } }
|
||||
|
||||
it "gets code from an uncompressed profile" do
|
||||
|
|
|
@ -16,7 +16,7 @@ describe "AwsResourceMixin" do
|
|||
|
||||
it "confirm ArgumentError is raised when testing" do
|
||||
proc {
|
||||
mixin = AwsResourceMixinError.new({})
|
||||
AwsResourceMixinError.new({})
|
||||
}.must_raise ArgumentError
|
||||
end
|
||||
|
||||
|
@ -34,7 +34,7 @@ describe "AwsResourceMixin" do
|
|||
|
||||
it "confirm ResourceFailed is raised when live" do
|
||||
proc {
|
||||
mixin = AwsResourceMixinLive.new({})
|
||||
AwsResourceMixinLive.new({})
|
||||
}.must_raise Inspec::Exceptions::ResourceFailed
|
||||
end
|
||||
end
|
||||
|
|
|
@ -6,7 +6,7 @@ require "resource_support/aws"
|
|||
require "resources/aws/aws_ebs_volume"
|
||||
|
||||
class TestEbs < Minitest::Test
|
||||
Id = "volume-id".freeze
|
||||
ID = "volume-id".freeze
|
||||
|
||||
def setup
|
||||
@mock_conn = Minitest::Mock.new
|
||||
|
@ -18,61 +18,61 @@ class TestEbs < Minitest::Test
|
|||
end
|
||||
|
||||
def test_that_id_returns_id_directly_when_constructed_with_an_id
|
||||
assert_equal Id, AwsEbsVolume.new(Id, @mock_conn).id
|
||||
assert_equal ID, AwsEbsVolume.new(ID, @mock_conn).id
|
||||
end
|
||||
|
||||
def test_that_id_returns_fetched_id_when_constructed_with_a_name
|
||||
mock_volume = Minitest::Mock.new
|
||||
mock_volume.expect :nil?, false
|
||||
mock_volume.expect :id, Id
|
||||
mock_volume.expect :id, ID
|
||||
@mock_resource.expect :volumes, [mock_volume], [Hash]
|
||||
assert_equal Id, AwsEbsVolume.new({ name: "cut" }, @mock_conn).id
|
||||
assert_equal ID, AwsEbsVolume.new({ name: "cut" }, @mock_conn).id
|
||||
end
|
||||
|
||||
def test_that_volume_returns_volume_when_volume_exists
|
||||
mock_volume = Object.new
|
||||
|
||||
@mock_resource.expect :volume, mock_volume, [Id]
|
||||
@mock_resource.expect :volume, mock_volume, [ID]
|
||||
assert_same(
|
||||
mock_volume,
|
||||
AwsEbsVolume.new(Id, @mock_conn).send(:volume)
|
||||
AwsEbsVolume.new(ID, @mock_conn).send(:volume)
|
||||
)
|
||||
end
|
||||
|
||||
def test_that_volume_returns_nil_when_volume_does_not_exist
|
||||
@mock_resource.expect :volume, nil, [Id]
|
||||
assert AwsEbsVolume.new(Id, @mock_conn).send(:volume).nil?
|
||||
@mock_resource.expect :volume, nil, [ID]
|
||||
assert AwsEbsVolume.new(ID, @mock_conn).send(:volume).nil?
|
||||
end
|
||||
|
||||
def test_that_exists_returns_true_when_volume_exists
|
||||
mock_volume = Minitest::Mock.new
|
||||
mock_volume.expect :nil?, false
|
||||
mock_volume.expect :exists?, true
|
||||
@mock_resource.expect :volume, mock_volume, [Id]
|
||||
assert AwsEbsVolume.new(Id, @mock_conn).exists?
|
||||
@mock_resource.expect :volume, mock_volume, [ID]
|
||||
assert AwsEbsVolume.new(ID, @mock_conn).exists?
|
||||
end
|
||||
|
||||
def test_that_exists_returns_false_when_volume_does_not_exist
|
||||
mock_volume = Minitest::Mock.new
|
||||
mock_volume.expect :nil?, true
|
||||
mock_volume.expect :exists?, false
|
||||
@mock_resource.expect :volume, mock_volume, [Id]
|
||||
refute AwsEbsVolume.new(Id, @mock_conn).exists?
|
||||
@mock_resource.expect :volume, mock_volume, [ID]
|
||||
refute AwsEbsVolume.new(ID, @mock_conn).exists?
|
||||
end
|
||||
|
||||
def test_that_encrypted_returns_true_when_volume_is_encrypted
|
||||
mock_volume = Minitest::Mock.new
|
||||
mock_volume.expect :nil?, false
|
||||
mock_volume.expect :encrypted, true
|
||||
@mock_resource.expect :volume, mock_volume, [Id]
|
||||
assert AwsEbsVolume.new(Id, @mock_conn).encrypted?
|
||||
@mock_resource.expect :volume, mock_volume, [ID]
|
||||
assert AwsEbsVolume.new(ID, @mock_conn).encrypted?
|
||||
end
|
||||
|
||||
def test_that_encrypted_returns_false_when_volume_is_not_encrypted
|
||||
mock_volume = Minitest::Mock.new
|
||||
mock_volume.expect :nil?, false
|
||||
mock_volume.expect :encrypted, false
|
||||
@mock_resource.expect :volume, mock_volume, [Id]
|
||||
refute AwsEbsVolume.new(Id, @mock_conn).encrypted?
|
||||
@mock_resource.expect :volume, mock_volume, [ID]
|
||||
refute AwsEbsVolume.new(ID, @mock_conn).encrypted?
|
||||
end
|
||||
end
|
||||
|
|
|
@ -6,9 +6,9 @@ require "resource_support/aws"
|
|||
require "resources/aws/aws_ec2_instance"
|
||||
|
||||
class TestEc2 < Minitest::Test
|
||||
Id = "instance-id".freeze
|
||||
InstanceProfile = "instance-role".freeze
|
||||
Arn = "arn:aws:iam::123456789012:instance-profile/instance-role".freeze
|
||||
ID = "instance-id".freeze
|
||||
INSTANCEPROFILE = "instance-role".freeze
|
||||
ARN = "arn:aws:iam::123456789012:instance-profile/instance-role".freeze
|
||||
|
||||
def setup
|
||||
@mock_conn = Minitest::Mock.new
|
||||
|
@ -22,50 +22,50 @@ class TestEc2 < Minitest::Test
|
|||
end
|
||||
|
||||
def test_that_id_returns_id_directly_when_constructed_with_an_id
|
||||
assert_equal Id, AwsEc2Instance.new(Id, @mock_conn).id
|
||||
assert_equal ID, AwsEc2Instance.new(ID, @mock_conn).id
|
||||
end
|
||||
|
||||
def test_that_id_returns_fetched_id_when_constructed_with_a_name
|
||||
mock_instance = Minitest::Mock.new
|
||||
mock_instance.expect :nil?, false
|
||||
mock_instance.expect :id, Id
|
||||
mock_instance.expect :id, ID
|
||||
@mock_resource.expect :instances, [mock_instance], [Hash]
|
||||
assert_equal Id, AwsEc2Instance.new({ name: "cut" }, @mock_conn).id
|
||||
assert_equal ID, AwsEc2Instance.new({ name: "cut" }, @mock_conn).id
|
||||
end
|
||||
|
||||
def test_that_instance_returns_instance_when_instance_exists
|
||||
mock_instance = Object.new
|
||||
|
||||
@mock_resource.expect :instance, mock_instance, [Id]
|
||||
@mock_resource.expect :instance, mock_instance, [ID]
|
||||
assert_same(
|
||||
mock_instance,
|
||||
AwsEc2Instance.new(Id, @mock_conn).send(:instance)
|
||||
AwsEc2Instance.new(ID, @mock_conn).send(:instance)
|
||||
)
|
||||
end
|
||||
|
||||
def test_that_instance_returns_nil_when_instance_does_not_exist
|
||||
@mock_resource.expect :instance, nil, [Id]
|
||||
assert AwsEc2Instance.new(Id, @mock_conn).send(:instance).nil?
|
||||
@mock_resource.expect :instance, nil, [ID]
|
||||
assert AwsEc2Instance.new(ID, @mock_conn).send(:instance).nil?
|
||||
end
|
||||
|
||||
def test_that_exists_returns_true_when_instance_exists
|
||||
mock_instance = Minitest::Mock.new
|
||||
mock_instance.expect :nil?, false
|
||||
mock_instance.expect :exists?, true
|
||||
@mock_resource.expect :instance, mock_instance, [Id]
|
||||
assert AwsEc2Instance.new(Id, @mock_conn).exists?
|
||||
@mock_resource.expect :instance, mock_instance, [ID]
|
||||
assert AwsEc2Instance.new(ID, @mock_conn).exists?
|
||||
end
|
||||
|
||||
def test_that_exists_returns_false_when_instance_does_not_exist
|
||||
mock_instance = Minitest::Mock.new
|
||||
mock_instance.expect :nil?, false
|
||||
mock_instance.expect :exists?, false
|
||||
@mock_resource.expect :instance, mock_instance, [Id]
|
||||
assert !AwsEc2Instance.new(Id, @mock_conn).exists?
|
||||
@mock_resource.expect :instance, mock_instance, [ID]
|
||||
assert !AwsEc2Instance.new(ID, @mock_conn).exists?
|
||||
end
|
||||
|
||||
def stub_iam_instance_profile
|
||||
OpenStruct.new({ arn: Arn })
|
||||
OpenStruct.new({ arn: ARN })
|
||||
end
|
||||
|
||||
def stub_instance_profile(roles)
|
||||
|
@ -75,7 +75,7 @@ class TestEc2 < Minitest::Test
|
|||
def test_that_has_roles_returns_false_when_roles_is_empty
|
||||
mock_instance = Minitest::Mock.new
|
||||
mock_instance.expect :iam_instance_profile, stub_iam_instance_profile
|
||||
@mock_resource.expect :instance, mock_instance, [Id]
|
||||
@mock_resource.expect :instance, mock_instance, [ID]
|
||||
|
||||
mock_roles = Minitest::Mock.new
|
||||
mock_roles.expect :empty?, true
|
||||
|
@ -83,16 +83,16 @@ class TestEc2 < Minitest::Test
|
|||
@mock_iam_resource.expect(
|
||||
:instance_profile,
|
||||
stub_instance_profile(mock_roles),
|
||||
[InstanceProfile]
|
||||
[INSTANCEPROFILE]
|
||||
)
|
||||
|
||||
refute AwsEc2Instance.new(Id, @mock_conn).has_roles?
|
||||
refute AwsEc2Instance.new(ID, @mock_conn).has_roles?
|
||||
end
|
||||
|
||||
def test_that_has_roles_returns_true_when_roles_is_not_empty
|
||||
mock_instance = Minitest::Mock.new
|
||||
mock_instance.expect :iam_instance_profile, stub_iam_instance_profile
|
||||
@mock_resource.expect :instance, mock_instance, [Id]
|
||||
@mock_resource.expect :instance, mock_instance, [ID]
|
||||
|
||||
mock_roles = Minitest::Mock.new
|
||||
mock_roles.expect :empty?, false
|
||||
|
@ -100,23 +100,23 @@ class TestEc2 < Minitest::Test
|
|||
@mock_iam_resource.expect(
|
||||
:instance_profile,
|
||||
stub_instance_profile(mock_roles),
|
||||
[InstanceProfile]
|
||||
[INSTANCEPROFILE]
|
||||
)
|
||||
|
||||
assert AwsEc2Instance.new(Id, @mock_conn).has_roles?
|
||||
assert AwsEc2Instance.new(ID, @mock_conn).has_roles?
|
||||
end
|
||||
|
||||
def test_that_has_roles_returns_false_when_roles_does_not_exist
|
||||
mock_instance = Minitest::Mock.new
|
||||
mock_instance.expect :iam_instance_profile, stub_iam_instance_profile
|
||||
@mock_resource.expect :instance, mock_instance, [Id]
|
||||
@mock_resource.expect :instance, mock_instance, [ID]
|
||||
|
||||
@mock_iam_resource.expect(
|
||||
:instance_profile,
|
||||
stub_instance_profile(nil),
|
||||
[InstanceProfile]
|
||||
[INSTANCEPROFILE]
|
||||
)
|
||||
|
||||
refute AwsEc2Instance.new(Id, @mock_conn).has_roles?
|
||||
refute AwsEc2Instance.new(ID, @mock_conn).has_roles?
|
||||
end
|
||||
end
|
||||
|
|
|
@ -119,7 +119,6 @@ class AwsSGSMatchers < Minitest::Test
|
|||
|
||||
def test_matcher_allow_criteria_validation
|
||||
sg = AwsSecurityGroup.new("sg-aaaabbbb")
|
||||
rules = sg.inbound_rules
|
||||
assert_raises(ArgumentError, "allow should reject unrecognized criteria") { sg.allow_in?(shoe_size: 9) }
|
||||
[
|
||||
:from_port,
|
||||
|
|
|
@ -48,7 +48,7 @@ end
|
|||
module AwsMSTB
|
||||
class Basic < AwsBackendBase
|
||||
def list_topics(query = {})
|
||||
topics = OpenStruct.new({
|
||||
OpenStruct.new({
|
||||
topics: [
|
||||
OpenStruct.new({ topic_arn: "arn:aws:sns:us-east-1:212312313:test-topic-01" }),
|
||||
OpenStruct.new({ topic_arn: "arn:aws:sns:us-east-1:123123129:test-topic-02" })
|
||||
|
|
|
@ -36,7 +36,7 @@ describe Inspec::Resources::Cmd do
|
|||
it "fails the resource if `redact_regex` is not a regular expression" do
|
||||
result = resource("env", redact_regex: "string")
|
||||
result.resource_failed?.must_equal true
|
||||
result.resource_exception_message.must_match /must be a regular expression/
|
||||
result.resource_exception_message.must_match(/must be a regular expression/)
|
||||
end
|
||||
|
||||
it "redacts output if `redact_regex` is passed with caputure groups" do
|
||||
|
|
|
@ -4,8 +4,8 @@ require "inspec/resources/csv"
|
|||
|
||||
describe "Inspec::Resources::CSV" do
|
||||
describe "when loading a valid csv" do
|
||||
let (:resource) { load_resource("csv", "example.csv") }
|
||||
let (:params) do
|
||||
let(:resource) { load_resource("csv", "example.csv") }
|
||||
let(:params) do
|
||||
{}
|
||||
end
|
||||
|
||||
|
|
|
@ -3,9 +3,9 @@ require "inspec/resource"
|
|||
require "inspec/resources/dh_params"
|
||||
|
||||
describe "Inspec::Resources::DhParams" do
|
||||
let (:resource_dh_params) { load_resource("dh_params", "dh_params.dh_pem") }
|
||||
let(:resource_dh_params) { load_resource("dh_params", "dh_params.dh_pem") }
|
||||
|
||||
let (:modulus) do
|
||||
let(:modulus) do
|
||||
# regex removes all whitespace
|
||||
<<-EOF.gsub(/[[:space:]]+/, "")
|
||||
00:8c:bd:f0:27:91:00:30:7e:92:c6:04:96:ad:21:
|
||||
|
@ -29,7 +29,7 @@ describe "Inspec::Resources::DhParams" do
|
|||
EOF
|
||||
end
|
||||
|
||||
let (:output_as_pem) do
|
||||
let(:output_as_pem) do
|
||||
# regex removes all leading spaces
|
||||
<<-EOF.gsub(/^[[:blank:]]+/, "")
|
||||
-----BEGIN DH PARAMETERS-----
|
||||
|
@ -43,7 +43,7 @@ describe "Inspec::Resources::DhParams" do
|
|||
EOF
|
||||
end
|
||||
|
||||
let (:output_as_text) do
|
||||
let(:output_as_text) do
|
||||
# note: mock file loader munges first line of output w/ASCII-8BIT line
|
||||
# regex removes 2 leading spaces
|
||||
<<-EOF.gsub(/^[[:blank:]]{2}/, "")
|
||||
|
|
|
@ -23,8 +23,8 @@ describe "Inspec::Resources::Fstab" do
|
|||
end
|
||||
|
||||
it "Verify parsing an entry where mount_options is a single item" do
|
||||
resourceOneMount = load_resource("etc_fstab", "fstab_one_mount")
|
||||
entries = resourceOneMount.where { file_system_options == 0 }
|
||||
resource_one_mount = load_resource("etc_fstab", "fstab_one_mount")
|
||||
entries = resource_one_mount.where { file_system_options == 0 }
|
||||
_(entries.mount_options).must_equal [["defaults", "x-systemd.device-timeout=0"]]
|
||||
end
|
||||
|
||||
|
@ -42,10 +42,10 @@ describe "Inspec::Resources::Fstab" do
|
|||
end
|
||||
|
||||
it "verify home_mount_options returns something when /home is not configured" do
|
||||
resourceNoHome = load_resource("etc_fstab", "fstab_no_home")
|
||||
entries = resourceNoHome.where { mount_point == "/home" }
|
||||
resource_no_home = load_resource("etc_fstab", "fstab_no_home")
|
||||
entries = resource_no_home.where { mount_point == "/home" }
|
||||
_(entries.configured?).must_equal false
|
||||
_(resourceNoHome.home_mount_options).must_be_nil
|
||||
_(resource_no_home.home_mount_options).must_be_nil
|
||||
end
|
||||
|
||||
it "verify etc_fstab can detect all nfs file systems" do
|
||||
|
|
|
@ -3,64 +3,64 @@ require "inspec/resource"
|
|||
require "inspec/resources/firewalld"
|
||||
|
||||
describe "Inspec::Resources::FirewallD" do
|
||||
centResource = MockLoader.new(:centos7).load_resource("firewalld")
|
||||
cent_resource = MockLoader.new(:centos7).load_resource("firewalld")
|
||||
|
||||
it "verify firewalld detects a zone" do
|
||||
_(centResource.has_zone?("public")).must_equal true
|
||||
_(centResource.has_zone?("zonenotinfirewalld")).must_equal false
|
||||
_(cent_resource.has_zone?("public")).must_equal true
|
||||
_(cent_resource.has_zone?("zonenotinfirewalld")).must_equal false
|
||||
end
|
||||
|
||||
it "verity firewalld is running" do
|
||||
_(centResource.running?).must_equal true
|
||||
_(cent_resource.running?).must_equal true
|
||||
end
|
||||
|
||||
it "verify firewalld detects a default_zone" do
|
||||
_(centResource.default_zone).must_equal "public"
|
||||
_(cent_resource.default_zone).must_equal "public"
|
||||
end
|
||||
|
||||
it "parses zones with multiple interfaces" do
|
||||
entries = centResource.where { zone == "public" }
|
||||
entries = cent_resource.where { zone == "public" }
|
||||
_(entries.interfaces).must_equal [%w{enp0s3 eno2}]
|
||||
end
|
||||
|
||||
it "detects services in an active zone" do
|
||||
entries = centResource.where { zone == "public" }
|
||||
entries = cent_resource.where { zone == "public" }
|
||||
_(entries.services).must_equal [%w{ssh icmp}]
|
||||
end
|
||||
|
||||
it "detects multiple active zones" do
|
||||
entries = centResource.where { zone == "public" }
|
||||
entries = cent_resource.where { zone == "public" }
|
||||
_(entries.interfaces).must_equal [%w{enp0s3 eno2}]
|
||||
entries = centResource.where { zone == "default" }
|
||||
entries = cent_resource.where { zone == "default" }
|
||||
_(entries.interfaces).must_equal [["enp0s3"]]
|
||||
end
|
||||
|
||||
it "detects sources in an active zone" do
|
||||
entries = centResource.where { zone == "public" }
|
||||
entries = cent_resource.where { zone == "public" }
|
||||
_(entries.sources).must_equal [["192.168.1.0/24", "192.168.1.2"]]
|
||||
end
|
||||
|
||||
it "verify firewalld detects a whether or not a service is allowed in a zone" do
|
||||
_(centResource.has_service_enabled_in_zone?("ssh", "public")).must_equal true
|
||||
_(cent_resource.has_service_enabled_in_zone?("ssh", "public")).must_equal true
|
||||
end
|
||||
|
||||
it "verify firewalld detects ports enabled for a service in a zone" do
|
||||
_(centResource.service_ports_enabled_in_zone("ssh", "public")).must_equal ["22/tcp"]
|
||||
_(cent_resource.service_ports_enabled_in_zone("ssh", "public")).must_equal ["22/tcp"]
|
||||
end
|
||||
|
||||
it "verify firewalld detects protocols enabled for a service in a zone" do
|
||||
_(centResource.service_protocols_enabled_in_zone("ssh", "public")).must_equal ["icmp"]
|
||||
_(cent_resource.service_protocols_enabled_in_zone("ssh", "public")).must_equal ["icmp"]
|
||||
end
|
||||
|
||||
it "verify firewalld detects a whether or not a service is allowed in a zone" do
|
||||
_(centResource.has_port_enabled_in_zone?("22/udp", "public")).must_equal true
|
||||
_(cent_resource.has_port_enabled_in_zone?("22/udp", "public")).must_equal true
|
||||
end
|
||||
|
||||
it "verify firewalld detects a whether or not a rule is enabled in a zone included rule text" do
|
||||
_(centResource.has_rule_enabled?("rule family=ipv4 source address=192.168.0.14 accept", "public")).must_equal true
|
||||
_(cent_resource.has_rule_enabled?("rule family=ipv4 source address=192.168.0.14 accept", "public")).must_equal true
|
||||
end
|
||||
|
||||
it "verify firewalld detects a whether or not a rule is enabled in a zone exluding rule text" do
|
||||
_(centResource.has_rule_enabled?("family=ipv4 source address=192.168.0.14 accept", "public")).must_equal true
|
||||
_(cent_resource.has_rule_enabled?("family=ipv4 source address=192.168.0.14 accept", "public")).must_equal true
|
||||
end
|
||||
end
|
||||
|
|
|
@ -52,15 +52,9 @@ describe "Inspec::Resources::Gem" do
|
|||
|
||||
it "verifies gem in :chef when multiple versions are installed" do
|
||||
resource = load_resource("gem", "chef-sugar", :chef)
|
||||
pkg = {
|
||||
name: "chef-sugar",
|
||||
versions: ["3.3.0", "3.4.0"],
|
||||
type: "gem",
|
||||
installed: true,
|
||||
}
|
||||
_(resource.installed?).must_equal true
|
||||
_(resource.versions[0]).must_match /3\.4/
|
||||
_(resource.versions).wont_include /2\.4/
|
||||
_(resource.versions[0]).must_match(/3\.4/)
|
||||
_(resource.versions).wont_include(/2\.4/)
|
||||
_(resource.gem_binary).must_equal "/opt/chef/embedded/bin/gem"
|
||||
end
|
||||
|
||||
|
|
|
@ -4,7 +4,7 @@ require "inspec/resources/json"
|
|||
|
||||
describe "Inspec::Resources::JSON" do
|
||||
describe "when loading a valid json" do
|
||||
let (:resource) { load_resource("json", "policyfile.lock.json") }
|
||||
let(:resource) { load_resource("json", "policyfile.lock.json") }
|
||||
|
||||
it "gets params as a hashmap" do
|
||||
_(resource.params).must_be_kind_of Hash
|
||||
|
|
|
@ -3,7 +3,7 @@ require "inspec/resource"
|
|||
require "inspec/resources/key_rsa"
|
||||
|
||||
describe "Inspec::Resources::RsaKey" do
|
||||
let (:resource_key) { load_resource("key_rsa", "test_certificate.rsa.key.pem") }
|
||||
let(:resource_key) { load_resource("key_rsa", "test_certificate.rsa.key.pem") }
|
||||
|
||||
it "parses the public key" do
|
||||
_(resource_key.send("public_key")).must_match "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxi1Tp4dPQ+GU+RipsguU\nWT50a6fsBCpe+QT0YdW/7GG6kynRzR+fzQ0q1LDxpgqAH+eDIWEAFYoTPc8haAjZ\nvAYn7JlXUQpeoK7fc2BPgYA0lr33Ee0H9nqeZlnytQ+/EVUqqDx61cgeW3ARAK1I\nODwhuziuTi7XNu+HTx3feH4ohq/FppB26PYfJo1jCmt7YxHxl6AGrYrEX5zubQR0\nAtPAJzg0/aqDH5GJHJETjloIxh/KLnGlbG3DJylFU+vPxvns1TKM0dezg8UefXer\nRtxDAwSix7sNctXwa0xToc6O+e/StNPR0eLvILS8iR89fuML57Z4AGFWMNdqTYoj\nqwIDAQAB\n-----END PUBLIC KEY-----\n"
|
||||
|
|
|
@ -3,7 +3,7 @@ require "inspec/resource"
|
|||
require "inspec/resources/platform"
|
||||
|
||||
describe "Inspec::Resources::Platform" do
|
||||
let(:resource) { resource = MockLoader.new(:ubuntu1504).load_resource("platform") }
|
||||
let(:resource) { MockLoader.new(:ubuntu1504).load_resource("platform") }
|
||||
|
||||
it "verify platform parsing on Ubuntu" do
|
||||
_(resource.name).must_equal "ubuntu"
|
||||
|
|
|
@ -4,7 +4,7 @@ require "inspec/resources/toml"
|
|||
|
||||
describe "Inspec::Resources::TOML" do
|
||||
describe "when loading valid TOML" do
|
||||
let (:resource) { load_resource("toml", "default.toml") }
|
||||
let(:resource) { load_resource("toml", "default.toml") }
|
||||
|
||||
it "gets params as a hash" do
|
||||
_(resource.params).must_be_kind_of Hash
|
||||
|
|
|
@ -3,7 +3,7 @@ require "inspec/resource"
|
|||
require "inspec/resources/x509_certificate"
|
||||
|
||||
describe "Inspec::Resources::X509Certificate" do
|
||||
let (:resource_cert) do
|
||||
let(:resource_cert) do
|
||||
load_resource(
|
||||
"x509_certificate",
|
||||
"test_certificate.rsa.crt.pem"
|
||||
|
@ -82,7 +82,7 @@ describe "Inspec::Resources::X509Certificate" do
|
|||
end
|
||||
# Expired
|
||||
Time.stub :now, Time.new(2018, 4, 1, 1, 28, 57, "+00:00") do
|
||||
_(resource_cert.send("validity_in_days")).must_equal (-31)
|
||||
_(resource_cert.send("validity_in_days")).must_equal(-31)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -79,7 +79,7 @@ describe "Inspec::Resources::XinetdConf" do
|
|||
end
|
||||
|
||||
describe "with single services and no child configs" do
|
||||
let (:resource) { load_resource("xinetd_conf", "/etc/xinetd.d/chargen-stream") }
|
||||
let(:resource) { load_resource("xinetd_conf", "/etc/xinetd.d/chargen-stream") }
|
||||
|
||||
it "checks if all are disabled on one disabled service" do
|
||||
one = resource.ids("chargen-stream")
|
||||
|
|
|
@ -5,7 +5,7 @@ require "rexml/document"
|
|||
|
||||
describe "Inspec::Resources::XML" do
|
||||
describe "when loading valid XML" do
|
||||
let (:resource) { load_resource("xml", "default.xml") }
|
||||
let(:resource) { load_resource("xml", "default.xml") }
|
||||
|
||||
it "gets params as a document" do
|
||||
_(resource.params).must_be_kind_of REXML::Document
|
||||
|
@ -27,7 +27,7 @@ describe "Inspec::Resources::XML" do
|
|||
end
|
||||
|
||||
describe "when loading xml with attributes" do
|
||||
let (:resource) { load_resource("xml", "database.xml") }
|
||||
let(:resource) { load_resource("xml", "database.xml") }
|
||||
|
||||
it "gets params as a document" do
|
||||
_(resource.params).must_be_kind_of REXML::Document
|
||||
|
@ -44,7 +44,7 @@ describe "Inspec::Resources::XML" do
|
|||
end
|
||||
|
||||
describe "when loading xml and requesting a count" do
|
||||
let (:resource) { load_resource("xml", "database.xml") }
|
||||
let(:resource) { load_resource("xml", "database.xml") }
|
||||
|
||||
it "gets count of nodes in the document" do
|
||||
_(resource.send("count(//*)")).must_equal [9]
|
||||
|
@ -52,7 +52,7 @@ describe "Inspec::Resources::XML" do
|
|||
end
|
||||
|
||||
describe "when loading xml and evaluating a boolean result" do
|
||||
let (:resource) { load_resource("xml", "database.xml") }
|
||||
let(:resource) { load_resource("xml", "database.xml") }
|
||||
|
||||
it "checks if a node is true-like" do
|
||||
_(resource.send("boolean(/beans/bean/@lazy-init)")).must_equal [true]
|
||||
|
@ -60,7 +60,7 @@ describe "Inspec::Resources::XML" do
|
|||
end
|
||||
|
||||
describe "when loading xml and evaluating a string result" do
|
||||
let (:resource) { load_resource("xml", "database.xml") }
|
||||
let(:resource) { load_resource("xml", "database.xml") }
|
||||
|
||||
it "checks if a node is string-like" do
|
||||
_(resource.send('concat(string(/beans/bean/@lazy-init)," <--")')).must_equal ["true <--"]
|
||||
|
|
|
@ -6,7 +6,7 @@ require "inspec/resources/yaml"
|
|||
|
||||
describe "Inspec::Resources::YAML" do
|
||||
describe "when loading a valid yaml" do
|
||||
let (:resource) { load_resource("yaml", "kitchen.yml") }
|
||||
let(:resource) { load_resource("yaml", "kitchen.yml") }
|
||||
|
||||
it "gets params as a hashmap" do
|
||||
_(resource.params).must_be_kind_of Hash
|
||||
|
|
|
@ -23,7 +23,7 @@ describe SourceReaders::InspecReader do
|
|||
|
||||
it "retrieves all files" do
|
||||
_(res.tests.keys).must_equal %w{controls/host_spec.rb}
|
||||
_(res.tests.values[0]).must_match(/^control 'test01' do$/)
|
||||
_(res.tests.values[0]).must_match(/^control "test01" do$/)
|
||||
end
|
||||
|
||||
it "retrieves all libraries" do
|
||||
|
|
|
@ -60,7 +60,7 @@ describe "Inspec::UI low-level Formatting" do
|
|||
|
||||
describe "colors" do
|
||||
[:red, :green, :cyan, :yellow, :white, :grey].each do |color|
|
||||
it ("uses the color code for " + color.to_s) do
|
||||
it("uses the color code for " + color.to_s) do
|
||||
ui.send(color, "test")
|
||||
output.must_equal(ANSI_CODES[:color][color] + "test" + ANSI_CODES[:reset])
|
||||
end
|
||||
|
@ -79,7 +79,7 @@ describe "Inspec::UI low-level Formatting" do
|
|||
end
|
||||
describe "colors" do
|
||||
[:red, :green, :yellow, :white, :grey].each do |color|
|
||||
it ("uses no ANSI codes for " + color.to_s) do
|
||||
it("uses no ANSI codes for " + color.to_s) do
|
||||
ui.send(color, "test")
|
||||
output.wont_include('\e[')
|
||||
output.must_equal("test")
|
||||
|
|
|
@ -2,7 +2,7 @@ require "helper"
|
|||
require "inspec/utils/parser"
|
||||
|
||||
describe BsdMountParser do
|
||||
let (:parser) { Class.new() { include BsdMountParser }.new }
|
||||
let(:parser) { Class.new() { include BsdMountParser }.new }
|
||||
|
||||
describe "#parse_mount_options" do
|
||||
it "parses nil content" do
|
||||
|
|
|
@ -2,14 +2,14 @@ require "helper"
|
|||
require "inspec/utils/filter_array"
|
||||
|
||||
describe FilterArray do
|
||||
let (:data) do
|
||||
let(:data) do
|
||||
[
|
||||
{ foo: 3, bar: true, baz: "yay" },
|
||||
{ foo: 2, bar: false, baz: "noo" },
|
||||
{ foo: 2, bar: false, baz: "whatever" },
|
||||
] end
|
||||
|
||||
let (:instance) do
|
||||
let(:instance) do
|
||||
FilterArray.new data
|
||||
end
|
||||
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
require "helper"
|
||||
|
||||
describe FilterTable do
|
||||
let (:data) do
|
||||
let(:data) do
|
||||
[
|
||||
{ foo: 3, bar: true, baz: "yay", num: nil, snum: "0" },
|
||||
{ foo: 2, bar: false, baz: "noo", num: 1, snum: nil },
|
||||
{ foo: 2, bar: false, baz: "whatever", num: 2, snum: "1.00" },
|
||||
] end
|
||||
|
||||
let (:resource) do
|
||||
let(:resource) do
|
||||
Class.new do
|
||||
attr_reader :data
|
||||
def initialize(data)
|
||||
|
@ -17,8 +17,8 @@ describe FilterTable do
|
|||
end
|
||||
end
|
||||
|
||||
let (:factory) { FilterTable.create }
|
||||
let (:instance) { resource.new(data) }
|
||||
let(:factory) { FilterTable.create }
|
||||
let(:instance) { resource.new(data) }
|
||||
|
||||
it "has a create utility which creates a filter factory" do
|
||||
factory.must_be_kind_of FilterTable::Factory
|
||||
|
|
|
@ -3,7 +3,7 @@ require "inspec/utils/find_files"
|
|||
require "inspec/resources/command"
|
||||
|
||||
describe FindFiles do
|
||||
let (:helper) do
|
||||
let(:helper) do
|
||||
class FindFilesTest
|
||||
include FindFiles
|
||||
def inspec
|
||||
|
|
|
@ -2,7 +2,7 @@ require "helper"
|
|||
require "inspec/utils/parser"
|
||||
|
||||
describe PasswdParser do
|
||||
let (:parser) { Class.new() { include PasswdParser }.new }
|
||||
let(:parser) { Class.new() { include PasswdParser }.new }
|
||||
|
||||
describe "#parse_passwd" do
|
||||
it "parses nil content" do
|
||||
|
|
|
@ -2,7 +2,7 @@ require "helper"
|
|||
require "inspec/utils/parser"
|
||||
|
||||
describe SolarisNetstatParser do
|
||||
let (:parser) { Class.new() { include SolarisNetstatParser }.new }
|
||||
let(:parser) { Class.new() { include SolarisNetstatParser }.new }
|
||||
|
||||
describe "#parse_solaris_netset" do
|
||||
it "parses nil content" do
|
||||
|
@ -14,13 +14,12 @@ describe SolarisNetstatParser do
|
|||
end
|
||||
|
||||
it "parses udpv4" do
|
||||
content =
|
||||
"""
|
||||
content = <<~END
|
||||
UDP: IPv4
|
||||
Local Address Remote Address State
|
||||
-------------------- -------------------- ----------
|
||||
*.631 Idle
|
||||
"""
|
||||
END
|
||||
|
||||
info = [{
|
||||
"protocol" => "udp",
|
||||
|
@ -32,13 +31,12 @@ describe SolarisNetstatParser do
|
|||
end
|
||||
|
||||
it "parses udpv6" do
|
||||
content =
|
||||
"""
|
||||
content = <<~END
|
||||
UDP: IPv6
|
||||
Local Address Remote Address State If
|
||||
--------------------------------- --------------------------------- ---------- -----
|
||||
*.546 Idle
|
||||
"""
|
||||
END
|
||||
|
||||
info = [{
|
||||
"protocol" => "udp6",
|
||||
|
@ -51,13 +49,12 @@ describe SolarisNetstatParser do
|
|||
end
|
||||
|
||||
it "parses tcpv4" do
|
||||
content =
|
||||
"""
|
||||
content = <<~END
|
||||
TCP: IPv4
|
||||
Local Address Remote Address Swind Send-Q Rwind Recv-Q State
|
||||
-------------------- -------------------- ------- ------ ------- ------ -----------
|
||||
127.0.0.1.5999 *.* 0 0 128000 0 LISTEN
|
||||
"""
|
||||
END
|
||||
|
||||
info = [{
|
||||
"protocol" => "tcp",
|
||||
|
@ -73,13 +70,12 @@ describe SolarisNetstatParser do
|
|||
end
|
||||
|
||||
it "parses tcpv6" do
|
||||
content =
|
||||
"""
|
||||
content = <<~END
|
||||
TCP: IPv6
|
||||
Local Address Remote Address Swind Send-Q Rwind Recv-Q State If
|
||||
--------------------------------- --------------------------------- ------- ------ ------- ------ ----------- -----
|
||||
::1.5999 *.* 0 0 128000 0 LISTEN
|
||||
"""
|
||||
END
|
||||
|
||||
info = [{
|
||||
"protocol" => "tcp6",
|
||||
|
@ -96,13 +92,13 @@ describe SolarisNetstatParser do
|
|||
end
|
||||
|
||||
it "parses sctp" do
|
||||
content =
|
||||
"""
|
||||
content = <<~END
|
||||
SCTP:
|
||||
Local Address Remote Address Swind Send-Q Rwind Recv-Q StrsI/O State
|
||||
------------------------------- ------------------------------- ------ ------ ------ ------ ------- -----------
|
||||
0.0.0.0 0.0.0.0 0 0 102400 0 32/32 CLOSED
|
||||
"""
|
||||
END
|
||||
|
||||
info = [{
|
||||
"protocol" => "sctp",
|
||||
"local-address" => "0.0.0.0",
|
||||
|
|
Loading…
Reference in a new issue