mirror of
https://github.com/inspec/inspec
synced 2024-11-23 13:13:22 +00:00
c067798fc5
This change adds the `docker_service` resource for Docker swarm mode services. This branches off some of the common elements (id, exists) into a `DockerObject` module along with a utility function for parsing the image/repo string. That function was implemented separately by `docker_image` and `docker_container`, now with a third resource, it made sense to consolidate that into an included module. I used the most comprehensive implementation. Existing classes had to be slightly modified for the genericization. Signed-off-by: Matt Kulka <mkulka@parchment.com>
86 lines
2.2 KiB
Ruby
86 lines
2.2 KiB
Ruby
# encoding: utf-8
|
|
#
|
|
# Copyright 2017, Christoph Hartmann
|
|
#
|
|
# author: Christoph Hartmann
|
|
# author: Patrick Muench
|
|
# author: Dominik Richter
|
|
|
|
require_relative 'docker_object'
|
|
|
|
module Inspec::Resources
|
|
class DockerImage < Inspec.resource(1)
|
|
include Inspec::Resources::DockerObject
|
|
|
|
name 'docker_image'
|
|
desc ''
|
|
example "
|
|
describe docker_image('alpine:latest') do
|
|
it { should exist }
|
|
its('id') { should_not eq '' }
|
|
its('image') { should eq 'alpine:latest' }
|
|
its('repo') { should eq 'alpine' }
|
|
its('tag') { should eq 'latest' }
|
|
end
|
|
|
|
describe docker_image('alpine:latest') do
|
|
it { should exist }
|
|
end
|
|
|
|
describe docker_image(id: '4a415e366388') do
|
|
it { should exist }
|
|
end
|
|
"
|
|
|
|
def initialize(opts = {})
|
|
# do sanitizion of input values
|
|
o = opts.dup
|
|
o = { image: opts } if opts.is_a?(String)
|
|
@opts = sanitize_options(o)
|
|
end
|
|
|
|
def image
|
|
"#{repo}:#{tag}" if object_info.entries.size == 1
|
|
end
|
|
|
|
def repo
|
|
object_info.repositories[0] if object_info.entries.size == 1
|
|
end
|
|
|
|
def tag
|
|
object_info.tags[0] if object_info.entries.size == 1
|
|
end
|
|
|
|
def to_s
|
|
img = @opts[:image] || @opts[:id]
|
|
"Docker Image #{img}"
|
|
end
|
|
|
|
private
|
|
|
|
def sanitize_options(opts)
|
|
opts.merge!(parse_components_from_image(opts[:image]))
|
|
|
|
# assume a "latest" tag if we don't have one
|
|
opts[:tag] ||= 'latest'
|
|
|
|
# if the ID isn't nil and doesn't contain a hash indicator (indicated by the presence
|
|
# of a colon, which separates the indicator from the actual hash), we assume it's sha256.
|
|
opts[:id] = 'sha256:' + opts[:id] unless opts[:id].nil? || opts[:id].include?(':')
|
|
|
|
# Assemble/reassemble the image from the repo and tag
|
|
opts[:image] = "#{opts[:repo]}:#{opts[:tag]}" unless opts[:repo].nil?
|
|
|
|
# return the santized opts back to the caller
|
|
opts
|
|
end
|
|
|
|
def object_info
|
|
return @info if defined?(@info)
|
|
opts = @opts
|
|
@info = inspec.docker.images.where {
|
|
(repository == opts[:repo] && tag == opts[:tag]) || (!id.nil? && !opts[:id].nil? && (id == opts[:id] || id.start_with?(opts[:id])))
|
|
}
|
|
end
|
|
end
|
|
end
|