mirror of
https://github.com/inspec/inspec
synced 2024-11-24 05:33:17 +00:00
21ba43d6a5
Currently, the http resource always executes locally, even when scanning a remote machine with `--target` which leads to undesireable behavior. This change adds the ability to remotely execute tests with curl. This behavior is currently opt-in with the `enable_remote_worker` flag, but will become the default behavior in InSpec 2.0. Deprecation warnings are emitted if the user is scanning a remote target but has not opted in to the new behavior. Signed-off-by: Adam Leff <adam@leff.co>
98 lines
3.2 KiB
Text
98 lines
3.2 KiB
Text
---
|
|
title: About the http Resource
|
|
---
|
|
|
|
# http
|
|
|
|
Use the `http` InSpec audit resource to test an http endpoint.
|
|
|
|
<p class="warning">In InSpec 1.40 and earlier, this resource always executes on the host on which <code>inspec exec</code> is run, even if you use the <code>--target</code> option to remotely scan a different host.<br>
|
|
<br>
|
|
Beginning with InSpec 1.41, you can enable the ability to have the HTTP test execute on the remote target, provided <code>curl</code> is available. See the "Local vs. Remote" section below.<br>
|
|
<br>
|
|
Executing the HTTP test on the remote target will be the default behavior in InSpec 2.0.
|
|
</p>
|
|
|
|
<br>
|
|
|
|
## Syntax
|
|
|
|
An `http` resource block declares the configuration settings to be tested:
|
|
|
|
describe http('url', auth: {user: 'user', pass: 'test'}, params: {params}, method: 'method', headers: {headers}, data: data, open_timeout: 60, read_timeout: 60, ssl_verify: true) do
|
|
its('status') { should eq number }
|
|
its('body') { should eq 'body' }
|
|
its('headers.name') { should eq 'header' }
|
|
end
|
|
|
|
where
|
|
|
|
* `('url')` is the url to test
|
|
* `auth: { user: 'user', pass: 'test' }` may be specified for basic auth request
|
|
* `{params}` may be specified for http request parameters
|
|
* `'method'` may be specified for http request method (default to 'GET')
|
|
* `{headers}` may be specified for http request headers
|
|
* `data` may be specified for http request body
|
|
* `open_timeout` may be specified for a timeout for opening connections (default to 60)
|
|
* `read_timeout` may be specified for a timeout for reading connections (default to 60)
|
|
* `ssl_verify` may be specified to enable or disable verification of SSL certificates (default to `true`)
|
|
|
|
<br>
|
|
## Local vs. Remote
|
|
|
|
Beginning with InSpec 1.41, you can enable the ability to have the HTTP test execute on the remote target:
|
|
|
|
describe http('http://www.example.com', enable_remote_worker: true) do
|
|
its('body') { should cmp 'awesome' }
|
|
end
|
|
|
|
In InSpec 2.0, the HTTP test will automatically execute remotely whenever InSpec is testing a remote node.
|
|
|
|
## Examples
|
|
|
|
The following examples show how to use this InSpec audit resource.
|
|
|
|
### Simple http test
|
|
|
|
For example, a service is listening on default http port can be tested like this:
|
|
|
|
describe http('http://localhost') do
|
|
its('status') { should cmp 200 }
|
|
end
|
|
|
|
### Complex http test
|
|
|
|
describe http('http://localhost:8080/ping',
|
|
auth: {user: 'user', pass: 'test'},
|
|
params: {format: 'html'},
|
|
method: 'POST',
|
|
headers: {'Content-Type' => 'application/json'},
|
|
data: '{"data":{"a":"1","b":"five"}}') do
|
|
its('status') { should cmp 200 }
|
|
its('body') { should cmp 'pong' }
|
|
its('headers.Content-Type') { should cmp 'text/html' }
|
|
end
|
|
|
|
<br>
|
|
|
|
### body
|
|
|
|
The `body` matcher tests body content of http response:
|
|
|
|
its('body') { should eq 'hello\n' }
|
|
|
|
### headers
|
|
|
|
The `headers` matcher returns an hash of all http headers:
|
|
|
|
its('headers') { should eq {} }
|
|
|
|
Individual headers can be tested via:
|
|
|
|
its('headers.Content-Type') { should cmp 'text/html' }
|
|
|
|
### status
|
|
|
|
The `status` matcher tests status of the http response:
|
|
|
|
its('status') { should eq 200 }
|