Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-09-20 22:41:55 +00:00
Code Issues Projects Releases Packages Wiki Activity
inspec/docs/matchers.md
Rony Xavier 041f64a87f New 'be_in' matcher for matching against values in a list (#2022) 
* New matcher 'be_in'
Fixes #2018

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* small fixes to wording.

Signed-off-by: Aaron Lippold <lippold@gmail.com>

* Added code to use be_in for with the following use case:
describe nginx do
   its(module_list) { should be_in AUTHORIZED_MODULE_LIST }
end
Fixes #2018

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Updates to the matcher
Fixes #2018

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Added tests for the be_in matcher

Signed-off-by: Rony Xavier <rx294@nyu.edu>

* Requested updates completed

Signed-off-by: Rony Xavier <rx294@nyu.edu>
2017-08-07 16:05:22 +02:00

2.7 KiB
Raw Blame History

title
InSpec Matchers Reference

InSpec Matchers Reference

Inspec uses matchers to help compare resource values to expectations. The following matchers are available:

  • be
  • be_in
  • cmp
  • eq
  • include
  • match

be

This matcher can be followed by many different comparison operators. Always make sure to use numbers, not strings, for these comparisons.

describe file('/proc/cpuinfo') do
  its('size') { should be >= 10 }
  its('size') { should be < 1000 }
end

cmp

Unlike eq, cmp is a matcher for less-restrictive comparisons. It will try to fit the actual value to the type you are comparing it to. This is meant to relieve the user from having to write type-casts and resolutions.

describe sshd_config do
  its('Protocol') { should cmp 2 }
end

describe passwd.uid(0) do
  its('users') { should cmp 'root' }
end

cmp behaves in the following way:

  • Compare strings to numbers

    describe sshd_config do
  its('Protocol') { should eq '2' }

  its('Protocol') { should cmp '2' }
  its('Protocol') { should cmp 2 }
end

  • String comparisons are not case-sensitive

    describe auditd_conf do
  its('log_format') { should cmp 'raw' }
  its('log_format') { should cmp 'RAW' }
end

  • Compare arrays with only one entry to a value

    describe passwd.uids(0) do
  its('users') { should cmp 'root' }
  its('users') { should cmp ['root'] }
end

  • Single-value arrays of strings may also be compared to a regex

    describe auditd_conf do
  its('log_format') { should cmp /raw/i }
end

  • Improved printing of octal comparisons

    describe file('/proc/cpuinfo') do
  its('mode') { should cmp '0345' }
end

expected: 0345
got: 0444

eq

Test for exact equality of two values.

describe sshd_config do
  its('RSAAuthentication') { should_not eq 'no' }
  its('Protocol') { should eq '2' }
end

It fails if types don't match. Please keep this in mind, when comparing configuration entries that are numbers:

its('Port') { should eq '22' } # ok

its('Port') { should eq 22 }
# fails: '2' != 2 (string vs int)

For less restrictive comparisons, please use cmp.

include

Verifies if a value is included in a list.

describe passwd do
  its('users') { should include 'my_user' }
end

be_in

Verifies that an item is included in a list.

describe resource do
  its('item') { should be_in LIST }
end

match

Check if a string matches a regular expression.

describe sshd_config do
  its('Ciphers') { should_not match /cbc/ }
end