inspec/test/functional/inspec_vendor_test.rb
Clinton Wolfe f7b01093a4 Warn on using default with attributes
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2019-04-23 11:46:13 -04:00

236 lines
8.8 KiB
Ruby

# encoding: utf-8
# author: Christoph Hartmann
require 'functional/helper'
require 'tmpdir'
describe 'example inheritance profile' do
include FunctionalHelper
it 'can vendor profile dependencies' do
prepare_examples('inheritance') do |dir|
out = inspec('vendor ' + dir + ' --overwrite')
out.stderr.must_equal ''
out.stdout.must_include "Dependencies for profile #{dir} successfully vendored to #{dir}/vendor"
out.exit_status.must_equal 0
File.exist?(File.join(dir, 'vendor')).must_equal true
File.exist?(File.join(dir, 'inspec.lock')).must_equal true
end
end
it 'can vendor profile dependencies with a relative path' do
prepare_examples('inheritance') do |dir|
relative_path = File.join(dir, '../', File.basename(dir))
out = inspec('vendor ' + relative_path + ' --overwrite')
out.stderr.must_equal ''
out.exit_status.must_equal 0
File.exist?(File.join(dir, 'vendor')).must_equal true
File.exist?(File.join(dir, 'inspec.lock')).must_equal true
Dir.glob(File.join(dir, 'vendor', '*')).wont_be_empty
end
end
it 'can vendor profile dependencies with a backslash in path on Windows' do
return unless is_windows?
prepare_examples('inheritance') do |dir|
dir_with_backslash = File.join(dir, '..\\', File.basename(dir))
out = inspec('vendor ' + dir_with_backslash + ' --overwrite')
out.stderr.must_equal ''
out.exit_status.must_equal 0
File.exist?(File.join(dir, 'vendor')).must_equal true
File.exist?(File.join(dir, 'inspec.lock')).must_equal true
Dir.glob(File.join(dir, 'vendor', '*')).wont_be_empty
end
end
it 'can vendor profile dependencies from the profile path' do
prepare_examples('inheritance') do |dir|
out = inspec('vendor --overwrite', "cd #{dir} &&")
out.stderr.must_equal ''
out.exit_status.must_equal 0
# this fixes the osx /var symlink to /private/var causing this test to fail
out.stdout.gsub!('/private/var', '/var')
out.stdout.must_include "Dependencies for profile #{dir} successfully vendored to #{dir}/vendor"
File.exist?(File.join(dir, 'vendor')).must_equal true
File.exist?(File.join(dir, 'inspec.lock')).must_equal true
end
end
it 'can vendor profile dependencies from git' do
git_depends_path = File.join(profile_path, 'git-depends')
Dir.mktmpdir do |tmpdir|
FileUtils.cp_r(git_depends_path + '/.', tmpdir)
File.exist?(File.join(tmpdir, 'vendor')).must_equal false
out = inspec('vendor ' + tmpdir + ' --overwrite')
out.stderr.must_equal ''
out.exit_status.must_equal 0
out.stdout.must_include "Dependencies for profile #{tmpdir} successfully vendored to #{tmpdir}/vendor"
File.exist?(File.join(tmpdir, 'vendor')).must_equal true
File.exist?(File.join(tmpdir, 'inspec.lock')).must_equal true
# Check that our vendor directory exists
Dir.glob(File.join(tmpdir, 'vendor', '*')).length.must_equal 1
# Check that our vendor directory has contents
Dir.glob(File.join(tmpdir, 'vendor', '*', '*')).length.must_be :>=, 8
end
end
it 'ensure nothing is loaded from external source if vendored profile is used' do
prepare_examples('meta-profile') do |dir|
out = inspec('vendor ' + dir + ' --overwrite')
out.stderr.must_equal ''
out.exit_status.must_equal 0
File.exist?(File.join(dir, 'vendor')).must_equal true
File.exist?(File.join(dir, 'inspec.lock')).must_equal true
out = inspec('exec ' + dir + ' -l debug --no-create-lockfile')
out.stderr.must_equal ''
out.stdout.must_include 'Using cached dependency for {:url=>"https://github.com/dev-sec/ssh-baseline/archive/master.tar.gz"'
out.stdout.must_include 'Using cached dependency for {:url=>"https://github.com/dev-sec/ssl-baseline/archive/master.tar.gz"'
out.stdout.must_include 'Using cached dependency for {:url=>"https://github.com/chris-rock/windows-patch-benchmark/archive/master.tar.gz"'
out.stdout.wont_include 'Fetching URL:'
out.stdout.wont_include 'Fetched archive moved to:'
end
end
it 'ensure json/check command do not fetch remote profiles if vendored' do
prepare_examples('meta-profile') do |dir|
out = inspec('vendor ' + dir + ' --overwrite')
out.stderr.must_equal ''
out.exit_status.must_equal 0
out = inspec('json ' + dir + ' --output ' + dst.path)
# the profile used has 'default' style attributes
out.stderr_ignore_deprecations.must_equal ''
out.exit_status.must_equal 0
hm = JSON.load(File.read(dst.path))
hm['name'].must_equal 'meta-profile'
hm['controls'].length.must_be :>=, 78
# out.stdout.scan(/Copy .* to cache directory/).length.must_equal 3
# out.stdout.scan(/Dependency does not exist in the cache/).length.must_equal 1
out.stdout.scan(/Fetching URL:/).length.must_equal 0
# execute check command
out = inspec('check ' + dir + ' -l debug')
# stderr may have warnings included; only test if something went wrong
out.stderr.must_equal('') if out.exit_status != 0
out.exit_status.must_equal 0
out.stdout.scan(/Fetching URL:/).length.must_equal 0
end
end
it 'use lockfile in tarball' do
prepare_examples('meta-profile') do |dir|
# ensure the profile is vendored and packaged as tar
out = inspec('vendor ' + dir + ' --overwrite')
out.stderr.must_equal ''
out.exit_status.must_equal 0
out = inspec('archive ' + dir + ' --overwrite')
out.stderr.must_equal ''
out.exit_status.must_equal 0
# execute json command
out = inspec('json meta-profile-0.2.0.tar.gz -l debug')
# stderr may have warnings included; only test if something went wrong
out.stderr.must_equal('') if out.exit_status != 0
out.exit_status.must_equal 0
out.stdout.scan(/Fetching URL:/).length.must_equal 0
end
end
it 'can move vendor files into custom vendor cache' do
prepare_examples('meta-profile') do |dir|
out = inspec('vendor ' + dir + ' --overwrite')
out.stderr.must_equal ''
out.exit_status.must_equal 0
File.exist?(File.join(dir, 'vendor')).must_equal true
File.exist?(File.join(dir, 'inspec.lock')).must_equal true
File.exist?(File.join(dir, 'vendor_cache')).must_equal false
# Run `inspec exec` to create vendor cache
inspec('exec ' + dir + ' --vendor-cache ' + dir + '/vendor_cache')
File.exist?(File.join(dir, 'vendor_cache')).must_equal true
vendor_files = Dir.entries("#{dir}/vendor/").sort
vendor_cache_files = Dir.entries("#{dir}/vendor_cache/").sort
vendor_files.must_equal vendor_cache_files
end
end
it 'vendors profiles when using a local path' do
local_depends_path = File.join(profile_path, 'local-depends')
dir_profile_path = File.join(profile_path, 'complete-profile')
tar_profile_path = File.join(profile_path,
'archived-profiles',
'tar_profile-1.0.0.tar.gz'
)
zip_profile_path = File.join(profile_path,
'archived-profiles',
'zip_profile-1.0.0.zip'
)
Dir.mktmpdir do |tmpdir|
[dir_profile_path, tar_profile_path, zip_profile_path].each do |profile|
included_tmpdir = File.join(tmpdir, File.basename(profile))
FileUtils.cp_r(profile, included_tmpdir)
end
profile_tmpdir = File.join(tmpdir, File.basename(local_depends_path))
FileUtils.cp_r(local_depends_path + '/.', profile_tmpdir)
out = inspec('vendor ' + profile_tmpdir + ' --overwrite')
out.stderr.must_equal ''
out.exit_status.must_equal 0
vendor_list = Dir.glob(File.join(profile_tmpdir, 'vendor', '*'))
vendor_list.length.must_equal 3
vendor_list.each do |entry|
# confirm archives were extracted into folders
File.directory?(entry).must_equal true
Dir.glob(File.join(entry, '*')).length.must_be(:>=, 1)
end
end
end
it 'extracts archives in vendor directory when present' do
archive_depends_path = File.join(profile_path, 'archive-depends')
Dir.mktmpdir do |tmpdir|
FileUtils.cp_r(archive_depends_path + '/.', tmpdir)
out = inspec('vendor ' + tmpdir + ' --overwrite')
out.stderr.must_equal ''
out.exit_status.must_equal 0
Dir.glob(File.join(tmpdir, 'vendor', '*')).each do |file|
file.wont_match(/(\.tar.*$|\.zip$)/)
end
end
end
it 'can vendor profile with required inputs' do
archive_depends_path = File.join(profile_path, 'profile-with-required-inputs')
Dir.mktmpdir do |tmpdir|
FileUtils.cp_r(archive_depends_path + '/.', tmpdir)
out = inspec('vendor ' + tmpdir)
out.stderr.must_equal ''
out.exit_status.must_equal 0
end
end
end