docker_image

Use the docker_image Chef InSpec audit resource to verify a Docker image.


Availability

Installation

This resource is distributed along with Chef InSpec itself. You can use it automatically.

Version

This resource first became available in v1.21.0 of InSpec.

Syntax

A docker_image resource block declares the image:

describe docker_image('alpine:latest') do
  it { should exist }
  its('id') { should eq 'sha256:4a415e...a526' }
  its('repo') { should eq 'alpine' }
  its('tag') { should eq 'latest' }
end


Resource Parameter Examples

The resource allows you to pass in an image id:

describe docker_image(id: alpine_id) do
  ...
end

If the tag is missing for an image, latest is assumed as default:

describe docker_image('alpine') do
  ...
end

You can also pass in repository and tag as separate values

describe docker_image(repo: 'alpine', tag: 'latest') do
  ...
end


Property Examples

id

The id property returns the full image id:

its('id') { should eq 'sha256:4a415e3663882fbc554ee830889c68a33b3585503892cc718a4698e91ef2a526' }

image

The image property tests the value of the image. It is a combination of repository/tag:

its('image') { should eq 'alpine:latest' }

repo

The repo property tests the value of the repository name:

its('repo') { should eq 'alpine' }

tag

The tag property tests the value of image tag:

its('tag') { should eq 'latest' }

Test a Docker image

describe docker_image('alpine:latest') do
  it { should exist }
  its('id') { should eq 'sha256:4a415e...a526' }
  its('image') { should eq 'alpine:latest' }
  its('repo') { should eq 'alpine' }
  its('tag') { should eq 'latest' }
end


Matchers

For a full list of available matchers, please visit our matchers page.

exist

The exist matcher tests if the image is available on the node:

it { should exist }