habitat_service

Use the habitat_service InSpec audit resource to test properties of a single Habitat service.

Availability

Status: EXPERIMENTAL

This resource, like all of the inspec-habitat resource pack, is in the early stages of research and development. Functionality may be defective, incomplete, or be withdrawn in the future. If you are interested in helping this project mature, please join the conversation or contribute code at the inspec-habitat project.

Connecting to Habitat

To configure inspec to be able to communicate with Chef Habitat, be sure to follow the instructions regarding configuring the connection options. This will prevent ‘unsupported platform’ errors.

Examples

Check for core/httpd service

describe habitat_service(origin: 'core', name: 'httpd') do
  it                     { should exist }
  its('version')         { should eq '2.4.35'}
  its('topology')        { should eq 'standalone' }
  its('update_strategy') { should eq 'none' }
end

Limitations

API versus CLI access

Habitat exposes certain data via the CLI, and other data via the HTTP Gateway API. To enjoy the full functionality of this resource, use a set of credentials that includes the API. Limited data is available by CLI. See the train-habitat documentation for more details.

If you use the CLI interface without the API, unavailable properties will behave as if the resource was not found (see below).

Behavior when not found

If the service is not found, then this resource behaves as follows:

  • it { should exist } will be a failing test. Check this test if you are unsure if the resource will exist; it is guaranteed to be reliable in the future.
  • name and origin will continue to return their values as set in the resource parameters. This allows output messaging to refer to the missing service clearly.
  • All other single-value properties will return nil.
  • All array and hash-valued properties will return empty objects.
  • All matchers will return false.

Availability

Installation

This resource is in the inspec-habitat resource pack. You can use the resource by setting an InSpec profile dependency on the resource pack. See inspec-habitat instructions

Version

This resource was first available in version 0.1.0 of the resource pack.

Resource Parameters

Use resource parameters to identify the particular service you wish to test.

origin

Required string. The name of the origin (distribution facility) of the package that provides the service.

# Most common origin is 'core', publicly distributed packages created by Chef
describe habitat_service(origin: 'core', name: 'httpd') do
  it { should exist }
end

# Your company might run a private origin
describe habitat_service(origin: 'mycorp', name: 'secret-sauce') do
  it { should exist }
end

name

Required string. The name (unique within the namespace of the origin) of the package that provides the service.


describe habitat_service(origin: 'core', name: 'httpd') do
  it { should exist }
end

Properties

Use properties to create tests that compare an expected value to the actual value.

dependency_names

Array of strings. A list of the packages that this service depends on, in the form of dep_origin/dep_name. This property does not contain version information; see dependency_ids for that.

Requires API connection; not available via CLI.

describe habitat_service(origin: 'core', name: 'httpd') do
  its('dependency_names') { should include 'core/pcre' }
  its('dependency_names') { should_not include 'core/nginx' }
end

dependency_ids

Array of strings. A list of the packages that this service depends on, in the form of dep_origin/dep_name/1.2.3/20190325123456. This value may be difficult to compare, because the version identifier (1.2.3, the third component) may be formatted in any way the maintainer of the project chooses; they need not be of the form 1.2.3.

Requires API connection; not available via CLI.

describe habitat_service(origin: 'core', name: 'httpd') do
  # Suppose this version was unwanted, for example
  its('dependency_names') { should_not include 'core/pcre/8.42/20190115012526' }
end

name

The name of the service, as passed in via the resource parameter. Always available, even if the resource was not found. See also origin and version.

describe habitat_service(origin: 'core', name: 'httpd') do
  its('name') { should cmp 'httpd' }
end

origin

The origin name of the service, as passed in via the resource parameter. Always available, even if the resource was not found. See also name and version.

describe habitat_service(origin: 'core', name: 'httpd') do
  its('origin') { should cmp 'core' }
end

pkg_id

String. The full package identifier of the package that supports the service, in the form origin/name/version/release. See also name and version.

describe habitat_service(origin: 'core', name: 'httpd') do
  its('pkg_id') { should cmp 'core/httpd/2.4.35/20190307151146' }
end

release

String. The release number of the package that supports the service, as assigned by the packager. These values are always strings, but are 14-digit timestamps. See also version.

describe habitat_service(origin: 'core', name: 'httpd') do
  its('release') { should be >= '20190307151146' }
end

version

The version of the package that supports the service, as assigned by the maintainer of the package project. While many versions are of the 3-digit form, there is no set rule, and exceptions are common. See also release.

describe habitat_service(origin: 'core', name: 'httpd') do
  its('version') { should be >=  '2.2' }
end

Matchers

Use matchers to create tests that test a true or false question.

InSpec includes a number of universal matchers. See below for matchers specific to this resource.

havestandalonetopology

This matcher returns true if the service is configured in a standalone topology.

describe habitat_service(origin: 'core', name: 'httpd') do
  it { should have_standalone_topology }
end

haveleaderfollower_topology

This matcher returns true if the service is configured in a leader-follower topology.

describe habitat_service(origin: 'core', name: 'httpd') do
  it { should have_leader_follower_topology }
end

beupdatedby_none

This matcher returns true if the update strategy for the service is none.

Requires API connection; not available via CLI.

describe habitat_service(origin: 'core', name: 'postgresql') do
  it { should be_updated_by_none }
end

beupdatedby_rolling

This matcher returns true if the update strategy for the service is rolling.

Requires API connection; not available via CLI.

describe habitat_service(origin: 'core', name: 'postgresql') do
  it { should be_updated_by_rolling }
end

beupdatedat_once

This matcher returns true if the update strategy for the service is at once.

Requires API connection; not available via CLI.

describe habitat_service(origin: 'core', name: 'nginx') do
  it { should be_updated_at_once }
end