rubyinspec

Ruby Inspec - describe.one but one of the options requires two describe commands


I have a Ruby Inspec file that isn't very complex, but I can't figure out how to structure it properly. I basically need to check if rsync is not installed or disabled. To check if it's disabled, I run systemctl is-active rsync and systemctl is-enabled rsync. I then match the output to inactive and disabled, respectively.

control "my control" do
  title "title"
  desc "desc"

  describe.one do
    describe package('rsync') do
      it { should_not be_installed }
    end

    # These two should be treated as one option
    describe command('systemctl is-active rsync') do
      its('stdout') { should match "^inactive$" }
    end
    describe command('systemctl is-enabled rsync') do
      its('stdout') { should match "^disabled$" }
    end
  end
end

Solution

  • Try something like this:

    control "my control" do
      title "title"
      desc "desc"
    
      if package('rsync').installed?
        # These two should be treated as one option
        describe command('systemctl is-active rsync') do
          its('stdout') { should match "^inactive$" }
        end
        describe command('systemctl is-enabled rsync') do
          its('stdout') { should match "^disabled$" }
        end
      end
    end
    

    or you should be able to do something like:

    control "my control" do
      title "title"
      desc "desc"
    
      describe.one do
        describe package('rsync') do
          it { should_not be_installed }
        end
    
        describe 'rsync is inactive and disabled' do
          # These two should be treated as one option
          describe command('systemctl is-active rsync') do
            its('stdout') { should match "^inactive$" }
          end
          describe command('systemctl is-enabled rsync') do
            its('stdout') { should match "^disabled$" }
          end
        end
      end
    end