package

Use the package InSpec audit resource to test if the named package and/or package version is installed on the system.

Syntax

A package resource block declares a package and (optionally) a package version:

describe package('name') do
  it { should be_installed }
end

where

  • ('name') must specify the name of a package, such as 'nginx'
  • be_installed is a valid matcher for this resource

Matchers

This InSpec audit resource has the following matchers:

be

Use the be matcher to use a comparison operator—= (equal to), > (greater than), < (less than), >= (greater than or equal to), and <= (less than or equal to)—to compare two values: its('value') { should be >= value }, its('value') { should be < value }, and so on.

be_installed

The be_installed matcher tests if the named package is installed on the system:

it { should be_installed }

cmp

Use the cmp matcher compare two values, such as comparing strings to numbers, comparing a single value to an array of values, comparing an array of strings to a regular expression, improving the printing of octal values, and comparing while ignoring case sensitivity.

Compare a single value to an array:

describe some_resource do
  its('users') { should cmp 'root' }
  its('users') { should cmp ['root'] }
end

Compare strings and regular expressions:

describe some_resource do
  its('setting') { should cmp /raw/i }
end

Compare strings and numbers:

describe some_resource do
  its('setting') { should eq '2' }
end

vs:

describe some_resource do
  its('setting') { should cmp '2' }
  its('setting') { should cmp 2 }
end

Ignoring case sensitivity:

describe some_resource do
  its('setting') { should cmp 'raw' }
  its('setting') { should cmp 'RAW' }
end

Printing octal values:

describe some_resource('/proc/cpuinfo') do
  its('mode') { should cmp '0345' }
end

expected: 0345
got: 0444

eq

Use the eq matcher to test the equality of two values: its('Port') { should eq '22' }.

Using its('Port') { should eq 22 } will fail because 22 is not a string value! Use the cmp matcher for less restrictive value comparisons.

include

Use the include matcher to verify that a string value is included in a list: its('list') { should include 'string' }.

match

Use the match matcher to check if a string matches a regular expression: its('string') { should_not match /regex/ }.

version

The version matcher tests if the named package version is on the system:

its('version') { should eq '1.2.3' }

Examples

The following examples show how to use this InSpec audit resource.

Test if nginx version 1.9.5 is installed

describe package('nginx') do
  it { should be_installed }
  its('version') { should eq '1.9.5' }
end

Test that a package is not installed

describe package('some_package') do
  it { should_not be_installed }
end

Test if telnet is installed

describe package('telnetd') do
  it { should_not be_installed }
end

describe inetd_conf do
  its('telnet') { should eq nil }
end

Test if ClamAV (an antivirus engine) is installed and running

describe package('clamav') do
  it { should be_installed }
  its('version') { should eq '0.98.7' }
end

describe service('clamd') do
  it { should_not be_enabled }
  it { should_not be_installed }
  it { should_not be_running }
end

Verify if Memcached is installed, enabled, and running

Memcached is an in-memory key-value store that helps improve the performance of database-driven websites and can be installed, maintained, and tested using the memcached cookbook (maintained by Chef). The following example is from the memcached cookbook and shows how to use a combination of the package, service, and port InSpec audit resources to test if Memcached is installed, enabled, and running:

describe package('memcached') do
  it { should be_installed }
end

describe service('memcached') do
  it { should be_installed }
  it { should be_enabled }
  it { should be_running }
end

describe port(11_211) do
  it { should be_listening }
end