1

Background I wrote a cookbook that installs Windows Features. Some of the features have dependencies on parent features. The parent features may not have the source files required to install the feature.

Within my recipe, I use only_if to call a Powershell command to determine if the source files exist. 

(Get-WindowsFeature | Where Name -eq NET-Framework-Core | Select InstallState).InstallState -eq 'Removed'

If the Install State is equal to Removed, the dependent feature does not have the required source files and cannot be installed without supplying them. So, if my cookbook determines the source files are missing, it will not attempt to install the features. However, if the source files do exist, the cookbook will install the features. This part is working perfectly.

Problem I have InSpec tests to verify the correct Windows features were installed. I want to run or skip specific tests using the result of the Powershell command. I cannot figure out a way to call the Powershell command above, get the results and run or skip the tests within InSpec.

Ken Cloutier
  • 21
  • 5

2 Answers2

1

After some digging, I found this InSpec issue on git hub

They added the ability to use only_if within InSpec (I wasn't aware). I use the powershell resource to call my powershell command, convert the stdout to a boolean and return it. I will provide the rough code I came up with for reference. I'm new to ruby so I'm sure there is a much better way to code this.

control 'Recipe windows_features.rb .NET 3.5 Features' do
  impact 1.0
  title 'Required .NET 3.5 Windows Features Are Installed'
  only_if do
    powershell_command_script = <<-EOH
    (Get-WindowsFeature | Where Name -eq NET-Framework-Core | Select InstallState).InstallState -ne 'Removed'
    EOH
    command_result = powershell(powershell_command_script)
    case command_result.stdout
    when true, "True\r\n" then true
    when false, "False\r\n" then false
    else
      raise ArgumentError, "invalid value: #{command_result.stdout.inspect}"
    end

  end
  describe windows_feature('WAS-NET-Environment') do
    it { should be_installed }
  end
  describe windows_feature('Web-Asp-Net') do
    it { should be_installed }
  end
  describe windows_feature('Web-Net-Ext') do
    it { should be_installed }
  end
  describe windows_feature('Web-Mgmt-Console') do
    it { should be_installed }
  end
end
Ken Cloutier
  • 21
  • 5
0

There's two main options. One is to duplicate the logic to check if the source files exist in your InSpec code (gross). The other is to write out a token file (i.e. just touch the file) if not doing the install and check for that in InSpec with a file resource.

coderanger
  • 52,400
  • 4
  • 52
  • 75