podman resource
Use the podman
Chef InSpec audit resource to test the configuration data for the Podman resources.
Availability
Installation
This resource is distributed with Chef InSpec and is automatically available for use.
Syntax
A podman
resource block allows you to write a test for many containers
.
describe podman.containers do
its('ids') { should include "591270d8d80d26671fd6ed622f367fbe19004d16e3b519c292313feb5f22e7f7" }
its('images) { should include "docker.io/library/ubuntu:latest" }
end
Or, if you want to query a specific container
:
describe podman.containers.where(id: "591270d8d80d26671fd6ed622f367fbe19004d16e3b519c292313feb5f22e7f7") do
its('status') { should include "Up 44 hours ago" }
end
Where
.where()
specifies a specific item and value to which the resource parameters are compared.commands
,created_at
,ids
,images
,names
,status
,image_ids
,labels
,mounts
,networks
,pods
,ports
,running_for
, andsizes
are valid parameters forcontainers
.
The podman
resource block also allows you to write a test for many images
.
describe podman.images do
its('repositories') { should_not include 'docker.io/library/nginx' }
end
Or, if you want to query a specific image
:
describe podman.images.where(id: "c7db653c4397e6a4d1e468bb7c6400c022c62623bdb87c173d54bac7995b6d8f") do
it { should exist }
end
Where
.where()
specifies a specific filter and expected value, against which parameters are compared.repositories
,tags
,sizes
,digests
,history
,created_at
,history
, andcreated_since
are valid parameters forimages
.
The podman
resource block also allows you to write a test for many networks
.
describe podman.networks do
its("names") { should include "podman" }
end
Or, if you want to query a specific network
:
describe podman.networks.where(id: "c7db653c4397e6a4d1e468bb7c6400c022c62623bdb87c173d54bac7995b6d8f") do
it { should exist }
end
Where
.where()
specifies a specific filter and expected value, against which parameters are compared.ids
,names
,drivers
,network_interfaces
,created
,subnets
,ipv6_enabled
,internal
,dns_enabled
,options
,labels
, andipam_options
are valid parameters fornetworks
.
The podman
resource block also allows you to write a test for many pods
.
describe podman.pods do
its("names") { should include "cranky_allen" }
end
Or, if you want to query a specific pod
:
describe podman.pods.where(id: "95cadbb84df71e6374fceb3fd89ee3b8f2c7e1a831062cd9cea7d0e3e4b1dbcc") do
it { should exist }
end
Where
.where()
may specify a specific filter and expected value, against which parameters are compared.ids
,cgroups
,containers
,created
,infraids
,names
,namespaces
,networks
,status
, andlabels
are valid parameters forpods
.
Examples
The following examples show how to use this Chef InSpec audit resource.
Returns all running containers
podman.containers.running?.ids.each do |id|
describe podman.object(id) do
its('State.Health.Status') { should eq 'healthy' }
end
end
Resource Parameter Examples
containers
containers
returns information about containers as returned by podman ps -a.
describe podman.containers do
its("ids") { should include "591270d8d80d26671fd6ed622f367fbe19004d16e3b519c292313feb5f22e7f7" }
its("labels") { should include "maintainer" => "NGINX Docker Maintainers \u003cdocker-maint@nginx.com\u003e" }
its('names') { should include "sweet_mendeleev" }
its("images") { should include "docker.io/library/nginx:latest" }
end
images
images
returns information about a Podman image as returned by podman images -a.
describe podman.images do
its('ids') { should include 'sha256:c7db653c4397e6a4d1e468bb7c6400c022c62623bdb87c173d54bac7995b6d8f ' }
its('sizes') { should_not include '80.3 GB' }
its('repositories") { should include "docker.io/library/nginx"}
end
pods
pods
returns information about pods as returned by podman pod ps.
describe podman.pods do
its("ids") { should include "95cadbb84df71e6374fceb3fd89ee3b8f2c7e1a831062cd9cea7d0e3e4b1dbcc" }
its("containers") { should eq [{ "Id" => "a218dfc58fa28e0c58c55e508e5b57084876b42e894b98073c69c45dea06cbb2", "Names" => "95cadbb84df7-infra", "Status" => "running" } ]}
its("names") { should include "cranky_allen" }
end
networks
networks
returns information about a Podman network as returned by podman network ls.
describe podman.networks do
its("names") { should include "podman" }
its("ids") { should include "2f259bab93aaaaa2542ba43ef33eb990d0999ee1b9924b557b7be53c0b7a1bb9" }
its("ipv6_enabled") { should eq [false] }
end
volumes
volumes
returns information about a Podman volume as returned by podman volume ls.
describe podman.volumes do
its('names') { should include 'ae6be9ba838b9b150de47657229bb9b67142dbdb3d1ddbc5efa245cf1e95536a' }
its('drivers') { should include 'local' }
end
info
info
returns the parsed result of podman info.
describe podman.info do
its("host.os") { should eq "linux" }
end
version
version
returns the parsed result of podman version
describe podman.version do
its("Client.Version") { should eq "4.1.0"}
its('Server.Version') { should eq '4.1.0'}
end
object(‘id’)
object
returns low-level information about Podman objects as returned by podman inspect.
describe docker.object(id) do
its('State.Running') { should eq true }
end
Matchers
For a full list of available matchers, please visit our matchers page.