http

Use the http InSpec audit resource to test an http endpoint.


Syntax

An http resource block declares the configuration settings to be tested:

describe http('url', auth: {user: 'user', pass: 'test'}, params: {params}, method: 'method', headers: {headers}, data: data, open_timeout: 60, read_timeout: 60, ssl_verify: true) do
  its('status') { should eq number }
  its('body') { should eq 'body' }
  its('headers.name') { should eq 'header' }
end

where

  • ('url') is the url to test
  • auth: { user: 'user', pass: 'test' } may be specified for basic auth request
  • {params} may be specified for http request parameters
  • 'method' may be specified for http request method (default to ‘GET’)
  • {headers} may be specified for http request headers
  • data may be specified for http request body
  • open_timeout may be specified for a timeout for opening connections (default to 60)
  • read_timeout may be specified for a timeout for reading connections (default to 60)
  • ssl_verify may be specified to enable or disable verification of SSL certificates (default to true)


Local vs. Remote

Beginning with InSpec 1.41, you can enable the ability to have the HTTP test execute on the remote target:

describe http('http://www.example.com', enable_remote_worker: true) do
  its('body') { should cmp 'awesome' }
end

In InSpec 2.0, the HTTP test will automatically execute remotely whenever InSpec is testing a remote node.


Properties

body, headers, http_method, status,


Property Examples

The following examples show how to use this InSpec audit resource.

Simple http test

For example, a service is listening on default http port can be tested like this:

describe http('http://localhost') do
  its('status') { should cmp 200 }
end

Complex http test

describe http('http://localhost:8080/ping',
              auth: {user: 'user', pass: 'test'},
              params: {format: 'html'},
              method: 'POST',
              headers: {'Content-Type' => 'application/json'},
              data: '{"data":{"a":"1","b":"five"}}') do
  its('status') { should cmp 200 }
  its('body') { should cmp 'pong' }
  its('headers.Content-Type') { should cmp 'text/html' }
end


body

The body matcher tests body content of http response:

its(‘body’) { should eq ‘hello\n’ }

headers

The headers matcher returns an hash of all http headers:

its('headers') { should eq {} }

Individual headers can be tested via:

its('headers.Content-Type') { should cmp 'text/html' }

status

The status matcher tests status of the http response:

its('status') { should eq 200 }