A resource to test http GET calls

[mhedgpeth]

As a part of audit mode or in test kitchen my colleagues have asked for a mechanism to test HTTP GET calls and test the return code, response, or JSON response. It would be similar to this server spec class.

I'd be happy to add a resource and create a PR for you, but before I did I wanted to know if you thought this functionality was within the core functionality of inspec. It is more testing related, not as much security-related. If it's outside of the core functionality, do you have a way to create resource plugins yet? If it's inside I'll add a resource and create a PR.

[arlimus]

👍 😄

I don't think we'll get to it in the team in the 2.5 weeks (due to compliance release), but this is welcome!

I think it should be part of inspec core, so the place is great!

As an additional thought: We need to consider how it will work in different targeting types, i.e. inspec exec -t ssh://... or do you just inspec exec -t 192.168.0.1 in that case. We can reflect that, btw, since we have support for creating profiles for non-node targets (i.e. everything that is not a container or regular node). A few more lines to add for full support, but that shouldn't stop you from creating a baseline resource. What do you envision it to look for you right now?

[mhedgpeth]

Fantastic @arlimus I'll give it a shot. I'm going through the code to determine an approach. The discussion of where to run it is a great one; I didn't think about that part yet. I'll follow up as I have more questions, and will work to add the resource.

[chris-rock]

This is a duplicate of #336

+1 that we need that resource. Also have a look how https://github.com/ryotarai/infrataster is doing it