inspec 0.30.0 → 0.31.0

data/test/integration/default/powershell_spec.rb

@@ -1,42 +0,0 @@
-# encoding: utf-8
-
-unless os.windows?
-  STDERR.puts "\033[1;33mTODO: Not running #{__FILE__} because we are not on Windows.\033[0m"
-  return
-end
-
-script = <<-EOH
-  Write-Output 'hello'
-EOH
-
-# Write-Output comes with a newline
-describe powershell(script) do
-  its('stdout') { should eq "hello\r\n" }
-  its('stderr') { should eq '' }
-end
-
-# remove whitespace \r\n from stdout
-describe powershell(script) do
-  its('strip') { should eq "hello" }
-end
-
-# legacy test with `script` resource
-describe script(script) do
-  its('stdout') { should eq "hello\r\n" }
-  its('stderr') { should eq '' }
-end
-
-# -NoNewLine only works in powershell 5
-# @see https://blogs.technet.microsoft.com/heyscriptingguy/2015/08/07/the-powershell-5-nonewline-parameter/
-describe powershell("'hello' | Write-Host -NoNewLine") do
-  its('stdout') { should eq 'hello' }
-  its('stderr') { should eq '' }
-end
-
-# test stderr
-describe powershell("Write-Error \"error\"") do
-  its('stdout') { should eq '' }
-  # this is an xml error for now, if the script is run via WinRM
-  # @see https://github.com/WinRb/WinRM/issues/106
-  # its('stderr') { should eq 'error' }
-end

data/test/integration/default/registry_key_spec.rb

@@ -1,109 +0,0 @@
-# encoding: utf-8
-
-unless os.windows?
-  STDERR.puts "\033[1;33mTODO: Not running #{__FILE__} because we are not on Windows.\033[0m"
-  return
-end
-
-describe registry_key('HKLM\System\Test') do
-  it { should exist }
-  it { should have_value('test') }
-  it { should have_property('binary value', :binary) }
-  it { should have_property('Binary value', :binary) }
-  it { should have_property('string value') }
-  it { should have_property('String value') }
-  it { should have_property('dword value', :dword) }
-  it { should have_property_value('multistring value', :multi_string, ['test', 'multi','string','data']) }
-  it { should have_property_value('Multistring Value', :multi_string, ['test', 'multi','string','data']) }
-  it { should have_property_value('qword value', :qword, 0) }
-  it { should have_property_value('Qword value', :qword, 0) }
-  it { should have_property_value('binary value', :binary, 'dfa0f066') }
-  it { should have_property_value('Binary value', :binary, 'dfa0f066') }
-end
-
-# serverspec compatability
-describe windows_registry_key('HKLM\System\Test') do
-  it { should exist }
-  it { should have_value('test') }
-  it { should have_property('string value') }
-  it { should have_property('binary value', :type_binary) }
-  it { should have_property('dword value', :type_dword) }
-  it { should have_property_value('multistring value', :type_multistring, ['test', 'multi','string','data']) }
-  it { should have_property_value('qword value', :type_qword, 0) }
-  it { should have_property_value('binary value', :type_binary, 'dfa0f066') }
-end
-
-describe registry_key('HKLM\Software\Policies\Microsoft\Windows\EventLog\System') do
-  it { should exist }
-  its('MaxSize') { should_not eq nil }
-end
-
-describe registry_key('HKLM\System\CurrentControlSet\Control\Session Manager') do
-  it { should exist }
-  it { should_not have_property_value('SafeDllSearchMode', :type_dword, 0) }
-  # case-insensitive test
-  it { should_not have_property_value('safedllsearchmode', :type_dword, 0) }
-end
-
-describe registry_key('HKLM\System\CurrentControlSet\Services\LanManServer\Parameters') do
-  it { should exist }
-  its('NullSessionShares') { should eq [''] }
-end
-
-describe registry_key('HKLM\Software\Policies\Microsoft\Internet Explorer\Main') do
-  it { should exist }
-  its('Isolation64Bit') { should eq 1 }
-  # check that its is case-insensitive
-  its('isolation64bit') { should eq 1 }
-end
-
-describe registry_key('HKLM\System\CurrentControlSet\Control\Lsa\MSV1_0') do
-  it { should exist }
-  its('NTLMMinServerSec') { should eq 537_395_200 }
-  its('NtlmMinServerSec') { should eq 537_395_200 }
-end
-
-describe registry_key('HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services') do
-  it { should exist }
-  its('MinEncryptionLevel') { should eq 3 }
-end
-
-# test option hash
-describe registry_key({
-  hive: 'HKLM',
-  key: 'SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services'
-}) do
-  it { should exist }
-  its('MinEncryptionLevel') { should eq 3 }
-end
-
-describe registry_key({
-  hive: 'HKEY_LOCAL_MACHINE',
-  key: 'SOFTWARE\Microsoft\SystemCertificates\Root\Certificates\8C941B34EA1EA6ED9AE2BC54CF687252B4C9B561'
-}) do
-  it { should exist }
-end
-
-# test regular expressions in our match
-describe registry_key({
-  hive: 'HKEY_LOCAL_MACHINE',
-  key: 'SOFTWARE\Microsoft\Windows NT\CurrentVersion'
-}) do
-  its('ProductName') { should match /^[a-zA-Z0-9\(\)\s]*2012\s[rR]2[a-zA-Z0-9\(\)\s]*$/ }
-end
-
-# verify all children via a regular expression
-control 'regex-test' do
-  title "Ensure 'Always install with elevated privileges' is set to 'Disabled'"
-  children = registry_key({
-    hive: 'HKEY_USERS'
-  }).children(/^S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]{3,}\\Software\\Policies\\Microsoft\\Windows\\Installer/)
-  describe children do
-    it { should_not eq []}
-  end
-  children.each { |key|
-    describe registry_key(key) do
-      its('AlwaysInstallElevated') { should cmp 0 }
-    end
-  }
-end

data/test/integration/default/secpol_spec.rb

@@ -1,11 +0,0 @@
-# encoding: utf-8
-
-unless os.windows?
-  STDERR.puts "\033[1;33mTODO: Not running #{__FILE__} because we are not on Windows.\033[0m"
-  return
-end
-
-describe security_policy do
-  its('EnableAdminAccount') { should eq 1 }
-  its('EnableGuestAccount') { should eq 0 }
-end

data/test/integration/default/service_spec.rb

@@ -1,128 +0,0 @@
-# encoding: utf-8
-if ENV['DOCKER']
-  STDERR.puts "\033[1;33mTODO: Not running #{__FILE__.split("/").last} because we are running in docker\033[0m"
-  return
-end
-
-# based on operating system we select the available service
-if ['centos', 'fedora', 'freebsd', 'opensuse'].include?(os[:family])
-  # CentOS, Fedora
-  unavailable_service = 'ssh'
-  available_service = 'sshd'
-elsif ['debian'].include?(os[:family])
-  # Debian
-  unavailable_service = 'clamav'
-  available_service = 'ssh'
-elsif ['ubuntu'].include?(os[:family])
-  # Ubuntu
-  unavailable_service = 'sshd'
-  available_service = 'ssh'
-elsif os.windows?
-  # Ubuntu
-  unavailable_service = 'sshd'
-  available_service = 'dhcp'
-elsif ['aix'].include?(os[:family])
-  unavailable_service = 'clamav'
-  available_service = 'xntpd'
-elsif os.solaris?
-  unavailable_service = 'clamav'
-  available_service = 'ssh'
-end
-
-describe service(unavailable_service) do
-  it { should_not be_enabled }
-  it { should_not be_installed }
-  it { should_not be_running }
-end
-
-describe service(available_service) do
-  it { should be_enabled }
-  it { should be_installed }
-  it { should be_running }
-end
-
-# extra test for ubuntu upstart with systemv service
-if os[:family] == 'ubuntu' && os[:release] == '12.04'
-  describe upstart_service('ssh') do
-    it { should be_enabled }
-    it { should be_installed }
-    it { should be_running }
-  end
-end
-
-# extra tests for alt. runit on centos with runit_service
-if os[:family] == 'centos' && os[:release].to_i >= 6
-  describe runit_service('running-runit-service') do
-    it { should be_enabled }
-    it { should be_installed }
-    it { should be_running }
-  end
-
-  describe runit_service('not-running-runit-service') do
-    it { should be_enabled }
-    it { should be_installed }
-    it { should_not be_running }
-  end
-
-  describe runit_service('not-enabled-runit-service') do
-    it { should_not be_enabled }
-    it { should be_installed }
-    it { should_not be_running }
-  end
-
-  # alt. ctl location
-  describe runit_service('running-runit-service', '/opt/chef/embedded/sbin/sv') do
-    it { should be_enabled }
-    it { should be_installed }
-    it { should be_running }
-  end
-
-  describe runit_service('unknown') do
-    it { should_not be_enabled }
-    it { should_not be_installed }
-    it { should_not be_running }
-  end
-
-  describe upstart_service('upstart-running') do
-    it { should_not be_enabled }
-    it { should be_installed }
-    it { should be_running }
-  end
-
-  describe upstart_service('upstart-enabled-and-running') do
-    it { should be_enabled }
-    it { should be_installed }
-    it { should be_running }
-    its('type') { should be 'upstart' }
-    its('name') { should be 'upstart-enabled-and-running' }
-    its('description') { should be nil }
-  end
-
-  describe upstart_service('upstart-enabled-not-running') do
-    it { should be_enabled }
-    it { should be_installed }
-    it { should_not be_running }
-  end
-
-  describe upstart_service('unknown') do
-    it { should_not be_enabled }
-    it { should_not be_installed }
-    it { should_not be_running }
-    its('type') { should be nil }
-  end
-end
-
-# extra tests for sys-v runlevels
-if os[:family] == 'centos' && os[:release].to_i <= 6
-  describe service('sshd').runlevels do
-    its('keys') { should include(2) }
-  end
-
-  describe service('sshd').runlevels(2, 4) do
-    it { should be_enabled }
-  end
-
-  describe service('sshd').runlevels(0, 1) do
-    it { should_not be_enabled }
-  end
-end

data/test/integration/default/user_spec.rb

@@ -1,96 +0,0 @@
-# encoding: utf-8
-
-if ['centos', 'redhat', 'fedora', 'opensuse', 'debian', 'ubuntu'].include?(os[:family])
-  userinfo = {
-    name: 'root',
-    group: 'root',
-    uid: 0,
-    gid: 0,
-    groups: ["root"],
-    home: '/root',
-    shell: '/bin/bash',
-  }
-
-  # different groupset for centos 5
-  userinfo[:groups] = ["root", "bin", "daemon", "sys", "adm", "disk", "wheel"] \
-    if os[:release].to_i == 5
-elsif ['freebsd'].include?(os[:family])
-  userinfo = {
-    name: 'root',
-    group: 'wheel',
-    uid: 0,
-    gid: 0,
-    groups: "wheel", # at least this group should be there
-    home: '/root',
-    shell: '/bin/csh',
-  }
-elsif os.windows?
-  userinfo = {
-    name: 'Administrator',
-    group: nil,
-    uid: nil,
-    gid: nil,
-    groups: nil,
-    home: nil,
-    shell: nil,
-  }
-elsif os[:family] == 'aix'
-  userinfo = {
-    name:     'bin',
-    group:    'bin',
-    uid:      2,
-    gid:      2,
-    groups:   "adm", # at least this group should be there
-    home:     '/bin',
-    shell:    nil,
-    #mindays:  0,
-    #maxdays:  0,
-    warndays: 0,
-  }
-elsif os.solaris?
-  if os[:release].to_i > 10
-    userinfo = {
-      name: 'root',
-      group: 'root',
-      uid: 0,
-      gid: 0,
-      groups: "sys", # at least this group should be there
-      home: '/root',
-      shell: '/usr/bin/bash',
-    }
-  else
-    userinfo = {
-      name: 'root',
-      group: 'root',
-      uid: 0,
-      gid: 0,
-      groups: "sys", # at least this group should be there
-      home: '/',
-      shell: '/sbin/sh',
-    }
-  end
-else
-  userinfo = {}
-end
-
-if os.windows?
-  describe user(userinfo[:name]) do
-    it { should exist }
-  end
-else
-  describe user(userinfo[:name]) do
-    it { should exist }
-    userinfo.each do |k, v|
-      next if k.to_sym == :name
-
-      # check that the user is part of the groups
-      if k.to_s == 'groups'
-        # TODO: do not run those tests on docker yet
-        its(k) { should include v } unless ENV['DOCKER']
-      # default eq comparison
-      else
-        its(k) { should eq v }
-      end
-    end
-  end
-end

data/test/integration/default/vbscript_spec.rb

@@ -1,22 +0,0 @@
-# encoding: utf-8
-
-return unless os.windows?
-
-# script that may have multiple lines
-vbscript = <<-EOH
-  WScript.Echo "hello"
-EOH
-
-describe vbscript(vbscript) do
-  its('stdout') { should eq "hello\r\n" }
-end
-
-# remove whitespace \r\n from stdout
-describe vbscript(vbscript) do
-  its('strip') { should eq "hello" }
-end
-
-# ensure that we do not require a newline
-describe vbscript("Wscript.Stdout.Write \"hello\"") do
-  its('stdout') { should eq 'hello' }
-end

data/test/integration/default/wmi_spec.rb

@@ -1,66 +0,0 @@
-# encoding: utf-8
-
-unless os.windows?
-  STDERR.puts "\033[1;33mTODO: Not running #{__FILE__} because we are not on Windows.\033[0m"
-  return
-end
-
-# Get-WmiObject win32_service or Get-WmiObject -class win32_service
-# returns an array of service objects
-describe wmi({class: 'win32_service'}) do
-  its('DisplayName') { should include 'Windows Remote Management (WS-Management)'}
-end
-
-# Use win32_service with filter, it returns a single service object
-describe wmi({
-  class: 'win32_service',
-  filter: "name like '%winrm%'"
-}) do
-  its('Status') { should cmp 'ok' }
-  its('State') { should cmp 'Running' }
-  its('ExitCode') { should cmp 0 }
-  its('DisplayName') { should eq 'Windows Remote Management (WS-Management)'}
-end
-
-# TODO: this works on domain controllers only
-describe wmi({
-  class: 'RSOP_SecuritySettingNumeric',
-  namespace: 'root\\rsop\\computer',
-  filter: 'KeyName = \'MinimumPasswordAge\' And precedence=1'
-}) do
-   its('Setting') { should eq 1 }
-end
-
-# new syntax
-describe wmi({
-  namespace: 'root\rsop\computer',
-  query: "SELECT Setting FROM RSOP_SecuritySettingBoolean WHERE KeyName='LSAAnonymousNameLookup' AND Precedence=1"
-}) do
-  its('Setting') { should eq false }
-end
-
-describe wmi({
-  namespace: 'root\cimv2',
-  query: 'SELECT filesystem FROM win32_logicaldisk WHERE drivetype=3'
-}).params.values.join do
-  it { should eq 'NTFS' }
-end
-
-# deprecated syntax
-describe wmi('win32_service') do
-  its('DisplayName') { should include 'Windows Remote Management (WS-Management)'}
-end
-
-describe wmi('RSOP_SecuritySettingNumeric', {
-  namespace: 'root\\rsop\\computer',
-  filter: 'KeyName = \'MinimumPasswordAge\' And precedence=1'
-}) do
-   its('Setting') { should eq 1 }
-   its('setting') { should eq 1 }
-end
-
-describe wmi('win32_service', {
-  filter: "name like '%winrm%'"
-}) do
-  its('DisplayName') { should eq 'Windows Remote Management (WS-Management)'}
-end

data/test/integration/default/yaml_spec.rb

@@ -1,11 +0,0 @@
-# encoding: utf-8
-
-if os.unix?
-  filename = '/tmp/example.yml'
-else
-  filename = 'c:/windows/temp/example.yml'
-end
-
-describe yaml(filename) do
- its(['driver','name']) { should eq('vagrant') }
-end

data/test/resource/command_test.rb

@@ -1,33 +0,0 @@
-# encoding: utf-8
-# author: Dominik Richter
-# author: Christoph Hartmann
-
-describe command('echo hello') do
-  its('stdout') { should eq "hello\n" }
-  its('stderr') { should eq '' }
-  its('exit_status') { should eq 0 }
-end
-
-describe command('>&2 echo error') do
-  its('stdout') { should eq '' }
-  its('stderr') { should eq "error\n" }
-  its('exit_status') { should eq 0 }
-end
-
-describe command('exit 123') do
-  its('stdout') { should eq '' }
-  its('stderr') { should eq '' }
-  its('exit_status') { should eq 123 }
-end
-
-describe command('/bin/sh').exist? do
-  it { should eq true }
-end
-
-describe command('sh').exist? do
-  it { should eq true }
-end
-
-describe command('this is not existing').exist? do
-  it { should eq false }
-end

data/test/resource/dsl_test.rb

@@ -1,45 +0,0 @@
-# encoding: utf-8
-# author: Dominik Richter
-# author: Christoph Hartmann
-
-describe command('echo hello') do
-  its('stdout') { should eq "hello\n" }
-end
-
-describe 'describe + it + expect' do
-  it 'should echo something' do
-	  out = rand.to_s
-		expect(command("echo -n #{out}").stdout).to eq(out)
-  end
-end
-
-describe 'describe and expect without it' do
-  it 'will raise an error' do
-    expect(proc{
-      describe rand.to_s do
-  	    expect(true).to eq(true)
-      end
-    }).to raise_error StandardError
-  end
-end
-
-rule 'rule + describe' do
-  out = rand.to_s
-  describe command("echo -n #{out}") do
-    its('stdout') { should eq out }
-  end
-end
-
-rule 'rule + describe + it + expect' do
-  out = rand.to_s
-  describe 'a rule' do
-    it 'must echo something' do
-      expect(command("echo -n #{out}").stdout).to eq(out)
-    end
-  end
-end
-
-rule 'rule + expect only' do
-  out = rand.to_s
-  expect(command("echo -n #{out}").stdout).to eq(out)
-end