inspec 0.30.0 → 0.31.0

data/test/unit/profile_test.rb

@@ -1,252 +0,0 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Richter
-
-require 'helper'
-require 'inspec/profile_context'
-
-describe Inspec::Profile do
-  let(:logger) { Minitest::Mock.new }
-  let(:home) { MockLoader.home }
-
-  describe 'with an empty profile' do
-    let(:profile) { MockLoader.load_profile('empty-metadata') }
-
-    it 'has no metadata' do
-      profile.params[:name].must_be_nil
-    end
-
-    it 'has no controls' do
-      profile.params[:controls].must_equal({})
-    end
-  end
-
-  describe 'with an empty profile (legacy mode)' do
-    let(:profile) { MockLoader.load_profile('legacy-empty-metadata') }
-
-    it 'has no metadata' do
-      profile.params[:name].must_be_nil
-    end
-
-    it 'has no controls' do
-      profile.params[:controls].must_equal({})
-    end
-  end
-
-  describe 'with simple metadata in profile' do
-    let(:profile_id) { 'simple-metadata' }
-    let(:profile) { MockLoader.load_profile(profile_id) }
-
-    it 'has metadata' do
-      profile.params[:name].must_equal 'yumyum profile'
-    end
-
-    it 'has no controls' do
-      profile.params[:controls].must_equal({})
-    end
-
-    it 'can overwrite the profile ID' do
-      testID = rand.to_s
-      res = MockLoader.load_profile(profile_id, id: testID)
-      res.params[:name].must_equal testID
-    end
-  end
-
-  describe 'with simple metadata in profile (legacy mode)' do
-    let(:profile) { MockLoader.load_profile('legacy-simple-metadata') }
-
-    it 'has metadata' do
-      profile.params[:name].must_equal 'metadata profile'
-    end
-
-    it 'has no controls' do
-      profile.params[:controls].must_equal({})
-    end
-  end
-
-  describe 'when checking' do
-    describe 'an empty profile' do
-      let(:profile_id) { 'empty-metadata' }
-
-      it 'prints loads of warnings' do
-        logger.expect :info, nil, ["Checking profile in #{home}/mock/profiles/#{profile_id}"]
-        logger.expect :error, nil, ["Missing profile name in inspec.yml"]
-        logger.expect :error, nil, ["Missing profile version in inspec.yml"]
-        logger.expect :warn, nil, ["Missing profile title in inspec.yml"]
-        logger.expect :warn, nil, ["Missing profile summary in inspec.yml"]
-        logger.expect :warn, nil, ["Missing profile maintainer in inspec.yml"]
-        logger.expect :warn, nil, ["Missing profile copyright in inspec.yml"]
-        logger.expect :warn, nil, ['No controls or tests were defined.']
-
-        result = MockLoader.load_profile(profile_id, {logger: logger}).check
-        # verify logger output
-        logger.verify
-
-        # verify hash result
-        result[:summary][:valid].must_equal false
-        result[:summary][:location].must_equal "#{home}/mock/profiles/#{profile_id}"
-        result[:summary][:profile].must_equal nil
-        result[:summary][:controls].must_equal 0
-        result[:errors].length.must_equal 2
-        result[:warnings].length.must_equal 5
-      end
-    end
-
-    describe 'an empty profile (legacy mode)' do
-      let(:profile_id) { 'legacy-empty-metadata' }
-
-      it 'prints loads of warnings' do
-        metadata_rb = "#{home}/mock/profiles/#{profile_id}/metadata.rb"
-        logger.expect :info, nil, ["Checking profile in #{home}/mock/profiles/#{profile_id}"]
-        logger.expect :error, nil, ["Missing profile name in metadata.rb"]
-        logger.expect :warn, nil, ['The use of `metadata.rb` is deprecated. Use `inspec.yml`.']
-        logger.expect :error, nil, ["Missing profile version in metadata.rb"]
-        logger.expect :warn, nil, ["Missing profile title in metadata.rb"]
-        logger.expect :warn, nil, ["Missing profile summary in metadata.rb"]
-        logger.expect :warn, nil, ["Missing profile maintainer in metadata.rb"]
-        logger.expect :warn, nil, ["Missing profile copyright in metadata.rb"]
-        logger.expect :warn, nil, ['No controls or tests were defined.']
-
-        result = MockLoader.load_profile(profile_id, {logger: logger}).check
-        # verify logger output
-        logger.verify
-
-        # verify hash result
-        result[:summary][:valid].must_equal false
-        result[:summary][:location].must_equal "#{home}/mock/profiles/#{profile_id}"
-        result[:summary][:profile].must_equal nil
-        result[:summary][:controls].must_equal 0
-        result[:errors].length.must_equal 2
-        result[:warnings].length.must_equal 6
-      end
-    end
-
-    describe 'a complete metadata profile' do
-      let(:profile_id) { 'complete-metadata' }
-      let(:profile) { MockLoader.load_profile(profile_id, {logger: logger}) }
-
-      it 'prints ok messages' do
-        logger.expect :info, nil, ["Checking profile in #{home}/mock/profiles/#{profile_id}"]
-        logger.expect :info, nil, ['Metadata OK.']
-        logger.expect :warn, nil, ['No controls or tests were defined.']
-
-        result = profile.check
-
-        # verify logger output
-        logger.verify
-
-        # verify hash result
-        result[:summary][:valid].must_equal true
-        result[:summary][:location].must_equal "#{home}/mock/profiles/#{profile_id}"
-        result[:summary][:profile].must_equal 'name'
-        result[:summary][:controls].must_equal 0
-        result[:errors].length.must_equal 0
-        result[:warnings].length.must_equal 1
-      end
-    end
-
-    describe 'a complete metadata profile (legacy mode)' do
-      let(:profile_id) { 'legacy-complete-metadata' }
-      let(:profile) { MockLoader.load_profile(profile_id, {logger: logger}) }
-
-      it 'prints ok messages' do
-        logger.expect :info, nil, ["Checking profile in #{home}/mock/profiles/#{profile_id}"]
-        logger.expect :warn, nil, ['The use of `metadata.rb` is deprecated. Use `inspec.yml`.']
-        logger.expect :info, nil, ['Metadata OK.']
-        # NB we only look at content that is loaded, i.e., there're no empty directories anymore
-        # logger.expect :warn, nil, ["Profile uses deprecated `test` directory, rename it to `controls`."]
-        logger.expect :warn, nil, ['No controls or tests were defined.']
-
-        result = profile.check
-
-        # verify logger output
-        logger.verify
-
-        # verify hash result
-        result[:summary][:valid].must_equal true
-        result[:summary][:location].must_equal "#{home}/mock/profiles/#{profile_id}"
-        result[:summary][:profile].must_equal 'name'
-        result[:summary][:controls].must_equal 0
-        result[:errors].length.must_equal 0
-        result[:warnings].length.must_equal 2
-      end
-
-      it 'doesnt have constraints on supported systems' do
-        profile.metadata.params[:supports].must_equal([])
-      end
-    end
-
-    describe 'a complete metadata profile with controls' do
-      let(:profile_id) { 'complete-profile' }
-
-      it 'prints ok messages and counts the controls' do
-        logger.expect :info, nil, ["Checking profile in #{home}/mock/profiles/#{profile_id}"]
-        logger.expect :info, nil, ['Metadata OK.']
-        logger.expect :info, nil, ['Found 1 controls.']
-        logger.expect :info, nil, ['Control definitions OK.']
-
-        result = MockLoader.load_profile(profile_id, {logger: logger}).check
-        # verify logger output
-        logger.verify
-
-        # verify hash result
-        result[:summary][:valid].must_equal true
-        result[:summary][:location].must_equal "#{home}/mock/profiles/#{profile_id}"
-        result[:summary][:profile].must_equal 'complete'
-        result[:summary][:controls].must_equal 1
-        result[:errors].length.must_equal 0
-        result[:warnings].length.must_equal 0
-      end
-    end
-
-    describe 'a complete metadata profile with controls in a tarball' do
-      let(:profile_id) { 'complete-profile' }
-      let(:profile_path) { MockLoader.profile_tgz(profile_id) }
-      let(:profile) { MockLoader.load_profile(profile_path, {logger: logger}) }
-
-      it 'prints ok messages and counts the controls' do
-        logger.expect :info, nil, ["Checking profile in #{home}/mock/profiles/#{profile_id}"]
-        logger.expect :info, nil, ['Metadata OK.']
-        logger.expect :info, nil, ['Found 1 controls.']
-        logger.expect :info, nil, ['Control definitions OK.']
-
-        result = MockLoader.load_profile(profile_id, {logger: logger}).check
-        # verify logger output
-        logger.verify
-
-        # verify hash result
-        result[:summary][:valid].must_equal true
-        result[:summary][:location].must_equal "#{home}/mock/profiles/#{profile_id}"
-        result[:summary][:profile].must_equal 'complete'
-        result[:summary][:controls].must_equal 1
-        result[:errors].length.must_equal 0
-        result[:warnings].length.must_equal 0
-      end
-    end
-
-    describe 'a complete metadata profile with controls in zipfile' do
-      let(:profile_id) { 'complete-profile' }
-      let(:profile_path) { MockLoader.profile_zip(profile_id) }
-      let(:profile) { MockLoader.load_profile(profile_path, {logger: logger}) }
-
-      it 'prints ok messages and counts the controls' do
-        logger.expect :info, nil, ["Checking profile in #{home}/mock/profiles/#{profile_id}"]
-        logger.expect :info, nil, ['Metadata OK.']
-        logger.expect :info, nil, ['Found 1 controls.']
-        logger.expect :info, nil, ['Control definitions OK.']
-
-        result = MockLoader.load_profile(profile_id, {logger: logger}).check
-        # verify logger output
-        logger.verify
-
-        # verify hash result
-        result[:summary][:valid].must_equal true
-        result[:summary][:location].must_equal "#{home}/mock/profiles/#{profile_id}"
-        result[:summary][:profile].must_equal 'complete'
-        result[:summary][:controls].must_equal 1
-        result[:errors].length.must_equal 0
-        result[:warnings].length.must_equal 0
-      end
-    end
-  end
-end

data/test/unit/resources/apache_conf_test.rb

@@ -1,31 +0,0 @@
-# encoding: utf-8
-# author: Stephan Renatus
-
-require 'helper'
-
-describe 'Inspec::Resources::ApacheConf' do
-  let(:resource) { load_resource('apache_conf') }
-
-  it 'verify content is a string' do
-    _(resource.content).must_be_kind_of String
-  end
-
-  it 'verify params is a hashmap' do
-    _(resource.params).must_be_kind_of Hash
-  end
-
-  it 'reads values in apache2.conf' do
-    _(resource.params('ServerRoot')).must_equal ['"/etc/apache2"']
-  end
-
-  it 'reads values in from the direct include ports.conf' do
-    _(resource.params('Listen').sort).must_equal ['443', '80']
-  end
-
-  it 'reads values in from wildcard include serve-cgi-bin.conf' do
-    # TODO(sr) currently, the parser only merges parameter across separate
-    # source files, not in one file
-    _(resource.params('Define')).must_equal ['ENABLE_USR_LIB_CGI_BIN',
-                                             'ENABLE_USR_LIB_CGI_BIN']
-  end
-end

data/test/unit/resources/apt_test.rb

@@ -1,46 +0,0 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Richter
-
-require 'helper'
-require 'inspec/resource'
-
-describe 'Inspec::Resources::AptRepo' do
-
-  it 'check apt on ubuntu' do
-    resource = MockLoader.new(:ubuntu1504).load_resource('apt', 'http://archive.ubuntu.com/ubuntu/')
-    _(resource.exists?).must_equal true
-    _(resource.enabled?).must_equal true
-  end
-
-  it 'check apt on ubuntu with ppa' do
-    resource = MockLoader.new(:ubuntu1504).load_resource('apt', 'ubuntu-wine/ppa')
-    _(resource.exists?).must_equal true
-    _(resource.enabled?).must_equal true
-  end
-
-  it 'check apt on ubuntu with ppa' do
-    resource = MockLoader.new(:ubuntu1504).load_resource('apt', 'ppa:ubuntu-wine/ppa')
-    _(resource.exists?).must_equal true
-    _(resource.enabled?).must_equal true
-  end
-
-  it 'check apt on debian' do
-    resource = MockLoader.new(:ubuntu1504).load_resource('apt', 'http://archive.ubuntu.com/ubuntu/')
-    _(resource.exists?).must_equal true
-    _(resource.enabled?).must_equal true
-  end
-
-  it 'check apt on unknown os' do
-    resource = MockLoader.new(:undefined).load_resource('apt', 'ubuntu-wine/ppa')
-    _(resource.exists?).must_equal false
-    _(resource.enabled?).must_equal false
-  end
-
-  # check ppa resource
-  it 'check apt on ubuntu' do
-    resource = MockLoader.new(:ubuntu1504).load_resource('ppa', 'ubuntu-wine/ppa')
-    _(resource.exists?).must_equal true
-    _(resource.enabled?).must_equal true
-  end
-end

data/test/unit/resources/audit_policy_test.rb

@@ -1,13 +0,0 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Richter
-
-require 'helper'
-require 'inspec/resource'
-
-describe 'Inspec::Resources::AuditPolicy' do
-  it 'check audit policy parsing' do
-    resource = MockLoader.new(:windows).load_resource('audit_policy')
-    _(resource.send('User Account Management')).must_equal 'Success'
-  end
-end

data/test/unit/resources/auditd_conf_test.rb

@@ -1,15 +0,0 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Richter
-
-require 'helper'
-require 'inspec/resource'
-
-describe 'Inspec::Resources::AuditDaemonConf' do
-  it 'check audit daemon config parsing' do
-    resource = MockLoader.new(:windows).load_resource('auditd_conf')
-    _(resource.space_left_action).must_equal 'SYSLOG'
-    _(resource.action_mail_acct).must_equal 'root'
-    _(resource.tcp_listen_queue).must_equal '5'
-  end
-end

data/test/unit/resources/auditd_rules_test.rb

@@ -1,91 +0,0 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Richter
-
-require 'helper'
-require 'inspec/resource'
-
-describe 'Inspec::Resources::AuditDaemonRules' do
-  it 'auditd_rules interface' do
-    resource = MockLoader.new(:centos7).load_resource('auditd_rules')
-    _(resource.send('lines')).must_equal [
-       '-a always,exit -F arch=b64 -S open,openat -F exit=-EACCES -F key=access',
-       '-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat -F auid>=500 f24!=0 -F key=perm_mod',
-       '-w /etc/ssh/sshd_config -p rwxa -k CFG_sshd_config',
-    ]
-  end
-
-  it 'auditd_rules syscall interface' do
-    resource = MockLoader.new(:centos7).load_resource('auditd_rules')
-    _(resource.send('syscall', 'open').send('rules')).must_equal [
-      {:syscall=>"open", :list=>"exit", :action=>"always", :fields=>["arch=b64", "exit=-EACCES", "key=access"], :arch=>"b64", :exit=>"-EACCES", :key=>"access"}
-    ]
-  end
-
-  it 'auditd_rules syscall query chaining' do
-    resource = MockLoader.new(:centos7).load_resource('auditd_rules')
-    _(resource.send('syscall', 'open').field('key', 'access').send('rules')).must_equal [
-      {:syscall=>"open", :list=>"exit", :action=>"always", :fields=>["arch=b64", "exit=-EACCES", "key=access"], :arch=>"b64", :exit=>"-EACCES", :key=>"access"}
-    ]
-  end
-
-  it 'auditd_rules syscall query chaining with short syntax' do
-    resource = MockLoader.new(:centos7).load_resource('auditd_rules')
-    _(resource.send('syscall', 'open').key('access').list('exit').send('rules')).must_equal [
-      {:syscall=>"open", :list=>"exit", :action=>"always", :fields=>["arch=b64", "exit=-EACCES", "key=access"], :arch=>"b64", :exit=>"-EACCES", :key=>"access"}
-    ]
-  end
-
-  it 'check auditd_rules syscall query chaining empty results' do
-    resource = MockLoader.new(:centos7).load_resource('auditd_rules')
-    _(resource.send('syscall', 'open').field('key', 'access').field('foo', 'bar').send('rules')).must_equal []
-  end
-
-
-  it 'check auditd_rules file interface' do
-    resource = MockLoader.new(:centos7).load_resource('auditd_rules')
-    _(resource.send('file', '/etc/ssh/sshd_config').send('rules')).must_equal [
-      { file: '/etc/ssh/sshd_config', key: 'CFG_sshd_config', permissions: 'rwxa'},
-    ]
-  end
-
-  it 'check auditd_rules key interface' do
-    resource = MockLoader.new(:centos7).load_resource('auditd_rules')
-    _(resource.send('key', 'CFG_sshd_config').send('rules')).must_equal [
-      { file: '/etc/ssh/sshd_config', key: 'CFG_sshd_config', permissions: 'rwxa'},
-    ]
-  end
-
-  it 'check auditd_rules status interface' do
-    resource = MockLoader.new(:centos7).load_resource('auditd_rules')
-    _(resource.send('status')).must_equal({
-      'enabled' => '1',
-      'flag' => '2',
-      'pid' => '547',
-      'rate_limit' => '0',
-      'backlog_limit' => '8192',
-      'lost' => '0',
-      'backlog' => '0',
-      'loginuid_immutable' => '0 unlocked',
-    })
-  end
-
-  it 'check auditd_rules status interface querying a key' do
-    resource = MockLoader.new(:centos7).load_resource('auditd_rules')
-    _(resource.send('status', 'enabled')).must_equal('1')
-  end
-
-  # TODO(sr) figure out how to feed resource the legacy auditctl mock cmd output
-  # it 'check legacy audit policy parsing' do
-  #   resource = MockLoader.new(:undefined).load_resource('auditd_rules')
-  #   _(resource.send('LIST_RULES')).must_equal [
-  #     'exit,always syscall=rmdir,unlink',
-  #     'exit,always auid=1001 (0x3e9) syscall=open',
-  #     'exit,always watch=/etc/group perm=wa',
-  #     'exit,always watch=/etc/passwd perm=wa',
-  #     'exit,always watch=/etc/shadow perm=wa',
-  #     'exit,always watch=/etc/sudoers perm=wa',
-  #     'exit,always watch=/etc/secret_directory perm=r',
-  #   ]
-  # end
-end

data/test/unit/resources/bash_test.rb

@@ -1,29 +0,0 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Richter
-
-require 'helper'
-require 'inspec/resource'
-
-describe Inspec::Resources::Bash do
-  let(:x) { rand.to_s }
-  let(:resource) { load_resource('bash', '$("'+x+'")') }
-
-  it 'prints as a bash command' do
-    resource.to_s.must_equal 'Bash command $("'+x+'")'
-  end
-
-  it 'wraps the command' do
-    resource.command.must_equal "bash -c \\$\\(\\\"#{x}\\\"\\)"
-  end
-
-  it 'can specify an executable path' do
-    resource = load_resource('bash', '$("'+x+'")', path: '/bin/bash')
-    resource.command.must_equal "/bin/bash -c \\$\\(\\\"#{x}\\\"\\)"
-  end
-
-  it 'can specify a arguments' do
-    resource = load_resource('bash', '$("'+x+'")', args: '-x -c')
-    resource.command.must_equal "bash -x -c \\$\\(\\\"#{x}\\\"\\)"
-  end
-end

data/test/unit/resources/bond_test.rb

@@ -1,24 +0,0 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Richter
-
-require 'helper'
-require 'inspec/resource'
-
-describe 'Inspec::Resources::Bond' do
-
-  it 'check linux bond on ubuntu' do
-    resource = MockLoader.new(:ubuntu1404).load_resource('bond', 'bond0')
-    # bond must be available
-    resource.exist?.must_equal true
-    # eth0 is part of bond
-    _(resource.has_interface?('eth0')).must_equal true
-    _(resource.has_interface?('eth1')).must_equal false
-    _(resource.has_interface?('eth2')).must_equal true
-    # get all interfaces
-    _(resource.interfaces).must_equal %w{eth0 eth2}
-    # get proc content
-    _(resource.content).wont_equal nil
-    _(resource.content).wont_equal ''
-  end
-end

data/test/unit/resources/bridge_test.rb

@@ -1,56 +0,0 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Richter
-
-require 'helper'
-require 'inspec/resource'
-
-describe 'Inspec::Resources::Bridge' do
-
-  it 'check linux bridge on ubuntu' do
-    resource = MockLoader.new(:ubuntu1404).load_resource('bridge', 'br0')
-    _(resource.exists?).must_equal true
-
-    # check network interfaced attached to bridge
-    _(resource.has_interface?('eth0')).must_equal false
-    _(resource.has_interface?('eth1')).must_equal true
-    _(resource.has_interface?('eth2')).must_equal true
-
-    # get associated interfaces
-    _(resource.interfaces).must_equal %w{eth1 eth2}
-  end
-
-  it 'check linux bridge on centos 7' do
-    resource = MockLoader.new(:centos7).load_resource('bridge', 'br0')
-    _(resource.exists?).must_equal true
-
-    # check network interfaced attached to bridge
-    _(resource.has_interface?('eth0')).must_equal false
-    _(resource.has_interface?('eth1')).must_equal true
-    _(resource.has_interface?('eth2')).must_equal true
-
-    # get associated interfaces
-    _(resource.interfaces).must_equal %w{eth1 eth2}
-  end
-
-  it 'check windows bridge' do
-    resource = MockLoader.new(:windows).load_resource('bridge', 'Network Bridge')
-    _(resource.exists?).must_equal true
-
-    # get associated interfaces is not supported on windows
-    _(resource.interfaces).must_equal nil
-  end
-
-  it 'check bridge on unsupported os' do
-    resource = MockLoader.new(:undefined).load_resource('bridge', 'br0')
-    _(resource.exists?).must_equal false
-
-    # check network interfaced attached to bridge
-    _(resource.has_interface?('eth0')).must_equal false
-    _(resource.has_interface?('eth1')).must_equal false
-    _(resource.has_interface?('eth2')).must_equal false
-
-    # get associated interfaces
-    _(resource.interfaces).must_equal nil
-  end
-end

data/test/unit/resources/csv_test.rb

@@ -1,35 +0,0 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Richter
-
-require 'helper'
-require 'inspec/resource'
-
-describe 'Inspec::Resources::CSV' do
-  describe 'when loading a valid csv' do
-    let (:resource) { load_resource('csv', 'example.csv') }
-    let (:params) {
-      {}
-    }
-
-    it 'captures an array of params' do
-      _(resource.params).must_be_kind_of Array
-    end
-
-    it 'gets all value lines' do
-      _(resource.params.length).must_equal 3
-    end
-
-    it 'captures a hashmap of entries of a line' do
-      _(resource.params[0]).must_be_kind_of Hash
-    end
-
-    it 'gets params by header fields' do
-      _(resource.params[0]['addressable']).must_equal 'ast'
-    end
-
-    it 'retrieves nil if a param is missing' do
-      _(resource.params[0]['missing']).must_be_nil
-    end
-  end
-end

data/test/unit/resources/etc_group_test.rb

@@ -1,37 +0,0 @@
-# encoding: utf-8
-# author: Christoph Hartmann
-# author: Dominik Richter
-
-require 'helper'
-require 'inspec/resource'
-
-describe 'Inspec::Resources::EtcGroup' do
-  let(:resource) { load_resource('etc_group') }
-
-  it 'verify /etc/group config parsing' do
-    _(resource.gids).must_equal [0, 33]
-    _(resource.groups).must_equal %w{ root www-data }
-    _(resource.users).must_equal %w{ www-data root }
-  end
-
-  it 'verify group filter with no users' do
-    root_filter = resource.where(name: 'root')
-    _(root_filter.gids).must_equal [0]
-    _(root_filter.groups).must_equal ['root']
-    _(root_filter.users).must_equal []
-  end
-
-  it 'verify group filter with users' do
-    www_filter = resource.where(name: 'www-data')
-    _(www_filter.gids).must_equal [33]
-    _(www_filter.groups).must_equal ['www-data']
-    _(www_filter.users).must_equal ['www-data', 'root']
-  end
-
-  it 'verify group filter with wrong group' do
-    wrong_filter = resource.where(name: 'wrong_group')
-    _(wrong_filter.gids).must_equal []
-    _(wrong_filter.groups).must_equal []
-    _(wrong_filter.users).must_equal []
-  end
-end