inspec 0.9.0

data/test/integration/.kitchen.yml

@@ -0,0 +1,42 @@
+---
+driver:
+  name: vagrant
+
+provisioner:
+  name: chef_solo
+
+verifier:
+  name: inspec
+  sudo: true
+
+platforms:
+  - name: centos-7.1
+  - name: centos-6.7
+  - name: centos-6.7-i386
+  - name: centos-5.11
+  - name: centos-5.11-i386
+  - name: debian-6.0.10
+  - name: debian-6.0.10-i386
+  - name: debian-7.8
+  - name: debian-7.8-i386
+  - name: debian-8.1
+  - name: debian-8.1-i386
+  - name: fedora-21
+  - name: fedora-21-i386
+  - name: fedora-22
+  - name: freebsd-9.3
+  - name: freebsd-10.2
+  - name: opensuse-13.2-x86_64
+  - name: opensuse-13.2-i386
+  - name: ubuntu-14.04
+  - name: ubuntu-14.04-i386
+  - name: ubuntu-12.04
+  - name: ubuntu-12.04-i386
+  - name: ubuntu-10.04
+  - name: ubuntu-10.04-i386
+
+suites:
+  - name: default
+    run_list:
+      - recipe[os_prepare]
+    attributes:

data/test/integration/Berksfile

@@ -0,0 +1,4 @@
+source 'https://supermarket.chef.io'
+
+cookbook 'apt'
+cookbook 'os_prepare', path: './cookbooks/os_prepare'

data/test/integration/cookbooks/os_prepare/metadata.rb

@@ -0,0 +1,8 @@
+# encoding: utf-8
+name 'os_prepare'
+maintainer 'Chef Software, Inc.'
+maintainer_email 'support@chef.io'
+description 'This cookbook prepares the test operating systems'
+version '1.0.0'
+depends 'apt'
+depends 'yum'

data/test/integration/cookbooks/os_prepare/recipes/apt.rb

@@ -0,0 +1,20 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+
+# add nginx apt repository
+case node['platform']
+when 'ubuntu'
+  include_recipe('apt')
+  apt_repository 'nginx' do
+    uri 'ppa:nginx/stable'
+    distribution node['lsb']['codename']
+  end
+when 'debian'
+  include_recipe('apt')
+  apt_repository 'nginx' do
+    uri 'http://nginx.org/packages/debian'
+    distribution node['lsb']['codename']
+    components ['nginx']
+  end
+end

data/test/integration/cookbooks/os_prepare/recipes/default.rb

@@ -0,0 +1,9 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+#
+# prepare all operating systems with the required configuration
+
+include_recipe('os_prepare::apt')
+include_recipe('os_prepare::file')
+include_recipe('os_prepare::package')

data/test/integration/cookbooks/os_prepare/recipes/file.rb

@@ -0,0 +1,21 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+#
+# prepares a sample file for verification
+
+gid = 'root'
+gid = 'wheel' if node['platform_family'] == 'freebsd'
+
+file '/tmp/file' do
+  mode '0765'
+  owner 'root'
+  group gid
+  content 'hello world'
+end
+
+directory '/tmp/folder' do
+  mode '0567'
+  owner 'root'
+  group gid
+end

data/test/integration/cookbooks/os_prepare/recipes/package.rb

@@ -0,0 +1,26 @@
+# encoding: utf-8
+# author: Christoph Hartmann
+# author: Dominik Richter
+#
+# installs everything to do the package test
+
+case node['platform']
+when 'ubuntu'
+  include_recipe('apt')
+
+  package 'curl'
+when 'rhel', 'centos', 'fedora'
+  include_recipe('yum')
+
+  # TODO: support DNF natively
+  # Special care for fedora 22, since dnf is not officially supported yet
+  # https://github.com/chef/chef/issues/3201
+  if node['platform_version'] == '22'
+    execute 'dnf install -y yum'
+  end
+
+  package 'curl'
+when 'freebsd'
+  # do nothing
+  # TODO: implement Freebsd packages
+end

data/test/integration/default/_debug_spec.rb

@@ -0,0 +1 @@
+p "You are currently running on OS family: #{os[:family] || 'unknown'}, OS release: #{os[:release] || 'unknown'}"

data/test/integration/default/apt_spec.rb

@@ -0,0 +1,42 @@
+# encoding: utf-8
+
+if os[:family] == 'ubuntu'
+
+  describe apt('ppa:nginx/stable') do
+    it { should exist }
+    it { should be_enabled }
+  end
+
+  describe apt('nginx/stable') do
+    it { should exist }
+    it { should be_enabled }
+  end
+
+  describe apt('http://ppa.launchpad.net/nginx/stable/ubuntu') do
+    it { should exist }
+    it { should be_enabled }
+  end
+
+  describe apt('https://deb.nodesource.com/node_4.x/dists/precise/') do
+    it { should_not exist }
+    it { should_not be_enabled }
+  end
+
+elsif os[:family] == 'debian'
+
+  describe apt('http://nginx.org/packages/debian') do
+    it { should exist }
+    it { should be_enabled }
+  end
+
+  describe apt('http://nginx.org/packages/debian') do
+    it { should exist }
+    it { should be_enabled }
+  end
+
+  describe apt('https://deb.nodesource.com/node_4.x/dists/precise/') do
+    it { should_not exist }
+    it { should_not be_enabled }
+  end
+
+end

data/test/integration/default/file_spec.rb

@@ -0,0 +1,109 @@
+# encoding: utf-8
+
+if os[:family] == 'freebsd'
+  filedata = {
+    user: 'root',
+    group: 'wheel',
+    dir_content: "\u0003\u0000",
+    dir_md5sum: '598f4fe64aefab8f00bcbea4c9239abf',
+    dir_sha256sum: '9b4fb24edd6d1d8830e272398263cdbf026b97392cc35387b991dc0248a628f9',
+  }
+else
+  filedata = {
+    user: 'root',
+    group: 'root',
+    dir_content: nil,
+    dir_md5sum: nil,
+    dir_sha256sum: nil,
+  }
+end
+
+if os.unix?
+
+  # test regular file
+  describe file('/tmp/file') do
+    it { should exist }
+    it { should be_file }
+
+    it { should_not be_directory }
+    it { should_not be_block_device }
+    it { should_not be_character_device }
+    it { should_not be_pipe }
+    it { should_not be_socket }
+    it { should_not be_symlink }
+    it { should_not be_mounted }
+
+    # check owner
+    it { should be_owned_by filedata[:user] }
+    it { should be_grouped_into filedata[:group] }
+
+    # it { should have_mode }
+    its('mode') { should eq 00765 }
+    it { should be_mode 00765 }
+
+    it { should be_readable }
+    it { should be_readable.by('owner') }
+    it { should be_readable.by('group') }
+    it { should be_readable.by('other') }
+    it { should be_readable.by_user(filedata[:user]) }
+    it { should_not be_readable.by_user('noroot') }
+    # for server spec compatibility
+    it { should be_readable.by('others') }
+
+    it { should be_writable }
+    it { should be_writable.by('owner') }
+    it { should be_writable.by('group') }
+    it { should_not be_writable.by('other') }
+    it { should be_writable.by_user(filedata[:user]) }
+    # it { should_not be_writable.by_user('noroot') }
+    # for server spec compatibility
+    it { should_not be_writable.by('others') }
+
+    it { should be_executable }
+    it { should be_executable.by('owner') }
+    it { should_not be_executable.by('group') }
+    it { should be_executable.by('other') }
+    it { should be_executable.by_user(filedata[:user]) }
+    # it { should_not be_executable.by_user('noroot') }
+    # for server spec compatibility
+    it { should be_executable.by('others') }
+
+    # test extended linux attributes
+    # it { should be_immutable }
+
+    its('content') { should eq 'hello world' }
+    its('content') { should match('world') }
+    its('size') { should eq 11 }
+    its('md5sum') { should eq '5eb63bbbe01eeed093cb22bb8f5acdc3' }
+    its('sha256sum') { should eq 'b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9' }
+    its('product_version') { should eq nil }
+    its('file_version') { should eq nil }
+
+    its('owner') { should eq filedata[:user] }
+    its('group') { should eq filedata[:group] }
+    its('type') { should eq :file }
+  end
+
+  describe file('/tmp/folder') do
+    it { should exist }
+    it { should be_directory }
+
+    it { should_not be_file }
+    it { should_not be_block_device }
+    it { should_not be_character_device }
+    it { should_not be_pipe }
+    it { should_not be_socket }
+    it { should_not be_symlink }
+
+    its('content') { should eq filedata[:dir_content] }
+    its('md5sum') { should eq filedata[:dir_md5sum] }
+    its('sha256sum') { should eq filedata[:dir_sha256sum] }
+    its('product_version') { should eq nil }
+    its('file_version') { should eq nil }
+
+    its('owner') { should eq filedata[:user] }
+    its('group') { should eq filedata[:group] }
+    its('type') { should eq :directory }
+  end
+
+end

data/test/integration/default/group_spec.rb

@@ -0,0 +1,32 @@
+# encoding: utf-8
+
+# test root group on linux
+if os.linux?
+  describe group('root') do
+    it { should exist }
+    its('gid') { should eq 0 }
+  end
+
+  describe group('noroot') do
+    it { should_not exist }
+    its('gid') { should eq nil }
+  end
+end
+
+if os[:family] == 'freebsd'
+
+  describe group('wheel') do
+    it { should exist }
+    its('gid') { should eq 0 }
+  end
+
+  describe group('root') do
+    it { should_not exist }
+    its('gid') { should eq nil }
+  end
+
+  describe group('noroot') do
+    it { should_not exist }
+    its('gid') { should eq nil }
+  end
+end

data/test/integration/default/kernel_module_spec.rb

@@ -0,0 +1,17 @@
+# encoding: utf-8
+
+# Test kernel modules on all linux systems
+if os.linux?
+
+  describe kernel_module('video') do
+    it { should be_loaded }
+  end
+
+  describe kernel_module('bridge') do
+    it { should_not be_loaded }
+  end
+
+  describe kernel_module('dhcp') do
+    it { should_not be_loaded }
+  end
+end

data/test/integration/default/kernel_parameter_spec.rb

@@ -0,0 +1,56 @@
+# encoding: utf-8
+
+# prepare values
+if ['ubuntu', 'centos', 'fedora', 'opensuse', 'debian'].include?(os[:family])
+  test_values = {
+    kernel_panic: 0,
+    ip_local_port_range: "32768\t61000",
+    forwarding: 0,
+    sched_autogroup_enabled: 1,
+    nf_log: 'NONE',
+  }
+
+  # configue parameter derivations for different OS
+  test_values[:sched_autogroup_enabled] = 0 if ['centos', 'debian'].include?(os[:family])
+
+  if (os[:family] == 'ubuntu' && os[:release].to_f == 10.04) ||
+     (os[:family] == 'debian' && os[:release].to_i == 6) ||
+     (os[:family] == 'centos' && os[:release].to_i == 5) ||
+     (os[:family] == 'opensuse')
+    test_values[:sched_autogroup_enabled] = nil
+  end
+
+  test_values[:nf_log] = nil if os[:family] == 'centos' && os[:release].to_i == 5
+  test_values[:kernel_panic] = 90 if os[:family] == 'opensuse'
+
+else
+  test_values = {}
+end
+
+# test on all linux systems
+if os.linux?
+  describe kernel_parameter('kernel.panic') do
+    its(:value) { should eq test_values[:kernel_panic] }
+  end
+
+  describe kernel_parameter('net.netfilter.nf_log.0') do
+    its(:value) { should eq test_values[:nf_log] }
+  end
+
+  describe kernel_parameter('kernel.sched_autogroup_enabled') do
+    its(:value) { should eq test_values[:sched_autogroup_enabled] }
+  end
+
+  describe kernel_parameter('net.ipv4.ip_local_port_range') do
+    its(:value) { should eq test_values[:ip_local_port_range] }
+  end
+
+  describe kernel_parameter('net.ipv4.conf.all.forwarding') do
+    its(:value) { should eq test_values[:forwarding] }
+  end
+
+  # serverspec compatability
+  describe linux_kernel_parameter('net.ipv4.conf.all.forwarding') do
+    its(:value) { should eq test_values[:forwarding] }
+  end
+end

data/test/integration/default/package_spec.rb

@@ -0,0 +1,11 @@
+# encoding: utf-8
+
+if ['centos', 'fedora', 'opensuse', 'debian', 'ubuntu'].include?(os[:family])
+  describe package('curl') do
+    it { should be_installed }
+  end
+
+  describe package('nginx') do
+    it { should_not be_installed }
+  end
+end

data/test/integration/default/service_spec.rb

@@ -0,0 +1,28 @@
+# encoding: utf-8
+
+# based on operating system we select the available service
+if ['centos', 'fedora', 'freebsd', 'opensuse'].include?(os[:family])
+  # CentOS, Fedora
+  unavailable_service = 'ssh'
+  available_service = 'sshd'
+elsif ['debian'].include?(os[:family])
+  # Debian
+  unavailable_service = 'clamav'
+  available_service = 'ssh'
+else
+  # Ubuntu
+  unavailable_service = 'sshd'
+  available_service = 'ssh'
+end
+
+describe service(unavailable_service) do
+  it { should_not be_enabled }
+  it { should_not be_installed }
+  it { should_not be_running }
+end
+
+describe service(available_service) do
+  it { should be_enabled }
+  it { should be_installed }
+  it { should be_running }
+end