RubyGems - inspec - Versions diffs - 0.9.0 - Mend

inspec 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (247) hide show

checksums.yaml +7 -0
data/.gitignore +8 -0
data/.rubocop.yml +65 -0
data/.travis.yml +23 -0
data/CHANGELOG.md +38 -0
data/Gemfile +33 -0
data/LICENSE +201 -0
data/MAINTAINERS.md +28 -0
data/MAINTAINERS.toml +42 -0
data/README.md +257 -0
data/Rakefile +47 -0
data/bin/inspec +109 -0
data/docs/ctl_inspec.rst +195 -0
data/docs/dsl_inspec.rst +182 -0
data/docs/readme.rst +100 -0
data/docs/resources.rst +4319 -0
data/docs/template.rst +51 -0
data/examples/test-kitchen/.kitchen.yml +20 -0
data/examples/test-kitchen/Berksfile +3 -0
data/examples/test-kitchen/Gemfile +21 -0
data/examples/test-kitchen/README.md +27 -0
data/examples/test-kitchen/metadata.rb +7 -0
data/examples/test-kitchen/recipes/default.rb +6 -0
data/examples/test-kitchen/recipes/nginx.rb +30 -0
data/examples/test-kitchen/test/integration/default/web_spec.rb +28 -0
data/inspec.gemspec +30 -0
data/lib/inspec.rb +20 -0
data/lib/inspec/backend.rb +42 -0
data/lib/inspec/dsl.rb +151 -0
data/lib/inspec/log.rb +34 -0
data/lib/inspec/metadata.rb +79 -0
data/lib/inspec/plugins.rb +9 -0
data/lib/inspec/plugins/resource.rb +62 -0
data/lib/inspec/profile.rb +138 -0
data/lib/inspec/profile_context.rb +170 -0
data/lib/inspec/resource.rb +76 -0
data/lib/inspec/rspec_json_formatter.rb +27 -0
data/lib/inspec/rule.rb +170 -0
data/lib/inspec/runner.rb +154 -0
data/lib/inspec/shell.rb +66 -0
data/lib/inspec/targets.rb +9 -0
data/lib/inspec/targets/core.rb +27 -0
data/lib/inspec/targets/dir.rb +67 -0
data/lib/inspec/targets/file.rb +29 -0
data/lib/inspec/targets/folder.rb +43 -0
data/lib/inspec/targets/tar.rb +34 -0
data/lib/inspec/targets/url.rb +39 -0
data/lib/inspec/targets/zip.rb +47 -0
data/lib/inspec/version.rb +7 -0
data/lib/matchers/matchers.rb +221 -0
data/lib/resources/apache.rb +29 -0
data/lib/resources/apache_conf.rb +113 -0
data/lib/resources/apt.rb +140 -0
data/lib/resources/audit_policy.rb +63 -0
data/lib/resources/auditd_conf.rb +56 -0
data/lib/resources/auditd_rules.rb +53 -0
data/lib/resources/bond.rb +65 -0
data/lib/resources/bridge.rb +114 -0
data/lib/resources/command.rb +57 -0
data/lib/resources/csv.rb +32 -0
data/lib/resources/directory.rb +15 -0
data/lib/resources/etc_group.rb +150 -0
data/lib/resources/file.rb +110 -0
data/lib/resources/gem.rb +46 -0
data/lib/resources/group.rb +132 -0
data/lib/resources/host.rb +143 -0
data/lib/resources/inetd_conf.rb +56 -0
data/lib/resources/interface.rb +127 -0
data/lib/resources/iptables.rb +65 -0
data/lib/resources/json.rb +64 -0
data/lib/resources/kernel_module.rb +40 -0
data/lib/resources/kernel_parameter.rb +55 -0
data/lib/resources/limits_conf.rb +55 -0
data/lib/resources/login_def.rb +60 -0
data/lib/resources/mysql.rb +81 -0
data/lib/resources/mysql_conf.rb +116 -0
data/lib/resources/mysql_session.rb +52 -0
data/lib/resources/npm.rb +44 -0
data/lib/resources/ntp_conf.rb +58 -0
data/lib/resources/oneget.rb +63 -0
data/lib/resources/os.rb +22 -0
data/lib/resources/os_env.rb +34 -0
data/lib/resources/package.rb +169 -0
data/lib/resources/parse_config.rb +75 -0
data/lib/resources/passwd.rb +93 -0
data/lib/resources/pip.rb +75 -0
data/lib/resources/port.rb +296 -0
data/lib/resources/postgres.rb +37 -0
data/lib/resources/postgres_conf.rb +87 -0
data/lib/resources/postgres_session.rb +59 -0
data/lib/resources/processes.rb +57 -0
data/lib/resources/registry_key.rb +54 -0
data/lib/resources/script.rb +34 -0
data/lib/resources/security_policy.rb +73 -0
data/lib/resources/service.rb +379 -0
data/lib/resources/ssh_conf.rb +75 -0
data/lib/resources/user.rb +374 -0
data/lib/resources/windows_feature.rb +77 -0
data/lib/resources/yaml.rb +23 -0
data/lib/resources/yum.rb +154 -0
data/lib/utils/convert.rb +12 -0
data/lib/utils/detect.rb +15 -0
data/lib/utils/find_files.rb +36 -0
data/lib/utils/hash.rb +13 -0
data/lib/utils/modulator.rb +12 -0
data/lib/utils/parser.rb +61 -0
data/lib/utils/simpleconfig.rb +115 -0
data/tasks/maintainers.rb +213 -0
data/test/docker_run.rb +156 -0
data/test/docker_test.rb +51 -0
data/test/helper.rb +200 -0
data/test/integration/.kitchen.yml +42 -0
data/test/integration/Berksfile +4 -0
data/test/integration/cookbooks/os_prepare/metadata.rb +8 -0
data/test/integration/cookbooks/os_prepare/recipes/apt.rb +20 -0
data/test/integration/cookbooks/os_prepare/recipes/default.rb +9 -0
data/test/integration/cookbooks/os_prepare/recipes/file.rb +21 -0
data/test/integration/cookbooks/os_prepare/recipes/package.rb +26 -0
data/test/integration/default/_debug_spec.rb +1 -0
data/test/integration/default/apt_spec.rb +42 -0
data/test/integration/default/file_spec.rb +109 -0
data/test/integration/default/group_spec.rb +32 -0
data/test/integration/default/kernel_module_spec.rb +17 -0
data/test/integration/default/kernel_parameter_spec.rb +56 -0
data/test/integration/default/package_spec.rb +11 -0
data/test/integration/default/service_spec.rb +28 -0
data/test/integration/default/user_spec.rb +44 -0
data/test/resource/command_test.rb +33 -0
data/test/resource/dsl_test.rb +45 -0
data/test/resource/file_test.rb +130 -0
data/test/resource/ssh_config.rb +9 -0
data/test/resource/sshd_config.rb +9 -0
data/test/test-extra.yaml +11 -0
data/test/test.yaml +11 -0
data/test/unit/mock/cmd/Get-NetAdapter +24 -0
data/test/unit/mock/cmd/GetUserAccount +33 -0
data/test/unit/mock/cmd/GetWin32Group +23 -0
data/test/unit/mock/cmd/PATH +1 -0
data/test/unit/mock/cmd/Resolve-DnsName +26 -0
data/test/unit/mock/cmd/Test-NetConnection +4 -0
data/test/unit/mock/cmd/auditctl +7 -0
data/test/unit/mock/cmd/auditpol +2 -0
data/test/unit/mock/cmd/brew-info-jq +1 -0
data/test/unit/mock/cmd/chage-l-root +7 -0
data/test/unit/mock/cmd/dpkg-s-curl +21 -0
data/test/unit/mock/cmd/dscl +5 -0
data/test/unit/mock/cmd/etc-apt +7 -0
data/test/unit/mock/cmd/find-etc-rc-d-name-S +12 -0
data/test/unit/mock/cmd/find-net-interface +9 -0
data/test/unit/mock/cmd/gem-list-local-a-q-rubocop +1 -0
data/test/unit/mock/cmd/get-net-tcpconnection +24 -0
data/test/unit/mock/cmd/get-netadapter-binding-bridge +4 -0
data/test/unit/mock/cmd/get-package-firefox +30 -0
data/test/unit/mock/cmd/get-package-ruby +18 -0
data/test/unit/mock/cmd/get-service-dhcp +10 -0
data/test/unit/mock/cmd/get-windows-feature +7 -0
data/test/unit/mock/cmd/getent-hosts-example.com +1 -0
data/test/unit/mock/cmd/getent-passwd-root +1 -0
data/test/unit/mock/cmd/id-chartmann +1 -0
data/test/unit/mock/cmd/id-root +1 -0
data/test/unit/mock/cmd/initctl-show-config-ssh +3 -0
data/test/unit/mock/cmd/initctl-status-ssh +1 -0
data/test/unit/mock/cmd/iptables-s +6 -0
data/test/unit/mock/cmd/launchctl-list +3 -0
data/test/unit/mock/cmd/ls-1-etc-init.d +2 -0
data/test/unit/mock/cmd/ls-sys-class-net-br +2 -0
data/test/unit/mock/cmd/lsmod +2 -0
data/test/unit/mock/cmd/lsof-np-itcp +4 -0
data/test/unit/mock/cmd/netstat-tulpen +5 -0
data/test/unit/mock/cmd/npm-ls-g--json-bower +9 -0
data/test/unit/mock/cmd/pacman-qi-curl +21 -0
data/test/unit/mock/cmd/ping-example.com +6 -0
data/test/unit/mock/cmd/pip-show-jinja2 +11 -0
data/test/unit/mock/cmd/ps-aux +3 -0
data/test/unit/mock/cmd/pw-usershow-root-7 +1 -0
data/test/unit/mock/cmd/reg_schedule +1 -0
data/test/unit/mock/cmd/rpm-qia-curl +24 -0
data/test/unit/mock/cmd/sbin_sysctl +1 -0
data/test/unit/mock/cmd/secedit-export +7 -0
data/test/unit/mock/cmd/service-e +2 -0
data/test/unit/mock/cmd/service-sendmail-onestatus +3 -0
data/test/unit/mock/cmd/service-sshd-status +1 -0
data/test/unit/mock/cmd/sockstat +5 -0
data/test/unit/mock/cmd/success +0 -0
data/test/unit/mock/cmd/systemctl-show-all-sshd +6 -0
data/test/unit/mock/cmd/win32_product +8 -0
data/test/unit/mock/cmd/yum-repolist-all +52 -0
data/test/unit/mock/files/auditd.conf +4 -0
data/test/unit/mock/files/bond0 +37 -0
data/test/unit/mock/files/etcgroup +3 -0
data/test/unit/mock/files/example.csv +6 -0
data/test/unit/mock/files/inetd.conf +2 -0
data/test/unit/mock/files/kitchen.yml +7 -0
data/test/unit/mock/files/limits.conf +5 -0
data/test/unit/mock/files/login.defs +5 -0
data/test/unit/mock/files/mysql.conf +8 -0
data/test/unit/mock/files/mysql2.conf +2 -0
data/test/unit/mock/files/ntp.conf +5 -0
data/test/unit/mock/files/passwd +2 -0
data/test/unit/mock/files/policyfile.lock.json +12 -0
data/test/unit/mock/files/ssh_config +5 -0
data/test/unit/mock/files/sshd_config +7 -0
data/test/unit/mock/profiles/empty/metadata.rb +0 -0
data/test/unit/mock/profiles/metadata/metadata.rb +1 -0
data/test/unit/profile_context_test.rb +140 -0
data/test/unit/profile_test.rb +49 -0
data/test/unit/resources/apt_test.rb +46 -0
data/test/unit/resources/audit_policy_test.rb +13 -0
data/test/unit/resources/auditd_conf_test.rb +15 -0
data/test/unit/resources/auditd_rules_test.rb +21 -0
data/test/unit/resources/bond_test.rb +24 -0
data/test/unit/resources/bridge_test.rb +56 -0
data/test/unit/resources/csv_test.rb +35 -0
data/test/unit/resources/etc_group_test.rb +37 -0
data/test/unit/resources/gem_test.rb +20 -0
data/test/unit/resources/group_test.rb +96 -0
data/test/unit/resources/host_test.rb +38 -0
data/test/unit/resources/inetd_conf_test.rb +15 -0
data/test/unit/resources/interface_test.rb +54 -0
data/test/unit/resources/iptables_test.rb +30 -0
data/test/unit/resources/json_test.rb +36 -0
data/test/unit/resources/kernel_module_test.rb +23 -0
data/test/unit/resources/kernel_parameter_test.rb +13 -0
data/test/unit/resources/limits_conf_test.rb +14 -0
data/test/unit/resources/login_def_test.rb +16 -0
data/test/unit/resources/mysql_conf_test.rb +14 -0
data/test/unit/resources/npm_test.rb +20 -0
data/test/unit/resources/ntp_conf_test.rb +16 -0
data/test/unit/resources/oneget_test.rb +45 -0
data/test/unit/resources/os_env_test.rb +13 -0
data/test/unit/resources/package_test.rb +51 -0
data/test/unit/resources/passwd_test.rb +24 -0
data/test/unit/resources/pip_test.rb +15 -0
data/test/unit/resources/port_test.rb +46 -0
data/test/unit/resources/processes_test.rb +32 -0
data/test/unit/resources/registry_key_test.rb +19 -0
data/test/unit/resources/script_test.rb +19 -0
data/test/unit/resources/security_policy_test.rb +16 -0
data/test/unit/resources/service_test.rb +116 -0
data/test/unit/resources/ssh_conf_test.rb +33 -0
data/test/unit/resources/user_test.rb +93 -0
data/test/unit/resources/windows_feature.rb +17 -0
data/test/unit/resources/yaml_test.rb +34 -0
data/test/unit/resources/yum_test.rb +68 -0
data/test/unit/simpleconfig_test.rb +80 -0
data/test/unit/utils/content_parser_test.rb +30 -0
metadata +555 -0

data/lib/inspec/targets.rb ADDED Viewed

@@ -0,0 +1,9 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+require 'inspec/targets/core'
+require 'inspec/targets/file'
+require 'inspec/targets/folder'
+require 'inspec/targets/url'
+require 'inspec/targets/dir'

data/lib/inspec/targets/core.rb ADDED Viewed

@@ -0,0 +1,27 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+require 'utils/modulator'
+module Inspec
+  module Targets
+    extend Modulator
+    def self.__resolve(items)
+      items.map do |_|
+        # @TODO
+      end.flatten
+    end
+    def self.resolve(targets)
+      Array(targets).map do |target|
+        handler = modules.values.find { |m| m.handles?(target) }
+        if handler.nil?
+          fail "Don't know how to handle target: #{target}"
+        end
+        handler.resolve(target)
+      end.flatten
+    end
+  end
+end

data/lib/inspec/targets/dir.rb ADDED Viewed

@@ -0,0 +1,67 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+module Inspec::Targets
+  module DirsHelper
+    class ProfileDir
+      def handles?(paths)
+        paths.include?('test') && paths.include?('metadata.rb')
+      end
+      def get_libraries(paths)
+        paths.find_all do |path|
+          path.start_with?('libraries') && path.end_with?('.rb')
+        end
+      end
+      def get_filenames(paths)
+        paths.find_all do |path|
+          path.start_with?('test') && path.end_with?('.rb')
+        end
+      end
+    end
+    class ChefAuditDir
+      def handles?(paths)
+        paths.include?('recipes') and paths.include?('metadata.rb')
+      end
+      def get_filenames(paths)
+        paths.find_all do |x|
+          x.start_with? 'recipes/' and x.end_with? '.rb'
+        end
+      end
+    end
+    class ServerspecDir
+      def handles?(paths)
+        paths.include?('spec')
+      end
+      def get_filenames(paths)
+        paths.find_all do |path|
+          path.start_with? 'spec' and path.end_with? '_spec.rb'
+        end
+      end
+    end
+    class FlatDir
+      def handles?(paths)
+        get_filenames(paths).empty? == false
+      end
+      def get_filenames(paths)
+        paths.find_all { |x| x.end_with?('.rb') and !x.include?('/') }
+      end
+    end
+    HANDLERS = [
+      ProfileDir, ChefAuditDir, ServerspecDir, FlatDir
+    ].map(&:new)
+    def self.get_handler(paths)
+      HANDLERS.find { |x| x.handles? paths }
+    end
+  end
+end

data/lib/inspec/targets/file.rb ADDED Viewed

@@ -0,0 +1,29 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+module Inspec::Targets
+  class FileHelper
+    def handles?(target)
+      File.file?(target) and target.end_with?('.rb')
+    end
+    def resolve(target, opts = {})
+      base = opts[:base_folder]
+      path = base.nil? ? target : File.join(base, target)
+      {
+        content: File.read(path),
+        type: opts[:as] || :test,
+        ref: path,
+      }
+    end
+    def resolve_all(targets, opts = {})
+      Array(targets).map do |target|
+        resolve(target, opts)
+      end
+    end
+  end
+  Inspec::Targets.add_module('file', FileHelper.new)
+end

data/lib/inspec/targets/folder.rb ADDED Viewed

@@ -0,0 +1,43 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+require 'inspec/targets/dir'
+require 'inspec/targets/file'
+module Inspec::Targets
+  class FolderHelper
+    def handles?(target)
+      File.directory?(target)
+    end
+    def resolve(target)
+      # find all files in the folder
+      files = Dir[File.join(target, '**', '*')]
+      # remove the prefix
+      prefix = File.join(target, '')
+      files = files.map { |x| x.sub(prefix, '') }
+      # get the dirs helper
+      helper = DirsHelper.get_handler(files)
+      if helper.nil?
+        fail "Don't know how to handle folder #{target}"
+      end
+      # get all test file contents
+      file_handler = Inspec::Targets.modules['file']
+      raw_files = helper.get_filenames(files)
+      tests = file_handler.resolve_all(raw_files, base_folder: target)
+      libs = []
+      if helper.respond_to? :get_libraries
+        raw_libs = helper.get_libraries(files)
+        libs = file_handler.resolve_all(raw_libs,
+                                        base_folder: target, as: :library)
+      end
+      libs + tests
+    end
+  end
+  Inspec::Targets.add_module('folder', FolderHelper.new)
+end

data/lib/inspec/targets/tar.rb ADDED Viewed

@@ -0,0 +1,34 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+require 'rubygems/package'
+require 'zlib'
+module Inspec::Targets
+  class TarHelper
+    def structure(input)
+      files = []
+      Gem::Package::TarReader.new(Zlib::GzipReader.open input) do |tar|
+        files = tar.map(&:full_name)
+      end
+      files
+    end
+    def content(input)
+      content = {}
+      Gem::Package::TarReader.new(Zlib::GzipReader.open input) do |tar|
+        tar.each do |entry|
+          if entry.directory?
+            # nothing to do
+          elsif entry.file?
+            content[entry.full_name] = entry.read
+          elsif entry.header.typeflag == '2'
+            # ignore symlinks for now
+          end
+        end
+      end
+      content
+    end
+  end
+end

data/lib/inspec/targets/url.rb ADDED Viewed

@@ -0,0 +1,39 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+require 'uri'
+require 'tempfile'
+require 'open-uri'
+require 'inspec/targets/zip'
+module Inspec::Targets
+  class UrlHelper
+    def handles?(target)
+      uri = URI.parse(target)
+      return false if uri.nil? or uri.scheme.nil?
+      %{ http https }.include? uri.scheme
+    end
+    def resolve(target)
+      return nil unless target.start_with? 'https://github.com' and
+                        target.end_with? '.git'
+      url = target.sub(/.git$/, '') + '/archive/master.zip'
+      resolve_zip(url)
+    end
+    def resolve_zip(url)
+      zipfile = Tempfile.new('inspec-dl-')
+      zipfile.binmode
+      zipfile.write(open(url).read)
+      zipfile.rewind
+      content = ZipHelper.new.resolve(zipfile.path)
+      zipfile.close
+      zipfile.unlink
+      content
+    end
+  end
+  Inspec::Targets.add_module('url', UrlHelper.new)
+end

data/lib/inspec/targets/zip.rb ADDED Viewed

@@ -0,0 +1,47 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+require 'zip'
+require 'inspec/targets/dir'
+module Inspec::Targets
+  class ZipHelper
+    def content(input, _filter)
+      content = []
+      ::Zip::InputStream.open(input) do |io|
+        while (entry = io.get_next_entry)
+          h = {
+            content: io.read,
+            ref: File.join(input, entry.name),
+          }
+          content.push(h)
+        end
+      end
+      content
+    end
+    def structure(input)
+      files = []
+      ::Zip::InputStream.open(input) do |io|
+        while (entry = io.get_next_entry)
+          files.push(entry.name)
+        end
+      end
+      files
+    end
+    def resolve(path)
+      files = structure(path)
+      helper = DirsHelper.get_handler(files)
+      if helper.nil?
+        fail "Don't know how to handle folder #{path}"
+      end
+      # get all file contents
+      # @TODO
+      _file_handler = Inspec::Targets.modules['file']
+      test_files = helper.get_filenames(files)
+      content(path, test_files)
+    end
+  end
+end

data/lib/inspec/version.rb ADDED Viewed

@@ -0,0 +1,7 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+module Inspec
+  VERSION = '0.9.0'
+end

data/lib/matchers/matchers.rb ADDED Viewed

@@ -0,0 +1,221 @@
+# encoding: utf-8
+# copyright: 2015, Vulcano Security GmbH
+# author: Dominik Richter
+# author: Christoph Hartmann
+# license: All rights reserved
+RSpec::Matchers.define :be_readable do
+  match do |file|
+    file.readable?(@by, @by_user)
+  end
+  chain :by do |by|
+    @by = by
+  end
+  chain :by_user do |by_user|
+    @by_user = by_user
+  end
+  description do
+    res = 'be readable'
+    res += " by #{@by}" unless @by.nil?
+    res += " by user #{@by_user}" unless @by_user.nil?
+    res
+  end
+end
+RSpec::Matchers.define :be_writable do
+  match do |file|
+    file.writable?(@by, @by_user)
+  end
+  chain :by do |by|
+    @by = by
+  end
+  chain :by_user do |by_user|
+    @by_user = by_user
+  end
+  description do
+    res = 'be writable'
+    res += " by #{@by}" unless @by.nil?
+    res += " by user #{@by_user}" unless @by_user.nil?
+    res
+  end
+end
+RSpec::Matchers.define :be_executable do
+  match do |file|
+    file.executable?(@by, @by_user)
+  end
+  chain :by do |by|
+    @by = by
+  end
+  chain :by_user do |by_user|
+    @by_user = by_user
+  end
+  description do
+    res = 'be executable'
+    res += " by #{@by}" unless @by.nil?
+    res += " by user #{@by_user}" unless @by_user.nil?
+    res
+  end
+end
+# matcher to check /etc/passwd, /etc/shadow and /etc/group
+RSpec::Matchers.define :contain_legacy_plus do
+  match do |file|
+    file.content.match(/^\+:/)
+  end
+end
+# verifies that no entry in an array contains a value
+RSpec::Matchers.define :contain_match do |regex|
+  match do |arr|
+    arr.inject { |result, i|
+      result = i.match(regex)
+      result || i.match(/$/)
+    }
+  end
+end
+RSpec::Matchers.define :contain_duplicates do
+  match do |arr|
+    dup = arr.select { |element| arr.count(element) > 1 }
+    !dup.uniq.empty?
+  end
+end
+# for packages
+RSpec::Matchers.define :be_installed do
+  match do |package|
+    package.installed? == true
+  end
+  failure_message do |package|
+    "expected that `#{package}` is installed"
+  end
+  chain :by do
+    fail "[UNSUPPORTED] Please use the new resources 'gem', 'npm' or 'pip'."
+  end
+  chain :with_version do |version|
+    warn "[DEPRECATION] `with_version` is deprecated.  Please use `its(:version) { should eq '1.4.1' }` instead."
+    @version = version
+  end
+end
+# for services
+RSpec::Matchers.define :be_enabled do
+  match do |service|
+    service.enabled? == true
+  end
+  chain :with_level do |_level|
+    fail '[UNSUPPORTED] with level is not supported'
+  end
+  failure_message do |service|
+    "expected that `#{service}` is enabled"
+  end
+end
+# service resource matcher for serverspec compatibility
+# Deprecated: You should not use this matcher anymore
+RSpec::Matchers.define :be_running do
+  match do |service|
+    service.running? == true
+  end
+  chain :under do |_under|
+    fail '[UNSUPPORTED] under is not supported'
+  end
+  failure_message do |service|
+    "expected that `#{service}` is running"
+  end
+end
+# user resource matcher for serverspec compatibility
+# Deprecated: You should not use this matcher anymore
+RSpec::Matchers.define :belong_to_group do |compare_group|
+  match do |user|
+    warn "[DEPRECATION] `belong_to_group` is deprecated.  Please use `its(:groups) { should include('root') }` instead."
+    user.groups.include?(compare_group)
+  end
+  failure_message do |group|
+    "expected that the user belongs to group `#{group}`"
+  end
+end
+# user resource matcher for serverspec compatibility
+# Deprecated: You should not use this matcher anymore
+RSpec::Matchers.define :belong_to_primary_group do |compare_group|
+  match do |user|
+    warn "[DEPRECATION] `belong_to_primary_group` is deprecated.  Please use `its(:group) { should eq 'root' }` instead."
+    user.group == compare_group
+  end
+  failure_message do |group|
+    "expected that the user belongs to primary group `#{group}`"
+  end
+end
+# matcher to check if host is reachable
+RSpec::Matchers.define :be_reachable do
+  match do |host|
+    host.reachable? == true
+  end
+  chain :with do |_attr|
+    fail '[UNSUPPORTED] `with` is not supported in combination with `be_reachable`'
+  end
+  failure_message do |host|
+    "expected that host #{host} is reachable"
+  end
+end
+# matcher to check if host is resolvable
+RSpec::Matchers.define :be_resolvable do
+  match do |host|
+    host.resolvable? == true
+  end
+  chain :by do |_type|
+    fail "[UNSUPPORTED] `by` is not supported in combination with `be_resolvable`. Please use the following syntax `host('example.com', port: 53, proto: 'udp')`."
+  end
+  failure_message do |host|
+    "expected that host #{host} is resolvable"
+  end
+end
+# matcher for iptables
+RSpec::Matchers.define :have_rule do |rule|
+  match do |tables|
+    tables.has_rule?(rule)
+  end
+  chain :with_table do |_table|
+    fail "[UNSUPPORTED] `with_table` is not supported in combination with `have_rule`. Please use the following syntax `iptables(table:'mangle', chain: 'input')`."
+  end
+  chain :with_chain do |_chain|
+    fail "[UNSUPPORTED] `with_table` is not supported in combination with `with_chain`. Please use the following syntax `iptables(table:'mangle', chain: 'input')`."
+  end
+end
+# unsupported
+RSpec::Matchers.define :contain do |_rule|
+  match do |_resource|
+    fail "[UNSUPPORTED] `contain` matcher. Please use the following syntax `its('content') { should match('value') }`."
+  end
+end