inspec 0.9.8 → 0.9.9

data/lib/resources/postgres_session.rb

@@ -58,8 +58,8 @@ class PostgresSession < Inspec.resource(1)
       # remove the whole header (i.e. up to the first ^-----+------+------$)
       # remove the tail
       lines = cmd.stdout
-              .sub(/(.*\n)+([-]+[+])*[-]+\n/, '')
-              .sub(/\n[^\n]*\n\n$/, '')
+                 .sub(/(.*\n)+([-]+[+])*[-]+\n/, '')
+                 .sub(/\n[^\n]*\n\n$/, '')
       l = Lines.new(lines.strip, "PostgreSQL query: #{query}")
       RSpec.__send__('describe', l, &block)
     end

data/lib/resources/registry_key.rb

@@ -26,7 +26,8 @@ class RegistryKey < Inspec.resource(1)
     reg_key ||= name
     @name = name
     @reg_key = reg_key
-    skip_resource 'The `registry_key` resource is not supported on your OS yet.'
+
+    return skip_resource 'The `registry_key` resource is not supported on your OS yet.' if !inspec.os.windows?
   end
 
   def exists?

data/lib/resources/security_policy.rb

@@ -58,7 +58,7 @@ class SecurityPolicy < Inspec.resource(1)
     key = Regexp.escape(method.to_s)
     target = ''
     @policy.each_line {|s|
-      target = s.strip if s.match(/^\s*#{key}\s*=\s*(.*)\b/)
+      target = s.strip if s =~ /^\s*#{key}\s*=\s*(.*)\b/
     }
 
     # extract variable value
@@ -66,7 +66,7 @@ class SecurityPolicy < Inspec.resource(1)
 
     if !result.nil?
       val = result[:value]
-      val = val.to_i if val.match(/^\d+$/)
+      val = val.to_i if val =~ /^\d+$/
     else
       # TODO: we may need to return skip or failure if the
       # requested value is not available

data/lib/resources/service.rb

@@ -80,6 +80,8 @@ class Service < Inspec.resource(1)
       @service_mgmt = BSDInit.new(inspec)
     when 'arch', 'opensuse'
       @service_mgmt = Systemd.new(inspec)
+    when 'aix'
+      @service_mgmt = SrcMstr.new(inspec)
     end
 
     return skip_resource 'The `service` resource is not supported on your OS yet.' if @service_mgmt.nil?
@@ -142,7 +144,7 @@ class Systemd < ServiceManager
     params['SubState'] == 'running' ? (running = true) : (running = false)
     # test via systemctl --quiet is-enabled
     # ActiveState values eg.g inactive, active
-    params['ActiveState'] == 'active' ? (enabled = true) : (enabled = false)
+    params['UnitFileState'] == 'enabled' ? (enabled = true) : (enabled = false)
 
     {
       name: params['Id'],
@@ -155,6 +157,53 @@ class Systemd < ServiceManager
   end
 end
 
+# AIX services
+class SrcMstr < ServiceManager
+  attr_reader :name
+
+  def info(service_name)
+    @name = service_name
+    running = status?
+    return nil if running.nil?
+
+    {
+      name: service_name,
+      description: nil,
+      installed: true,
+      running: running,
+      enabled: enabled?,
+      type: 'srcmstr',
+    }
+  end
+
+  def status?
+    status_cmd = inspec.command("lssrc -s #{@name}")
+    return nil if status_cmd.exit_status.to_i != 0
+    status_cmd.stdout.split(/\n/).last.chomp =~ /active$/ ? true : false
+  end
+
+  def enabled?
+    enabled_rc_tcpip? || enabled_inittab?
+  end
+
+  private
+
+  # #rubocop:disable Style/TrailingComma
+  def enabled_rc_tcpip?
+    if inspec.command(
+      "grep -v ^# /etc/rc.tcpip | grep 'start ' | grep -Eq '(/{0,1}| )#{@name} '",
+    ).exit_status == 0
+      true
+    else
+      false
+    end
+  end
+
+  def enabled_inittab?
+    inspec.command("lsitab #{@name}").exit_status.to_i == 0 ? true : false
+  end
+end
+
 # @see: http://upstart.ubuntu.com
 class Upstart < ServiceManager
   def info(service_name)

data/lib/resources/user.rb

@@ -62,6 +62,8 @@ class User < Inspec.resource(1)
       @user_provider = DarwinUser.new(inspec)
     when 'freebsd'
       @user_provider = FreeBSDUser.new(inspec)
+    when 'aix'
+      @user_provider = AixUser.new(inspec)
     else
       return skip_resource 'The `user` resource is not supported on your OS yet.'
     end
@@ -263,6 +265,49 @@ class LinuxUser < UnixUser
   end
 end
 
+class AixUser < UnixUser
+  def identity(username)
+    id = super(username)
+    return nil if id.nil?
+    # AIX 'id' command doesn't include the primary group in the supplementary
+    # yet it can be somewhere in the supplementary list if someone added root
+    # to a groups list in /etc/group
+    # we rearrange to expected list if that is the case
+    if id[:groups].first != id[:group]
+      id[:groups].reject! { |i| i == id[:group] } if id[:groups].include?(id[:group])
+      id[:groups].unshift(id[:group])
+    end
+
+    id
+  end
+
+  def meta_info(username)
+    lsuser = inspec.command("lsuser -C -a home shell #{username}")
+    return nil if lsuser.exit_status != 0
+
+    user = lsuser.stdout.chomp.split("\n").last.split(':')
+    {
+      home:  user[1],
+      shell: user[2],
+    }
+  end
+
+  def credentials(username)
+    cmd = inspec.command(
+      "lssec -c -f /etc/security/user -s #{username} -a minage -a maxage -a pwdwarntime",
+    )
+    return nil if cmd.exit_status != 0
+
+    user_sec = cmd.stdout.chomp.split("\n").last.split(':')
+
+    {
+      mindays:  user_sec[1].to_i * 7,
+      maxdays:  user_sec[2].to_i * 7,
+      warndays: user_sec[3].to_i,
+    }
+  end
+end
+
 # we do not use 'finger' for MacOS, because it is harder to parse data with it
 # @see https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man8/fingerd.8.html
 # instead we use 'dscl' to request user data

data/lib/resources/yum.rb

@@ -57,7 +57,7 @@ class Yum < Inspec.resource(1)
     in_repo = false
     @content.each_line do |line|
       # detect repo start
-      in_repo = true if line.match(/^\s*Repo-id\s*:\s*(.*)\b/)
+      in_repo = true if line =~ /^\s*Repo-id\s*:\s*(.*)\b/
       # detect repo end
       if line == "\n" && in_repo
         in_repo = false
@@ -94,7 +94,7 @@ class Yum < Inspec.resource(1)
 
   # Removes lefthand and righthand whitespace
   def strip(value)
-    value.lstrip.rstrip if !value.nil?
+    value.strip if !value.nil?
   end
 
   # Optimize the key value

data/lib/utils/convert.rb

@@ -6,7 +6,7 @@ module Converter
   # convert the value to an integer if we have numbers only
   # otherwise we return the string
   def convert_to_i(val)
-    val = val.to_i if val.match(/^\d+$/)
+    val = val.to_i if val =~ /^\d+$/
     val
   end
 end

data/lib/utils/find_files.rb

@@ -14,7 +14,7 @@ module FindFiles
     link: 'l',
     socket: 's',
     door: 'D',
-  }
+  }.freeze
 
   # ignores errors
   def find_files(path, opts = {})
@@ -38,7 +38,7 @@ module FindFiles
     end
 
     result.stdout.split("\n")
-      .map(&:strip)
-      .find_all { |x| !x.empty? }
+          .map(&:strip)
+          .find_all { |x| !x.empty? }
   end
 end

data/lib/utils/parser.rb

@@ -81,9 +81,9 @@ module MountParser
         name, val = option.split('=')
         if val.nil?
           val = true
-        else
+        elsif val =~ /^\d+$/
           # parse numbers
-          val = val.to_i if val.match(/^\d+$/)
+          val = val.to_i
         end
         mount_options[:options][name.to_sym] = val
       end

data/tasks/maintainers.rb

@@ -21,7 +21,7 @@ SOURCE = File.join(File.dirname(__FILE__), '..', 'MAINTAINERS.toml')
 TARGET = File.join(File.dirname(__FILE__), '..', 'MAINTAINERS.md')
 
 # The list of repositories that teams should own
-REPOSITORIES = ['chef/inspec']
+REPOSITORIES = ['chef/inspec'].freeze
 
 begin
   require 'tomlrb'
@@ -194,11 +194,11 @@ begin
 
   # rubocop:disable Metrics/AbcSize
   def person(list, person)
-    if list[person].key?('GitHub')
-      out = "* [#{list[person]['Name']}](https://github.com/#{list[person]['GitHub']})"
-    else
-      out = "* #{list[person]['Name']}"
-    end
+    out = if list[person].key?('GitHub')
+            "* [#{list[person]['Name']}](https://github.com/#{list[person]['GitHub']})"
+          else
+            "* #{list[person]['Name']}"
+          end
     out << "\n  * IRC - #{list[person]['IRC']}" if list[person].key?('IRC')
     out << "\n  * [@#{list[person]['Twitter']}](https://twitter.com/#{list[person]['Twitter']})" if list[person].key?('Twitter')
     out << "\n  * [#{list[person]['email']}](mailto:#{list[person]['email']})" if list[person].key?('email')

data/test/helper.rb

@@ -17,6 +17,8 @@ end
 require 'inspec/resource'
 require 'inspec/backend'
 require 'inspec/profile'
+require 'inspec/targets'
+require 'inspec/targets/zip'
 
 class MockLoader
   # pass the os identifier to emulate a specific operating system
@@ -135,8 +137,8 @@ class MockLoader
       '/sbin/sysctl -q -n net.ipv4.conf.all.forwarding' => cmd.call('sbin_sysctl'),
       # ports on windows
       'Get-NetTCPConnection | Select-Object -Property State, Caption, Description, LocalAddress, LocalPort, RemoteAddress, RemotePort, DisplayName, Status | ConvertTo-Json' => cmd.call('get-net-tcpconnection'),
-      # ports on mac
-      'lsof -nP -iTCP -iUDP -sTCP:LISTEN' => cmd.call('lsof-np-itcp'),
+      # lsof formatted list of ports (should be quite cross platform)
+      'lsof -nP -i -FpctPn' => cmd.call('lsof-nP-i-FpctPn'),
       # ports on linux
       'netstat -tulpen' => cmd.call('netstat-tulpen'),
       # ports on freebsd

data/test/integration/cookbooks/os_prepare/recipes/file.rb

@@ -6,8 +6,15 @@
 
 if node['platform_family'] != 'windows'
 
-  gid = 'root'
-  gid = 'wheel' if node['platform_family'] == 'freebsd'
+  gid = case node['platform_family']
+        when 'aix'
+          'system'
+        when 'freebsd'
+          'wheel'
+        else
+          'root'
+        end
+
 
   file '/tmp/file' do
     mode '0765'

data/test/integration/cookbooks/os_prepare/recipes/json_yaml_csv_ini.rb

@@ -4,8 +4,14 @@
 #
 # adds a yaml file
 
-gid = 'root'
-gid = 'wheel' if node['platform_family'] == 'freebsd'
+gid = case node['platform_family']
+      when 'aix'
+        'system'
+      when 'freebsd'
+        'wheel'
+      else
+        'root'
+      end
 
 ['yml', 'json', 'csv', 'ini'].each { |filetype|
 

data/test/integration/test/integration/default/etc_group_spec.rb

@@ -0,0 +1,22 @@
+# encoding: utf-8
+
+root_group = case os[:family]
+             when 'aix'
+               'system'
+             when 'freebsd'
+               'wheel'
+             else
+               'root'
+             end
+
+if os.unix?
+  describe etc_group do
+    its('gids') { should_not contain_duplicates }
+    its('groups') { should include root_group }
+    its('users') { should include 'root' }
+  end
+
+  describe etc_group.where(name: root_group) do
+    its('users') { should include 'root' }
+  end
+end

data/test/integration/test/integration/default/file_spec.rb

@@ -1,6 +1,7 @@
 # encoding: utf-8
 
-if os[:family] == 'freebsd'
+case os[:family]
+when 'freebsd'
   filedata = {
     user: 'root',
     group: 'wheel',
@@ -8,6 +9,14 @@ if os[:family] == 'freebsd'
     dir_md5sum: '598f4fe64aefab8f00bcbea4c9239abf',
     dir_sha256sum: '9b4fb24edd6d1d8830e272398263cdbf026b97392cc35387b991dc0248a628f9',
   }
+when 'aix'
+  filedata = {
+    user: 'root',
+    group: 'system',
+    dir_content: nil,
+    dir_md5sum: nil,
+    dir_sha256sum: nil,
+  }
 else
   filedata = {
     user: 'root',

data/test/integration/test/integration/default/group_spec.rb

@@ -30,3 +30,20 @@ if os[:family] == 'freebsd'
     its('gid') { should eq nil }
   end
 end
+
+if os[:family] == 'aix'
+  describe group('system') do
+    it { should exist }
+    its('gid') { should eq 0 }
+  end
+
+  describe group('bin') do
+    it { should exist }
+    its('gid') { should eq 2 }
+  end
+
+  describe group('noroot') do
+    it { should_not exist }
+    its('gid') { should eq nil }
+  end
+end

data/test/integration/test/integration/default/package_spec.rb

@@ -1,11 +1,17 @@
 # encoding: utf-8
 
-if ['centos', 'fedora', 'opensuse', 'debian', 'ubuntu'].include?(os[:family])
+case os[:family]
+when 'centos', 'fedora', 'opensuse', 'debian', 'ubuntu'
   describe package('curl') do
     it { should be_installed }
   end
-
-  describe package('nginx') do
-    it { should_not be_installed }
+when 'aix'
+  describe package('bos.rte') do
+    it { should be_installed }
+    its('version') { should match /^(6|7)[.|\d]+\d$/ }
   end
 end
+
+describe package('nginx') do
+  it { should_not be_installed }
+end

data/test/integration/test/integration/default/port_spec.rb

@@ -5,5 +5,11 @@ if os.unix?
   describe port(22) do
     it { should be_listening }
     its('protocols') { should include('tcp') }
+    its('protocols') { should_not include('udp') }
+    its('processes') { should include 'sshd' }
+  end
+
+  describe port(65432) do
+    it { should_not be_listening }
   end
 end

data/test/integration/test/integration/default/service_spec.rb

@@ -17,6 +17,9 @@ elsif ['windows'].include?(os[:family])
   # Ubuntu
   unavailable_service = 'sshd'
   available_service = 'dhcp'
+elsif ['aix'].include?(os[:family])
+  unavailable_service = 'clamav'
+  available_service = 'xntpd'
 end
 
 describe service(unavailable_service) do

data/test/integration/test/integration/default/user_spec.rb

@@ -1,8 +1,7 @@
 # encoding: utf-8
 
-# root test
-if ['centos', 'fedora', 'opensuse', 'debian', 'ubuntu'].include?(os[:family])
-
+case os[:family]
+when 'centos', 'redhat', 'fedora', 'opensuse', 'debian', 'ubuntu'
   userinfo = {
     name: 'root',
     group: 'root',
@@ -14,10 +13,10 @@ if ['centos', 'fedora', 'opensuse', 'debian', 'ubuntu'].include?(os[:family])
   }
 
   # different groupset for centos 5
-  userinfo[:groups] = ["root", "bin", "daemon", "sys", "adm", "disk", "wheel"] if os[:release].to_i == 5
-
-elsif ['freebsd'].include?(os[:family])
+  userinfo[:groups] = ["root", "bin", "daemon", "sys", "adm", "disk", "wheel"] \
+    if os[:release].to_i == 5
 
+when 'freebsd'
   userinfo = {
     name: 'root',
     group: 'wheel',
@@ -28,8 +27,7 @@ elsif ['freebsd'].include?(os[:family])
     shell: '/bin/csh',
   }
 
-elsif ['windows'].include?(os[:family])
-
+when 'windows'
   userinfo = {
     name: 'Administrator',
     group: nil,
@@ -40,23 +38,35 @@ elsif ['windows'].include?(os[:family])
     shell: nil,
   }
 
+when 'aix'
+  userinfo = {
+    name:     'bin',
+    group:    'bin',
+    uid:      2,
+    gid:      2,
+    groups:   %w{bin sys adm},
+    home:     '/bin',
+    shell:    nil,
+    #mindays:  0,
+    #maxdays:  0,
+    warndays: 0,
+  }
+
 else
   userinfo = {}
 end
 
-if !os.windows?
+case os[:family]
+when 'windows'
   describe user(userinfo[:name]) do
     it { should exist }
-    it { should belong_to_group userinfo[:group] }
-    its('uid') { should eq userinfo[:uid] }
-    its('gid') { should eq userinfo[:gid] }
-    its('group') { should eq userinfo[:group] }
-    its('groups') { should eq userinfo[:groups] }
-    its('home') { should eq userinfo[:home] }
-    its('shell') { should eq userinfo[:shell] }
   end
 else
   describe user(userinfo[:name]) do
     it { should exist }
+    userinfo.each do |k, v|
+      next if k.to_sym == :name
+      its(k) { should eq v }
+    end
   end
 end