serverspec 0.12.0 → 0.13.0
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/serverspec.rb +0 -16
- data/lib/serverspec/version.rb +1 -1
- data/serverspec.gemspec +1 -1
- data/spec/backend/exec/configuration_spec.rb +7 -0
- data/spec/windows/file_spec.rb +1 -1
- data/spec/windows/group_spec.rb +1 -2
- data/spec/windows/user_spec.rb +1 -1
- metadata +120 -109
- checksums.yaml +0 -7
- data/lib/serverspec/commands/aix.rb +0 -69
- data/lib/serverspec/commands/base.rb +0 -305
- data/lib/serverspec/commands/darwin.rb +0 -42
- data/lib/serverspec/commands/debian.rb +0 -24
- data/lib/serverspec/commands/freebsd.rb +0 -23
- data/lib/serverspec/commands/gentoo.rb +0 -18
- data/lib/serverspec/commands/linux.rb +0 -70
- data/lib/serverspec/commands/plamo.rb +0 -21
- data/lib/serverspec/commands/redhat.rb +0 -32
- data/lib/serverspec/commands/smartos.rb +0 -21
- data/lib/serverspec/commands/solaris.rb +0 -117
- data/lib/serverspec/commands/solaris10.rb +0 -78
- data/lib/serverspec/commands/solaris11.rb +0 -7
- data/lib/serverspec/commands/windows.rb +0 -213
@@ -1,42 +0,0 @@
|
|
1
|
-
require 'shellwords'
|
2
|
-
|
3
|
-
module Serverspec
|
4
|
-
module Commands
|
5
|
-
class Darwin < Base
|
6
|
-
def check_file_md5checksum(file, expected)
|
7
|
-
"openssl md5 #{escape(file)} | cut -d'=' -f2 | cut -c 2- | grep -E ^#{escape(expected)}$"
|
8
|
-
end
|
9
|
-
|
10
|
-
def check_file_sha256checksum(file, expected)
|
11
|
-
"openssl sha256 #{escape(file)} | cut -d'=' -f2 | cut -c 2- | grep -E ^#{escape(expected)}$"
|
12
|
-
end
|
13
|
-
|
14
|
-
def check_link(link, target)
|
15
|
-
"stat -f %Y #{escape(link)} | grep -- #{escape(target)}"
|
16
|
-
end
|
17
|
-
|
18
|
-
def check_mode(file, mode)
|
19
|
-
regexp = "^#{mode}$"
|
20
|
-
"stat -f%Lp #{escape(file)} | grep -- #{escape(regexp)}"
|
21
|
-
end
|
22
|
-
|
23
|
-
def check_owner(file, owner)
|
24
|
-
regexp = "^#{owner}$"
|
25
|
-
"stat -f %Su #{escape(file)} | grep -- #{escape(regexp)}"
|
26
|
-
end
|
27
|
-
|
28
|
-
def check_grouped(file, group)
|
29
|
-
regexp = "^#{group}$"
|
30
|
-
"stat -f %Sg #{escape(file)} | grep -- #{escape(regexp)}"
|
31
|
-
end
|
32
|
-
|
33
|
-
def get_mode(file)
|
34
|
-
"stat -f%Lp #{escape(file)}"
|
35
|
-
end
|
36
|
-
|
37
|
-
def check_access_by_user(file, user, access)
|
38
|
-
"sudo -u #{user} -s /bin/test -#{access} #{file}"
|
39
|
-
end
|
40
|
-
end
|
41
|
-
end
|
42
|
-
end
|
@@ -1,24 +0,0 @@
|
|
1
|
-
module Serverspec
|
2
|
-
module Commands
|
3
|
-
class Debian < Linux
|
4
|
-
def check_enabled(service, level=3)
|
5
|
-
# Until everything uses Upstart, this needs an OR.
|
6
|
-
"ls /etc/rc#{level}.d/ | grep -- #{escape(service)} || grep 'start on' /etc/init/#{escape(service)}.conf"
|
7
|
-
end
|
8
|
-
|
9
|
-
def check_installed(package, version=nil)
|
10
|
-
escaped_package = escape(package)
|
11
|
-
cmd = "dpkg -s #{escaped_package} && ! dpkg -s #{escaped_package} | grep -E '^Status: .+ not-installed$'"
|
12
|
-
if version
|
13
|
-
cmd = "#{cmd} && dpkg -s #{escaped_package} | grep -E '^Version: #{escape(version)}$'"
|
14
|
-
end
|
15
|
-
cmd
|
16
|
-
end
|
17
|
-
|
18
|
-
def check_running(service)
|
19
|
-
# This is compatible with Debian >Jaunty and Ubuntu derivatives
|
20
|
-
"service #{escape(service)} status | grep 'running'"
|
21
|
-
end
|
22
|
-
end
|
23
|
-
end
|
24
|
-
end
|
@@ -1,23 +0,0 @@
|
|
1
|
-
module Serverspec
|
2
|
-
module Commands
|
3
|
-
class FreeBSD < Base
|
4
|
-
def check_enabled(service, level=3)
|
5
|
-
"service -e | grep -- #{escape(service)}"
|
6
|
-
end
|
7
|
-
|
8
|
-
def check_installed(package, version=nil)
|
9
|
-
"pkg_info -Ix #{escape(package)}"
|
10
|
-
end
|
11
|
-
|
12
|
-
def check_listening(port)
|
13
|
-
regexp = ":#{port} "
|
14
|
-
"sockstat -46l -p #{port} | grep -- #{escape(regexp)}"
|
15
|
-
end
|
16
|
-
|
17
|
-
def check_mode(file, mode)
|
18
|
-
regexp = "^#{mode}$"
|
19
|
-
"stat -f%Lp #{escape(file)} | grep -- #{escape(regexp)}"
|
20
|
-
end
|
21
|
-
end
|
22
|
-
end
|
23
|
-
end
|
@@ -1,18 +0,0 @@
|
|
1
|
-
module Serverspec
|
2
|
-
module Commands
|
3
|
-
class Gentoo < Linux
|
4
|
-
def check_enabled(service, level=3)
|
5
|
-
regexp = "^\\s*#{service}\\s*|\\s*\\(boot\\|default\\)"
|
6
|
-
"rc-update show | grep -- #{escape(regexp)}"
|
7
|
-
end
|
8
|
-
|
9
|
-
def check_installed(package, version=nil)
|
10
|
-
"eix #{escape(package)} --installed"
|
11
|
-
end
|
12
|
-
|
13
|
-
def check_running(service)
|
14
|
-
"/etc/init.d/#{escape(service)} status"
|
15
|
-
end
|
16
|
-
end
|
17
|
-
end
|
18
|
-
end
|
@@ -1,70 +0,0 @@
|
|
1
|
-
require 'shellwords'
|
2
|
-
|
3
|
-
module Serverspec
|
4
|
-
module Commands
|
5
|
-
class Linux < Base
|
6
|
-
def check_access_by_user(file, user, access)
|
7
|
-
"su -s /bin/sh -c \"test -#{access} #{file}\" #{user}"
|
8
|
-
end
|
9
|
-
|
10
|
-
def check_iptables_rule(rule, table=nil, chain=nil)
|
11
|
-
cmd = "iptables"
|
12
|
-
cmd += " -t #{escape(table)}" if table
|
13
|
-
cmd += " -S"
|
14
|
-
cmd += " #{escape(chain)}" if chain
|
15
|
-
cmd += " | grep -- #{escape(rule)}"
|
16
|
-
cmd
|
17
|
-
end
|
18
|
-
|
19
|
-
def check_selinux(mode)
|
20
|
-
cmd = ""
|
21
|
-
cmd += "test ! -f /etc/selinux/config || (" if mode == "disabled"
|
22
|
-
cmd += "getenforce | grep -i -- #{escape(mode)} "
|
23
|
-
cmd += "&& grep -i -- ^SELINUX=#{escape(mode)}$ /etc/selinux/config"
|
24
|
-
cmd += ")" if mode == "disabled"
|
25
|
-
cmd
|
26
|
-
end
|
27
|
-
|
28
|
-
def check_kernel_module_loaded(name)
|
29
|
-
"lsmod | grep ^#{name}"
|
30
|
-
end
|
31
|
-
|
32
|
-
def get_interface_speed_of(name)
|
33
|
-
"ethtool #{name} | grep Speed | gawk '{print gensub(/Speed: ([0-9]+)Mb\\\/s/,\"\\\\1\",\"\")}'"
|
34
|
-
end
|
35
|
-
|
36
|
-
def check_ipv4_address(interface, ip_address)
|
37
|
-
ip_address = ip_address.dup
|
38
|
-
if ip_address =~ /\/\d+$/
|
39
|
-
ip_address << " "
|
40
|
-
else
|
41
|
-
ip_address << "/"
|
42
|
-
end
|
43
|
-
ip_address.gsub!(".", "\\.")
|
44
|
-
"ip addr show #{interface} | grep 'inet #{ip_address}'"
|
45
|
-
end
|
46
|
-
|
47
|
-
def check_zfs(zfs, property=nil)
|
48
|
-
if property.nil?
|
49
|
-
"zfs list -H #{escape(zfs)}"
|
50
|
-
else
|
51
|
-
commands = []
|
52
|
-
property.sort.each do |key, value|
|
53
|
-
regexp = "^#{value}$"
|
54
|
-
commands << "zfs list -H -o #{escape(key)} #{escape(zfs)} | grep -- #{escape(regexp)}"
|
55
|
-
end
|
56
|
-
commands.join(' && ')
|
57
|
-
end
|
58
|
-
end
|
59
|
-
|
60
|
-
def check_container(container)
|
61
|
-
"lxc-ls -1 | grep -w #{escape(container)}"
|
62
|
-
end
|
63
|
-
|
64
|
-
def check_container_running(container)
|
65
|
-
"lxc-info -n #{escape(container)} -t RUNNING"
|
66
|
-
end
|
67
|
-
|
68
|
-
end
|
69
|
-
end
|
70
|
-
end
|
@@ -1,21 +0,0 @@
|
|
1
|
-
module Serverspec
|
2
|
-
module Commands
|
3
|
-
class Plamo < Linux
|
4
|
-
|
5
|
-
def check_enabled(service, level=3)
|
6
|
-
# This check is not necessarily detected whether service is enabled or not
|
7
|
-
# TODO: check rc.inet2 $SERV variable
|
8
|
-
"test -x /etc/rc.d/init.d/#{escape(service)}"
|
9
|
-
end
|
10
|
-
|
11
|
-
def check_installed(package, version=nil)
|
12
|
-
cmd = "ls /var/log/packages/#{escape(package)}"
|
13
|
-
if version
|
14
|
-
cmd = "#{cmd} && grep -E \"PACKAGE NAME:.+#{escape(package)}-#{escape(version)}\" /var/log/packages/#{escape(package)}"
|
15
|
-
end
|
16
|
-
cmd
|
17
|
-
end
|
18
|
-
|
19
|
-
end
|
20
|
-
end
|
21
|
-
end
|
@@ -1,32 +0,0 @@
|
|
1
|
-
module Serverspec
|
2
|
-
module Commands
|
3
|
-
class RedHat < Linux
|
4
|
-
def check_access_by_user(file, user, access)
|
5
|
-
# Redhat-specific
|
6
|
-
"runuser -s /bin/sh -c \"test -#{access} #{file}\" #{user}"
|
7
|
-
end
|
8
|
-
|
9
|
-
def check_enabled(service, level=3)
|
10
|
-
"chkconfig --list #{escape(service)} | grep #{level}:on"
|
11
|
-
end
|
12
|
-
|
13
|
-
def check_yumrepo(repository)
|
14
|
-
"yum repolist all -C | grep ^#{escape(repository)}"
|
15
|
-
end
|
16
|
-
|
17
|
-
def check_yumrepo_enabled(repository)
|
18
|
-
"yum repolist all -C | grep ^#{escape(repository)} | grep enabled"
|
19
|
-
end
|
20
|
-
|
21
|
-
def check_installed(package,version=nil)
|
22
|
-
cmd = "rpm -q #{escape(package)}"
|
23
|
-
if version
|
24
|
-
cmd = "#{cmd} | grep -w -- #{escape(version)}"
|
25
|
-
end
|
26
|
-
cmd
|
27
|
-
end
|
28
|
-
|
29
|
-
alias :check_installed_by_rpm :check_installed
|
30
|
-
end
|
31
|
-
end
|
32
|
-
end
|
@@ -1,21 +0,0 @@
|
|
1
|
-
module Serverspec
|
2
|
-
module Commands
|
3
|
-
class SmartOS < Serverspec::Commands::Solaris
|
4
|
-
def check_installed(package, version=nil)
|
5
|
-
cmd = "/opt/local/bin/pkgin list 2> /dev/null | grep -qw ^#{escape(package)}"
|
6
|
-
if version
|
7
|
-
cmd = "#{cmd}-#{escape(version)}"
|
8
|
-
end
|
9
|
-
cmd
|
10
|
-
end
|
11
|
-
|
12
|
-
def check_enabled(service, level=3)
|
13
|
-
"svcs -l #{escape(service)} 2> /dev/null | grep -wx '^enabled.*true$'"
|
14
|
-
end
|
15
|
-
|
16
|
-
def check_running(service)
|
17
|
-
"svcs -l #{escape(service)} status 2> /dev/null |grep -wx '^state.*online$'"
|
18
|
-
end
|
19
|
-
end
|
20
|
-
end
|
21
|
-
end
|
@@ -1,117 +0,0 @@
|
|
1
|
-
module Serverspec
|
2
|
-
module Commands
|
3
|
-
class Solaris < Base
|
4
|
-
def check_enabled(service, level=3)
|
5
|
-
"svcs -l #{escape(service)} 2> /dev/null | egrep '^enabled *true$'"
|
6
|
-
end
|
7
|
-
|
8
|
-
def check_installed(package, version=nil)
|
9
|
-
cmd = "pkg list -H #{escape(package)} 2> /dev/null"
|
10
|
-
if version
|
11
|
-
cmd = "#{cmd} | grep -qw -- #{escape(version)}"
|
12
|
-
end
|
13
|
-
cmd
|
14
|
-
end
|
15
|
-
|
16
|
-
def check_listening(port)
|
17
|
-
regexp = "\\.#{port} "
|
18
|
-
"netstat -an 2> /dev/null | grep -- LISTEN | grep -- #{escape(regexp)}"
|
19
|
-
end
|
20
|
-
|
21
|
-
def check_listening_with_protocol(port, protocol)
|
22
|
-
regexp = ".*\\.#{port} "
|
23
|
-
"netstat -an -P #{escape(protocol)} 2> /dev/null | grep -- LISTEN | grep -- #{escape(regexp)}"
|
24
|
-
end
|
25
|
-
|
26
|
-
def check_running(service)
|
27
|
-
"svcs -l #{escape(service)} status 2> /dev/null | egrep '^state *online$'"
|
28
|
-
end
|
29
|
-
|
30
|
-
def check_cron_entry(user, entry)
|
31
|
-
entry_escaped = entry.gsub(/\*/, '\\*')
|
32
|
-
if user.nil?
|
33
|
-
"crontab -l | grep -- #{escape(entry_escaped)}"
|
34
|
-
else
|
35
|
-
"crontab -l #{escape(user)} | grep -- #{escape(entry_escaped)}"
|
36
|
-
end
|
37
|
-
end
|
38
|
-
|
39
|
-
def check_zfs(zfs, property=nil)
|
40
|
-
if property.nil?
|
41
|
-
"zfs list -H #{escape(zfs)}"
|
42
|
-
else
|
43
|
-
commands = []
|
44
|
-
property.sort.each do |key, value|
|
45
|
-
regexp = "^#{value}$"
|
46
|
-
commands << "zfs list -H -o #{escape(key)} #{escape(zfs)} | grep -- #{escape(regexp)}"
|
47
|
-
end
|
48
|
-
commands.join(' && ')
|
49
|
-
end
|
50
|
-
end
|
51
|
-
|
52
|
-
def check_ipfilter_rule(rule)
|
53
|
-
"ipfstat -io 2> /dev/null | grep -- #{escape(rule)}"
|
54
|
-
end
|
55
|
-
|
56
|
-
def check_ipnat_rule(rule)
|
57
|
-
regexp = "^#{rule}$"
|
58
|
-
"ipnat -l 2> /dev/null | grep -- #{escape(regexp)}"
|
59
|
-
end
|
60
|
-
|
61
|
-
def check_svcprop(svc, property, value)
|
62
|
-
regexp = "^#{value}$"
|
63
|
-
"svcprop -p #{escape(property)} #{escape(svc)} | grep -- #{escape(regexp)}"
|
64
|
-
end
|
65
|
-
|
66
|
-
def check_svcprops(svc, property)
|
67
|
-
commands = []
|
68
|
-
property.sort.each do |key, value|
|
69
|
-
regexp = "^#{value}$"
|
70
|
-
commands << "svcprop -p #{escape(key)} #{escape(svc)} | grep -- #{escape(regexp)}"
|
71
|
-
end
|
72
|
-
commands.join(' && ')
|
73
|
-
end
|
74
|
-
|
75
|
-
def check_file_contain_within(file, expected_pattern, from=nil, to=nil)
|
76
|
-
from ||= '1'
|
77
|
-
to ||= '$'
|
78
|
-
sed = "sed -n #{escape(from)},#{escape(to)}p #{escape(file)}"
|
79
|
-
checker_with_regexp = check_file_contain_with_regexp("/dev/stdin", expected_pattern)
|
80
|
-
checker_with_fixed = check_file_contain_with_fixed_strings("/dev/stdin", expected_pattern)
|
81
|
-
"#{sed} | #{checker_with_regexp} || #{sed} | #{checker_with_fixed}"
|
82
|
-
end
|
83
|
-
|
84
|
-
def check_belonging_group(user, group)
|
85
|
-
"id -Gn #{escape(user)} | grep -- #{escape(group)}"
|
86
|
-
end
|
87
|
-
|
88
|
-
def check_gid(group, gid)
|
89
|
-
regexp = "^#{group}:"
|
90
|
-
"getent group | grep -- #{escape(regexp)} | cut -f 3 -d ':' | grep -w -- #{escape(gid)}"
|
91
|
-
end
|
92
|
-
|
93
|
-
def check_home_directory(user, path_to_home)
|
94
|
-
"getent passwd #{escape(user)} | cut -f 6 -d ':' | grep -w -- #{escape(path_to_home)}"
|
95
|
-
end
|
96
|
-
|
97
|
-
def check_login_shell(user, path_to_shell)
|
98
|
-
"getent passwd #{escape(user)} | cut -f 7 -d ':' | grep -w -- #{escape(path_to_shell)}"
|
99
|
-
end
|
100
|
-
|
101
|
-
def check_access_by_user(file, user, access)
|
102
|
-
# http://docs.oracle.com/cd/E23823_01/html/816-5166/su-1m.html
|
103
|
-
## No need for login shell as it seems that behavior as superuser is favorable for us, but needs
|
104
|
-
## to be better tested under real solaris env
|
105
|
-
"su #{user} -c \"test -#{access} #{file}\""
|
106
|
-
end
|
107
|
-
|
108
|
-
def check_reachable(host, port, proto, timeout)
|
109
|
-
if port.nil?
|
110
|
-
"ping -n #{escape(host)} #{escape(timeout)}"
|
111
|
-
else
|
112
|
-
"nc -vvvvz#{escape(proto[0].chr)} -w #{escape(timeout)} #{escape(host)} #{escape(port)}"
|
113
|
-
end
|
114
|
-
end
|
115
|
-
end
|
116
|
-
end
|
117
|
-
end
|
@@ -1,78 +0,0 @@
|
|
1
|
-
module Serverspec
|
2
|
-
module Commands
|
3
|
-
class Solaris10 < Solaris
|
4
|
-
# Please implement Solaris 10 specific commands
|
5
|
-
|
6
|
-
# reference: http://perldoc.perl.org/functions/stat.html
|
7
|
-
def check_mode(file, mode)
|
8
|
-
regexp = "^#{mode}$"
|
9
|
-
"perl -e 'printf \"%o\", (stat shift)[2]&07777' #{escape(file)} | grep -- #{escape(regexp)}"
|
10
|
-
end
|
11
|
-
|
12
|
-
# reference: http://perldoc.perl.org/functions/stat.html
|
13
|
-
# http://www.tutorialspoint.com/perl/perl_getpwuid.htm
|
14
|
-
def check_owner(file, owner)
|
15
|
-
regexp = "^#{owner}$"
|
16
|
-
"perl -e 'printf \"%s\", getpwuid((stat(\"#{escape(file)}\"))[4])' | grep -- #{escape(regexp)}"
|
17
|
-
end
|
18
|
-
|
19
|
-
def check_group(group)
|
20
|
-
"getent group | grep -w -- #{escape(group)}"
|
21
|
-
end
|
22
|
-
|
23
|
-
# reference: http://perldoc.perl.org/functions/stat.html
|
24
|
-
# http://www.tutorialspoint.com/perl/perl_getgrgid.htm
|
25
|
-
def check_grouped(file, group)
|
26
|
-
regexp = "^#{group}$"
|
27
|
-
"perl -e 'printf \"%s\", getgrgid((stat(\"#{escape(file)}\"))[5])' | grep -- #{escape(regexp)}"
|
28
|
-
end
|
29
|
-
|
30
|
-
# reference: http://www.tutorialspoint.com/perl/perl_readlink.htm
|
31
|
-
def check_link(link, target)
|
32
|
-
regexp = "^#{target}$"
|
33
|
-
"perl -e 'printf \"%s\", readlink(\"#{escape(link)}\")' | grep -- #{escape(regexp)}"
|
34
|
-
end
|
35
|
-
|
36
|
-
# reference: http://perldoc.perl.org/functions/stat.html
|
37
|
-
def get_mode(file)
|
38
|
-
"perl -e 'printf \"%o\", (stat shift)[2]&07777' #{escape(file)}"
|
39
|
-
end
|
40
|
-
|
41
|
-
def check_file_contain(file, expected_pattern)
|
42
|
-
"grep -- #{escape(expected_pattern)} #{escape(file)}"
|
43
|
-
end
|
44
|
-
|
45
|
-
def check_reachable(host, port, proto, timeout)
|
46
|
-
if port.nil?
|
47
|
-
"ping -n #{escape(host)} #{escape(timeout)}"
|
48
|
-
elsif proto == 'tcp'
|
49
|
-
"echo 'quit' | mconnect -p #{escape(port)} #{escape(host)} > /dev/null 2>&1"
|
50
|
-
else
|
51
|
-
raise NotImplementedError.new
|
52
|
-
end
|
53
|
-
end
|
54
|
-
|
55
|
-
def check_installed(package, version=nil)
|
56
|
-
cmd = "pkginfo -q #{escape(package)}"
|
57
|
-
if version
|
58
|
-
cmd = "#{cmd} | grep -- #{escape(version)}"
|
59
|
-
end
|
60
|
-
cmd
|
61
|
-
end
|
62
|
-
|
63
|
-
def check_file_md5checksum(file, expected)
|
64
|
-
"digest -a md5 -v #{escape(file)} | grep -iw -- #{escape(expected)}"
|
65
|
-
end
|
66
|
-
|
67
|
-
def check_belonging_group(user, group)
|
68
|
-
"id -ap #{escape(user)} | grep -- #{escape(group)}"
|
69
|
-
end
|
70
|
-
|
71
|
-
def check_authorized_key(user, key)
|
72
|
-
key.sub!(/\s+\S*$/, '') if key.match(/^\S+\s+\S+\s+\S*$/)
|
73
|
-
"grep -- #{escape(key)} ~#{escape(user)}/.ssh/authorized_keys"
|
74
|
-
end
|
75
|
-
|
76
|
-
end
|
77
|
-
end
|
78
|
-
end
|