serverspec 0.4.11 → 0.4.12
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/serverspec/backend/exec.rb +1 -1
- data/lib/serverspec/backend/ssh.rb +1 -0
- data/lib/serverspec/commands/base.rb +2 -2
- data/lib/serverspec/commands/gentoo.rb +2 -2
- data/lib/serverspec/commands/linux.rb +3 -3
- data/lib/serverspec/commands/redhat.rb +2 -2
- data/lib/serverspec/commands/solaris.rb +5 -5
- data/lib/serverspec/version.rb +1 -1
- data/spec/debian/commands_spec.rb +1 -1
- data/spec/gentoo/commands_spec.rb +2 -2
- data/spec/redhat/commands_spec.rb +5 -5
- data/spec/solaris/commands_spec.rb +8 -8
- data/spec/support/shared_commands_examples.rb +9 -9
- metadata +1 -1
@@ -10,7 +10,7 @@ module Serverspec
|
|
10
10
|
end
|
11
11
|
|
12
12
|
def run_command(cmd, opts={})
|
13
|
-
stdout =
|
13
|
+
stdout = `PATH=/sbin:/usr/sbin:$PATH #{cmd} 2>&1`
|
14
14
|
# In ruby 1.9, it is possible to use Open3.capture3, but not in 1.8
|
15
15
|
#stdout, stderr, status = Open3.capture3(cmd)
|
16
16
|
|
@@ -19,7 +19,7 @@ module Serverspec
|
|
19
19
|
end
|
20
20
|
|
21
21
|
def check_routing_table destination
|
22
|
-
"
|
22
|
+
"ip route | grep -E '^#{destination} |^default '"
|
23
23
|
end
|
24
24
|
|
25
25
|
def check_reachable host, port, proto, timeout
|
@@ -66,7 +66,7 @@ module Serverspec
|
|
66
66
|
end
|
67
67
|
|
68
68
|
def check_running service
|
69
|
-
"
|
69
|
+
"service #{escape(service)} status"
|
70
70
|
end
|
71
71
|
|
72
72
|
def check_running_under_supervisor service
|
@@ -3,11 +3,11 @@ module Serverspec
|
|
3
3
|
class Gentoo < Linux
|
4
4
|
def check_enabled service
|
5
5
|
regexp = "^\\s*#{service}\\s*|\\s*\\(boot\\|default\\)"
|
6
|
-
"
|
6
|
+
"rc-update show | grep -- #{escape(regexp)}"
|
7
7
|
end
|
8
8
|
|
9
9
|
def check_installed package
|
10
|
-
"
|
10
|
+
"eix #{escape(package)} --installed"
|
11
11
|
end
|
12
12
|
|
13
13
|
def check_running service
|
@@ -6,11 +6,11 @@ module Serverspec
|
|
6
6
|
class NotImplementedError < Exception; end
|
7
7
|
|
8
8
|
def check_access_by_user file, user, access
|
9
|
-
"su -s
|
9
|
+
"su -s sh -c \"test -#{access} #{file}\" #{user}"
|
10
10
|
end
|
11
11
|
|
12
12
|
def check_iptables_rule rule, table=nil, chain=nil
|
13
|
-
cmd = "
|
13
|
+
cmd = "iptables"
|
14
14
|
cmd += " -t #{escape(table)}" if table
|
15
15
|
cmd += " -S"
|
16
16
|
cmd += " #{escape(chain)}" if chain
|
@@ -19,7 +19,7 @@ module Serverspec
|
|
19
19
|
end
|
20
20
|
|
21
21
|
def check_selinux mode
|
22
|
-
"
|
22
|
+
"getenforce | grep -i -- #{escape(mode)}"
|
23
23
|
end
|
24
24
|
end
|
25
25
|
end
|
@@ -3,11 +3,11 @@ module Serverspec
|
|
3
3
|
class RedHat < Linux
|
4
4
|
def check_access_by_user file, user, access
|
5
5
|
# Redhat-specific
|
6
|
-
"
|
6
|
+
"runuser -s sh -c \"test -#{access} #{file}\" #{user}"
|
7
7
|
end
|
8
8
|
|
9
9
|
def check_enabled service
|
10
|
-
"
|
10
|
+
"chkconfig --list #{escape(service)} | grep 3:on"
|
11
11
|
end
|
12
12
|
|
13
13
|
def check_installed package
|
@@ -29,24 +29,24 @@ module Serverspec
|
|
29
29
|
|
30
30
|
def check_zfs zfs, property=nil
|
31
31
|
if property.nil?
|
32
|
-
"
|
32
|
+
"zfs list -H #{escape(zfs)}"
|
33
33
|
else
|
34
34
|
commands = []
|
35
35
|
property.sort.each do |key, value|
|
36
36
|
regexp = "^#{value}$"
|
37
|
-
commands << "
|
37
|
+
commands << "zfs list -H -o #{escape(key)} #{escape(zfs)} | grep -- #{escape(regexp)}"
|
38
38
|
end
|
39
39
|
commands.join(' && ')
|
40
40
|
end
|
41
41
|
end
|
42
42
|
|
43
43
|
def check_ipfilter_rule rule
|
44
|
-
"
|
44
|
+
"ipfstat -io 2> /dev/null | grep -- #{escape(rule)}"
|
45
45
|
end
|
46
46
|
|
47
47
|
def check_ipnat_rule rule
|
48
48
|
regexp = "^#{rule}$"
|
49
|
-
"
|
49
|
+
"ipnat -l 2> /dev/null | grep -- #{escape(regexp)}"
|
50
50
|
end
|
51
51
|
|
52
52
|
def check_svcprop svc, property, value
|
@@ -91,7 +91,7 @@ module Serverspec
|
|
91
91
|
# http://docs.oracle.com/cd/E23823_01/html/816-5166/su-1m.html
|
92
92
|
## No need for login shell as it seems that behavior as superuser is favorable for us, but needs
|
93
93
|
## to be better tested under real solaris env
|
94
|
-
"su #{user} -c \"
|
94
|
+
"su #{user} -c \"test -#{access} #{file}\""
|
95
95
|
end
|
96
96
|
end
|
97
97
|
end
|
data/lib/serverspec/version.rb
CHANGED
@@ -56,12 +56,12 @@ end
|
|
56
56
|
|
57
57
|
describe 'check_enabled' do
|
58
58
|
subject { commands.check_enabled('httpd') }
|
59
|
-
it { should eq "
|
59
|
+
it { should eq "rc-update show | grep -- \\^\\\\s\\*httpd\\\\s\\*\\|\\\\s\\*\\\\\\(boot\\\\\\|default\\\\\\)" }
|
60
60
|
end
|
61
61
|
|
62
62
|
describe 'check_installed' do
|
63
63
|
subject { commands.check_installed('httpd') }
|
64
|
-
it { should eq '
|
64
|
+
it { should eq 'eix httpd --installed' }
|
65
65
|
end
|
66
66
|
|
67
67
|
describe 'check_running' do
|
@@ -54,7 +54,7 @@ end
|
|
54
54
|
|
55
55
|
describe 'check_enabled' do
|
56
56
|
subject { commands.check_enabled('httpd') }
|
57
|
-
it { should eq '
|
57
|
+
it { should eq 'chkconfig --list httpd | grep 3:on' }
|
58
58
|
end
|
59
59
|
|
60
60
|
describe 'check_installed' do
|
@@ -64,22 +64,22 @@ end
|
|
64
64
|
|
65
65
|
describe 'check_running' do
|
66
66
|
subject { commands.check_running('httpd') }
|
67
|
-
it { should eq '
|
67
|
+
it { should eq 'service httpd status' }
|
68
68
|
end
|
69
69
|
|
70
70
|
describe 'check_access_by_user' do
|
71
71
|
context 'read access' do
|
72
72
|
subject {commands.check_access_by_user '/tmp/something', 'dummyuser1', 'r'}
|
73
|
-
it { should eq '
|
73
|
+
it { should eq 'runuser -s sh -c "test -r /tmp/something" dummyuser1' }
|
74
74
|
end
|
75
75
|
|
76
76
|
context 'write access' do
|
77
77
|
subject {commands.check_access_by_user '/tmp/somethingw', 'dummyuser2', 'w'}
|
78
|
-
it { should eq '
|
78
|
+
it { should eq 'runuser -s sh -c "test -w /tmp/somethingw" dummyuser2' }
|
79
79
|
end
|
80
80
|
|
81
81
|
context 'execute access' do
|
82
82
|
subject {commands.check_access_by_user '/tmp/somethingx', 'dummyuser3', 'x'}
|
83
|
-
it { should eq '
|
83
|
+
it { should eq 'runuser -s sh -c "test -x /tmp/somethingx" dummyuser3' }
|
84
84
|
end
|
85
85
|
end
|
@@ -108,28 +108,28 @@ end
|
|
108
108
|
describe 'check_zfs' do
|
109
109
|
context 'check without properties' do
|
110
110
|
subject { commands.check_zfs('rpool') }
|
111
|
-
it { should eq "
|
111
|
+
it { should eq "zfs list -H rpool" }
|
112
112
|
end
|
113
113
|
|
114
114
|
context 'check with a property' do
|
115
115
|
subject { commands.check_zfs('rpool', { 'mountpoint' => '/rpool' }) }
|
116
|
-
it { should eq "
|
116
|
+
it { should eq "zfs list -H -o mountpoint rpool | grep -- \\^/rpool\\$" }
|
117
117
|
end
|
118
118
|
|
119
119
|
context 'check with multiple properties' do
|
120
120
|
subject { commands.check_zfs('rpool', { 'mountpoint' => '/rpool', 'compression' => 'off' }) }
|
121
|
-
it { should eq "
|
121
|
+
it { should eq "zfs list -H -o compression rpool | grep -- \\^off\\$ && zfs list -H -o mountpoint rpool | grep -- \\^/rpool\\$" }
|
122
122
|
end
|
123
123
|
end
|
124
124
|
|
125
125
|
describe 'check_ip_filter_rule' do
|
126
126
|
subject { commands.check_ipfilter_rule('pass in quick on lo0 all') }
|
127
|
-
it { should eq "
|
127
|
+
it { should eq "ipfstat -io 2> /dev/null | grep -- pass\\ in\\ quick\\ on\\ lo0\\ all" }
|
128
128
|
end
|
129
129
|
|
130
130
|
describe 'check_ipnat_rule' do
|
131
131
|
subject { commands.check_ipnat_rule('map net1 192.168.0.0/24 -> 0.0.0.0/32') }
|
132
|
-
it { should eq "
|
132
|
+
it { should eq "ipnat -l 2> /dev/null | grep -- \\^map\\ net1\\ 192.168.0.0/24\\ -\\>\\ 0.0.0.0/32\\$" }
|
133
133
|
end
|
134
134
|
|
135
135
|
describe 'check_svcprop' do
|
@@ -150,16 +150,16 @@ end
|
|
150
150
|
describe 'check_access_by_user' do
|
151
151
|
context 'read access' do
|
152
152
|
subject {commands.check_access_by_user '/tmp/something', 'dummyuser1', 'r'}
|
153
|
-
it { should eq 'su dummyuser1 -c "
|
153
|
+
it { should eq 'su dummyuser1 -c "test -r /tmp/something"' }
|
154
154
|
end
|
155
155
|
|
156
156
|
context 'write access' do
|
157
157
|
subject {commands.check_access_by_user '/tmp/somethingw', 'dummyuser2', 'w'}
|
158
|
-
it { should eq 'su dummyuser2 -c "
|
158
|
+
it { should eq 'su dummyuser2 -c "test -w /tmp/somethingw"' }
|
159
159
|
end
|
160
160
|
|
161
161
|
context 'execute access' do
|
162
162
|
subject {commands.check_access_by_user '/tmp/somethingx', 'dummyuser3', 'x'}
|
163
|
-
it { should eq 'su dummyuser3 -c "
|
163
|
+
it { should eq 'su dummyuser3 -c "test -x /tmp/somethingx"' }
|
164
164
|
end
|
165
165
|
end
|
@@ -25,7 +25,7 @@ end
|
|
25
25
|
|
26
26
|
shared_examples_for 'support command check_routing_table' do |dest|
|
27
27
|
subject { commands.check_routing_table(dest) }
|
28
|
-
it { should eq "
|
28
|
+
it { should eq "ip route | grep -E '^#{dest} |^default '" }
|
29
29
|
end
|
30
30
|
|
31
31
|
shared_examples_for 'support command check_reachable' do
|
@@ -193,29 +193,29 @@ end
|
|
193
193
|
shared_examples_for 'support command check_iptables' do
|
194
194
|
context 'check a rule without a table and a chain' do
|
195
195
|
subject { commands.check_iptables_rule('-P INPUT ACCEPT') }
|
196
|
-
it { should eq "
|
196
|
+
it { should eq "iptables -S | grep -- -P\\ INPUT\\ ACCEPT" }
|
197
197
|
end
|
198
198
|
|
199
199
|
context 'chack a rule with a table and a chain' do
|
200
200
|
subject { commands.check_iptables_rule('-P INPUT ACCEPT', 'mangle', 'INPUT') }
|
201
|
-
it { should eq "
|
201
|
+
it { should eq "iptables -t mangle -S INPUT | grep -- -P\\ INPUT\\ ACCEPT" }
|
202
202
|
end
|
203
203
|
end
|
204
204
|
|
205
205
|
shared_examples_for 'support command check_selinux' do
|
206
206
|
context 'enforcing' do
|
207
207
|
subject { commands.check_selinux('enforcing') }
|
208
|
-
it { should eq "
|
208
|
+
it { should eq "getenforce | grep -i -- enforcing" }
|
209
209
|
end
|
210
210
|
|
211
211
|
context 'permissive' do
|
212
212
|
subject { commands.check_selinux('permissive') }
|
213
|
-
it { should eq "
|
213
|
+
it { should eq "getenforce | grep -i -- permissive" }
|
214
214
|
end
|
215
215
|
|
216
216
|
context 'disabled' do
|
217
217
|
subject { commands.check_selinux('disabled') }
|
218
|
-
it { should eq "
|
218
|
+
it { should eq "getenforce | grep -i -- disabled" }
|
219
219
|
end
|
220
220
|
end
|
221
221
|
|
@@ -227,16 +227,16 @@ end
|
|
227
227
|
shared_examples_for 'support command check_access_by_user' do
|
228
228
|
context 'read access' do
|
229
229
|
subject {commands.check_access_by_user '/tmp/something', 'dummyuser1', 'r'}
|
230
|
-
it { should eq 'su -s
|
230
|
+
it { should eq 'su -s sh -c "test -r /tmp/something" dummyuser1' }
|
231
231
|
end
|
232
232
|
|
233
233
|
context 'write access' do
|
234
234
|
subject {commands.check_access_by_user '/tmp/somethingw', 'dummyuser2', 'w'}
|
235
|
-
it { should eq 'su -s
|
235
|
+
it { should eq 'su -s sh -c "test -w /tmp/somethingw" dummyuser2' }
|
236
236
|
end
|
237
237
|
|
238
238
|
context 'execute access' do
|
239
239
|
subject {commands.check_access_by_user '/tmp/somethingx', 'dummyuser3', 'x'}
|
240
|
-
it { should eq 'su -s
|
240
|
+
it { should eq 'su -s sh -c "test -x /tmp/somethingx" dummyuser3' }
|
241
241
|
end
|
242
242
|
end
|