serverspec 0.4.9 → 0.4.10

data/spec/solaris/commands_spec.rb

@@ -3,103 +3,52 @@ require 'spec_helper'
 include Serverspec::Helper::Solaris
 
 describe 'Serverspec commands of Solaris family' do
+  it_behaves_like 'support command check_file', '/etc/passwd'
+  it_behaves_like 'support command check_directory', '/var/log'
+
   it_behaves_like 'support command check_installed_by_gem', 'jekyll'
   it_behaves_like 'support command check_installed_by_gem', 'jekyll', '1.0.2'
-end
 
-describe 'check_enabled' do
-  subject { commands.check_enabled('httpd') }
-  it { should eq "svcs -l httpd 2> /dev/null | grep 'enabled      true'" }
-end
+  it_behaves_like 'support command check_mounted', '/'
 
-describe 'check_file' do
-  subject { commands.check_file('/etc/passwd') }
-  it { should eq 'test -f /etc/passwd' }
-end
+  it_behaves_like 'support command check_routing_table', '192.168.100.1/24'
+  it_behaves_like 'support command check_reachable'
+  it_behaves_like 'support command check_resolvable'
 
-describe 'check_mounted'  do
-  subject { commands.check_mounted('/') }
-  it { should eq "mount | grep -w -- on\\ /" }
-end
+  it_behaves_like 'support command check_user', 'root'
+  it_behaves_like 'support command check_user', 'wheel'
 
-describe 'check_routing_table' do
-  subject { commands.check_routing_table('192.168.100.0/24') }
-  it { should eq "/sbin/ip route | grep -E '^192.168.100.0/24 |^default '" }
-end
+  it_behaves_like 'support command check_file_md5checksum', '/etc/passewd', '96c8c50f81a29965f7af6de371ab4250'
 
-describe 'check_reachable'  do
-  context "connect with name from /etc/services to localhost" do
-    subject { commands.check_reachable('localhost', 'ssh', 'tcp', 1) }
-    it { should eq "nc -vvvvzt localhost ssh -w 1" }
-  end
-  context "connect with ip and port 11111 and timeout of 5" do
-    subject { commands.check_reachable('127.0.0.1', '11111', 'udp', 5) }
-    it { should eq "nc -vvvvzu 127.0.0.1 11111 -w 5" }
-  end
-  context "do a ping" do
-    subject { commands.check_reachable('127.0.0.1', nil, 'icmp', 1) }
-    it { should eq "ping -n 127.0.0.1 -w 1 -c 2" }
-  end
-end
+  it_behaves_like 'support command check_running_under_supervisor', 'httpd'
+  it_behaves_like 'support command check_process', 'httpd'
 
-describe 'check_resolvable'  do
-  context "resolve localhost by hosts" do
-    subject { commands.check_resolvable('localhost', 'hosts') }
-    it { should eq "grep -w -- localhost /etc/hosts" }
-  end
-  context "resolve localhost by dns" do
-    subject { commands.check_resolvable('localhost', 'dns') }
-    it { should eq "nslookup -timeout=1 localhost" }
-  end
-  context "resolve localhost with default settings" do
-    subject { commands.check_resolvable('localhost',nil) }
-    it { should eq 'getent hosts localhost' }
-  end
-end
+  it_behaves_like 'support command check_file_contain', '/etc/passwd', 'root'
 
-describe 'check_directory' do
-  subject { commands.check_directory('/var/log') }
-  it { should eq 'test -d /var/log' }
-end
-
-describe 'check_user' do
-  subject { commands.check_user('root') }
-  it { should eq 'id root' }
-end
+  it_behaves_like 'support command check_mode', '/etc/sudoers', 440
+  it_behaves_like 'support command check_owner', '/etc/sudoers', 'root'
+  it_behaves_like 'support command check_grouped', '/etc/sudoers', 'wheel'
 
-describe 'check_group' do
-  subject { commands.check_group('wheel') }
-  it { should eq 'getent group | grep -wq -- wheel' }
-end
+  it_behaves_like 'support command check_link', '/etc/system-release', '/etc/redhat-release'
 
-describe 'check_installed' do
-  subject { commands.check_installed('httpd') }
-  it { should eq 'pkg list -H httpd 2> /dev/null' }
-end
+  it_behaves_like 'support command check_uid', 'root', 0
 
-describe 'check_listening' do
-  subject { commands.check_listening(80) }
-  it { should eq "netstat -an 2> /dev/null | egrep 'LISTEN|Idle' | grep -- .80\\ " }
-end
+  it_behaves_like 'support command check_login_shell', 'root', '/bin/bash'
+  it_behaves_like 'support command check_home_directory', 'root', '/root'
 
-describe 'check_running' do
-  subject { commands.check_running('httpd') }
-  it { should eq "svcs -l httpd status 2> /dev/null |grep 'state        online'" }
-end
+  it_behaves_like 'support command check_authorized_key'
 
-describe 'check_running_under_supervisor' do
-  subject { commands.check_running_under_supervisor('httpd') }
-  it { should eq 'supervisorctl status httpd' }
+  it_behaves_like 'support command get_mode'
 end
 
-describe 'check_process' do
-  subject { commands.check_process('httpd') }
-  it { should eq 'ps aux | grep -w -- httpd | grep -qv grep' }
+describe 'check_enabled' do
+  subject { commands.check_enabled('httpd') }
+  it { should eq "svcs -l httpd 2> /dev/null | grep 'enabled      true'" }
 end
 
-describe 'check_file_contain' do
-  subject { commands.check_file_contain('/etc/passwd', 'root') }
-  it { should eq "grep -q -- root /etc/passwd" }
+describe 'check_installed' do
+  subject { commands.check_installed('httpd') }
+  it { should eq 'pkg list -H httpd 2> /dev/null' }
 end
 
 describe 'check_file_contain_within' do
@@ -124,24 +73,14 @@ describe 'check_file_contain_within' do
   end
 end
 
-describe 'check_file_md5checksum' do
-  subject { commands.check_file_md5checksum('/etc/passwd', '96c8c50f81a29965f7af6de371ab4250') }
-  it { should eq "md5sum /etc/passwd | grep -iw -- ^96c8c50f81a29965f7af6de371ab4250" }
-end
-
-describe 'check_mode' do
-  subject { commands.check_mode('/etc/sudoers', 440) }
-  it { should eq 'stat -c %a /etc/sudoers | grep -- \\^440\\$' }
-end
-
-describe 'check_owner' do
-  subject { commands.check_owner('/etc/passwd', 'root') }
-  it { should eq 'stat -c %U /etc/passwd | grep -- \\^root\\$' }
+describe 'check_listening' do
+  subject { commands.check_listening(80) }
+  it { should eq "netstat -an 2> /dev/null | egrep 'LISTEN|Idle' | grep -- .80\\ " }
 end
 
-describe 'check_grouped' do
-  subject { commands.check_grouped('/etc/passwd', 'wheel') }
-  it { should eq 'stat -c %G /etc/passwd | grep -- \\^wheel\\$' }
+describe 'check_running' do
+  subject { commands.check_running('httpd') }
+  it { should eq "svcs -l httpd status 2> /dev/null |grep 'state        online'" }
 end
 
 describe 'check_cron_entry' do
@@ -156,54 +95,16 @@ describe 'check_cron_entry' do
   end
 end
 
-describe 'check_link' do
-  subject { commands.check_link('/etc/system-release', '/etc/redhat-release') }
-  it { should eq 'stat -c %N /etc/system-release | grep -- /etc/redhat-release' }
-end
-
 describe 'check_belonging_group' do
   subject { commands.check_belonging_group('root', 'wheel') }
   it { should eq "id -Gn root | grep -- wheel" }
 end
 
-describe 'have_gid' do
+describe 'check_gid' do
   subject { commands.check_gid('root', 0) }
   it { should eq "getent group | grep -- \\^root: | cut -f 3 -d ':' | grep -w -- 0" }
 end
 
-describe 'have_uid' do
-  subject { commands.check_uid('root', 0) }
-  it { should eq "id root | grep -- \\^uid\\=0\\(" }
-end
-
-describe 'have_login_shell' do
-  subject { commands.check_login_shell('root', '/bin/bash') }
-  it { should eq "getent passwd root | cut -f 7 -d ':' | grep -w -- /bin/bash" }
-end
-
-describe 'have_home_directory' do
-  subject { commands.check_home_directory('root', '/root') }
-  it { should eq "getent passwd root | cut -f 6 -d ':' | grep -w -- /root" }
-end
-
-describe 'have_authorized_key' do
-  key = "ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH"
-  escaped_key = key.gsub(/ /, '\ ')
-
-  context 'with commented publickey' do
-    commented_key = key + " foo@bar.local"
-    subject { commands.check_authorized_key('root', commented_key) }
-    describe 'when command insert publickey is removed comment' do
-      it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
-    end
-  end
-
-  context 'with uncomented publickey' do
-    subject { commands.check_authorized_key('root', key) }
-    it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
-  end
-end
-
 describe 'check_zfs' do
   context 'check without properties' do
     subject { commands.check_zfs('rpool') }
@@ -221,11 +122,6 @@ describe 'check_zfs' do
   end
 end
 
-describe 'get_mode' do
-  subject { commands.get_mode('/dev') }
-  it { should eq 'stat -c %a /dev' }
-end
-
 describe 'check_ip_filter_rule' do
   subject { commands.check_ipfilter_rule('pass in quick on lo0 all') }
   it { should eq "/sbin/ipfstat -io 2> /dev/null | grep -- pass\\ in\\ quick\\ on\\ lo0\\ all" }
@@ -267,4 +163,3 @@ describe 'check_access_by_user' do
     it { should eq 'su dummyuser3 -c "/usr/bin/test -x /tmp/somethingx"' }
   end
 end
-

data/spec/support/shared_commands_examples.rb

@@ -1,13 +1,242 @@
 shared_examples_for 'support command check_installed_by_gem' do |package|
-  describe 'check_installed_by_gem' do
-    subject { commands.check_installed_by_gem(package) }
-    it { should eq "gem list --local | grep -w -- ^#{package}" }
-  end
+  subject { commands.check_installed_by_gem(package) }
+  it { should eq "gem list --local | grep -w -- ^#{package}" }
 end
 
 shared_examples_for 'support command check_installed_by_gem with_version' do |package, version|
-  describe 'check_installed_by_gem with_version' do |package, version|
-    subject { commands.check_installed_by_gem(package) }
-    it { should eq "gem list --local | grep -w -- ^#{package} | grep -w -- ^#{version}" }
+  subject { commands.check_installed_by_gem(package) }
+  it { should eq "gem list --local | grep -w -- ^#{package} | grep -w -- ^#{version}" }
+end
+
+shared_examples_for 'support command check_file' do |file|
+  subject { commands.check_file(file) }
+  it { should eq "test -f #{file}" }
+end
+
+shared_examples_for 'support command check_directory' do |dir|
+  subject { commands.check_directory(dir) }
+  it { should eq "test -d #{dir}" }
+end
+
+shared_examples_for 'support command check_mounted' do |path|
+  subject { commands.check_mounted('/') }
+  it { should eq "mount | grep -w -- on\\ #{path}" }
+end
+
+shared_examples_for 'support command check_routing_table' do |dest|
+  subject { commands.check_routing_table(dest) }
+  it { should eq "/sbin/ip route | grep -E '^#{dest} |^default '" }
+end
+
+shared_examples_for 'support command check_reachable' do
+  context "connect with name from /etc/services to localhost" do
+    subject { commands.check_reachable('localhost', 'ssh', 'tcp', 1) }
+    it { should eq "nc -vvvvzt localhost ssh -w 1" }
+  end
+  context "connect with ip and port 11111 and timeout of 5" do
+    subject { commands.check_reachable('127.0.0.1', '11111', 'udp', 5) }
+    it { should eq "nc -vvvvzu 127.0.0.1 11111 -w 5" }
+  end
+  context "do a ping" do
+    subject { commands.check_reachable('127.0.0.1', nil, 'icmp', 1) }
+    it { should eq "ping -n 127.0.0.1 -w 1 -c 2" }
+  end
+end
+
+shared_examples_for 'support command check_resolvable' do
+  context "resolve localhost by hosts" do
+    subject { commands.check_resolvable('localhost', 'hosts') }
+    it { should eq "grep -w -- localhost /etc/hosts" }
+  end
+  context "resolve localhost by dns" do
+    subject { commands.check_resolvable('localhost', 'dns') }
+    it { should eq "nslookup -timeout=1 localhost" }
+  end
+  context "resolve localhost with default settings" do
+    subject { commands.check_resolvable('localhost',nil) }
+    it { should eq 'getent hosts localhost' }
+  end
+end
+
+shared_examples_for 'support command check_user' do |user|
+  subject { commands.check_user(user) }
+  it { should eq "id #{user}" }
+end
+
+shared_examples_for 'support command check_group' do |group|
+  subject { commands.check_group(group) }
+  it { should eq "getent group | grep -wq -- #{group}" }
+end
+
+shared_examples_for 'support command check_listening' do |port|
+  subject { commands.check_listening(port) }
+  it { should eq "netstat -tunl | grep -- :#{port}\\ " }
+end
+
+shared_examples_for 'support command check_file_md5checksum' do |file, md5sum|
+  subject { commands.check_file_md5checksum(file, md5sum) }
+  it { should eq "md5sum #{file} | grep -iw -- ^#{md5sum}" }
+end
+
+shared_examples_for 'support command check_running_under_supervisor' do |service|
+  subject { commands.check_running_under_supervisor(service) }
+  it { should eq "supervisorctl status #{service}" }
+end
+
+shared_examples_for 'support command check_process' do |process|
+  subject { commands.check_process(process) }
+  it { should eq "ps aux | grep -w -- #{process} | grep -qv grep" }
+end
+
+shared_examples_for 'support command check_file_contain' do |file, content|
+  subject { commands.check_file_contain(file, content) }
+  it { should eq "grep -q -- #{content} #{file}" }
+end
+
+shared_examples_for 'support command check_file_contain_within' do
+  context 'contain a pattern in the file' do
+    subject { commands.check_file_contain_within('Gemfile', 'rspec') }
+    it { should eq "sed -n 1,\\$p Gemfile | grep -q -- rspec -" }
+  end
+
+  context 'contain a pattern after a line in a file' do
+    subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/') }
+    it { should eq "sed -n /\\^group\\ :test\\ do/,\\$p Gemfile | grep -q -- rspec -" }
+  end
+
+  context 'contain a pattern before a line in a file' do
+    subject {commands.check_file_contain_within('Gemfile', 'rspec', nil, '/^end/') }
+    it { should eq "sed -n 1,/\\^end/p Gemfile | grep -q -- rspec -" }
+  end
+
+  context 'contain a pattern from within a line and another line in a file' do
+    subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/', '/^end/') }
+    it { should eq "sed -n /\\^group\\ :test\\ do/,/\\^end/p Gemfile | grep -q -- rspec -" }
+  end
+end
+
+shared_examples_for 'support command check_mode' do |file, mode|
+  subject { commands.check_mode(file, mode) }
+  it { should eq "stat -c %a #{file} | grep -- \\^#{mode}\\$" }
+end
+
+shared_examples_for 'support command check_owner' do |file, owner|
+  subject { commands.check_owner(file, owner) }
+  it { should eq "stat -c %U #{file} | grep -- \\^#{owner}\\$" }
+end
+
+shared_examples_for 'support command check_grouped' do |file, group|
+  subject { commands.check_grouped(file, group) }
+  it { should eq "stat -c %G #{file} | grep -- \\^#{group}\\$" }
+end
+
+shared_examples_for 'support command check_cron_entry' do
+  context 'specify root user' do
+    subject { commands.check_cron_entry('root', '* * * * * /usr/local/bin/batch.sh') }
+    it { should eq 'crontab -u root -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
+  end
+
+  context 'no specified user' do
+    subject { commands.check_cron_entry(nil, '* * * * * /usr/local/bin/batch.sh') }
+    it { should eq 'crontab -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
+  end
+end
+
+shared_examples_for 'support command check_link' do |link, target|
+  subject { commands.check_link(link, target) }
+  it { should eq "stat -c %N #{link} | grep -- #{target}" }
+end
+
+shared_examples_for 'support command check_belonging_group' do |user, group|
+  subject { commands.check_belonging_group(user, group) }
+  it { should eq "id #{user} | awk '{print $3}' | grep -- #{group}" }
+end
+
+shared_examples_for 'support command check_uid' do |user, uid|
+  subject { commands.check_uid('root', 0) }
+  it { should eq "id #{user} | grep -- \\^uid\\=#{uid}\\(" }
+end
+
+shared_examples_for 'support command check_gid' do |group, gid|
+  subject { commands.check_gid('root', 0) }
+  it { should eq "getent group | grep -w -- \\^#{group} | cut -f 3 -d ':' | grep -w -- #{gid}" }
+end
+
+shared_examples_for 'support command check_login_shell' do |user, shell|
+  subject { commands.check_login_shell(user, shell) }
+  it { should eq "getent passwd #{user} | cut -f 7 -d ':' | grep -w -- #{shell}" }
+end
+
+shared_examples_for 'support command check_home_directory' do |user, home|
+  subject { commands.check_home_directory(user, home) }
+  it { should eq "getent passwd #{user} | cut -f 6 -d ':' | grep -w -- #{home}" }
+end
+
+shared_examples_for 'support command check_authorized_key' do
+  key = "ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH"
+  escaped_key = key.gsub(/ /, '\ ')
+
+  context 'with commented publickey' do
+    commented_key = key + " foo@bar.local"
+    subject { commands.check_authorized_key('root', commented_key) }
+    describe 'when command insert publickey is removed comment' do
+      it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
+    end
+  end
+
+  context 'with uncomented publickey' do
+    subject { commands.check_authorized_key('root', key) }
+    it { should eq "grep -w -- #{escaped_key} ~root/.ssh/authorized_keys" }
+  end
+end
+
+shared_examples_for 'support command check_iptables' do
+  context 'check a rule without a table and a chain' do
+    subject { commands.check_iptables_rule('-P INPUT ACCEPT') }
+    it { should eq "/sbin/iptables -S | grep -- -P\\ INPUT\\ ACCEPT" }
+  end
+
+  context 'chack a rule with a table and a chain' do
+    subject { commands.check_iptables_rule('-P INPUT ACCEPT', 'mangle', 'INPUT') }
+    it { should eq "/sbin/iptables -t mangle -S INPUT | grep -- -P\\ INPUT\\ ACCEPT" }
+  end
+end
+
+shared_examples_for 'support command check_selinux' do
+  context 'enforcing' do
+    subject { commands.check_selinux('enforcing') }
+    it { should eq "/usr/sbin/getenforce | grep -i -- enforcing" }
+  end
+
+  context 'permissive' do
+    subject { commands.check_selinux('permissive') }
+    it { should eq "/usr/sbin/getenforce | grep -i -- permissive" }
+  end
+
+  context 'disabled' do
+    subject { commands.check_selinux('disabled') }
+    it { should eq "/usr/sbin/getenforce | grep -i -- disabled" }
+  end
+end
+
+shared_examples_for 'support command get_mode' do
+  subject { commands.get_mode('/dev') }
+  it { should eq 'stat -c %a /dev' }
+end
+
+shared_examples_for 'support command check_access_by_user' do
+  context 'read access' do
+    subject {commands.check_access_by_user '/tmp/something', 'dummyuser1', 'r'}
+    it { should eq  'su -s /bin/sh -c "/usr/bin/test -r /tmp/something" dummyuser1' }
+  end
+
+  context 'write access' do
+    subject {commands.check_access_by_user '/tmp/somethingw', 'dummyuser2', 'w'}
+    it { should eq  'su -s /bin/sh -c "/usr/bin/test -w /tmp/somethingw" dummyuser2' }
+  end
+
+  context 'execute access' do
+    subject {commands.check_access_by_user '/tmp/somethingx', 'dummyuser3', 'x'}
+    it { should eq  'su -s /bin/sh -c "/usr/bin/test -x /tmp/somethingx" dummyuser3' }
   end
 end