serverspec 0.6.20 → 0.6.21

data/spec/gentoo/file_spec.rb

@@ -2,40 +2,380 @@ require 'spec_helper'
 
 include Serverspec::Helper::Gentoo
 
-describe 'Serverspec file matchers of Gentoo family' do
-  it_behaves_like 'support file be_file matcher', '/etc/ssh/sshd_config'
-  it_behaves_like 'support file be_directory matcher', '/etc/ssh'
-  it_behaves_like 'support file be_socket matcher', '/var/run/unicorn.sock'
-  it_behaves_like 'support file contain matcher', '/etc/ssh/sshd_config', 'This is the sshd server system-wide configuration file'
-  it_behaves_like 'support file contain from to matcher', 'Gemfile', 'rspec', /^group :test do/, /^end/
-  it_behaves_like 'support file contain after matcher', 'Gemfile', 'rspec', /^group :test do/
-  it_behaves_like 'support file contain before matcher', 'Gemfile', 'rspec', /^end/
-  it_behaves_like 'support file be_mode matcher', '/etc/passwd', 644
-  it_behaves_like 'support file be_owned_by matcher', '/etc/passwd', 'root'
-  it_behaves_like 'support file be_grouped_into matcher', '/etc/passwd', 'root'
-  it_behaves_like 'support file be_linked_to matcher', '/etc/pam.d/system-auth', '/etc/pam.d/system-auth-ac'
-
-  it_behaves_like 'support file be_readable matcher', '/dev'
-  it_behaves_like 'support file be_readable by owner matcher', '/dev'
-  it_behaves_like 'support file be_readable by group matcher', '/dev'
-  it_behaves_like 'support file be_readable by others matcher', '/dev'
-  it_behaves_like 'support file be_readable by specific user matcher', '/tmp', 'mail'
-
-  it_behaves_like 'support file be_writable matcher', '/dev'
-  it_behaves_like 'support file be_writable by owner matcher', '/dev'
-  it_behaves_like 'support file be_writable by group matcher', '/dev'
-  it_behaves_like 'support file be_writable by others matcher', '/dev'
-  it_behaves_like 'support file be_writable by specific user matcher', '/tmp',  'mail'
-
-  it_behaves_like 'support file be_executable matcher', '/dev'
-  it_behaves_like 'support file be_executable by owner matcher', '/dev'
-  it_behaves_like 'support file be_executable by group matcher', '/dev'
-  it_behaves_like 'support file be_executable by others matcher', '/dev'
-  it_behaves_like 'support file be_executable by specific user matcher', '/tmp', 'mail'
-
-  it_behaves_like 'support file be_mounted matcher', '/'
-  it_behaves_like 'support file be_mounted with matcher', '/'
-  it_behaves_like 'support file be_mounted only with matcher', '/'
-
-  it_behaves_like 'support file match_md5checksum matcher', '/etc/services', '35435ea447c19f0ea5ef971837ab9ced'
+describe file('/etc/ssh/sshd_config') do
+  it { should be_file }
+  its(:command) { should eq "test -f /etc/ssh/sshd_config" }
+end
+
+describe file('/etc/invalid_file') do
+  it { should_not be_file }
+end
+
+describe file('/etc/ssh') do
+  it { should be_directory }
+  its(:command) { should eq "test -d /etc/ssh" }
+end
+
+describe file('/etc/invalid_directory') do
+  it { should_not be_directory }
+end
+
+describe file('/var/run/unicorn.sock') do
+  it { should be_socket }
+  its(:command) { should eq "test -S /var/run/unicorn.sock" }
+end
+
+describe file('/etc/invalid_socket') do
+  it { should_not be_socket }
+end
+
+describe file('/etc/ssh/sshd_config') do
+  it { should contain 'This is the sshd server system-wide configuration file' }
+  its(:command) { should eq "grep -q -- This\\ is\\ the\\ sshd\\ server\\ system-wide\\ configuration\\ file /etc/ssh/sshd_config" }
+end
+
+describe file('/etc/ssh/sshd_config') do
+  it { should_not contain 'This is invalid text!!' }
+end
+
+describe file('Gemfile') do
+  it { should contain('rspec').from(/^group :test do/).to(/^end/) }
+  its(:command) { should eq "sed -n /\\^group\\ :test\\ do/,/\\^end/p Gemfile | grep -q -- rspec -" }
+end
+
+describe file('/etc/ssh/sshd_config') do
+  it { should_not contain('This is invalid text!!').from(/^group :test do/).to(/^end/) }
+end
+
+describe file('Gemfile') do
+  it { should contain('rspec').after(/^group :test do/) }
+  its(:command) { should eq "sed -n /\\^group\\ :test\\ do/,\\$p Gemfile | grep -q -- rspec -" }
+end
+
+describe file('/etc/ssh/sshd_config') do
+  it { should_not contain('This is invalid text!!').after(/^group :test do/) }
+end
+
+describe file('Gemfile') do
+  it { should contain('rspec').before(/^end/) }
+  its(:command) { should eq "sed -n 1,/\\^end/p Gemfile | grep -q -- rspec -" }
+end
+
+describe file('/etc/ssh/sshd_config') do
+  it { should_not contain('This is invalid text!!').before(/^end/) }
+end
+
+describe file('/etc/passwd') do
+  it { should be_mode 644 }
+  its(:command) { should eq "stat -c %a /etc/passwd | grep -- \\^644\\$" }
+end
+
+describe file('/etc/passwd') do
+  it { should_not be_mode 'invalid' }
+end
+
+describe file('/etc/passwd') do
+  it { should be_owned_by 'root' }
+  its(:command) { should eq "stat -c %U /etc/passwd | grep -- \\^root\\$" }
+end
+
+describe file('/etc/passwd') do
+  it { should_not be_owned_by 'invalid-owner' }
+end
+
+describe file('/etc/passwd') do
+  it { should be_grouped_into 'root' }
+  its(:command) { should eq "stat -c %G /etc/passwd | grep -- \\^root\\$" }
+end
+
+describe file('/etc/passwd') do
+  it { should_not be_grouped_into 'invalid-group' }
+end
+
+describe file('/etc/pam.d/system-auth') do
+  it { should be_linked_to '/etc/pam.d/system-auth-ac' }
+  its(:command) { should eq "stat -c %N /etc/pam.d/system-auth | grep -- /etc/pam.d/system-auth-ac" }
+end
+
+describe file('dummy-link') do
+  it { should_not be_linked_to '/invalid/target' }
+end
+
+describe file('/dev') do
+  let(:stdout) { "755\r\n" }
+  it { should be_readable }
+  its(:command) { should eq "stat -c %a /dev" }
+end
+
+describe file('/dev') do
+  let(:stdout) { "333\r\n" }
+  it { should_not be_readable }
+end
+
+describe file('/dev') do
+  let(:stdout) { "400\r\n" }
+  it { should be_readable.by('owner') }
+end
+
+describe file('/dev') do
+  let(:stdout) { "044\r\n" }
+  it { should_not be_readable.by('owner') }
+end
+
+describe file('/dev') do
+  let(:stdout) { "040\r\n" }
+  it { should be_readable.by('group') }
+end
+
+describe file('/dev') do
+  let(:stdout) { "404\r\n" }
+  it { should_not be_readable.by('group') }
+end
+
+describe file('/dev') do
+  let(:stdout) { "044\r\n" }
+  it { should be_readable.by('others') }
+end
+
+describe file('/dev') do
+  let(:stdout) { "443\r\n" }
+  it { should_not be_readable.by('others') }
+end
+
+describe file('/tmp') do
+  it { should be_readable.by_user('mail') }
+  its(:command) { should eq "su -c \"test -r /tmp\" mail" }
+end
+
+describe file('/tmp') do
+  it { should_not be_readable.by_user('invalid-user') }
+end
+
+describe file('/dev') do
+  let(:stdout) { "755\r\n" }
+  it { should be_writable }
+  its(:command) { should eq "stat -c %a /dev" }
+end
+
+describe file('/dev') do
+  let(:stdout) { "555\r\n" }
+  it { should_not be_writable }
+end
+
+describe file('/dev') do
+  let(:stdout) { "200\r\n" }
+  it { should be_writable.by('owner') }
+end
+
+describe file('/dev') do
+  let(:stdout) { "555\r\n" }
+  it { should_not be_writable.by('owner') }
+end
+
+describe file('/dev') do
+  let(:stdout) { "030\r\n" }
+  it { should be_writable.by('group') }
+end
+
+describe file('/dev') do
+  let(:stdout) { "555\r\n" }
+  it { should_not be_writable.by('group') }
+end
+
+describe file('/dev') do
+  let(:stdout) { "666\r\n" }
+  it { should be_writable.by('others') }
+end
+
+describe file('/dev') do
+  let(:stdout) { "555\r\n" }
+  it { should_not be_writable.by('others') }
+end
+
+describe file('/tmp') do
+  it { should be_writable.by_user('mail') }
+  its(:command) { should eq "su -c \"test -w /tmp\" mail" }
+end
+
+describe file('/tmp') do
+  it { should_not be_writable.by_user('invalid-user') }
+end
+
+describe file('/dev') do
+  let(:stdout) { "755\r\n" }
+  it { should be_executable }
+  its(:command) { should eq "stat -c %a /dev" }
+end
+
+describe file('/dev') do
+  let(:stdout) { "666\r\n" }
+  it { should_not be_executable }
+end
+
+describe file('/dev') do
+  let(:stdout) { "100\r\n" }
+  it { should be_executable.by('owner') }
+end
+
+describe file('/dev') do
+  let(:stdout) { "666\r\n" }
+  it { should_not be_executable.by('owner') }
+end
+
+describe file('/dev') do
+  let(:stdout) { "070\r\n" }
+  it { should be_executable.by('group') }
+end
+
+describe file('/dev') do
+  let(:stdout) { "666\r\n" }
+  it { should_not be_executable.by('group') }
+end
+
+describe file('/dev') do
+  let(:stdout) { "001\r\n" }
+  it { should be_executable.by('others') }
+end
+
+describe file('/dev') do
+  let(:stdout) { "666\r\n" }
+  it { should_not be_executable.by('others') }
+end
+
+describe file('/tmp') do
+  it { should be_executable.by_user('mail') }
+  its(:command) { should eq "su -c \"test -x /tmp\" mail" }
+end
+
+describe file('/tmp') do
+  it { should_not be_executable.by_user('invalid-user') }
+end
+
+describe file('/') do
+  it { should be_mounted }
+  its(:command) { should eq "mount | grep -w -- on\\ /" }
+end
+
+describe file('/etc/invalid-mount') do
+  it { should_not be_mounted }
+end
+
+describe file('/') do
+  let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
+  it { should be_mounted.with( :type => 'ext4' ) }
+end
+
+describe file('/') do
+  let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
+  it { should be_mounted.with( :type => 'ext4', :options => { :rw => true } ) }
+end
+
+describe file('/') do
+  let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
+  it { should be_mounted.with( :type => 'ext4', :options => { :mode => 620 } ) }
+end
+
+describe file('/') do
+  let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
+  it { should be_mounted.with( :type => 'ext4', :device => '/dev/mapper/VolGroup-lv_root' ) }
+end
+
+describe file('/') do
+  let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
+  it { should_not be_mounted.with( :type => 'xfs' ) }
+end
+
+describe file('/') do
+  let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
+  it { should_not be_mounted.with( :type => 'ext4', :options => { :rw => false } ) }
+end
+
+describe file('/') do
+  let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
+  it { should_not be_mounted.with( :type => 'ext4', :options => { :mode => 600 } ) }
+end
+
+describe file('/') do
+  let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
+  it { should_not be_mounted.with( :type => 'xfs', :device => '/dev/mapper/VolGroup-lv_root' ) }
+end
+
+describe file('/') do
+  let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
+  it { should_not be_mounted.with( :type => 'ext4', :device => '/dev/mapper/VolGroup-lv_r00t' ) }
+end
+
+describe file('/etc/invalid-mount') do
+  let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
+  it { should_not be_mounted.with( :type => 'ext4' ) }
+end
+
+describe file('/') do
+  let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
+  it do
+    should be_mounted.only_with(
+      :device  => '/dev/mapper/VolGroup-lv_root',
+      :type    => 'ext4',
+      :options => {
+        :rw   => true,
+        :mode => 620,
+      }
+    )
+  end
+end
+
+describe file('/') do
+  let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
+  it do
+    should_not be_mounted.only_with(
+      :device  => '/dev/mapper/VolGroup-lv_root',
+      :type    => 'ext4',
+      :options => {
+        :rw   => true,
+        :mode => 620,
+        :bind => true,
+      }
+    )
+  end
+end
+
+describe file('/') do
+  let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
+  it do
+    should_not be_mounted.only_with(
+      :device  => '/dev/mapper/VolGroup-lv_root',
+      :type    => 'ext4',
+      :options => {
+        :rw   => true,
+      }
+    )
+  end
+end
+
+describe file('/') do
+  let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
+  it do
+    should_not be_mounted.only_with(
+      :device  => '/dev/mapper/VolGroup-lv_roooooooooot',
+      :type    => 'ext4',
+      :options => {
+        :rw   => true,
+        :mode => 620,
+      }
+    )
+  end
+end
+
+describe file('/etc/invalid-mount') do
+  let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
+  it { should_not be_mounted.only_with( :type => 'ext4' ) }
+end
+
+describe file('/etc/services') do
+  it { should match_md5checksum '35435ea447c19f0ea5ef971837ab9ced' }
+  its(:command) { should eq "md5sum /etc/services | grep -iw -- ^35435ea447c19f0ea5ef971837ab9ced" }
+end
+
+describe file('invalid-file') do
+  it { should_not match_md5checksum 'INVALIDMD5CHECKSUM' }
 end

data/spec/gentoo/kernel_module_spec.rb

@@ -2,6 +2,11 @@ require 'spec_helper'
 
 include Serverspec::Helper::Gentoo
 
-describe 'Serverspec file matchers of Gentoo family' do
-  it_behaves_like 'support kernel_module be_loaded matcher', 'lp'
+describe kernel_module('lp') do
+  it { should be_loaded }
+  its(:command) { should eq "lsmod | grep ^lp" }
+end
+
+describe kernel_module('invalid-module') do
+  it { should_not be_loaded }
 end

data/spec/gentoo/selinux_spec.rb

@@ -2,8 +2,17 @@ require 'spec_helper'
 
 include Serverspec::Helper::Gentoo
 
-describe 'Serverspec selinux matchers of Gentoo family' do
-  it_behaves_like 'support selinux be_enforcing matcher'
-  it_behaves_like 'support selinux be_permissive matcher'
-  it_behaves_like 'support selinux be_disabled matcher'
+describe selinux do
+  it { should be_enforcing }
+  its(:command) { should eq "getenforce | grep -i -- enforcing && grep -i -- ^SELINUX=enforcing$ /etc/selinux/config" }
+end
+
+describe selinux do
+  it { should be_permissive }
+  its(:command) { should eq "getenforce | grep -i -- permissive && grep -i -- ^SELINUX=permissive$ /etc/selinux/config" }
+end
+
+describe selinux do
+  it { should be_disabled }
+  its(:command) { should eq "getenforce | grep -i -- disabled && grep -i -- ^SELINUX=disabled$ /etc/selinux/config" }
 end

data/spec/redhat/commands_spec.rb

@@ -3,17 +3,9 @@ require 'spec_helper'
 include Serverspec::Helper::RedHat
 
 describe 'Serverspec commands of Red Hat' do
-  it_behaves_like 'support command check_file', '/etc/passwd'
-  it_behaves_like 'support command check_directory', '/var/log'
-  it_behaves_like 'support command check_socket', '/var/run/unicorn.sock'
-
-  it_behaves_like 'support command check_mounted', '/'
-
   it_behaves_like 'support command check_user', 'root'
   it_behaves_like 'support command check_user', 'wheel'
 
-  it_behaves_like 'support command check_file_md5checksum', '/etc/passewd', '96c8c50f81a29965f7af6de371ab4250'
-
   it_behaves_like 'support command check_running_under_supervisor', 'httpd'
 
   it_behaves_like 'support command check_running_under_upstart', 'monit'
@@ -22,15 +14,6 @@ describe 'Serverspec commands of Red Hat' do
 
   it_behaves_like 'support command check_process', 'httpd'
 
-  it_behaves_like 'support command check_file_contain', '/etc/passwd', 'root'
-  it_behaves_like 'support command check_file_contain_within'
-
-  it_behaves_like 'support command check_mode', '/etc/sudoers', 440
-  it_behaves_like 'support command check_owner', '/etc/sudoers', 'root'
-  it_behaves_like 'support command check_grouped', '/etc/sudoers', 'wheel'
-
-  it_behaves_like 'support command check_link', '/etc/system-release', '/etc/redhat-release'
-
   it_behaves_like 'support command check_belonging_group', 'root', 'wheel'
 
   it_behaves_like 'support command check_uid', 'root', 0
@@ -40,12 +23,6 @@ describe 'Serverspec commands of Red Hat' do
   it_behaves_like 'support command check_home_directory', 'root', '/root'
 
   it_behaves_like 'support command check_authorized_key'
-
-  it_behaves_like 'support command check_selinux'
-
-  it_behaves_like 'support command get_mode'
-
-  it_behaves_like 'support command check_kernel_module_loaded', 'lp'
 end
 
 describe 'check_enabled' do
@@ -72,20 +49,3 @@ describe 'check_running' do
   subject { commands.check_running('httpd') }
   it { should eq 'service httpd status' }
 end
-
-describe 'check_access_by_user' do
-  context 'read access' do
-    subject {commands.check_access_by_user '/tmp/something', 'dummyuser1', 'r'}
-    it { should eq  'runuser -c "test -r /tmp/something" dummyuser1' }
-  end
-
-  context 'write access' do
-    subject {commands.check_access_by_user '/tmp/somethingw', 'dummyuser2', 'w'}
-    it { should eq  'runuser -c "test -w /tmp/somethingw" dummyuser2' }
-  end
-
-  context 'execute access' do
-    subject {commands.check_access_by_user '/tmp/somethingx', 'dummyuser3', 'x'}
-    it { should eq  'runuser -c "test -x /tmp/somethingx" dummyuser3' }
-  end
-end