serverspec 1.4.2 → 1.5.0

data/spec/fedora/routing_table_spec.rb

@@ -0,0 +1,120 @@
+require 'spec_helper'
+
+include SpecInfra::Helper::Fedora
+
+describe routing_table do
+  let(:stdout) { "192.168.100.0/24 dev eth1  proto kernel  scope link  src 192.168.100.10 \r\ndefault via 192.168.100.1 dev eth0 \r\n" }
+  it { should have_entry( :destination => '192.168.100.0/24' ) }
+  its(:command) { should eq "ip route | grep -E '^192.168.100.0/24 |^default '" }
+end
+
+describe routing_table do
+  let(:stdout) { "192.168.100.0/24 dev eth1  proto kernel  scope link  src 192.168.100.10 \r\ndefault via 192.168.100.1 dev eth0 \r\n" }
+  it { should_not have_entry( :destination => '192.168.100.100/24' ) }
+  its(:command) { should eq "ip route | grep -E '^192.168.100.100/24 |^default '" }
+end
+
+describe routing_table do
+  let(:stdout) { "192.168.100.0/24 dev eth1  proto kernel  scope link  src 192.168.100.10 \r\ndefault via 192.168.100.1 dev eth0 \r\n" }
+  it do
+    should have_entry(
+      :destination => '192.168.100.0/24',
+      :gateway     => '192.168.100.1'
+    )
+  end
+
+  it do
+    should have_entry(
+      :destination => '192.168.100.0/24',
+      :gateway     => '192.168.100.1',
+      :interface   => 'eth1'
+    )
+  end
+
+  it do
+    should_not have_entry(
+      :gateway   => '192.168.100.1',
+      :interface => 'eth1'
+    )
+  end
+
+  it do
+    should_not have_entry(
+      :destination => '192.168.100.0/32',
+      :gateway     => '192.168.100.1',
+      :interface   => 'eth1'
+    )
+  end
+end
+
+describe routing_table do
+  let(:stdout) { "192.168.200.0/24 via 192.168.200.1 dev eth0 \r\ndefault via 192.168.100.1 dev eth0 \r\n" }
+  it { should     have_entry( :destination => '192.168.200.0/24' ) }
+  it { should_not have_entry( :destination => '192.168.200.200/24' ) }
+
+  it do
+    should have_entry(
+      :destination => '192.168.200.0/24',
+      :gateway     => '192.168.200.1'
+    )
+  end
+
+  it do
+    should have_entry(
+      :destination => '192.168.200.0/24',
+      :gateway     => '192.168.200.1',
+      :interface   => 'eth0'
+    )
+  end
+
+  it do
+    should_not have_entry(
+      :gateway     => '192.168.200.1',
+      :interface   => 'eth0'
+    )
+  end
+
+  it do
+    should_not have_entry(
+      :destination => '192.168.200.0/32',
+      :gateway     => '192.168.200.1',
+      :interface   => 'eth0'
+    )
+  end
+end
+
+describe routing_table do
+  let(:stdout) { "default via 10.0.2.2 dev eth0 \r\n" }
+  it { should     have_entry( :destination => 'default' ) }
+  it { should_not have_entry( :destination => 'defaulth' ) }
+
+  it do
+    should have_entry(
+      :destination => 'default',
+      :gateway     => '10.0.2.2'
+    )
+  end
+
+  it do
+    should have_entry(
+      :destination => 'default',
+      :gateway     => '10.0.2.2',
+      :interface   => 'eth0'
+    )
+  end
+
+  it do
+    should_not have_entry(
+      :gateway     => '10.0.2.2',
+      :interface   => 'eth0'
+    )
+  end
+
+  it do
+    should_not have_entry(
+      :destination => 'default',
+      :gateway     => '10.0.2.1',
+      :interface   => 'eth0'
+    )
+  end
+end

data/spec/fedora/selinux_spec.rb

@@ -0,0 +1,18 @@
+require 'spec_helper'
+
+include SpecInfra::Helper::Fedora
+
+describe selinux do
+  it { should be_enforcing }
+  its(:command) { should eq "getenforce | grep -i -- enforcing && grep -i -- ^SELINUX=enforcing$ /etc/selinux/config" }
+end
+
+describe selinux do
+  it { should be_permissive }
+  its(:command) { should eq "getenforce | grep -i -- permissive && grep -i -- ^SELINUX=permissive$ /etc/selinux/config" }
+end
+
+describe selinux do
+  it { should be_disabled }
+  its(:command) { should eq "test ! -f /etc/selinux/config || (getenforce | grep -i -- disabled && grep -i -- ^SELINUX=disabled$ /etc/selinux/config)" }
+end

data/spec/fedora/service_spec.rb

@@ -0,0 +1,188 @@
+require 'spec_helper'
+
+include SpecInfra::Helper::Fedora
+
+# Fedora 15+
+
+describe service('sshd') do
+  it { should be_enabled }
+  # TODO Find a way to make this default to multiuser.target instead
+  its(:command) { should eq "systemctl --plain list-dependencies runlevel3.target | grep '^sshd.service$'" }
+end
+
+describe service('invalid-service') do
+  it { should_not be_enabled }
+end
+
+describe service('sshd') do
+  it { should be_enabled.with_level(4) }
+  its(:command) { should eq "systemctl --plain list-dependencies runlevel4.target | grep '^sshd.service$'" }
+end
+
+describe service('sshd') do
+  it { should be_enabled.with_level("graphical.target") }
+  its(:command) { should eq "systemctl --plain list-dependencies graphical.target | grep '^sshd.service$'" }
+end
+
+describe service('invalid-service') do
+  it { should_not be_enabled.with_level(4) }
+end
+
+describe service('sshd') do
+  it { should be_running }
+  its(:command) { should eq "systemctl is-active sshd.service" }
+end
+
+describe service('invalid-daemon') do
+  it { should_not be_running }
+end
+
+describe service('sshd') do
+  let(:stdout) { "sshd is stopped\r\n" }
+  it { should be_running }
+end
+
+# Fedora 14-
+
+host = SpecInfra.configuration.ssh ? SpecInfra.configuration.ssh.host : 'localhost'
+
+describe service('sshd') do
+  before :each do
+    set_property :os_by_host => { host => { :family => 'fedora', :release => '14' } }
+  end
+  after :each do
+    property.delete :os_by_host
+  end
+
+  it { should be_enabled }
+  its(:command) { should eq "chkconfig --list sshd | grep 3:on" }
+end
+
+describe service('invalid-service') do
+  before :each do
+    set_property :os_by_host => { host => { :family => 'fedora', :release => '14' } }
+  end
+  after :each do
+    property.delete :os_by_host
+  end
+
+  it { should_not be_enabled }
+end
+
+describe service('sshd') do
+  before :each do
+    set_property :os_by_host => { host => { :family => 'fedora', :release => '14' } }
+  end
+  after :each do
+    property.delete :os_by_host
+  end
+
+  it { should be_enabled.with_level(4) }
+  its(:command) { should eq "chkconfig --list sshd | grep 4:on" }
+end
+
+describe service('invalid-service') do
+  before :each do
+    set_property :os_by_host => { host => { :family => 'fedora', :release => '14' } }
+  end
+  after :each do
+    property.delete :os_by_host
+  end
+
+  it { should_not be_enabled.with_level(4) }
+end
+
+describe service('sshd') do
+  before :each do
+    set_property :os_by_host => { host => { :family => 'fedora', :release => '14' } }
+  end
+  after :each do
+    property.delete :os_by_host
+  end
+
+  it { should be_running }
+  its(:command) { should eq "service sshd status" }
+end
+
+describe service('invalid-daemon') do
+  before :each do
+    set_property :os_by_host => { host => { :family => 'fedora', :release => '14' } }
+  end
+  after :each do
+    property.delete :os_by_host
+  end
+
+  it { should_not be_running }
+end
+
+describe service('sshd') do
+  before :each do
+    set_property :os_by_host => { host => { :family => 'fedora', :release => '14' } }
+  end
+  after :each do
+    property.delete :os_by_host
+  end
+
+  let(:stdout) { "sshd is stopped\r\n" }
+  it { should be_running }
+end
+
+# All versions of Fedora
+
+describe service('sshd') do
+  it { should be_running.under('supervisor') }
+  its(:command) { should eq "supervisorctl status sshd | grep RUNNING" }
+end
+
+describe service('invalid-daemon') do
+  it { should_not be_running.under('supervisor') }
+end
+
+describe service('sshd') do
+  it { should be_running.under('upstart') }
+  its(:command) { should eq "initctl status sshd | grep running" }
+end
+
+describe service('invalid-daemon') do
+  it { should_not be_running.under('upstart') }
+end
+
+describe service('sshd') do
+  it {
+    expect {
+      should be_running.under('not implemented')
+    }.to raise_error(ArgumentError, %r/\A`be_running` matcher doesn\'t support/)
+  }
+end
+
+describe service('sshd') do
+  let(:stdout) { "Process 'sshd'\r\n  status running\r\n  monitoring status  monitored" }
+  it { should be_monitored_by('monit') }
+  its(:command) { should eq "monit status" }
+end
+
+describe service('sshd') do
+  let(:stdout) { "Process 'sshd'\r\n  status  not monitored\r\n  monitoring status  not monitored" }
+  it { should_not be_monitored_by('monit') }
+end
+
+describe service('invalid-daemon') do
+  it { should_not be_monitored_by('monit') }
+end
+
+describe service('unicorn') do
+  it { should be_monitored_by('god') }
+  its(:command) { should eq "god status unicorn" }
+end
+
+describe service('invalid-daemon') do
+  it { should_not be_monitored_by('god') }
+end
+
+describe service('sshd') do
+  it {
+    expect {
+      should be_monitored_by('not implemented')
+    }.to raise_error(ArgumentError, %r/\A`be_monitored_by` matcher doesn\'t support/)
+  }
+end

data/spec/fedora/user_spec.rb

@@ -0,0 +1,57 @@
+require 'spec_helper'
+
+include SpecInfra::Helper::Fedora
+
+describe user('root') do
+  it { should exist }
+  its(:command) { should eq "id root" }
+end
+
+describe user('invalid-user') do
+  it { should_not exist }
+end
+
+describe user('root') do
+  it { should belong_to_group 'root' }
+  its(:command) { should eq "id root | awk '{print $3}' | grep -- root" }
+end
+
+describe user('root') do
+  it { should_not belong_to_group 'invalid-group' }
+end
+
+describe user('root') do
+  it { should have_uid 0 }
+  its(:command) { should eq "id root | grep -- \\^uid\\=0\\(" }
+end
+
+describe user('root') do
+  it { should_not have_uid 'invalid-uid' }
+end
+
+describe user('root') do
+  it { should have_login_shell '/bin/bash' }
+  its(:command) { should eq "getent passwd root | cut -f 7 -d ':' | grep -w -- /bin/bash" }
+end
+
+describe user('root') do
+  it { should_not have_login_shell 'invalid-login-shell' }
+end
+
+describe user('root') do
+  it { should have_home_directory '/root' }
+  its(:command) { should eq "getent passwd root | cut -f 6 -d ':' | grep -w -- /root" }
+end
+
+describe user('root') do
+  it { should_not have_home_directory 'invalid-home-directory' }
+end
+
+describe user('root') do
+  it { should have_authorized_key 'ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH foo@bar.local' }
+  its(:command) { should eq "grep -w -- ssh-rsa\\ ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH ~root/.ssh/authorized_keys" }
+end
+
+describe user('root') do
+  it { should_not have_authorized_key 'invalid-key' }
+end

data/spec/fedora/yumrepo_spec.rb

@@ -0,0 +1,25 @@
+require 'spec_helper'
+
+include SpecInfra::Helper::Fedora
+
+describe 'Serverspec yumrepo matchers of Red Hat family' do
+  describe 'exist' do
+    describe yumrepo('epel') do
+      it { should exist }
+    end
+
+    describe yumrepo('invalid-repository') do
+      it { should_not exist }
+    end
+  end
+
+  describe 'be_enabled' do
+    describe yumrepo('epel') do
+      it { should be_enabled }
+    end
+
+    describe yumrepo('invalid-repository') do
+      it { should_not be_enabled }
+    end
+  end
+end

data/spec/fedora/zfs_spec.rb

@@ -0,0 +1,18 @@
+require 'spec_helper'
+
+include SpecInfra::Helper::Fedora
+
+describe zfs('rpool') do
+  it { should exist }
+  its(:command) { should eq "zfs list -H rpool" }
+end
+
+describe zfs('rpool') do
+  it { should have_property 'mountpoint' => '/rpool'  }
+  its(:command) { should eq "zfs list -H -o mountpoint rpool | grep -- \\^/rpool\\$" }
+end
+
+describe zfs('rpool') do
+  it { should have_property 'mountpoint' => '/rpool', 'compression' => 'off' }
+  its(:command) { should eq "zfs list -H -o compression rpool | grep -- \\^off\\$ && zfs list -H -o mountpoint rpool | grep -- \\^/rpool\\$" }
+end

data/spec/redhat7/service_spec.rb

@@ -0,0 +1,21 @@
+require 'spec_helper'
+
+include SpecInfra::Helper::RedHat7
+
+describe service('sshd') do
+  it { should be_enabled }
+  its(:command) { should eq "systemctl --plain list-dependencies runlevel3.target | grep '^sshd.service$'" }
+end
+
+describe service('invalid-service') do
+  it { should_not be_enabled }
+end
+
+describe service('sshd') do
+  it { should be_enabled.with_level(4) }
+  its(:command) { should eq "systemctl --plain list-dependencies runlevel4.target | grep '^sshd.service$'" }
+end
+
+describe service('invalid-service') do
+  it { should_not be_enabled.with_level(4) }
+end