serverspec 0.2.13 → 0.2.14

data/README.md

@@ -75,14 +75,10 @@ end
 
 You can write spec for testing servers like this.
 
-You should create ~/.ssh/config like this before running tests because serverspec tests servers through SSH access.
+Serverspec with SSH backend logs in to target servers as a user configured in ``~/.ssh/config`` or a current user.If you'd lile to change the user, please edit the below line in ``spec/spec_helper.rb``.
 
-```
-Host *.example.jp
-   User root
-   IdentityFile ~/.ssh/id_rsa
-   StrictHostKeyChecking no
-   UserKnownHostsFile /dev/null
+```ruby
+      user    = options[:user] || Etc.getlogin
 ```
 
 Run tests.

data/lib/serverspec/commands/base.rb

@@ -116,6 +116,10 @@ module Serverspec
       def check_svcprops svc, property
         raise NotImplementedError.new
       end
+
+      def check_selinux mode
+        "/usr/sbin/getenforce | grep -i '#{mode}'"
+      end
     end
   end
 end

data/lib/serverspec/matchers.rb

@@ -20,6 +20,9 @@ require 'serverspec/matchers/be_zfs'
 require 'serverspec/matchers/be_readable'
 require 'serverspec/matchers/be_writable'
 require 'serverspec/matchers/be_executable'
+require 'serverspec/matchers/be_enforcing'
+require 'serverspec/matchers/be_permissive'
+require 'serverspec/matchers/be_disabled'
 require 'serverspec/matchers/have_ipfilter_rule'
 require 'serverspec/matchers/have_ipnat_rule'
 require 'serverspec/matchers/have_svcprop'

data/lib/serverspec/matchers/be_disabled.rb

@@ -0,0 +1,5 @@
+RSpec::Matchers.define :be_disabled do
+  match do |actual|
+    backend.check_selinux(example, 'disabled')
+  end
+end

data/lib/serverspec/matchers/be_enforcing.rb

@@ -0,0 +1,5 @@
+RSpec::Matchers.define :be_enforcing do
+  match do |actual|
+    backend.check_selinux(example, 'enforcing')
+  end
+end

data/lib/serverspec/matchers/be_permissive.rb

@@ -0,0 +1,5 @@
+RSpec::Matchers.define :be_permissive do
+  match do |actual|
+    backend.check_selinux(example, 'permissive')
+  end
+end

data/lib/serverspec/version.rb

@@ -1,3 +1,3 @@
 module Serverspec
-  VERSION = "0.2.13"
+  VERSION = "0.2.14"
 end

data/spec/debian/commands_spec.rb

@@ -1,103 +1,148 @@
 require 'spec_helper'
 
-include Serverspec::Helper::Debian
-
-describe commands.check_enabled('httpd') do
+describe 'check_enabled', :os => :debian do
+  subject { commands.check_enabled('httpd') }
   it { should eq 'ls /etc/rc3.d/ | grep httpd' }
 end
 
-describe commands.check_file('/etc/passwd') do
+describe 'check_file', :os => :debian  do
+  subject { commands.check_file('/etc/passwd') }
   it { should eq 'test -f /etc/passwd' }
 end
 
-describe commands.check_directory('/var/log') do
+describe 'check_directory', :os => :debian  do
+  subject { commands.check_directory('/var/log') }
   it { should eq 'test -d /var/log' }
 end
 
-describe commands.check_user('root') do
+describe 'check_user', :os => :debian  do
+  subject { commands.check_user('root') }
   it { should eq 'id root' }
 end
 
-describe commands.check_group('wheel') do
+describe 'check_group', :os => :debian  do
+  subject { commands.check_group('wheel') }
   it { should eq 'getent group | grep -wq wheel' }
 end
 
-describe commands.check_installed('httpd') do
+describe 'check_installed', :os => :debian  do
+  subject { commands.check_installed('httpd') }
   it { should eq 'dpkg -s httpd' }
 end
 
-describe commands.check_listening(80) do
+describe 'check_listening', :os => :debian do
+  subject { commands.check_listening(80) }
   it { should eq "netstat -tunl | grep ':80 '" }
 end
 
-describe commands.check_running('httpd') do
+describe 'check_running', :os => :debian do
+  subject { commands.check_running('httpd') }
   it { should eq 'service httpd status' }
 end
 
-describe commands.check_running_under_supervisor('httpd') do
+
+describe 'check_running_under_supervisor', :os => :debian do
+  subject { commands.check_running_under_supervisor('httpd') }
   it { should eq 'supervisorctl status httpd' }
 end
 
-describe commands.check_process('httpd') do
+describe 'check_process', :os => :debian do
+  subject { commands.check_process('httpd') }
   it { should eq 'ps aux | grep -w httpd | grep -qv grep' }
 end
 
-describe commands.check_file_contain('/etc/passwd', 'root') do
+describe 'check_file_contain', :os => :debian do
+  subject { commands.check_file_contain('/etc/passwd', 'root') }
   it { should eq "grep -q 'root' /etc/passwd" }
 end
 
-describe commands.check_file_contain_within('Gemfile', 'rspec') do
-  it { should eq "sed -n '1,$p' Gemfile | grep -q 'rspec' -" }
-end
+describe 'check_file_contain_within', :os => :debian do
+  context 'contain a pattern in the file' do
+    subject { commands.check_file_contain_within('Gemfile', 'rspec') }
+    it { should eq "sed -n '1,$p' Gemfile | grep -q 'rspec' -" }
+  end
 
-describe commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/') do
-  it { should eq "sed -n '/^group :test do/,$p' Gemfile | grep -q 'rspec' -" }
-end
+  context 'contain a pattern after a line in a file' do
+    subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/') }
+    it { should eq "sed -n '/^group :test do/,$p' Gemfile | grep -q 'rspec' -" }
+  end
 
-describe commands.check_file_contain_within('Gemfile', 'rspec', nil, '/^end/') do
-  it { should eq "sed -n '1,/^end/p' Gemfile | grep -q 'rspec' -" }
-end
+  context 'contain a pattern before a line in a file' do
+    subject {commands.check_file_contain_within('Gemfile', 'rspec', nil, '/^end/') }
+    it { should eq "sed -n '1,/^end/p' Gemfile | grep -q 'rspec' -" }
+  end
 
-describe commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/', '/^end/') do
-  it { should eq "sed -n '/^group :test do/,/^end/p' Gemfile | grep -q 'rspec' -" }
+  context 'contain a pattern from within a line and another line in a file' do
+    subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/', '/^end/') }
+    it { should eq "sed -n '/^group :test do/,/^end/p' Gemfile | grep -q 'rspec' -" }
+  end
 end
 
-describe commands.check_mode('/etc/sudoers', 440) do
+describe 'check_mode', :os => :debian do
+  subject { commands.check_mode('/etc/sudoers', 440) }
   it { should eq 'stat -c %a /etc/sudoers | grep \'^440$\'' }
 end
 
-describe commands.check_owner('/etc/passwd', 'root') do
+describe 'check_owner', :os => :debian do
+  subject { commands.check_owner('/etc/passwd', 'root') }
   it { should eq 'stat -c %U /etc/passwd | grep \'^root$\'' }
 end
 
-describe commands.check_grouped('/etc/passwd', 'wheel') do
+describe 'check_grouped', :os => :debian do
+  subject { commands.check_grouped('/etc/passwd', 'wheel') }
   it { should eq 'stat -c %G /etc/passwd | grep \'^wheel$\'' }
 end
 
-describe commands.check_cron_entry('root', '* * * * * /usr/local/bin/batch.sh') do
+describe 'check_cron_entry', :os => :debian do
+  subject { commands.check_cron_entry('root', '* * * * * /usr/local/bin/batch.sh') }
   it { should eq 'crontab -u root -l | grep "\* \* \* \* \* /usr/local/bin/batch.sh"' }
 end
 
-describe commands.check_link('/etc/system-release', '/etc/redhat-release') do
+describe 'check_link', :os => :debian do
+  subject { commands.check_link('/etc/system-release', '/etc/redhat-release') }
   it { should eq 'stat -c %N /etc/system-release | grep /etc/redhat-release' }
 end
 
-describe commands.check_installed_by_gem('jekyll') do
+describe 'check_installed_by_gem', :os => :debian do
+  subject { commands.check_installed_by_gem('jekyll') }
   it { should eq 'gem list --local | grep \'^jekyll \'' }
 end
 
-describe commands.check_belonging_group('root', 'wheel') do
+describe 'check_belonging_group', :os => :debian do
+  subject { commands.check_belonging_group('root', 'wheel') }
   it { should eq "id root | awk '{print $3}' | grep wheel" }
 end
 
-describe commands.check_iptables_rule('-P INPUT ACCEPT') do
-  it { should eq "iptables -S | grep '\\-P INPUT ACCEPT'" }
+describe 'check_ipatbles', :os => :debian do
+  context 'check a rule without a table and a chain' do
+    subject { commands.check_iptables_rule('-P INPUT ACCEPT') }
+    it { should eq "iptables -S | grep '\\-P INPUT ACCEPT'" }
+  end
+
+  context 'chack a rule with a table and a chain' do
+    subject { commands.check_iptables_rule('-P INPUT ACCEPT', 'mangle', 'INPUT') }
+    it { should eq "iptables -t mangle -S INPUT | grep '\\-P INPUT ACCEPT'" }
+  end
 end
 
-describe commands.check_iptables_rule('-P INPUT ACCEPT', 'mangle', 'INPUT') do
-  it { should eq "iptables -t mangle -S INPUT | grep '\\-P INPUT ACCEPT'" }
+describe 'check_selinux', :os => :debian do
+  context 'enforcing' do
+    subject { commands.check_selinux('enforcing') }
+    it { should eq "/usr/sbin/getenforce | grep -i 'enforcing'" }
+  end
+
+  context 'permissive' do
+    subject { commands.check_selinux('permissive') }
+    it { should eq "/usr/sbin/getenforce | grep -i 'permissive'" }
+  end
+
+  context 'disabled' do
+    subject { commands.check_selinux('disabled') }
+    it { should eq "/usr/sbin/getenforce | grep -i 'disabled'" }
+  end
 end
 
-describe commands.get_mode('/dev') do
+describe 'get_mode', :os => :debian do
+  subject { commands.get_mode('/dev') }
   it { should eq 'stat -c %a /dev' }
 end

data/spec/debian/matchers_spec.rb

@@ -35,8 +35,6 @@ describe 'Serverspec matchers of Debian family', :os => :debian do
   it_behaves_like 'support have_iptables_rule matcher', '-P INPUT ACCEPT'
   it_behaves_like 'support have_iptables_rule.with_table.with_chain matcher', '-P INPUT ACCEPT', 'mangle', 'INPUT'
 
-  it_behaves_like 'support get_stdout matcher', 'whoami', 'root'
-
   it_behaves_like 'support be_readable matcher', '/dev'
   it_behaves_like 'support be_readable_by_owner matcher', '/dev'
   it_behaves_like 'support be_readable_by_group matcher', '/dev'

data/spec/gentoo/commands_spec.rb

@@ -1,103 +1,147 @@
 require 'spec_helper'
 
-include Serverspec::Helper::Gentoo
-
-describe commands.check_enabled('httpd') do
+describe 'check_enabled', :os => :gentoo do
+  subject { commands.check_enabled('httpd') }
   it { should eq "/sbin/rc-update show | grep '^\\s*httpd\\s*|\\s*\\(boot\\|default\\)'" }
 end
 
-describe commands.check_file('/etc/passwd') do
+describe 'check_file', :os => :gentoo do
+  subject { commands.check_file('/etc/passwd') }
   it { should eq 'test -f /etc/passwd' }
 end
 
-describe commands.check_directory('/var/log') do
+describe 'check_directory', :os => :gentoo do
+  subject { commands.check_directory('/var/log') }
   it { should eq 'test -d /var/log' }
 end
 
-describe commands.check_user('root') do
+describe 'check_user', :os => :gentoo do
+  subject { commands.check_user('root') }
   it { should eq 'id root' }
 end
 
-describe commands.check_group('wheel') do
+describe 'check_group', :os => :gentoo do
+  subject { commands.check_group('wheel') }
   it { should eq 'getent group | grep -wq wheel' }
 end
 
-describe commands.check_installed('httpd') do
+describe 'check_installed', :os => :gentoo do
+  subject { commands.check_installed('httpd') }
   it { should eq '/usr/bin/eix httpd --installed' }
 end
 
-describe commands.check_listening(80) do
+describe 'check_listening', :os => :gentoo do
+  subject { commands.check_listening(80) }
   it { should eq "netstat -tunl | grep ':80 '" }
 end
 
-describe commands.check_running('httpd') do
+describe 'check_running', :os => :gentoo do
+  subject { commands.check_running('httpd') }
   it { should eq 'service httpd status' }
 end
 
-describe commands.check_running_under_supervisor('httpd') do
+describe 'check_running_under_supervisor', :os => :gentoo do
+  subject { commands.check_running_under_supervisor('httpd') }
   it { should eq 'supervisorctl status httpd' }
 end
 
-describe commands.check_process('httpd') do
+describe 'check_process', :os => :gentoo do
+  subject { commands.check_process('httpd') }
   it { should eq 'ps aux | grep -w httpd | grep -qv grep' }
 end
 
-describe commands.check_file_contain('/etc/passwd', 'root') do
+describe 'check_file_contain', :os => :gentoo do
+  subject { commands.check_file_contain('/etc/passwd', 'root') }
   it { should eq "grep -q 'root' /etc/passwd" }
 end
 
-describe commands.check_file_contain_within('Gemfile', 'rspec') do
-  it { should eq "sed -n '1,$p' Gemfile | grep -q 'rspec' -" }
-end
+describe 'check_file_contain_within', :os => :gentoo do
+  context 'contain a pattern in the file' do
+    subject { commands.check_file_contain_within('Gemfile', 'rspec') }
+    it { should eq "sed -n '1,$p' Gemfile | grep -q 'rspec' -" }
+  end
 
-describe commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/') do
-  it { should eq "sed -n '/^group :test do/,$p' Gemfile | grep -q 'rspec' -" }
-end
+  context 'contain a pattern after a line in a file' do
+    subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/') }
+    it { should eq "sed -n '/^group :test do/,$p' Gemfile | grep -q 'rspec' -" }
+  end
 
-describe commands.check_file_contain_within('Gemfile', 'rspec', nil, '/^end/') do
-  it { should eq "sed -n '1,/^end/p' Gemfile | grep -q 'rspec' -" }
-end
+  context 'contain a pattern before a line in a file' do
+    subject {commands.check_file_contain_within('Gemfile', 'rspec', nil, '/^end/') }
+    it { should eq "sed -n '1,/^end/p' Gemfile | grep -q 'rspec' -" }
+  end
 
-describe commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/', '/^end/') do
-  it { should eq "sed -n '/^group :test do/,/^end/p' Gemfile | grep -q 'rspec' -" }
+  context 'contain a pattern from within a line and another line in a file' do
+    subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/', '/^end/') }
+    it { should eq "sed -n '/^group :test do/,/^end/p' Gemfile | grep -q 'rspec' -" }
+  end
 end
 
-describe commands.check_mode('/etc/sudoers', 440) do
+describe 'check_mode', :os => :gentoo do
+  subject { commands.check_mode('/etc/sudoers', 440) }
   it { should eq 'stat -c %a /etc/sudoers | grep \'^440$\'' }
 end
 
-describe commands.check_owner('/etc/passwd', 'root') do
+describe 'check_owner', :os => :gentoo do
+  subject { commands.check_owner('/etc/passwd', 'root') }
   it { should eq 'stat -c %U /etc/passwd | grep \'^root$\'' }
 end
 
-describe commands.check_grouped('/etc/passwd', 'wheel') do
+describe 'check_grouped', :os => :gentoo do
+  subject { commands.check_grouped('/etc/passwd', 'wheel') }
   it { should eq 'stat -c %G /etc/passwd | grep \'^wheel$\'' }
 end
 
-describe commands.check_cron_entry('root', '* * * * * /usr/local/bin/batch.sh') do
+describe 'check_cron_entry', :os => :gentoo do
+  subject { commands.check_cron_entry('root', '* * * * * /usr/local/bin/batch.sh') }
   it { should eq 'crontab -u root -l | grep "\* \* \* \* \* /usr/local/bin/batch.sh"' }
 end
 
-describe commands.check_link('/etc/system-release', '/etc/redhat-release') do
+describe 'check_link', :os => :gentoo do
+  subject { commands.check_link('/etc/system-release', '/etc/redhat-release') }
   it { should eq 'stat -c %N /etc/system-release | grep /etc/redhat-release' }
 end
 
-describe commands.check_installed_by_gem('jekyll') do
+describe 'check_installed_by_gem', :os => :gentoo do
+  subject { commands.check_installed_by_gem('jekyll') }
   it { should eq 'gem list --local | grep \'^jekyll \'' }
 end
 
-describe commands.check_belonging_group('root', 'wheel') do
+describe 'check_belonging_group', :os => :gentoo do
+  subject { commands.check_belonging_group('root', 'wheel') }
   it { should eq "id root | awk '{print $3}' | grep wheel" }
 end
 
-describe commands.check_iptables_rule('-P INPUT ACCEPT') do
-  it { should eq "iptables -S | grep '\\-P INPUT ACCEPT'" }
+describe 'check_ipatbles', :os => :gentoo do
+  context 'check a rule without a table and a chain' do
+    subject { commands.check_iptables_rule('-P INPUT ACCEPT') }
+    it { should eq "iptables -S | grep '\\-P INPUT ACCEPT'" }
+  end
+
+  context 'chack a rule with a table and a chain' do
+    subject { commands.check_iptables_rule('-P INPUT ACCEPT', 'mangle', 'INPUT') }
+    it { should eq "iptables -t mangle -S INPUT | grep '\\-P INPUT ACCEPT'" }
+  end
 end
 
-describe commands.check_iptables_rule('-P INPUT ACCEPT', 'mangle', 'INPUT') do
-  it { should eq "iptables -t mangle -S INPUT | grep '\\-P INPUT ACCEPT'" }
+describe 'check_selinux', :os => :gentoo do
+  context 'enforcing' do
+    subject { commands.check_selinux('enforcing') }
+    it { should eq "/usr/sbin/getenforce | grep -i 'enforcing'" }
+  end
+
+  context 'permissive' do
+    subject { commands.check_selinux('permissive') }
+    it { should eq "/usr/sbin/getenforce | grep -i 'permissive'" }
+  end
+
+  context 'disabled' do
+    subject { commands.check_selinux('disabled') }
+    it { should eq "/usr/sbin/getenforce | grep -i 'disabled'" }
+  end
 end
 
-describe commands.get_mode('/dev') do
+describe 'get_mode', :os => :gentoo do
+  subject { commands.get_mode('/dev') }
   it { should eq 'stat -c %a /dev' }
 end

data/spec/gentoo/matchers_spec.rb

@@ -36,8 +36,6 @@ describe 'Serverspec matchers of Gentoo family', :os => :gentoo do
   it_behaves_like 'support have_iptables_rule matcher', '-P INPUT ACCEPT'
   it_behaves_like 'support have_iptables_rule.with_table.with_chain matcher', '-P INPUT ACCEPT', 'mangle', 'INPUT'
 
-  it_behaves_like 'support get_stdout matcher', 'whoami', 'root'
-
   it_behaves_like 'support be_readable matcher', '/dev'
   it_behaves_like 'support be_readable_by_owner matcher', '/dev'
   it_behaves_like 'support be_readable_by_group matcher', '/dev'

data/spec/redhat/commands_spec.rb

@@ -1,103 +1,147 @@
 require 'spec_helper'
 
-include Serverspec::Helper::RedHat
-
-describe commands.check_enabled('httpd') do
+describe 'check_enabled', :os => :redhat do
+  subject { commands.check_enabled('httpd') }
   it { should eq 'chkconfig --list httpd | grep 3:on' }
 end
 
-describe commands.check_file('/etc/passwd') do
+describe 'check_file', :os => :redhat do
+  subject { commands.check_file('/etc/passwd') }
   it { should eq 'test -f /etc/passwd' }
 end
 
-describe commands.check_directory('/var/log') do
+describe 'check_directory', :os => :redhat do
+  subject { commands.check_directory('/var/log') }
   it { should eq 'test -d /var/log' }
 end
 
-describe commands.check_user('root') do
+describe 'check_user', :os => :redhat do
+  subject { commands.check_user('root') }
   it { should eq 'id root' }
 end
 
-describe commands.check_group('wheel') do
+describe 'check_group', :os => :redhat do
+  subject { commands.check_group('wheel') }
   it { should eq 'getent group | grep -wq wheel' }
 end
 
-describe commands.check_installed('httpd') do
+describe 'check_installed', :os => :redhat do
+  subject { commands.check_installed('httpd') }
   it { should eq 'rpm -q httpd' }
 end
 
-describe commands.check_listening(80) do
+describe 'check_listening', :os => :redhat do
+  subject { commands.check_listening(80) }
   it { should eq "netstat -tunl | grep ':80 '" }
 end
 
-describe commands.check_running('httpd') do
+describe 'check_running', :os => :redhat do
+  subject { commands.check_running('httpd') }
   it { should eq 'service httpd status' }
 end
 
-describe commands.check_running_under_supervisor('httpd') do
+describe 'check_running_under_supervisor', :os => :redhat do
+  subject { commands.check_running_under_supervisor('httpd') }
   it { should eq 'supervisorctl status httpd' }
 end
 
-describe commands.check_process('httpd') do
+describe 'check_process', :os => :redhat do
+  subject { commands.check_process('httpd') }
   it { should eq 'ps aux | grep -w httpd | grep -qv grep' }
 end
 
-describe commands.check_file_contain('/etc/passwd', 'root') do
+describe 'check_file_contain', :os => :redhat do
+  subject { commands.check_file_contain('/etc/passwd', 'root') }
   it { should eq "grep -q 'root' /etc/passwd" }
 end
 
-describe commands.check_file_contain_within('Gemfile', 'rspec') do
-  it { should eq "sed -n '1,$p' Gemfile | grep -q 'rspec' -" }
-end
+describe 'check_file_contain_within', :os => :redhat do
+  context 'contain a pattern in the file' do
+    subject { commands.check_file_contain_within('Gemfile', 'rspec') }
+    it { should eq "sed -n '1,$p' Gemfile | grep -q 'rspec' -" }
+  end
 
-describe commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/') do
-  it { should eq "sed -n '/^group :test do/,$p' Gemfile | grep -q 'rspec' -" }
-end
+  context 'contain a pattern after a line in a file' do
+    subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/') }
+    it { should eq "sed -n '/^group :test do/,$p' Gemfile | grep -q 'rspec' -" }
+  end
 
-describe commands.check_file_contain_within('Gemfile', 'rspec', nil, '/^end/') do
-  it { should eq "sed -n '1,/^end/p' Gemfile | grep -q 'rspec' -" }
-end
+  context 'contain a pattern before a line in a file' do
+    subject {commands.check_file_contain_within('Gemfile', 'rspec', nil, '/^end/') }
+    it { should eq "sed -n '1,/^end/p' Gemfile | grep -q 'rspec' -" }
+  end
 
-describe commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/', '/^end/') do
-  it { should eq "sed -n '/^group :test do/,/^end/p' Gemfile | grep -q 'rspec' -" }
+  context 'contain a pattern from within a line and another line in a file' do
+    subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/', '/^end/') }
+    it { should eq "sed -n '/^group :test do/,/^end/p' Gemfile | grep -q 'rspec' -" }
+  end
 end
 
-describe commands.check_mode('/etc/sudoers', 440) do
+describe 'check_mode', :os => :redhat do
+  subject { commands.check_mode('/etc/sudoers', 440) }
   it { should eq 'stat -c %a /etc/sudoers | grep \'^440$\'' }
 end
 
-describe commands.check_owner('/etc/passwd', 'root') do
+describe 'check_owner', :os => :redhat do
+  subject { commands.check_owner('/etc/passwd', 'root') }
   it { should eq 'stat -c %U /etc/passwd | grep \'^root$\'' }
 end
 
-describe commands.check_grouped('/etc/passwd', 'wheel') do
+describe 'check_grouped', :os => :redhat do
+  subject { commands.check_grouped('/etc/passwd', 'wheel') }
   it { should eq 'stat -c %G /etc/passwd | grep \'^wheel$\'' }
 end
 
-describe commands.check_cron_entry('root', '* * * * * /usr/local/bin/batch.sh') do
+describe 'check_cron_entry', :os => :redhat do
+  subject { commands.check_cron_entry('root', '* * * * * /usr/local/bin/batch.sh') }
   it { should eq 'crontab -u root -l | grep "\* \* \* \* \* /usr/local/bin/batch.sh"' }
 end
 
-describe commands.check_link('/etc/system-release', '/etc/redhat-release') do
+describe 'check_link', :os => :redhat do
+  subject { commands.check_link('/etc/system-release', '/etc/redhat-release') }
   it { should eq 'stat -c %N /etc/system-release | grep /etc/redhat-release' }
 end
 
-describe commands.check_installed_by_gem('jekyll') do
+describe 'check_installed_by_gem', :os => :redhat do
+  subject { commands.check_installed_by_gem('jekyll') }
   it { should eq 'gem list --local | grep \'^jekyll \'' }
 end
 
-describe commands.check_belonging_group('root', 'wheel') do
+describe 'check_belonging_group', :os => :redhat do
+  subject { commands.check_belonging_group('root', 'wheel') }
   it { should eq "id root | awk '{print $3}' | grep wheel" }
 end
 
-describe commands.check_iptables_rule('-P INPUT ACCEPT') do
-  it { should eq "iptables -S | grep '\\-P INPUT ACCEPT'" }
+describe 'check_ipatbles', :os => :redhat do
+  context 'check a rule without a table and a chain' do
+    subject { commands.check_iptables_rule('-P INPUT ACCEPT') }
+    it { should eq "iptables -S | grep '\\-P INPUT ACCEPT'" }
+  end
+
+  context 'chack a rule with a table and a chain' do
+    subject { commands.check_iptables_rule('-P INPUT ACCEPT', 'mangle', 'INPUT') }
+    it { should eq "iptables -t mangle -S INPUT | grep '\\-P INPUT ACCEPT'" }
+  end
 end
 
-describe commands.check_iptables_rule('-P INPUT ACCEPT', 'mangle', 'INPUT') do
-  it { should eq "iptables -t mangle -S INPUT | grep '\\-P INPUT ACCEPT'" }
+describe 'check_selinux', :os => :redhat do
+  context 'enforcing' do
+    subject { commands.check_selinux('enforcing') }
+    it { should eq "/usr/sbin/getenforce | grep -i 'enforcing'" }
+  end
+
+  context 'permissive' do
+    subject { commands.check_selinux('permissive') }
+    it { should eq "/usr/sbin/getenforce | grep -i 'permissive'" }
+  end
+
+  context 'disabled' do
+    subject { commands.check_selinux('disabled') }
+    it { should eq "/usr/sbin/getenforce | grep -i 'disabled'" }
+  end
 end
 
-describe commands.get_mode('/dev') do
+describe 'get_mode', :os => :redhat do
+  subject { commands.get_mode('/dev') }
   it { should eq 'stat -c %a /dev' }
 end

data/spec/redhat/matchers_spec.rb

@@ -37,8 +37,6 @@ describe 'Serverspec matchers of Red Hat family', :os => :redhat do
   it_behaves_like 'support have_iptables_rule matcher', '-P INPUT ACCEPT'
   it_behaves_like 'support have_iptables_rule.with_table.with_chain matcher', '-P INPUT ACCEPT', 'mangle', 'INPUT'
 
-  it_behaves_like 'support get_stdout matcher', 'whoami', 'root'
-
   it_behaves_like 'support be_readable matcher', '/dev'
   it_behaves_like 'support be_readable_by_owner matcher', '/dev'
   it_behaves_like 'support be_readable_by_group matcher', '/dev'
@@ -54,6 +52,10 @@ describe 'Serverspec matchers of Red Hat family', :os => :redhat do
   it_behaves_like 'support be_executable_by_group matcher', '/dev'
   it_behaves_like 'support be_executable_by_others matcher', '/dev'
 
+  it_behaves_like 'support be_enforcing matcher',  'selinux'
+  it_behaves_like 'support be_permissive matcher', 'selinux'
+  it_behaves_like 'support be_disabled matcher',   'selinux'
+
   it_behaves_like 'support return_exit_status matcher', 'ls /tmp', 0
 
   it_behaves_like 'support return_stdout matcher', 'cat /etc/resolv.conf', 'localhost'

data/spec/solaris/commands_spec.rb

@@ -1,139 +1,162 @@
 require 'spec_helper'
 
-include Serverspec::Helper::Solaris
-
-describe commands.check_enabled('httpd') do
+describe 'check_enabled', :os => :solaris do
+  subject { commands.check_enabled('httpd') }
   it { should eq "svcs -l httpd 2> /dev/null | grep 'enabled      true'" }
 end
 
-describe commands.check_file('/etc/passwd') do
+describe 'check_file', :os => :solaris do
+  subject { commands.check_file('/etc/passwd') }
   it { should eq 'test -f /etc/passwd' }
 end
 
-describe commands.check_directory('/var/log') do
+describe 'check_directory', :os => :solaris do
+  subject { commands.check_directory('/var/log') }
   it { should eq 'test -d /var/log' }
 end
 
-describe commands.check_user('root') do
+describe 'check_user', :os => :solaris do
+  subject { commands.check_user('root') }
   it { should eq 'id root' }
 end
 
-describe commands.check_group('wheel') do
+describe 'check_group', :os => :solaris do
+  subject { commands.check_group('wheel') }
   it { should eq 'getent group | grep -wq wheel' }
 end
 
-describe commands.check_installed('httpd') do
+describe 'check_installed', :os => :solaris do
+  subject { commands.check_installed('httpd') }
   it { should eq 'pkg list -H httpd 2> /dev/null' }
 end
 
-describe commands.check_listening(80) do
+describe 'check_listening', :os => :solaris do
+  subject { commands.check_listening(80) }
   it { should eq "netstat -an 2> /dev/null | egrep 'LISTEN|Idle' | grep '.80 '" }
 end
 
-describe commands.check_running('httpd') do
+describe 'check_running', :os => :solaris do
+  subject { commands.check_running('httpd') }
   it { should eq "svcs -l httpd status 2> /dev/null |grep 'state        online'" }
 end
 
-describe commands.check_running_under_supervisor('httpd') do
+describe 'check_running_under_supervisor', :os => :solaris do
+  subject { commands.check_running_under_supervisor('httpd') }
   it { should eq 'supervisorctl status httpd' }
 end
 
-describe commands.check_process('httpd') do
+describe 'check_process', :os => :solaris do
+  subject { commands.check_process('httpd') }
   it { should eq 'ps aux | grep -w httpd | grep -qv grep' }
 end
 
-describe commands.check_file_contain('/etc/passwd', 'root') do
+describe 'check_file_contain', :os => :solaris do
+  subject { commands.check_file_contain('/etc/passwd', 'root') }
   it { should eq "grep -q 'root' /etc/passwd" }
 end
 
-describe commands.check_file_contain_within('Gemfile', 'rspec') do
-  it { should eq "sed -n '1,$p' Gemfile | grep -q 'rspec' -" }
-end
+describe 'check_file_contain_within', :os => :solaris do
+  context 'contain a pattern in the file' do
+    subject { commands.check_file_contain_within('Gemfile', 'rspec') }
+    it { should eq "sed -n '1,$p' Gemfile | grep -q 'rspec' -" }
+  end
 
-describe commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/') do
-  it { should eq "sed -n '/^group :test do/,$p' Gemfile | grep -q 'rspec' -" }
-end
+  context 'contain a pattern after a line in a file' do
+    subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/') }
+    it { should eq "sed -n '/^group :test do/,$p' Gemfile | grep -q 'rspec' -" }
+  end
 
-describe commands.check_file_contain_within('Gemfile', 'rspec', nil, '/^end/') do
-  it { should eq "sed -n '1,/^end/p' Gemfile | grep -q 'rspec' -" }
-end
+  context 'contain a pattern before a line in a file' do
+    subject {commands.check_file_contain_within('Gemfile', 'rspec', nil, '/^end/') }
+    it { should eq "sed -n '1,/^end/p' Gemfile | grep -q 'rspec' -" }
+  end
 
-describe commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/', '/^end/') do
-  it { should eq "sed -n '/^group :test do/,/^end/p' Gemfile | grep -q 'rspec' -" }
+  context 'contain a pattern from within a line and another line in a file' do
+    subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/', '/^end/') }
+    it { should eq "sed -n '/^group :test do/,/^end/p' Gemfile | grep -q 'rspec' -" }
+  end
 end
 
-describe commands.check_mode('/etc/sudoers', 440) do
+describe 'check_mode', :os => :solaris do
+  subject { commands.check_mode('/etc/sudoers', 440) }
   it { should eq 'stat -c %a /etc/sudoers | grep \'^440$\'' }
 end
 
-describe commands.check_owner('/etc/passwd', 'root') do
+describe 'check_owner', :os => :solaris do
+  subject { commands.check_owner('/etc/passwd', 'root') }
   it { should eq 'stat -c %U /etc/passwd | grep \'^root$\'' }
 end
 
-describe commands.check_grouped('/etc/passwd', 'wheel') do
+describe 'check_grouped', :os => :solaris do
+  subject { commands.check_grouped('/etc/passwd', 'wheel') }
   it { should eq 'stat -c %G /etc/passwd | grep \'^wheel$\'' }
 end
 
-describe commands.check_cron_entry('root', '* * * * * /usr/local/bin/batch.sh') do
+describe 'check_cron_entry', :os => :solaris do
+  subject { commands.check_cron_entry('root', '* * * * * /usr/local/bin/batch.sh') }
   it { should eq "crontab -l root | grep '\\* \\* \\* \\* \\* /usr/local/bin/batch.sh'" }
 end
 
-describe commands.check_link('/etc/system-release', '/etc/redhat-release') do
+describe 'check_link', :os => :solaris do
+  subject { commands.check_link('/etc/system-release', '/etc/redhat-release') }
   it { should eq 'stat -c %N /etc/system-release | grep /etc/redhat-release' }
 end
 
-describe commands.check_installed_by_gem('jekyll') do
+describe 'check_installed_by_gem', :os => :solaris do
+  subject { commands.check_installed_by_gem('jekyll') }
   it { should eq 'gem list --local | grep \'^jekyll \'' }
 end
 
-describe commands.check_belonging_group('root', 'wheel') do
+describe 'check_belonging_group', :os => :solaris do
+  subject { commands.check_belonging_group('root', 'wheel') }
   it { should eq "id root | awk '{print $3}' | grep wheel" }
 end
 
-describe commands.check_zfs('rpool') do
-  it { should eq "/sbin/zfs list -H rpool" }
-end
-
-describe commands.check_zfs('rpool', { 'mountpoint' => '/rpool' }) do
-  it { should eq "/sbin/zfs list -H -o mountpoint rpool | grep ^/rpool$" }
-end
 
-describe commands.check_zfs('rpool', { 'mountpoint' => '/rpool' }) do
-  it { should eq "/sbin/zfs list -H -o mountpoint rpool | grep ^/rpool$" }
-end
+describe 'check_zfs', :os => :solaris do
+  context 'check without properties' do
+    subject { commands.check_zfs('rpool') }
+    it { should eq "/sbin/zfs list -H rpool" }
+  end
 
-check_zfs_with_multiple_properties = commands.check_zfs('rpool', {
-  'mountpoint'  => '/rpool',
-  'compression' => 'off',
-})
+  context 'check with a property' do
+    subject { commands.check_zfs('rpool', { 'mountpoint' => '/rpool' }) }
+    it { should eq "/sbin/zfs list -H -o mountpoint rpool | grep ^/rpool$" }
+  end
 
-describe check_zfs_with_multiple_properties do
-  it { should eq "/sbin/zfs list -H -o compression rpool | grep ^off$ && /sbin/zfs list -H -o mountpoint rpool | grep ^/rpool$" }
+  context 'check with multiple properties' do
+    subject { commands.check_zfs('rpool', { 'mountpoint'  => '/rpool', 'compression' => 'off' }) }
+    it { should eq "/sbin/zfs list -H -o compression rpool | grep ^off$ && /sbin/zfs list -H -o mountpoint rpool | grep ^/rpool$" }
+  end
 end
 
-describe commands.get_mode('/dev') do
+describe 'get_mode', :os => :solaris do
+  subject { commands.get_mode('/dev') }
   it { should eq 'stat -c %a /dev' }
 end
 
-describe commands.check_ipfilter_rule('pass in quick on lo0 all') do
+describe 'check_ip_filter_rule', :os => :solaris do
+  subject { commands.check_ipfilter_rule('pass in quick on lo0 all') }
   it { should eq "/sbin/ipfstat -io 2> /dev/null | grep 'pass in quick on lo0 all'" }
 end
 
-describe commands.check_ipnat_rule('map net1 192.168.0.0/24 -> 0.0.0.0/32') do
+describe 'check_ipnat_rule', :os => :solaris do
+  subject { commands.check_ipnat_rule('map net1 192.168.0.0/24 -> 0.0.0.0/32') }
   it { should eq "/sbin/ipnat -l 2> /dev/null | grep '^map net1 192.168.0.0/24 -> 0.0.0.0/32$'" }
 end
 
-
-
-describe commands.check_svcprop('svc:/network/http:apache22', 
-                                'httpd/enable_64bit','false') do 
+describe 'check_svcprop', :os => :solaris do
+  subject { commands.check_svcprop('svc:/network/http:apache22', 'httpd/enable_64bit','false') }
   it { should eq "svcprop -p httpd/enable_64bit svc:/network/http:apache22 | grep ^false$" }
 end
 
-describe commands.check_svcprops('svc:/network/http:apache22', {
-  'httpd/enable_64bit' => 'false',
-  'httpd/server_type'  => 'worker',
-}) do
+describe 'check_svcprops', :os => :solaris do
+  subject {
+    commands.check_svcprops('svc:/network/http:apache22', {
+      'httpd/enable_64bit' => 'false',
+      'httpd/server_type'  => 'worker',
+    })
+  }
   it { should eq "svcprop -p httpd/enable_64bit svc:/network/http:apache22 | grep ^false$ && svcprop -p httpd/server_type svc:/network/http:apache22 | grep ^worker$" }
 end
 

data/spec/solaris/matchers_spec.rb

@@ -33,7 +33,6 @@ describe 'Serverspec matchers of Solaris family', :os => :solaris do
 
   it_behaves_like 'support belong_to_group matcher', 'root', 'root'
 
-  it_behaves_like 'support get_stdout matcher', 'whoami', 'root'
   it_behaves_like 'support be_zfs matcher', 'rpool'
   it_behaves_like 'support be_zfs.property matcher', 'rpool', { 'mountpoint' => '/rpool' }
 

data/spec/support/shared_matcher_examples.rb

@@ -226,6 +226,24 @@ shared_examples_for 'support be_grouped_into matcher' do |valid_file, group|
   end
 end
 
+shared_examples_for 'support be_enforcing matcher' do |selinux|
+  describe selinux do
+    it { should be_enforcing }
+  end
+end
+
+shared_examples_for 'support be_permissive matcher' do |selinux|
+  describe selinux do
+    it { should be_permissive }
+  end
+end
+
+shared_examples_for 'support be_disabled matcher' do |selinux|
+  describe selinux do
+    it { should be_disabled }
+  end
+end
+
 shared_examples_for 'support have_cron_entry matcher' do |title, entry|
   describe 'have_cron_entry' do
     describe title do
@@ -328,22 +346,6 @@ shared_examples_for 'support have_iptables_rule.with_table.with_chain matcher' d
   end
 end
 
-shared_examples_for 'support get_stdout matcher' do |command, output|
-  before :all do
-    RSpec.configure do |c|
-      c.stdout = "#{output}\r\n"
-    end
-  end
-
-  describe command do
-    it { should get_stdout output }
-  end
-
-  describe command do
-    it { should_not get_stdout 'invalid-output' }
-  end
-end
-
 shared_examples_for 'support be_zfs matcher' do |zfs|
   describe 'be_zfs' do
     describe zfs do

metadata

@@ -1,104 +1,105 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: serverspec
-version: !ruby/object:Gem::Version 
-  hash: 13
-  prerelease: false
-  segments: 
-  - 0
-  - 2
-  - 13
-  version: 0.2.13
+version: !ruby/object:Gem::Version
+  version: 0.2.14
+  prerelease: 
 platform: ruby
-authors: 
+authors:
 - Gosuke Miyashita
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2013-04-23 00:00:00 +09:00
-default_executable: 
-dependencies: 
-- !ruby/object:Gem::Dependency 
+date: 2013-04-27 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: net-ssh
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement 
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :runtime
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency 
-  name: rspec
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :runtime
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency 
-  name: highline
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: highline
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :runtime
-  version_requirements: *id003
-- !ruby/object:Gem::Dependency 
-  name: bundler
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 9
-        segments: 
-        - 1
-        - 3
-        version: "1.3"
+      - !ruby/object:Gem::Version
+        version: '1.3'
   type: :development
-  version_requirements: *id004
-- !ruby/object:Gem::Dependency 
-  name: rake
   prerelease: false
-  requirement: &id005 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-  version_requirements: *id005
-description: RSpec tests for your servers provisioned by Puppet, Chef or anything else
-email: 
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: RSpec tests for your servers provisioned by Puppet, Chef or anything
+  else
+email:
 - gosukenator@gmail.com
-executables: 
+executables:
 - serverspec-init
 extensions: []
-
 extra_rdoc_files: []
-
-files: 
+files:
 - .gitignore
 - .travis.yml
 - Gemfile
@@ -128,7 +129,9 @@ files:
 - lib/serverspec/helper/ssh.rb
 - lib/serverspec/matchers.rb
 - lib/serverspec/matchers/be_directory.rb
+- lib/serverspec/matchers/be_disabled.rb
 - lib/serverspec/matchers/be_enabled.rb
+- lib/serverspec/matchers/be_enforcing.rb
 - lib/serverspec/matchers/be_executable.rb
 - lib/serverspec/matchers/be_file.rb
 - lib/serverspec/matchers/be_group.rb
@@ -139,6 +142,7 @@ files:
 - lib/serverspec/matchers/be_listening.rb
 - lib/serverspec/matchers/be_mode.rb
 - lib/serverspec/matchers/be_owned_by.rb
+- lib/serverspec/matchers/be_permissive.rb
 - lib/serverspec/matchers/be_readable.rb
 - lib/serverspec/matchers/be_running.rb
 - lib/serverspec/matchers/be_user.rb
@@ -169,41 +173,32 @@ files:
 - spec/solaris/matchers_spec.rb
 - spec/spec_helper.rb
 - spec/support/shared_matcher_examples.rb
-has_rdoc: true
 homepage: http://serverspec.org/
-licenses: 
+licenses:
 - MIT
 post_install_message: 
 rdoc_options: []
-
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
+required_ruby_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
-
 rubyforge_project: 
-rubygems_version: 1.3.7
+rubygems_version: 1.8.25
 signing_key: 
 specification_version: 3
 summary: RSpec tests for your servers provisioned by Puppet, Chef or anything else
-test_files: 
+test_files:
 - spec/debian/commands_spec.rb
 - spec/debian/matchers_spec.rb
 - spec/gentoo/commands_spec.rb