serverspec 0.2.18 → 0.2.19

data/lib/serverspec/commands/base.rb

@@ -92,11 +92,16 @@ module Serverspec
       end
 
       def check_login_shell user, path_to_shell
-        "grep -w ^#{user} /etc/passwd | cut -f 7 -d ':' | grep -w #{path_to_shell}"
+        "getent passwd #{user} | cut -f 7 -d ':' | grep -w #{path_to_shell}"
       end
 
       def check_home_directory user, path_to_home
-        "grep -w ^#{user} /etc/passwd | cut -f 6 -d ':' | grep -w #{path_to_home}"
+        "getent passwd #{user} | cut -f 6 -d ':' | grep -w #{path_to_home}"
+      end
+
+      def check_authorized_key user, key
+        key.sub!(/\s+\S*$/, '') if key.match(/^\S+\s+\S+\s+\S*$/)
+        "grep -w '#{key}' ~#{user}/.ssh/authorized_keys"
       end
 
       def check_iptables_rule rule, table=nil, chain=nil

data/lib/serverspec/commands/gentoo.rb

@@ -8,6 +8,10 @@ module Serverspec
       def check_installed package
         "/usr/bin/eix #{package} --installed"
       end
+
+      def check_running service
+        "/etc/init.d/#{service} status"
+      end
     end
   end
 end

data/lib/serverspec/commands/solaris.rb

@@ -64,6 +64,18 @@ module Serverspec
       def check_belonging_group user, group
         "id -Gn #{user} | grep #{group}"
       end
+
+      def check_gid group, gid
+        "getent group | grep ^#{group}: | cut -f 3 -d ':' | grep -w #{gid}"
+      end
+
+      def check_home_directory user, path_to_home
+        "getent passwd #{user} | cut -f 6 -d ':' | grep -w #{path_to_home}"
+      end
+
+      def check_login_shell user, path_to_shell
+        "getent passwd #{user} | cut -f 7 -d ':' | grep -w #{path_to_shell}"
+      end
     end
   end
 end

data/lib/serverspec/filter.rb

@@ -6,7 +6,7 @@ module Serverspec
       # Linux kernel parameters
       %w( abi crypto debug dev fs kernel net sunrpc vm ).each do |param|
         if description_args.match(/^#{param}\./)
-          ret = backend(Serverspec::Commands::Base).do_check("sysctl -q -n #{description_args}")
+          ret = backend(Serverspec::Commands::Base).do_check("/sbin/sysctl -q -n #{description_args}")
           val = ret[:stdout].strip
           val = val.to_i if val.match(/^\d+$/)
           subject = Serverspec::Subject.new

data/lib/serverspec/matchers/have_authorized_key.rb

@@ -0,0 +1,5 @@
+RSpec::Matchers.define :have_authorized_key do |key|
+  match do |user|
+    backend.check_authorized_key(example, user, key)
+  end
+end

data/lib/serverspec/matchers.rb

@@ -18,6 +18,7 @@ require 'serverspec/matchers/have_gid'
 require 'serverspec/matchers/have_uid'
 require 'serverspec/matchers/have_login_shell'
 require 'serverspec/matchers/have_home_directory'
+require 'serverspec/matchers/have_authorized_key'
 require 'serverspec/matchers/have_iptables_rule'
 require 'serverspec/matchers/get_stdout'
 require 'serverspec/matchers/be_zfs'

data/lib/serverspec/version.rb

@@ -1,3 +1,3 @@
 module Serverspec
-  VERSION = "0.2.18"
+  VERSION = "0.2.19"
 end

data/spec/debian/commands_spec.rb

@@ -125,12 +125,29 @@ end
 
 describe 'have_login_shell', :os => :debian do
   subject { commands.check_login_shell('root', '/bin/bash') }
-  it { should eq "grep -w ^root /etc/passwd | cut -f 7 -d ':' | grep -w /bin/bash" }
+  it { should eq "getent passwd root | cut -f 7 -d ':' | grep -w /bin/bash" }
 end
 
 describe 'have_home_directory', :os => :debian do
   subject { commands.check_home_directory('root', '/root') }
-  it { should eq "grep -w ^root /etc/passwd | cut -f 6 -d ':' | grep -w /root" }
+  it { should eq "getent passwd root | cut -f 6 -d ':' | grep -w /root" }
+end
+
+describe 'have_authorized_key', :os => :debian do
+  key = "ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH"
+
+  context 'with commented publickey' do
+    commented_key = key + " foo@bar.local"
+    subject { commands.check_authorized_key('root', commented_key) }
+    describe 'when command insert publickey is removed comment' do
+      it { should eq "grep -w '#{key}' ~root/.ssh/authorized_keys" }
+    end
+  end
+
+  context 'with uncomented publickey' do
+    subject { commands.check_authorized_key('root', key) }
+    it { should eq "grep -w '#{key}' ~root/.ssh/authorized_keys" }
+  end
 end
 
 describe 'check_ipatbles', :os => :debian do

data/spec/debian/matchers_spec.rb

@@ -35,6 +35,7 @@ describe 'Serverspec matchers of Debian family', :os => :debian do
   it_behaves_like 'support have_uid matcher', 'root', 0
   it_behaves_like 'support have_login_shell matcher', 'root', '/bin/bash'
   it_behaves_like 'support have_home_directory matcher', 'root', '/root'
+  it_behaves_like 'support have_authorized_key matcher', 'root', 'ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH foo@bar.local'
 
   it_behaves_like 'support have_iptables_rule matcher', '-P INPUT ACCEPT'
   it_behaves_like 'support have_iptables_rule.with_table.with_chain matcher', '-P INPUT ACCEPT', 'mangle', 'INPUT'

data/spec/gentoo/commands_spec.rb

@@ -37,7 +37,7 @@ end
 
 describe 'check_running', :os => :gentoo do
   subject { commands.check_running('httpd') }
-  it { should eq 'service httpd status' }
+  it { should eq '/etc/init.d/httpd status' }
 end
 
 describe 'check_running_under_supervisor', :os => :gentoo do
@@ -124,12 +124,29 @@ end
 
 describe 'have_login_shell', :os => :gentoo do
   subject { commands.check_login_shell('root', '/bin/bash') }
-  it { should eq "grep -w ^root /etc/passwd | cut -f 7 -d ':' | grep -w /bin/bash" }
+  it { should eq "getent passwd root | cut -f 7 -d ':' | grep -w /bin/bash" }
 end
 
 describe 'have_home_directory', :os => :gentoo do
   subject { commands.check_home_directory('root', '/root') }
-  it { should eq "grep -w ^root /etc/passwd | cut -f 6 -d ':' | grep -w /root" }
+  it { should eq "getent passwd root | cut -f 6 -d ':' | grep -w /root" }
+end
+
+describe 'have_authorized_key', :os => :gentoo do
+  key = "ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH"
+
+  context 'with commented publickey' do
+    commented_key = key + " foo@bar.local"
+    subject { commands.check_authorized_key('root', commented_key) }
+    describe 'when command insert publickey is removed comment' do
+      it { should eq "grep -w '#{key}' ~root/.ssh/authorized_keys" }
+    end
+  end
+
+  context 'with uncomented publickey' do
+    subject { commands.check_authorized_key('root', key) }
+    it { should eq "grep -w '#{key}' ~root/.ssh/authorized_keys" }
+  end
 end
 
 describe 'check_ipatbles', :os => :gentoo do

data/spec/gentoo/matchers_spec.rb

@@ -36,6 +36,7 @@ describe 'Serverspec matchers of Gentoo family', :os => :gentoo do
   it_behaves_like 'support have_uid matcher', 'root', 0
   it_behaves_like 'support have_login_shell matcher', 'root', '/bin/bash'
   it_behaves_like 'support have_home_directory matcher', 'root', '/root'
+  it_behaves_like 'support have_authorized_key matcher', 'root', 'ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH foo@bar.local'
 
   it_behaves_like 'support have_iptables_rule matcher', '-P INPUT ACCEPT'
   it_behaves_like 'support have_iptables_rule.with_table.with_chain matcher', '-P INPUT ACCEPT', 'mangle', 'INPUT'

data/spec/redhat/commands_spec.rb

@@ -124,12 +124,29 @@ end
 
 describe 'have_login_shell', :os => :redhat do
   subject { commands.check_login_shell('root', '/bin/bash') }
-  it { should eq "grep -w ^root /etc/passwd | cut -f 7 -d ':' | grep -w /bin/bash" }
+  it { should eq "getent passwd root | cut -f 7 -d ':' | grep -w /bin/bash" }
 end
 
 describe 'have_home_directory', :os => :redhat do
   subject { commands.check_home_directory('root', '/root') }
-  it { should eq "grep -w ^root /etc/passwd | cut -f 6 -d ':' | grep -w /root" }
+  it { should eq "getent passwd root | cut -f 6 -d ':' | grep -w /root" }
+end
+
+describe 'have_authorized_key', :os => :redhat do
+  key = "ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH"
+
+  context 'with commented publickey' do
+    commented_key = key + " foo@bar.local"
+    subject { commands.check_authorized_key('root', commented_key) }
+    describe 'when command insert publickey is removed comment' do
+      it { should eq "grep -w '#{key}' ~root/.ssh/authorized_keys" }
+    end
+  end
+
+  context 'with uncomented publickey' do
+    subject { commands.check_authorized_key('root', key) }
+    it { should eq "grep -w '#{key}' ~root/.ssh/authorized_keys" }
+  end
 end
 
 describe 'check_ipatbles', :os => :redhat do

data/spec/redhat/matchers_spec.rb

@@ -37,6 +37,7 @@ describe 'Serverspec matchers of Red Hat family', :os => :redhat do
   it_behaves_like 'support have_uid matcher', 'root', 0
   it_behaves_like 'support have_login_shell matcher', 'root', '/bin/bash'
   it_behaves_like 'support have_home_directory matcher', 'root', '/root'
+  it_behaves_like 'support have_authorized_key matcher', 'root', 'ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH foo@bar.local'
 
   it_behaves_like 'support have_iptables_rule matcher', '-P INPUT ACCEPT'
   it_behaves_like 'support have_iptables_rule.with_table.with_chain matcher', '-P INPUT ACCEPT', 'mangle', 'INPUT'

data/spec/solaris/commands_spec.rb

@@ -114,7 +114,7 @@ end
 
 describe 'have_gid', :os => :solaris do
   subject { commands.check_gid('root', 0) }
-  it { should eq "getent group | grep -w ^root | cut -f 3 -d ':' | grep -w 0" }
+  it { should eq "getent group | grep ^root: | cut -f 3 -d ':' | grep -w 0" }
 end
 
 describe 'have_uid', :os => :solaris do
@@ -124,12 +124,29 @@ end
 
 describe 'have_login_shell', :os => :solaris do
   subject { commands.check_login_shell('root', '/bin/bash') }
-  it { should eq "grep -w ^root /etc/passwd | cut -f 7 -d ':' | grep -w /bin/bash" }
+  it { should eq "getent passwd root | cut -f 7 -d ':' | grep -w /bin/bash" }
 end
 
 describe 'have_home_directory', :os => :solaris do
   subject { commands.check_home_directory('root', '/root') }
-  it { should eq "grep -w ^root /etc/passwd | cut -f 6 -d ':' | grep -w /root" }
+  it { should eq "getent passwd root | cut -f 6 -d ':' | grep -w /root" }
+end
+
+describe 'have_authorized_key', :os => :solaris do
+  key = "ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH"
+
+  context 'with commented publickey' do
+    commented_key = key + " foo@bar.local"
+    subject { commands.check_authorized_key('root', commented_key) }
+    describe 'when command insert publickey is removed comment' do
+      it { should eq "grep -w '#{key}' ~root/.ssh/authorized_keys" }
+    end
+  end
+
+  context 'with uncomented publickey' do
+    subject { commands.check_authorized_key('root', key) }
+    it { should eq "grep -w '#{key}' ~root/.ssh/authorized_keys" }
+  end
 end
 
 describe 'check_zfs', :os => :solaris do

data/spec/solaris/matchers_spec.rb

@@ -36,6 +36,7 @@ describe 'Serverspec matchers of Solaris family', :os => :solaris do
   it_behaves_like 'support have_uid matcher', 'root', 0
   it_behaves_like 'support have_login_shell matcher', 'root', '/bin/bash'
   it_behaves_like 'support have_home_directory matcher', 'root', '/root'
+  it_behaves_like 'support have_authorized_key matcher', 'root', 'ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH foo@bar.local'
 
   it_behaves_like 'support be_zfs matcher', 'rpool'
   it_behaves_like 'support be_zfs.property matcher', 'rpool', { 'mountpoint' => '/rpool' }

data/spec/support/shared_matcher_examples.rb

@@ -370,6 +370,22 @@ shared_examples_for 'support have_home_directory matcher' do |user, path_to_home
   end
 end
 
+shared_examples_for 'support have_authorized_key matcher' do |user, key|
+  describe 'have_authorized_key' do
+    describe user do
+      it { should have_authorized_key key }
+    end
+
+    describe user do
+      it { should_not have_authorized_key 'invalid-publickey' }
+    end
+
+    describe 'dummyuser' do
+      it { should_not have_authorized_key 'invalid-publickey' }
+    end
+  end
+end
+
 shared_examples_for 'support have_iptables_rule matcher' do |rule|
   describe 'have_iptables_rule' do
     describe 'iptables' do
@@ -891,4 +907,4 @@ shared_examples_for 'support linux kernel parameter checking with regexp' do |pa
       its(:value) { should_not match /invalid-string/ }
     end
   end
-end
+end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: serverspec
 version: !ruby/object:Gem::Version 
-  hash: 51
+  hash: 49
   prerelease: false
   segments: 
   - 0
   - 2
-  - 18
-  version: 0.2.18
+  - 19
+  version: 0.2.19
 platform: ruby
 authors: 
 - Gosuke Miyashita
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2013-05-01 00:00:00 +09:00
+date: 2013-05-02 00:00:00 +09:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -151,6 +151,7 @@ files:
 - lib/serverspec/matchers/belong_to_group.rb
 - lib/serverspec/matchers/contain.rb
 - lib/serverspec/matchers/get_stdout.rb
+- lib/serverspec/matchers/have_authorized_key.rb
 - lib/serverspec/matchers/have_cron_entry.rb
 - lib/serverspec/matchers/have_gid.rb
 - lib/serverspec/matchers/have_home_directory.rb