serverspec 0.2.26 → 0.2.27

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -175,6 +175,10 @@ module Serverspec
175
175
  def check_selinux mode
176
176
  raise NotImplementedError.new
177
177
  end
178
+
179
+ def check_access_by_user file, user, access
180
+ raise NotImplementedError.new
181
+ end
178
182
  end
179
183
  end
180
184
  end
@@ -4,6 +4,10 @@ module Serverspec
4
4
  module Commands
5
5
  class Darwin < Base
6
6
  class NotImplementedError < Exception; end
7
+
8
+ def check_access_by_user file, user, access
9
+ "sudo -u #{user} -s /bin/test -#{access} #{file}"
10
+ end
7
11
  end
8
12
  end
9
13
  end
@@ -5,6 +5,13 @@ module Serverspec
5
5
  class Linux < Base
6
6
  class NotImplementedError < Exception; end
7
7
 
8
+ def check_access_by_user file, user, access
9
+ # - Maybe it could also use the darwin one...
10
+ # but using runuser bcs in linux it's common to change the default sudo configuration.
11
+ # - Using specific shell to avoid system users not logging in
12
+ "runuser -s /bin/sh -c \"test -#{access} #{file}\" #{user}"
13
+ end
14
+
8
15
  def check_iptables_rule rule, table=nil, chain=nil
9
16
  cmd = "iptables"
10
17
  cmd += " -t #{escape(table)}" if table
@@ -82,6 +82,13 @@ module Serverspec
82
82
  def check_login_shell user, path_to_shell
83
83
  "getent passwd #{escape(user)} | cut -f 7 -d ':' | grep -w -- #{escape(path_to_shell)}"
84
84
  end
85
+
86
+ def check_access_by_user file, user, access
87
+ # http://docs.oracle.com/cd/E23823_01/html/816-5166/su-1m.html
88
+ ## No need for login shell as it seems that behavior as superuser is favorable for us, but needs
89
+ ## to be better tested under real solaris env
90
+ "su #{user} test -#{access} #{file}"
91
+ end
85
92
  end
86
93
  end
87
94
  end
@@ -1,8 +1,15 @@
1
1
  RSpec::Matchers.define :be_executable do
2
2
  match do |file|
3
- backend.check_executable(example, file, @by_whom)
3
+ if @by_user != nil
4
+ backend.check_access_by_user(example, file, @by_user, 'x')
5
+ else
6
+ backend.check_executable(example, file, @by_whom)
7
+ end
4
8
  end
5
9
  chain :by do |by_whom|
6
10
  @by_whom = by_whom
7
11
  end
12
+ chain :by_user do |by_user|
13
+ @by_user = by_user
14
+ end
8
15
  end
@@ -1,8 +1,15 @@
1
1
  RSpec::Matchers.define :be_readable do
2
2
  match do |file|
3
- backend.check_readable(example, file, @by_whom)
3
+ if @by_user != nil
4
+ backend.check_access_by_user(example, file, @by_user, 'r')
5
+ else
6
+ backend.check_readable(example, file, @by_whom)
7
+ end
4
8
  end
5
9
  chain :by do |by_whom|
6
10
  @by_whom = by_whom
7
11
  end
12
+ chain :by_user do |by_user|
13
+ @by_user = by_user
14
+ end
8
15
  end
@@ -1,8 +1,15 @@
1
1
  RSpec::Matchers.define :be_writable do
2
2
  match do |file|
3
- backend.check_writable(example, file, @by_whom)
3
+ if @by_user != nil
4
+ backend.check_access_by_user(example, file, @by_user, 'w')
5
+ else
6
+ backend.check_writable(example, file, @by_whom)
7
+ end
4
8
  end
5
9
  chain :by do |by_whom|
6
10
  @by_whom = by_whom
7
11
  end
12
+ chain :by_user do |by_user|
13
+ @by_user = by_user
14
+ end
8
15
  end
@@ -1,3 +1,3 @@
1
1
  module Serverspec
2
- VERSION = "0.2.26"
2
+ VERSION = "0.2.27"
3
3
  end
@@ -179,3 +179,20 @@ describe 'get_mode', :os => :darwin do
179
179
  subject { commands.get_mode('/dev') }
180
180
  it { should eq 'stat -c %a /dev' }
181
181
  end
182
+
183
+ describe 'check_access_by_user', :os => :darwin do
184
+ context 'read access' do
185
+ subject {commands.check_access_by_user '/tmp/something', 'dummyuser1', 'r'}
186
+ it { should eq 'sudo -u dummyuser1 -s /bin/test -r /tmp/something' }
187
+ end
188
+
189
+ context 'write access' do
190
+ subject {commands.check_access_by_user '/tmp/somethingw', 'dummyuser2', 'w'}
191
+ it { should eq 'sudo -u dummyuser2 -s /bin/test -w /tmp/somethingw' }
192
+ end
193
+
194
+ context 'execute access' do
195
+ subject {commands.check_access_by_user '/tmp/somethingx', 'dummyuser3', 'x'}
196
+ it { should eq 'sudo -u dummyuser3 -s /bin/test -x /tmp/somethingx' }
197
+ end
198
+ end
@@ -1,6 +1,6 @@
1
1
  require 'spec_helper'
2
2
 
3
- describe 'Serverspec matchers of Red Hat family', :os => :darwin do
3
+ describe 'Serverspec matchers of Darwin', :os => :darwin do
4
4
  it_behaves_like 'support be_running matcher', 'sshd'
5
5
  it_behaves_like 'support be_running.under("supervisor") matcher', 'growthforecast'
6
6
  it_behaves_like 'support be_running.under("not implemented") matcher', 'growthforecast'
@@ -63,6 +63,10 @@ describe 'Serverspec matchers of Red Hat family', :os => :darwin do
63
63
  it_behaves_like 'support be_executable_by_group matcher', '/dev'
64
64
  it_behaves_like 'support be_executable_by_others matcher', '/dev'
65
65
 
66
+ it_behaves_like 'support be_readable_by_specific_user matcher', '/tmp', '_appleevents'
67
+ it_behaves_like 'support be_writable_by_specific_user matcher', '/tmp', '_appleevents'
68
+ it_behaves_like 'support be_executable_by_specific_user matcher', '/tmp', '_appleevents'
69
+
66
70
  it_behaves_like 'support return_exit_status matcher', 'ls /tmp', 0
67
71
 
68
72
  it_behaves_like 'support return_stdout matcher', 'cat /etc/resolv.conf', 'localhost'
@@ -225,3 +225,20 @@ describe 'get_mode', :os => :debian do
225
225
  subject { commands.get_mode('/dev') }
226
226
  it { should eq 'stat -c %a /dev' }
227
227
  end
228
+
229
+ describe 'check_access_by_user', :os => :debian do
230
+ context 'read access' do
231
+ subject {commands.check_access_by_user '/tmp/something', 'dummyuser1', 'r'}
232
+ it { should eq 'runuser -s /bin/sh -c "test -r /tmp/something" dummyuser1' }
233
+ end
234
+
235
+ context 'write access' do
236
+ subject {commands.check_access_by_user '/tmp/somethingw', 'dummyuser2', 'w'}
237
+ it { should eq 'runuser -s /bin/sh -c "test -w /tmp/somethingw" dummyuser2' }
238
+ end
239
+
240
+ context 'execute access' do
241
+ subject {commands.check_access_by_user '/tmp/somethingx', 'dummyuser3', 'x'}
242
+ it { should eq 'runuser -s /bin/sh -c "test -x /tmp/somethingx" dummyuser3' }
243
+ end
244
+ end
@@ -67,6 +67,10 @@ describe 'Serverspec matchers of Debian family', :os => :debian do
67
67
  it_behaves_like 'support be_executable_by_group matcher', '/dev'
68
68
  it_behaves_like 'support be_executable_by_others matcher', '/dev'
69
69
 
70
+ it_behaves_like 'support be_readable_by_specific_user matcher', '/tmp', 'mail'
71
+ it_behaves_like 'support be_writable_by_specific_user matcher', '/tmp', 'mail'
72
+ it_behaves_like 'support be_executable_by_specific_user matcher', '/tmp', 'mail'
73
+
70
74
  it_behaves_like 'support return_exit_status matcher', 'ls /tmp', 0
71
75
 
72
76
  it_behaves_like 'support return_stdout matcher', 'cat /etc/resolv.conf', 'localhost'
@@ -223,3 +223,20 @@ describe 'get_mode', :os => :gentoo do
223
223
  subject { commands.get_mode('/dev') }
224
224
  it { should eq 'stat -c %a /dev' }
225
225
  end
226
+
227
+ describe 'check_access_by_user', :os => :gentoo do
228
+ context 'read access' do
229
+ subject {commands.check_access_by_user '/tmp/something', 'dummyuser1', 'r'}
230
+ it { should eq 'runuser -s /bin/sh -c "test -r /tmp/something" dummyuser1' }
231
+ end
232
+
233
+ context 'write access' do
234
+ subject {commands.check_access_by_user '/tmp/somethingw', 'dummyuser2', 'w'}
235
+ it { should eq 'runuser -s /bin/sh -c "test -w /tmp/somethingw" dummyuser2' }
236
+ end
237
+
238
+ context 'execute access' do
239
+ subject {commands.check_access_by_user '/tmp/somethingx', 'dummyuser3', 'x'}
240
+ it { should eq 'runuser -s /bin/sh -c "test -x /tmp/somethingx" dummyuser3' }
241
+ end
242
+ end
@@ -68,6 +68,10 @@ describe 'Serverspec matchers of Gentoo family', :os => :gentoo do
68
68
  it_behaves_like 'support be_executable_by_group matcher', '/dev'
69
69
  it_behaves_like 'support be_executable_by_others matcher', '/dev'
70
70
 
71
+ it_behaves_like 'support be_readable_by_specific_user matcher', '/tmp', 'mail'
72
+ it_behaves_like 'support be_writable_by_specific_user matcher', '/tmp', 'mail'
73
+ it_behaves_like 'support be_executable_by_specific_user matcher', '/tmp', 'mail'
74
+
71
75
  it_behaves_like 'support return_exit_status matcher', 'ls /tmp', 0
72
76
 
73
77
  it_behaves_like 'support return_stdout matcher', 'cat /etc/resolv.conf', 'localhost'
@@ -223,3 +223,20 @@ describe 'get_mode', :os => :redhat do
223
223
  subject { commands.get_mode('/dev') }
224
224
  it { should eq 'stat -c %a /dev' }
225
225
  end
226
+
227
+ describe 'check_access_by_user', :os => :redhat do
228
+ context 'read access' do
229
+ subject {commands.check_access_by_user '/tmp/something', 'dummyuser1', 'r'}
230
+ it { should eq 'runuser -s /bin/sh -c "test -r /tmp/something" dummyuser1' }
231
+ end
232
+
233
+ context 'write access' do
234
+ subject {commands.check_access_by_user '/tmp/somethingw', 'dummyuser2', 'w'}
235
+ it { should eq 'runuser -s /bin/sh -c "test -w /tmp/somethingw" dummyuser2' }
236
+ end
237
+
238
+ context 'execute access' do
239
+ subject {commands.check_access_by_user '/tmp/somethingx', 'dummyuser3', 'x'}
240
+ it { should eq 'runuser -s /bin/sh -c "test -x /tmp/somethingx" dummyuser3' }
241
+ end
242
+ end
@@ -69,6 +69,10 @@ describe 'Serverspec matchers of Red Hat family', :os => :redhat do
69
69
  it_behaves_like 'support be_executable_by_group matcher', '/dev'
70
70
  it_behaves_like 'support be_executable_by_others matcher', '/dev'
71
71
 
72
+ it_behaves_like 'support be_readable_by_specific_user matcher', '/tmp', 'mail'
73
+ it_behaves_like 'support be_writable_by_specific_user matcher', '/tmp', 'mail'
74
+ it_behaves_like 'support be_executable_by_specific_user matcher', '/tmp', 'mail'
75
+
72
76
  it_behaves_like 'support be_enforcing matcher', 'selinux'
73
77
  it_behaves_like 'support be_permissive matcher', 'selinux'
74
78
  it_behaves_like 'support be_disabled matcher', 'selinux'
@@ -237,3 +237,20 @@ describe 'check_svcprops', :os => :solaris do
237
237
  it { should eq "svcprop -p httpd/enable_64bit svc:/network/http:apache22 | grep -- \\^false\\$ && svcprop -p httpd/server_type svc:/network/http:apache22 | grep -- \\^worker\\$" }
238
238
  end
239
239
 
240
+ describe 'check_access_by_user', :os => :solaris do
241
+ context 'read access' do
242
+ subject {commands.check_access_by_user '/tmp/something', 'dummyuser1', 'r'}
243
+ it { should eq 'su dummyuser1 test -r /tmp/something' }
244
+ end
245
+
246
+ context 'write access' do
247
+ subject {commands.check_access_by_user '/tmp/somethingw', 'dummyuser2', 'w'}
248
+ it { should eq 'su dummyuser2 test -w /tmp/somethingw' }
249
+ end
250
+
251
+ context 'execute access' do
252
+ subject {commands.check_access_by_user '/tmp/somethingx', 'dummyuser3', 'x'}
253
+ it { should eq 'su dummyuser3 test -x /tmp/somethingx' }
254
+ end
255
+ end
256
+
@@ -718,6 +718,17 @@ shared_examples_for 'support be_readable_by_others matcher' do |file|
718
718
  end
719
719
  end
720
720
 
721
+ shared_examples_for 'support be_readable_by_specific_user matcher' do |file, user|
722
+ describe 'be_readable_by_specific_user' do
723
+ describe file do
724
+ it { should be_readable.by_user(user) }
725
+ end
726
+ describe file+'_invalid' do
727
+ it { should_not be_readable.by_user(user) }
728
+ end
729
+ end
730
+ end
731
+
721
732
  shared_examples_for 'support be_writable matcher' do |file|
722
733
  describe 'be_writable' do
723
734
  describe file do
@@ -806,6 +817,17 @@ shared_examples_for 'support be_writable_by_others matcher' do |file|
806
817
  end
807
818
  end
808
819
 
820
+ shared_examples_for 'support be_writable_by_specific_user matcher' do |file, user|
821
+ describe 'be_writable_by_specific_user' do
822
+ describe file do
823
+ it { should be_writable.by_user(user) }
824
+ end
825
+ describe 'invalid-file' do
826
+ it { should_not be_writable.by_user(user) }
827
+ end
828
+ end
829
+ end
830
+
809
831
  shared_examples_for 'support be_executable matcher' do |file|
810
832
  describe 'be_executable' do
811
833
  describe file do
@@ -894,6 +916,17 @@ shared_examples_for 'support be_executable_by_others matcher' do |file|
894
916
  end
895
917
  end
896
918
 
919
+ shared_examples_for 'support be_executable_by_specific_user matcher' do |file, user|
920
+ describe 'be_writable_by_specific_user' do
921
+ describe file do
922
+ it { should be_executable.by_user(user) }
923
+ end
924
+ describe file+'_invalid' do
925
+ it { should_not be_executable.by_user(user) }
926
+ end
927
+ end
928
+ end
929
+
897
930
  shared_examples_for 'support have_ipfilter_rule matcher' do |rule|
898
931
  describe 'have_ipfilter_rule' do
899
932
  describe 'ipfilter' do
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: serverspec
3
3
  version: !ruby/object:Gem::Version
4
- hash: 35
4
+ hash: 33
5
5
  prerelease: false
6
6
  segments:
7
7
  - 0
8
8
  - 2
9
- - 26
10
- version: 0.2.26
9
+ - 27
10
+ version: 0.2.27
11
11
  platform: ruby
12
12
  authors:
13
13
  - Gosuke Miyashita
@@ -15,7 +15,7 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2013-05-10 00:00:00 +09:00
18
+ date: 2013-05-13 00:00:00 +09:00
19
19
  default_executable:
20
20
  dependencies:
21
21
  - !ruby/object:Gem::Dependency