serverspec 0.2.26 → 0.2.27

data/lib/serverspec/commands/base.rb

@@ -175,6 +175,10 @@ module Serverspec
       def check_selinux mode
         raise NotImplementedError.new
       end
+
+      def check_access_by_user file, user, access
+        raise NotImplementedError.new
+      end
     end
   end
 end

data/lib/serverspec/commands/darwin.rb

@@ -4,6 +4,10 @@ module Serverspec
   module Commands
     class Darwin < Base
       class NotImplementedError < Exception; end
+
+      def check_access_by_user file, user, access
+        "sudo -u #{user} -s /bin/test -#{access} #{file}"
+      end
     end
   end
 end

data/lib/serverspec/commands/linux.rb

@@ -5,6 +5,13 @@ module Serverspec
     class Linux < Base
       class NotImplementedError < Exception; end
 
+      def check_access_by_user file, user, access
+        # - Maybe it could also use the darwin one...
+        # but using runuser bcs in linux it's common to change the default sudo configuration.
+        # - Using specific shell to avoid system users not logging in
+        "runuser -s /bin/sh -c \"test -#{access} #{file}\" #{user}"
+      end
+
       def check_iptables_rule rule, table=nil, chain=nil
         cmd = "iptables"
         cmd += " -t #{escape(table)}" if table

data/lib/serverspec/commands/solaris.rb

@@ -82,6 +82,13 @@ module Serverspec
       def check_login_shell user, path_to_shell
         "getent passwd #{escape(user)} | cut -f 7 -d ':' | grep -w -- #{escape(path_to_shell)}"
       end
+
+      def check_access_by_user file, user, access
+        # http://docs.oracle.com/cd/E23823_01/html/816-5166/su-1m.html
+        ## No need for login shell as it seems that behavior as superuser is favorable for us, but needs
+        ## to be better tested under real solaris env
+        "su #{user} test -#{access} #{file}"
+      end
     end
   end
 end

data/lib/serverspec/matchers/be_executable.rb

@@ -1,8 +1,15 @@
 RSpec::Matchers.define :be_executable do
   match do |file|
-    backend.check_executable(example, file, @by_whom)
+    if @by_user != nil
+      backend.check_access_by_user(example, file, @by_user, 'x')
+    else
+      backend.check_executable(example, file, @by_whom)
+    end
   end
   chain :by do |by_whom|
     @by_whom = by_whom
   end
+  chain :by_user do |by_user|
+    @by_user = by_user
+  end
 end

data/lib/serverspec/matchers/be_readable.rb

@@ -1,8 +1,15 @@
 RSpec::Matchers.define :be_readable do
   match do |file|
-    backend.check_readable(example, file, @by_whom)
+    if @by_user != nil
+      backend.check_access_by_user(example, file, @by_user, 'r')
+    else
+      backend.check_readable(example, file, @by_whom)
+    end
   end
   chain :by do |by_whom|
     @by_whom = by_whom
   end
+  chain :by_user do |by_user|
+    @by_user = by_user
+  end
 end

data/lib/serverspec/matchers/be_writable.rb

@@ -1,8 +1,15 @@
 RSpec::Matchers.define :be_writable do
   match do |file|
-    backend.check_writable(example, file, @by_whom)
+    if @by_user != nil
+      backend.check_access_by_user(example, file, @by_user, 'w')
+    else
+      backend.check_writable(example, file, @by_whom)
+    end
   end
   chain :by do |by_whom|
     @by_whom = by_whom
   end
+  chain :by_user do |by_user|
+    @by_user = by_user
+  end
 end

data/lib/serverspec/version.rb

@@ -1,3 +1,3 @@
 module Serverspec
-  VERSION = "0.2.26"
+  VERSION = "0.2.27"
 end

data/spec/darwin/commands_spec.rb

@@ -179,3 +179,20 @@ describe 'get_mode', :os => :darwin do
   subject { commands.get_mode('/dev') }
   it { should eq 'stat -c %a /dev' }
 end
+
+describe 'check_access_by_user', :os => :darwin do
+  context 'read access' do
+    subject {commands.check_access_by_user '/tmp/something', 'dummyuser1', 'r'}
+    it { should eq 'sudo -u dummyuser1 -s /bin/test -r /tmp/something' }
+  end
+
+  context 'write access' do
+    subject {commands.check_access_by_user '/tmp/somethingw', 'dummyuser2', 'w'}
+    it { should eq 'sudo -u dummyuser2 -s /bin/test -w /tmp/somethingw' }
+  end
+
+  context 'execute access' do
+    subject {commands.check_access_by_user '/tmp/somethingx', 'dummyuser3', 'x'}
+    it { should eq 'sudo -u dummyuser3 -s /bin/test -x /tmp/somethingx' }
+  end
+end

data/spec/darwin/matchers_spec.rb

@@ -1,6 +1,6 @@
 require 'spec_helper'
 
-describe 'Serverspec matchers of Red Hat family', :os => :darwin do
+describe 'Serverspec matchers of Darwin', :os => :darwin do
   it_behaves_like 'support be_running matcher', 'sshd'
   it_behaves_like 'support be_running.under("supervisor") matcher', 'growthforecast'
   it_behaves_like 'support be_running.under("not implemented") matcher', 'growthforecast'
@@ -63,6 +63,10 @@ describe 'Serverspec matchers of Red Hat family', :os => :darwin do
   it_behaves_like 'support be_executable_by_group matcher', '/dev'
   it_behaves_like 'support be_executable_by_others matcher', '/dev'
 
+  it_behaves_like 'support be_readable_by_specific_user matcher', '/tmp',  '_appleevents'
+  it_behaves_like 'support be_writable_by_specific_user matcher', '/tmp', '_appleevents'
+  it_behaves_like 'support be_executable_by_specific_user matcher', '/tmp', '_appleevents'
+
   it_behaves_like 'support return_exit_status matcher', 'ls /tmp', 0
 
   it_behaves_like 'support return_stdout matcher', 'cat /etc/resolv.conf', 'localhost'

data/spec/debian/commands_spec.rb

@@ -225,3 +225,20 @@ describe 'get_mode', :os => :debian do
   subject { commands.get_mode('/dev') }
   it { should eq 'stat -c %a /dev' }
 end
+
+describe 'check_access_by_user', :os => :debian do
+  context 'read access' do
+    subject {commands.check_access_by_user '/tmp/something', 'dummyuser1', 'r'}
+    it { should eq  'runuser -s /bin/sh -c "test -r /tmp/something" dummyuser1' }
+  end
+
+  context 'write access' do
+    subject {commands.check_access_by_user '/tmp/somethingw', 'dummyuser2', 'w'}
+    it { should eq  'runuser -s /bin/sh -c "test -w /tmp/somethingw" dummyuser2' }
+  end
+
+  context 'execute access' do
+    subject {commands.check_access_by_user '/tmp/somethingx', 'dummyuser3', 'x'}
+    it { should eq  'runuser -s /bin/sh -c "test -x /tmp/somethingx" dummyuser3' }
+  end
+end

data/spec/debian/matchers_spec.rb

@@ -67,6 +67,10 @@ describe 'Serverspec matchers of Debian family', :os => :debian do
   it_behaves_like 'support be_executable_by_group matcher', '/dev'
   it_behaves_like 'support be_executable_by_others matcher', '/dev'
 
+  it_behaves_like 'support be_readable_by_specific_user matcher', '/tmp', 'mail'
+  it_behaves_like 'support be_writable_by_specific_user matcher', '/tmp',  'mail'
+  it_behaves_like 'support be_executable_by_specific_user matcher', '/tmp', 'mail'
+
   it_behaves_like 'support return_exit_status matcher', 'ls /tmp', 0
 
   it_behaves_like 'support return_stdout matcher', 'cat /etc/resolv.conf', 'localhost'

data/spec/gentoo/commands_spec.rb

@@ -223,3 +223,20 @@ describe 'get_mode', :os => :gentoo do
   subject { commands.get_mode('/dev') }
   it { should eq 'stat -c %a /dev' }
 end
+
+describe 'check_access_by_user', :os => :gentoo do
+  context 'read access' do
+    subject {commands.check_access_by_user '/tmp/something', 'dummyuser1', 'r'}
+    it { should eq  'runuser -s /bin/sh -c "test -r /tmp/something" dummyuser1' }
+  end
+
+  context 'write access' do
+    subject {commands.check_access_by_user '/tmp/somethingw', 'dummyuser2', 'w'}
+    it { should eq  'runuser -s /bin/sh -c "test -w /tmp/somethingw" dummyuser2' }
+  end
+
+  context 'execute access' do
+    subject {commands.check_access_by_user '/tmp/somethingx', 'dummyuser3', 'x'}
+    it { should eq  'runuser -s /bin/sh -c "test -x /tmp/somethingx" dummyuser3' }
+  end
+end

data/spec/gentoo/matchers_spec.rb

@@ -68,6 +68,10 @@ describe 'Serverspec matchers of Gentoo family', :os => :gentoo do
   it_behaves_like 'support be_executable_by_group matcher', '/dev'
   it_behaves_like 'support be_executable_by_others matcher', '/dev'
 
+  it_behaves_like 'support be_readable_by_specific_user matcher', '/tmp', 'mail'
+  it_behaves_like 'support be_writable_by_specific_user matcher', '/tmp',  'mail'
+  it_behaves_like 'support be_executable_by_specific_user matcher', '/tmp', 'mail'
+
   it_behaves_like 'support return_exit_status matcher', 'ls /tmp', 0
 
   it_behaves_like 'support return_stdout matcher', 'cat /etc/resolv.conf', 'localhost'

data/spec/redhat/commands_spec.rb

@@ -223,3 +223,20 @@ describe 'get_mode', :os => :redhat do
   subject { commands.get_mode('/dev') }
   it { should eq 'stat -c %a /dev' }
 end
+
+describe 'check_access_by_user', :os => :redhat do
+  context 'read access' do
+    subject {commands.check_access_by_user '/tmp/something', 'dummyuser1', 'r'}
+    it { should eq  'runuser -s /bin/sh -c "test -r /tmp/something" dummyuser1' }
+  end
+
+  context 'write access' do
+    subject {commands.check_access_by_user '/tmp/somethingw', 'dummyuser2', 'w'}
+    it { should eq  'runuser -s /bin/sh -c "test -w /tmp/somethingw" dummyuser2' }
+  end
+
+  context 'execute access' do
+    subject {commands.check_access_by_user '/tmp/somethingx', 'dummyuser3', 'x'}
+    it { should eq  'runuser -s /bin/sh -c "test -x /tmp/somethingx" dummyuser3' }
+  end
+end

data/spec/redhat/matchers_spec.rb

@@ -69,6 +69,10 @@ describe 'Serverspec matchers of Red Hat family', :os => :redhat do
   it_behaves_like 'support be_executable_by_group matcher', '/dev'
   it_behaves_like 'support be_executable_by_others matcher', '/dev'
 
+  it_behaves_like 'support be_readable_by_specific_user matcher', '/tmp', 'mail'
+  it_behaves_like 'support be_writable_by_specific_user matcher', '/tmp',  'mail'
+  it_behaves_like 'support be_executable_by_specific_user matcher', '/tmp', 'mail'
+
   it_behaves_like 'support be_enforcing matcher',  'selinux'
   it_behaves_like 'support be_permissive matcher', 'selinux'
   it_behaves_like 'support be_disabled matcher',   'selinux'

data/spec/solaris/commands_spec.rb

@@ -237,3 +237,20 @@ describe 'check_svcprops', :os => :solaris do
   it { should eq "svcprop -p httpd/enable_64bit svc:/network/http:apache22 | grep -- \\^false\\$ && svcprop -p httpd/server_type svc:/network/http:apache22 | grep -- \\^worker\\$" }
 end
 
+describe 'check_access_by_user', :os => :solaris do
+  context 'read access' do
+    subject {commands.check_access_by_user '/tmp/something', 'dummyuser1', 'r'}
+    it { should eq 'su dummyuser1 test -r /tmp/something' }
+  end
+
+  context 'write access' do
+    subject {commands.check_access_by_user '/tmp/somethingw', 'dummyuser2', 'w'}
+    it { should eq 'su dummyuser2 test -w /tmp/somethingw' }
+  end
+
+  context 'execute access' do
+    subject {commands.check_access_by_user '/tmp/somethingx', 'dummyuser3', 'x'}
+    it { should eq 'su dummyuser3 test -x /tmp/somethingx' }
+  end
+end
+

data/spec/support/shared_matcher_examples.rb

@@ -718,6 +718,17 @@ shared_examples_for 'support be_readable_by_others matcher' do |file|
   end
 end
 
+shared_examples_for 'support be_readable_by_specific_user matcher' do |file, user|
+  describe 'be_readable_by_specific_user' do
+    describe file do
+      it { should be_readable.by_user(user) }
+    end
+    describe file+'_invalid' do
+      it { should_not be_readable.by_user(user) }
+    end
+  end
+end
+
 shared_examples_for 'support be_writable matcher' do |file|
   describe 'be_writable' do
     describe file do
@@ -806,6 +817,17 @@ shared_examples_for 'support be_writable_by_others matcher' do |file|
   end
 end
 
+shared_examples_for 'support be_writable_by_specific_user matcher' do |file, user|
+  describe 'be_writable_by_specific_user' do
+    describe file do
+      it { should be_writable.by_user(user) }
+    end
+    describe 'invalid-file' do
+      it { should_not be_writable.by_user(user) }
+    end
+  end
+end
+
 shared_examples_for 'support be_executable matcher' do |file|
   describe 'be_executable' do
     describe file do
@@ -894,6 +916,17 @@ shared_examples_for 'support be_executable_by_others matcher' do |file|
   end
 end
 
+shared_examples_for 'support be_executable_by_specific_user matcher' do |file, user|
+  describe 'be_writable_by_specific_user' do
+    describe file do
+      it { should be_executable.by_user(user) }
+    end
+    describe file+'_invalid' do
+      it { should_not be_executable.by_user(user) }
+    end
+  end
+end
+
 shared_examples_for 'support have_ipfilter_rule matcher' do |rule|
   describe 'have_ipfilter_rule' do
     describe 'ipfilter' do

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: serverspec
 version: !ruby/object:Gem::Version 
-  hash: 35
+  hash: 33
   prerelease: false
   segments: 
   - 0
   - 2
-  - 26
-  version: 0.2.26
+  - 27
+  version: 0.2.27
 platform: ruby
 authors: 
 - Gosuke Miyashita
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2013-05-10 00:00:00 +09:00
+date: 2013-05-13 00:00:00 +09:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency