serverspec 0.6.21 → 0.6.22

data/Rakefile

@@ -4,7 +4,7 @@ require 'rspec/core/rake_task'
 task :spec => 'spec:all'
 
 namespace :spec do
-  oses = %w( darwin debian gentoo redhat solaris solaris10 smartos )
+  oses = %w( darwin debian gentoo redhat solaris solaris10 solaris11 smartos )
 
   task :all => [ oses.map {|os| "spec:#{os}" }, :helpers, :exec, :ssh ].flatten
 

data/lib/serverspec.rb

@@ -13,6 +13,7 @@ require 'serverspec/commands/debian'
 require 'serverspec/commands/gentoo'
 require 'serverspec/commands/solaris'
 require 'serverspec/commands/solaris10'
+require 'serverspec/commands/solaris11'
 require 'serverspec/commands/smartos'
 require 'serverspec/commands/darwin'
 require 'serverspec/configuration'
@@ -35,6 +36,7 @@ RSpec.configure do |c|
   c.include(Serverspec::Helper::Gentoo,    :os => :gentoo)
   c.include(Serverspec::Helper::Solaris,   :os => :solaris)
   c.include(Serverspec::Helper::Solaris10, :os => :solaris10)
+  c.include(Serverspec::Helper::Solaris11, :os => :solaris11)
   c.include(Serverspec::Helper::SmartOS,   :os => :smartos)
   c.include(Serverspec::Helper::Darwin,    :os => :darwin)
   c.add_setting :os,            :default => nil

data/lib/serverspec/backend/exec.rb

@@ -200,6 +200,8 @@ module Serverspec
         elsif (os = run_command('uname -sr')[:stdout]) && os =~ /SunOS/i
           if os =~ /5.10/
             'Solaris10'
+          elsif run_command('grep -q "Oracle Solaris 11" /etc/release')[:exit_status] == 0
+            'Solaris11'
           elsif run_command('grep -q SmartOS /etc/release')[:exit_status] == 0
             'SmartOS'
           else

data/lib/serverspec/commands/base.rb

@@ -77,6 +77,11 @@ module Serverspec
         "netstat -tunl | grep -- #{escape(regexp)}"
       end
 
+      def check_listening_with_protocol(port, protocol)
+        regexp = "^#{protocol} .*:#{port} "
+        "netstat -tunl | grep -- #{escape(regexp)}"
+      end
+
       def check_running(service)
         "service #{escape(service)} status"
       end

data/lib/serverspec/commands/smartos.rb

@@ -8,6 +8,14 @@ module Serverspec
         end
         cmd
       end
+
+      def check_enabled(service, level=3)
+        "svcs -l #{escape(service)} 2> /dev/null | grep -wx '^enabled.*true$'"
+      end
+
+      def check_running(service)
+        "svcs -l #{escape(service)} status 2> /dev/null |grep -wx '^state.*online$'"
+      end
     end
   end
 end

data/lib/serverspec/commands/solaris.rb

@@ -2,7 +2,7 @@ module Serverspec
   module Commands
     class Solaris < Base
       def check_enabled(service, level=3)
-        "svcs -l #{escape(service)} 2> /dev/null | grep -wx '^enabled.*true$'"
+        "svcs -l #{escape(service)} 2> /dev/null | egrep '^enabled *true$'"
       end
 
       def check_installed(package, version=nil)
@@ -18,8 +18,13 @@ module Serverspec
         "netstat -an 2> /dev/null | egrep 'LISTEN|Idle' | grep -- #{escape(regexp)}"
       end
 
+      def check_listening_with_protocol(port, protocol)
+        regexp = ".*\.#{port} "
+        "netstat -an -P #{escape(protocol)} 2> /dev/null | egrep 'LISTEN|Idle' | grep -- #{escape(regexp)}"
+      end
+
       def check_running(service)
-        "svcs -l #{escape(service)} status 2> /dev/null |grep -wx '^state.*online$'"
+        "svcs -l #{escape(service)} status 2> /dev/null | egrep '^state *online$'"
       end
 
       def check_cron_entry(user, entry)

data/lib/serverspec/commands/solaris11.rb

@@ -0,0 +1,7 @@
+module Serverspec
+  module Commands
+    class Solaris11 < Solaris
+      # Please implement Solaris 11 specific commands
+    end
+  end
+end

data/lib/serverspec/helper.rb

@@ -11,6 +11,7 @@ require 'serverspec/helper/debian'
 require 'serverspec/helper/gentoo'
 require 'serverspec/helper/solaris'
 require 'serverspec/helper/solaris10'
+require 'serverspec/helper/solaris11'
 require 'serverspec/helper/smartos'
 require 'serverspec/helper/darwin'
 require 'serverspec/helper/detect_os'

data/lib/serverspec/helper/solaris11.rb

@@ -0,0 +1,9 @@
+module Serverspec
+  module Helper
+    module Solaris11
+      def commands
+        Serverspec::Commands::Solaris11.new
+      end
+    end
+  end
+end

data/lib/serverspec/matchers.rb

@@ -6,6 +6,9 @@ require 'serverspec/matchers/be_writable'
 require 'serverspec/matchers/be_executable'
 require 'serverspec/matchers/match_md5checksum'
 
+# port
+require 'serverspec/matchers/be_listening'
+
 # host
 require 'serverspec/matchers/be_resolvable'
 require 'serverspec/matchers/be_reachable'

data/lib/serverspec/matchers/be_listening.rb

@@ -0,0 +1,9 @@
+RSpec::Matchers.define :be_listening do
+  match do |port|
+    port.listening?(@with)
+  end
+
+  chain :with do |with|
+    @with = with 
+  end
+end

data/lib/serverspec/type/port.rb

@@ -1,8 +1,17 @@
 module Serverspec
   module Type
     class Port < Base
-      def listening?
-        backend.check_listening(@name)
+      def listening?(protocol)
+        if protocol 
+          protocol = protocol.to_s.downcase
+          unless ["udp", "tcp"].include?(protocol)
+            raise ArgumentError.new("`be_listening` matcher doesn't support #{protocol}")
+          end
+
+          backend.check_listening_with_protocol(@name, protocol)
+        else
+          backend.check_listening(@name)
+        end
       end
     end
   end

data/lib/serverspec/version.rb

@@ -1,3 +1,3 @@
 module Serverspec
-  VERSION = "0.6.21"
+  VERSION = "0.6.22"
 end

data/spec/darwin/port_spec.rb

@@ -10,3 +10,21 @@ end
 describe port('invalid') do
   it { should_not be_listening }
 end
+
+describe port(80) do
+  it { should be_listening.with("tcp") }
+  its(:command) { should eq 'netstat -tunl | grep -- \\^tcp\\ .\\*:80\\ ' }
+end
+
+describe port(123) do
+  it { should be_listening.with("udp") }
+  its(:command) { should eq 'netstat -tunl | grep -- \\^udp\\ .\\*:123\\ ' }
+end
+
+describe port(80) do
+  it { 
+    expect {
+      should be_listening.with('not implemented')
+    }.to raise_error(ArgumentError, %r/\A`be_listening` matcher doesn\'t support/)
+  }
+end

data/spec/debian/port_spec.rb

@@ -10,3 +10,21 @@ end
 describe port('invalid') do
   it { should_not be_listening }
 end
+
+describe port(80) do
+  it { should be_listening.with("tcp") }
+  its(:command) { should eq 'netstat -tunl | grep -- \\^tcp\\ .\\*:80\\ ' }
+end
+
+describe port(123) do
+  it { should be_listening.with("udp") }
+  its(:command) { should eq 'netstat -tunl | grep -- \\^udp\\ .\\*:123\\ ' }
+end
+
+describe port(80) do
+  it { 
+    expect {
+      should be_listening.with('not implemented')
+    }.to raise_error(ArgumentError, %r/\A`be_listening` matcher doesn\'t support/)
+  }
+end

data/spec/gentoo/port_spec.rb

@@ -10,3 +10,21 @@ end
 describe port('invalid') do
   it { should_not be_listening }
 end
+
+describe port(80) do
+  it { should be_listening.with("tcp") }
+  its(:command) { should eq 'netstat -tunl | grep -- \\^tcp\\ .\\*:80\\ ' }
+end
+
+describe port(123) do
+  it { should be_listening.with("udp") }
+  its(:command) { should eq 'netstat -tunl | grep -- \\^udp\\ .\\*:123\\ ' }
+end
+
+describe port(80) do
+  it { 
+    expect {
+      should be_listening.with('not implemented')
+    }.to raise_error(ArgumentError, %r/\A`be_listening` matcher doesn\'t support/)
+  }
+end

data/spec/redhat/port_spec.rb

@@ -10,3 +10,21 @@ end
 describe port('invalid') do
   it { should_not be_listening }
 end
+
+describe port(80) do
+  it { should be_listening.with("tcp") }
+  its(:command) { should eq 'netstat -tunl | grep -- \\^tcp\\ .\\*:80\\ ' }
+end
+
+describe port(123) do
+  it { should be_listening.with("udp") }
+  its(:command) { should eq 'netstat -tunl | grep -- \\^udp\\ .\\*:123\\ ' }
+end
+
+describe port(80) do
+  it { 
+    expect {
+      should be_listening.with('not implemented')
+    }.to raise_error(ArgumentError, %r/\A`be_listening` matcher doesn\'t support/)
+  }
+end

data/spec/solaris/commands_spec.rb

@@ -21,12 +21,27 @@ end
 
 describe 'check_enabled' do
   subject { commands.check_enabled('httpd') }
-  it { should eq "svcs -l httpd 2> /dev/null | grep -wx '^enabled.*true$'" }
+  it { should eq "svcs -l httpd 2> /dev/null | egrep '^enabled *true$'" }
 end
 
 describe 'check_running' do
   subject { commands.check_running('httpd') }
-  it { should eq "svcs -l httpd status 2> /dev/null |grep -wx '^state.*online$'" }
+  it { should eq "svcs -l httpd status 2> /dev/null | egrep '^state *online$'" }
+end
+
+describe 'check_listening' do
+  subject { commands.check_listening(80) }
+  it { should eq %q!netstat -an 2> /dev/null | egrep 'LISTEN|Idle' | grep -- .80\\ ! }
+end
+
+describe 'check_listening_with_tcp' do
+  subject { commands.check_listening_with_protocol(80, "tcp") }
+  it { should eq %q!netstat -an -P tcp 2> /dev/null | egrep 'LISTEN|Idle' | grep -- .\\*.80\\ ! }
+end
+
+describe 'check_listening_with_udp' do
+  subject { commands.check_listening_with_protocol(123, "udp") }
+  it { should eq %q!netstat -an -P udp 2> /dev/null | egrep 'LISTEN|Idle' | grep -- .\\*.123\\ ! }
 end
 
 describe 'check_belonging_group' do

data/spec/solaris/port_spec.rb

@@ -10,3 +10,21 @@ end
 describe port('invalid') do
   it { should_not be_listening }
 end
+
+describe port(80) do
+  it { should be_listening.with("tcp") }
+  its(:command) { should eq %q!netstat -an -P tcp 2> /dev/null | egrep 'LISTEN|Idle' | grep -- .\\*.80\\ ! }
+end
+
+describe port(123) do
+  it { should be_listening.with("udp") }
+  its(:command) { should eq %q!netstat -an -P udp 2> /dev/null | egrep 'LISTEN|Idle' | grep -- .\\*.123\\ ! }
+end
+
+describe port(80) do
+  it { 
+    expect {
+      should be_listening.with('not implemented')
+    }.to raise_error(ArgumentError, %r/\A`be_listening` matcher doesn\'t support/)
+  }
+end

data/spec/solaris10/commands_spec.rb

@@ -20,12 +20,12 @@ end
 
 describe 'check_enabled' do
   subject { commands.check_enabled('httpd') }
-  it { should eq "svcs -l httpd 2> /dev/null | grep -wx '^enabled.*true$'" }
+  it { should eq "svcs -l httpd 2> /dev/null | egrep '^enabled *true$'" }
 end
 
 describe 'check_running' do
   subject { commands.check_running('httpd') }
-  it { should eq "svcs -l httpd status 2> /dev/null |grep -wx '^state.*online$'" }
+  it { should eq "svcs -l httpd status 2> /dev/null | egrep '^state *online$'" }
 end
 
 describe 'check_belonging_group' do

data/spec/solaris11/command_spec.rb

@@ -0,0 +1,48 @@
+require 'spec_helper'
+
+include Serverspec::Helper::Solaris11
+
+describe command('cat /etc/resolv.conf') do
+  let(:stdout) { "nameserver 127.0.0.1\r\n" }
+  it { should return_stdout("nameserver 127.0.0.1") }
+  its(:command) { should eq 'cat /etc/resolv.conf' }
+end
+
+describe 'complete matching of stdout' do
+  context command('cat /etc/resolv.conf') do
+    let(:stdout) { "foocontent-should-be-includedbar\r\n" }
+    it { should_not return_stdout('content-should-be-included') }
+  end
+end
+
+describe 'regexp matching of stdout' do
+  context command('cat /etc/resolv.conf') do
+    let(:stdout) { "nameserver 127.0.0.1\r\n" }
+    it { should return_stdout(/127\.0\.0\.1/) }
+  end
+end
+
+describe command('cat /etc/resolv.conf') do
+  let(:stdout) { "No such file or directory\r\n" }
+  it { should return_stderr("No such file or directory") }
+  its(:command) { should eq 'cat /etc/resolv.conf' }
+end
+
+describe 'complete matching of stderr' do
+  context command('cat /etc/resolv.conf') do
+    let(:stdout) { "No such file or directory\r\n" }
+    it { should_not return_stdout('file') }
+  end
+end
+
+describe 'regexp matching of stderr' do
+  context command('cat /etc/resolv.conf') do
+    let(:stdout) { "No such file or directory\r\n" }
+    it { should return_stderr(/file/) }
+  end
+end
+
+describe command('cat /etc/resolv.conf') do
+  it { should return_exit_status 0 }
+  its(:command) { should eq 'cat /etc/resolv.conf' }
+end

data/spec/solaris11/commands_spec.rb

@@ -0,0 +1,82 @@
+require 'spec_helper'
+
+include Serverspec::Helper::Solaris11
+
+describe 'Serverspec commands of Solaris11 family' do
+
+  it_behaves_like 'support command check_user', 'root'
+  it_behaves_like 'support command check_user', 'wheel'
+
+  it_behaves_like 'support command check_running_under_supervisor', 'httpd'
+  it_behaves_like 'support command check_monitored_by_monit', 'unicorn'
+  it_behaves_like 'support command check_process', 'httpd'
+
+  it_behaves_like 'support command check_uid', 'root', 0
+
+  it_behaves_like 'support command check_login_shell', 'root', '/bin/bash'
+  it_behaves_like 'support command check_home_directory', 'root', '/root'
+
+  it_behaves_like 'support command check_authorized_key'
+end
+
+describe 'check_enabled' do
+  subject { commands.check_enabled('httpd') }
+  it { should eq "svcs -l httpd 2> /dev/null | egrep '^enabled *true$'" }
+end
+
+describe 'check_running' do
+  subject { commands.check_running('httpd') }
+  it { should eq "svcs -l httpd status 2> /dev/null | egrep '^state *online$'" }
+end
+
+describe 'check_belonging_group' do
+  subject { commands.check_belonging_group('root', 'wheel') }
+  it { should eq "id -Gn root | grep -- wheel" }
+end
+
+describe 'check_gid' do
+  subject { commands.check_gid('root', 0) }
+  it { should eq "getent group | grep -- \\^root: | cut -f 3 -d ':' | grep -w -- 0" }
+end
+
+describe 'check_zfs' do
+  context 'check without properties' do
+    subject { commands.check_zfs('rpool') }
+    it { should eq "zfs list -H rpool" }
+  end
+
+  context 'check with a property' do
+    subject { commands.check_zfs('rpool', { 'mountpoint' => '/rpool' }) }
+    it { should eq "zfs list -H -o mountpoint rpool | grep -- \\^/rpool\\$" }
+  end
+
+  context 'check with multiple properties' do
+    subject { commands.check_zfs('rpool', { 'mountpoint'  => '/rpool', 'compression' => 'off' }) }
+    it { should eq "zfs list -H -o compression rpool | grep -- \\^off\\$ && zfs list -H -o mountpoint rpool | grep -- \\^/rpool\\$" }
+  end
+end
+
+describe 'check_ip_filter_rule' do
+  subject { commands.check_ipfilter_rule('pass in quick on lo0 all') }
+  it { should eq "ipfstat -io 2> /dev/null | grep -- pass\\ in\\ quick\\ on\\ lo0\\ all" }
+end
+
+describe 'check_ipnat_rule' do
+  subject { commands.check_ipnat_rule('map net1 192.168.0.0/24 -> 0.0.0.0/32') }
+  it { should eq "ipnat -l 2> /dev/null | grep -- \\^map\\ net1\\ 192.168.0.0/24\\ -\\>\\ 0.0.0.0/32\\$" }
+end
+
+describe 'check_svcprop' do
+  subject { commands.check_svcprop('svc:/network/http:apache22', 'httpd/enable_64bit','false') }
+  it { should eq "svcprop -p httpd/enable_64bit svc:/network/http:apache22 | grep -- \\^false\\$" }
+end
+
+describe 'check_svcprops' do
+  subject {
+    commands.check_svcprops('svc:/network/http:apache22', {
+      'httpd/enable_64bit' => 'false',
+      'httpd/server_type'  => 'worker',
+    })
+  }
+  it { should eq "svcprop -p httpd/enable_64bit svc:/network/http:apache22 | grep -- \\^false\\$ && svcprop -p httpd/server_type svc:/network/http:apache22 | grep -- \\^worker\\$" }
+end