serverspec 0.9.1 → 0.9.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: db9382459ee16f535fa09efbe1227d821f06156a
-  data.tar.gz: 586c2b1e2d923d3279b28e32bb587e2ef43b58a1
+  metadata.gz: d4eeced11ef9fa8cc2353a2747706ced43e97558
+  data.tar.gz: 845034cbc6d34d36a2a3566a39b34f19f924fd48
 SHA512:
-  metadata.gz: 8844aeac98285e412ae03cca2bfc86846104e31c72827042676e23ed65c7de47f892f5c019b12d329a5bf48513aac77893fd5df1b638f9ddeb251e533f5f71d5
-  data.tar.gz: 143c9e0d6b86f4796559b916cb54f7a80035764d7f93ab404850e6e5daca7d9020e5f35077304e912c47068bc1ec215928f9bdad394b0fb8bb509f51a519169d
+  metadata.gz: 1eea47c5f65a3dcfa6664352c3d718e4045201dd37f2630b5a7c866fa652074c2350c09e1d63c666bed9454177867f7e2c343beda9735e6d6549b227e017e155
+  data.tar.gz: db04934904b9bba0336c00bb3883449e68f4c36c80efa903de168e4785bc5c1f13dc0693989c3a96c83c93150dc38bda925fe3fbcea82db4dc1c1e2a3ed6988c

data/Rakefile

@@ -4,7 +4,7 @@ require 'rspec/core/rake_task'
 task :spec => 'spec:all'
 
 namespace :spec do
-  oses = %w( darwin debian gentoo redhat solaris solaris10 solaris11 smartos windows)
+  oses = %w( darwin debian gentoo redhat aix solaris solaris10 solaris11 smartos windows)
 
   task :all => [ oses.map {|os| "spec:#{os}" }, :helpers, :exec, :ssh, :cmd, :winrm, :powershell ].flatten
 

data/lib/serverspec/backend/exec.rb

@@ -166,6 +166,8 @@ module Serverspec
           'Debian'
         elsif run_command('ls /etc/gentoo-release')[:exit_status] == 0
           'Gentoo'
+        elsif run_command('uname -s')[:stdout] =~ /AIX/i
+           'Aix'
         elsif (os = run_command('uname -sr')[:stdout]) && os =~ /SunOS/i
           if os =~ /5.10/
             'Solaris10'

data/lib/serverspec/commands/aix.rb

@@ -0,0 +1,69 @@
+require 'shellwords'
+
+module Serverspec
+  module Commands
+    class Aix < Base
+      class NotImplementedError < Exception; end
+
+      def check_access_by_user(file, user, access)
+        "su -s sh -c \"test -#{access} #{file}\" #{user}"
+      end
+
+      def check_enabled(service,level=nil)
+         "lssrc -s #{escape(service)} | grep active"
+      end
+       
+      def check_running(service)
+         "ps -ef | grep -v grep | grep #{escape(service)}"
+      end
+
+      def check_installed(package,version)
+        
+        if version
+            "lslpp -L #{escape(package)} | awk '{print $2}' |  grep -w -- #{version}"
+         else
+            "lslpp -L #{escape(package)}"
+         end
+      end
+
+      def check_listening(port)
+        regexp = "*.#{port} "
+        "netstat -an -f inet | awk '{print $4}' | grep  -- #{regexp}"
+        #"netstat -an -f inet | awk '{print $4}' | grep  -- #{escape(regexp)}"
+      end
+
+      def check_belonging_group(user, group)
+        "lsuser -a groups #{escape(user)} | awk -F'=' '{print $2}'| sed -e 's/,/ /g' |grep -w  -- #{escape(group)}"
+      end
+
+      def check_gid(group, gid)
+        regexp = "^#{group}"
+        "cat etc/group | grep -w -- #{escape(regexp)} | cut -f 3 -d ':' | grep -w -- #{escape(gid)}"
+      end
+
+      def check_login_shell(user, path_to_shell)
+        "lsuser -a shell #{escape(user)} |awk -F'=' '{print $2}' | grep -w -- #{escape(path_to_shell)}"
+      end
+
+      def check_home_directory(user, path_to_home)
+        "lsuser -a home #{escape(user)} | awk -F'=' '{print $2}' | grep -w -- #{escape(path_to_home)}"
+      end
+
+      def check_mode(file, mode)
+        false unless sprintf("%o",File.stat(file).mode).slice!(3,3) == mode
+      end
+
+      def check_owner(file, owner)
+        regexp = "^#{owner}$"
+        "ls -al #{escape(file)} | awk '{print $3}' | grep -- #{escape(regexp)}"
+      end
+
+      def check_grouped(file, group)
+        regexp = "^#{group}$"
+        "ls -al #{escape(file)} | awk '{print $4}' | grep -- #{escape(regexp)}"
+      end
+
+
+    end
+  end
+end

data/lib/serverspec/helper/aix.rb

@@ -0,0 +1,9 @@
+module Serverspec
+  module Helper
+    module Aix
+      def commands
+        Serverspec::Commands::Aix.new
+      end
+    end
+  end
+end

data/lib/serverspec/helper.rb

@@ -11,6 +11,7 @@ require 'serverspec/helper/puppet'
 require 'serverspec/helper/redhat'
 require 'serverspec/helper/debian'
 require 'serverspec/helper/gentoo'
+require 'serverspec/helper/aix'
 require 'serverspec/helper/solaris'
 require 'serverspec/helper/solaris10'
 require 'serverspec/helper/solaris11'

data/lib/serverspec/version.rb

@@ -1,3 +1,3 @@
 module Serverspec
-  VERSION = "0.9.1"
+  VERSION = "0.9.2"
 end

data/lib/serverspec.rb

@@ -11,6 +11,7 @@ require 'serverspec/commands/linux'
 require 'serverspec/commands/redhat'
 require 'serverspec/commands/debian'
 require 'serverspec/commands/gentoo'
+require 'serverspec/commands/aix'
 require 'serverspec/commands/solaris'
 require 'serverspec/commands/solaris10'
 require 'serverspec/commands/solaris11'
@@ -35,6 +36,7 @@ RSpec.configure do |c|
   c.include(Serverspec::Helper::RedHat,    :os => :redhat)
   c.include(Serverspec::Helper::Debian,    :os => :debian)
   c.include(Serverspec::Helper::Gentoo,    :os => :gentoo)
+  c.include(Serverspec::Helper::Aix,	   :os => :aix)
   c.include(Serverspec::Helper::Solaris,   :os => :solaris)
   c.include(Serverspec::Helper::Solaris10, :os => :solaris10)
   c.include(Serverspec::Helper::Solaris11, :os => :solaris11)

data/spec/aix/command_spec.rb

@@ -0,0 +1,48 @@
+require 'spec_helper'
+
+include Serverspec::Helper::RedHat
+
+describe command('cat /etc/resolv.conf') do
+  let(:stdout) { "nameserver 127.0.0.1\r\n" }
+  it { should return_stdout("nameserver 127.0.0.1") }
+  its(:command) { should eq 'cat /etc/resolv.conf' }
+end
+
+describe 'complete matching of stdout' do
+  context command('cat /etc/resolv.conf') do
+    let(:stdout) { "foocontent-should-be-includedbar\r\n" }
+    it { should_not return_stdout('content-should-be-included') }
+  end
+end
+
+describe 'regexp matching of stdout' do
+  context command('cat /etc/resolv.conf') do
+    let(:stdout) { "nameserver 127.0.0.1\r\n" }
+    it { should return_stdout(/127\.0\.0\.1/) }
+  end
+end
+
+describe command('cat /etc/resolv.conf') do
+  let(:stdout) { "No such file or directory\r\n" }
+  it { should return_stderr("No such file or directory") }
+  its(:command) { should eq 'cat /etc/resolv.conf' }
+end
+
+describe 'complete matching of stderr' do
+  context command('cat /etc/resolv.conf') do
+    let(:stdout) { "No such file or directory\r\n" }
+    it { should_not return_stdout('file') }
+  end
+end
+
+describe 'regexp matching of stderr' do
+  context command('cat /etc/resolv.conf') do
+    let(:stdout) { "No such file or directory\r\n" }
+    it { should return_stderr(/file/) }
+  end
+end
+
+describe command('cat /etc/resolv.conf') do
+  it { should return_exit_status 0 }
+  its(:command) { should eq 'cat /etc/resolv.conf' }
+end

data/spec/aix/commands_spec.rb

@@ -0,0 +1,13 @@
+require 'spec_helper'
+
+include Serverspec::Helper::RedHat
+
+describe 'check_yumrepo' do
+  subject { commands.check_yumrepo('epel') }
+  it { should eq 'yum repolist all -C | grep ^epel' }
+end
+
+describe 'check_yumrepo_enabled' do
+  subject { commands.check_yumrepo_enabled('epel') }
+  it { should eq 'yum repolist all -C | grep ^epel | grep enabled' }
+end

data/spec/aix/cron_spec.rb

@@ -0,0 +1,21 @@
+require 'spec_helper'
+
+include Serverspec::Helper::RedHat
+
+describe cron do
+  it { should have_entry '* * * * * /usr/local/bin/batch.sh' }
+  its(:command) { should eq 'crontab -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
+end
+
+describe cron do
+  it { should_not have_entry 'invalid entry' }
+end
+
+describe cron do
+  it { should have_entry('* * * * * /usr/local/bin/batch.sh').with_user('root') }
+  its(:command) { should eq 'crontab -u root -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
+end
+
+describe cron do
+  it { should_not have_entry('* * * * * /usr/local/bin/batch.sh').with_user('invalid-user') }
+end

data/spec/aix/default_gateway_spec.rb

@@ -0,0 +1,16 @@
+require 'spec_helper'
+
+include Serverspec::Helper::RedHat
+
+describe default_gateway do
+  let(:stdout) { "default via 192.168.1.1 dev eth1 \r\n" }
+
+  its(:ipaddress) { should eq '192.168.1.1' }
+  its(:command) { should eq "ip route | grep -E '^default |^default '" }
+
+  its(:interface) { should eq 'eth1' }
+  its(:command) { should eq "ip route | grep -E '^default |^default '" }
+
+  its(:ipaddress) { should_not eq '192.168.1.2' }
+  its(:interface) { should_not eq 'eth0'        }
+end

data/spec/aix/file_spec.rb

@@ -0,0 +1,395 @@
+require 'spec_helper'
+
+include Serverspec::Helper::RedHat
+
+describe file('/etc/ssh/sshd_config') do
+  it { should be_file }
+  its(:command) { should eq "test -f /etc/ssh/sshd_config" }
+end
+
+describe file('/etc/invalid_file') do
+  it { should_not be_file }
+end
+
+describe file('/etc/ssh') do
+  it { should be_directory }
+  its(:command) { should eq "test -d /etc/ssh" }
+end
+
+describe file('/etc/invalid_directory') do
+  it { should_not be_directory }
+end
+
+describe file('/var/run/unicorn.sock') do
+  it { should be_socket }
+  its(:command) { should eq "test -S /var/run/unicorn.sock" }
+end
+
+describe file('/etc/invalid_socket') do
+  it { should_not be_socket }
+end
+
+describe file('/etc/ssh/sshd_config') do
+  it { should contain 'This is the sshd server system-wide configuration file' }
+  its(:command) { should eq "grep -q -- This\\ is\\ the\\ sshd\\ server\\ system-wide\\ configuration\\ file /etc/ssh/sshd_config || grep -qF -- This\\ is\\ the\\ sshd\\ server\\ system-wide\\ configuration\\ file /etc/ssh/sshd_config" }
+end
+
+describe file('/etc/ssh/sshd_config') do
+  it { should contain /^This is the sshd server system-wide configuration file/ }
+  its(:command) { should eq "grep -q -- \\^This\\ is\\ the\\ sshd\\ server\\ system-wide\\ configuration\\ file /etc/ssh/sshd_config || grep -qF -- \\^This\\ is\\ the\\ sshd\\ server\\ system-wide\\ configuration\\ file /etc/ssh/sshd_config" }
+end
+
+describe file('/etc/ssh/sshd_config') do
+  it { should_not contain 'This is invalid text!!' }
+end
+
+describe file('Gemfile') do
+  it { should contain('rspec').from(/^group :test do/).to(/^end/) }
+  its(:command) { should eq "sed -n /\\^group\\ :test\\ do/,/\\^end/p Gemfile | grep -q -- rspec - || sed -n /\\^group\\ :test\\ do/,/\\^end/p Gemfile | grep -qF -- rspec -" }
+end
+
+describe file('/etc/ssh/sshd_config') do
+  it { should_not contain('This is invalid text!!').from(/^group :test do/).to(/^end/) }
+end
+
+describe file('Gemfile') do
+  it { should contain('rspec').after(/^group :test do/) }
+  its(:command) { should eq "sed -n /\\^group\\ :test\\ do/,\\$p Gemfile | grep -q -- rspec - || sed -n /\\^group\\ :test\\ do/,\\$p Gemfile | grep -qF -- rspec -" }
+end
+
+describe file('/etc/ssh/sshd_config') do
+  it { should_not contain('This is invalid text!!').after(/^group :test do/) }
+end
+
+describe file('Gemfile') do
+  it { should contain('rspec').before(/^end/) }
+  its(:command) { should eq "sed -n 1,/\\^end/p Gemfile | grep -q -- rspec - || sed -n 1,/\\^end/p Gemfile | grep -qF -- rspec -" }
+end
+
+describe file('/etc/ssh/sshd_config') do
+  it { should_not contain('This is invalid text!!').before(/^end/) }
+end
+
+describe file('/etc/passwd') do
+  it { should be_mode 644 }
+  its(:command) { should eq "stat -c %a /etc/passwd | grep -- \\^644\\$" }
+end
+
+describe file('/etc/passwd') do
+  it { should_not be_mode 'invalid' }
+end
+
+describe file('/etc/passwd') do
+  it { should be_owned_by 'root' }
+  its(:command) { should eq "stat -c %U /etc/passwd | grep -- \\^root\\$" }
+end
+
+describe file('/etc/passwd') do
+  it { should_not be_owned_by 'invalid-owner' }
+end
+
+describe file('/etc/passwd') do
+  it { should be_grouped_into 'root' }
+  its(:command) { should eq "stat -c %G /etc/passwd | grep -- \\^root\\$" }
+end
+
+describe file('/etc/passwd') do
+  it { should_not be_grouped_into 'invalid-group' }
+end
+
+describe file('/etc/pam.d/system-auth') do
+  it { should be_linked_to '/etc/pam.d/system-auth-ac' }
+  its(:command) { should eq "stat -c %N /etc/pam.d/system-auth | grep -- /etc/pam.d/system-auth-ac" }
+end
+
+describe file('dummy-link') do
+  it { should_not be_linked_to '/invalid/target' }
+end
+
+describe file('/dev') do
+  let(:stdout) { "755\r\n" }
+  it { should be_readable }
+  its(:command) { should eq "stat -c %a /dev" }
+end
+
+describe file('/dev') do
+  let(:stdout) { "333\r\n" }
+  it { should_not be_readable }
+end
+
+describe file('/dev') do
+  let(:stdout) { "400\r\n" }
+  it { should be_readable.by('owner') }
+end
+
+describe file('/dev') do
+  let(:stdout) { "044\r\n" }
+  it { should_not be_readable.by('owner') }
+end
+
+describe file('/dev') do
+  let(:stdout) { "040\r\n" }
+  it { should be_readable.by('group') }
+end
+
+describe file('/dev') do
+  let(:stdout) { "404\r\n" }
+  it { should_not be_readable.by('group') }
+end
+
+describe file('/dev') do
+  let(:stdout) { "044\r\n" }
+  it { should be_readable.by('others') }
+end
+
+describe file('/dev') do
+  let(:stdout) { "443\r\n" }
+  it { should_not be_readable.by('others') }
+end
+
+describe file('/tmp') do
+  it { should be_readable.by_user('mail') }
+  its(:command) { should eq "runuser -s /bin/sh -c \"test -r /tmp\" mail" }
+end
+
+describe file('/tmp') do
+  it { should_not be_readable.by_user('invalid-user') }
+end
+
+describe file('/dev') do
+  let(:stdout) { "755\r\n" }
+  it { should be_writable }
+  its(:command) { should eq "stat -c %a /dev" }
+end
+
+describe file('/dev') do
+  let(:stdout) { "555\r\n" }
+  it { should_not be_writable }
+end
+
+describe file('/dev') do
+  let(:stdout) { "200\r\n" }
+  it { should be_writable.by('owner') }
+end
+
+describe file('/dev') do
+  let(:stdout) { "555\r\n" }
+  it { should_not be_writable.by('owner') }
+end
+
+describe file('/dev') do
+  let(:stdout) { "030\r\n" }
+  it { should be_writable.by('group') }
+end
+
+describe file('/dev') do
+  let(:stdout) { "555\r\n" }
+  it { should_not be_writable.by('group') }
+end
+
+describe file('/dev') do
+  let(:stdout) { "666\r\n" }
+  it { should be_writable.by('others') }
+end
+
+describe file('/dev') do
+  let(:stdout) { "555\r\n" }
+  it { should_not be_writable.by('others') }
+end
+
+describe file('/tmp') do
+  it { should be_writable.by_user('mail') }
+  its(:command) { should eq "runuser -s /bin/sh -c \"test -w /tmp\" mail" }
+end
+
+describe file('/tmp') do
+  it { should_not be_writable.by_user('invalid-user') }
+end
+
+describe file('/dev') do
+  let(:stdout) { "755\r\n" }
+  it { should be_executable }
+  its(:command) { should eq "stat -c %a /dev" }
+end
+
+describe file('/dev') do
+  let(:stdout) { "666\r\n" }
+  it { should_not be_executable }
+end
+
+describe file('/dev') do
+  let(:stdout) { "100\r\n" }
+  it { should be_executable.by('owner') }
+end
+
+describe file('/dev') do
+  let(:stdout) { "666\r\n" }
+  it { should_not be_executable.by('owner') }
+end
+
+describe file('/dev') do
+  let(:stdout) { "070\r\n" }
+  it { should be_executable.by('group') }
+end
+
+describe file('/dev') do
+  let(:stdout) { "666\r\n" }
+  it { should_not be_executable.by('group') }
+end
+
+describe file('/dev') do
+  let(:stdout) { "001\r\n" }
+  it { should be_executable.by('others') }
+end
+
+describe file('/dev') do
+  let(:stdout) { "666\r\n" }
+  it { should_not be_executable.by('others') }
+end
+
+describe file('/tmp') do
+  it { should be_executable.by_user('mail') }
+  its(:command) { should eq "runuser -s /bin/sh -c \"test -x /tmp\" mail" }
+end
+
+describe file('/tmp') do
+  it { should_not be_executable.by_user('invalid-user') }
+end
+
+describe file('/') do
+  it { should be_mounted }
+  its(:command) { should eq "mount | grep -w -- on\\ /" }
+end
+
+describe file('/etc/invalid-mount') do
+  it { should_not be_mounted }
+end
+
+describe file('/') do
+  let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
+  it { should be_mounted.with( :type => 'ext4' ) }
+end
+
+describe file('/') do
+  let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
+  it { should be_mounted.with( :type => 'ext4', :options => { :rw => true } ) }
+end
+
+describe file('/') do
+  let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
+  it { should be_mounted.with( :type => 'ext4', :options => { :mode => 620 } ) }
+end
+
+describe file('/') do
+  let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
+  it { should be_mounted.with( :type => 'ext4', :device => '/dev/mapper/VolGroup-lv_root' ) }
+end
+
+describe file('/') do
+  let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
+  it { should_not be_mounted.with( :type => 'xfs' ) }
+end
+
+describe file('/') do
+  let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
+  it { should_not be_mounted.with( :type => 'ext4', :options => { :rw => false } ) }
+end
+
+describe file('/') do
+  let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
+  it { should_not be_mounted.with( :type => 'ext4', :options => { :mode => 600 } ) }
+end
+
+describe file('/') do
+  let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
+  it { should_not be_mounted.with( :type => 'xfs', :device => '/dev/mapper/VolGroup-lv_root' ) }
+end
+
+describe file('/') do
+  let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
+  it { should_not be_mounted.with( :type => 'ext4', :device => '/dev/mapper/VolGroup-lv_r00t' ) }
+end
+
+describe file('/etc/invalid-mount') do
+  let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
+  it { should_not be_mounted.with( :type => 'ext4' ) }
+end
+
+describe file('/') do
+  let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
+  it do
+    should be_mounted.only_with(
+      :device  => '/dev/mapper/VolGroup-lv_root',
+      :type    => 'ext4',
+      :options => {
+        :rw   => true,
+        :mode => 620,
+      }
+    )
+  end
+end
+
+describe file('/') do
+  let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
+  it do
+    should_not be_mounted.only_with(
+      :device  => '/dev/mapper/VolGroup-lv_root',
+      :type    => 'ext4',
+      :options => {
+        :rw   => true,
+        :mode => 620,
+        :bind => true,
+      }
+    )
+  end
+end
+
+describe file('/') do
+  let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
+  it do
+    should_not be_mounted.only_with(
+      :device  => '/dev/mapper/VolGroup-lv_root',
+      :type    => 'ext4',
+      :options => {
+        :rw   => true,
+      }
+    )
+  end
+end
+
+describe file('/') do
+  let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
+  it do
+    should_not be_mounted.only_with(
+      :device  => '/dev/mapper/VolGroup-lv_roooooooooot',
+      :type    => 'ext4',
+      :options => {
+        :rw   => true,
+        :mode => 620,
+      }
+    )
+  end
+end
+
+describe file('/etc/invalid-mount') do
+  let(:stdout) { "/dev/mapper/VolGroup-lv_root on / type ext4 (rw,mode=620)\r\n" }
+  it { should_not be_mounted.only_with( :type => 'ext4' ) }
+end
+
+describe file('/etc/services') do
+  it { should match_md5checksum '35435ea447c19f0ea5ef971837ab9ced' }
+  its(:command) { should eq "md5sum /etc/services | grep -iw -- \\^35435ea447c19f0ea5ef971837ab9ced" }
+end
+
+describe file('invalid-file') do
+  it { should_not match_md5checksum 'INVALIDMD5CHECKSUM' }
+end
+
+describe file('/etc/services') do
+  it { should match_sha256checksum '0c3feee1353a8459f8c7d84885e6bc602ef853751ffdbce3e3b6dfa1d345fc7a' }
+  its(:command) { should eq "sha256sum /etc/services | grep -iw -- \\^0c3feee1353a8459f8c7d84885e6bc602ef853751ffdbce3e3b6dfa1d345fc7a" }
+end
+
+describe file('invalid-file') do
+  it { should_not match_sha256checksum 'INVALIDSHA256CHECKSUM' }
+end