serverspec 2.9.1 → 2.10.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/serverspec/helper/type.rb +1 -1
- data/lib/serverspec/type/x509_certificate.rb +71 -0
- data/lib/serverspec/type/x509_private_key.rb +21 -0
- data/lib/serverspec/version.rb +1 -1
- data/spec/type/linux/x509_certificate_spec.rb +62 -0
- data/spec/type/linux/x509_private_key_spec.rb +31 -0
- data/wercker.yml +2 -64
- metadata +8 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3de95fd810278624c77a09c3c37d29d3aed56e83
|
4
|
+
data.tar.gz: 45b0c8507debb6fdded5775328ad597c96805ce2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6052fbf35896911f54b900a7fcd0a82afd2d6d7517d3fa494da0a796ea1c19424efdb92170605a0b0ca5bbad00c5b02649fbb8de8098d1d1484ee4fef450da7f
|
7
|
+
data.tar.gz: 687347347cb1316e4a4901dfee5ab172d38a852218d4e9f1e0188b4bf112ef80ba6ded467394e6f9bd1211ddc4fc2f630db373b668debae2a051e800d2c4ee11
|
@@ -8,7 +8,7 @@ module Serverspec
|
|
8
8
|
package php_config port ppa process routing_table selinux
|
9
9
|
selinux_module service user yumrepo windows_feature
|
10
10
|
windows_hot_fix windows_registry_key windows_scheduled_task zfs
|
11
|
-
docker_base docker_image docker_container
|
11
|
+
docker_base docker_image docker_container x509_certificate x509_private_key
|
12
12
|
)
|
13
13
|
|
14
14
|
types.each {|type| require "serverspec/type/#{type}" }
|
@@ -0,0 +1,71 @@
|
|
1
|
+
require 'time'
|
2
|
+
|
3
|
+
module Serverspec::Type
|
4
|
+
class X509Certificate < Base
|
5
|
+
def certificate?
|
6
|
+
(run_openssl_command_with("-noout").exit_status == 0)
|
7
|
+
end
|
8
|
+
|
9
|
+
def subject
|
10
|
+
run_openssl_command_with("-subject -noout").stdout.chomp.gsub(/^subject= /,'')
|
11
|
+
end
|
12
|
+
|
13
|
+
def issuer
|
14
|
+
run_openssl_command_with("-issuer -noout").stdout.chomp.gsub(/^issuer= /,'')
|
15
|
+
end
|
16
|
+
|
17
|
+
def email
|
18
|
+
run_openssl_command_with("-email -noout").stdout.chomp
|
19
|
+
end
|
20
|
+
|
21
|
+
def fingerprint
|
22
|
+
run_openssl_command_with("-fingerprint -noout").stdout.chomp
|
23
|
+
end
|
24
|
+
|
25
|
+
def alias
|
26
|
+
run_openssl_command_with("-alias -noout").stdout.chomp
|
27
|
+
end
|
28
|
+
|
29
|
+
def keylength
|
30
|
+
len_str = run_openssl_command_with("-text -noout | grep \"Public-Key\"").stdout.chomp
|
31
|
+
len_str.gsub(/^.*\(/,'').gsub(/ bit\)$/,'').to_i
|
32
|
+
end
|
33
|
+
|
34
|
+
def has_purpose?(p)
|
35
|
+
grep_str = "#{p} : Yes"
|
36
|
+
( run_openssl_command_with("-purpose -noout | grep -wq \"#{grep_str}\"").
|
37
|
+
exit_status == 0 )
|
38
|
+
end
|
39
|
+
|
40
|
+
def valid?
|
41
|
+
runner_res = run_openssl_command_with("-startdate -enddate -noout")
|
42
|
+
return false if runner_res.exit_status != 0
|
43
|
+
|
44
|
+
date_map = parse_dates_str_to_map(runner_res.stdout)
|
45
|
+
|
46
|
+
now = Time.now
|
47
|
+
( now >= date_map[:notBefore] && now <= date_map[:notAfter])
|
48
|
+
end
|
49
|
+
|
50
|
+
def validity_in_days
|
51
|
+
runner_res = run_openssl_command_with("-enddate -noout")
|
52
|
+
return 0 if runner_res.exit_status != 0
|
53
|
+
|
54
|
+
date_map = parse_dates_str_to_map(runner_res.stdout)
|
55
|
+
diff = date_map[:notAfter] - Time.now
|
56
|
+
( diff/(60*60*24) )
|
57
|
+
end
|
58
|
+
|
59
|
+
private
|
60
|
+
def run_openssl_command_with(param_str)
|
61
|
+
@runner.run_command("openssl x509 -in #{name} #{param_str}")
|
62
|
+
end
|
63
|
+
|
64
|
+
def parse_dates_str_to_map(dates_str)
|
65
|
+
dates_str.split("\n").inject({}) do |res,line|
|
66
|
+
kv_arr = line.split '='
|
67
|
+
res.merge({ kv_arr[0].to_sym => Time.parse(kv_arr[1] || '') })
|
68
|
+
end
|
69
|
+
end
|
70
|
+
end
|
71
|
+
end
|
@@ -0,0 +1,21 @@
|
|
1
|
+
require 'time'
|
2
|
+
|
3
|
+
module Serverspec::Type
|
4
|
+
class X509PrivateKey < Base
|
5
|
+
def valid?
|
6
|
+
runner_res = @runner.run_command("openssl rsa -in #{name} -check -noout")
|
7
|
+
( runner_res.exit_status == 0 && runner_res.stdout.chomp == 'RSA key ok' )
|
8
|
+
end
|
9
|
+
|
10
|
+
def encrypted?
|
11
|
+
@runner.run_command("grep -wq \"^Proc-Type.*ENCRYPTED$\" #{name}").exit_status == 0
|
12
|
+
end
|
13
|
+
|
14
|
+
def has_matching_certificate?(cert_file)
|
15
|
+
mac_op = "openssl sha -sha512"
|
16
|
+
h1 = @runner.run_command("openssl x509 -noout -modulus -in #{cert_file} | #{mac_op}")
|
17
|
+
h2 = @runner.run_command("openssl rsa -noout -modulus -in #{name} | #{mac_op}")
|
18
|
+
(h1.stdout == h2.stdout) && (h1.exit_status == 0) && (h2.exit_status == 0)
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
data/lib/serverspec/version.rb
CHANGED
@@ -0,0 +1,62 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
set :os, :family => 'linux'
|
4
|
+
|
5
|
+
describe x509_certificate('test.pem') do
|
6
|
+
let(:exit_status) { 0 }
|
7
|
+
it { should be_certificate }
|
8
|
+
end
|
9
|
+
|
10
|
+
describe x509_certificate('test.pem') do
|
11
|
+
let(:exit_status) { 1 }
|
12
|
+
it { should_not be_certificate }
|
13
|
+
end
|
14
|
+
|
15
|
+
describe x509_certificate('test.pem') do
|
16
|
+
let(:stdout) { sample_subj }
|
17
|
+
its(:subject) { should eq '/O=some/OU=thing' }
|
18
|
+
end
|
19
|
+
|
20
|
+
describe x509_certificate('test.pem') do
|
21
|
+
let(:stdout) { sample_issuer }
|
22
|
+
its(:issuer) { should eq '/O=some/OU=issuer' }
|
23
|
+
end
|
24
|
+
|
25
|
+
describe x509_certificate('test.pem') do
|
26
|
+
let(:stdout) { sample_validity }
|
27
|
+
it { should be_valid }
|
28
|
+
its(:validity_in_days) { should be >= 1000 }
|
29
|
+
end
|
30
|
+
|
31
|
+
describe x509_certificate('test.pem') do
|
32
|
+
let(:stdout) { sample_validity2 }
|
33
|
+
it { should_not be_valid }
|
34
|
+
end
|
35
|
+
|
36
|
+
|
37
|
+
def sample_subj
|
38
|
+
<<'EOS'
|
39
|
+
subject= /O=some/OU=thing
|
40
|
+
EOS
|
41
|
+
end
|
42
|
+
|
43
|
+
def sample_issuer
|
44
|
+
<<'EOS'
|
45
|
+
issuer= /O=some/OU=issuer
|
46
|
+
EOS
|
47
|
+
end
|
48
|
+
|
49
|
+
def sample_validity
|
50
|
+
<<'EOS'
|
51
|
+
notBefore=Jul 1 11:11:00 2000 GMT
|
52
|
+
notAfter=Jul 1 11:11:00 2050 GMT
|
53
|
+
EOS
|
54
|
+
end
|
55
|
+
|
56
|
+
def sample_validity2
|
57
|
+
<<'EOS'
|
58
|
+
notBefore=Jul 1 11:11:00 2000 GMT
|
59
|
+
notAfter=Jul 1 11:11:00 2010 GMT
|
60
|
+
EOS
|
61
|
+
end
|
62
|
+
|
@@ -0,0 +1,31 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
set :os, :family => 'linux'
|
4
|
+
|
5
|
+
describe x509_private_key('key.pem') do
|
6
|
+
let(:exit_status) { 0 }
|
7
|
+
let(:stdout) { 'RSA key ok' }
|
8
|
+
it { should be_valid }
|
9
|
+
end
|
10
|
+
|
11
|
+
describe x509_private_key('key.pem') do
|
12
|
+
let(:exit_status) { 1 }
|
13
|
+
let(:stdout) { 'RSA key ok' }
|
14
|
+
it { should_not be_valid }
|
15
|
+
end
|
16
|
+
|
17
|
+
describe x509_private_key('key.pem') do
|
18
|
+
let(:exit_status) { 0 }
|
19
|
+
it { should be_encrypted }
|
20
|
+
end
|
21
|
+
|
22
|
+
describe x509_private_key('key.pem') do
|
23
|
+
let(:exit_status) { 1 }
|
24
|
+
it { should_not be_encrypted }
|
25
|
+
end
|
26
|
+
|
27
|
+
describe x509_private_key('key.pem') do
|
28
|
+
let(:exit_status) { 0 }
|
29
|
+
let(:stdout) { 'SHA1SUM' }
|
30
|
+
it { should have_matching_certificate('cert.pem') }
|
31
|
+
end
|
data/wercker.yml
CHANGED
@@ -1,74 +1,12 @@
|
|
1
1
|
box: mizzy/serverspec-base@0.0.6
|
2
2
|
build:
|
3
3
|
steps:
|
4
|
-
- script:
|
5
|
-
name: Make $HOME/.ssh directory
|
6
|
-
code: mkdir -p $HOME/.ssh
|
7
|
-
- create-file:
|
8
|
-
name: Put SSH public key
|
9
|
-
filename: $HOME/.ssh/id_rsa.pub
|
10
|
-
overwrite: true
|
11
|
-
hide-from-log: true
|
12
|
-
content: $DIGITALOCEAN_SSH_KEY_PUBLIC
|
13
|
-
- create-file:
|
14
|
-
name: Put SSH private key
|
15
|
-
filename: $HOME/.ssh/id_rsa
|
16
|
-
overwrite: true
|
17
|
-
hide-from-log: true
|
18
|
-
content: $DIGITALOCEAN_SSH_KEY_PRIVATE
|
19
|
-
- script:
|
20
|
-
name: Run chmod 0400 $HOME/.ssh/id_rsa
|
21
|
-
code: chmod 0400 $HOME/.ssh/id_rsa
|
22
4
|
- script:
|
23
5
|
name: Run setup.sh
|
24
6
|
code: $WORKING_DIR/setup.sh
|
25
7
|
- script:
|
26
|
-
name: Run
|
27
|
-
code:
|
28
|
-
cwd: $WORKING_DIR
|
29
|
-
- script:
|
30
|
-
name: Run itamae
|
31
|
-
code: bundle exec itamae ssh --host centos65 --vagrant recipe.rb
|
32
|
-
cwd: $WORKING_DIR
|
33
|
-
- script:
|
34
|
-
name: Run vagrant reload centos65
|
35
|
-
code: vagrant reload centos65
|
36
|
-
cwd: $WORKING_DIR
|
37
|
-
- script:
|
38
|
-
name: Run rake spec:centos65
|
39
|
-
code: DIGITALOCEAN=true rake spec:centos65
|
40
|
-
cwd: $WORKING_DIR
|
41
|
-
- script:
|
42
|
-
name: Run vagrant up centos70
|
43
|
-
code: vagrant up centos70 --provider=digital_ocean
|
44
|
-
cwd: $WORKING_DIR
|
45
|
-
- script:
|
46
|
-
name: Run itamae
|
47
|
-
code: bundle exec itamae ssh --host centos70 --vagrant recipe.rb
|
48
|
-
cwd: $WORKING_DIR
|
49
|
-
- script:
|
50
|
-
name: Run vagrant reload centos70
|
51
|
-
code: vagrant reload centos70
|
52
|
-
cwd: $WORKING_DIR
|
53
|
-
- script:
|
54
|
-
name: Run rake spec:centos70
|
55
|
-
code: DIGITALOCEAN=true rake spec:centos70
|
56
|
-
cwd: $WORKING_DIR
|
57
|
-
- script:
|
58
|
-
name: Run vagrant up ubuntu1404
|
59
|
-
code: vagrant up ubuntu1404 --provider=digital_ocean
|
60
|
-
cwd: $WORKING_DIR
|
61
|
-
- script:
|
62
|
-
name: Run itamae
|
63
|
-
code: bundle exec itamae ssh --host ubuntu1404 --vagrant recipe.rb
|
64
|
-
cwd: $WORKING_DIR
|
65
|
-
- script:
|
66
|
-
name: Run vagrant reload ubuntu1404
|
67
|
-
code: vagrant reload ubuntu1404
|
68
|
-
cwd: $WORKING_DIR
|
69
|
-
- script:
|
70
|
-
name: Run rake spec:ubuntu1404
|
71
|
-
code: DIGITALOCEAN=true rake spec:ubuntu1404
|
8
|
+
name: Run walter
|
9
|
+
code: ./walter
|
72
10
|
cwd: $WORKING_DIR
|
73
11
|
|
74
12
|
after-steps:
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: serverspec
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.10.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Gosuke Miyashita
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-03-06 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rspec
|
@@ -178,6 +178,8 @@ files:
|
|
178
178
|
- lib/serverspec/type/windows_hot_fix.rb
|
179
179
|
- lib/serverspec/type/windows_registry_key.rb
|
180
180
|
- lib/serverspec/type/windows_scheduled_task.rb
|
181
|
+
- lib/serverspec/type/x509_certificate.rb
|
182
|
+
- lib/serverspec/type/x509_private_key.rb
|
181
183
|
- lib/serverspec/type/yumrepo.rb
|
182
184
|
- lib/serverspec/type/zfs.rb
|
183
185
|
- lib/serverspec/version.rb
|
@@ -238,6 +240,8 @@ files:
|
|
238
240
|
- spec/type/linux/lxc_container_spec.rb
|
239
241
|
- spec/type/linux/selinux_module_spec.rb
|
240
242
|
- spec/type/linux/selinux_spec.rb
|
243
|
+
- spec/type/linux/x509_certificate_spec.rb
|
244
|
+
- spec/type/linux/x509_private_key_spec.rb
|
241
245
|
- spec/type/linux/zfs_spec.rb
|
242
246
|
- spec/type/nixos/package_spec.rb
|
243
247
|
- spec/type/nixos/service_spec.rb
|
@@ -376,6 +380,8 @@ test_files:
|
|
376
380
|
- spec/type/linux/lxc_container_spec.rb
|
377
381
|
- spec/type/linux/selinux_module_spec.rb
|
378
382
|
- spec/type/linux/selinux_spec.rb
|
383
|
+
- spec/type/linux/x509_certificate_spec.rb
|
384
|
+
- spec/type/linux/x509_private_key_spec.rb
|
379
385
|
- spec/type/linux/zfs_spec.rb
|
380
386
|
- spec/type/nixos/package_spec.rb
|
381
387
|
- spec/type/nixos/service_spec.rb
|