specinfra 0.0.5 → 0.0.6

data/lib/specinfra/command/debian.rb

@@ -0,0 +1,24 @@
+module SpecInfra
+  module Command
+    class Debian < Linux
+      def check_enabled(service, level=3)
+        # Until everything uses Upstart, this needs an OR.
+        "ls /etc/rc#{level}.d/ | grep -- #{escape(service)} || grep 'start on' /etc/init/#{escape(service)}.conf"
+      end
+
+      def check_installed(package, version=nil)
+        escaped_package = escape(package)
+        cmd = "dpkg -s #{escaped_package} && ! dpkg -s #{escaped_package} | grep -E '^Status: .+ not-installed$'"
+        if version
+          cmd = "#{cmd} && dpkg -s #{escaped_package} | grep -E '^Version: #{escape(version)}$'"
+        end
+        cmd
+      end
+
+      def check_running(service)
+        # This is compatible with Debian >Jaunty and Ubuntu derivatives
+        "service #{escape(service)} status | grep 'running'"
+      end
+    end
+  end
+end

data/lib/specinfra/command/freebsd.rb

@@ -0,0 +1,23 @@
+module SpecInfra
+  module Command
+    class FreeBSD < Base
+      def check_enabled(service, level=3)
+        "service -e | grep -- #{escape(service)}"
+      end
+
+      def check_installed(package, version=nil)
+        "pkg_info -Ix #{escape(package)}"
+      end
+
+      def check_listening(port)
+        regexp = ":#{port} "
+        "sockstat -46l -p #{port} | grep -- #{escape(regexp)}"
+      end
+
+      def check_mode(file, mode)
+        regexp = "^#{mode}$"
+        "stat -f%Lp #{escape(file)} | grep -- #{escape(regexp)}"
+      end
+    end
+  end
+end

data/lib/specinfra/command/gentoo.rb

@@ -0,0 +1,18 @@
+module SpecInfra
+  module Command
+    class Gentoo < Linux
+      def check_enabled(service, level=3)
+        regexp = "^\\s*#{service}\\s*|\\s*\\(boot\\|default\\)"
+        "rc-update show | grep -- #{escape(regexp)}"
+      end
+
+      def check_installed(package, version=nil)
+        "eix #{escape(package)} --installed"
+      end
+
+      def check_running(service)
+        "/etc/init.d/#{escape(service)} status"
+      end
+    end
+  end
+end

data/lib/specinfra/command/linux.rb

@@ -0,0 +1,68 @@
+module SpecInfra
+  module Command
+    class Linux < Base
+      def check_access_by_user(file, user, access)
+        "su -s /bin/sh -c \"test -#{access} #{file}\" #{user}"
+      end
+
+      def check_iptables_rule(rule, table=nil, chain=nil)
+        cmd = "iptables"
+        cmd += " -t #{escape(table)}" if table
+        cmd += " -S"
+        cmd += " #{escape(chain)}" if chain
+        cmd += " | grep -- #{escape(rule)}"
+        cmd
+      end
+
+      def check_selinux(mode)
+        cmd =  ""
+        cmd += "test ! -f /etc/selinux/config || (" if mode == "disabled"
+        cmd += "getenforce | grep -i -- #{escape(mode)} "
+        cmd += "&& grep -i -- ^SELINUX=#{escape(mode)}$ /etc/selinux/config"
+        cmd += ")" if mode == "disabled"
+        cmd
+      end
+
+      def check_kernel_module_loaded(name)
+        "lsmod | grep ^#{name}"
+      end
+
+      def get_interface_speed_of(name)
+        "ethtool #{name} | grep Speed | gawk '{print gensub(/Speed: ([0-9]+)Mb\\\/s/,\"\\\\1\",\"\")}'"
+      end
+
+      def check_ipv4_address(interface, ip_address)
+        ip_address = ip_address.dup
+        if ip_address =~ /\/\d+$/
+          ip_address << " "
+        else
+          ip_address << "/"
+        end
+        ip_address.gsub!(".", "\\.")
+        "ip addr show #{interface} | grep 'inet #{ip_address}'"
+      end
+      
+      def check_zfs(zfs, property=nil)
+        if property.nil?
+          "zfs list -H #{escape(zfs)}"
+        else
+          commands = []
+          property.sort.each do |key, value|
+            regexp = "^#{value}$"
+            commands << "zfs list -H -o #{escape(key)} #{escape(zfs)} | grep -- #{escape(regexp)}"
+          end
+          commands.join(' && ')
+        end
+      end
+
+      def check_container(container)
+        "lxc-ls -1 | grep -w #{escape(container)}"
+      end
+
+      def check_container_running(container)
+        "lxc-info -n #{escape(container)} -t RUNNING"
+      end
+
+    end
+  end
+end

data/lib/specinfra/command/plamo.rb

@@ -0,0 +1,21 @@
+module SpecInfra
+  module Command
+    class Plamo < Linux
+
+      def check_enabled(service, level=3)
+        # This check is not necessarily detected whether service is enabled or not
+        # TODO: check rc.inet2 $SERV variable
+        "test -x /etc/rc.d/init.d/#{escape(service)}"
+      end
+
+      def check_installed(package, version=nil)
+        cmd = "ls /var/log/packages/#{escape(package)}"
+        if version
+          cmd = "#{cmd} && grep -E \"PACKAGE NAME:.+#{escape(package)}-#{escape(version)}\" /var/log/packages/#{escape(package)}"
+        end
+        cmd
+      end
+
+    end
+  end
+end

data/lib/specinfra/command/redhat.rb

@@ -0,0 +1,37 @@
+module SpecInfra
+  module Command
+    class RedHat < Linux
+      def check_access_by_user(file, user, access)
+        # Redhat-specific
+        "runuser -s /bin/sh -c \"test -#{access} #{file}\" #{user}"
+      end
+
+      def check_enabled(service, level=3)
+        "chkconfig --list #{escape(service)} | grep #{level}:on"
+      end
+
+      def check_yumrepo(repository)
+        "yum repolist all -C | grep ^#{escape(repository)}"
+      end
+
+      def check_yumrepo_enabled(repository)
+        "yum repolist all -C | grep ^#{escape(repository)} | grep enabled"
+      end
+
+      def check_installed(package,version=nil)
+        cmd = "rpm -q #{escape(package)}"
+        if version
+          cmd = "#{cmd} | grep -w -- #{escape(version)}"
+        end
+        cmd
+      end
+
+      alias :check_installed_by_rpm :check_installed
+
+      def install(package)
+        cmd = "yum -y install #{package}"
+      end
+
+    end
+  end
+end

data/lib/specinfra/command/smartos.rb

@@ -0,0 +1,21 @@
+module SpecInfra
+  module Command
+    class SmartOS < Solaris
+      def check_installed(package, version=nil)
+        cmd = "/opt/local/bin/pkgin list 2> /dev/null | grep -qw ^#{escape(package)}"
+        if version
+          cmd = "#{cmd}-#{escape(version)}"
+        end
+        cmd
+      end
+
+      def check_enabled(service, level=3)
+        "svcs -l #{escape(service)} 2> /dev/null | grep -wx '^enabled.*true$'"
+      end
+
+      def check_running(service)
+        "svcs -l #{escape(service)} status 2> /dev/null |grep -wx '^state.*online$'"
+      end
+    end
+  end
+end

data/lib/specinfra/command/solaris.rb

@@ -0,0 +1,117 @@
+module SpecInfra
+  module Command
+    class Solaris < Base
+      def check_enabled(service, level=3)
+        "svcs -l #{escape(service)} 2> /dev/null | egrep '^enabled *true$'"
+      end
+
+      def check_installed(package, version=nil)
+        cmd = "pkg list -H #{escape(package)} 2> /dev/null"
+        if version
+          cmd = "#{cmd} | grep -qw -- #{escape(version)}"
+        end
+        cmd
+      end
+
+      def check_listening(port)
+        regexp = "\\.#{port} "
+        "netstat -an 2> /dev/null | grep -- LISTEN | grep -- #{escape(regexp)}"
+      end
+
+      def check_listening_with_protocol(port, protocol)
+        regexp = ".*\\.#{port} "
+        "netstat -an -P #{escape(protocol)} 2> /dev/null | grep -- LISTEN | grep -- #{escape(regexp)}"
+      end
+
+      def check_running(service)
+        "svcs -l #{escape(service)} status 2> /dev/null | egrep '^state *online$'"
+      end
+
+      def check_cron_entry(user, entry)
+        entry_escaped = entry.gsub(/\*/, '\\*')
+        if user.nil?
+          "crontab -l | grep -- #{escape(entry_escaped)}"
+        else
+          "crontab -l #{escape(user)} | grep -- #{escape(entry_escaped)}"
+        end
+      end
+
+      def check_zfs(zfs, property=nil)
+        if property.nil?
+          "zfs list -H #{escape(zfs)}"
+        else
+          commands = []
+          property.sort.each do |key, value|
+            regexp = "^#{value}$"
+            commands << "zfs list -H -o #{escape(key)} #{escape(zfs)} | grep -- #{escape(regexp)}"
+          end
+          commands.join(' && ')
+        end
+      end
+
+      def check_ipfilter_rule(rule)
+        "ipfstat -io 2> /dev/null | grep -- #{escape(rule)}"
+      end
+
+      def check_ipnat_rule(rule)
+        regexp = "^#{rule}$"
+        "ipnat -l 2> /dev/null | grep -- #{escape(regexp)}"
+      end
+
+      def check_svcprop(svc, property, value)
+        regexp = "^#{value}$"
+        "svcprop -p #{escape(property)} #{escape(svc)} | grep -- #{escape(regexp)}"
+      end
+
+      def check_svcprops(svc, property)
+        commands = []
+        property.sort.each do |key, value|
+          regexp = "^#{value}$"
+          commands << "svcprop -p #{escape(key)} #{escape(svc)} | grep -- #{escape(regexp)}"
+        end
+        commands.join(' && ')
+      end
+
+      def check_file_contain_within(file, expected_pattern, from=nil, to=nil)
+        from ||= '1'
+        to ||= '$'
+        sed = "sed -n #{escape(from)},#{escape(to)}p #{escape(file)}"
+        checker_with_regexp = check_file_contain_with_regexp("/dev/stdin", expected_pattern)
+        checker_with_fixed  = check_file_contain_with_fixed_strings("/dev/stdin", expected_pattern)
+        "#{sed} | #{checker_with_regexp} || #{sed} | #{checker_with_fixed}"
+      end
+
+      def check_belonging_group(user, group)
+        "id -Gn #{escape(user)} | grep -- #{escape(group)}"
+      end
+
+      def check_gid(group, gid)
+        regexp = "^#{group}:"
+        "getent group | grep -- #{escape(regexp)} | cut -f 3 -d ':' | grep -w -- #{escape(gid)}"
+      end
+
+      def check_home_directory(user, path_to_home)
+        "getent passwd #{escape(user)} | cut -f 6 -d ':' | grep -w -- #{escape(path_to_home)}"
+      end
+
+      def check_login_shell(user, path_to_shell)
+        "getent passwd #{escape(user)} | cut -f 7 -d ':' | grep -w -- #{escape(path_to_shell)}"
+      end
+
+      def check_access_by_user(file, user, access)
+        # http://docs.oracle.com/cd/E23823_01/html/816-5166/su-1m.html
+        ## No need for login shell as it seems that behavior as superuser is favorable for us, but needs
+        ## to be better tested under real solaris env
+        "su #{user} -c \"test -#{access} #{file}\""
+      end
+
+      def check_reachable(host, port, proto, timeout)
+        if port.nil?
+          "ping -n #{escape(host)} #{escape(timeout)}"
+        else
+          "nc -vvvvz#{escape(proto[0].chr)} -w #{escape(timeout)} #{escape(host)} #{escape(port)}"
+        end
+      end
+    end
+  end
+end

data/lib/specinfra/command/solaris10.rb

@@ -0,0 +1,78 @@
+module SpecInfra
+  module Command
+    class Solaris10 < Solaris
+      # Please implement Solaris 10 specific commands
+
+      # reference: http://perldoc.perl.org/functions/stat.html
+      def check_mode(file, mode)
+        regexp = "^#{mode}$"
+        "perl -e 'printf \"%o\", (stat shift)[2]&07777' #{escape(file)}  | grep -- #{escape(regexp)}"
+      end
+
+      # reference: http://perldoc.perl.org/functions/stat.html
+      #            http://www.tutorialspoint.com/perl/perl_getpwuid.htm
+      def check_owner(file, owner)
+        regexp = "^#{owner}$"
+        "perl -e 'printf \"%s\", getpwuid((stat(\"#{escape(file)}\"))[4])' | grep -- #{escape(regexp)}"
+      end
+
+      def check_group(group)
+        "getent group | grep -w -- #{escape(group)}"
+      end
+
+      # reference: http://perldoc.perl.org/functions/stat.html
+      #            http://www.tutorialspoint.com/perl/perl_getgrgid.htm
+      def check_grouped(file, group)
+        regexp = "^#{group}$"
+        "perl -e 'printf \"%s\", getgrgid((stat(\"#{escape(file)}\"))[5])'  | grep -- #{escape(regexp)}"
+      end
+
+      # reference: http://www.tutorialspoint.com/perl/perl_readlink.htm
+      def check_link(link, target)
+        regexp = "^#{target}$"
+        "perl -e 'printf \"%s\", readlink(\"#{escape(link)}\")' | grep -- #{escape(regexp)}"
+      end
+
+      # reference: http://perldoc.perl.org/functions/stat.html
+      def get_mode(file)
+        "perl -e 'printf \"%o\", (stat shift)[2]&07777' #{escape(file)}"
+      end
+
+      def check_file_contain(file, expected_pattern)
+        "grep -- #{escape(expected_pattern)} #{escape(file)}"
+      end
+
+      def check_reachable(host, port, proto, timeout)
+        if port.nil?
+          "ping -n #{escape(host)} #{escape(timeout)}"
+        elsif proto == 'tcp'
+          "echo 'quit' | mconnect -p #{escape(port)} #{escape(host)} > /dev/null 2>&1"
+        else
+          raise NotImplementedError.new
+        end
+      end
+
+      def check_installed(package, version=nil)
+        cmd = "pkginfo -q  #{escape(package)}"
+        if version
+          cmd = "#{cmd} | grep -- #{escape(version)}"
+        end
+        cmd
+      end
+
+      def check_file_md5checksum(file, expected)
+        "digest -a md5 -v #{escape(file)} | grep -iw -- #{escape(expected)}"
+      end
+
+      def check_belonging_group(user, group)
+        "id -ap #{escape(user)} | grep -- #{escape(group)}"
+      end
+
+      def check_authorized_key(user, key)
+        key.sub!(/\s+\S*$/, '') if key.match(/^\S+\s+\S+\s+\S*$/)
+        "grep -- #{escape(key)} ~#{escape(user)}/.ssh/authorized_keys"
+      end
+
+    end
+  end
+end

data/lib/specinfra/command/solaris11.rb

@@ -0,0 +1,7 @@
+module SpecInfra
+  module Command
+    class Solaris11 < Solaris
+      # Please implement Solaris 11 specific commands
+    end
+  end
+end

data/lib/specinfra/command/windows.rb

@@ -0,0 +1,213 @@
+module SpecInfra
+  module Command
+    class Windows
+      class NotSupportedError < Exception; end
+      REGISTRY_KEY_TYPES = {
+        :type_string       => 'String',
+        :type_binary       => 'Binary',
+        :type_dword        => 'DWord',
+        :type_qword        => 'QWord',
+        :type_multistring  => 'MultiString',
+        :type_expandstring => 'ExpandString'
+      }
+
+      def method_missing method, *args
+        raise NotSupportedError.new "#{method} currently not supported in Windows os" if method.to_s =~ /^check_.+/
+        super(method, *args)
+      end
+
+      def check_file(file)
+        cmd = item_has_attribute file, 'Archive'
+        Backend::PowerShell::Command.new do
+          exec cmd
+        end
+      end
+
+      def check_file_hidden(file)
+        cmd = item_has_attribute file, 'Hidden'
+        Backend::PowerShell::Command.new do
+          exec cmd
+        end
+      end
+
+      def check_file_readonly(file)
+        cmd = item_has_attribute file, 'ReadOnly'
+        Backend::PowerShell::Command.new do
+          exec cmd
+        end
+      end
+
+      def check_file_system(file)
+        cmd = item_has_attribute file, 'System'
+        Backend::PowerShell::Command.new do
+          exec cmd
+        end
+      end
+      
+      def check_directory(dir)
+        cmd = item_has_attribute dir, 'Directory'
+        Backend::PowerShell::Command.new do
+          exec cmd
+        end
+      end
+
+      def check_file_contain(file, pattern)
+        Backend::PowerShell::Command.new do
+          exec "[Io.File]::ReadAllText('#{file}') -match '#{convert_regexp(pattern)}'"
+        end
+      end
+
+      def check_file_contain_within file, pattern, from=nil, to=nil
+        from ||= '^'
+        to ||= '$'
+        Backend::PowerShell::Command.new do
+          using 'crop_text.ps1'
+          exec %Q[(CropText -text ([Io.File]::ReadAllText('#{file}')) -fromPattern '#{convert_regexp(from)}' -toPattern '#{convert_regexp(to)}') -match '#{pattern}']
+        end
+      end
+
+      def check_access_by_user(file, user, access)
+        case access
+        when 'r'
+          check_readable(file, user)
+        when 'w'
+          check_writable(file, user)
+        when 'x'
+          check_executable(file, user)
+        end
+      end
+
+      def check_readable(file, by_whom)
+        Backend::PowerShell::Command.new do
+          using 'check_file_access_rules.ps1'
+          exec "CheckFileAccessRules -path '#{file}' -identity '#{get_identity by_whom}' -rules @('FullControl', 'Modify', 'ReadAndExecute', 'Read', 'ListDirectory')"
+        end
+      end
+
+      def check_writable(file, by_whom)
+        Backend::PowerShell::Command.new do
+          using 'check_file_access_rules.ps1'
+          exec "CheckFileAccessRules -path '#{file}' -identity '#{get_identity by_whom}' -rules @('FullControl', 'Modify', 'Write')"
+        end
+      end
+
+      def check_executable(file, by_whom)
+        Backend::PowerShell::Command.new do
+          using 'check_file_access_rules.ps1'
+          exec "CheckFileAccessRules -path '#{file}' -identity '#{get_identity by_whom}' -rules @('FullControl', 'Modify', 'ReadAndExecute', 'ExecuteFile')"
+        end
+      end
+
+      def check_installed(package, version=nil)
+        version_selection = version.nil? ? "" : "-appVersion '#{version}'"
+        Backend::PowerShell::Command.new do
+          using 'find_installed_application.ps1'
+          exec "(FindInstalledApplication -appName '#{package}' #{version_selection}) -ne $null"
+        end
+      end
+
+      def check_enabled(service, level=nil)
+        Backend::PowerShell::Command.new do
+          using 'find_service.ps1'
+          exec "(FindService -name '#{service}').StartMode -eq 'Auto'"
+        end
+      end
+
+      def check_running(service)
+        Backend::PowerShell::Command.new do
+          using 'find_service.ps1'
+          exec "(FindService -name '#{service}').State -eq 'Running'"
+        end
+      end
+
+      def check_process(process)
+        Backend::PowerShell::Command.new do
+          exec "(Get-Process '#{process}') -ne $null"
+        end
+      end
+
+      def check_listening(port)
+        Backend::PowerShell::Command.new do
+          using 'is_port_listening.ps1'
+          exec "IsPortListening -portNumber #{port}"
+        end
+      end
+
+      def check_listening_with_protocol(port, protocol)
+        Backend::PowerShell::Command.new do
+          using 'is_port_listening.ps1'
+          exec "IsPortListening -portNumber #{port} -protocol '#{protocol}'"
+        end
+      end
+
+      def check_user(user)
+        user_id, domain = windows_account user
+        Backend::PowerShell::Command.new do
+          using 'find_user.ps1'
+          exec "(FindUser -userName '#{user_id}'#{domain.nil? ? "" : " -domain '#{domain}'"}) -ne $null"
+        end
+      end
+
+      def check_group(group)
+        group_id, domain = windows_account group
+        Backend::PowerShell::Command.new do
+          using 'find_group.ps1'
+          exec "(FindGroup -groupName '#{group_id}'#{domain.nil? ? "" : " -domain '#{domain}'"}) -ne $null"
+        end
+      end
+
+      def check_belonging_group(user, group)
+        user_id, user_domain = windows_account user
+        group_id, group_domain = windows_account group
+        Backend::PowerShell::Command.new do
+          using 'find_user.ps1'
+          using 'find_group.ps1'
+          using 'find_usergroup.ps1'
+          exec "(FindUserGroup -userName '#{user_id}'#{user_domain.nil? ? "" : " -userDomain '#{user_domain}'"} -groupName '#{group_id}'#{group_domain.nil? ? "" : " -groupDomain '#{group_domain}'"}) -ne $null"
+        end
+      end
+
+      def check_registry_key(key_name, key_property = {})
+        if key_property.empty?
+          cmd = "(Get-Item 'Registry::#{key_name}') -ne $null"
+        else
+          if key_property.key? :value
+            value = convert_key_property_value key_property
+            cmd = "(Compare-Object (Get-Item 'Registry::#{key_name}').GetValue('#{key_property[:name]}') #{value}) -eq $null"
+          else
+            cmd = "(Get-Item 'Registry::#{key_name}').GetValueKind('#{key_property[:name]}') -eq '#{REGISTRY_KEY_TYPES[key_property[:type]]}'"
+          end
+        end
+        Backend::PowerShell::Command.new { exec cmd }
+      end
+
+      private
+
+      def item_has_attribute item, attribute
+        "((Get-Item -Path '#{item}' -Force).attributes.ToString() -Split ', ') -contains '#{attribute}'"
+      end
+
+      def convert_key_property_value property
+        case property[:type]
+        when :type_binary
+          byte_array = [property[:value]].pack('H*').bytes.to_a
+          "([byte[]] #{byte_array.join(',')})"
+        when :type_dword
+          [property[:value].scan(/[0-9a-f]{2}/i).reverse.join].pack("H*").unpack("l").first
+        when :type_qword
+          property[:value].hex
+        else
+          string_array = property[:value].split("\n").map {|s| "'#{s}'"}.reduce {|acc, s| "#{acc},#{s}"}
+          "@(#{string_array})"
+        end
+      end
+
+      def windows_account account
+        match = /((.+)\\)?(.+)/.match account
+        domain = match[2]
+        name = match[3]
+        [name, domain]
+      end
+    end
+  end
+end