require 'spec_helper'
include Serverspec::Helper::Solaris
describe 'Serverspec commands of Solaris family' do
it_behaves_like 'support command check_file', '/etc/passwd'
it_behaves_like 'support command check_directory', '/var/log'
it_behaves_like 'support command check_installed_by_gem', 'jekyll'
it_behaves_like 'support command check_installed_by_gem with_version', 'jekyll', '1.0.2'
it_behaves_like 'support command check_mounted', '/'
it_behaves_like 'support command check_routing_table', '192.168.100.1/24'
it_behaves_like 'support command check_reachable'
it_behaves_like 'support command check_resolvable'
it_behaves_like 'support command check_user', 'root'
it_behaves_like 'support command check_user', 'wheel'
it_behaves_like 'support command check_file_md5checksum', '/etc/passewd', '96c8c50f81a29965f7af6de371ab4250'
it_behaves_like 'support command check_running_under_supervisor', 'httpd'
it_behaves_like 'support command check_process', 'httpd'
it_behaves_like 'support command check_file_contain', '/etc/passwd', 'root'
it_behaves_like 'support command check_mode', '/etc/sudoers', 440
it_behaves_like 'support command check_owner', '/etc/sudoers', 'root'
it_behaves_like 'support command check_grouped', '/etc/sudoers', 'wheel'
it_behaves_like 'support command check_link', '/etc/system-release', '/etc/redhat-release'
it_behaves_like 'support command check_uid', 'root', 0
it_behaves_like 'support command check_login_shell', 'root', '/bin/bash'
it_behaves_like 'support command check_home_directory', 'root', '/root'
it_behaves_like 'support command check_authorized_key'
it_behaves_like 'support command get_mode'
end
describe 'check_enabled' do
subject { commands.check_enabled('httpd') }
it { should eq "svcs -l httpd 2> /dev/null | grep 'enabled true'" }
end
describe 'check_installed' do
subject { commands.check_installed('httpd') }
it { should eq 'pkg list -H httpd 2> /dev/null' }
end
describe 'check_file_contain_within' do
context 'contain a pattern in the file' do
subject { commands.check_file_contain_within('Gemfile', 'rspec') }
it { should eq "sed -n 1,\\$p Gemfile | grep -q -- rspec /dev/stdin" }
end
context 'contain a pattern after a line in a file' do
subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/') }
it { should eq "sed -n /\\^group\\ :test\\ do/,\\$p Gemfile | grep -q -- rspec /dev/stdin" }
end
context 'contain a pattern before a line in a file' do
subject {commands.check_file_contain_within('Gemfile', 'rspec', nil, '/^end/') }
it { should eq "sed -n 1,/\\^end/p Gemfile | grep -q -- rspec /dev/stdin" }
end
context 'contain a pattern from within a line and another line in a file' do
subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/', '/^end/') }
it { should eq "sed -n /\\^group\\ :test\\ do/,/\\^end/p Gemfile | grep -q -- rspec /dev/stdin" }
end
end
describe 'check_listening' do
subject { commands.check_listening(80) }
it { should eq "netstat -an 2> /dev/null | egrep 'LISTEN|Idle' | grep -- .80\\ " }
end
describe 'check_running' do
subject { commands.check_running('httpd') }
it { should eq "svcs -l httpd status 2> /dev/null |grep 'state online'" }
end
describe 'check_cron_entry' do
context 'specify root user' do
subject { commands.check_cron_entry('root', '* * * * * /usr/local/bin/batch.sh') }
it { should eq 'crontab -l root | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
end
context 'no specified user' do
subject { commands.check_cron_entry(nil, '* * * * * /usr/local/bin/batch.sh') }
it { should eq 'crontab -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' }
end
end
describe 'check_belonging_group' do
subject { commands.check_belonging_group('root', 'wheel') }
it { should eq "id -Gn root | grep -- wheel" }
end
describe 'check_gid' do
subject { commands.check_gid('root', 0) }
it { should eq "getent group | grep -- \\^root: | cut -f 3 -d ':' | grep -w -- 0" }
end
describe 'check_zfs' do
context 'check without properties' do
subject { commands.check_zfs('rpool') }
it { should eq "zfs list -H rpool" }
end
context 'check with a property' do
subject { commands.check_zfs('rpool', { 'mountpoint' => '/rpool' }) }
it { should eq "zfs list -H -o mountpoint rpool | grep -- \\^/rpool\\$" }
end
context 'check with multiple properties' do
subject { commands.check_zfs('rpool', { 'mountpoint' => '/rpool', 'compression' => 'off' }) }
it { should eq "zfs list -H -o compression rpool | grep -- \\^off\\$ && zfs list -H -o mountpoint rpool | grep -- \\^/rpool\\$" }
end
end
describe 'check_ip_filter_rule' do
subject { commands.check_ipfilter_rule('pass in quick on lo0 all') }
it { should eq "ipfstat -io 2> /dev/null | grep -- pass\\ in\\ quick\\ on\\ lo0\\ all" }
end
describe 'check_ipnat_rule' do
subject { commands.check_ipnat_rule('map net1 192.168.0.0/24 -> 0.0.0.0/32') }
it { should eq "ipnat -l 2> /dev/null | grep -- \\^map\\ net1\\ 192.168.0.0/24\\ -\\>\\ 0.0.0.0/32\\$" }
end
describe 'check_svcprop' do
subject { commands.check_svcprop('svc:/network/http:apache22', 'httpd/enable_64bit','false') }
it { should eq "svcprop -p httpd/enable_64bit svc:/network/http:apache22 | grep -- \\^false\\$" }
end
describe 'check_svcprops' do
subject {
commands.check_svcprops('svc:/network/http:apache22', {
'httpd/enable_64bit' => 'false',
'httpd/server_type' => 'worker',
})
}
it { should eq "svcprop -p httpd/enable_64bit svc:/network/http:apache22 | grep -- \\^false\\$ && svcprop -p httpd/server_type svc:/network/http:apache22 | grep -- \\^worker\\$" }
end
describe 'check_access_by_user' do
context 'read access' do
subject {commands.check_access_by_user '/tmp/something', 'dummyuser1', 'r'}
it { should eq 'su dummyuser1 -c "test -r /tmp/something"' }
end
context 'write access' do
subject {commands.check_access_by_user '/tmp/somethingw', 'dummyuser2', 'w'}
it { should eq 'su dummyuser2 -c "test -w /tmp/somethingw"' }
end
context 'execute access' do
subject {commands.check_access_by_user '/tmp/somethingx', 'dummyuser3', 'x'}
it { should eq 'su dummyuser3 -c "test -x /tmp/somethingx"' }
end
end