require 'spec_helper' include Serverspec::Helper::Solaris describe 'Serverspec commands of Solaris family' do it_behaves_like 'support command check_file', '/etc/passwd' it_behaves_like 'support command check_directory', '/var/log' it_behaves_like 'support command check_socket', '/var/run/unicorn.sock' it_behaves_like 'support command check_installed_by_gem', 'jekyll' it_behaves_like 'support command check_installed_by_gem with_version', 'jekyll', '1.0.2' it_behaves_like 'support command check_installed_by_npm', 'hubot' it_behaves_like 'support command check_installed_by_npm with_version', 'hubot', '1.0.2' it_behaves_like 'support command check_installed_by_pecl', 'mongo' it_behaves_like 'support command check_installed_by_pecl with_version', 'mongo', '1.4.1' it_behaves_like 'support command check_mounted', '/' it_behaves_like 'support command check_routing_table', '192.168.100.1/24' it_behaves_like 'support command check_resolvable' it_behaves_like 'support command check_user', 'root' it_behaves_like 'support command check_user', 'wheel' it_behaves_like 'support command check_file_md5checksum', '/etc/passewd', '96c8c50f81a29965f7af6de371ab4250' it_behaves_like 'support command check_running_under_supervisor', 'httpd' it_behaves_like 'support command check_process', 'httpd' it_behaves_like 'support command check_file_contain', '/etc/passwd', 'root' it_behaves_like 'support command check_mode', '/etc/sudoers', 440 it_behaves_like 'support command check_owner', '/etc/sudoers', 'root' it_behaves_like 'support command check_grouped', '/etc/sudoers', 'wheel' it_behaves_like 'support command check_link', '/etc/system-release', '/etc/redhat-release' it_behaves_like 'support command check_uid', 'root', 0 it_behaves_like 'support command check_login_shell', 'root', '/bin/bash' it_behaves_like 'support command check_home_directory', 'root', '/root' it_behaves_like 'support command check_authorized_key' it_behaves_like 'support command get_mode' end describe 'check_enabled' do subject { commands.check_enabled('httpd') } it { should eq "svcs -l httpd 2> /dev/null | grep -wx '^enabled.*true$'" } end describe 'check_installed' do subject { commands.check_installed('httpd') } it { should eq 'pkg list -H httpd 2> /dev/null' } end describe 'check_installed' do subject { commands.check_installed('httpd', '2.2') } it { should eq 'pkg list -H httpd 2> /dev/null | grep -qw -- 2.2' } end describe 'check_file_contain_within' do context 'contain a pattern in the file' do subject { commands.check_file_contain_within('Gemfile', 'rspec') } it { should eq "sed -n 1,\\$p Gemfile | grep -q -- rspec /dev/stdin" } end context 'contain a pattern after a line in a file' do subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/') } it { should eq "sed -n /\\^group\\ :test\\ do/,\\$p Gemfile | grep -q -- rspec /dev/stdin" } end context 'contain a pattern before a line in a file' do subject {commands.check_file_contain_within('Gemfile', 'rspec', nil, '/^end/') } it { should eq "sed -n 1,/\\^end/p Gemfile | grep -q -- rspec /dev/stdin" } end context 'contain a pattern from within a line and another line in a file' do subject { commands.check_file_contain_within('Gemfile', 'rspec', '/^group :test do/', '/^end/') } it { should eq "sed -n /\\^group\\ :test\\ do/,/\\^end/p Gemfile | grep -q -- rspec /dev/stdin" } end end describe 'check_listening' do subject { commands.check_listening(80) } it { should eq "netstat -an 2> /dev/null | egrep 'LISTEN|Idle' | grep -- .80\\ " } end describe 'check_running' do subject { commands.check_running('httpd') } it { should eq "svcs -l httpd status 2> /dev/null |grep -wx '^state.*online$'" } end describe 'check_cron_entry' do context 'specify root user' do subject { commands.check_cron_entry('root', '* * * * * /usr/local/bin/batch.sh') } it { should eq 'crontab -l root | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' } end context 'no specified user' do subject { commands.check_cron_entry(nil, '* * * * * /usr/local/bin/batch.sh') } it { should eq 'crontab -l | grep -- \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ \\\\\\*\\ /usr/local/bin/batch.sh' } end end describe 'check_belonging_group' do subject { commands.check_belonging_group('root', 'wheel') } it { should eq "id -Gn root | grep -- wheel" } end describe 'check_gid' do subject { commands.check_gid('root', 0) } it { should eq "getent group | grep -- \\^root: | cut -f 3 -d ':' | grep -w -- 0" } end describe 'check_zfs' do context 'check without properties' do subject { commands.check_zfs('rpool') } it { should eq "zfs list -H rpool" } end context 'check with a property' do subject { commands.check_zfs('rpool', { 'mountpoint' => '/rpool' }) } it { should eq "zfs list -H -o mountpoint rpool | grep -- \\^/rpool\\$" } end context 'check with multiple properties' do subject { commands.check_zfs('rpool', { 'mountpoint' => '/rpool', 'compression' => 'off' }) } it { should eq "zfs list -H -o compression rpool | grep -- \\^off\\$ && zfs list -H -o mountpoint rpool | grep -- \\^/rpool\\$" } end end describe 'check_ip_filter_rule' do subject { commands.check_ipfilter_rule('pass in quick on lo0 all') } it { should eq "ipfstat -io 2> /dev/null | grep -- pass\\ in\\ quick\\ on\\ lo0\\ all" } end describe 'check_ipnat_rule' do subject { commands.check_ipnat_rule('map net1 192.168.0.0/24 -> 0.0.0.0/32') } it { should eq "ipnat -l 2> /dev/null | grep -- \\^map\\ net1\\ 192.168.0.0/24\\ -\\>\\ 0.0.0.0/32\\$" } end describe 'check_svcprop' do subject { commands.check_svcprop('svc:/network/http:apache22', 'httpd/enable_64bit','false') } it { should eq "svcprop -p httpd/enable_64bit svc:/network/http:apache22 | grep -- \\^false\\$" } end describe 'check_svcprops' do subject { commands.check_svcprops('svc:/network/http:apache22', { 'httpd/enable_64bit' => 'false', 'httpd/server_type' => 'worker', }) } it { should eq "svcprop -p httpd/enable_64bit svc:/network/http:apache22 | grep -- \\^false\\$ && svcprop -p httpd/server_type svc:/network/http:apache22 | grep -- \\^worker\\$" } end describe 'check_access_by_user' do context 'read access' do subject {commands.check_access_by_user '/tmp/something', 'dummyuser1', 'r'} it { should eq 'su dummyuser1 -c "test -r /tmp/something"' } end context 'write access' do subject {commands.check_access_by_user '/tmp/somethingw', 'dummyuser2', 'w'} it { should eq 'su dummyuser2 -c "test -w /tmp/somethingw"' } end context 'execute access' do subject {commands.check_access_by_user '/tmp/somethingx', 'dummyuser3', 'x'} it { should eq 'su dummyuser3 -c "test -x /tmp/somethingx"' } end end describe 'check_reachable' do context "connect with name from /etc/services to localhost" do subject { commands.check_reachable('localhost', 'ssh', 'tcp', 1) } it { should eq "nc -vvvvzt -w 1 localhost ssh" } end context "connect with ip and port 11111 and timeout of 5" do subject { commands.check_reachable('127.0.0.1', '11111', 'udp', 5) } it { should eq "nc -vvvvzu -w 5 127.0.0.1 11111" } end context "do a ping" do subject { commands.check_reachable('127.0.0.1', nil, 'icmp', 1) } it { should eq "ping -n 127.0.0.1 1" } end end