inspec/test/kitchen/policies/default/controls/user_spec.rb

158 lines
4 KiB
Ruby
Raw Normal View History

2016-09-08 17:14:40 +00:00
if ['centos', 'redhat', 'fedora', 'suse', 'debian', 'ubuntu'].include?(os[:family])
2015-10-22 21:54:24 +00:00
userinfo = {
username: 'root',
groupname: 'root',
2015-10-22 21:54:24 +00:00
uid: 0,
gid: 0,
groups: "root",
2015-10-22 21:54:24 +00:00
home: '/root',
shell: '/bin/bash',
}
# different groupset for centos 5
2015-12-19 00:45:26 +00:00
userinfo[:groups] = ["root", "bin", "daemon", "sys", "adm", "disk", "wheel"] \
if os[:release].to_i == 5
2016-01-28 13:51:54 +00:00
elsif ['freebsd'].include?(os[:family])
2015-10-22 21:54:24 +00:00
userinfo = {
username: 'root',
groupname: 'wheel',
2015-10-22 21:54:24 +00:00
uid: 0,
gid: 0,
2016-01-28 13:51:54 +00:00
groups: "wheel", # at least this group should be there
2015-10-22 21:54:24 +00:00
home: '/root',
shell: '/bin/csh',
}
2016-01-28 13:51:54 +00:00
elsif os.windows?
2016-09-08 17:14:40 +00:00
hostname = powershell('$env:computername').stdout.chomp
userinfo = {
2016-09-08 17:14:40 +00:00
username: hostname + '\Administrator',
groupname: nil,
uid: nil,
gid: nil,
groups: "Administrators",
home: nil,
shell: nil,
}
2016-09-08 17:14:40 +00:00
# store uid of user
userinfo[:uid] = user(userinfo[:username]).uid
2016-01-28 13:51:54 +00:00
elsif os[:family] == 'aix'
2015-12-19 00:45:26 +00:00
userinfo = {
username: 'bin',
groupname: 'bin',
2015-12-19 00:45:26 +00:00
uid: 2,
gid: 2,
2016-01-28 13:51:54 +00:00
groups: "adm", # at least this group should be there
2015-12-19 00:45:26 +00:00
home: '/bin',
shell: nil,
#mindays: 0,
#maxdays: 0,
warndays: 0,
}
2016-01-28 13:51:54 +00:00
elsif os.solaris?
if os[:release].to_i > 10
userinfo = {
username: 'root',
groupname: 'root',
2016-01-28 13:51:54 +00:00
uid: 0,
gid: 0,
groups: "sys", # at least this group should be there
home: '/root',
shell: '/usr/bin/bash',
}
else
userinfo = {
username: 'root',
groupname: 'root',
2016-01-28 13:51:54 +00:00
uid: 0,
gid: 0,
groups: "sys", # at least this group should be there
home: '/',
shell: '/sbin/sh',
}
end
elsif os.darwin?
userinfo = {
username: 'root',
groupname: 'wheel',
uid: 0,
gid: 0,
groups: "wheel", # at least this group should be there
home: '/var/root',
shell: '/bin/sh',
}
2015-10-22 21:54:24 +00:00
else
userinfo = {}
end
2016-01-28 13:51:54 +00:00
if os.windows?
# test single `user` resource
describe user(userinfo[:username]) do
it { should exist }
# should return the SID of the user
its('uid') { should_not eq nil}
its('groups') { should include userinfo[:groups] }
its('mindays') { should eq 0 }
its('maxdays') { should eq 42 }
its('warndays') { should eq nil }
its('passwordage') { should_be > 5 }
its('maxbadpasswords') { should eq 0 }
its('badpasswordattempts') { should eq 0 }
end
2016-09-08 17:14:40 +00:00
# also support simple username for local users without domain
describe user('Administrator') do
it { should exist }
# should return the SID of the user
its('uid') { should_not eq nil}
its('groups') { should include userinfo[:groups] }
its('mindays') { should eq 0 }
its('maxdays') { should eq 42 }
its('warndays') { should eq nil }
its('passwordage') { should_be > 5 }
its('maxbadpasswords') { should eq 0 }
its('badpasswordattempts') { should eq 0 }
end
else
# test single `user` resource
describe user(userinfo[:username]) do
it { should exist }
2015-12-19 00:45:26 +00:00
userinfo.each do |k, v|
2016-01-28 13:51:54 +00:00
# check that the user is part of the groups
if k.to_s == 'groups'
2016-05-10 17:23:11 +00:00
its(k) { should include v } unless ENV['DOCKER']
2016-01-28 13:51:54 +00:00
# default eq comparison
else
its(k) { should eq v }
end
2015-12-19 00:45:26 +00:00
end
end
2016-09-08 17:14:40 +00:00
describe users.where(username: userinfo[:username]).groups.entries[0] do
it { should include userinfo[:groups] }
end
2016-09-08 17:14:40 +00:00
end
2016-09-08 17:14:40 +00:00
# test `users` resource
describe users.where(username: userinfo[:username]) do
userinfo.each do |k, v|
name = k.to_s
if name == 'groups'
# its(name) { should include v }
else
name += 's' unless %w{ maxdays mindays warndays }.include? name
expected_value = [v]
its(name) { should eq expected_value}
end
end
2016-09-08 17:14:40 +00:00
end
2016-09-08 17:14:40 +00:00
# catch case where user is not existant
describe user('not_available') do
it { should_not exist }
its ('uid') { should eq nil}
its ('username') { should eq nil}
its ('gid') { should eq nil}
its ('home') { should eq nil}
its ('shell') { should eq nil}
2015-10-22 21:54:24 +00:00
end