inspec/lib/resources/group.rb

128 lines
3.1 KiB
Ruby
Raw Normal View History

# encoding: utf-8
2015-10-07 10:10:59 +00:00
# author: Christoph Hartmann
# author: Dominik Richter
# Usage:
# describe group('root') do
# it { should exist }
# its('gid') { should eq 0 }
# end
#
# deprecated has matcher
# describe group('root') do
# it { should have_gid 0 }
# end
class Group < Vulcano.resource(1)
name 'group'
2015-10-07 09:36:59 +00:00
def initialize(groupname, domain = nil)
@group = groupname.downcase
2015-10-07 09:36:59 +00:00
@domain = domain
@domain = @domain.downcase unless @domain.nil?
@cache = nil
# select group manager
@group_provider = nil
2015-10-07 16:46:24 +00:00
if vulcano.os.unix?
@group_provider = UnixGroup.new(vulcano)
2015-10-07 16:46:24 +00:00
elsif vulcano.os.windows?
2015-10-07 09:36:59 +00:00
@group_provider = WindowsGroup.new(vulcano)
else
return skip_resource 'The `group` resource is not supported on your OS yet.'
end
end
# verifies if a group exists
def exists?
# ensure that we found one group
2015-10-07 09:36:59 +00:00
!group_info.nil? && group_info.size > 0
end
def gid
2015-10-07 09:36:59 +00:00
if group_info.nil? || group_info.size == 0
return nil
2015-10-07 09:36:59 +00:00
elsif group_info.size == 1
# the default case should be one group
2015-10-07 09:36:59 +00:00
return group_info[0][:gid]
else
# return array if we got multiple gids
2015-10-07 09:36:59 +00:00
return group_info.map { |grp| grp[:gid] }
end
end
# implements rspec has matcher, to be compatible with serverspec
def has_gid?(compare_gid)
gid == compare_gid
end
2015-10-07 09:36:59 +00:00
def local
if group_info.nil? || group_info.size == 0
return nil
elsif group_info.size == 1
# the default case should be one group
return group_info[0][:local]
else
# return array if we got multiple gids
return group_info.map { |grp| grp[:local] }
end
end
private
def group_info
return @cache if !@cache.nil?
2015-10-07 09:36:59 +00:00
@cache = @group_provider.group_info(@group, @domain) if !@group_provider.nil?
end
end
class GroupInfo
def initialize(vulcano)
@vulcano = vulcano
end
end
2015-10-07 09:36:59 +00:00
# implements generic unix groups via /etc/group
class UnixGroup < GroupInfo
2015-10-07 09:36:59 +00:00
def group_info(group, _domain = nil)
@vulcano.etc_group.where(name: group).entries.map { |grp|
2015-10-07 09:36:59 +00:00
{
name: grp['name'],
gid: grp['gid'],
2015-10-07 09:36:59 +00:00
}
}
end
end
class WindowsGroup < GroupInfo
def group_info(compare_group, compare_domain = nil)
cmd = @vulcano.command('Get-WmiObject Win32_Group | Select-Object -Property Caption, Domain, Name, SID, LocalAccount | ConvertTo-Json')
# cannot rely on exit code for now, successful command returns exit code 1
# return nil if cmd.exit_status != 0, try to parse json
begin
groups = JSON.parse(cmd.stdout)
rescue JSON::ParserError => _e
return nil
end
# ensure we have an array of groups
groups = [groups] if !groups.is_a?(Array)
# reduce list
groups.each_with_object([]) do |grp, grp_collection|
# map object
grp_info = {
name: grp['Name'],
domain: grp['Domain'],
caption: grp['Caption'],
gid: nil,
sid: grp['SID'],
local: grp['LocalAccount'],
}
return grp_collection.push(grp_info) if grp_info[:name].casecmp(compare_group) == 0 && (compare_domain.nil? || grp_info[:domain].casecmp(compare_domain) == 0)
2015-10-07 09:36:59 +00:00
end
end
end