inspec/test/helper.rb

789 lines
43 KiB
Ruby
Raw Normal View History

2015-10-06 16:55:44 +00:00
# author: Dominik Richter
# author: Christoph Hartmann
##
# Do not add any code above this line.
##
# Do not add any other code to this code block. Simplecov and
# coveralls only until the next code block:
require 'simplecov'
require 'coveralls'
SimpleCov.formatters = SimpleCov::Formatter::MultiFormatter.new([
SimpleCov::Formatter::HTMLFormatter,
Coveralls::SimpleCov::Formatter
])
SimpleCov.start do
add_filter '/test/'
add_group 'Resources', 'lib/resources'
add_group 'Matchers', 'lib/matchers'
2015-10-26 03:04:18 +00:00
add_group 'Backends', 'lib/inspec/backend'
end
##
#
# Do not add any other code from here until the end of this code
# block.
#
# Before ANYTHING else happens, this must happen:
#
# 1) require minitest/autorun
# 2) alias describe to mt_describe
# 3) require rspec
# 4) disable_monkey_patching from rspec
# 5) alias mt_describe back to describe using change_global_dsl.
#
# Explanation: eventually, our tests get around to inspec/runner_rspec
# (and a few others), and they load rspec. When rspec loads, it
# creates it's own global `describe` method, overwriting minitest's.
# When you tell RSpec to disable_monkey_patching, instead of using
# remove_method, they use undef_method, which blocks access to our
# Kernel.describe. We then need to go back in and reactivate it in
# order for our tests to finish declaring their tests and eventually
# actually running.
#
# Before this, the tests would get to the point of loading rspec, then
# all subsequently loaded spec-style tests would just disappear into
# the aether. Differences in test load order created differences in
# test count and vast differences in test time (which should have been
# a clue that something was up--windows is just NOT THAT FAST).
#
# The OTHER way to fix this is to ban spec style tests in our
# codebase. This is a more rational approach but requires more work. I
# need these tests up and all running and dependable. We can make them
# right later.
require "minitest/autorun"
module Kernel
alias mt_describe describe
end
require "rspec"
RSpec.configure do |config|
config.disable_monkey_patching!
end
RSpec::Core::DSL.change_global_dsl do
alias describe mt_describe
end
# End of rspec vs minitest fight
########################################################################
require 'webmock/minitest'
require 'mocha/setup'
require 'fileutils'
2016-02-18 13:27:16 +00:00
require 'pathname'
require 'tempfile'
require 'tmpdir'
require 'zip'
require 'json'
require 'inspec/base_cli'
require 'inspec/version'
require 'inspec/exceptions'
2016-02-21 00:45:55 +00:00
require 'inspec/fetcher'
2016-02-21 11:39:07 +00:00
require 'inspec/source_reader'
2015-10-26 03:04:18 +00:00
require 'inspec/resource'
require 'resource_support/aws'
require 'inspec/reporters'
2015-10-26 03:04:18 +00:00
require 'inspec/backend'
require 'inspec/profile'
require 'inspec/runner'
require 'inspec/runner_mock'
require 'inspec/globals'
require 'inspec/impact'
require 'inspec/config'
2016-03-17 22:00:55 +00:00
require 'fetchers/mock'
require 'inspec/dependencies/cache'
2016-03-17 22:00:55 +00:00
require_relative '../lib/bundles/inspec-supermarket'
2016-03-17 22:00:55 +00:00
require 'train'
CMD = Train.create('local', command_runner: :generic).connection
2016-03-17 22:00:55 +00:00
TMP_CACHE = {}
2015-09-03 15:33:19 +00:00
Inspec::Log.logger = Logger.new(nil)
2015-09-22 16:31:21 +00:00
class MockLoader
# collects emulation operating systems
OPERATING_SYSTEMS = {
alpine: { name: 'alpine', family: 'alpine', release: '3.6.2', arch: 'x86_64' },
arch: { name: 'arch', family: 'arch', release: nil, arch: nil },
centos5: { name: 'centos', family: 'redhat', release: '5.11', arch: 'x86_64' },
centos6: { name: 'centos', family: 'redhat', release: '6.6', arch: 'x86_64' },
centos7: { name: 'centos', family: 'redhat', release: '7.1.1503', arch: 'x86_64' },
cloudlinux: { name: 'cloudlinux', family: 'redhat', release: '7.4', arch: 'x86_64' },
coreos: { name: 'coreos', family: 'coreos', release: '1437.0.0', arch: 'x86_64' },
debian6: { name: 'debian', family: 'debian', release: '6', arch: 'x86_64' },
debian7: { name: 'debian', family: 'debian', release: '7', arch: 'x86_64' },
debian8: { name: 'debian', family: 'debian', release: '8', arch: 'x86_64' },
freebsd9: { name: 'freebsd', family: 'freebsd', release: '9', arch: 'amd64' },
freebsd10: { name: 'freebsd', family: 'freebsd', release: '10', arch: 'amd64' },
osx104: { name: 'mac_os_x',family: 'darwin', release: '10.10.4', arch: nil },
ubuntu1204: { name: 'ubuntu', family: 'debian', release: '12.04', arch: 'x86_64' },
ubuntu1404: { name: 'ubuntu', family: 'debian', release: '14.04', arch: 'x86_64' },
ubuntu1504: { name: 'ubuntu', family: 'debian', release: '15.04', arch: 'x86_64' },
add "packages" resource This pull request adds a packages resource so that we can check for pattern matches against all the packages on a system. This initially implements only dpkg support for debian-based platforms so we can cover this use case: ```ruby describe packages(/^xserver-xorg.*/) do its("list") { should be_empty } end ``` This uses FilterTable so we can supply additional queries, too. ```ruby describe packages(/vi.+/).where { status != 'installed' } do its('statuses') { should be_empty } end ``` Users can specify the name as a string or a regular expression. If it is a string, we will escape it and convert it to a regular expression to use in matching against the full returned list of packages. If it is a regular expression, we take that as is and use it to filter the results. While some package management systems such as `dpkg` can take a shell glob argument to filter their results, we eschew this and require a regular expression to match multiple package names because we will need this to work across other platforms in the future. This means that the following: ```ruby packages("vim") ``` Will return *all* the "vim" packages on the system. The `packages` resource will take `"vim"`, turn it into `/vim/`, and greedily match anything with "vim" in the name. To match only a single package named `vim`, it needs to be an anchored regular expression. ```ruby packages(/^vim$/) ``` Signed-off-by: Joshua Timberman <joshua@chef.io> Use entries instead of list Added a few more tests and non installed package in output Signed-off-by: Alex Pop <apop@chef.io> fix lint Signed-off-by: Alex Pop <apop@chef.io> Signed-off-by: Joshua Timberman <joshua@chef.io>
2017-02-03 20:42:55 +00:00
ubuntu1604: { name: 'ubuntu', family: 'debian', release: '16.04', arch: 'x86_64' },
mint17: { name: 'linuxmint', family: 'debian', release: '17.3', arch: 'x86_64' },
mint18: { name: 'linuxmint', family: 'debian', release: '18', arch: 'x86_64' },
windows: { name: 'windows', family: 'windows', release: '6.2.9200', arch: 'x86_64' },
wrlinux: { name: 'wrlinux', family: 'redhat', release: '7.0(3)I2(2)', arch: 'x86_64' },
solaris11: { name: "solaris", family: 'solaris', release: '11', arch: 'i386'},
solaris10: { name: "solaris", family: 'solaris', release: '10', arch: 'i386'},
hpux: { name: 'hpux', family: 'hpux', release: 'B.11.31', arch: 'ia64'},
aix: { name: 'aix', family: 'aix', release: '7.2', arch: 'powerpc' },
amazon: { name: 'amazon', family: 'redhat', release: '2015.03', arch: 'x86_64' },
amazon2: { name: 'amazon', family: 'redhat', release: '2', arch: 'x86_64' },
undefined: { name: nil, family: nil, release: nil, arch: nil },
}
2015-09-22 16:31:21 +00:00
# pass the os identifier to emulate a specific operating system
def initialize(os = nil)
# selects operating system
@platform = OPERATING_SYSTEMS[os || :ubuntu1404]
2015-09-22 16:31:21 +00:00
end
def backend
return @backend if defined?(@backend)
2015-09-22 16:31:21 +00:00
scriptpath = ::File.realpath(::File.dirname(__FILE__))
2015-09-22 16:31:21 +00:00
# create mock backend
@backend = Inspec::Backend.create(Inspec::Config.mock)
mock = @backend.backend
2015-09-22 16:31:21 +00:00
# create all mock files
local = Train.create('local', command_runner: :generic).connection
# set os emulation
mock.mock_os(@platform)
2015-09-22 16:31:21 +00:00
mockfile = lambda { |x|
path = ::File.join(scriptpath, '/unit/mock/files', x)
local.file(path)
}
2015-10-09 13:07:58 +00:00
mockdir = lambda { |x|
md = Object.new
2015-10-09 17:55:16 +00:00
class << md
attr_accessor :isdir
end
md.isdir = x
2015-10-09 13:07:58 +00:00
def md.directory?
2015-10-09 17:55:16 +00:00
isdir
2015-10-09 13:07:58 +00:00
end
md
}
emptyfile = lambda {
mockfile.call('emptyfile')
}
2015-10-09 13:07:58 +00:00
mock.files = {
2015-09-22 16:31:21 +00:00
'/proc/net/bonding/bond0' => mockfile.call('bond0'),
'/etc/ssh/ssh_config' => mockfile.call('ssh_config'),
'/etc/ssh/sshd_config' => mockfile.call('sshd_config'),
'/etc/ssh/sshd_config_does_not_exist' => mockfile.call('sshd_config_does_not_exist'),
'/etc/ssh/sshd_config_empty' => emptyfile.call,
2015-09-22 16:31:21 +00:00
'/etc/passwd' => mockfile.call('passwd'),
2016-02-19 11:48:43 +00:00
'/etc/shadow' => mockfile.call('shadow'),
2015-09-22 16:31:21 +00:00
'/etc/ntp.conf' => mockfile.call('ntp.conf'),
'/etc/login.defs' => mockfile.call('login.defs'),
'/etc/security/limits.conf' => mockfile.call('limits.conf'),
'/etc/inetd.conf' => mockfile.call('inetd.conf'),
2015-10-06 11:47:34 +00:00
'/etc/group' => mockfile.call('etcgroup'),
2015-12-22 03:38:49 +00:00
'/etc/grub.conf' => mockfile.call('grub.conf'),
'/boot/grub2/grub.cfg' => mockfile.call('grub2.cfg'),
'/boot/grub2/grubenv' => mockfile.call('grubenv'),
'/boot/grub2/grubenv_invalid' => mockfile.call('grubenv_invalid'),
'/etc/default/grub' => mockfile.call('grub_defaults'),
'/etc/default/grub_with_saved' => mockfile.call('grub_defaults_with_saved'),
2015-09-22 16:31:21 +00:00
'/etc/audit/auditd.conf' => mockfile.call('auditd.conf'),
'/etc/mysql/my.cnf' => mockfile.call('mysql.conf'),
'/etc/mysql/mysql2.conf' => mockfile.call('mysql2.conf'),
'/etc/rabbitmq/rabbitmq.config' => mockfile.call('rabbitmq.config'),
2015-09-22 16:31:21 +00:00
'kitchen.yml' => mockfile.call('kitchen.yml'),
'example.csv' => mockfile.call('example.csv'),
'policyfile.lock.json' => mockfile.call('policyfile.lock.json'),
'nonexistent.json' => mockfile.call('nonexistent.json'),
2015-10-09 13:07:58 +00:00
'/sys/class/net/br0/bridge' => mockdir.call(true),
2015-11-24 12:06:31 +00:00
'rootwrap.conf' => mockfile.call('rootwrap.conf'),
'/etc/apache2/apache2.conf' => mockfile.call('apache2.conf'),
'/etc/apache2/ports.conf' => mockfile.call('ports.conf'),
2016-09-03 01:55:28 +00:00
'/etc/httpd/conf/httpd.conf' => mockfile.call('httpd.conf'),
'/etc/httpd/conf.d/ssl.conf' => mockfile.call('ssl.conf'),
'/etc/httpd/mods-enabled/status.conf' => mockfile.call('status.conf'),
'/etc/httpd/conf-enabled/security.conf' => mockfile.call('security.conf'),
'/etc/apache2/conf-enabled/serve-cgi-bin.conf' => mockfile.call('serve-cgi-bin.conf'),
'/etc/apache2/conf-enabled/security.conf' => mockfile.call('security.conf'),
'/etc/nginx/failed.conf' => mockfile.call('nginx_failed.conf'),
'/etc/nginx/nginx.conf' => mockfile.call('nginx.conf'),
'/etc/nginx/proxy.conf' => mockfile.call('nginx_proxy.conf'),
'/etc/nginx/conf/mime.types' => mockfile.call('nginx_mime.types'),
'/etc/nginx/conf.d/foobar.conf' => mockfile.call('nginx_confd_foobar.conf'),
'/etc/nginx/conf.d/multiple.conf' => mockfile.call('nginx_confd_multiple.conf'),
'/etc/nginx/quotes.d/example.conf' => mockfile.call('nginx_quotesd_example.conf'),
2016-02-26 12:19:16 +00:00
'/etc/xinetd.conf' => mockfile.call('xinetd.conf'),
'/etc/xinetd.d' => mockfile.call('xinetd.d'),
'/etc/xinetd.d/chargen-stream' => mockfile.call('xinetd.d_chargen-stream'),
'/etc/xinetd.d/chargen-dgram' => mockfile.call('xinetd.d_chargen-dgram'),
'/etc/xinetd.d/echo' => mockfile.call('xinetd.d_echo'),
'/etc/sysctl.conf' => mockfile.call('sysctl.conf'),
'/etc/postgresql/9.4/main/postgresql.conf' => mockfile.call('postgresql.conf'),
# Test certificate/key for x509_certificate using RSA keys in PEM format
'test_certificate.rsa.crt.pem' => mockfile.call('test_certificate.rsa.crt.pem'),
'test_certificate.rsa.key.pem' => mockfile.call('test_certificate.rsa.key.pem'),
'test_ca_public.key.pem' => mockfile.call('test_ca_public.key.pem'),
# Test DH parameters, 2048 bit long safe prime, generator 2 for dh_params in PEM format
'dh_params.dh_pem' => mockfile.call('dh_params.dh_pem'),
'default.toml' => mockfile.call('default.toml'),
'default.xml' => mockfile.call('default.xml'),
'database.xml' => mockfile.call('database.xml'),
'/test/path/to/postgres/pg_hba.conf' => mockfile.call('pg_hba.conf'),
New postgres_ident_conf resource (#1963) * Initial commit of pg_ident_conf resource Signed-off-by: Rony Xavier <rx294@nyu.edu> * Initial commit of pg_ident_conf resource Signed-off-by: Rony Xavier <rx294@nyu.edu> * Small updates to organization of code Signed-off-by: Aaron Lippold <lippold@gmail.com> Signed-off-by: Rony Xaiver <rx294@nyu.edu> * updated `conf_path` instance var to `conf_file` since we are returning a file. Signed-off-by: Aaron Lippold <lippold@gmail.com> * Updated few bugs on pg_ident_conf added test files and docs Signed-off-by: Rony Xavier <rx294@nyu.edu> * Updated docs Signed-off-by: Rony Xavier <rx294@nyu.edu> * Added mock folders Signed-off-by: Rony Xavier <rx294@nyu.edu> * Added mock folders Signed-off-by: Rony Xavier <rx294@nyu.edu> Signed-off-by: Aaron Lippold <lippold@gmail.com> * Added mock folders Signed-off-by: Rony Xavier <rx294@nyu.edu> Signed-off-by: Aaron Lippold <lippold@gmail.com> * Added OS check Signed-off-by: Rony Xavier <rx294@nyu.edu> * Added mock file Signed-off-by: Rony Xavier <rx294@nyu.edu> * Added mock folders Signed-off-by: Rony Xavier <rx294@nyu.edu> Signed-off-by: Aaron Lippold <lippold@gmail.com> * added windows mock file Signed-off-by: Aaron Lippold <lippold@gmail.com> * Changed resource name from pg_ident_conf to postgres_ident_conf Signed-off-by: Rony Xavier <rx294@nyu.edu> * Completed corrections reccomended on PR Signed-off-by: Rony Xavier <rx294@nyu.edu> * removed copyright information Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-07-03 18:01:40 +00:00
'/etc/postgresql/9.5/main/pg_ident.conf' => mockfile.call('pg_ident.conf'),
'C:/etc/postgresql/9.5/main/pg_ident.conf' => mockfile.call('pg_ident.conf'),
'/etc/postgresql/9.5/main' => mockfile.call('9.5.main'),
'/var/lib/postgresql/9.5/main' => mockfile.call('var.9.5.main'),
'/etc/hosts' => mockfile.call('hosts'),
'C:\windows\system32\drivers\etc\hosts' => mockfile.call('hosts'),
'/etc/fstab' => mockfile.call('fstab'),
'fstab_no_home' => mockfile.call('fstab_no_home'),
'fstab_one_mount' => mockfile.call('fstab_one_mount'),
'/etc/aide.conf' => mockfile.call('aide.conf'),
'/var/lib/fake_rpmdb' => mockdir.call(true),
'/var/lib/rpmdb_does_not_exist' => mockdir.call(false),
'/etc/init/ssh.conf' => mockfile.call('upstart_ssh_enabled.conf'),
'/etc/hosts.allow' => mockfile.call('hosts.allow'),
'/etc/hosts.deny' => mockfile.call('hosts.deny'),
'/fakepath/fakefile' => emptyfile.call,
'C:/fakepath/fakefile' => emptyfile.call,
Allow crontab resource to read crontab at user specified paths. (#2328) * add a emulated /etc/cron.d/crondotd file to the mocking system. * test that we handle incoming paths correctly by rendering to_s. * We take in both users and a path, so lets call that destination. * To make the test pass we'll determine if we are dealing with a path or a user and return the correct string. * we will need the ability to determine if we are dealing with a path when either calling the crontab command or reading the file directly, so break that out into a path? method. * remove author field. * test contents of our crondotd file. * we have to explicitly make @destination a String to use include?. * when we get a path we use inspec.file to get conents, otherwise we run the crontab command. Signed-off-by: Miah Johnson <miah@chia-pet.org> * Add documentation for example usage with file path. Signed-off-by: Miah Johnson <miah@chia-pet.org> * Make path? and path_or_user private methods Signed-off-by: Miah Johnson <miah@chia-pet.org> * Add missing username filed to crondotd mock file Signed-off-by: Miah Johnson <miah@chia-pet.org> * Pass argument as a hash when testing file paths Signed-off-by: Miah Johnson <miah@chia-pet.org> * Expected results should include usernames when testing file paths Signed-off-by: Miah Johnson <miah@chia-pet.org> * Add special string `@yearly` test to crondotd mock file Signed-off-by: Miah Johnson <miah@chia-pet.org> * Add user to existing cron tests Signed-off-by: Miah Johnson <miah@chia-pet.org> * Rubocop says I need spaces after/before curly brackets Signed-off-by: Miah Johnson <miah@chia-pet.org> * Add user to crondotd file tests and add @yearly test Signed-off-by: Miah Johnson <miah@chia-pet.org> * Modify initialize to take options hash and be backwards compatible. Change initialize default argument to create a hash by default, though it is still possible to pass in a 'user' string argument. @user gets set with the argument value unless its a hash, in which case it tries to set the value of the user key, otherwise it becomes nil. @file gets set with the value of the path key, unless it doesn't exist in which case it becomes nil. All hash keys are symbolized to ensure consistent access. Signed-off-by: Miah Johnson <miah@chia-pet.org> * Check if @path is nil to determine if we run crontab command or parse file. path? was removed as we're not overloading a @destination variable anymore. Signed-off-by: Miah Johnson <miah@chia-pet.org> * if @user is nil assume current user otherwise crontab for @user Signed-off-by: Miah Johnson <miah@chia-pet.org> * Change to complete if rather than ternary. We have three possible cases, current user, other user, or file path. This accounts for all of them. Signed-off-by: Miah Johnson <miah@chia-pet.org> * Add user to the crontab FilterTable Signed-off-by: Miah Johnson <miah@chia-pet.org> * Remove path? and path_or_user Signed-off-by: Miah Johnson <miah@chia-pet.org> * Move crontab parsing to two methods, parse_user_crontab and parse_system_crontab Because a command in a crontab file could have spaces we must parse user and system crontabs differently. When we parse user crontabs the user field will either be nil, or the requested user. Both user and path parsers handle special strings (@yearly, @weekly, etc). And also account for position of user in these files (or adds it in user case) Signed-off-by: Miah Johnson <miah@chia-pet.org> * Update examples with user: and path: Signed-off-by: Miah Johnson <miah@chia-pet.org> * Add spaces after : in example docs Signed-off-by: Miah Johnson <miah@chia-pet.org> * Disable rubocop ClassLength check Signed-off-by: Miah Johnson <miah@chia-pet.org> * Moved rubocop ClassLength metric next to class instead of above the module. Remove unnecessary braces. Add is_system_crontab? and is_user_crontab helper methods and use them. Add tests to see if error conditions are raised when the resource is invoked with missing parameters (user, or path), and on a unsupported os. Change initialize to group all hash functions together and raise errors when user and path is unset. Also raise errors on unsupported operating systems. Change order of ternary and use is_system_crontab? rather than @path.nil? Signed-off-by: Miah Johnson <miah@chia-pet.org>
2017-12-07 12:50:07 +00:00
'/etc/cron.d/crondotd' => mockfile.call('crondotd'),
'/missing_file' => emptyfile.call,
2015-09-22 16:31:21 +00:00
}
2015-09-03 15:33:19 +00:00
2015-09-22 16:31:21 +00:00
# create all mock commands
cmd = lambda {|x|
stdout = ::File.read(::File.join(scriptpath, '/unit/mock/cmd/'+x))
mock.mock_command('', stdout, '', 0)
2015-09-22 16:31:21 +00:00
}
cmd_stderr = lambda { |x = nil|
stderr = x.nil? ? '' : File.read(File.join(scriptpath, 'unit/mock/cmd', x))
mock.mock_command('', '', stderr, 1)
}
empty = lambda {
mock.mock_command('', '', '', 0)
}
cmd_exit_1 = lambda { |x = nil|
stderr = x.nil? ? '' : File.read(File.join(scriptpath, 'unit/mock/cmd', x))
mock.mock_command('', '', stderr, 1)
}
mock_cmds = {
'' => empty.call,
'sh -c \'find /no/such/mock -type f -maxdepth 1\'' => empty.call,
'type "brew"' => empty.call,
'bash -c \'type "pip"\'' => empty.call,
'bash -c \'type "/test/path/pip"\'' => empty.call,
'bash -c \'type "Rscript"\'' => empty.call,
'bash -c \'type "perl"\'' => empty.call,
'bash -c \'type "/sbin/auditctl"\'' => empty.call,
'bash -c \'type "sql"\'' => cmd_exit_1.call,
'type "pwsh"' => empty.call,
'type "netstat"' => empty.call,
'sh -c \'find /etc/apache2/ports.conf -type l -maxdepth 1\'' => empty.call,
'sh -c \'find /etc/httpd/conf.d/*.conf -type l -maxdepth 1\'' => empty.call,
'sh -c \'find /etc/httpd/mods-enabled/*.conf -type l -maxdepth 1\'' => empty.call,
'sh -c \'find /etc/httpd/conf-enabled/*.conf -type f -maxdepth 1\'' => empty.call,
'find /sys/class/net/eth1/ -maxdepth 1 -type f -exec sh -c \'echo "[$(basename {})]"; cat {} || echo -n\' \;' => empty.call,
'Get-Package -Name \'Not available\' | ConvertTo-Json' => empty.call,
'ps axo pid,pcpu,pmem,vsz,rss,tty,stat,start,time,user,command' => cmd.call('ps-axo'),
'ps axo label,pid,pcpu,pmem,vsz,rss,tty,stat,start,time,user:32,command' => cmd.call('ps-axoZ'),
'ps -o pid,vsz,rss,tty,stat,time,ruser,args' => cmd.call('ps-busybox'),
2015-11-13 10:53:21 +00:00
'env' => cmd.call('env'),
'${Env:PATH}' => cmd.call('$env-PATH'),
2016-09-05 10:12:34 +00:00
# registry key test using winrm 2.0
'9417f24311a9dcd90f1b1734080a2d4c6516ec8ff2d452a2328f68eb0ed676cf' => cmd.call('reg_schedule'),
2015-09-22 16:31:21 +00:00
'Auditpol /get /subcategory:\'User Account Management\' /r' => cmd.call('auditpol'),
'/sbin/auditctl -l' => cmd.call('auditctl'),
'/sbin/auditctl -s' => cmd.call('auditctl-s'),
2015-09-22 16:31:21 +00:00
'yum -v repolist all' => cmd.call('yum-repolist-all'),
'dpkg -s curl' => cmd.call('dpkg-s-curl'),
'dpkg -s held-package' => cmd.call('dpkg-s-held-package'),
'rpm -qi curl' => cmd.call('rpm-qi-curl'),
'rpm -qi --dbpath /var/lib/fake_rpmdb curl' => cmd.call('rpm-qi-curl'),
'rpm -qi --dbpath /var/lib/rpmdb_does_not_exist curl' => cmd_exit_1.call,
2015-09-23 13:49:19 +00:00
'pacman -Qi curl' => cmd.call('pacman-qi-curl'),
'brew info --json=v1 curl' => cmd.call('brew-info--json-v1-curl'),
'brew info --json=v1 nginx' => cmd.call('brew-info--json-v1-nginx'),
'brew info --json=v1 nope' => cmd_exit_1.call,
'/usr/local/bin/brew info --json=v1 curl' => cmd.call('brew-info--json-v1-curl'),
'gem list --local -a -q ^not-installed$' => cmd.call('gem-list-local-a-q-not-installed'),
2015-09-22 16:31:21 +00:00
'gem list --local -a -q ^rubocop$' => cmd.call('gem-list-local-a-q-rubocop'),
'/opt/ruby-2.3.1/embedded/bin/gem list --local -a -q ^pry$' => cmd.call('gem-list-local-a-q-pry'),
'/opt/chef/embedded/bin/gem list --local -a -q ^chef-sugar$' => cmd.call('gem-list-local-a-q-chef-sugar'),
'c:\opscode\chef\embedded\bin\gem.bat list --local -a -q ^json$' => cmd.call('gem-list-local-a-q-json'),
'/opt/opscode/embedded/bin/gem list --local -a -q ^knife-backup$' => cmd.call('gem-list-local-a-q-knife-backup'),
'npm -g ls --json bower' => cmd.call('npm-g-ls--json-bower'),
'cd /path/to/project && npm ls --json bower' => cmd.call('npm-ls--json-bower'),
"Rscript -e 'packageVersion(\"DBI\")'" => cmd.call('r-print-version'),
"Rscript -e 'packageVersion(\"DoesNotExist\")'" => cmd.call('r-print-version-not-installed'),
"perl -le 'eval \"require $ARGV[0]\" and print $ARGV[0]->VERSION or exit 1' DBD::Pg" => cmd.call('perl-print-version'),
"perl -le 'eval \"require $ARGV[0]\" and print $ARGV[0]->VERSION or exit 1' DOES::Not::Exist" => cmd_exit_1.call,
2015-09-22 16:31:21 +00:00
'pip show jinja2' => cmd.call('pip-show-jinja2'),
'pip show django' => cmd.call('pip-show-django'),
'/test/path/pip show django' => cmd.call('pip-show-non-standard-django'),
2015-10-02 09:09:47 +00:00
"Get-Package -Name 'Mozilla Firefox' | ConvertTo-Json" => cmd.call('get-package-firefox'),
"Get-Package -Name 'Ruby 2.1.6-p336-x64' | ConvertTo-Json" => cmd.call('get-package-ruby'),
'Get-Command "choco"' => empty.call,
'bash -c \'type "choco"\'' => cmd_exit_1.call,
'(choco list --local-only --exact --include-programs --limit-output \'nssm\') -Replace "\|", "=" | ConvertFrom-StringData | ConvertTo-JSON' => cmd.call('choco-list-nssm'),
'(choco list --local-only --exact --include-programs --limit-output \'git\') -Replace "\|", "=" | ConvertFrom-StringData | ConvertTo-JSON' => empty.call,
2016-08-31 15:56:23 +00:00
"New-Object -Type PSObject | Add-Member -MemberType NoteProperty -Name Service -Value (Get-Service -Name 'dhcp'| Select-Object -Property Name, DisplayName, Status) -PassThru | Add-Member -MemberType NoteProperty -Name WMI -Value (Get-WmiObject -Class Win32_Service | Where-Object {$_.Name -eq 'dhcp' -or $_.DisplayName -eq 'dhcp'} | Select-Object -Property StartMode) -PassThru | ConvertTo-Json" => cmd.call('get-service-dhcp'),
"New-Object -Type PSObject | Add-Member -MemberType NoteProperty -Name Pip -Value (Invoke-Command -ScriptBlock {where.exe pip}) -PassThru | Add-Member -MemberType NoteProperty -Name Python -Value (Invoke-Command -ScriptBlock {where.exe python}) -PassThru | ConvertTo-Json" => cmd.call('get-windows-pip-package'),
"Get-WindowsFeature | Where-Object {$_.Name -eq 'DHCP' -or $_.DisplayName -eq 'DHCP'} | Select-Object -Property Name,DisplayName,Description,Installed,InstallState | ConvertTo-Json" => cmd.call('get-windows-feature'),
"Get-WindowsFeature | Where-Object {$_.Name -eq 'IIS-WebServer' -or $_.DisplayName -eq 'IIS-WebServer'} | Select-Object -Property Name,DisplayName,Description,Installed,InstallState | ConvertTo-Json" => cmd_exit_1.call('get-windows-feature-iis-webserver'),
"dism /online /get-featureinfo /featurename:IIS-WebServer" => cmd.call('dism-iis-webserver'),
2015-09-22 16:31:21 +00:00
'lsmod' => cmd.call('lsmod'),
'/sbin/sysctl -q -n net.ipv4.conf.all.forwarding' => cmd.call('sbin_sysctl'),
2015-09-25 09:51:21 +00:00
# ports on windows
'Get-NetTCPConnection -state Listen | Select-Object -Property State, Caption, Description, LocalAddress, LocalPort, RemoteAddress, RemotePort, DisplayName, Status | ConvertTo-Json' => cmd.call('get-net-tcpconnection'),
'netstat -anbo | Select-String -CaseSensitive -pattern "^\s+UDP|\s+LISTENING\s+\d+$" -context 0,1' => cmd.call('netstat-anbo-pipe-select-string-pattern.utf8'),
2016-01-06 19:14:36 +00:00
# lsof formatted list of ports (should be quite cross platform)
2015-12-23 21:45:41 +00:00
'lsof -nP -i -FpctPn' => cmd.call('lsof-nP-i-FpctPn'),
2015-09-25 09:51:21 +00:00
# ports on freebsd
2015-09-23 13:24:46 +00:00
'sockstat -46l' => cmd.call('sockstat'),
# ports on aix
'netstat -Aan | grep LISTEN' => cmd.call('netstat-aan'),
'rmsock f0000000000000001 tcpcb' => cmd.call('rmsock-f0001'),
'rmsock f0000000000000002 tcpcb' => cmd.call('rmsock-f0002'),
2015-09-25 09:51:21 +00:00
# packages on windows
'f7718ece69188bb19cd458e2aeab0a8d968f3d40ac2f4199e21cc976f8db5ef6' => cmd.call('get-item-property-package'),
2015-09-25 09:51:21 +00:00
# service status upstart on ubuntu
'initctl status ssh' => cmd.call('initctl-status-ssh'),
# upstart version on ubuntu
'initctl --version' => cmd.call('initctl--version'),
2015-09-25 09:51:21 +00:00
# show ssh service Centos 7
'systemctl show --no-pager --all sshd' => cmd.call('systemctl-show-all-sshd'),
'systemctl show --no-pager --all apache2' => cmd.call('systemctl-show-all-apache2'),
'/path/to/systemctl show --no-pager --all sshd' => cmd.call('systemctl-show-all-sshd'),
'systemctl show --no-pager --all dbus' => cmd.call('systemctl-show-all-dbus'),
'/path/to/systemctl show --no-pager --all dbus' => cmd.call('systemctl-show-all-dbus'),
# services on macos
'launchctl list' => cmd.call('launchctl-list'),
# services on freebsd 10
'service -e' => cmd.call('service-e'),
'service sendmail onestatus' => cmd.call('service-sendmail-onestatus'),
# services for system 5 e.g. centos6, debian 6
'service sshd status' => cmd.call('service-sshd-status'),
'find /etc/rc*.d /etc/init.d/rc*.d -name "S*"' => cmd.call('find-etc-rc-d-name-S'),
'ls -1 /etc/init.d/' => cmd.call('ls-1-etc-init.d'),
2015-10-05 09:21:25 +00:00
# user information for linux
'id root' => cmd.call('id-root'),
'getent passwd root' => cmd.call('getent-passwd-root'),
2015-10-08 09:44:56 +00:00
'chage -l root' => cmd.call('chage-l-root'),
# user information for ldap test
'id jfolmer' => cmd.call('id-jfolmer'),
'getent passwd jfolmer' => cmd.call('getent-passwd-jfolmer'),
'chage -l jfolmer' => cmd.call('chage-l-root'),
2015-10-05 09:21:25 +00:00
# user info for mac
'id chartmann' => cmd.call('id-chartmann'),
'dscl -q . -read /Users/chartmann NFSHomeDirectory PrimaryGroupID RecordName UniqueID UserShell' => cmd.call('dscl'),
# user info for freebsd
'pw usershow root -7' => cmd.call('pw-usershow-root-7'),
# user info for windows (winrm 1.6.0, 1.6.1)
'27c6cda89fa5d196506251c0ed0d20468b378c5689711981dc1e1e683c7b02c1' => cmd.call('adsiusers'),
2015-10-07 10:04:48 +00:00
# group info for windows
'4020573097e910a573e22e8863c4faa434f52910a45714606cad1fb8b060d9e9' => cmd.call('adsigroups'),
# group info for Darwin
'dscacheutil -q group' => cmd.call('dscacheutil-query-group'),
# network interface
'fddd70e8b8510f5fcc0413cfdc41598c55d6922bb2a0a4075e2118633a0bf422' => cmd.call('find-net-interface'),
'c33821dece09c8b334e03a5bb9daefdf622007f73af4932605e758506584ec3f' => empty.call,
'/sbin/ip -br -4 address show dev eth0' => cmd.call('interface-addresses-4'),
'/sbin/ip -br -6 address show dev eth0' => cmd.call('interface-addresses-6'),
2015-10-08 11:01:09 +00:00
'Get-NetAdapter | Select-Object -Property Name, InterfaceDescription, Status, State, MacAddress, LinkSpeed, ReceiveLinkSpeed, TransmitLinkSpeed, Virtual | ConvertTo-Json' => cmd.call('Get-NetAdapter'),
'Get-NetIPAddress | Select-Object -Property IPv6Address, IPv4Address, InterfaceAlias, PrefixLength | ConvertTo-Json' => cmd.call('Get-NetIPAddress'),
2015-10-09 13:26:59 +00:00
# bridge on linux
2015-10-09 13:07:58 +00:00
'ls -1 /sys/class/net/br0/brif/' => cmd.call('ls-sys-class-net-br'),
2015-10-09 13:26:59 +00:00
# bridge on Windows
'Get-NetAdapterBinding -ComponentID ms_bridge | Get-NetAdapter | Select-Object -Property Name, InterfaceDescription | ConvertTo-Json' => cmd.call('get-netadapter-binding-bridge'),
2015-10-09 17:21:55 +00:00
# host for Windows
'Resolve-DnsName Type A microsoft.com | ConvertTo-Json' => cmd.call('Resolve-DnsName'),
'Test-NetConnection -ComputerName microsoft.com -WarningAction SilentlyContinue| Select-Object -Property ComputerName, TcpTestSucceeded, PingSucceeded | ConvertTo-Json' => cmd.call('Test-NetConnection'),
2015-10-09 17:55:06 +00:00
# host for Linux
'getent ahosts example.com' => cmd.call('getent-ahosts-example.com'),
2015-10-09 17:55:06 +00:00
'ping -w 1 -c 1 example.com' => cmd.call('ping-example.com'),
# host for Darwin
'host -t AAAA example.com' => cmd.call('host-AAAA-example.com'),
'ping -W 1 -c 1 example.com' => cmd.call('ping-example.com'),
2015-10-10 17:54:00 +00:00
# apt
"find /etc/apt/ -name *.list -exec sh -c 'cat {} || echo -n' \\;" => cmd.call('etc-apt'),
2015-10-12 08:32:14 +00:00
# iptables
'/usr/sbin/iptables -S' => cmd.call('iptables-s'),
%{bash -c 'type "/usr/sbin/iptables"'} => empty.call,
# apache_conf
"sh -c 'find /etc/apache2/ports.conf -type f -maxdepth 1'" => cmd.call('find-apache2-ports-conf'),
"sh -c 'find /etc/httpd/conf.d/*.conf -type f -maxdepth 1'" => cmd.call('find-httpd-ssl-conf'),
"sh -c 'find /etc/httpd/mods-enabled/*.conf -type f -maxdepth 1'" => cmd.call('find-httpd-status-conf'),
"sh -c 'find /etc/httpd/conf-enabled/*.conf -type l -maxdepth 1'" => cmd.call('find-httpd-conf-enabled-link'),
"sh -c 'find /etc/apache2/conf-enabled/*.conf -type f -maxdepth 1'" => cmd.call('find-apache2-conf-enabled'),
"sh -c 'find /etc/apache2/conf-enabled/*.conf -type l -maxdepth 1'" => cmd.call('find-apache2-conf-enabled-link'),
"sh -c 'find /etc/nginx/nginx.conf'" => cmd.call('find-nginx-conf'),
"sh -c 'find /etc/nginx/conf/mime.types'" => cmd.call('find-nginx-mime-types'),
"sh -c 'find /etc/nginx/proxy.conf'" => cmd.call('find-nginx-proxy-conf'),
"sh -c 'find /etc/nginx/conf.d/*.conf'" => cmd.call('find-nginx-confd-multiple-conf'),
"sh -c 'find /etc/nginx/quotes.d/*.conf'" => cmd.call('find-nginx-quotesd-example-conf'),
2015-12-31 00:10:06 +00:00
# mount
"mount | grep -- ' on /'" => cmd.call("mount"),
"mount | grep -- ' on /mnt/iso-disk'" => cmd.call("mount-multiple"),
mount resource: fix for Device-/Sharenames and Mountpoints including … (#2257) * mount resource: fix for Device-/Sharenames and Mountpoints including whitespaces Device-/Sharenames and Mountpoints on Linux may include whitespaces (\040), e.g. /etc/fstab entry like: ```//fileserver.corp.internal/Research\040&\040Development /mnt/Research\040&\040Development cifs OTHER_OPTS``` ... results in a mount line like: ```//fileserver.corp.internal/Research & Development on /mnt/Research & Development type cifs (OTHER_OPTS)``` The Linux mount command replaces \040 with whitspace automatically, so this should be tributed. I used a control like this: ``` describe mount('/mnt/Research & Development') do it { should be_mounted } its('device') { should eq '//fileserver.corp.internal/Research & Development' } end ``` Before: ``` × whitespaces-1: Mount with whitespace within sharename and mountpoint. (1 failed) ✔ Mount /mnt/Research & Development should be mounted × Mount /mnt/Research & Development device should eq "//fileserver.corp.internal/Research & Development" expected: "//fileserver.corp.internal/Research & Development" got: "//fileserver.corp.internal/Research" (compared using ==) ``` After: ``` ✔ whitespaces-01: Mount with whitespace within sharename and mountpoint. ✔ Mount /mnt/Research & Development should be mounted ✔ Mount /mnt/Research & Development device should eq "//fileserver.corp.internal/Research & Development" ``` Signed-off-by: Markus Grobelin <grobi@koppzu.de> * mounts_with_whitespaces: make lint happy Signed-off-by: Markus Grobelin <grobi@koppzu.de> * mount resource: added parentheses as suggested by https://github.com/chef/inspec/pull/2257/files Signed-off-by: Markus Grobelin <grobi@koppzu.de> * mount resource: fix for Device-/Sharenames and Mountpoints including whitespaces Signed-off-by: Markus Grobelin <grobi@koppzu.de>
2017-11-01 11:01:21 +00:00
"mount | grep -- ' on /mnt/Research & Development'" => cmd.call("mount-whitespaces"),
2016-01-28 13:47:46 +00:00
# solaris 10 package manager
'pkginfo -l SUNWzfsr' => cmd.call('pkginfo-l-SUNWzfsr'),
# solaris 11 package manager
'pkg info system/file-system/zfs' => cmd.call('pkg-info-system-file-system-zfs'),
# dpkg-query all packages
"dpkg-query -W -f='${db:Status-Abbrev} ${Package} ${Version} ${Architecture}\\n'" => cmd.call('dpkg-query-W'),
# rpm query all packages
"rpm -qa --queryformat '%{NAME} %{VERSION}-%{RELEASE} %{ARCH}\\n'" => cmd.call('rpm-qa-queryformat'),
2016-01-28 13:47:46 +00:00
# port netstat on solaris 10 & 11
'netstat -an -f inet -f inet6' => cmd.call('s11-netstat-an-finet-finet6'),
2016-02-26 12:19:16 +00:00
# xinetd configuration
'find /etc/xinetd.d -type f' => cmd.call('find-xinetd.d'),
2016-03-19 17:50:32 +00:00
# wmi test
2016-09-05 10:12:34 +00:00
"2979ebeb80a475107d85411f109209a580ccf569071b3dc7acff030b8635c6b9" => cmd.call('get-wmiobject'),
#user info on hpux
"logins -x -l root" => cmd.call('logins-x'),
#packages on hpux
2016-05-03 09:00:59 +00:00
"swlist -l product | grep vim" => cmd.call('swlist-l-product'),
# ipv4 ports on hpux
2016-05-03 16:08:39 +00:00
'netstat -an -f inet' => cmd.call('hpux-netstat-inet'),
2016-05-03 09:00:59 +00:00
#ipv6 ports on hpux
2016-05-03 16:08:39 +00:00
'netstat -an -f inet6' => cmd.call('hpux-netstat-inet6'),
2016-09-09 08:30:41 +00:00
# hostname linux
'hostname' => cmd.call('hostname'),
# hostname windows
'$env:computername' => cmd.call('$env-computername'),
# windows_hotfix windows
'get-hotfix -id KB4019215' => cmd.call('kb4019215'),
# windows_hotfix windows doesn't exist
'get-hotfix -id KB9999999' => empty.call(),
# windows_task doesnt exist
"schtasks /query /v /fo csv /tn 'does-not-exist' | ConvertFrom-Csv | Select @{N='URI';E={$_.TaskName}},@{N='State';E={$_.Status.ToString()}},'Logon Mode','Last Result','Task To Run','Run As User','Scheduled Task State' | ConvertTo-Json -Compress" => cmd.call('schtasks-error'),
# windows_task exist
"schtasks /query /v /fo csv /tn 'WeLovePizza' | ConvertFrom-Csv | Select @{N='URI';E={$_.TaskName}},@{N='State';E={$_.Status.ToString()}},'Logon Mode','Last Result','Task To Run','Run As User','Scheduled Task State' | ConvertTo-Json -Compress" => cmd.call('schtasks-success'),
'modinfo -F version dhcp' => cmd.call('modinfo-f-version-dhcp'),
# crontab display for root / current user
'crontab -l' => cmd.call('crontab-root'),
# crontab display for non-current user
'crontab -l -u foouser' => cmd.call('crontab-foouser'),
# crontab display for special time strings
'crontab -l -u special' => cmd.call('crontab-special'),
# zfs output for dataset tank/tmp
'/sbin/zfs get -Hp all tank/tmp' => cmd.call('zfs-get-all-tank-tmp'),
# zfs output for pool tank
'/sbin/zpool get -Hp all tank' => cmd.call('zpool-get-all-tank'),
# docker
"4f8e24022ea8b7d3b117041ec32e55d9bf08f11f4065c700e7c1dc606c84fd17" => cmd.call('docker-ps-a'),
"b40ed61c006b54f155b28a85dc944dc0352b30222087b47c6279568ec0e59d05" => cmd.call('df-t'),
"docker version --format '{{ json . }}'" => cmd.call('docker-version'),
"docker info --format '{{ json . }}'" => cmd.call('docker-info'),
"docker inspect 71b5df59442b" => cmd.call('docker-inspec'),
# docker images
"83c36bfade9375ae1feb91023cd1f7409b786fd992ad4013bf0f2259d33d6406" => cmd.call('docker-images'),
# docker services
%{docker service ls --format '{"ID": {{json .ID}}, "Name": {{json .Name}}, "Mode": {{json .Mode}}, "Replicas": {{json .Replicas}}, "Image": {{json .Image}}, "Ports": {{json .Ports}}}'} => cmd.call('docker-service-ls'),
# docker plugins
%{docker plugin ls --format '{"id": {{json .ID}}, "name": "{{ with split .Name ":"}}{{index . 0}}{{end}}", "version": "{{ with split .Name ":"}}{{index . 1}}{{end}}", "enabled": {{json .Enabled}} }'} => cmd.call('docker-plugin-ls'),
# modprobe for kernel_module
"modprobe --showconfig" => cmd.call('modprobe-config'),
# get-process cmdlet for processes resource
'$Proc = Get-Process -IncludeUserName | Where-Object {$_.Path -ne $null } | Select-Object PriorityClass,Id,CPU,PM,VirtualMemorySize,NPM,SessionId,Responding,StartTime,TotalProcessorTime,UserName,Path | ConvertTo-Csv -NoTypeInformation;$Proc.Replace("""","").Replace("`r`n","`n")' => cmd.call('get-process_processes'),
# host resource: TCP/UDP reachability check on linux
%{bash -c 'type "nc"'} => empty.call,
%{bash -c 'type "ncat"'} => empty.call,
%{bash -c 'type "timeout"'} => empty.call,
%{strings `which bash` | grep -qE '/dev/(tcp|udp)/'} => empty.call,
%{echo | nc -v -w 1 -u example.com 1234} => empty.call,
%{echo | nc -v -w 1 example.com 1234} => empty.call,
'timeout 1 bash -c "< /dev/tcp/example.com/1234"' => empty.call,
'timeout 1 bash -c "< /dev/udp/example.com/1234"' => empty.call,
# host resource: netcat for TCP reachability check on darwin
'type "nc"' => empty.call,
'type "ncat"' => empty.call,
'type "gtimeout"' => empty.call,
'nc -vz -G 1 example.com 1234' => empty.call,
'gtimeout 1 bash -c "< /dev/tcp/example.com/1234"' => empty.call,
'gtimeout 1 bash -c "< /dev/udp/example.com/1234"' => empty.call,
# host resource: test-netconnection for reachability check on windows
'Test-NetConnection -ComputerName microsoft.com -WarningAction SilentlyContinue -RemotePort 1234| Select-Object -Property ComputerName, TcpTestSucceeded, PingSucceeded | ConvertTo-Json' => cmd.call('Test-NetConnection'),
New postgres_ident_conf resource (#1963) * Initial commit of pg_ident_conf resource Signed-off-by: Rony Xavier <rx294@nyu.edu> * Initial commit of pg_ident_conf resource Signed-off-by: Rony Xavier <rx294@nyu.edu> * Small updates to organization of code Signed-off-by: Aaron Lippold <lippold@gmail.com> Signed-off-by: Rony Xaiver <rx294@nyu.edu> * updated `conf_path` instance var to `conf_file` since we are returning a file. Signed-off-by: Aaron Lippold <lippold@gmail.com> * Updated few bugs on pg_ident_conf added test files and docs Signed-off-by: Rony Xavier <rx294@nyu.edu> * Updated docs Signed-off-by: Rony Xavier <rx294@nyu.edu> * Added mock folders Signed-off-by: Rony Xavier <rx294@nyu.edu> * Added mock folders Signed-off-by: Rony Xavier <rx294@nyu.edu> Signed-off-by: Aaron Lippold <lippold@gmail.com> * Added mock folders Signed-off-by: Rony Xavier <rx294@nyu.edu> Signed-off-by: Aaron Lippold <lippold@gmail.com> * Added OS check Signed-off-by: Rony Xavier <rx294@nyu.edu> * Added mock file Signed-off-by: Rony Xavier <rx294@nyu.edu> * Added mock folders Signed-off-by: Rony Xavier <rx294@nyu.edu> Signed-off-by: Aaron Lippold <lippold@gmail.com> * added windows mock file Signed-off-by: Aaron Lippold <lippold@gmail.com> * Changed resource name from pg_ident_conf to postgres_ident_conf Signed-off-by: Rony Xavier <rx294@nyu.edu> * Completed corrections reccomended on PR Signed-off-by: Rony Xavier <rx294@nyu.edu> * removed copyright information Signed-off-by: Aaron Lippold <lippold@gmail.com>
2017-07-03 18:01:40 +00:00
# postgres tests
%q(bash -c 'type "psql"') => cmd.call('bash -c type psql'),
%q(psql --version | awk '{ print $NF }' | awk -F. '{ print $1"."$2 }') => cmd.call('psql-version'),
# mssql tests
"bash -c 'type \"sqlcmd\"'" => cmd.call('mssql-sqlcmd'),
"cb0efcd12206e9690c21ac631a72be9dd87678aa048e6dae16b8e9353ab6dd64" => cmd.call('mssql-getdate'),
"7109e5d809058cd3e9cad108e21e91234d2638db4a4f81fadfde21e071a423dc" => cmd.call('mssql-getdate'),
"5c2bc0f0568d11451d6cf83aff02ee3d47211265b52b6c5d45f8e57290b35082" => cmd.call('mssql-getdate'),
"148af1d7706d9cf81097f66d5b891ddfca719445d60fa582befad118f51b9d92" => cmd.call('mssql-getdate'),
"9a1dfd9e403053efb1fd1970a77a241e5c7a9eae34e6f6c56904fa8189bc2e45" => cmd.call('mssql-getdate'),
"e8bece33e9d550af1fc81a5bc1c72b647b3810db3e567ee9f30feb81f4e3b700" => cmd.call('mssql-getdate'),
"53d201ff1cfb8867b79200177b8e2e99dedb700c5fbe15e43820011d7e8b941f" => cmd.call('mssql-getdate'),
"4b550bb227058ac5851aa0bc946be794ee46489610f17842700136cf8bb5a0e9" => cmd.call('mssql-getdate'),
"7d1a7a0f2bd1e7da9a6904e1f28981146ec01a0323623e12a8579d30a3960a79" => cmd.call('mssql-result'),
# oracle
"bash -c 'type \"sqlplus\"'" => cmd.call('oracle-cmd'),
"1998da5bc0f09bd5258fad51f45447556572b747f631661831d6fcb49269a448" => cmd.call('oracle-result'),
# nginx mock cmd
%{nginx -V 2>&1} => cmd.call('nginx-v'),
%{/usr/sbin/nginx -V 2>&1} => cmd.call('nginx-v'),
%{bash -c 'type "/usr/sbin/nginx"'} => cmd.call('bash-c-type-nginx'),
# needed for two differnt inspec.command call formats
# host resource: dig commands,
firewalld resource: inspect the status and configuration of firewalld (#2074) * New Resource - firewalld Signed-off-by: dromazos <dromazmj@dukes.jmu.edu> * New Resource - firewalld Signed-off-by: dromazos <dromazmj@dukes.jmu.edu> * New Resource - firewalld Signed-off-by: dromazos <dromazmj@dukes.jmu.edu> * New Resource - firewalld Signed-off-by: dromazos <dromazmj@dukes.jmu.edu> * Modifications to new resourec - firewalld Signed-off-by: dromazos <dromazmj@dukes.jmu.edu> * Modifications to new resource - firewalld Signed-off-by: dromazos <dromazmj@dukes.jmu.edu> * Modifications to new resource firewalld Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu> * Modifications to new resource - firewalld Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu> * Changing firewalld_command method to prepend the command with 'firewall-cmd' to reduce code reuse. Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu> * Modifications made * installed? method now tells by checking if firewall-cmd is a command on the system * The firewalld_command method now strips the stdout of the return * added another test for testing multiple active zones Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu> * Fixing rake lint issue Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu> * Fixing match and returning boolean for seeing if firewalld is running Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu> * Fixing lint issues Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu> * Empty commit to rerun. Accidentally updated branch. Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu> * Rerunning test, accidentally updated branch. needs sign off commit Signed-off-by: dromazmj <dromazmj@dukes.jmu.edu>
2017-09-27 12:05:35 +00:00
"dig +short A example.com" => cmd.call('dig-A-example.com'),
"dig +short AAAA example.com" => cmd.call('dig-AAAA-example.com'),
# firewalld resource
'firewall-cmd --get-zones' => cmd.call('firewall-cmd--get-zones'),
'firewall-cmd --get-default-zone' => cmd.call('firewall-cmd--get-default-zone'),
'firewall-cmd --get-active-zones' => cmd.call('firewall-cmd--get-active-zones'),
'firewall-cmd --state' => cmd.call('firewall-cmd--state'),
'firewall-cmd --zone=public --query-service=ssh' => cmd.call('firewall-cmd--service-enabled-in-zone'),
'firewall-cmd --zone=public --query-port=22/udp' => cmd.call('firewall-cmd-has-port-enabled-in-zone'),
"firewall-cmd --zone=public --query-rich-rule='rule family=ipv4 source address=192.168.0.14 accept'" => cmd.call('firewall-cmd-has-rule-enabled'),
'firewall-cmd --zone=public --service=ssh --get-ports --permanent' => cmd.call('firewall-cmd-service-ports-enabled-in-zone'),
'firewall-cmd --zone=public --service=ssh --get-protocols --permanent' => cmd.call('firewall-cmd-service-protocols-enabled-in-zone'),
'firewall-cmd --zone=public --list-services' => cmd.call('firewall-cmd-services-bound'),
'firewall-cmd --zone=default --list-services' => cmd.call('firewall-cmd-services-bound'),
'firewall-cmd --zone=public --list-sources' => cmd.call('firewall-cmd-sources-bound'),
'firewall-cmd --zone=default --list-sources' => cmd.call('firewall-cmd-sources-bound'),
'firewall-cmd --zone=public --query-rich-rule=rule family=ipv4 source address=192.168.0.14 accept' => cmd.call('firewall-cmd-has-rule-enabled'),
"bash -c 'type \"firewall-cmd\"'" => cmd.call('firewall-cmd'),
'rpm -qia firewalld' => cmd.call('pkg-info-firewalld'),
'systemctl is-active sshd --quiet' => empty.call,
'systemctl is-active apache2 --quiet' => empty.call,
'systemctl is-enabled sshd --quiet' => empty.call,
'systemctl is-enabled apache2 --quiet' => cmd_exit_1.call('systemctl-is-enabled-apache2-stderr'),
'systemctl is-active dbus --quiet' => empty.call,
'systemctl is-enabled dbus --quiet' => empty.call,
'/path/to/systemctl is-active sshd --quiet' => empty.call,
'/path/to/systemctl is-enabled sshd --quiet' => empty.call,
'/usr/sbin/service sshd status' => empty.call,
'/sbin/service sshd status' => empty.call,
'service apache2 status' => cmd_exit_1.call,
'type "lsof"' => empty.call,
'test -f /etc/mysql/debian.cnf && cat /etc/mysql/debian.cnf' => empty.call,
# http resource - remote worker'
%{bash -c 'type "curl"'} => cmd.call('bash-c-type-curl'),
"curl -i -X GET --connect-timeout 60 --max-time 120 'http://www.example.com'" => cmd.call('http-remote-no-options'),
"curl -i -X GET --connect-timeout 60 --max-time 120 --location --max-redirs 1 'http://www.example.com'" => cmd.call('http-remote-max-redirs'),
"curl -i -X GET --connect-timeout 60 --max-time 120 --user 'user:pass' 'http://www.example.com'" => cmd.call('http-remote-basic-auth'),
'f77ebcedaf6fbe8f02d2f9d4735a90c12311d2ca4b43ece9efa2f2e396491747' => cmd.call('http-remote-post'),
"curl -i -X GET --connect-timeout 60 --max-time 120 -H 'accept: application/json' -H 'foo: bar' 'http://www.example.com'" => cmd.call('http-remote-headers'),
"curl -i -X GET --connect-timeout 60 --max-time 120 'http://www.example.com?a=b&c=d'" => cmd.call('http-remote-params'),
"curl -i --head --connect-timeout 60 --max-time 120 'http://www.example.com'" => cmd.call('http-remote-head-request'),
"curl -i -X OPTIONS --connect-timeout 60 --max-time 120 -H 'Access-Control-Request-Method: GET' -H 'Access-Control-Request-Headers: origin, x-requested-with' -H 'Origin: http://www.example.com' 'http://www.example.com'" => cmd.call('http-remote-options-request'),
# elasticsearch resource
"curl -H 'Content-Type: application/json' http://localhost:9200/_nodes" => cmd.call('elasticsearch-cluster-nodes-default'),
"curl -k -H 'Content-Type: application/json' http://localhost:9200/_nodes" => cmd.call('elasticsearch-cluster-no-ssl'),
"curl -H 'Content-Type: application/json' -u es_admin:password http://localhost:9200/_nodes" => cmd.call('elasticsearch-cluster-auth'),
"curl -H 'Content-Type: application/json' http://elasticsearch.mycompany.biz:1234/_nodes" => cmd.call('elasticsearch-cluster-url'),
# iis_app_pool resource
"Import-Module WebAdministration\nIf (Test-Path 'IIS:\\AppPools\\DefaultAppPool') {\n Get-Item 'IIS:\\AppPools\\DefaultAppPool' | Select-Object * | ConvertTo-Json -Compress\n} Else {\n Write-Host '{}'\n}\n" => cmd.call('iis-default-app-pool'),
# iis_site resource
"Get-Website 'Default Web Site' | Select-Object -Property Name,State,PhysicalPath,bindings,ApplicationPool | ConvertTo-Json" => cmd.call('iis-default-web-site'),
#security_policy resource calls
'Get-Content win_secpol-abc123.cfg' => cmd.call('secedit-export'),
'secedit /export /cfg win_secpol-abc123.cfg' => cmd.call('success'),
'Remove-Item win_secpol-abc123.cfg' => cmd.call('success'),
"(New-Object System.Security.Principal.SecurityIdentifier(\"S-1-5-32-544\")).Translate( [System.Security.Principal.NTAccount]).Value" => cmd.call('security-policy-sid-translated'),
"(New-Object System.Security.Principal.SecurityIdentifier(\"S-1-5-32-555\")).Translate( [System.Security.Principal.NTAccount]).Value" => cmd.call('security-policy-sid-untranslated'),
# Windows SID calls
'wmic useraccount where \'Name="Alice"\' get Name","SID /format:csv' => cmd.call('security-identifier-alice'),
'wmic useraccount where \'Name="Bob"\' get Name","SID /format:csv' => cmd.call('security-identifier-unknown'),
'wmic useraccount where \'Name="DontExist"\' get Name","SID /format:csv' => cmd.call('security-identifier-unknown'),
'wmic group where \'Name="Guests"\' get Name","SID /format:csv' => cmd.call('security-identifier-guests'),
'wmic group where \'Name="DontExist"\' get Name","SID /format:csv' => cmd.call('security-identifier-unknown'),
# alpine package commands
'apk info -vv --no-network | grep git' => cmd.call('apk-info-grep-git'),
# filesystem command
'2e7e0d4546342cee799748ec7e2b1c87ca00afbe590fa422a7c27371eefa88f0' => cmd.call('get-wmiobject-filesystem'),
}
# ports on linux
# allow the ss and/or netstat commands to exist so the later mock is called
if @platform && @platform[:name] == 'alpine'
mock_cmds.merge!(
'ps --help' => cmd_stderr.call('ps-help-busybox'),
%{bash -c 'type "netstat"'} => cmd_exit_1.call(),
%{bash -c 'type "ss"'} => cmd_exit_1.call(),
%{which "ss"} => cmd_exit_1.call(),
%{which "netstat"} => empty.call(),
'netstat -tulpen' => cmd.call('netstat-tulpen-busybox')
)
else
mock_cmds.merge!(
'ps --help' => empty.call(),
%{bash -c 'type "ss"'} => empty.call(),
%{bash -c 'type "netstat"'} => empty.call(),
'ss -tulpen' => cmd.call('ss-tulpen'),
'netstat -tulpen' => cmd.call('netstat-tulpen')
)
end
mock.commands = mock_cmds
@backend
end
2015-09-22 16:31:21 +00:00
# loads a resource class and instantiates the class with the given arguments
def load_resource(resource, *args)
2015-09-22 16:31:21 +00:00
# initialize resource with backend and parameters
2015-10-26 03:04:18 +00:00
@resource_class = Inspec::Resource.registry[resource]
@resource = @resource_class.new(backend, resource, *args)
2015-09-22 16:31:21 +00:00
end
def self.mock_os(resource, name)
osinfo = OPERATING_SYSTEMS[name] ||
fail("Can't find operating system to mock: #{name}")
resource.inspec.backend.mock_os(osinfo)
end
def self.mock_command(resource, cmd, res = {})
resource.inspec.backend
.mock_command(cmd, res[:stdout], res[:stderr], res[:exit_status])
end
def self.home
File.join(File.dirname(__FILE__), 'unit')
end
2016-02-21 00:45:55 +00:00
def self.profile_path(name)
dst = name
dst = "#{home}/mock/profiles/#{name}" unless (Pathname.new name).absolute?
2016-02-21 00:45:55 +00:00
dst
end
def self.load_profile(name, opts = {})
opts[:test_collector] = Inspec::RunnerMock.new
opts[:backend] = Inspec::Backend.create(Inspec::Config.mock(opts))
Inspec::Profile.for_target(profile_path(name), opts)
end
def self.profile_tgz(name)
2016-02-18 13:27:16 +00:00
path = File.join(home, 'mock', 'profiles', name)
dst = File.join(Dir.mktmpdir, "#{name}.tar.gz")
2016-02-18 13:27:16 +00:00
# generate relative paths
files = Dir.glob("#{path}/**/*")
relatives = files.map { |e| Pathname.new(e).relative_path_from(Pathname.new(path)).to_s }
2016-02-18 13:27:16 +00:00
require 'inspec/archive/tar'
tag = Inspec::Archive::TarArchiveGenerator.new
tag.archive(path, relatives, dst)
dst
end
def self.profile_zip(name, opts = {})
2016-02-18 13:27:16 +00:00
path = File.join(home, 'mock', 'profiles', name)
dst = File.join(Dir.mktmpdir, "#{name}.zip")
2016-02-18 13:27:16 +00:00
# rubyzip only works relative paths
files = Dir.glob("#{path}/**/*")
relatives = files.map { |e| Pathname.new(e).relative_path_from(Pathname.new(path)).to_s }
require 'inspec/archive/zip'
zag = Inspec::Archive::ZipArchiveGenerator.new
zag.archive(path, relatives, dst)
dst
end
2015-09-22 16:31:21 +00:00
end
def load_resource(*args)
m = MockLoader.new(:ubuntu1404)
m.send('load_resource', *args)
2015-09-03 15:33:19 +00:00
end
# Used to capture `Inspec.deprecate()` with warn action
def expect_deprecation_warning
@mock_logger = Minitest::Mock.new
@mock_logger.expect(:warn, nil, [/DEPRECATION/])
Inspec::Log.stub :warn, proc { |message| @mock_logger.warn(message) } do
yield
end
@mock_logger.verify
end
# Low-level deprecation handler. Use the more convenient version when possible.
# a_group => :expect_warn
# a_group => :expect_fail
# a_group => :expect_ignore
# a_group => :expect_something
# a_group => :tolerate # No opinion
# all => ... # Any of the 5 values above
# all_others => ... # Any of the 5 values above
def handle_deprecations(opts_in, &block)
opts = opts_in.dup
# Determine the default expectation
opts[:all_others] = opts.delete(:all) if opts.key?(:all) && opts.count == 1
expectations = {}
expectations[:all_others] = opts.delete(:all_others) || :tolerate
expectations.merge!(opts)
# Expand the list of deprecation groups given
known_group_names = Inspec::Deprecation::ConfigFile.new.groups.keys
known_group_names.each do |group_name|
next if opts.key?(group_name)
expectations[group_name] = expectations[:all_others]
end
# Wire up Insepc.deprecator accordingly using mocha stubbing
expectations.each do |group_name, expectation|
inst = Inspec::Deprecation::Deprecator.any_instance
case expectation
when :tolerate
inst.stubs(:handle_deprecation).with(group_name, anything, anything)
when :expect_something
inst.stubs(:handle_deprecation).with(group_name, anything, anything).at_least_once
when :expect_warn
inst.stubs(:handle_warn_action).with(group_name, anything).at_least_once
when :expect_fail
inst.stubs(:handle_fail_control_action).with(group_name, anything).at_least_once
when :expect_ignore
inst.stubs(:handle_ignore_action).with(group_name, anything).at_least_once
when :expect_exit
inst.stubs(:handle_exit_action).with(group_name, anything).at_least_once
end
end
yield
end
# Use this to absorb everything.
def tolerate_all_deprecations(&block)
handle_deprecations(all: :tolerate, &block)
end
def expect_deprecation_warning(group, &block)
handle_deprecations(group => :expect_warn, all_others: :tolerate, &block)
end
def expect_deprecation(group, &block)
handle_deprecations(group => :expect_something, all_others: :tolerate, &block)
end