Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-11-14 17:07:09 +00:00
Code Issues Projects Releases Packages Wiki Activity
inspec/test/unit/resources/host_test.rb

222 lines
8.2 KiB
Ruby
Raw Normal View History

add tests for windows
2015-10-09 17:21:55 +00:00
# encoding: utf-8
# author: Christoph Hartmann
# author: Dominik Richter
require 'helper'
rename vulcanosec -> inspec
2015-10-26 03:04:18 +00:00
require 'inspec/resource'
add tests for windows
2015-10-09 17:21:55 +00:00
rename vulcanosec -> inspec
2015-10-26 03:04:18 +00:00
describe 'Inspec::Resources::Host' do
add tests for windows
2015-10-09 17:21:55 +00:00
Fix host resolution on Darwin, use dig wherever possible (#1986) * Fix host resolution on Darwin, use dig wherever possible The `host` and `dig` commands do not return non-zero if a query returns NXDOMAIN or NOERROR, but the DarwinHostProvider was expecting it when deciding whether to fall back to IPv4 if a IPv6 query failed. Therefore, the `host` resource would not function properly when resolving hostnames on Darwin. The logic has been changed to use `dig` short output and query for both v6 and v4 addresses. Additionally, the LinuxHostProvider has been modified to prefer `dig` if it's available to keep behavior similar between Darwin and Linux whenever possible. This has the added benefit of providing v6 and v4 resolution if possible where `getent hosts` only returns v6 if v6 records exist. Signed-off-by: Adam Leff <adam@leff.co>
2017-07-05 14:45:30 +00:00
it 'check host ping on ubuntu with dig' do
add linux tests for host
2015-10-09 17:27:29 +00:00
resource = MockLoader.new(:ubuntu1404).load_resource('host', 'example.com')
_(resource.resolvable?).must_equal true
_(resource.reachable?).must_equal true
Fix host resolution on Darwin, use dig wherever possible (#1986) * Fix host resolution on Darwin, use dig wherever possible The `host` and `dig` commands do not return non-zero if a query returns NXDOMAIN or NOERROR, but the DarwinHostProvider was expecting it when deciding whether to fall back to IPv4 if a IPv6 query failed. Therefore, the `host` resource would not function properly when resolving hostnames on Darwin. The logic has been changed to use `dig` short output and query for both v6 and v4 addresses. Additionally, the LinuxHostProvider has been modified to prefer `dig` if it's available to keep behavior similar between Darwin and Linux whenever possible. This has the added benefit of providing v6 and v4 resolution if possible where `getent hosts` only returns v6 if v6 records exist. Signed-off-by: Adam Leff <adam@leff.co>
2017-07-05 14:45:30 +00:00
_(resource.ipaddress).must_equal ["2606:2800:220:1:248:1893:25c8:1946", "12.34.56.78"]
add linux tests for host
2015-10-09 17:27:29 +00:00
end
Add TCP reachability support on Linux for host resource (#1915) * Add TCP reachability support on Linux for host resource This enhances the `host` resource on Linux targets by using netcat (if installed) to perform TCP reachability checks. Signed-off-by: Adam Leff <adam@leff.co> * documentation updates Signed-off-by: Adam Leff <adam@leff.co> * Appease rubocop Signed-off-by: Adam Leff <adam@leff.co>
2017-06-09 16:18:51 +00:00
it 'check host ping on centos 7' do
add linux tests for host
2015-10-09 17:27:29 +00:00
resource = MockLoader.new(:centos7).load_resource('host', 'example.com')
_(resource.resolvable?).must_equal true
_(resource.reachable?).must_equal true
Fix host resolution on Darwin, use dig wherever possible (#1986) * Fix host resolution on Darwin, use dig wherever possible The `host` and `dig` commands do not return non-zero if a query returns NXDOMAIN or NOERROR, but the DarwinHostProvider was expecting it when deciding whether to fall back to IPv4 if a IPv6 query failed. Therefore, the `host` resource would not function properly when resolving hostnames on Darwin. The logic has been changed to use `dig` short output and query for both v6 and v4 addresses. Additionally, the LinuxHostProvider has been modified to prefer `dig` if it's available to keep behavior similar between Darwin and Linux whenever possible. This has the added benefit of providing v6 and v4 resolution if possible where `getent hosts` only returns v6 if v6 records exist. Signed-off-by: Adam Leff <adam@leff.co>
2017-07-05 14:45:30 +00:00
_(resource.ipaddress).must_equal ["2606:2800:220:1:248:1893:25c8:1946", "12.34.56.78"]
add linux tests for host
2015-10-09 17:27:29 +00:00
end
Add TCP reachability support on Linux for host resource (#1915) * Add TCP reachability support on Linux for host resource This enhances the `host` resource on Linux targets by using netcat (if installed) to perform TCP reachability checks. Signed-off-by: Adam Leff <adam@leff.co> * documentation updates Signed-off-by: Adam Leff <adam@leff.co> * Appease rubocop Signed-off-by: Adam Leff <adam@leff.co>
2017-06-09 16:18:51 +00:00
it 'check host ping on darwin' do
Add OSX support for host resource (#1608) * Add OSX support for host resource Signed-off-by: Ryan Gerstenkorn <ryan_gerstenkorn@fastmail.fm>
2017-04-13 15:32:04 +00:00
resource = MockLoader.new(:osx104).load_resource('host', 'example.com')
_(resource.resolvable?).must_equal true
_(resource.reachable?).must_equal true
Fix host resolution on Darwin, use dig wherever possible (#1986) * Fix host resolution on Darwin, use dig wherever possible The `host` and `dig` commands do not return non-zero if a query returns NXDOMAIN or NOERROR, but the DarwinHostProvider was expecting it when deciding whether to fall back to IPv4 if a IPv6 query failed. Therefore, the `host` resource would not function properly when resolving hostnames on Darwin. The logic has been changed to use `dig` short output and query for both v6 and v4 addresses. Additionally, the LinuxHostProvider has been modified to prefer `dig` if it's available to keep behavior similar between Darwin and Linux whenever possible. This has the added benefit of providing v6 and v4 resolution if possible where `getent hosts` only returns v6 if v6 records exist. Signed-off-by: Adam Leff <adam@leff.co>
2017-07-05 14:45:30 +00:00
_(resource.ipaddress).must_equal ["2606:2800:220:1:248:1893:25c8:1946", "12.34.56.78"]
Add OSX support for host resource (#1608) * Add OSX support for host resource Signed-off-by: Ryan Gerstenkorn <ryan_gerstenkorn@fastmail.fm>
2017-04-13 15:32:04 +00:00
end
Add TCP reachability support on Linux for host resource (#1915) * Add TCP reachability support on Linux for host resource This enhances the `host` resource on Linux targets by using netcat (if installed) to perform TCP reachability checks. Signed-off-by: Adam Leff <adam@leff.co> * documentation updates Signed-off-by: Adam Leff <adam@leff.co> * Appease rubocop Signed-off-by: Adam Leff <adam@leff.co>
2017-06-09 16:18:51 +00:00
it 'check host ping on windows' do
add tests for windows
2015-10-09 17:21:55 +00:00
resource = MockLoader.new(:windows).load_resource('host', 'microsoft.com')
_(resource.resolvable?).must_equal true
_(resource.reachable?).must_equal false
_(resource.ipaddress).must_equal ['134.170.185.46', '134.170.188.221']
end
Add TCP reachability support on Linux for host resource (#1915) * Add TCP reachability support on Linux for host resource This enhances the `host` resource on Linux targets by using netcat (if installed) to perform TCP reachability checks. Signed-off-by: Adam Leff <adam@leff.co> * documentation updates Signed-off-by: Adam Leff <adam@leff.co> * Appease rubocop Signed-off-by: Adam Leff <adam@leff.co>
2017-06-09 16:18:51 +00:00
it 'check host ping on unsupported os' do
add tests for windows
2015-10-09 17:21:55 +00:00
resource = MockLoader.new(:undefined).load_resource('host', 'example.com')
_(resource.resolvable?).must_equal false
_(resource.reachable?).must_equal false
Add TCP reachability support on Linux for host resource (#1915) * Add TCP reachability support on Linux for host resource This enhances the `host` resource on Linux targets by using netcat (if installed) to perform TCP reachability checks. Signed-off-by: Adam Leff <adam@leff.co> * documentation updates Signed-off-by: Adam Leff <adam@leff.co> * Appease rubocop Signed-off-by: Adam Leff <adam@leff.co>
2017-06-09 16:18:51 +00:00
_(resource.ipaddress).must_be_nil
add tests for windows
2015-10-09 17:21:55 +00:00
end
Add TCP reachability support on Linux for host resource (#1915) * Add TCP reachability support on Linux for host resource This enhances the `host` resource on Linux targets by using netcat (if installed) to perform TCP reachability checks. Signed-off-by: Adam Leff <adam@leff.co> * documentation updates Signed-off-by: Adam Leff <adam@leff.co> * Appease rubocop Signed-off-by: Adam Leff <adam@leff.co>
2017-06-09 16:18:51 +00:00
it 'check host tcp on ubuntu' do
resource = MockLoader.new(:ubuntu1404).load_resource('host', 'example.com', port: 1234, protocol: 'tcp')
_(resource.resolvable?).must_equal true
_(resource.reachable?).must_equal true
Fix host resolution on Darwin, use dig wherever possible (#1986) * Fix host resolution on Darwin, use dig wherever possible The `host` and `dig` commands do not return non-zero if a query returns NXDOMAIN or NOERROR, but the DarwinHostProvider was expecting it when deciding whether to fall back to IPv4 if a IPv6 query failed. Therefore, the `host` resource would not function properly when resolving hostnames on Darwin. The logic has been changed to use `dig` short output and query for both v6 and v4 addresses. Additionally, the LinuxHostProvider has been modified to prefer `dig` if it's available to keep behavior similar between Darwin and Linux whenever possible. This has the added benefit of providing v6 and v4 resolution if possible where `getent hosts` only returns v6 if v6 records exist. Signed-off-by: Adam Leff <adam@leff.co>
2017-07-05 14:45:30 +00:00
_(resource.ipaddress).must_equal ["2606:2800:220:1:248:1893:25c8:1946", "12.34.56.78"]
Add TCP reachability support on Linux for host resource (#1915) * Add TCP reachability support on Linux for host resource This enhances the `host` resource on Linux targets by using netcat (if installed) to perform TCP reachability checks. Signed-off-by: Adam Leff <adam@leff.co> * documentation updates Signed-off-by: Adam Leff <adam@leff.co> * Appease rubocop Signed-off-by: Adam Leff <adam@leff.co>
2017-06-09 16:18:51 +00:00
end
it 'check host tcp on centos 7' do
resource = MockLoader.new(:centos7).load_resource('host', 'example.com', port: 1234, protocol: 'tcp')
_(resource.resolvable?).must_equal true
_(resource.reachable?).must_equal true
Fix host resolution on Darwin, use dig wherever possible (#1986) * Fix host resolution on Darwin, use dig wherever possible The `host` and `dig` commands do not return non-zero if a query returns NXDOMAIN or NOERROR, but the DarwinHostProvider was expecting it when deciding whether to fall back to IPv4 if a IPv6 query failed. Therefore, the `host` resource would not function properly when resolving hostnames on Darwin. The logic has been changed to use `dig` short output and query for both v6 and v4 addresses. Additionally, the LinuxHostProvider has been modified to prefer `dig` if it's available to keep behavior similar between Darwin and Linux whenever possible. This has the added benefit of providing v6 and v4 resolution if possible where `getent hosts` only returns v6 if v6 records exist. Signed-off-by: Adam Leff <adam@leff.co>
2017-07-05 14:45:30 +00:00
_(resource.ipaddress).must_equal ["2606:2800:220:1:248:1893:25c8:1946", "12.34.56.78"]
Add TCP reachability support on Linux for host resource (#1915) * Add TCP reachability support on Linux for host resource This enhances the `host` resource on Linux targets by using netcat (if installed) to perform TCP reachability checks. Signed-off-by: Adam Leff <adam@leff.co> * documentation updates Signed-off-by: Adam Leff <adam@leff.co> * Appease rubocop Signed-off-by: Adam Leff <adam@leff.co>
2017-06-09 16:18:51 +00:00
end
it 'check host tcp on darwin' do
resource = MockLoader.new(:osx104).load_resource('host', 'example.com', port: 1234, protocol: 'tcp')
_(resource.resolvable?).must_equal true
_(resource.reachable?).must_equal true
Fix host resolution on Darwin, use dig wherever possible (#1986) * Fix host resolution on Darwin, use dig wherever possible The `host` and `dig` commands do not return non-zero if a query returns NXDOMAIN or NOERROR, but the DarwinHostProvider was expecting it when deciding whether to fall back to IPv4 if a IPv6 query failed. Therefore, the `host` resource would not function properly when resolving hostnames on Darwin. The logic has been changed to use `dig` short output and query for both v6 and v4 addresses. Additionally, the LinuxHostProvider has been modified to prefer `dig` if it's available to keep behavior similar between Darwin and Linux whenever possible. This has the added benefit of providing v6 and v4 resolution if possible where `getent hosts` only returns v6 if v6 records exist. Signed-off-by: Adam Leff <adam@leff.co>
2017-07-05 14:45:30 +00:00
_(resource.ipaddress).must_equal ["2606:2800:220:1:248:1893:25c8:1946", "12.34.56.78"]
Add TCP reachability support on Linux for host resource (#1915) * Add TCP reachability support on Linux for host resource This enhances the `host` resource on Linux targets by using netcat (if installed) to perform TCP reachability checks. Signed-off-by: Adam Leff <adam@leff.co> * documentation updates Signed-off-by: Adam Leff <adam@leff.co> * Appease rubocop Signed-off-by: Adam Leff <adam@leff.co>
2017-06-09 16:18:51 +00:00
end
it 'check host tcp on windows' do
resource = MockLoader.new(:windows).load_resource('host', 'microsoft.com', port: 1234, protocol: 'tcp')
_(resource.resolvable?).must_equal true
_(resource.reachable?).must_equal true
_(resource.ipaddress).must_equal ['134.170.185.46', '134.170.188.221']
end
it 'check host tcp on unsupported os' do
resource = MockLoader.new(:undefined).load_resource('host', 'example.com', port: 1234, protocol: 'tcp')
_(resource.resolvable?).must_equal false
_(resource.reachable?).must_equal false
_(resource.ipaddress).must_be_nil
end
add tests for windows
2015-10-09 17:21:55 +00:00
end
Fix host resolution on Darwin, use dig wherever possible (#1986) * Fix host resolution on Darwin, use dig wherever possible The `host` and `dig` commands do not return non-zero if a query returns NXDOMAIN or NOERROR, but the DarwinHostProvider was expecting it when deciding whether to fall back to IPv4 if a IPv6 query failed. Therefore, the `host` resource would not function properly when resolving hostnames on Darwin. The logic has been changed to use `dig` short output and query for both v6 and v4 addresses. Additionally, the LinuxHostProvider has been modified to prefer `dig` if it's available to keep behavior similar between Darwin and Linux whenever possible. This has the added benefit of providing v6 and v4 resolution if possible where `getent hosts` only returns v6 if v6 records exist. Signed-off-by: Adam Leff <adam@leff.co>
2017-07-05 14:45:30 +00:00
describe Inspec::Resources::UnixHostProvider do
describe '#resolve_with_dig' do
let(:provider) { Inspec::Resources::UnixHostProvider.new(inspec) }
let(:inspec) { mock('inspec-backend') }
let(:v4_command) { mock('v4_command') }
let(:v6_command) { mock('v6_command') }
it 'returns an array of IP addresses' do
ipv4_command_output = <<-EOL
a.cname.goes.here
another.cname.cool
12.34.56.78
EOL
ipv6_command_output = <<-EOL
a.cname.goes.here
another.cname.cool
2A03:2880:F112:83:FACE:B00C::25DE
EOL
v4_command.stubs(:stdout).returns(ipv4_command_output)
v6_command.stubs(:stdout).returns(ipv6_command_output)
inspec.stubs(:command).with('dig +short AAAA testdomain.com').returns(v6_command)
inspec.stubs(:command).with('dig +short A testdomain.com').returns(v4_command)
provider.resolve_with_dig('testdomain.com').must_equal(['2A03:2880:F112:83:FACE:B00C::25DE', '12.34.56.78'])
end
it 'returns only v4 addresses if no v6 addresses are available' do
ipv4_command_output = <<-EOL
a.cname.goes.here
another.cname.cool
12.34.56.78
EOL
ipv6_command_output = <<-EOL
a.cname.goes.here
another.cname.cool
EOL
v4_command.stubs(:stdout).returns(ipv4_command_output)
v6_command.stubs(:stdout).returns(ipv6_command_output)
inspec.stubs(:command).with('dig +short AAAA testdomain.com').returns(v6_command)
inspec.stubs(:command).with('dig +short A testdomain.com').returns(v4_command)
provider.resolve_with_dig('testdomain.com').must_equal(['12.34.56.78'])
end
it 'returns only v6 addresses if no v4 addresses are available' do
ipv4_command_output = <<-EOL
a.cname.goes.here
another.cname.cool
EOL
ipv6_command_output = <<-EOL
a.cname.goes.here
another.cname.cool
2A03:2880:F112:83:FACE:B00C::25DE
EOL
v4_command.stubs(:stdout).returns(ipv4_command_output)
v6_command.stubs(:stdout).returns(ipv6_command_output)
inspec.stubs(:command).with('dig +short AAAA testdomain.com').returns(v6_command)
inspec.stubs(:command).with('dig +short A testdomain.com').returns(v4_command)
provider.resolve_with_dig('testdomain.com').must_equal(['2A03:2880:F112:83:FACE:B00C::25DE'])
end
it 'returns nil if no addresses are available' do
ipv4_command_output = <<-EOL
a.cname.goes.here
another.cname.cool
EOL
ipv6_command_output = <<-EOL
a.cname.goes.here
another.cname.cool
EOL
v4_command.stubs(:stdout).returns(ipv4_command_output)
v6_command.stubs(:stdout).returns(ipv6_command_output)
inspec.stubs(:command).with('dig +short AAAA testdomain.com').returns(v6_command)
inspec.stubs(:command).with('dig +short A testdomain.com').returns(v4_command)
provider.resolve_with_dig('testdomain.com').must_be_nil
end
end
describe '#resolve_with_getent' do
it 'returns an array of IP addresses when successful' do
command_output = "2607:f8b0:4004:805::200e testdomain.com\n"
command = mock('getent_command')
command.stubs(:stdout).returns(command_output)
command.stubs(:exit_status).returns(0)
inspec = mock('inspec')
inspec.stubs(:command).with('getent hosts testdomain.com').returns(command)
Add support for ncat in host resource for CoreOS (#1993) CoreOS is considered a member of the Linux family, and the `host` resource tries to use `nc` on Linux hosts to test TCP reachability. Unfortunately, `nc` is not available on CoreOS, but `ncat` is. This change attempts to use `nc` first, then `ncat` if it's available. Signed-off-by: Adam Leff <adam@leff.co>
2017-07-06 17:19:16 +00:00
provider = Inspec::Resources::UnixHostProvider.new(inspec)
Fix host resolution on Darwin, use dig wherever possible (#1986) * Fix host resolution on Darwin, use dig wherever possible The `host` and `dig` commands do not return non-zero if a query returns NXDOMAIN or NOERROR, but the DarwinHostProvider was expecting it when deciding whether to fall back to IPv4 if a IPv6 query failed. Therefore, the `host` resource would not function properly when resolving hostnames on Darwin. The logic has been changed to use `dig` short output and query for both v6 and v4 addresses. Additionally, the LinuxHostProvider has been modified to prefer `dig` if it's available to keep behavior similar between Darwin and Linux whenever possible. This has the added benefit of providing v6 and v4 resolution if possible where `getent hosts` only returns v6 if v6 records exist. Signed-off-by: Adam Leff <adam@leff.co>
2017-07-05 14:45:30 +00:00
provider.resolve_with_getent('testdomain.com').must_equal(['2607:f8b0:4004:805::200e'])
end
it 'returns nil if command is not successful' do
command = mock('getent_command')
command.stubs(:exit_status).returns(1)
inspec = mock('inspec')
inspec.stubs(:command).with('getent hosts testdomain.com').returns(command)
Add support for ncat in host resource for CoreOS (#1993) CoreOS is considered a member of the Linux family, and the `host` resource tries to use `nc` on Linux hosts to test TCP reachability. Unfortunately, `nc` is not available on CoreOS, but `ncat` is. This change attempts to use `nc` first, then `ncat` if it's available. Signed-off-by: Adam Leff <adam@leff.co>
2017-07-06 17:19:16 +00:00
provider = Inspec::Resources::UnixHostProvider.new(inspec)
Fix host resolution on Darwin, use dig wherever possible (#1986) * Fix host resolution on Darwin, use dig wherever possible The `host` and `dig` commands do not return non-zero if a query returns NXDOMAIN or NOERROR, but the DarwinHostProvider was expecting it when deciding whether to fall back to IPv4 if a IPv6 query failed. Therefore, the `host` resource would not function properly when resolving hostnames on Darwin. The logic has been changed to use `dig` short output and query for both v6 and v4 addresses. Additionally, the LinuxHostProvider has been modified to prefer `dig` if it's available to keep behavior similar between Darwin and Linux whenever possible. This has the added benefit of providing v6 and v4 resolution if possible where `getent hosts` only returns v6 if v6 records exist. Signed-off-by: Adam Leff <adam@leff.co>
2017-07-05 14:45:30 +00:00
provider.resolve_with_getent('testdomain.com').must_be_nil
end
end
end
Add support for ncat in host resource for CoreOS (#1993) CoreOS is considered a member of the Linux family, and the `host` resource tries to use `nc` on Linux hosts to test TCP reachability. Unfortunately, `nc` is not available on CoreOS, but `ncat` is. This change attempts to use `nc` first, then `ncat` if it's available. Signed-off-by: Adam Leff <adam@leff.co>
2017-07-06 17:19:16 +00:00
describe Inspec::Resources::LinuxHostProvider do
let(:provider) { Inspec::Resources::LinuxHostProvider.new(inspec) }
let(:inspec) { mock('inspec-backend') }
let(:nc_command) { mock('nc-command') }
let(:ncat_command) { mock('ncat-command') }
before do
provider.stubs(:inspec).returns(inspec)
end
describe '#tcp_check_command' do
it 'returns an nc command when nc exists' do
inspec.expects(:command).with('nc').returns(nc_command)
nc_command.expects(:exist?).returns(true)
provider.tcp_check_command('foo', 1234).must_equal 'echo | nc -v -w 1 foo 1234'
end
it 'returns an ncat command when nc does not exist but ncat exists' do
inspec.expects(:command).with('nc').returns(nc_command)
inspec.expects(:command).with('ncat').returns(ncat_command)
nc_command.expects(:exist?).returns(false)
ncat_command.expects(:exist?).returns(true)
provider.tcp_check_command('foo', 1234).must_equal 'echo | ncat -v -w 1 foo 1234'
end
it 'returns nil if neither nc or ncat exist' do
inspec.expects(:command).with('nc').returns(nc_command)
inspec.expects(:command).with('ncat').returns(ncat_command)
nc_command.expects(:exist?).returns(false)
ncat_command.expects(:exist?).returns(false)
provider.tcp_check_command('foo', 1234).must_be_nil
end
end
end
Reference in a new issue Copy permalink