From cbcca9f39e98b4445653aa8bb0585e8dcbccaa63 Mon Sep 17 00:00:00 2001
From: Jerry Aldrich III <aldrich003@gmail.com>
Date: Thu, 21 Sep 2017 11:21:34 -0500
Subject: [PATCH] Modify Upstart enabled check to use config file (#2163)

This modifies the enabled check for the `service` resource to use the
service's config file instead of `initctl show-config`.

`initctl show-config` does not accurately show the state of a service if
that service's config file is modified while the service is running.

This fixes #1834.

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
---
 lib/resources/service.rb                      | 27 +++----------------
 test/helper.rb                                |  3 +--
 test/unit/mock/cmd/initctl-show-config-ssh    |  3 ---
 test/unit/mock/files/upstart_ssh_enabled.conf | 26 ++++++++++++++++++
 4 files changed, 31 insertions(+), 28 deletions(-)
 delete mode 100644 test/unit/mock/cmd/initctl-show-config-ssh
 create mode 100644 test/unit/mock/files/upstart_ssh_enabled.conf

diff --git a/lib/resources/service.rb b/lib/resources/service.rb
index 688a11208..21c939467 100644
--- a/lib/resources/service.rb
+++ b/lib/resources/service.rb
@@ -349,40 +349,21 @@ module Inspec::Resources
         description: nil,
         installed: true,
         running: running,
-        enabled: info_enabled(status, service_name),
+        enabled: info_enabled(service_name),
         type: 'upstart',
       }
     end
 
     private
 
-    def info_enabled(status, service_name)
+    def info_enabled(service_name)
       # check if a service is enabled
-      # http://upstart.ubuntu.com/cookbook/#determine-if-a-job-is-disabled
-      # $ initctl show-config $job | grep -q "^  start on" && echo enabled || echo disabled
-      # Ubuntu 10.04 show-config is not supported
-      # @see http://manpages.ubuntu.com/manpages/maverick/man8/initctl.8.html
-      support_for_show_config = Gem::Version.new('1.3')
-
-      if version >= support_for_show_config
-        config = inspec.command("#{service_ctl} show-config #{service_name}").stdout
-      else # use config file as fallback
-        config = inspec.file("/etc/init/#{service_name}.conf").content
-      end
+      config = inspec.file("/etc/init/#{service_name}.conf").content
 
       # disregard if the config does not exist
       return nil if config.nil?
-      enabled = !config[/^\s*start on/].nil?
 
-      # implement fallback for Ubuntu 10.04
-      if inspec.os[:name] == 'ubuntu' &&
-         inspec.os[:release].to_f >= 10.04 &&
-         inspec.os[:release].to_f < 12.04 &&
-         status.exit_status == 0
-        enabled = true
-      end
-
-      enabled
+      !config.match(/^\s*start on/).nil?
     end
 
     def version
diff --git a/test/helper.rb b/test/helper.rb
index 50267231c..862100ccb 100644
--- a/test/helper.rb
+++ b/test/helper.rb
@@ -169,6 +169,7 @@ class MockLoader
       '/etc/aide.conf' => mockfile.call('aide.conf'),
       '/var/lib/fake_rpmdb' => mockdir.call(true),
       '/var/lib/rpmdb_does_not_exist' => mockdir.call(false),
+      '/etc/init/ssh.conf' => mockfile.call('upstart_ssh_enabled.conf'),
     }
 
     # create all mock commands
@@ -236,8 +237,6 @@ class MockLoader
       '6785190b3df7291a7622b0b75b0217a9a78bd04690bc978df51ae17ec852a282' => cmd.call('get-item-property-package'),
       # service status upstart on ubuntu
       'initctl status ssh' => cmd.call('initctl-status-ssh'),
-      # service config for upstart on ubuntu
-      'initctl show-config ssh' => cmd.call('initctl-show-config-ssh'),
       # upstart version on ubuntu
       'initctl --version' => cmd.call('initctl--version'),
       # show ssh service Centos 7
diff --git a/test/unit/mock/cmd/initctl-show-config-ssh b/test/unit/mock/cmd/initctl-show-config-ssh
deleted file mode 100644
index 9c67d5516..000000000
--- a/test/unit/mock/cmd/initctl-show-config-ssh
+++ /dev/null
@@ -1,3 +0,0 @@
-ssh
-  start on (filesystem or runlevel [2345])
-  stop on runlevel [!2345]
diff --git a/test/unit/mock/files/upstart_ssh_enabled.conf b/test/unit/mock/files/upstart_ssh_enabled.conf
new file mode 100644
index 000000000..935e8e5e4
--- /dev/null
+++ b/test/unit/mock/files/upstart_ssh_enabled.conf
@@ -0,0 +1,26 @@
+# ssh - OpenBSD Secure Shell server
+#
+# The OpenSSH server provides secure shell access to the system.
+
+description     "OpenSSH server"
+
+start on filesystem
+stop on runlevel [!2345]
+
+respawn
+respawn limit 10 5
+umask 022
+# replaces SSHD_OOM_ADJUST in /etc/default/ssh
+oom never
+
+pre-start script
+    test -x /usr/sbin/sshd || { stop; exit 0; }
+    test -e /etc/ssh/sshd_not_to_be_run && { stop; exit 0; }
+    test -c /dev/null || { stop; exit 0; }
+
+    mkdir -p -m0755 /var/run/sshd
+end script
+
+# if you used to set SSHD_OPTS in /etc/default/ssh, you can change the
+# 'exec' line here instead
+exec /usr/sbin/sshd -D