mirror of
https://github.com/inspec/inspec
synced 2024-11-27 07:00:39 +00:00
1a5c6c2772
Signed-off-by: Sonu Saha <sonu.saha@progress.com>
228 lines
9.2 KiB
Ruby
228 lines
9.2 KiB
Ruby
require "helper"
|
|
require "inspec/resource"
|
|
require "inspec/resources/users"
|
|
require "inspec/resources/command"
|
|
|
|
describe "Inspec::Resources::User" do
|
|
|
|
# ubuntu
|
|
it "read user on ubuntu" do
|
|
resource = MockLoader.new(:ubuntu).load_resource("user", "root")
|
|
_(resource.exists?).must_equal true
|
|
_(resource.group).must_equal "root"
|
|
_(resource.groups).must_equal ["root"]
|
|
_(resource.home).must_equal "/root"
|
|
_(resource.shell).must_equal "/bin/bash"
|
|
_(resource.mindays).must_equal 0
|
|
_(resource.maxdays).must_equal 99999
|
|
_(resource.warndays).must_equal 7
|
|
end
|
|
|
|
# ubuntu 14.04 test with ldap user
|
|
it "read user on ubuntu" do
|
|
resource = MockLoader.new(:ubuntu).load_resource("user", "jfolmer")
|
|
_(resource.exists?).must_equal true
|
|
_(resource.group).must_equal "domain users"
|
|
_(resource.groups).must_equal ["domain users", "domain admins", "denied rodc password replication group"]
|
|
_(resource.home).must_equal "/jfolmer"
|
|
_(resource.shell).must_equal "/bin/bash"
|
|
_(resource.mindays).must_equal 0
|
|
_(resource.maxdays).must_equal 99999
|
|
_(resource.warndays).must_equal 7
|
|
end
|
|
|
|
# serverspec compatibility tests of introduced matchers and properties
|
|
it "serverspec compatibility tests on ubuntu" do
|
|
resource = MockLoader.new(:ubuntu).load_resource("user", "root")
|
|
_(resource.exists?).must_equal true
|
|
_(resource.has_uid?(0)).must_equal true
|
|
_(resource.belongs_to_primary_group?("root")).must_equal true
|
|
_(resource.belongs_to_group?("root")).must_equal true
|
|
_(resource.has_home_directory?("/root")).must_equal true
|
|
_(resource.has_login_shell?("/bin/bash")).must_equal true
|
|
_(resource.minimum_days_between_password_change).must_equal 0
|
|
_(resource.maximum_days_between_password_change).must_equal 99999
|
|
_(resource.has_authorized_key?("ssh-ed25519 50m3r4nd0m57r1ng mockkey")).must_equal true
|
|
_(resource.encrypted_password).must_equal "!"
|
|
end
|
|
|
|
it "serverspec compatibility tests on freebsd" do
|
|
resource = MockLoader.new(:freebsd11).load_resource("user", "fzipi")
|
|
_(resource.exists?).must_equal true
|
|
_(resource.has_uid?(1000)).must_equal true
|
|
_(resource.belongs_to_primary_group?("fzipi")).must_equal true
|
|
_(resource.belongs_to_group?("fzipi")).must_equal true
|
|
_(resource.has_home_directory?("/home/fzipi")).must_equal true
|
|
_(resource.has_login_shell?("/usr/local/bin/bash")).must_equal true
|
|
assert_nil(resource.minimum_days_between_password_change)
|
|
assert_nil(resource.maximum_days_between_password_change)
|
|
_(resource.has_authorized_key?("ssh-ed25519 50m3r4nd0m57r1ng mockkey")).must_equal true
|
|
end
|
|
|
|
it "serverspec compatibility tests on OSX" do
|
|
resource = MockLoader.new(:macos10_10).load_resource("user", "chartmann")
|
|
_(resource.exists?).must_equal true
|
|
_(resource.has_uid?(501)).must_equal true
|
|
_(resource.belongs_to_primary_group?("staff")).must_equal true
|
|
_(resource.belongs_to_group?("com.apple.sharepoint.group.1")).must_equal true
|
|
_(resource.has_home_directory?("/Users/chartmann")).must_equal true
|
|
_(resource.has_login_shell?("/bin/zsh")).must_equal true
|
|
assert_nil(resource.minimum_days_between_password_change)
|
|
assert_nil(resource.maximum_days_between_password_change)
|
|
ex = _ { resource.encrypted_password }.must_raise(Inspec::Exceptions::ResourceSkipped)
|
|
_(ex.message).must_include "encrypted_password property is not applicable for your system"
|
|
_(resource.has_authorized_key?("ssh-ed25519 50m3r4nd0m57r1ng mockkey")).must_equal true
|
|
end
|
|
|
|
it "serverspec compatibility tests on windows" do
|
|
resource = MockLoader.new(:windows).load_resource("user", "administrator")
|
|
_(resource.exists?).must_equal true
|
|
_(resource.belongs_to_group?("Administrators")).must_equal true
|
|
ex = _ { resource.encrypted_password }.must_raise(Inspec::Exceptions::ResourceSkipped)
|
|
_(ex.message).must_include "encrypted_password property is not applicable for your system"
|
|
end
|
|
|
|
it "handles a password that has never changed" do
|
|
resource = quick_resource(:user, :linux) do |cmd|
|
|
cmd.strip!
|
|
case cmd
|
|
when "chage -l" then
|
|
string <<~EOM
|
|
Last password change : never
|
|
Password expires : never
|
|
Password inactive : never
|
|
Account expires : never
|
|
Minimum number of days between password change : 0
|
|
Maximum number of days between password change : 99999
|
|
Number of days of warning before password expires : 7
|
|
EOM
|
|
else
|
|
string "" # doesn't matter... they don't error for some reason
|
|
end
|
|
end
|
|
|
|
_(resource.passwordage).must_be_nil
|
|
end
|
|
|
|
it "read user on centos7" do
|
|
resource = MockLoader.new(:centos7).load_resource("user", "root")
|
|
_(resource.exists?).must_equal true
|
|
_(resource.group).must_equal "root"
|
|
_(resource.groups).must_equal ["root"]
|
|
_(resource.home).must_equal "/root"
|
|
_(resource.shell).must_equal "/bin/bash"
|
|
_(resource.mindays).must_equal 0
|
|
_(resource.maxdays).must_equal 99999
|
|
_(resource.warndays).must_equal 7
|
|
_(resource.passwordage).must_be_kind_of Integer # changes every day
|
|
end
|
|
|
|
it "read user on centos7" do
|
|
resource = MockLoader.new(:wrlinux).load_resource("user", "root")
|
|
_(resource.exists?).must_equal true
|
|
_(resource.group).must_equal "root"
|
|
_(resource.groups).must_equal ["root"]
|
|
_(resource.home).must_equal "/root"
|
|
_(resource.shell).must_equal "/bin/bash"
|
|
_(resource.mindays).must_equal 0
|
|
_(resource.maxdays).must_equal 99999
|
|
_(resource.warndays).must_equal 7
|
|
end
|
|
|
|
it "read user on hpux" do
|
|
resource = MockLoader.new(:hpux).load_resource("user", "root")
|
|
_(resource.home).must_equal "/"
|
|
_(resource.shell).must_equal "/sbin/sh"
|
|
end
|
|
|
|
it "read user on freebsd" do
|
|
resource = MockLoader.new(:freebsd11).load_resource("user", "fzipi")
|
|
_(resource.exists?).must_equal true
|
|
_(resource.group).must_equal "fzipi"
|
|
_(resource.groups).must_equal %w{fzipi wheel users}
|
|
_(resource.home).must_equal "/home/fzipi"
|
|
_(resource.shell).must_equal "/usr/local/bin/bash"
|
|
_(resource.mindays).must_be_nil
|
|
_(resource.maxdays).must_be_nil
|
|
_(resource.warndays).must_be_nil
|
|
end
|
|
|
|
it "read user on OSX" do
|
|
resource = MockLoader.new(:macos10_10).load_resource("user", "chartmann")
|
|
_(resource.exists?).must_equal true
|
|
_(resource.group).must_equal "staff"
|
|
_(resource.groups).must_equal ["staff", "com.apple.sharepoint.group.1", "everyone"]
|
|
_(resource.home).must_equal "/Users/chartmann"
|
|
_(resource.shell).must_equal "/bin/zsh"
|
|
_(resource.mindays).must_be_nil
|
|
_(resource.maxdays).must_be_nil
|
|
_(resource.warndays).must_be_nil
|
|
end
|
|
|
|
it "read administrator user on Windows" do
|
|
resource = MockLoader.new(:windows).load_resource("user", "Administrator")
|
|
_(resource.uid).wont_be_nil
|
|
_(resource.exists?).must_equal true
|
|
_(resource.group).must_be_nil
|
|
_(resource.groups).must_equal %w{Administrators Users}
|
|
_(resource.home).wont_be_nil
|
|
_(resource.shell).must_be_nil
|
|
_(resource.mindays).wont_be_nil
|
|
_(resource.maxdays).wont_be_nil
|
|
_(resource.warndays).must_be_nil
|
|
_(resource.disabled?).must_equal false
|
|
_(resource.lastlogin).must_equal "11/14/2019 21:03:09"
|
|
end
|
|
|
|
it "read guest user on Windows" do
|
|
resource = MockLoader.new(:windows).load_resource("user", "Guest")
|
|
_(resource.uid).wont_be_nil
|
|
_(resource.exists?).must_equal true
|
|
_(resource.group).must_be_nil
|
|
_(resource.groups).must_equal ["Users"]
|
|
_(resource.home).wont_be_nil
|
|
_(resource.shell).must_be_nil
|
|
_(resource.mindays).wont_be_nil
|
|
_(resource.maxdays).wont_be_nil
|
|
_(resource.warndays).must_be_nil
|
|
_(resource.disabled?).must_equal true
|
|
_(resource.lastlogin).must_be_nil
|
|
end
|
|
|
|
it "read disabled user on Windows" do
|
|
resource = MockLoader.new(:windows).load_resource("user", "Guest")
|
|
_(resource.uid).wont_be_nil
|
|
_(resource.exists?).must_equal true
|
|
_(resource.disabled?).must_equal true
|
|
_(resource.lastlogin).must_be_nil
|
|
end
|
|
|
|
it "read user on undefined os" do
|
|
resource = MockLoader.new(:undefined).load_resource("user", "root")
|
|
_(resource.exists?).must_equal false
|
|
_(resource.group).must_be_nil
|
|
_(resource.groups).must_be_nil
|
|
_(resource.home).must_be_nil
|
|
_(resource.shell).must_be_nil
|
|
_(resource.mindays).must_be_nil
|
|
_(resource.maxdays).must_be_nil
|
|
_(resource.warndays).must_be_nil
|
|
end
|
|
|
|
it "read user on Windows without case-sensitivity" do
|
|
resource = MockLoader.new(:windows).load_resource("user", "administrator")
|
|
_(resource.exists?).must_equal true
|
|
_(resource.uid).wont_be_nil
|
|
_(resource.group).must_be_nil
|
|
_(resource.groups).must_equal %w{Administrators Users}
|
|
end
|
|
|
|
it "read user groups on Windows without case-sensitivity using include matcher" do
|
|
resource = MockLoader.new(:windows).load_resource("user", "administrator")
|
|
_(resource.exists?).must_equal true
|
|
_(resource.uid).wont_be_nil
|
|
_(resource.group).must_be_nil
|
|
_(resource.groups).must_include "Administrators"
|
|
_(resource.groups).must_include "administrators"
|
|
end
|
|
end
|