Class: Inspec::Resources::User

Inherits:
Object
  • Object
show all
Includes:
UserManagementSelector
Defined in:
lib/inspec/resources/users.rb

Overview

The ‘user` resource handles the special case where only one resource is required

describe user(‘root’) do

it { should exist }
its('uid') { should eq 0 }
its('gid') { should eq 0 }
its('group') { should eq 'root' }
its('groups') { should eq ['root', 'wheel']}
its('home') { should eq '/root' }
its('shell') { should eq '/bin/bash' }
its('mindays') { should eq 0 }
its('maxdays') { should eq 99 }
its('warndays') { should eq 5 }
its('passwordage') { should be >= 0 }
its('maxbadpasswords') { should eq nil } // not yet supported on linux
its('badpasswordattempts') { should eq 0 }

end describe user(‘Administrator’) do

it { should exist }
its('uid') { should eq "S-1-5-21-1759981009-4135989804-1844563890-500" }
its('gid') { should eq nil } // not supported on Windows
its('group') { should eq nil } // not supported on Windows
its('groups') { should eq ['Administrators', 'Users']}
its('home') { should eq '' }
its('shell') { should eq nil } // not supported on Windows
its('mindays') { should eq 0 }
its('maxdays') { should eq 42 }
its('warndays') { should eq nil }
its('passwordage') { should eq 355 }
its('maxbadpasswords') { should eq 0 }
its('badpasswordattempts') { should eq 0 }

end

The following Serverspec matchers are deprecated in favor for direct value access

describe user(‘root’) do

it { should belong_to_group 'root' }
it { should have_uid 0 }
it { should have_home_directory '/root' }
it { should  '/bin/bash' }
its('minimum_days_between_password_change') { should eq 0 }
its('maximum_days_between_password_change') { should eq 99 }

end

ServerSpec tests that are not supported:

describe user(‘root’) do

it { should have_authorized_key 'ssh-rsa ADg54...3434 [email protected]' }
its(:encrypted_password) { should eq 1234 }

end

Instance Method Summary collapse

Methods included from UserManagementSelector

#select_user_manager

Constructor Details

#initialize(username = nil) ⇒ User

Returns a new instance of User.



170
171
172
173
174
175
 
# File 'lib/inspec/resources/users.rb', line 170

def initialize(username = nil)
  @username = username
  # select user provider
  @user_provider = select_user_manager(inspec.os)
  return skip_resource "The `user` resource is not supported on your OS yet." if @user_provider.nil?
end

Instance Method Details

#badpasswordattemptsObject 



245
246
247
 
# File 'lib/inspec/resources/users.rb', line 245

def badpasswordattempts
  credentials[:badpasswordattempts] unless credentials.nil?
end

#disabled?Boolean

Returns:

  • (Boolean) 


181
182
183
 
# File 'lib/inspec/resources/users.rb', line 181

def disabled?
  identity[:disabled] == true unless identity.nil?
end

#domainObject 



218
219
220
 
# File 'lib/inspec/resources/users.rb', line 218

def domain
  meta_info[:domain] unless meta_info.nil?
end

#enabled?Boolean

Returns:

  • (Boolean) 


185
186
187
 
# File 'lib/inspec/resources/users.rb', line 185

def enabled?
  identity[:disabled] == false unless identity.nil?
end

#exists?Boolean

Returns:

  • (Boolean) 


177
178
179
 
# File 'lib/inspec/resources/users.rb', line 177

def exists?
  !identity.nil? && !identity[:username].nil?
end

#gidObject 



197
198
199
 
# File 'lib/inspec/resources/users.rb', line 197

def gid
  identity[:gid] unless identity.nil?
end

#groupnameObject Also known as: group 



201
202
203
 
# File 'lib/inspec/resources/users.rb', line 201

def groupname
  identity[:groupname] unless identity.nil?
end

#groupsObject 



206
207
208
 
# File 'lib/inspec/resources/users.rb', line 206

def groups
  identity[:groups] unless identity.nil?
end

#has_authorized_key?(_compare_key) ⇒ Boolean

Returns:

  • (Boolean)

Raises:

  • (NotImplementedError) 


286
287
288
289
 
# File 'lib/inspec/resources/users.rb', line 286

def has_authorized_key?(_compare_key)
  Inspec.deprecate(:resource_user_serverspec_compat, "The user resource `has_authorized_key?` matcher is deprecated. There is no currently implemented alternative")
  raise NotImplementedError
end

#has_home_directory?(compare_home) ⇒ Boolean

Returns:

  • (Boolean) 


276
277
278
279
 
# File 'lib/inspec/resources/users.rb', line 276

def has_home_directory?(compare_home)
  Inspec.deprecate(:resource_user_serverspec_compat, "The user resource `has_home_directory?` matcher is deprecated. Please use `its('home')`.")
  home == compare_home
end

#has_login_shell?(compare_shell) ⇒ Boolean

Returns:

  • (Boolean) 


281
282
283
284
 
# File 'lib/inspec/resources/users.rb', line 281

def (compare_shell)
  Inspec.deprecate(:resource_user_serverspec_compat, "The user resource `has_login_shell?` matcher is deprecated. Please use `its('shell')`.")
  shell == compare_shell
end

#has_uid?(compare_uid) ⇒ Boolean

implements rspec has matcher, to be compatible with serverspec @see: github.com/rspec/rspec-expectations/blob/master/lib/rspec/matchers/built_in/has.rb

Returns:

  • (Boolean) 


271
272
273
274
 
# File 'lib/inspec/resources/users.rb', line 271

def has_uid?(compare_uid)
  Inspec.deprecate(:resource_user_serverspec_compat, "The user resource `has_uid?` matcher is deprecated.")
  uid == compare_uid
end

#homeObject 



210
211
212
 
# File 'lib/inspec/resources/users.rb', line 210

def home
  meta_info[:home] unless meta_info.nil?
end

#lastloginObject 



226
227
228
 
# File 'lib/inspec/resources/users.rb', line 226

def lastlogin
  meta_info[:lastlogin] unless meta_info.nil?
end

#maxbadpasswordsObject 



249
250
251
 
# File 'lib/inspec/resources/users.rb', line 249

def maxbadpasswords
  credentials[:maxbadpasswords] unless credentials.nil?
end

#maxdaysObject

returns the maximum days between password changes



236
237
238
 
# File 'lib/inspec/resources/users.rb', line 236

def maxdays
  credentials[:maxdays] unless credentials.nil?
end

#maximum_days_between_password_changeObject

implement ‘maxdays’ method to be compatible with serverspec



264
265
266
267
 
# File 'lib/inspec/resources/users.rb', line 264

def maximum_days_between_password_change
  Inspec.deprecate(:resource_user_serverspec_compat, "The user resource `maximum_days_between_password_change` property is deprecated. Please use `maxdays`.")
  maxdays
end

#mindaysObject

returns the minimum days between password changes



231
232
233
 
# File 'lib/inspec/resources/users.rb', line 231

def mindays
  credentials[:mindays] unless credentials.nil?
end

#minimum_days_between_password_changeObject

implement ‘mindays’ method to be compatible with serverspec



258
259
260
261
 
# File 'lib/inspec/resources/users.rb', line 258

def minimum_days_between_password_change
  Inspec.deprecate(:resource_user_serverspec_compat, "The user resource `minimum_days_between_password_change` property is deprecated. Please use `mindays`.")
  mindays
end

#passwordageObject 



253
254
255
 
# File 'lib/inspec/resources/users.rb', line 253

def passwordage
  credentials[:passwordage] unless credentials.nil?
end

#shellObject 



214
215
216
 
# File 'lib/inspec/resources/users.rb', line 214

def shell
  meta_info[:shell] unless meta_info.nil?
end

#to_sObject 



291
292
293
 
# File 'lib/inspec/resources/users.rb', line 291

def to_s
  "User #{@username}"
end

#uidObject 



193
194
195
 
# File 'lib/inspec/resources/users.rb', line 193

def uid
  identity[:uid] unless identity.nil?
end

#userflagsObject 



222
223
224
 
# File 'lib/inspec/resources/users.rb', line 222

def userflags
  meta_info[:userflags] unless meta_info.nil?
end

#usernameObject 



189
190
191
 
# File 'lib/inspec/resources/users.rb', line 189

def username
  identity[:username] unless identity.nil?
end

#warndaysObject

returns the days for password change warning



241
242
243
 
# File 'lib/inspec/resources/users.rb', line 241

def warndays
  credentials[:warndays] unless credentials.nil?
end