Class: Inspec::Resources::User

Inherits:

Object

• Object
• Inspec::Resources::User

Includes:

UserManagementSelector

Defined in:

lib/inspec/resources/users.rb

Overview

The ‘user` resource handles the special case where only one resource is required

describe user(‘root’) do

it { should exist }
its('uid') { should eq 0 }
its('gid') { should eq 0 }
its('group') { should eq 'root' }
its('groups') { should eq ['root', 'wheel']}
its('home') { should eq '/root' }
its('shell') { should eq '/bin/bash' }
its('mindays') { should eq 0 }
its('maxdays') { should eq 99 }
its('warndays') { should eq 5 }
its('passwordage') { should be >= 0 }
its('maxbadpasswords') { should eq nil } // not yet supported on linux
its('badpasswordattempts') { should eq 0 }

end describe user(‘Administrator’) do

it { should exist }
its('uid') { should eq "S-1-5-21-1759981009-4135989804-1844563890-500" }
its('gid') { should eq nil } // not supported on Windows
its('group') { should eq nil } // not supported on Windows
its('groups') { should eq ['Administrators', 'Users']}
its('home') { should eq '' }
its('shell') { should eq nil } // not supported on Windows
its('mindays') { should eq 0 }
its('maxdays') { should eq 42 }
its('warndays') { should eq nil }
its('passwordage') { should eq 355 }
its('maxbadpasswords') { should eq 0 }
its('badpasswordattempts') { should eq 0 }

end

The following Serverspec matchers were deprecated in favor for direct value access but are made available as part of Serverspec compatibility in March, 2022.

describe user(‘root’) do

it { should belong_to_group 'root' }
it { should belong_to_primary_group 'root' }
it { should have_uid 0 }
it { should have_home_directory '/root' }
it { should have_login_shell '/bin/bash' }
its('minimum_days_between_password_change') { should eq 0 }
its('maximum_days_between_password_change') { should eq 99 }
it { should have_authorized_key 'ssh-rsa ADg54...3434 user@example.local' }
its(:encrypted_password) { should eq 1234 }

end

Instance Method Summary

• #badpasswordattempts ⇒ Object
• #belongs_to_group?(group_name) ⇒ Boolean

  belongs_to_group matcher: compatibility with serverspec.

• #belongs_to_primary_group?(group_name) ⇒ Boolean

  belongs_to_primary_group matcher: compatibility with serverspec.

• #disabled? ⇒ Boolean
• #domain ⇒ Object
• #enabled? ⇒ Boolean
• #encrypted_password ⇒ Object

  encrypted_password property: compatibility with serverspec it allows to run test against the hashed passwords of the given user applicable for unix/linux systems with getent utility.

• #exists? ⇒ Boolean
• #gid ⇒ Object
• #groupname ⇒ Object (also: #group)
• #groups ⇒ Object
• #has_authorized_key?(compare_key) ⇒ Boolean

  has_authorized_key matcher: compatibility with serverspec.

• #has_home_directory?(compare_home) ⇒ Boolean

  has_home_directory matcher: compatibility with serverspec.

• #has_login_shell?(compare_shell) ⇒ Boolean

  has_login_shell matcher: compatibility with serverspec.

• #has_uid?(compare_uid) ⇒ Boolean

  implements rspec has matcher, to be compatible with serverspec @see: github.com/rspec/rspec-expectations/blob/master/lib/rspec/matchers/built_in/has.rb has_uid matcher: compatibility with serverspec.

• #home ⇒ Object
• #initialize(username = nil) ⇒ User constructor

  A new instance of User.

• #lastlogin ⇒ Object
• #maxbadpasswords ⇒ Object
• #maxdays ⇒ Object

  returns the maximum days between password changes.

• #maximum_days_between_password_change ⇒ Object

  implement ‘maxdays’ method to be compatible with serverspec.

• #mindays ⇒ Object

  returns the minimum days between password changes.

• #minimum_days_between_password_change ⇒ Object

  implement ‘mindays’ method to be compatible with serverspec.

• #passwordage ⇒ Object
• #resource_id ⇒ Object
• #shell ⇒ Object
• #to_s ⇒ Object
• #uid ⇒ Object
• #userflags ⇒ Object
• #username ⇒ Object
• #warndays ⇒ Object

  returns the days for password change warning.

Methods included from UserManagementSelector

#select_user_manager

Constructor Details

#initialize(username = nil) ⇒ User

Returns a new instance of User.

# File 'lib/inspec/resources/users.rb', line 167

def initialize(username = nil)
  @username = username
  # select user provider
  @user_provider = select_user_manager(inspec.os)
  return skip_resource "The `user` resource is not supported on your OS yet." if @user_provider.nil?
end

Instance Method Details

#badpasswordattempts ⇒ Object

# File 'lib/inspec/resources/users.rb', line 244

def badpasswordattempts
  credentials[:badpasswordattempts] unless credentials.nil?
end

#belongs_to_group?(group_name) ⇒ Boolean

belongs_to_group matcher: compatibility with serverspec

Returns:

• (Boolean)

# File 'lib/inspec/resources/users.rb', line 295

def belongs_to_group?(group_name)
  groups.include?(group_name)
end

#belongs_to_primary_group?(group_name) ⇒ Boolean

belongs_to_primary_group matcher: compatibility with serverspec

Returns:

• (Boolean)

# File 'lib/inspec/resources/users.rb', line 290

def belongs_to_primary_group?(group_name)
  groupname == group_name
end

#disabled? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/inspec/resources/users.rb', line 178

def disabled?
  identity[:disabled] == true unless identity.nil?
end

#domain ⇒ Object

# File 'lib/inspec/resources/users.rb', line 217

def domain
  meta_info[:domain] unless meta_info.nil?
end

#enabled? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/inspec/resources/users.rb', line 182

def enabled?
  identity[:disabled] == false unless identity.nil?
end

#encrypted_password ⇒ Object

encrypted_password property: compatibility with serverspec it allows to run test against the hashed passwords of the given user applicable for unix/linux systems with getent utility.

Raises:

• (Inspec::Exceptions::ResourceSkipped)

# File 'lib/inspec/resources/users.rb', line 302

def encrypted_password
  raise Inspec::Exceptions::ResourceSkipped, "encrypted_password property is not applicable for your system" if inspec.os.windows? || inspec.os.darwin?

  # shadow_information returns array of the information from the shadow file
  # the value at 1st index is the encrypted_password information
  shadow_information[1]
end

#exists? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/inspec/resources/users.rb', line 174

def exists?
  !identity.nil? && !identity[:username].nil?
end

#gid ⇒ Object

# File 'lib/inspec/resources/users.rb', line 194

def gid
  identity[:gid] unless identity.nil?
end

#groupname ⇒ Object Also known as: group

# File 'lib/inspec/resources/users.rb', line 198

def groupname
  identity[:groupname] unless identity.nil?
end

#groups ⇒ Object

# File 'lib/inspec/resources/users.rb', line 203

def groups
  unless identity.nil?
    inspec.os.windows? ? UserGroups.new(identity[:groups]) : identity[:groups]
  end
end

#has_authorized_key?(compare_key) ⇒ Boolean

has_authorized_key matcher: compatibility with serverspec

Returns:

• (Boolean)

# File 'lib/inspec/resources/users.rb', line 284

def has_authorized_key?(compare_key)
  # get_authorized_keys returns the list of key, check if given key is included.
  get_authorized_keys.include?(compare_key)
end

#has_home_directory?(compare_home) ⇒ Boolean

has_home_directory matcher: compatibility with serverspec

Returns:

• (Boolean)

# File 'lib/inspec/resources/users.rb', line 274

def has_home_directory?(compare_home)
  home == compare_home
end

#has_login_shell?(compare_shell) ⇒ Boolean

has_login_shell matcher: compatibility with serverspec

Returns:

• (Boolean)

# File 'lib/inspec/resources/users.rb', line 279

def has_login_shell?(compare_shell)
  shell == compare_shell
end

#has_uid?(compare_uid) ⇒ Boolean

implements rspec has matcher, to be compatible with serverspec @see: github.com/rspec/rspec-expectations/blob/master/lib/rspec/matchers/built_in/has.rb has_uid matcher: compatibility with serverspec

Returns:

• (Boolean)

# File 'lib/inspec/resources/users.rb', line 269

def has_uid?(compare_uid)
  uid == compare_uid
end

#home ⇒ Object

# File 'lib/inspec/resources/users.rb', line 209

def home
  meta_info[:home] unless meta_info.nil?
end

#lastlogin ⇒ Object

# File 'lib/inspec/resources/users.rb', line 225

def lastlogin
  meta_info[:lastlogin] unless meta_info.nil?
end

#maxbadpasswords ⇒ Object

# File 'lib/inspec/resources/users.rb', line 248

def maxbadpasswords
  credentials[:maxbadpasswords] unless credentials.nil?
end

#maxdays ⇒ Object

returns the maximum days between password changes

# File 'lib/inspec/resources/users.rb', line 235

def maxdays
  credentials[:maxdays] unless credentials.nil?
end

#maximum_days_between_password_change ⇒ Object

implement ‘maxdays’ method to be compatible with serverspec

# File 'lib/inspec/resources/users.rb', line 262

def maximum_days_between_password_change
  maxdays
end

#mindays ⇒ Object

returns the minimum days between password changes

# File 'lib/inspec/resources/users.rb', line 230

def mindays
  credentials[:mindays] unless credentials.nil?
end

#minimum_days_between_password_change ⇒ Object

implement ‘mindays’ method to be compatible with serverspec

# File 'lib/inspec/resources/users.rb', line 257

def minimum_days_between_password_change
  mindays
end

#passwordage ⇒ Object

# File 'lib/inspec/resources/users.rb', line 252

def passwordage
  credentials[:passwordage] unless credentials.nil?
end

#resource_id ⇒ Object

# File 'lib/inspec/resources/users.rb', line 310

def resource_id
  @username || "User"
end

#shell ⇒ Object

# File 'lib/inspec/resources/users.rb', line 213

def shell
  meta_info[:shell] unless meta_info.nil?
end

#to_s ⇒ Object

# File 'lib/inspec/resources/users.rb', line 314

def to_s
  "User #{@username}"
end

#uid ⇒ Object

# File 'lib/inspec/resources/users.rb', line 190

def uid
  identity[:uid] unless identity.nil?
end

#userflags ⇒ Object

# File 'lib/inspec/resources/users.rb', line 221

def userflags
  meta_info[:userflags] unless meta_info.nil?
end

#username ⇒ Object

# File 'lib/inspec/resources/users.rb', line 186

def username
  identity[:username] unless identity.nil?
end

#warndays ⇒ Object

returns the days for password change warning

# File 'lib/inspec/resources/users.rb', line 240

def warndays
  credentials[:warndays] unless credentials.nil?
end