From b25362535ae01dd140218b131a8e991d3a10cbe5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20B=C3=A9rtoli?= Date: Sat, 18 Jul 2020 13:23:58 -0300 Subject: [PATCH] test(default+modules): add modules' tests suite --- .../default/controls/config_spec.rb | 17 +++++++ .../default/controls/packages_spec.rb | 23 +++++++++ .../default/controls/services_spec.rb | 15 ++++++ test/integration/modules/README.md | 50 +++++++++++++++++++ .../modules/controls/config_spec.rb | 12 +++++ .../controls/mod_security_spec.rb | 2 +- .../modules/controls/packages_spec.rb | 19 +++++++ .../modules/controls/server_status_spec.rb | 35 +++++++++++++ .../modules/controls/services_spec.rb | 15 ++++++ test/integration/modules/inspec.yml | 18 +++++++ test/salt/pillar/default.sls | 14 ------ test/salt/pillar/modules.sls | 22 ++++++++ 12 files changed, 227 insertions(+), 15 deletions(-) create mode 100644 test/integration/default/controls/config_spec.rb create mode 100644 test/integration/default/controls/packages_spec.rb create mode 100644 test/integration/default/controls/services_spec.rb create mode 100644 test/integration/modules/README.md create mode 100644 test/integration/modules/controls/config_spec.rb rename test/integration/{default => modules}/controls/mod_security_spec.rb (95%) create mode 100644 test/integration/modules/controls/packages_spec.rb create mode 100644 test/integration/modules/controls/server_status_spec.rb create mode 100644 test/integration/modules/controls/services_spec.rb create mode 100644 test/integration/modules/inspec.yml create mode 100644 test/salt/pillar/modules.sls diff --git a/test/integration/default/controls/config_spec.rb b/test/integration/default/controls/config_spec.rb new file mode 100644 index 0000000..dd04579 --- /dev/null +++ b/test/integration/default/controls/config_spec.rb @@ -0,0 +1,17 @@ +# frozen_string_literal: true + +control 'apache configuration' do + title 'should match desired lines' + + describe file('/etc/apache2/apache2.conf') do + it { should be_file } + it { should be_owned_by 'root' } + it { should be_grouped_into 'root' } + its('mode') { should cmp '0644' } + its('content') do + should include( + 'This file is managed by Salt! Do not edit by hand!' + ) + end + end +end diff --git a/test/integration/default/controls/packages_spec.rb b/test/integration/default/controls/packages_spec.rb new file mode 100644 index 0000000..92d7d5b --- /dev/null +++ b/test/integration/default/controls/packages_spec.rb @@ -0,0 +1,23 @@ +# frozen_string_literal: true + +# Overide by OS +package_name = 'bash' +package_name = 'cronie' if (os[:name] == 'centos') && os[:release].start_with?('6') + +control 'apache package' do + title 'should be installed' + + package_name = + case platform[:family] + when 'debian', 'suse' + 'apache2' + when 'redhat', 'fedora' + 'httpd' + when 'arch' + 'apache' + end + + describe package(package_name) do + it { should be_installed } + end +end diff --git a/test/integration/default/controls/services_spec.rb b/test/integration/default/controls/services_spec.rb new file mode 100644 index 0000000..11b5381 --- /dev/null +++ b/test/integration/default/controls/services_spec.rb @@ -0,0 +1,15 @@ +# frozen_string_literal: true + +# Overide by OS +service_name = 'apache2' +service_name = 'httpd' if (os[:name] == 'centos') + +control 'apache service' do + impact 0.5 + title 'should be running and enabled' + + describe service(service_name) do + it { should be_enabled } + it { should be_running } + end +end diff --git a/test/integration/modules/README.md b/test/integration/modules/README.md new file mode 100644 index 0000000..2c2c282 --- /dev/null +++ b/test/integration/modules/README.md @@ -0,0 +1,50 @@ +# InSpec Profile: `modules` + +This shows the implementation of the `modules` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md). + +## Verify a profile + +InSpec ships with built-in features to verify a profile structure. + +```bash +$ inspec check modules +Summary +------- +Location: modules +Profile: profile +Controls: 4 +Timestamp: 2019-06-24T23:09:01+00:00 +Valid: true + +Errors +------ + +Warnings +-------- +``` + +## Execute a profile + +To run all **supported** controls on a local machine use `inspec exec /path/to/profile`. + +```bash +$ inspec exec modules +.. + +Finished in 0.0025 seconds (files took 0.12449 seconds to load) +8 examples, 0 failures +``` + +## Execute a specific control from a profile + +To run one control from the profile use `inspec exec /path/to/profile --controls name`. + +```bash +$ inspec exec modules --controls package +. + +Finished in 0.0025 seconds (files took 0.12449 seconds to load) +1 examples, 0 failures +``` + +See an [example control here](https://github.com/inspec/inspec/blob/master/examples/profile/controls/example.rb). diff --git a/test/integration/modules/controls/config_spec.rb b/test/integration/modules/controls/config_spec.rb new file mode 100644 index 0000000..96f6c6a --- /dev/null +++ b/test/integration/modules/controls/config_spec.rb @@ -0,0 +1,12 @@ +# frozen_string_literal: true + +control 'apache configuration' do + title 'should be valid' + + describe command('apachectl -t') do + its('stdout') { should eq '' } + its('stderr') { should include 'Syntax OK' } + + its('exit_status') { should eq 0 } + end +end diff --git a/test/integration/default/controls/mod_security_spec.rb b/test/integration/modules/controls/mod_security_spec.rb similarity index 95% rename from test/integration/default/controls/mod_security_spec.rb rename to test/integration/modules/controls/mod_security_spec.rb index 1e59ed2..a585fd8 100644 --- a/test/integration/default/controls/mod_security_spec.rb +++ b/test/integration/modules/controls/mod_security_spec.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -control 'Apache mod_security configuration' do +control 'apache mod_security configuration' do title 'should match desired lines' modspec_file = diff --git a/test/integration/modules/controls/packages_spec.rb b/test/integration/modules/controls/packages_spec.rb new file mode 100644 index 0000000..f73dceb --- /dev/null +++ b/test/integration/modules/controls/packages_spec.rb @@ -0,0 +1,19 @@ +# frozen_string_literal: true + +control 'apache mod_security package' do + title 'should be installed' + + package_name = + case platform[:family] + when 'debian', 'suse' + 'libapache2-mod-security2' + when 'redhat', 'fedora' + 'mod_security' + when 'suse' + 'apache2-mod_security2' + end + + describe package(package_name) do + it { should be_installed } + end +end diff --git a/test/integration/modules/controls/server_status_spec.rb b/test/integration/modules/controls/server_status_spec.rb new file mode 100644 index 0000000..c851f6e --- /dev/null +++ b/test/integration/modules/controls/server_status_spec.rb @@ -0,0 +1,35 @@ +# frozen_string_literal: true + +control 'apache server_status configuration' do + title 'should match desired lines' + + server_status_stanza = <<-SS_STANZA + + SetHandler server-status + Require local + Require host foo.example.com + Require ip 10.8.8.0/24 + +SS_STANZA + + confdir = + case platform[:family] + when 'debian' + '/etc/apache2/conf-available' + when 'redhat', 'fedora' + '/etc/httpd/conf.d' + when 'suse' + '/etc/apache2/conf.d' + when 'arch' + '/etc/httpd/conf/extra' + end + + describe file("#{confdir}/server-status.conf") do + it { should be_file } + it { should be_owned_by 'root' } + it { should be_grouped_into 'root' } + its('mode') { should cmp '0644' } + its('content') { should include '# File managed by Salt' } + its('content') { should include server_status_stanza } + end +end diff --git a/test/integration/modules/controls/services_spec.rb b/test/integration/modules/controls/services_spec.rb new file mode 100644 index 0000000..9a97d7f --- /dev/null +++ b/test/integration/modules/controls/services_spec.rb @@ -0,0 +1,15 @@ +# frozen_string_literal: true + +# Overide by OS +service_name = 'apache2' +service_name = 'httpd' if (os[:name] == 'centos') + +control 'apache service' do + impact 0.5 + title 'should be running and enabled' + + describe service(service_name) do + it { should be_enabled } + it { should_not be_running } + end +end diff --git a/test/integration/modules/inspec.yml b/test/integration/modules/inspec.yml new file mode 100644 index 0000000..eaa99f2 --- /dev/null +++ b/test/integration/modules/inspec.yml @@ -0,0 +1,18 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +name: modules +title: apache formula +maintainer: SaltStack Formulas +license: Apache-2.0 +summary: Verify that the apache formula manages modules correctly +supports: + - platform-name: debian + - platform-name: ubuntu + - platform-name: centos + - platform-name: fedora + - platform-name: opensuse + - platform-name: suse + - platform-name: freebsd + - platform-name: amazon + - platform-name: arch diff --git a/test/salt/pillar/default.sls b/test/salt/pillar/default.sls index 2701fa1..dc91e2f 100644 --- a/test/salt/pillar/default.sls +++ b/test/salt/pillar/default.sls @@ -1,17 +1,3 @@ # -*- coding: utf-8 -*- # vim: ft=yaml --- -apache: - manage_service_states: false - mod_security: - crs_install: true - manage_config: true - sec_rule_engine: 'On' - sec_request_body_access: 'On' - sec_request_body_limit: '14000000' - sec_request_body_no_files_limit: '114002' - sec_request_body_in_memory_limit: '114002' - sec_request_body_limit_action: 'Reject' - sec_pcre_match_limit: '15000' - sec_pcre_match_limit_recursion: '15000' - sec_debug_log_level: '3' diff --git a/test/salt/pillar/modules.sls b/test/salt/pillar/modules.sls new file mode 100644 index 0000000..70eb6eb --- /dev/null +++ b/test/salt/pillar/modules.sls @@ -0,0 +1,22 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +apache: + manage_service_states: false + mod_security: + crs_install: true + manage_config: true + sec_rule_engine: 'On' + sec_request_body_access: 'On' + sec_request_body_limit: '14000000' + sec_request_body_no_files_limit: '114002' + sec_request_body_in_memory_limit: '114002' + sec_request_body_limit_action: 'Reject' + sec_pcre_match_limit: '15000' + sec_pcre_match_limit_recursion: '15000' + sec_debug_log_level: '3' + server_status_require: + ip: + - 10.8.8.0/24 + host: + - foo.example.com