From dd9626d32744d2688c703e6924d28beb96535010 Mon Sep 17 00:00:00 2001 From: Luis Blanco Date: Thu, 13 Jun 2024 12:10:58 +0100 Subject: [PATCH 01/23] checking login permissions for f2k, postgres, redborder and root --- spec/users/f2k_spec.rb | 9 +++++++++ spec/users/postgres_spec.rb | 9 +++++++++ spec/users/redborder_spec.rb | 9 +++++++++ spec/users/root_spec.rb | 9 +++++++++ 4 files changed, 36 insertions(+) create mode 100644 spec/users/f2k_spec.rb create mode 100644 spec/users/postgres_spec.rb create mode 100644 spec/users/redborder_spec.rb create mode 100644 spec/users/root_spec.rb diff --git a/spec/users/f2k_spec.rb b/spec/users/f2k_spec.rb new file mode 100644 index 0000000..818692d --- /dev/null +++ b/spec/users/f2k_spec.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +require 'spec_helper' +set :os, family: 'redhat', release: '9', arch: 'x86_64' + +describe user('f2k') do + it { should exist } + it { should have_login_shell('/sbin/nologin') } +end diff --git a/spec/users/postgres_spec.rb b/spec/users/postgres_spec.rb new file mode 100644 index 0000000..f60adfc --- /dev/null +++ b/spec/users/postgres_spec.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +require 'spec_helper' +set :os, family: 'redhat', release: '9', arch: 'x86_64' + +describe user('postgres') do + it { should exist } + it { should have_login_shell '/bin/bash' } +end diff --git a/spec/users/redborder_spec.rb b/spec/users/redborder_spec.rb new file mode 100644 index 0000000..8586e86 --- /dev/null +++ b/spec/users/redborder_spec.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +require 'spec_helper' +set :os, family: 'redhat', release: '9', arch: 'x86_64' + +describe user('redborder') do + it { should exist } + it { should have_login_shell '/bin/bash' } +end diff --git a/spec/users/root_spec.rb b/spec/users/root_spec.rb new file mode 100644 index 0000000..5b8f5b8 --- /dev/null +++ b/spec/users/root_spec.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +require 'spec_helper' +set :os, family: 'redhat', release: '9', arch: 'x86_64' + +describe user('root') do + it { should exist } + it { should have_login_shell '/bin/bash' } +end From bae870833cda0923cf306a4baa7a353250656557 Mon Sep 17 00:00:00 2001 From: Luis Blanco Date: Thu, 13 Jun 2024 14:27:13 +0100 Subject: [PATCH 02/23] 3 users that can't login --- spec/users/http2k_spec.rb | 9 +++++++++ spec/users/kafka_spec.rb | 9 +++++++++ spec/users/pmacct_spec.rb | 9 +++++++++ 3 files changed, 27 insertions(+) create mode 100644 spec/users/http2k_spec.rb create mode 100644 spec/users/kafka_spec.rb create mode 100644 spec/users/pmacct_spec.rb diff --git a/spec/users/http2k_spec.rb b/spec/users/http2k_spec.rb new file mode 100644 index 0000000..ebe2612 --- /dev/null +++ b/spec/users/http2k_spec.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +require 'spec_helper' +set :os, family: 'redhat', release: '9', arch: 'x86_64' + +describe user('http2k') do + it { should exist } + it { should have_login_shell('/sbin/nologin') } +end diff --git a/spec/users/kafka_spec.rb b/spec/users/kafka_spec.rb new file mode 100644 index 0000000..f4d87be --- /dev/null +++ b/spec/users/kafka_spec.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +require 'spec_helper' +set :os, family: 'redhat', release: '9', arch: 'x86_64' + +describe user('kafka') do + it { should exist } + it { should have_login_shell('/sbin/nologin') } +end diff --git a/spec/users/pmacct_spec.rb b/spec/users/pmacct_spec.rb new file mode 100644 index 0000000..92c08b5 --- /dev/null +++ b/spec/users/pmacct_spec.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +require 'spec_helper' +set :os, family: 'redhat', release: '9', arch: 'x86_64' + +describe user('pmacct') do + it { should exist } + it { should have_login_shell('/sbin/nologin') } +end From 0c0517915fada9ad161a6cd2edc5ce0e961a1ffd Mon Sep 17 00:00:00 2001 From: Luis Blanco Date: Thu, 13 Jun 2024 15:52:34 +0100 Subject: [PATCH 03/23] checking no noticed users have permission --- spec/users/users_spec.rb | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 spec/users/users_spec.rb diff --git a/spec/users/users_spec.rb b/spec/users/users_spec.rb new file mode 100644 index 0000000..618baf5 --- /dev/null +++ b/spec/users/users_spec.rb @@ -0,0 +1,22 @@ +# frozen_string_literal: true +# This file is for system users in general + +require 'spec_helper' +require 'set' +set :os, family: 'redhat', release: '9', arch: 'x86_64' + +describe 'Checking only these users has login permission' do + passwd = command('cat /etc/passwd').stdout.split("\n") + all_users = passwd.map { |p| p.split(':').first } + all_users = Set.new all_users + + allowed_users = Set.new %w[root redborder postgres] + not_allowed_users = all_users - allowed_users + + not_allowed_users.each do |user| + describe user(user) do + it { should exist } + it { should_not have_login_shell('/bin/bash') } + end + end +end From 216b5ce0ebb917f87456ccc078390ce79840bc20 Mon Sep 17 00:00:00 2001 From: Luis Blanco Date: Thu, 13 Jun 2024 16:33:52 +0100 Subject: [PATCH 04/23] optimization --- spec/users/users_spec.rb | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/spec/users/users_spec.rb b/spec/users/users_spec.rb index 618baf5..0a1bc54 100644 --- a/spec/users/users_spec.rb +++ b/spec/users/users_spec.rb @@ -7,16 +7,14 @@ describe 'Checking only these users has login permission' do passwd = command('cat /etc/passwd').stdout.split("\n") - all_users = passwd.map { |p| p.split(':').first } - all_users = Set.new all_users + bash_users = passwd.select { |p| p.include? '/bin/bash' } + bash_users.map! { |p| p.split(':').first } + bash_users = Set.new bash_users - allowed_users = Set.new %w[root redborder postgres] - not_allowed_users = all_users - allowed_users + allowed_users = Set.new %w[root redborder] + not_allowed_users = bash_users - allowed_users - not_allowed_users.each do |user| - describe user(user) do - it { should exist } - it { should_not have_login_shell('/bin/bash') } - end + it 'should only allow specified users to have login permissions' do + expect(not_allowed_users).to be_empty end end From 299d3113e0e68047d45d41a7c9df3008f5a4bcc7 Mon Sep 17 00:00:00 2001 From: Luis Blanco Date: Thu, 13 Jun 2024 16:35:17 +0100 Subject: [PATCH 05/23] postgres recovered --- spec/users/users_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/users/users_spec.rb b/spec/users/users_spec.rb index 0a1bc54..b1a49a2 100644 --- a/spec/users/users_spec.rb +++ b/spec/users/users_spec.rb @@ -11,7 +11,7 @@ bash_users.map! { |p| p.split(':').first } bash_users = Set.new bash_users - allowed_users = Set.new %w[root redborder] + allowed_users = Set.new %w[root redborder postgres] not_allowed_users = bash_users - allowed_users it 'should only allow specified users to have login permissions' do From 267f98e9d73793972c32dd9190b4b41b1d24af4a Mon Sep 17 00:00:00 2001 From: Luis Blanco Date: Fri, 14 Jun 2024 13:58:08 +0100 Subject: [PATCH 06/23] usre definitions as in legacy --- spec/users/k2http_spec.rb | 9 +++++++++ spec/users/memcached_spec.rb | 9 +++++++++ spec/users/postfix_spec.rb | 9 +++++++++ spec/users/redborder_events_counter_spec.rb | 9 +++++++++ spec/users/redborder_monitor_spec.rb | 9 +++++++++ spec/users/ssh_spec.rb | 9 +++++++++ spec/users/webui.rb | 9 +++++++++ spec/users/zookeeper.rb | 9 +++++++++ 8 files changed, 72 insertions(+) create mode 100644 spec/users/k2http_spec.rb create mode 100644 spec/users/memcached_spec.rb create mode 100644 spec/users/postfix_spec.rb create mode 100644 spec/users/redborder_events_counter_spec.rb create mode 100644 spec/users/redborder_monitor_spec.rb create mode 100644 spec/users/ssh_spec.rb create mode 100644 spec/users/webui.rb create mode 100644 spec/users/zookeeper.rb diff --git a/spec/users/k2http_spec.rb b/spec/users/k2http_spec.rb new file mode 100644 index 0000000..fbc7a00 --- /dev/null +++ b/spec/users/k2http_spec.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +require 'spec_helper' +set :os, family: 'redhat', release: '9', arch: 'x86_64' + +describe user('k2http') do + it { should exist } + it { should have_login_shell('/sbin/nologin') } +end diff --git a/spec/users/memcached_spec.rb b/spec/users/memcached_spec.rb new file mode 100644 index 0000000..7756b80 --- /dev/null +++ b/spec/users/memcached_spec.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +require 'spec_helper' +set :os, family: 'redhat', release: '9', arch: 'x86_64' + +describe user('memcached') do + it { should exist } + it { should have_login_shell('/sbin/nologin') } +end diff --git a/spec/users/postfix_spec.rb b/spec/users/postfix_spec.rb new file mode 100644 index 0000000..0d2221b --- /dev/null +++ b/spec/users/postfix_spec.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +require 'spec_helper' +set :os, family: 'redhat', release: '9', arch: 'x86_64' + +describe user('postfix') do + it { should exist } + it { should have_login_shell('/sbin/nologin') } +end diff --git a/spec/users/redborder_events_counter_spec.rb b/spec/users/redborder_events_counter_spec.rb new file mode 100644 index 0000000..3d5ad6b --- /dev/null +++ b/spec/users/redborder_events_counter_spec.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +require 'spec_helper' +set :os, family: 'redhat', release: '9', arch: 'x86_64' + +describe user('redborder-events-counter') do + it { should exist } + it { should have_login_shell('/sbin/nologin') } +end diff --git a/spec/users/redborder_monitor_spec.rb b/spec/users/redborder_monitor_spec.rb new file mode 100644 index 0000000..1488069 --- /dev/null +++ b/spec/users/redborder_monitor_spec.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +require 'spec_helper' +set :os, family: 'redhat', release: '9', arch: 'x86_64' + +describe user('redborder-monitor') do + it { should exist } + it { should have_login_shell('/sbin/nologin') } +end diff --git a/spec/users/ssh_spec.rb b/spec/users/ssh_spec.rb new file mode 100644 index 0000000..73cb1c9 --- /dev/null +++ b/spec/users/ssh_spec.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +require 'spec_helper' +set :os, family: 'redhat', release: '9', arch: 'x86_64' + +describe user('sshd') do + it { should exist } + it { should have_login_shell('/sbin/nologin') } +end diff --git a/spec/users/webui.rb b/spec/users/webui.rb new file mode 100644 index 0000000..5823664 --- /dev/null +++ b/spec/users/webui.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +require 'spec_helper' +set :os, family: 'redhat', release: '9', arch: 'x86_64' + +describe user('webui') do + it { should exist } + it { should have_login_shell('/sbin/nologin') } +end diff --git a/spec/users/zookeeper.rb b/spec/users/zookeeper.rb new file mode 100644 index 0000000..5a4f35a --- /dev/null +++ b/spec/users/zookeeper.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +require 'spec_helper' +set :os, family: 'redhat', release: '9', arch: 'x86_64' + +describe user('zookeeper') do + it { should exist } + it { should have_login_shell('/sbin/nologin') } +end From b58477ff748b38a9aa506f6d2f61dfe7f55560fb Mon Sep 17 00:00:00 2001 From: Luis Blanco Date: Fri, 14 Jun 2024 14:06:06 +0100 Subject: [PATCH 07/23] dswatcher nologin permission --- spec/users/redborder_dswatcher_spec.rb | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 spec/users/redborder_dswatcher_spec.rb diff --git a/spec/users/redborder_dswatcher_spec.rb b/spec/users/redborder_dswatcher_spec.rb new file mode 100644 index 0000000..f0c7df8 --- /dev/null +++ b/spec/users/redborder_dswatcher_spec.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +require 'spec_helper' +set :os, family: 'redhat', release: '9', arch: 'x86_64' + +describe user('redborder-dswatcher') do + it { should exist } + it { should have_login_shell('/sbin/nologin') } +end From 0422e4651fb8416cfa71b4a3843dc4dec3233752 Mon Sep 17 00:00:00 2001 From: Luis Blanco Date: Mon, 17 Jun 2024 15:13:21 +0100 Subject: [PATCH 08/23] the path is a little different for no login here --- spec/users/ssh_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/users/ssh_spec.rb b/spec/users/ssh_spec.rb index 73cb1c9..d2ef8f3 100644 --- a/spec/users/ssh_spec.rb +++ b/spec/users/ssh_spec.rb @@ -5,5 +5,5 @@ describe user('sshd') do it { should exist } - it { should have_login_shell('/sbin/nologin') } + it { should have_login_shell('/usr/sbin/nologin') } end From 4a29a764fc6b1d59bc6dbb10b3cca788baf6381b Mon Sep 17 00:00:00 2001 From: Luis Blanco Date: Mon, 17 Jun 2024 15:17:31 +0100 Subject: [PATCH 09/23] k2http discarded until we know when is this available --- spec/users/k2http_spec.rb | 9 --------- 1 file changed, 9 deletions(-) delete mode 100644 spec/users/k2http_spec.rb diff --git a/spec/users/k2http_spec.rb b/spec/users/k2http_spec.rb deleted file mode 100644 index fbc7a00..0000000 --- a/spec/users/k2http_spec.rb +++ /dev/null @@ -1,9 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' -set :os, family: 'redhat', release: '9', arch: 'x86_64' - -describe user('k2http') do - it { should exist } - it { should have_login_shell('/sbin/nologin') } -end From b29b88b5e53a398b9db28bd22e5720c45a78965d Mon Sep 17 00:00:00 2001 From: Luis Blanco Date: Mon, 17 Jun 2024 15:57:36 +0100 Subject: [PATCH 10/23] Revert "the path is a little different for no login here" This reverts commit 0422e4651fb8416cfa71b4a3843dc4dec3233752. --- spec/users/ssh_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/users/ssh_spec.rb b/spec/users/ssh_spec.rb index d2ef8f3..73cb1c9 100644 --- a/spec/users/ssh_spec.rb +++ b/spec/users/ssh_spec.rb @@ -5,5 +5,5 @@ describe user('sshd') do it { should exist } - it { should have_login_shell('/usr/sbin/nologin') } + it { should have_login_shell('/sbin/nologin') } end From 445376ca9f3d9bdcdf195445422e5ed433703822 Mon Sep 17 00:00:00 2001 From: Luis Blanco Date: Mon, 17 Jun 2024 15:58:49 +0100 Subject: [PATCH 11/23] repoinit seems to use minio with bash permissions --- spec/users/minio_spec.rb | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 spec/users/minio_spec.rb diff --git a/spec/users/minio_spec.rb b/spec/users/minio_spec.rb new file mode 100644 index 0000000..681ae46 --- /dev/null +++ b/spec/users/minio_spec.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +require 'spec_helper' +set :os, family: 'redhat', release: '9', arch: 'x86_64' + +describe user('minio') do + it { should exist } + it { should have_login_shell('/bin/bash') } +end From 88fda4b6baaacfe51da50322de0f15ad84583065 Mon Sep 17 00:00:00 2001 From: Luis Blanco Date: Mon, 17 Jun 2024 15:59:41 +0100 Subject: [PATCH 12/23] also checking in general users --- spec/users/users_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/users/users_spec.rb b/spec/users/users_spec.rb index b1a49a2..8382e39 100644 --- a/spec/users/users_spec.rb +++ b/spec/users/users_spec.rb @@ -11,7 +11,7 @@ bash_users.map! { |p| p.split(':').first } bash_users = Set.new bash_users - allowed_users = Set.new %w[root redborder postgres] + allowed_users = Set.new %w[root redborder postgres minio] not_allowed_users = bash_users - allowed_users it 'should only allow specified users to have login permissions' do From 0c8be17dfc4dc536083fa04542247c10ac76266c Mon Sep 17 00:00:00 2001 From: Luis Blanco Date: Mon, 24 Jun 2024 11:15:54 +0100 Subject: [PATCH 13/23] fix in case set is empty needs to be array --- spec/users/users_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/users/users_spec.rb b/spec/users/users_spec.rb index 8382e39..9bf44c5 100644 --- a/spec/users/users_spec.rb +++ b/spec/users/users_spec.rb @@ -15,6 +15,6 @@ not_allowed_users = bash_users - allowed_users it 'should only allow specified users to have login permissions' do - expect(not_allowed_users).to be_empty + expect(not_allowed_users.to_a).to be_empty end end From 1a5f126766bfcda8ef953c708f2bd499b4a16617 Mon Sep 17 00:00:00 2001 From: Luis Blanco Date: Mon, 24 Jun 2024 12:35:16 +0100 Subject: [PATCH 14/23] lint --- spec/users/users_spec.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/spec/users/users_spec.rb b/spec/users/users_spec.rb index 9bf44c5..f463521 100644 --- a/spec/users/users_spec.rb +++ b/spec/users/users_spec.rb @@ -1,4 +1,5 @@ # frozen_string_literal: true + # This file is for system users in general require 'spec_helper' From 4956b1b082de2921c6a46d4ccdc78f5b46f6c062 Mon Sep 17 00:00:00 2001 From: Miguel Negron Date: Fri, 20 Sep 2024 13:40:31 +0100 Subject: [PATCH 15/23] remove minio spec --- spec/users/minio_spec.rb | 9 --------- 1 file changed, 9 deletions(-) delete mode 100644 spec/users/minio_spec.rb diff --git a/spec/users/minio_spec.rb b/spec/users/minio_spec.rb deleted file mode 100644 index 681ae46..0000000 --- a/spec/users/minio_spec.rb +++ /dev/null @@ -1,9 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' -set :os, family: 'redhat', release: '9', arch: 'x86_64' - -describe user('minio') do - it { should exist } - it { should have_login_shell('/bin/bash') } -end From 8c84239ffda4ccc3454ce98b96e59c1168b9579d Mon Sep 17 00:00:00 2001 From: Miguel Negron Date: Fri, 20 Sep 2024 13:42:16 +0100 Subject: [PATCH 16/23] Back minio --- spec/users/minio_spec.rb | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 spec/users/minio_spec.rb diff --git a/spec/users/minio_spec.rb b/spec/users/minio_spec.rb new file mode 100644 index 0000000..681ae46 --- /dev/null +++ b/spec/users/minio_spec.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +require 'spec_helper' +set :os, family: 'redhat', release: '9', arch: 'x86_64' + +describe user('minio') do + it { should exist } + it { should have_login_shell('/bin/bash') } +end From 5b51bd1367aa29f17b31accc65257ee20fef90c6 Mon Sep 17 00:00:00 2001 From: Luis Blanco Date: Fri, 20 Sep 2024 14:22:05 +0100 Subject: [PATCH 17/23] add users to rakefile --- Rakefile | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/Rakefile b/Rakefile index cfb21bf..fdc75d1 100644 --- a/Rakefile +++ b/Rakefile @@ -20,7 +20,7 @@ end namespace :spec do host = ENV['TARGET_HOST'] || '10.1.209.20' - task all: %i[services configuration] + task all: %i[services configuration users] desc 'run configuration tests' RSpec::Core::RakeTask.new(:configuration) do |t| @@ -42,4 +42,11 @@ namespace :spec do t.pattern = 'spec/modules/monitor/*_spec.rb' t.rspec_opts = '--format documentation' # O "--format progress" end + + desc 'run user tests' + RSpec::Core::RakeTask.new(:users) do |t| + puts "Running user tests on #{host} ..." + t.pattern = 'spec/users/*_spec.rb' + t.rspec_opts = '--format documentation' # O "--format progress" + end end From 51e0059251d46bfb9eda3bb67e0f8d891a3a5f30 Mon Sep 17 00:00:00 2001 From: Luis Blanco Date: Fri, 20 Sep 2024 15:20:23 +0100 Subject: [PATCH 18/23] skip user checks just in case the mode is custom --- spec/users/f2k_spec.rb | 6 +++++- spec/users/http2k_spec.rb | 6 +++++- spec/users/kafka_spec.rb | 6 +++++- spec/users/memcached_spec.rb | 6 +++++- spec/users/minio_spec.rb | 6 +++++- spec/users/pmacct_spec.rb | 6 +++++- spec/users/postgres_spec.rb | 6 +++++- spec/users/redborder_dswatcher_spec.rb | 7 +++++-- spec/users/redborder_events_counter_spec.rb | 6 +++++- spec/users/redborder_monitor_spec.rb | 6 +++++- spec/users/webui.rb | 6 +++++- spec/users/zookeeper.rb | 6 +++++- 12 files changed, 60 insertions(+), 13 deletions(-) diff --git a/spec/users/f2k_spec.rb b/spec/users/f2k_spec.rb index 818692d..3857fef 100644 --- a/spec/users/f2k_spec.rb +++ b/spec/users/f2k_spec.rb @@ -3,7 +3,11 @@ require 'spec_helper' set :os, family: 'redhat', release: '9', arch: 'x86_64' -describe user('f2k') do +pkg = usr = 'f2k' +describe user(usr) do + before(:all) do + skip("Package #{pkg} is not installed") unless package(pkg).installed? + end it { should exist } it { should have_login_shell('/sbin/nologin') } end diff --git a/spec/users/http2k_spec.rb b/spec/users/http2k_spec.rb index ebe2612..ffd5912 100644 --- a/spec/users/http2k_spec.rb +++ b/spec/users/http2k_spec.rb @@ -3,7 +3,11 @@ require 'spec_helper' set :os, family: 'redhat', release: '9', arch: 'x86_64' -describe user('http2k') do +pkg = usr = 'http2k' +describe user(usr) do + before(:all) do + skip("Package #{pkg} is not installed") unless package(pkg).installed? + end it { should exist } it { should have_login_shell('/sbin/nologin') } end diff --git a/spec/users/kafka_spec.rb b/spec/users/kafka_spec.rb index f4d87be..05af279 100644 --- a/spec/users/kafka_spec.rb +++ b/spec/users/kafka_spec.rb @@ -3,7 +3,11 @@ require 'spec_helper' set :os, family: 'redhat', release: '9', arch: 'x86_64' -describe user('kafka') do +pkg = usr = 'kafka' +describe user(usr) do + before(:all) do + skip("Package #{pkg} is not installed") unless package(pkg).installed? + end it { should exist } it { should have_login_shell('/sbin/nologin') } end diff --git a/spec/users/memcached_spec.rb b/spec/users/memcached_spec.rb index 7756b80..30a76d1 100644 --- a/spec/users/memcached_spec.rb +++ b/spec/users/memcached_spec.rb @@ -3,7 +3,11 @@ require 'spec_helper' set :os, family: 'redhat', release: '9', arch: 'x86_64' -describe user('memcached') do +pkg = usr = 'memcached' +describe user(usr) do + before(:all) do + skip("Package #{pkg} is not installed") unless package(pkg).installed? + end it { should exist } it { should have_login_shell('/sbin/nologin') } end diff --git a/spec/users/minio_spec.rb b/spec/users/minio_spec.rb index 681ae46..391999a 100644 --- a/spec/users/minio_spec.rb +++ b/spec/users/minio_spec.rb @@ -3,7 +3,11 @@ require 'spec_helper' set :os, family: 'redhat', release: '9', arch: 'x86_64' -describe user('minio') do +pkg = usr = 'minio' +describe user(usr) do + before(:all) do + skip("Package #{pkg} is not installed") unless package(pkg).installed? + end it { should exist } it { should have_login_shell('/bin/bash') } end diff --git a/spec/users/pmacct_spec.rb b/spec/users/pmacct_spec.rb index 92c08b5..31711d2 100644 --- a/spec/users/pmacct_spec.rb +++ b/spec/users/pmacct_spec.rb @@ -3,7 +3,11 @@ require 'spec_helper' set :os, family: 'redhat', release: '9', arch: 'x86_64' -describe user('pmacct') do +pkg = usr = 'pmacct' +describe user(usr) do + before(:all) do + skip("Package #{pkg} is not installed") unless package(pkg).installed? + end it { should exist } it { should have_login_shell('/sbin/nologin') } end diff --git a/spec/users/postgres_spec.rb b/spec/users/postgres_spec.rb index f60adfc..6541a72 100644 --- a/spec/users/postgres_spec.rb +++ b/spec/users/postgres_spec.rb @@ -3,7 +3,11 @@ require 'spec_helper' set :os, family: 'redhat', release: '9', arch: 'x86_64' -describe user('postgres') do +pkg = usr = 'postgres' +describe user(usr) do + before(:all) do + skip("Package #{pkg} is not installed") unless package(pkg).installed? + end it { should exist } it { should have_login_shell '/bin/bash' } end diff --git a/spec/users/redborder_dswatcher_spec.rb b/spec/users/redborder_dswatcher_spec.rb index f0c7df8..0036b69 100644 --- a/spec/users/redborder_dswatcher_spec.rb +++ b/spec/users/redborder_dswatcher_spec.rb @@ -2,8 +2,11 @@ require 'spec_helper' set :os, family: 'redhat', release: '9', arch: 'x86_64' - -describe user('redborder-dswatcher') do +pkg = usr = 'redborder-ds-watcher' +describe user(usr) do + before(:all) do + skip("Package #{pkg} is not installed") unless package(pkg).installed? + end it { should exist } it { should have_login_shell('/sbin/nologin') } end diff --git a/spec/users/redborder_events_counter_spec.rb b/spec/users/redborder_events_counter_spec.rb index 3d5ad6b..50d27a7 100644 --- a/spec/users/redborder_events_counter_spec.rb +++ b/spec/users/redborder_events_counter_spec.rb @@ -3,7 +3,11 @@ require 'spec_helper' set :os, family: 'redhat', release: '9', arch: 'x86_64' -describe user('redborder-events-counter') do +pkg = usr = 'redborder-events-counter' +describe user(usr) do + before(:all) do + skip("Package #{pkg} is not installed") unless package(pkg).installed? + end it { should exist } it { should have_login_shell('/sbin/nologin') } end diff --git a/spec/users/redborder_monitor_spec.rb b/spec/users/redborder_monitor_spec.rb index 1488069..fb5c8ea 100644 --- a/spec/users/redborder_monitor_spec.rb +++ b/spec/users/redborder_monitor_spec.rb @@ -3,7 +3,11 @@ require 'spec_helper' set :os, family: 'redhat', release: '9', arch: 'x86_64' -describe user('redborder-monitor') do +pkg = usr = 'redborder-monitor' +describe user(usr) do + before(:all) do + skip("Package #{pkg} is not installed") unless package(pkg).installed? + end it { should exist } it { should have_login_shell('/sbin/nologin') } end diff --git a/spec/users/webui.rb b/spec/users/webui.rb index 5823664..0f899c2 100644 --- a/spec/users/webui.rb +++ b/spec/users/webui.rb @@ -3,7 +3,11 @@ require 'spec_helper' set :os, family: 'redhat', release: '9', arch: 'x86_64' -describe user('webui') do +pkg = usr = 'webui' +describe user(usr) do + before(:all) do + skip("Package #{pkg} is not installed") unless package(pkg).installed? + end it { should exist } it { should have_login_shell('/sbin/nologin') } end diff --git a/spec/users/zookeeper.rb b/spec/users/zookeeper.rb index 5a4f35a..96548b2 100644 --- a/spec/users/zookeeper.rb +++ b/spec/users/zookeeper.rb @@ -3,7 +3,11 @@ require 'spec_helper' set :os, family: 'redhat', release: '9', arch: 'x86_64' -describe user('zookeeper') do +pkg = usr = 'zookeeper' +describe user(usr) do + before(:all) do + skip("Package #{pkg} is not installed") unless package(pkg).installed? + end it { should exist } it { should have_login_shell('/sbin/nologin') } end From c42d671bfdcee88b51183d29a438014733e5e2db Mon Sep 17 00:00:00 2001 From: Luis Blanco Date: Fri, 20 Sep 2024 15:49:47 +0100 Subject: [PATCH 19/23] is postgresql not postgres --- spec/users/postgres_spec.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/spec/users/postgres_spec.rb b/spec/users/postgres_spec.rb index 6541a72..4fe6ed3 100644 --- a/spec/users/postgres_spec.rb +++ b/spec/users/postgres_spec.rb @@ -3,7 +3,8 @@ require 'spec_helper' set :os, family: 'redhat', release: '9', arch: 'x86_64' -pkg = usr = 'postgres' +pkg = 'postgresql' +usr = 'postgres' describe user(usr) do before(:all) do skip("Package #{pkg} is not installed") unless package(pkg).installed? From 470d9c8e694e0b63395b887c788872f2c63ccb74 Mon Sep 17 00:00:00 2001 From: Luis Blanco Date: Fri, 20 Sep 2024 15:53:06 +0100 Subject: [PATCH 20/23] remove typo dash --- spec/users/redborder_dswatcher_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/users/redborder_dswatcher_spec.rb b/spec/users/redborder_dswatcher_spec.rb index 0036b69..3ae608a 100644 --- a/spec/users/redborder_dswatcher_spec.rb +++ b/spec/users/redborder_dswatcher_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' set :os, family: 'redhat', release: '9', arch: 'x86_64' -pkg = usr = 'redborder-ds-watcher' +pkg = usr = 'redborder-dswatcher' describe user(usr) do before(:all) do skip("Package #{pkg} is not installed") unless package(pkg).installed? From 1dafc9ee0343642678a664125af53f7733db1311 Mon Sep 17 00:00:00 2001 From: Luis Blanco Date: Fri, 20 Sep 2024 15:55:45 +0100 Subject: [PATCH 21/23] kafka to redborder-kafka --- spec/users/kafka_spec.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/spec/users/kafka_spec.rb b/spec/users/kafka_spec.rb index 05af279..b363457 100644 --- a/spec/users/kafka_spec.rb +++ b/spec/users/kafka_spec.rb @@ -3,7 +3,8 @@ require 'spec_helper' set :os, family: 'redhat', release: '9', arch: 'x86_64' -pkg = usr = 'kafka' +pkg = 'redborder-kafka' +usr = 'kafka' describe user(usr) do before(:all) do skip("Package #{pkg} is not installed") unless package(pkg).installed? From c420ca88b5d730b3bc10f133e414e0fe5b5334c2 Mon Sep 17 00:00:00 2001 From: Luis Blanco Date: Fri, 20 Sep 2024 15:59:47 +0100 Subject: [PATCH 22/23] package rename --- spec/users/http2k_spec.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/spec/users/http2k_spec.rb b/spec/users/http2k_spec.rb index ffd5912..9aeb00e 100644 --- a/spec/users/http2k_spec.rb +++ b/spec/users/http2k_spec.rb @@ -3,7 +3,8 @@ require 'spec_helper' set :os, family: 'redhat', release: '9', arch: 'x86_64' -pkg = usr = 'http2k' +pkg = 'redborder-http2k' +usr = 'http2k' describe user(usr) do before(:all) do skip("Package #{pkg} is not installed") unless package(pkg).installed? From f94b79dd859bdbf83a4b8dca5a6bc48b5e6f01db Mon Sep 17 00:00:00 2001 From: Miguel Negron Date: Fri, 20 Sep 2024 16:06:27 +0100 Subject: [PATCH 23/23] Remove ssh spec users --- spec/users/ssh_spec.rb | 9 --------- 1 file changed, 9 deletions(-) delete mode 100644 spec/users/ssh_spec.rb diff --git a/spec/users/ssh_spec.rb b/spec/users/ssh_spec.rb deleted file mode 100644 index 73cb1c9..0000000 --- a/spec/users/ssh_spec.rb +++ /dev/null @@ -1,9 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' -set :os, family: 'redhat', release: '9', arch: 'x86_64' - -describe user('sshd') do - it { should exist } - it { should have_login_shell('/sbin/nologin') } -end