Resource Types
Note: In these examples, I'm using should
syntax instead of expect
syntax because I think should
syntax is more readable than expect
syntax and I like it.
Using expect
syntax is recommended way because adding should
to every object causes failures when used with BasicObject-subclassed proxy objects.
But the one-liner syntax used with the examples in this page doesn't add should
to any objects, so this syntax doesn't cause the above problems.That's why I'm using the one-liner should
syntax.
Please see the document of rspec-expectations if you'd like to know the detail of the issue.
You can use more strict grammar syntax like be_a_file
instead of be_file
with all resource types.
cgroup
Linux cgroup resource type.
You can test cgroup parameters like this.
describe cgroup('group1') do
its('cpuset.cpus') { should eq 1 }
end
describe cgroup('group1') do
it "cpuset has the correct number of cpus" do
expect(subject.cpuset.cpus).to eq 1
end
end
command
Command resource type.
its(:stdout), its(:stderr), its(:exit_status)
You can get the stdout, stderr ane exit status of the command result, and can use any matchers RSpec supports.
describe command('ls -al /') do
its(:stdout) { should match /bin/ }
end
describe command('ls /foo') do
its(:stderr) { should match /No such file or directory/ }
end
describe command('ls /foo') do
its(:exit_status) { should eq 0 }
end
describe command('ls -al /') do
it "contains a bin in path" do
expect(subject.stdout).to match(/bin/)
end
end
describe command('ls /foo') do
it "does not contain the path" do
expect(subject.stderr).to match(/No such file or directory/)
end
end
describe command('ls /foo') do
it "executes without error" do
expect(subject.exit_status).to eq 0
end
end
cron
Cron resource type.
have_entry
In order to test cron have a given entry exists, you should use have_entry matcher.
describe cron do
it { should have_entry '* * * * * /usr/local/bin/foo' }
end
describe cron do
it "has the correct entry" do
expect(subject).to have_entry('* * * * * /usr/local/bin/foo')
end
end
You can test a given user has the cron entry like this.
describe cron do
it { should have_entry('* * * * * /usr/local/bin/foo').with_user('mizzy') }
end
describe cron do
it "has the correct entry with user" do
expect(subject).to have_entry('* * * * * /usr/local/bin/foo').with_user('mizzy')
end
end
default_gateway
Default gateway resource type.
In order to test a default gateway is set up correctly, you should use this syntax.
describe default_gateway do
its(:ipaddress) { should eq '192.168.10.1' }
its(:interface) { should eq 'br0' }
end
describe default_gateway do
it "has the correct ip address" do
expect(subject.ipaddress).to eq '192.168.10.1'
end
it "has the correct interface" do
expect(subject.interface).to eq 'br0'
end
end
file
File and directory resource type.
be_file
In order to test a subject exists as a file, you should use be_file matcher.
describe file('/etc/passwd') do
it { should be_file }
end
describe file('/etc/passwd') do
it "is a file" do
expect(subject).to be_file
end
end
be_directory
In order to test a subject exists as a directory, you should use be_directory matcher.
describe file('/var/log/httpd') do
it { should be_directory }
end
describe file('/var/log/httpd') do
it "is a directory" do
expect(subject).to be_directory
end
end
be_socket
In order to test a subject exists as a socket, you should use be_socket matcher.
describe file('/var/run/unicorn.sock') do
it { should be_socket }
end
describe file('/var/run/unicorn.sock') do
it "is a socket" do
expect(subject).to be_socket
end
end
contain
Notice: Instead of contain
, you can use its(:content)
and any standard rspec matchers. The matcher contain
will be obsoleted.
describe file('/etc/httpd/conf/httpd.conf') do
its(:content) { should match /ServerName www.example.jp/ }
end
describe file('/etc/httpd/conf/httpd.conf') do
it "has the correct content" do
expect(subject.content).to match(/ServerName www.example.jp/)
end
end
In order to test a file contains a given string, you can use contain matcher.
describe file('/etc/httpd/conf/httpd.conf') do
it { should contain 'ServerName www.example.jp' }
end
describe file('/etc/httpd/conf/httpd.conf') do
it "contains the correct content" do
expect(subject).to contain('ServerName www.example.jp')
end
end
You can test a file contains a given string within a given range.
describe file('Gemfile') do
# test 'rspec' exists between "group :test do" and "end".
it { should contain('rspec').from(/^group :test do/).to(/^end/) }
# test 'rspec' exists after "group :test do".
it { should contain('rspec').after(/^group :test do/) }
# test 'rspec' exists before "end".
it { should contain('rspec').before(/^end/) }
end
describe file('Gemfile') do
# test 'rspec' exists between "group :test do" and "end".
it "contains rspec in the correct location" do
expect(subject).to contain('rspec').from(/^group :test do/).to(/^end/)
end
# test 'rspec' exists after "group :test do".
it "contains rspec in the correct location" do
expect(subject).to contain('rspec').after(/^group :test do/)
end
# test 'rspec' exists before "end".
it "contains rspec in the correct location" do
expect(subject).to contain('rspec').before(/^end/)
end
end
be_mode
In order to test a subject is set to given mode, you should use be_mode matcher.
describe file('/etc/sudoers') do
it { should be_mode 440 }
end
describe file('/etc/sudoers') do
it "has the correct mode" do
expect(subject).to be_mode(440)
end
end
be_owned_by
In order to test a subject is owned by a given user, you should use be_owned_by matcher.
describe file('/etc/sudoers') do
it { should be_owned_by 'root' }
end
describe file('/etc/sudoers') do
it "has the correct owner" do
expect(subject).to be_owned_by('root')
end
end
be_grouped_into
In order to test a subject is grouped into a given group, you should use be_grouped_into matcher.
describe file('/etc/sudoers') do
it { should be_grouped_into 'wheel' }
end
describe file('/etc/sudoers') do
it "has the correct group" do
expect(subject).to be_grouped_into('wheel')
end
end
be_linked_to
In order to test a subject is linked to a given file or directory, you should use be_linked_to matcher.
describe file('/etc/system-release') do
it { should be_linked_to '/etc/redhat-release' }
end
describe file('/etc/system-release') do
it "correctly linked" do
expect(subject).to be_linked_to('/etc/redhat-release')
end
end
be_readable
In order to test a subject is readable, you should use be_readable matcher.
describe file('/etc/sudoers') do
it { should be_readable }
end
describe file('/etc/sudoers') do
it "is readable" do
expect(subject).to be_readable
end
end
You can also test a subject is readable by owner, group members, others or a specific user.
describe file('/etc/sudoers') do
it { should be_readable.by('owner') }
it { should be_readable.by('group') }
it { should be_readable.by('others') }
it { should be_readable.by_user('apache') }
end
describe file('/etc/sudoers') do
it "readable by owner" do
expect(subject).to be_readable.by('owner')
end
it "readable by group" do
expect(subject).to be_readable.by('group')
end
it "readable by other" do
expect(subject).to be_readable.by('other')
end
it "readable by apache" do
expect(subject).to be_readable.by_user('apache')
end
end
be_writable
In order to test a subject is writable, you should use be_writable matcher.
describe file('/etc/sudoers') do
it { should be_writable }
end
describe file('/etc/sudoers') do
it "is writable" do
expect(subject).to be_writable
end
end
You can also test a subject is writable by owner, group members, others or a specific user.
describe file('/etc/sudoers') do
it { should be_writable.by('owner') }
it { should be_writable.by('group') }
it { should be_writable.by('others') }
it { should be_writable.by_user('apache') }
end
describe file('/etc/sudoers') do
it "readable by owner" do
expect(subject).to be_writable.by('owner')
end
it "readable by group" do
expect(subject).to be_writable.by('group')
end
it "readable by other" do
expect(subject).to be_writable.by('other')
end
it "readable by apache" do
expect(subject).to be_writable.by_user('apache')
end
end
be_executable
In order to test a subject is executable, you should use be_executable matcher.
describe file('/etc/init.d/httpd') do
it { should be_executable }
end
describe file('/etc/init.d/httpd') do
it "is executable" do
expect(subject).to be_executable
end
end
You can also test a subject is executable by owner, group members, others or a specific user.
describe file('/etc/init.d/httpd') do
it { should be_executable.by('owner') }
it { should be_executable.by('group') }
it { should be_executable.by('others') }
it { should be_executable.by_user('httpd') }
end
describe file('/etc/sudoers') do
it "executable by owner" do
expect(subject).to be_executable.by('owner')
end
it "executable by group" do
expect(subject).to be_executable.by('group')
end
it "executable by other" do
expect(subject).to be_executable.by('other')
end
it "executable by httpd" do
expect(subject).to be_executable.by_user('httpd')
end
end
be_mounted
In order to test a directory is mounted, you should use be_mounted matcher.
describe file('/') do
it { should be_mounted }
end
describe file('/') do
it "is mounted" do
expect(subject).to be_mounted
end
end
You can also test a directory is mounted with correct attributes.
describe file('/') do
it { should be_mounted.with( :type => 'ext4' ) }
end
describe file('/') do
it { should be_mounted.with( :options => { :rw => true } ) }
end
describe file('/') do
it do
should be_mounted.only_with(
:device => '/dev/mapper/VolGroup-lv_root',
:type => 'ext4',
:options => {
:rw => true,
:mode => 620,
}
)
end
end
only_with
needs all attributes of the mounted directory.
describe file('/') do
it "mounted with ext4" do
expect(subject).to be_mounted.with( :type => 'ext4' )
end
end
describe file('/') do
it "mounted with read/write true" do
expect(subject).to be_mounted.with( :options => { :rw => true } )
end
end
describe file('/') do
it "mounted with the correct options" do
expect(subject).to be_mounted.only_with(
:device => '/dev/mapper/VolGroup-lv_root',
:type => 'ext4',
:options => {
:rw => true,
:mode => 620,
}
)
end
end
be_version
In order to test a file's version using its metadata in Windows, you should use be_version matcher.
describe file('C:\\Windows\\System32\\wuapi.dll') do
it { should be_version('7.6.7600.256') }
end
describe file('C:\\Windows\\System32\\wuapi.dll') do
it "correct version" do
expect(subject).to be_version('7.6.7600.256')
end
end
its(:md5sum)
In order to test a file's md5 checksum matches a given value, you should use its(:md5sum).
describe file('/etc/services') do
its(:md5sum) { should eq '35435ea447c19f0ea5ef971837ab9ced' }
end
describe file('/etc/services') do
it "correct md5 sum" do
expect(subject.md5sum).to eq('35435ea447c19f0ea5ef971837ab9ced')
end
end
its(:sha256sum)
In order to test a file's sha256 checksum matches a given value, you should use its(:sha256sum).
describe file('/etc/services') do
its(:sha256sum) { should eq 'a861c49e9a76d64d0a756e1c9125ae3aa6b88df3f814a51cecffd3e89cce6210' }
end
describe file('/etc/services') do
it "correct sha 256 sum" do
expect(subject.sha256sum).to eq('a861c49e9a76d64d0a756e1c9125ae3aa6b88df3f814a51cecffd3e89cce6210')
end
end
group
Group resource type.
exist
In order to test a group exists, you should use exist matcher.
describe group('wheel') do
it { should exist }
end
describe group('wheel') do
it "exists" do
expect(subject).to exist
end
end
have_gid
In order to test a group have a given gid, you should use have_gid matcher.
describe group('root') do
it { should have_gid 0 }
end
describe group('root') do
it "has the correct gid" do
expect(subject).to have_gid(0)
end
end
host
Host resource type.
be_resolvable
In order to test a host is resolvable on the target host, you should use be_resolvable matcher.
describe host('serverspec.org') do
it { should be_resolvable }
end
describe host('serverspec.org') do
it { should be_resolvable.by('hosts') }
end
describe host('serverspec.org') do
it { should be_resolvable.by('dns') }
end
describe host('serverspec.org') do
it "is resolvable" do
expect(subject).to be_resolvable
end
end
describe host('serverspec.org') do
it "is resolvable by hosts" do
expect(subject).to be_resolvable.by('hosts')
end
end
describe host('serverspec.org') do
it "is resolvable by dns" do
expect(subject).to be_resolvable.by('dns')
end
end
be_reachable
In order to test a given host is network reachable, you should use be_reachable matcher.
describe host('target.example.jp') do
# ping
it { should be_reachable }
# tcp port 22
it { should be_reachable.with( :port => 22 ) }
# set protocol explicitly
it { should be_reachable.with( :port => 22, :proto => 'tcp' ) }
# udp port 53
it { should be_reachable.with( :port => 53, :proto => 'udp' ) }
# timeout setting (default is 5 seconds)
it { should be_reachable.with( :port => 22, :proto => 'tcp', :timeout => 1 ) }
end
describe host('target.example.jp') do
it "reachable" do
expect(subject).to be_reachable
end
it "reachable on the default ssh port" do
expect(subject).to be_reachable.with( :port => 22 )
end
it "reachable on the default ssh port with tcp protocol" do
expect(subject).to be_reachable.with( :port => 22, :proto => 'tcp' )
end
it "reachable on port 53 with udp protocol" do
expect(subject).to be_reachable.with( :port => 53, :proto => 'udp' )
end
it "reachable within a second" do
expect(subject).to be_reachable.with( :port => 22, :proto => 'tcp', :timeout => 1 )
end
end
its(:ipaddress)
You can get the ipaddress of the host, and can use any matchers rspec supports to them.
describe host('example.jp') do
its(:ipaddress) { should eq '1.2.3.4' }
end
describe host('example.jp') do
its(:ipaddress) { should match /1\.2\.3\./ }
end
describe host('example.jp') do
it "correct ipaddress" do
expect(subject.ipaddress).to eq('1.2.3.4')
end
end
describe host('example.jp') do
it "correct ipaddress" do
expect(subject.ipaddress).to match(/1\.2\.3\./)
end
end
iis_app_pool
IIS Application Pool resource type.
exists
In order to test that an IIS app pool exists, you should use exists matcher.
describe iis_app_pool('Default App Pool') do
it{ should exist }
end
describe iis_app_pool('Default App Pool') do
it "exists" do
expect(subject).to exist
end
end
have_dotnet_version
In order to test that an IIS app pool is using the correct .NET version, you should use havedotnetversion matcher.
describe iis_app_pool('Default App Pool') do
it{ should have_dotnet_version('2.0') }
end
describe iis_app_pool('Default App Pool') do
it "has the correct dotnet version" do
expect(subject).to have_dotnet_version('2.0')
end
end
iis_website
IIS Website resource type.
exists
In order to test that an IIS website exists, you should use exists matcher.
describe iis_website('Default Website') do
it{ should exist }
end
describe iis_website('Default Website') do
it "exists" do
expect(subject).to exist
end
end
enabled
In order to test that an IIS website is set to automatically start, you should use enabled matcher.
describe iis_website('Default Website') do
it{ should be_enabled }
end
describe iis_website('Default Website') do
it "is enabled" do
expect(subject).to be_enabled
end
end
running
In order to test that an IIS website is currently running, you should use running matcher.
describe iis_website('Default Website') do
it{ should be_running }
end
describe iis_website('Default Website') do
it "is running" do
expect(subject).to be_running
end
end
in_app_pool
In order to test that an IIS website is currently assigned to the correct Application Pool, you should use in_app_pool matcher.
describe iis_website('Default Website') do
it{ should be_in_app_pool('Default App Pool') }
end
describe iis_website('Default Website') do
it "in the correct app pool" do
expect(subject).to be_in_app_pool('Default App Pool')
end
end
have_physical_path
In order to test that an IIS website gets its files from the correct location, you should use have_physical_path matcher.
describe iis_website('Default Website') do
it{ should have_physical_path('C:\\inetpub\\www') }
end
describe iis_website('Default Website') do
it "has the correct physical path" do
expect(subject).to have_physical_path('C:\\inetpub\\www')
end
end
interface
Network interface resource type.
In order to test a network interface is set up correctly, you should use this syntax.
describe interface('eth0') do
its(:speed) { should eq 1000 }
end
describe interface('eth0') do
it "has correct speed" do
expect(subject.speed).to eq(1000)
end
end
have_ipv4_address
In order to test a interface has a ip address, you should use have_ipv4_address matcher.
describe interface('eth0') do
it { should have_ipv4_address("192.168.10.10") }
it { should have_ipv4_address("192.168.10.10/24") }
end
describe interface('eth0') do
it "has the correct ipv4 adddress" do
expect(subject).to have_ipv4_address("192.168.10.10")
end
it "has the correct ipv4 adddress" do
expect(subject).to have_ipv4_address("192.168.10.10/24")
end
end
ipfilter
Ipfilter resource type.
have_rule
In order to test ipfilter has a given rule, you should use have_rule matcher.
describe ipfilter do
it { should have_rule 'pass in quick on lo0 all' }
end
describe ipfilter do
it "has a rule" do
expect(subject).to have_rule('pass in quick on lo0 all')
end
end
ipnat
Ipnat resource type.
have_rule
In order to test ipnat has a given rule, you should use have_rule matcher.
describe ipnat do
it { should have_rule 'map net1 192.168.0.0/24 -> 0.0.0.0/32' }
end
describe ipnat do
it "has the necessary rule" do
expect(subject).to have_rule('map net1 192.168.0.0/24 -> 0.0.0.0/32')
end
end
iptables
Iptables resource type.
have_rule
In order to test iptables has a given rule, you should use have_rule matcher.
describe iptables do
it { should have_rule('-P INPUT ACCEPT') }
end
describe iptables do
it "has the correct rule" do
expect(subject).to have_rule('-P INPUT ACCEPT')
end
end
You can give a table name and a chain name like this.
describe iptables do
it { should have_rule('-P INPUT ACCEPT').with_table('mangle').with_chain('INPUT') }
end
describe iptables do
it "has the correct rule" do
expect(subject).to have_rule('-P INPUT ACCEPT').with_table('mangle').with_chain('INPUT')
end
end
kernel_module
Kernel module resource type.
be_loaded
In order to test a given kernel module is loaded, you should use be_loaded matcher.
describe kernel_module('virtio_balloon') do
it { should be_loaded }
end
describe kernel_module('virtio_balloon') do
it "is loaded" do
expect(subject).to be_loaded
end
end
linux_kernel_parameter
Linux kernel parameter resource type.
You can test Linux kernel parameters like this.
describe 'Linux kernel parameters' do
context linux_kernel_parameter('net.ipv4.tcp_syncookies') do
its(:value) { should eq 1 }
end
context linux_kernel_parameter('kernel.shmall') do
its(:value) { should be >= 4294967296 }
end
context linux_kernel_parameter('kernel.shmmax') do
its(:value) { should be <= 68719476736 }
end
context linux_kernel_parameter('kernel.osrelease') do
its(:value) { should eq '2.6.32-131.0.15.el6.x86_64' }
end
context linux_kernel_parameter('net.ipv4.tcp_wmem') do
its(:value) { should match /4096\t16384\t4194304/ }
end
end
describe 'Linux kernel parameters' do
context linux_kernel_parameter('net.ipv4.tcp_syncookies') do
it "correct value" do
expect(subject.value).to eq(1)
end
end
context linux_kernel_parameter('kernel.shmall') do
it "correct value" do
expect(subject.value).to be >= 4294967296
end
end
context linux_kernel_parameter('kernel.shmmax') do
it "correct value" do
expect(subject).to be <= 68719476736
end
end
context linux_kernel_parameter('kernel.osrelease') do
it "correct value" do
expect(subject).to eq '2.6.32-131.0.15.el6.x86_64'
end
end
context linux_kernel_parameter('net.ipv4.tcp_wmem') do
it "correct value" do
expect(subject).to match /4096\t16384\t4194304/
end
end
end
LXC
LXC(Linux Container) resource type.
You can test LXC like this.
describe lxc('ct01') do
it { should exist }
it { should be_running }
end
describe lxc('ct01') do
it "exists" do
expect(subject).to exist
end
it "is running" do
expect(subject).to be_running
end
end
mail_alias
Mail alias resource type.
You can test mail aliases like this.
describe mail_alias('daemon') do
it { should be_aliased_to 'root' }
end
describe mail_alias('daemon') do
it "is aliased correctly" do
expect(subject).to be_aliased_to('root')
end
end
package
Package resource type.
be_installed
In order to test a package is installed, you should use be_installed matcher.
describe package('httpd') do
it { should be_installed }
end
describe package('httpd') do
it "is installed" do
expect(subject).to be_installed
end
end
You can also test a given version of gem is installed.
describe package('jekyll') do
it { should be_installed.by('gem').with_version('0.12.1') }
end
describe package('jekyll') do
it "installed with the correct version" do
expect(subject).to be_installed.by('gem').with_version('0.12.1')
end
end
php_config
PHP config resource type.
You can test PHP config parameters like this.
describe 'PHP config parameters' do
context php_config('default_mimetype') do
its(:value) { should eq 'text/html' }
end
context php_config('session.cache_expire') do
its(:value) { should eq 180 }
end
context php_config('mbstring.http_output_conv_mimetypes') do
its(:value) { should match /application/ }
end
end
describe 'PHP config parameters' do
context php_config('default_mimetype') do
it "correct value" do
expect(subject).to eq 'text/html'
end
end
context php_config('session.cache_expire') do
it "correct value" do
expect(subject).to eq 180
end
end
context php_config('mbstring.http_output_conv_mimetypes') do
it "correct value" do
expect(subject).to match /application/
end
end
end
port
Port resource type.
be_listening
In order to test a given port is listening, you should use be_listening matcher.
describe port(80) do
it { should be_listening }
end
describe port(80) do
it "listening" do
expect(subject).to be_listening
end
end
You can also specify tcp
, udp
, tcp6
, or udp6
.
describe port(80) do
it { should be_listening.with('tcp') }
end
describe port(80) do
it { should be_listening.with('tcp6') }
end
describe port(53) do
it { should be_listening.with('udp') }
end
describe port(53) do
it { should be_listening.with('udp6') }
end
describe port(80) do
it "listening with tcp" do
expect(subject).to be_listening.with('tcp')
end
end
describe port(80) do
it "listening with tcp6" do
expect(subject).to be_listening.with('tcp6')
end
end
describe port(53) do
it "listening with udp" do
expect(subject).to be_listening.with('udp')
end
end
describe port(53) do
it "listening with udp6" do
expect(subject).to be_listening.with('udp6')
end
end
You can specificy local binding address for port (this features requires gem 'serverspec', '~> 2.0.0.beta8'
).
describe port(80) do
it { should be_listening.on('127.0.0.1').with('tcp') }
end
describe port(80) do
it "listening on the correctly bound address with tcp" do
expect(subject).to be_listening.on('127.0.0.1').with('tcp')
end
end
ppa
PPA resource type.
exist
In order to test a given ppa repository exists, you should use exist matcher.
PPA resource type accepts both ppa:username/reponame
and username/reponame
style.
describe ppa('launchpad-username/ppa-name') do
it { should exist }
end
describe ppa('launchpad-username/ppa-name') do
it "exists" do
expect(subject).to exist
end
end
be_enabled
In order to test a given ppa repository is enabled, you should use be_enabled matcher.
describe ppa('launchpad-username/ppa-name') do
it { should be_enabled }
end
describe ppa('launchpad-username/ppa-name') do
it "enabled" do
expect(subject).to be_enabled
end
end
process
Process resource type.
You can test any process parameter available through the ps
command like this:
describe process("memcached") do
its(:args) { should match /-c 32000\b/ }
end
describe process("memcached") do
it "has the correct args" do
expect(subject).to match(match /-c 32000\b/)
end
end
For the complete list of available parameters, check the manual page
for ps(1)
, section Standard Format Specifiers. When several
processes match, only the parameters of the first one are be
available.
be_running
To check if a given process is running, you should use be_running matcher.
describe process("memcached") do
it { should be_running }
end
describe process("memcached") do
it "running" do
expect(subject).to be_running
end
end
routing_table
Routing table resource type.
have_entry
In order to test a routing table has a given entry, you should use have_entry matcher.
describe routing_table do
it do
should have_entry(
:destination => '192.168.100.0/24',
:interface => 'eth1',
:gateway => '192.168.10.1',
)
end
end
describe routing_table do
it "has the necessary entry" do
expect(subject).to have_entry(
:destination => '192.168.100.0/24',
:interface => 'eth1',
:gateway => '192.168.10.1',
)
end
end
selinux
SELinux resource type.
be_disabled/be_enforcing/be_permissive
In order to test SELinux is a given mode, you should use be_disabled, be_enforcing and be_permissive matchers.
# SELinux should be disabled
describe selinux do
it { should be_disabled }
end
# SELinux should be enforcing
describe selinux do
it { should be_enforcing }
end
# SELinux should be permissive
describe selinux do
it { should be_permissive }
end
# SELinux should be disabled
describe selinux do
it "disabled" do
expect(subject).to be_disabled
end
end
# SELinux should be enforcing
describe selinux do
it "enforcing" do
expect(subject).to be_enforcing
end
end
# SELinux should be permissive
describe selinux do
it "permissive" do
expect(subject).to be_permissive
end
end
service
Service resource type.
be_enabled
In order to test a given service is enabled(automatically start when OS booting up), you should use be_enabled matcher.
describe service('ntpd') do
it { should be_enabled }
end
describe service('ntpd') do
it "enabled" do
expect(subject).to be_enabled
end
end
You can test a service is enabled with a given run level.(This works only with Red Hat and Debian family currently.)
describe service('ntpd') do
it { should be_enabled.with_level(3) }
end
describe service('ntpd') do
it "enabled with level 3" do
expect(subject).to be_enabled.with_level(3)
end
end
be_installed
In order to test a given service is installed, you should use be_installed matcher.
Currently only supported in Windows
describe service('DNS Client') do
it { should be_installed }
end
describe service('DNS Client') do
it "installed" do
expect(subject).to be_installed
end
end
be_running
In order to test a given service/process is running, you should use be_running matcher.
describe service('ntpd') do
it { should be_running }
end
describe service('ntpd') do
it "is running" do
expect(subject).to be_running
end
end
You can test a given service/process is running under supervisor.
describe service('ntpd') do
it { should be_running.under('supervisor') }
end
describe service('ntpd') do
it "running under supervisor" do
expect(subject).to be_running.under('supervisor')
end
end
be_monitored_by
In order to test a service/process is monitored by a given software, you should use be_monitored_by matcher.
describe service('sshd') do
it { should be_monitored_by('monit') }
end
describe service('unicorn') do
it { should be_monitored_by('god') }
end
describe service('sshd') do
it "monitored by monit" do
expect(subject).to be_monitored_by('monit')
end
end
describe service('unicorn') do
it "monitored by god" do
expect(subject).to be_monitored_by('god')
end
end
have_start_mode
In order to test a service's startup mode is correct, you should use have_start_mode matcher.
Currently only supported in Windows
describe service('DNS Client') do
it { should have_start_mode('Manual') }
end
describe service('DNS Client') do
it "has a manual start mode" do
expect(subject).to have_start_mode('Manual')
end
end
user
User resource type.
exist
In order to test a subject exists as a user, you should use exist matcher.
describe user('root') do
it { should exist }
end
describe user('root') do
it "exists" do
expect(subject).to exist
end
end
belong_to_group
In order to test a user belongs to a given group, you should use belong_to_group matcher.
describe user('apache') do
it { should belong_to_group 'apache' }
end
describe user('apache') do
it "belongs to the correct group" do
expect(subject).to belong_to_group('apache')
end
end
have_uid
In order to test a user have a given uid, you should use have_uid matcher.
describe user('root') do
it { should have_uid 0 }
end
describe user('root') do
it "correct uid" do
expect(subject).to have_uid(0)
end
end
have_home_directory
In order to test a user have a given home directory, you should use have_home_directory matcher.
describe user('root') do
it { should have_home_directory '/root' }
end
describe user('root') do
it "correct home" do
expect(subject).to have_home_directory('/root')
end
end
have_login_shell
In order to test a user have a given login shell, you should use have_login_shell matcher.
describe user('root') do
it { should have_login_shell '/bin/bash' }
end
describe user('root') do
it "correct shell" do
expect(subject).to have_login_shell('/bin/bash')
end
end
have_authorized_key
In order to test a have have a given authorized key, you should use have_authorized_key matcher.
describe user('root') do
it { should have_authorized_key 'ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH foo@bar.local' }
end
describe user('root') do
it "correct authorized key" do
expect(subject).to have_authorized_key('ssh-rsa ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGH foo@bar.local')
end
end
windows_feature
Windows Feature resource type.
installed
In order to test that a windows feature has been installed, you should use installed matcher.
describe windows_feature('Minesweeper') do
it{ should be_installed }
end
describe windows_feature('Minesweeper') do
it "installed" do
expect(subject).to be_installed
end
end
You can optionally specify the method used to check the windows feature, as the same feature can have different names.
describe windows_feature('IIS-Webserver') do
it{ should be_installed.by("dism") }
end
describe windows_feature('Web-Webserver') do
it{ should be_installed.by("powershell") }
end
describe windows_feature('IIS-Webserver') do
it "installed by dism" do
expect(subject).to be_installed.by("dism")
end
end
describe windows_feature('Web-Webserver') do
it "installed by powershell" do
expect(subject).to be_installed.by("powershell")
end
end
windows_registry_key
Windows Registry Key resource type.
Matchers that reference the data type of the registry key will accept any of the following identifiers;
- :type_string
- :type_binary
- :type_dword
- :type_qword
- :type_multistring
- :type_expandstring
exist
In order to test that a key exists in the registry, you should use exist matcher.
describe windows_registry_key('HKEY_USERS\S-1-5-21\Test MyKey') do
it { should exist }
end
describe windows_registry_key('HKEY_USERS\S-1-5-21\Test MyKey') do
it "exists" do
expect(subject).to exist
end
end
have_property
In order to test a registry key contains a specific property, you should use the have_property matcher.
describe windows_registry_key('HKEY_USERS\S-1-5-21\Test MyKey') do
it { should have_property('string value') }
it { should have_property('binary value', :type_binary) }
it { should have_property('dword value', :type_dword) }
end
describe windows_registry_key('HKEY_USERS\S-1-5-21\Test MyKey') do
it "has correct string value" do
expect(subject).to have_property('string value')
end
it "has correct binary value" do
expect(subject).to have_property('binary value', :type_binary)
end
it "has correct dword value" do
expect(subject).to have_property('dword value', :type_dword)
end
end
have_value
In order to test that a registry key property has the correct value, you should use the have_value matcher.
describe windows_registry_key('HKEY_USERS\S-1-5-21\Test MyKey') do
it { should have_value('test default data') }
end
describe windows_registry_key('HKEY_USERS\S-1-5-21\Test MyKey') do
it "has the correct value" do
expect(subject).to have_value('test default data')
end
end
have_property_value
In order to test that a registry key property has the correct value and data type, you should use the have_property_value matcher.
describe windows_registry_key('HKEY_USERS\S-1-5-21\Test MyKey') do
it { should have_property_value('multistring value', :type_multistring, "test\nmulti\nstring\ndata") }
it { should have_property_value('qword value', :type_qword, 'adff32') }
it { should have_property_value('binary value', :type_binary, 'dfa0f066') }
end
describe windows_registry_key('HKEY_USERS\S-1-5-21\Test MyKey') do
it "correct 'multistring value'" do
expect(subject).to have_property_value('multistring value', :type_multistring, "test\nmulti\nstring\ndata")
end
it "correct 'qword value'" do
expect(subject).to have_property_value('qword value', :type_qword, 'adff32')
end
it "correct 'binary value" do
expect(subject).to have_property_value('binary value', :type_binary, 'dfa0f066')
end
end
yumrepo
Yumrepo resource type.
exist
In order to test a given yum repository exists, you should use exist matcher.
describe yumrepo('epel') do
it { should exist }
end
describe yumrepo('epel') do
it "exists" do
expect(subject).to exist
end
end
be_enabled
In order to test a given yum repository is enabled, you should use be_enabled matcher.
describe yumrepo('epel') do
it { should be_enabled }
end
describe yumrepo('epel') do
it "enabled" do
expect(subject).to be_enabled
end
end
zfs
ZFS resource type.
exist
In order to test a given zfs pool exists, you should use exist matcher.
describe zfs('rpool') do
it { should exist }
end
describe zfs('rpool') do
it "exists" do
expect(subject).to exist
end
end
have_property
In order to test a zfs pool has given properties, you should use have_property matcher.
describe zfs('rpool') do
it { should have_property 'mountpoint' => '/rpool', 'compression' => 'off' }
end
describe zfs('rpool') do
it "has correct property" do
expect(subject).to have_property('mountpoint' => '/rpool', 'compression' => 'off')
end
end