Skip to content

Commit

Permalink
Merge pull request #136 from ncs-alane/ncs-alane-test-caching
Browse files Browse the repository at this point in the history
Use caching to improve spec performance
  • Loading branch information
artem-sidorenko authored Feb 14, 2017
2 parents ac6d642 + ce22f71 commit b774c1b
Show file tree
Hide file tree
Showing 11 changed files with 157 additions and 106 deletions.
1 change: 1 addition & 0 deletions .rspec
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
--color --format documentation --require spec_helper
3 changes: 2 additions & 1 deletion .rubocop.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,8 @@ AllCops:
Metrics/AbcSize:
Max: 29
Metrics/LineLength:
Enabled: false
Include:
- spec/**/*.rb
Metrics/MethodLength:
Max: 40
Style/Documentation:
Expand Down
32 changes: 18 additions & 14 deletions spec/recipes/default_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,9 @@
# limitations under the License.
#

require_relative '../spec_helper'

describe 'os-hardening::default' do
# converge
let(:chef_run) do
cached(:chef_run) do
ChefSpec::ServerRunner.new do |node|
# sysctl/attributes/default.rb will set the config dir
# on rhel and debian, but apply requires it for notification
Expand All @@ -28,22 +26,28 @@
node.normal['cpu']['0']['vendor_id'] = 'GenuineIntel'
node.normal['env']['extra_user_paths'] = []

paths = %w(/usr/local/sbin /usr/local/bin /usr/sbin /usr/bin /sbin /bin) + node['env']['extra_user_paths']
paths = %w(
/usr/local/sbin /usr/local/bin /usr/sbin /usr/bin /sbin /bin
) + node['env']['extra_user_paths']
paths.each do |folder|
stub_command("find #{folder} -perm -go+w -type f | wc -l | egrep '^0$'").and_return(false)
stub_command(
"find #{folder} -perm -go+w -type f | wc -l | egrep '^0$'"
).and_return(false)
end
end.converge(described_recipe)
end

# check that the recipres are executed
subject { chef_run }

# check that the recipes are executed
it 'default should include os-hardening recipes by default' do
expect(chef_run).to include_recipe 'os-hardening::packages'
expect(chef_run).to include_recipe 'os-hardening::limits'
expect(chef_run).to include_recipe 'os-hardening::login_defs'
expect(chef_run).to include_recipe 'os-hardening::minimize_access'
expect(chef_run).to include_recipe 'os-hardening::pam'
expect(chef_run).to include_recipe 'os-hardening::profile'
expect(chef_run).to include_recipe 'os-hardening::securetty'
expect(chef_run).to include_recipe 'os-hardening::sysctl'
is_expected.to include_recipe 'os-hardening::packages'
is_expected.to include_recipe 'os-hardening::limits'
is_expected.to include_recipe 'os-hardening::login_defs'
is_expected.to include_recipe 'os-hardening::minimize_access'
is_expected.to include_recipe 'os-hardening::pam'
is_expected.to include_recipe 'os-hardening::profile'
is_expected.to include_recipe 'os-hardening::securetty'
is_expected.to include_recipe 'os-hardening::sysctl'
end
end
12 changes: 7 additions & 5 deletions spec/recipes/limits_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -15,23 +15,25 @@
# limitations under the License.
#

require_relative '../spec_helper'

describe 'os-hardening::limits' do
let(:chef_run) do
cached(:chef_run) do
ChefSpec::ServerRunner.new.converge(described_recipe)
end

subject { chef_run }

it 'creates /etc/sysconfig/init' do
expect(chef_run).to create_template('/etc/security/limits.d/10.hardcore.conf').with(
is_expected.to create_template(
'/etc/security/limits.d/10.hardcore.conf'
).with(
user: 'root',
group: 'root',
mode: '0440'
)
end

it 'creates /etc/security/limits.d directory' do
expect(chef_run).to create_directory('/etc/security/limits.d').with(
is_expected.to create_directory('/etc/security/limits.d').with(
user: 'root',
group: 'root',
mode: '0755',
Expand Down
10 changes: 5 additions & 5 deletions spec/recipes/login_defs_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -15,18 +15,18 @@
# limitations under the License.
#

require_relative '../spec_helper'

describe 'os-hardening::login_defs' do
let(:chef_run) do
cached(:chef_run) do
ChefSpec::ServerRunner.new do |node|
node.normal['os-hardening']['auth']['uid_min'] = 5000
node.normal['os-hardening']['auth']['gid_min'] = 5000
end.converge(described_recipe)
end

subject { chef_run }

it 'creates /etc/login.defs' do
expect(chef_run).to create_template('/etc/login.defs').with(
is_expected.to create_template('/etc/login.defs').with(
source: 'login.defs.erb',
mode: '0444',
owner: 'root',
Expand All @@ -52,7 +52,7 @@
end

it 'uses uid_min and gid_min in /etc/login.defs' do
expect(chef_run).to render_file('/etc/login.defs').
is_expected.to render_file('/etc/login.defs').
with_content(/^PASS_WARN_AGE\s+7$/).
with_content(/^UID_MIN\s+5000$/).
with_content(/^GID_MIN\s+5000$/)
Expand Down
54 changes: 33 additions & 21 deletions spec/recipes/minimize_access_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -15,68 +15,80 @@
# limitations under the License.
#

require_relative '../spec_helper'

describe 'os-hardening::minimize_access' do
before do
stub_command("find /usr/local/sbin -perm -go+w -type f | wc -l | egrep '^0$'").and_return(false)
stub_command("find /usr/local/bin -perm -go+w -type f | wc -l | egrep '^0$'").and_return(false)
stub_command("find /usr/sbin -perm -go+w -type f | wc -l | egrep '^0$'").and_return(false)
stub_command("find /usr/bin -perm -go+w -type f | wc -l | egrep '^0$'").and_return(false)
stub_command("find /sbin -perm -go+w -type f | wc -l | egrep '^0$'").and_return(false)
stub_command("find /bin -perm -go+w -type f | wc -l | egrep '^0$'").and_return(false)
stub_command(
"find /usr/local/sbin -perm -go+w -type f | wc -l | egrep '^0$'"
).and_return(false)
stub_command(
"find /usr/local/bin -perm -go+w -type f | wc -l | egrep '^0$'"
).and_return(false)
stub_command(
"find /usr/sbin -perm -go+w -type f | wc -l | egrep '^0$'"
).and_return(false)
stub_command(
"find /usr/bin -perm -go+w -type f | wc -l | egrep '^0$'"
).and_return(false)
stub_command(
"find /sbin -perm -go+w -type f | wc -l | egrep '^0$'"
).and_return(false)
stub_command(
"find /bin -perm -go+w -type f | wc -l | egrep '^0$'"
).and_return(false)
end

let(:chef_run) do
cached(:chef_run) do
ChefSpec::ServerRunner.new.converge(described_recipe)
end

subject { chef_run }

it 'remove write permission from /usr/local/sbin' do
expect(chef_run).to run_execute('remove write permission from /usr/local/sbin').with(
command: 'chmod go-w -R /usr/local/sbin'
)
is_expected.to run_execute(
'remove write permission from /usr/local/sbin'
).with(command: 'chmod go-w -R /usr/local/sbin')
end

it 'remove write permission from /usr/local/bin' do
expect(chef_run).to run_execute('remove write permission from /usr/local/bin').with(
command: 'chmod go-w -R /usr/local/bin'
)
is_expected.to run_execute(
'remove write permission from /usr/local/bin'
).with(command: 'chmod go-w -R /usr/local/bin')
end

it 'remove write permission from /usr/sbin' do
expect(chef_run).to run_execute('remove write permission from /usr/sbin').with(
is_expected.to run_execute('remove write permission from /usr/sbin').with(
command: 'chmod go-w -R /usr/sbin'
)
end

it 'remove write permission from /usr/bin' do
expect(chef_run).to run_execute('remove write permission from /usr/bin').with(
is_expected.to run_execute('remove write permission from /usr/bin').with(
command: 'chmod go-w -R /usr/bin'
)
end

it 'remove write permission from /sbin' do
expect(chef_run).to run_execute('remove write permission from /sbin').with(
is_expected.to run_execute('remove write permission from /sbin').with(
command: 'chmod go-w -R /sbin'
)
end

it 'remove write permission from /bin' do
expect(chef_run).to run_execute('remove write permission from /bin').with(
is_expected.to run_execute('remove write permission from /bin').with(
command: 'chmod go-w -R /bin'
)
end

it 'creates /etc/shadow' do
expect(chef_run).to create_file('/etc/shadow').with(
is_expected.to create_file('/etc/shadow').with(
user: 'root',
group: 'root',
mode: '0600'
)
end

it 'creates /etc/su' do
expect(chef_run).to create_file('/bin/su').with(
is_expected.to create_file('/bin/su').with(
user: 'root',
group: 'root',
mode: '0750'
Expand Down
8 changes: 4 additions & 4 deletions spec/recipes/pam_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -15,14 +15,14 @@
# limitations under the License.
#

require_relative '../spec_helper'

describe 'os-hardening::pam' do
let(:chef_run) do
cached(:chef_run) do
ChefSpec::ServerRunner.new.converge(described_recipe)
end

subject { chef_run }

it 'remove pam-ccreds' do
expect(chef_run).to remove_package('pam-ccreds')
is_expected.to remove_package('pam-ccreds')
end
end
8 changes: 4 additions & 4 deletions spec/recipes/profile_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -15,15 +15,15 @@
# limitations under the License.
#

require_relative '../spec_helper'

describe 'os-hardening::profile' do
let(:chef_run) do
cached(:chef_run) do
ChefSpec::ServerRunner.new.converge(described_recipe)
end

subject { chef_run }

it 'create /etc/profile.d/pinerolo_profile.sh' do
expect(chef_run).to create_template('/etc/profile.d/pinerolo_profile.sh').with(
is_expected.to create_template('/etc/profile.d/pinerolo_profile.sh').with(
source: 'profile.conf.erb',
mode: 0755,
owner: 'root',
Expand Down
8 changes: 4 additions & 4 deletions spec/recipes/securetty_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -15,15 +15,15 @@
# limitations under the License.
#

require_relative '../spec_helper'

describe 'os-hardening::securetty' do
let(:chef_run) do
cached(:chef_run) do
ChefSpec::ServerRunner.new.converge(described_recipe)
end

subject { chef_run }

it 'creates /etc/securetty' do
expect(chef_run).to create_template('/etc/securetty').with(
is_expected.to create_template('/etc/securetty').with(
source: 'securetty.erb',
user: 'root',
group: 'root',
Expand Down
8 changes: 4 additions & 4 deletions spec/recipes/suid_sgid_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -15,14 +15,14 @@
# limitations under the License.
#

require_relative '../spec_helper'

describe 'os-hardening::suid_sgid' do
let(:chef_run) do
cached(:chef_run) do
ChefSpec::ServerRunner.new.converge(described_recipe)
end

subject { chef_run }

it 'run remove_suid_from_blacklists ruby_block' do
expect(chef_run).to run_ruby_block('remove_suid_from_blacklists')
is_expected.to run_ruby_block('remove_suid_from_blacklists')
end
end
Loading

0 comments on commit b774c1b

Please sign in to comment.