From 5fa1cf1432060eaa15b69eddf844a0e08c71e194 Mon Sep 17 00:00:00 2001
From: Eric Veiras Galisson <eric@sietch-tabr.com>
Date: Wed, 29 May 2019 22:24:48 +0200
Subject: [PATCH] test(kitchen): tests on config files

---
 kitchen.yml                                 |  1 +
 test/integration/default/controls/config.rb | 47 +++++++++++++++++++++
 2 files changed, 48 insertions(+)
 create mode 100644 test/integration/default/controls/config.rb

diff --git a/kitchen.yml b/kitchen.yml
index 16e2679..57a4d0b 100644
--- a/kitchen.yml
+++ b/kitchen.yml
@@ -86,6 +86,7 @@ provisioner:
     base:
       '*':
         - sudoers
+        - sudoers.included
   pillars:
     top.sls:
       base:
diff --git a/test/integration/default/controls/config.rb b/test/integration/default/controls/config.rb
new file mode 100644
index 0000000..54770b1
--- /dev/null
+++ b/test/integration/default/controls/config.rb
@@ -0,0 +1,47 @@
+control 'Sudoers configuration' do
+  title 'should match desired lines'
+
+  describe file('/etc/sudoers') do
+    it { should be_file }
+    it { should be_owned_by 'root' }
+    it { should be_grouped_into 'root' }
+    its('mode') { should cmp '0440' }
+    its('content') { should include 'Defaults:ADMINS !lecture' }
+    its('content') { should include 'Defaults:johndoe !requiretty' }
+    its('content') { should include 'Defaults@www1 log_year, logfile=/var/log/sudo.log' }
+    its('content') { should include 'Host_Alias WEBSERVERS = www1,www2,www3' }
+    its('content') { should include 'User_Alias ADMINS = millert,dowdy,mikef' }
+    its('content') { should include 'johndoe ALL=(ALL) ALL' }
+    its('content') { should include 'johndoe ALL=(root) NOPASSWD: /etc/init.d/httpd' }
+    its('content') { should include '%sudo ALL=(ALL) ALL' }
+    its('content') { should include '%sudo ALL=(nodejs) NOPASSWD: ALL' }
+    its('content') { should include '+sysadmins ALL=(ALL) ALL' }
+    its('content') { should include '#includedir /etc/sudoers.d' }
+
+  end
+
+  describe file('/etc/sudoers.d/extra-file') do
+    it { should be_file }
+    it { should be_owned_by 'root' }
+    it { should be_grouped_into 'root' }
+    its('mode') { should cmp '0440' }
+    its('content') { should include 'foo ALL=(ALL) ALL' }
+  end
+
+  describe file('/etc/sudoers.d/extra-file-2') do
+    it { should be_file }
+    it { should be_owned_by 'root' }
+    it { should be_grouped_into 'root' }
+    its('mode') { should cmp '0440' }
+    its('content') { should include '%bargroup ALL=(ALL) NOPASSWD: ALL' }
+  end
+
+  describe file('/etc/sudoers.d/extra-file-3') do
+    it { should be_file }
+    it { should be_owned_by 'root' }
+    it { should be_grouped_into 'root' }
+    its('mode') { should cmp '0440' }
+    its('content') { should include '+other_netgroup ALL=(ALL) ALL' }
+  end
+
+end