group resource
Use the group
Chef InSpec audit resource to test a single group on the system.
The group
resource uses the following system groups:
-
On non-Windows systems the group resource tests a local group defined in the
/etc/group
file. -
On Windows systems the group resource tests a local group defined by Local Users and Groups.
Availability
Installation
This resource is distributed along with Chef InSpec itself. You can use it automatically.
Version
This resource first became available in v1.0.0 of InSpec.
Syntax
A group
resource block declares a group, and then the details to be tested, such as if the group is a local group, the group identifier, or if the group exists:
describe group('group_name') do
it { should exist }
its('gid') { should eq 0 }
end
where
'group_name'
must specify the name of a group to be tested on the systemexist
and'gid'
are valid matchers for this resource
Properties
gid
The gid
property returns the named group identifier:
its('gid') { should eq 1234 }
members
The members
property returns the members that belong to the group:
its('members') { should include 'root' }
where members
returns:
-
an array of group members for Windows Platform.
Example:
["member1", "member2"]
-
a CSV formatted string of group members for Non-Windows Platforms.
Example:
"member1,member2"
members_array
The members_array
property returns the members that belong to a group just like the
members
property,
but the value returned by this property is always an array of group members.
its('members_array') { should include 'root' }
Examples
The following examples show how to use this Chef InSpec audit resource.
Test the group identifier for the root group
describe group('root') do
it { should exist }
its('gid') { should eq 0 }
end
Matchers
For a full list of available matchers, please visit our matchers page.
be_local
The be_local
matcher tests if the group is a local group:
it { should be_local }
exist
The exist
matcher tests if the named group exists:
it { should exist }
Was this page helpful?