groups

Use the groups InSpec audit resource to test multiple groups on the system.


Availability

Installation

This resource is distributed along with InSpec itself. You can use it automatically.

Version

This resource first became available in v1.0.0 of InSpec.

Syntax

A groups resource block uses where to filter entries from the systems groups. If where is omitted, all entries are selected.

describe groups do
  its('names') { should eq ['wheel', 'daemon', 'sys', 'adm'] }
  its('names') { should include 'wheel' }
end

describe groups.where { members =~ /root/ } do
  its('names') { should eq ['wheel', 'daemon', 'sys', 'adm'] }
end


Examples

The following examples show how to use this InSpec audit resource.

Test the group identifier for the wheel group

describe groups.where { name == 'wheel' } do
  it { should exist }
  its('members') { should include 'root' }
end


Properties

gids

The gids property tests the named group identifier:

its('gids') { should eq 1234 }

names

The names property tests the name field on a Windows group:

its(‘names’) { should include ‘Power Users’ }

domains

The domains property tests the domain on a Windows group:

its(‘domains’) { should include ‘WIN-CIV7VMLVHLD’ }

members

The members property tests the members that belong to a group:

its('members') { should include 'root' }
its('members') { should include 'Administrator' }

Matchers

For a full list of available matchers, please visit our matchers page.

exist

The exist matcher tests if the named user exists:

it { should exist }