Chef + InSpec using only_if for users

Question

I need to go through a list of users and determine whether they are in a locked state, I can do this just fine but my issue is that I don't know how inspec will let me ignore users on my list that don't exist on the operating system. I've tried a few different methods using only_if (including below) with no luck.

Here is my code below:

system_accounts = [
'user1'
'user2'
'user3'

system_accounts.each do |name|
  only_if command("getent passwd #{name}") do
   describe command("passwd -S #{name}").stdout.split[1] do
     it { should match /LK|NP|NL/ }
     end
   end
  end
end

score 0 · Answer 1 · answered Sep 20 '16 at 02:38

0

You can only use only_if and similar APIs from inside a control block. You would probably want to use the user InSpec resource for this in the first place but also check out the users API.

answered Sep 20 '16 at 02:38

coderanger

52,400
4
52
75

Chef + InSpec using only_if for users

1 Answers1