2017-02-22 13:36:42 +00:00
|
|
|
# encoding: utf-8
|
|
|
|
# author: Adam Leff
|
|
|
|
|
2017-03-27 20:51:21 +00:00
|
|
|
require 'inspec/profile_vendor'
|
2017-02-22 13:36:42 +00:00
|
|
|
require 'mixlib/shellout'
|
2017-11-08 10:41:00 +00:00
|
|
|
require 'tomlrb'
|
2017-02-22 13:36:42 +00:00
|
|
|
|
|
|
|
module Habitat
|
2017-12-07 19:22:55 +00:00
|
|
|
class Profile
|
2017-02-22 13:36:42 +00:00
|
|
|
attr_reader :options, :path, :profile
|
|
|
|
|
|
|
|
def self.create(path, options = {})
|
|
|
|
creator = new(path, options)
|
|
|
|
hart_file = creator.create
|
|
|
|
creator.copy(hart_file)
|
|
|
|
ensure
|
|
|
|
creator.delete_work_dir
|
|
|
|
end
|
|
|
|
|
2017-10-17 12:53:41 +00:00
|
|
|
def self.setup(path)
|
|
|
|
new(path).setup
|
|
|
|
end
|
|
|
|
|
2017-02-22 13:36:42 +00:00
|
|
|
def self.upload(path, options = {})
|
|
|
|
uploader = new(path, options)
|
|
|
|
uploader.upload
|
|
|
|
ensure
|
|
|
|
uploader.delete_work_dir
|
|
|
|
end
|
|
|
|
|
|
|
|
def initialize(path, options = {})
|
|
|
|
@path = path
|
|
|
|
@options = options
|
|
|
|
|
|
|
|
log_level = options.fetch('log_level', 'info')
|
|
|
|
Habitat::Log.level(log_level.to_sym)
|
|
|
|
end
|
|
|
|
|
|
|
|
def create
|
|
|
|
Habitat::Log.info("Creating a Habitat artifact for profile: #{path}")
|
|
|
|
|
|
|
|
validate_habitat_installed
|
|
|
|
validate_habitat_origin
|
|
|
|
create_profile_object
|
2017-03-24 20:28:00 +00:00
|
|
|
verify_profile
|
|
|
|
vendor_profile_dependencies
|
2017-02-22 13:36:42 +00:00
|
|
|
copy_profile_to_work_dir
|
2017-10-17 12:53:41 +00:00
|
|
|
create_habitat_directories(work_dir)
|
|
|
|
create_plan(work_dir)
|
|
|
|
create_run_hook(work_dir)
|
|
|
|
create_settings_file(work_dir)
|
|
|
|
create_default_config(work_dir)
|
2017-02-22 13:36:42 +00:00
|
|
|
|
|
|
|
# returns the path to the .hart file in the work directory
|
|
|
|
build_hart
|
|
|
|
rescue => e
|
|
|
|
Habitat::Log.debug(e.backtrace.join("\n"))
|
|
|
|
exit_with_error(
|
|
|
|
'Unable to generate Habitat artifact.',
|
|
|
|
"#{e.class} -- #{e.message}",
|
|
|
|
)
|
|
|
|
end
|
|
|
|
|
|
|
|
def copy(hart_file)
|
|
|
|
validate_output_dir
|
|
|
|
|
|
|
|
Habitat::Log.info("Copying artifact to #{output_dir}...")
|
|
|
|
copy_hart(hart_file)
|
|
|
|
end
|
|
|
|
|
|
|
|
def upload
|
|
|
|
validate_habitat_auth_token
|
|
|
|
hart_file = create
|
|
|
|
upload_hart(hart_file)
|
|
|
|
rescue => e
|
|
|
|
Habitat::Log.debug(e.backtrace.join("\n"))
|
|
|
|
exit_with_error(
|
|
|
|
'Unable to upload Habitat artifact.',
|
|
|
|
"#{e.class} -- #{e.message}",
|
|
|
|
)
|
|
|
|
end
|
|
|
|
|
|
|
|
def delete_work_dir
|
|
|
|
Habitat::Log.debug("Deleting work directory #{work_dir}")
|
|
|
|
FileUtils.rm_rf(work_dir) if Dir.exist?(work_dir)
|
|
|
|
end
|
|
|
|
|
2017-10-17 12:53:41 +00:00
|
|
|
def setup
|
|
|
|
Habitat::Log.info("Setting up profile at #{path} for Habitat...")
|
|
|
|
create_profile_object
|
|
|
|
verify_profile
|
|
|
|
vendor_profile_dependencies
|
|
|
|
create_habitat_directories(path)
|
|
|
|
create_plan(path)
|
|
|
|
create_run_hook(path)
|
|
|
|
create_settings_file(path)
|
|
|
|
create_default_config(path)
|
|
|
|
end
|
|
|
|
|
2017-02-22 13:36:42 +00:00
|
|
|
private
|
|
|
|
|
|
|
|
def create_profile_object
|
2017-03-24 20:28:00 +00:00
|
|
|
@profile = Inspec::Profile.for_target(
|
|
|
|
path,
|
|
|
|
backend: Inspec::Backend.create(target: 'mock://'),
|
|
|
|
)
|
|
|
|
end
|
|
|
|
|
2017-02-22 13:36:42 +00:00
|
|
|
def verify_profile
|
|
|
|
Habitat::Log.info('Checking to see if the profile is valid...')
|
|
|
|
|
|
|
|
unless profile.check[:summary][:valid]
|
|
|
|
exit_with_error('Profile check failed. Please fix the profile before creating a Habitat artifact.')
|
|
|
|
end
|
|
|
|
|
|
|
|
Habitat::Log.info('Profile is valid.')
|
|
|
|
end
|
|
|
|
|
2017-03-24 20:28:00 +00:00
|
|
|
def vendor_profile_dependencies
|
2017-03-27 20:51:21 +00:00
|
|
|
profile_vendor = Inspec::ProfileVendor.new(path)
|
|
|
|
if profile_vendor.lockfile.exist? && profile_vendor.cache_path.exist?
|
2017-03-24 20:28:00 +00:00
|
|
|
Habitat::Log.info("Profile's dependencies are already vendored, skipping vendor process.")
|
|
|
|
else
|
|
|
|
Habitat::Log.info("Vendoring the profile's dependencies...")
|
2017-03-27 20:51:21 +00:00
|
|
|
profile_vendor.vendor!
|
|
|
|
|
|
|
|
Habitat::Log.info('Ensuring all vendored content has read permissions...')
|
|
|
|
profile_vendor.make_readable
|
2017-03-24 20:28:00 +00:00
|
|
|
|
|
|
|
# refresh the profile object since the profile now has new files
|
|
|
|
create_profile_object
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-02-22 13:36:42 +00:00
|
|
|
def validate_habitat_installed
|
|
|
|
Habitat::Log.info('Checking to see if Habitat is installed...')
|
|
|
|
cmd = Mixlib::ShellOut.new('hab --version')
|
|
|
|
cmd.run_command
|
2017-11-21 07:49:41 +00:00
|
|
|
exit_with_error('Unable to run Habitat commands.', cmd.stderr) if cmd.error?
|
2017-02-22 13:36:42 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def validate_habitat_origin
|
2017-11-21 07:49:41 +00:00
|
|
|
exit_with_error(
|
|
|
|
'Unable to determine Habitat origin name.',
|
|
|
|
'Run `hab setup` or set the HAB_ORIGIN environment variable.',
|
|
|
|
) if habitat_origin.nil?
|
2017-02-22 13:36:42 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def validate_habitat_auth_token
|
2017-11-21 07:49:41 +00:00
|
|
|
exit_with_error(
|
|
|
|
'Unable to determine Habitat auth token for publishing.',
|
|
|
|
'Run `hab setup` or set the HAB_AUTH_TOKEN environment variable.',
|
|
|
|
) if habitat_auth_token.nil?
|
2017-02-22 13:36:42 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def validate_output_dir
|
|
|
|
exit_with_error("Output directory #{output_dir} is not a directory or does not exist.") unless
|
|
|
|
File.directory?(output_dir)
|
|
|
|
end
|
|
|
|
|
|
|
|
def work_dir
|
|
|
|
return @work_dir if @work_dir
|
|
|
|
|
|
|
|
@work_dir ||= Dir.mktmpdir('inspec-habitat-exporter')
|
|
|
|
Habitat::Log.debug("Generated work directory #{@work_dir}")
|
|
|
|
|
|
|
|
@work_dir
|
|
|
|
end
|
|
|
|
|
2017-10-17 12:53:41 +00:00
|
|
|
def create_habitat_directories(parent_directory)
|
|
|
|
[
|
|
|
|
File.join(parent_directory, 'habitat'),
|
|
|
|
File.join(parent_directory, 'habitat', 'config'),
|
|
|
|
File.join(parent_directory, 'habitat', 'hooks'),
|
|
|
|
].each do |dir|
|
|
|
|
Dir.mkdir(dir) unless Dir.exist?(dir)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-02-22 13:36:42 +00:00
|
|
|
def copy_profile_to_work_dir
|
|
|
|
Habitat::Log.info('Copying profile contents to the work directory...')
|
|
|
|
profile.files.each do |f|
|
|
|
|
src = File.join(profile.root_path, f)
|
2017-10-17 12:53:41 +00:00
|
|
|
dst = File.join(work_dir, f)
|
2017-02-22 13:36:42 +00:00
|
|
|
if File.directory?(f)
|
|
|
|
Habitat::Log.debug("Creating directory #{dst}")
|
|
|
|
FileUtils.mkdir_p(dst)
|
|
|
|
else
|
|
|
|
Habitat::Log.debug("Copying file #{src} to #{dst}")
|
|
|
|
FileUtils.cp_r(src, dst)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-10-17 12:53:41 +00:00
|
|
|
def create_plan(directory)
|
|
|
|
plan_file = File.join(directory, 'habitat', 'plan.sh')
|
2017-02-22 13:36:42 +00:00
|
|
|
Habitat::Log.info("Generating Habitat plan at #{plan_file}...")
|
|
|
|
File.write(plan_file, plan_contents)
|
|
|
|
end
|
|
|
|
|
2017-10-17 12:53:41 +00:00
|
|
|
def create_run_hook(directory)
|
|
|
|
run_hook_file = File.join(directory, 'habitat', 'hooks', 'run')
|
2017-02-22 13:36:42 +00:00
|
|
|
Habitat::Log.info("Generating a Habitat run hook at #{run_hook_file}...")
|
|
|
|
File.write(run_hook_file, run_hook_contents)
|
|
|
|
end
|
|
|
|
|
2017-10-17 12:53:41 +00:00
|
|
|
def create_settings_file(directory)
|
|
|
|
settings_file = File.join(directory, 'habitat', 'config', 'settings.sh')
|
2017-04-14 15:59:16 +00:00
|
|
|
Habitat::Log.info("Generating a settings file at #{settings_file}...")
|
|
|
|
File.write(settings_file, "SLEEP_TIME={{cfg.sleep_time}}\n")
|
|
|
|
end
|
|
|
|
|
2017-10-17 12:53:41 +00:00
|
|
|
def create_default_config(directory)
|
|
|
|
default_toml = File.join(directory, 'habitat', 'default.toml')
|
2017-02-22 13:36:42 +00:00
|
|
|
Habitat::Log.info("Generating Habitat's default.toml configuration...")
|
|
|
|
File.write(default_toml, 'sleep_time = 300')
|
|
|
|
end
|
|
|
|
|
|
|
|
def build_hart
|
|
|
|
Habitat::Log.info('Building our Habitat artifact...')
|
|
|
|
|
|
|
|
env = {
|
|
|
|
'TERM' => 'vt100',
|
|
|
|
'HAB_ORIGIN' => habitat_origin,
|
|
|
|
'HAB_NONINTERACTIVE' => 'true',
|
|
|
|
}
|
|
|
|
|
|
|
|
env['RUST_LOG'] = 'debug' if Habitat::Log.level == :debug
|
|
|
|
|
|
|
|
# TODO: Would love to use Mixlib::ShellOut here, but it doesn't
|
|
|
|
# seem to preserve the STDIN tty, and docker gets angry.
|
|
|
|
Dir.chdir(work_dir) do
|
2017-04-28 01:16:29 +00:00
|
|
|
unless system(env, 'hab pkg build .')
|
2017-02-22 13:36:42 +00:00
|
|
|
exit_with_error('Unable to build the Habitat artifact.')
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
hart_files = Dir.glob(File.join(work_dir, 'results', '*.hart'))
|
|
|
|
|
|
|
|
if hart_files.length > 1
|
|
|
|
exit_with_error('More than one Habitat artifact was created which was not expected.')
|
|
|
|
elsif hart_files.empty?
|
|
|
|
exit_with_error('No Habitat artifact was created.')
|
|
|
|
end
|
|
|
|
|
|
|
|
hart_files.first
|
|
|
|
end
|
|
|
|
|
|
|
|
def copy_hart(working_dir_hart)
|
|
|
|
hart_basename = File.basename(working_dir_hart)
|
|
|
|
dst = File.join(output_dir, hart_basename)
|
|
|
|
FileUtils.cp(working_dir_hart, dst)
|
|
|
|
|
|
|
|
dst
|
|
|
|
end
|
|
|
|
|
|
|
|
def upload_hart(hart_file)
|
|
|
|
Habitat::Log.info('Uploading the Habitat artifact to our Depot...')
|
|
|
|
|
|
|
|
env = {
|
|
|
|
'TERM' => 'vt100',
|
|
|
|
'HAB_AUTH_TOKEN' => habitat_auth_token,
|
|
|
|
'HAB_NONINTERACTIVE' => 'true',
|
|
|
|
}
|
|
|
|
|
|
|
|
env['HAB_DEPOT_URL'] = ENV['HAB_DEPOT_URL'] if ENV['HAB_DEPOT_URL']
|
|
|
|
|
|
|
|
cmd = Mixlib::ShellOut.new("hab pkg upload #{hart_file}", env: env)
|
|
|
|
cmd.run_command
|
|
|
|
if cmd.error?
|
|
|
|
exit_with_error(
|
|
|
|
'Unable to upload Habitat artifact to the Depot.',
|
|
|
|
cmd.stdout,
|
|
|
|
cmd.stderr,
|
|
|
|
)
|
|
|
|
end
|
|
|
|
|
|
|
|
Habitat::Log.info('Upload complete!')
|
|
|
|
end
|
|
|
|
|
|
|
|
def habitat_origin
|
|
|
|
ENV['HAB_ORIGIN'] || habitat_cli_config['origin']
|
|
|
|
end
|
|
|
|
|
|
|
|
def habitat_auth_token
|
|
|
|
ENV['HAB_AUTH_TOKEN'] || habitat_cli_config['auth_token']
|
|
|
|
end
|
|
|
|
|
|
|
|
def habitat_cli_config
|
|
|
|
return @cli_config if @cli_config
|
|
|
|
|
|
|
|
config_file = File.join(ENV['HOME'], '.hab', 'etc', 'cli.toml')
|
|
|
|
return {} unless File.exist?(config_file)
|
|
|
|
|
2017-11-08 10:41:00 +00:00
|
|
|
@cli_config = Tomlrb.load_file(config_file)
|
2017-02-22 13:36:42 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def output_dir
|
|
|
|
options[:output_dir] || Dir.pwd
|
|
|
|
end
|
|
|
|
|
|
|
|
def exit_with_error(*errors)
|
|
|
|
errors.each do |error_msg|
|
|
|
|
Habitat::Log.error(error_msg)
|
|
|
|
end
|
|
|
|
|
|
|
|
exit 1
|
|
|
|
end
|
|
|
|
|
|
|
|
def package_name
|
|
|
|
"inspec-profile-#{profile.name}"
|
|
|
|
end
|
|
|
|
|
|
|
|
def plan_contents
|
2017-11-21 07:49:41 +00:00
|
|
|
plan = <<~EOL
|
|
|
|
pkg_name=#{package_name}
|
|
|
|
pkg_version=#{profile.version}
|
|
|
|
pkg_origin=#{habitat_origin}
|
|
|
|
pkg_deps=(chef/inspec core/ruby core/hab)
|
|
|
|
pkg_svc_user=root
|
|
|
|
EOL
|
2017-02-22 13:36:42 +00:00
|
|
|
|
|
|
|
plan += "pkg_license='#{profile.metadata.params[:license]}'\n\n" if profile.metadata.params[:license]
|
|
|
|
|
2017-11-21 07:49:41 +00:00
|
|
|
plan += <<~EOL
|
2017-02-22 13:36:42 +00:00
|
|
|
|
2017-11-21 07:49:41 +00:00
|
|
|
do_build() {
|
|
|
|
cp -vr $PLAN_CONTEXT/../* $HAB_CACHE_SRC_PATH/$pkg_dirname
|
|
|
|
}
|
2017-02-22 13:36:42 +00:00
|
|
|
|
2017-11-21 07:49:41 +00:00
|
|
|
do_install() {
|
|
|
|
local profile_contents
|
|
|
|
local excludes
|
|
|
|
profile_contents=($(ls))
|
|
|
|
excludes=(habitat results *.hart)
|
2017-04-28 01:16:29 +00:00
|
|
|
|
2017-11-21 07:49:41 +00:00
|
|
|
for item in ${excludes[@]}; do
|
|
|
|
profile_contents=(${profile_contents[@]/$item/})
|
|
|
|
done
|
2017-04-28 01:16:29 +00:00
|
|
|
|
2017-11-21 07:49:41 +00:00
|
|
|
mkdir ${pkg_prefix}/dist
|
|
|
|
cp -r ${profile_contents[@]} ${pkg_prefix}/dist/
|
|
|
|
}
|
2017-02-22 13:36:42 +00:00
|
|
|
EOL
|
|
|
|
|
|
|
|
plan
|
|
|
|
end
|
|
|
|
|
|
|
|
def run_hook_contents
|
2017-11-21 07:49:41 +00:00
|
|
|
<<~EOL
|
|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
# redirect stderr to stdout
|
|
|
|
# ultimately, we'd like to log this somewhere useful, but due to
|
|
|
|
# https://github.com/habitat-sh/habitat/issues/2395, we need to
|
|
|
|
# avoid doing that for now.
|
|
|
|
exec 2>&1
|
|
|
|
|
|
|
|
# InSpec will try to create a .cache directory in the user's home directory
|
|
|
|
# so this needs to be someplace writeable by the hab user
|
|
|
|
export HOME={{pkg.svc_var_path}}
|
|
|
|
|
|
|
|
PROFILE_IDENT="{{pkg.origin}}/{{pkg.name}}"
|
|
|
|
RESULTS_DIR="{{pkg.svc_var_path}}/inspec_results"
|
|
|
|
RESULTS_FILE="${RESULTS_DIR}/{{pkg.name}}.json"
|
|
|
|
|
|
|
|
# Create a directory for inspec formatter output
|
|
|
|
mkdir -p {{pkg.svc_var_path}}/inspec_results
|
|
|
|
|
|
|
|
while true; do
|
|
|
|
echo "Executing InSpec for ${PROFILE_IDENT}"
|
|
|
|
inspec exec {{pkg.path}}/dist --format=json > ${RESULTS_FILE}
|
|
|
|
|
|
|
|
if [ $? -eq 0 ]; then
|
|
|
|
echo "InSpec run completed successfully."
|
|
|
|
else
|
|
|
|
echo "InSpec run did not complete successfully. If you do not see any errors above,"
|
|
|
|
echo "control failures were detected. Check the InSpec results here for details:"
|
|
|
|
echo ${RESULTS_FILE}
|
|
|
|
echo "Otherwise, troubleshoot any errors shown above."
|
|
|
|
fi
|
|
|
|
|
|
|
|
source {{pkg.svc_config_path}}/settings.sh
|
|
|
|
echo "sleeping for ${SLEEP_TIME} seconds"
|
|
|
|
sleep ${SLEEP_TIME}
|
|
|
|
done
|
2017-02-22 13:36:42 +00:00
|
|
|
EOL
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|