Merge pull request #3814 from inspec/tas50/kitchen

Update the integration tests to use dokken-images and newer Chef technologies
This commit is contained in:
Clinton Wolfe 2019-02-27 14:43:21 -05:00 committed by GitHub
commit 07ee1c3bb5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
33 changed files with 149 additions and 230 deletions

1
.gitignore vendored
View file

@ -9,6 +9,7 @@ Berksfile.lock
.librarian
Puppetfile.lock
.kitchen.local.yml
kitchen.local.yml
profile.tar.gz
omnibus/.cache
omnibus/pkg

View file

@ -1,45 +0,0 @@
---
driver:
name: vagrant
provisioner:
name: chef_solo
verifier:
name: inspec
sudo: true
platforms:
- name: centos-7.1
- name: centos-6.7
- name: centos-5.11
- name: debian-6.0.10
- name: debian-7.8
- name: debian-8.1
- name: fedora-21
- name: fedora-22
- name: freebsd-9.3
- name: freebsd-10.2
- name: opensuse-13.2-x86_64
- name: ubuntu-14.04
- name: ubuntu-12.04
- name: ubuntu-10.04
- name: mint-17.2-cinnamon
driver_config:
box: artem-sidorenko/mint-17.2-cinnamon
suites:
- name: default
run_list:
- recipe[apt]
- recipe[yum]
- recipe[os_prepare]
attributes:
- name: find_files
run_list:
- recipe[os_prepare::find_files]
verifier:
inspec_tests:
- test/integration/find_files
excludes:
- freebsd-10.2

View file

@ -1,10 +1,9 @@
sudo: required
branches:
only:
- master
language: ruby
cache: bundler
dist: trusty
dist: xenial
services:
- docker
bundler_args: "--without integration tools maintenance deploy"
@ -15,39 +14,60 @@ before_install:
matrix:
include:
- rvm: 2.3.8
env: UNIT_TESTS_23=1
- rvm: 2.4.5
env: UNIT_TESTS_24=1
- rvm: 2.5.3
env: UNIT_TESTS_25=1
#- rvm: 2.6.1 # this needs a few fixes to get enabled
# bundler_args: "--without integration tools maintenance deploy"
# env: UNIT_TESTS_26=1
- rvm: 2.4.5
script: bundle exec rake $SUITE
env: SUITE="test:functional"
- rvm: 2.4.5
- rvm: 2.5.3
script: bundle exec rake $SUITE
env: SUITE="test:functional"
- rvm: 2.5.3
script: bundle exec rake $SUITE
bundler_args: "--without tools maintenance deploy"
env: SUITE=test:integration[default-ubuntu-1204]
- rvm: 2.4.5
env: SUITE=test:integration[default-ubuntu-1404]
- rvm: 2.5.3
script: bundle exec rake $SUITE
bundler_args: "--without tools maintenance deploy"
env: SUITE=test:integration[default-ubuntu-1604]
- rvm: 2.4.5
- rvm: 2.5.3
script: bundle exec rake $SUITE
bundler_args: "--without tools maintenance deploy"
env: SUITE=test:integration[default-centos-68]
- rvm: 2.4.5
env: SUITE=test:integration[default-ubuntu-1804]
- rvm: 2.5.3
script: bundle exec rake $SUITE
bundler_args: "--without tools maintenance deploy"
env: SUITE=test:integration[default-centos-6]
- rvm: 2.5.3
script: bundle exec rake $SUITE
bundler_args: "--without tools maintenance deploy"
env: SUITE=test:integration[default-centos-7]
- rvm: 2.4.5
- rvm: 2.5.3
script: bundle exec rake $SUITE
bundler_args: "--without tools maintenance deploy"
env: SUITE=test:integration[default-debian-8]
- rvm: 2.4.5
- rvm: 2.5.3
script: bundle exec rake $SUITE
bundler_args: "--without tools maintenance deploy"
env: SUITE=test:integration[default-oracle-72]
- rvm: 2.4.5
env: SUITE=test:integration[default-debian-9]
- rvm: 2.5.3
script: bundle exec rake $SUITE
bundler_args: "--without tools maintenance deploy"
env: SUITE=test:integration[default-fedora-24]
env: SUITE=test:integration[default-oraclelinux-6]
- rvm: 2.5.3
script: bundle exec rake $SUITE
bundler_args: "--without tools maintenance deploy"
env: SUITE=test:integration[default-oraclelinux-7]
- rvm: 2.5.3
script: bundle exec rake $SUITE
bundler_args: "--without tools maintenance deploy"
env: SUITE=test:integration[default-fedora-29]
- rvm: 2.4.5
sudo: false
cache:

View file

@ -1,13 +1,4 @@
# encoding: utf-8
source 'https://supermarket.chef.io'
cookbook 'audit'
cookbook 'apt'
cookbook 'yum'
cookbook 'postgresql', '= 7.1.0'
cookbook 'docker'
cookbook 'yum-epel'
cookbook 'packagecloud'
cookbook 'os_prepare', path: './test/cookbooks/os_prepare'
cookbook 'runit', github: 'hw-cookbooks/runit'
cookbook 'ssh-hardening', git: 'https://github.com/dev-sec/chef-ssh-hardening.git'

View file

@ -22,7 +22,10 @@ group :test do
end
group :integration do
gem 'berkshelf', '~> 5.2'
# this version check can be removed when inspec no longer support ruby 2.3
if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('2.4')
gem 'berkshelf', '~> 7'
end
gem 'test-kitchen', '>= 1.24'
gem 'kitchen-vagrant'
# we need winrm v2 support >= 0.15.1

View file

@ -5,7 +5,6 @@
# install repositories for nginx
case node['platform']
when 'ubuntu'
include_recipe('apt')
# if ubuntu, install
apt_repository 'nginx-php' do
uri 'ppa:nginx/stable'

View file

@ -84,7 +84,4 @@ platforms:
suites:
- name: default
run_list:
- recipe[apt]
- recipe[yum]
- recipe[os_prepare]
attributes:

36
kitchen.vagrant.yml Normal file
View file

@ -0,0 +1,36 @@
---
driver:
name: vagrant
provisioner:
name: chef_solo
verifier:
name: inspec
sudo: true
platforms:
- name: centos-6
- name: centos-7
- name: debian-8
- name: debian-9
- name: fedora-28
- name: fedora-29
- name: freebsd-11
- name: opensuseleap-42
- name: ubuntu-14.04
- name: ubuntu-16.04
- name: ubuntu-18.04
suites:
- name: default
run_list:
- recipe[os_prepare]
- name: find_files
run_list:
- recipe[os_prepare::find_files]
verifier:
inspec_tests:
- test/integration/find_files
excludes:
- freebsd-11

View file

@ -1,7 +1,7 @@
---
driver:
name: dokken
chef_version: 14.3.37
chef_version: 14.10.9
privileged: true # because Docker and SystemD/Upstart
transport:
@ -22,72 +22,86 @@ verifier:
verifier_attribute: 'Attribute Override!'
platforms:
- name: ubuntu-12.04
- name: amazonlinux
driver:
image: ubuntu:12.04
- name: ubuntu-14.04
image: dokken/amazonlinux
pid_one_command: /sbin/init
- name: amazonlinux-2
driver:
image: ubuntu:14.04
- name: ubuntu-16.04
image: dokken/amazonlinux-2
pid_one_command: /usr/lib/systemd/systemd
- name: centos-6
driver:
image: ubuntu:16.04
intermediate_instructions:
- RUN /usr/bin/apt-get update
pid_one_command: /bin/systemd
- name: centos-6.6
driver:
image: centos:6.6
- name: centos-6.8
driver:
image: centos:6.8
intermediate_instructions:
- RUN yum install -y initscripts
image: dokken/centos-6
pid_one_command: /sbin/init
- name: centos-7
driver:
image: centos:7
image: dokken/centos-7
pid_one_command: /usr/lib/systemd/systemd
- name: oracle-6.7
driver:
image: oraclelinux:6.7
- name: oracle-7.2
driver:
image: oraclelinux:7.2
pid_one_command: /usr/lib/systemd/systemd
- name: debian-7
driver:
image: debian:7.11
intermediate_instructions:
- RUN /usr/bin/apt-get update
# running it within the chef recipe is too late :-(
- RUN /usr/bin/apt-get install -y procps lsb-release
- name: debian-8
driver:
image: debian:8.5
intermediate_instructions:
- RUN /usr/bin/apt-get update
# running it within the chef recipe is too late :-(
- RUN /usr/bin/apt-get install -y procps lsb-release
image: dokken/debian-8
pid_one_command: /bin/systemd
- name: fedora-23
driver:
image: fedora:23
pid_one_command: /usr/lib/systemd/systemd
intermediate_instructions:
- RUN dnf install -y yum
- name: fedora-24
- RUN /usr/bin/apt-get update
- name: debian-9
driver:
image: fedora:24
pid_one_command: /usr/lib/systemd/systemd
image: dokken/debian-9
pid_one_command: /bin/systemd
intermediate_instructions:
- RUN dnf install -y yum
- RUN /usr/bin/apt-get update
- name: fedora-29
driver:
image: dokken/fedora-29
pid_one_command: /usr/lib/systemd/systemd
- name: oraclelinux-6
driver:
image: dokken/oraclelinux-6
pid_one_command: /sbin/init
- name: oraclelinux-7
driver:
image: dokken/oraclelinux-7
pid_one_command: /usr/lib/systemd/systemd
- name: opensuse-leap
driver:
image: dokken/opensuse-leap-42
pid_one_command: /bin/systemd
- name: ubuntu-14.04
driver:
image: dokken/ubuntu-14.04
pid_one_command: /sbin/init
intermediate_instructions:
- RUN /usr/bin/apt-get update
- name: ubuntu-16.04
driver:
image: dokken/ubuntu-16.04
pid_one_command: /bin/systemd
intermediate_instructions:
- RUN /usr/bin/apt-get update
- name: ubuntu-18.04
driver:
image: dokken/ubuntu-18.04
pid_one_command: /bin/systemd
intermediate_instructions:
- RUN /usr/bin/apt-get update
suites:
- name: default
run_list:
- recipe[os_prepare]
- recipe[audit]
- recipe[apt]
- recipe[yum]
verifier:
inspec_tests:
- test/integration/default

View file

@ -1,15 +1,12 @@
# encoding: utf-8
name 'os_prepare'
maintainer 'Chef Software, Inc.'
maintainer_email 'support@chef.io'
description 'This cookbook prepares the test operating systems'
version '1.0.0'
depends 'apt'
depends 'yum'
# this cookbook has changed rapidly in the past so we pin it here to prevent build failures
depends 'postgresql', '= 7.1.3'
depends 'runit'
depends 'postgresql'
depends 'windows'
depends 'ssh-hardening'
depends 'openssl', '= 8.1.2'
depends 'docker'

View file

@ -1,4 +1,3 @@
# encoding: utf-8
# author: Stephan Renatus
include_recipe 'runit::default'

View file

@ -1,4 +1,3 @@
# encoding: utf-8
# author: Stephan Renatus
directory '/etc/init' do

View file

@ -1,4 +1,3 @@
# encoding: utf-8
# author: Christoph Hartmann
case node['platform_family']

View file

@ -1,4 +1,3 @@
# encoding: utf-8
# author: Christoph Hartmann
# author: Dominik Richter

View file

@ -1,4 +1,3 @@
# encoding: utf-8
# author: Stephan Renatus
case node['platform']

View file

@ -1,9 +1,9 @@
# encoding: utf-8
# author: Christoph Hartmann
# author: Dominik Richter
#
# prepare all operating systems with the required configuration
apt_update if platform_family?('debian')
# inject the current inspec gem for use with audit cookbook
# this is generated via Rake test:integration
@ -29,9 +29,6 @@ end
# set a static node uuid for our testing nodes
Chef::Config[:chef_guid] = uuid_from_string(node.name)
# container preparation
include_recipe('os_prepare::prep_container')
# confgure ssh
include_recipe('os_prepare::ssh')

View file

@ -1,8 +1,6 @@
# encoding: utf-8
# author: Christoph Hartmann
case node['platform']
when 'ubuntu', 'rhel', 'centos', 'fedora'
if platform_family?('rhel', 'debian', 'fedora')
docker_service 'default' do
action [:create, :start]
end

View file

@ -1,41 +1,21 @@
# encoding: utf-8
# author: Christoph Hartmann
# author: Dominik Richter
#
# prepares a sample file for verification
if node['platform_family'] != 'windows'
gid = case node['platform_family']
when 'aix'
'system'
when 'freebsd'
'wheel'
when 'solaris', 'solaris2'
'sys'
else
'root'
end
file '/tmp/file' do
mode '0765'
owner 'root'
group gid
content 'hello world'
end
file '/tmp/sfile' do
mode '7765'
owner 'root'
group gid
content 'hello suid/sgid/sticky'
end
directory '/tmp/folder' do
mode '0567'
owner 'root'
group gid
end
else

View file

@ -1,8 +1,6 @@
# encoding: utf-8
# author: Stephan Renatus
case node['platform']
when 'ubuntu', 'rhel', 'centos', 'fedora'
if platform_family?('rhel', 'debian', 'fedora')
execute 'iptables -A INPUT -i eth0 -p tcp -m tcp '\
'--dport 80 -m state --state NEW -m comment '\
'--comment "http on 80" -j ACCEPT'

View file

@ -1,27 +1,13 @@
# encoding: utf-8
# author: Christoph Hartmann
# author: Dominik Richter
#
# adds a yaml file
gid = case node['platform_family']
when 'aix'
'system'
when 'freebsd'
'wheel'
when 'solaris', 'solaris2'
'sys'
else
'root'
end
['yml', 'json', 'csv', 'ini', 'toml', 'xml'].each { |filetype|
if node['platform_family'] != 'windows'
cookbook_file "/tmp/example.#{filetype}" do
source "example.#{filetype}"
owner 'root'
group gid
mode '0755'
action :create
end

View file

@ -1,4 +1,3 @@
# encoding: utf-8
# author: Christoph Hartmann
# author: Dominik Richter
#

View file

@ -1,4 +1,3 @@
# encoding: utf-8
# author: Omar Irizarry
#
# change a few Windows registry keys for testing purposes

View file

@ -1,25 +1,6 @@
# encoding: utf-8
# author: Christoph Hartmann
# author: Dominik Richter
#
# installs everything to do the package test
case node['platform']
when 'ubuntu', 'debian'
include_recipe('apt')
package 'curl'
when 'rhel', 'centos', 'fedora'
include_recipe('yum')
# TODO: support DNF natively
# Special care for fedora 22, since dnf is not officially supported yet
# https://github.com/chef/chef/issues/3201
if node['platform_version'] == '22'
execute 'dnf install -y yum'
end
package 'curl'
when 'freebsd'
# do nothing
# TODO: implement Freebsd packages
end
package 'curl'

View file

@ -1,18 +1,10 @@
# encoding: utf-8
# author: Stephan Renatus
#
# installs everyting for the postgres tests
# hw-cookbooks/postgresql is tested on these platforms
# sous-chefs/postgresql is tested on these platforms
case node['platform']
when 'ubuntu', 'centos'
# also skip it on ubuntu 15.10, because the cookbook is not supported
# with `enable_pgdg_apt` yet
return if node['platform_version'] == "15.10"
# skip it on centos 5, because ca-certificates is not available
return if node['platform_version'] == "5"
node.default['postgresql']['enable_pgdg_apt'] = true
node.default['postgresql']['config']['listen_addresses'] = 'localhost'
node.default['postgresql']['password']['postgres'] = 'md506be11be01439cb4abd537e454df34ea' # "inspec"

View file

@ -1,15 +0,0 @@
# encoding: utf-8
# author: Christoph Hartmann
# author: Dominik Richter
#
# prepares container for normal use :-)
# install docker pre-conditions
if ['ubuntu', 'debian'].include?(node['platform'])
include_recipe('apt')
# if package lsb-release & procps is not installed
# chef returns an empty node['lsb']['codename']
package("lsb-release")
package("procps")
end

View file

@ -1,4 +1,3 @@
# encoding: utf-8
# author: Alex Pop
# author: Christoph Hartmann
#

View file

@ -1,4 +1,3 @@
# encoding: utf-8
# author: Christoph Hartmann
# author: Dominik Richter
#
@ -7,7 +6,6 @@
case node['platform']
when 'ubuntu'
# install ntp as a service
include_recipe 'apt::default'
package 'ntp'
when 'centos'

View file

@ -1,4 +1,3 @@
# encoding: utf-8
# author: Christoph Hartmann
#
# installs ssh

View file

@ -1,6 +1,6 @@
if node['platform_family'] != 'windows'
openssl_x509 '/tmp/mycert.pem' do
openssl_x509_certificate '/tmp/mycert.pem' do
common_name 'www.f00bar.com'
org 'Foo Bar'
org_unit 'Lab'
@ -8,7 +8,7 @@ if node['platform_family'] != 'windows'
expire 360
end
openssl_rsa_key '/tmp/server.key' do
openssl_rsa_private_key '/tmp/server.key' do
key_length 2048
end

View file

@ -11,9 +11,9 @@ describe x509_certificate('/tmp/mycert.pem') do
its('signature_algorithm') { should eq 'sha256WithRSAEncryption' }
its('validity_in_days') { should_not be < 100 }
its('validity_in_days') { should be >= 100 }
its('subject_dn') { should eq '/C=US/ST= /L= /O=Foo Bar/OU=Lab/CN=www.f00bar.com' }
its('subject_dn') { should eq '/C=US/O=Foo Bar/OU=Lab/CN=www.f00bar.com' }
its('subject.C') { should eq 'US' }
its('issuer_dn') { should eq '/C=US/ST= /L= /O=Foo Bar/OU=Lab/CN=www.f00bar.com' }
its('issuer_dn') { should eq '/C=US/O=Foo Bar/OU=Lab/CN=www.f00bar.com' }
its('key_length') { should be >= 2048 }
end