From 1774df001ea36ecfbc4ad39c8f78a25792fb4720 Mon Sep 17 00:00:00 2001 From: Eric Veiras Galisson Date: Mon, 27 May 2019 16:12:27 +0200 Subject: [PATCH] feat: implementing kitchen tests and activate them on travis --- .gitignore | 113 +++++++++++++++++++ .travis.yml | 48 ++++++++ Gemfile | 6 + kitchen.yml | 110 ++++++++++++++++++ test/integration/default/controls/package.rb | 8 ++ test/integration/default/inspec.yml | 12 ++ test/salt/pillar/default.sls | 60 ++++++++++ test/salt/pillar/kitchen.sls | 7 ++ 8 files changed, 364 insertions(+) create mode 100644 .gitignore create mode 100644 .travis.yml create mode 100644 Gemfile create mode 100644 kitchen.yml create mode 100644 test/integration/default/controls/package.rb create mode 100644 test/integration/default/inspec.yml create mode 100644 test/salt/pillar/default.sls create mode 100644 test/salt/pillar/kitchen.sls diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ba07ed8 --- /dev/null +++ b/.gitignore @@ -0,0 +1,113 @@ +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +env/ +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +*.egg-info/ +.installed.cfg +*.egg + +# PyInstaller +# Usually these files are written by a python script from a packager +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +.hypothesis/ +.kitchen +.kitchen.local.yml +kitchen.local.yml + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# pyenv +.python-version + +# celery beat schedule file +celerybeat-schedule + +# SageMath parsed files +*.sage.py + +# dotenv +.env + +# virtualenv +.venv +venv/ +ENV/ + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ + +# Bundler +Gemfile.lock + +# copied `.md` files used for conversion to `.rst` using `m2r` +docs/*.md + +# Vim +*.sw? diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..38fd43c --- /dev/null +++ b/.travis.yml @@ -0,0 +1,48 @@ +stages: + - test + +#sudo: required +cache: bundler +language: ruby + +services: + - docker + +# Make sure the instances listed below match up with +# the `platforms` defined in `kitchen.yml` +# NOTE: Please try to select up to six instances that add some meaningful +# testing of the formula's behaviour. If possible, try to refrain from +# the classical "chosing all the instances because I want to test on +# another/all distro/s" trap: it will just add time to the testing (see +# the discussion on #121). As an example, the set chosen below covers +# the most used distros families, systemd and non-systemd and the latest +# three supported Saltstack versions with python2 and 3." +# As for `kitchen.yml`, that should still contain all of the platforms, +# to allow for comprehensive local testing +# Ref: https://github.com/saltstack-formulas/template-formula/issues/118 +# Ref: https://github.com/saltstack-formulas/template-formula/issues/121 +env: + matrix: + - INSTANCE: default-debian-9-2019-2-py3 + # - INSTANCE: default-ubuntu-1804-2019-2-py3 + - INSTANCE: default-centos-7-2019-2-py3 + # - INSTANCE: default-fedora-29-2019-2-py3 + - INSTANCE: default-opensuse-leap-15-2019-2-py3 + # - INSTANCE: default-debian-9-2018-3-py2 + - INSTANCE: default-ubuntu-1604-2018-3-py2 + # - INSTANCE: default-centos-7-2018-3-py2 + - INSTANCE: default-fedora-29-2018-3-py2 + # TODO: Use this when fixed instead of `opensuse-leap-42` + # Ref: https://github.com/netmanagers/salt-image-builder/issues/2 + # - INSTANCE: default-opensuse-leap-15-2018-3-py2 + # - INSTANCE: default-opensuse-leap-42-2018-3-py2 + # - INSTANCE: default-debian-8-2017-7-py2 + # - INSTANCE: default-ubuntu-1604-2017-7-py2 + # TODO: Enable after improving the formula to work with other than `systemd` + - INSTANCE: default-centos-6-2017-7-py2 + # - INSTANCE: default-fedora-28-2017-7-py2 + # - INSTANCE: default-opensuse-leap-42-2017-7-py2 + +script: + - bundle exec kitchen verify ${INSTANCE} + diff --git a/Gemfile b/Gemfile new file mode 100644 index 0000000..3b36de3 --- /dev/null +++ b/Gemfile @@ -0,0 +1,6 @@ +source "https://rubygems.org" + +gem 'kitchen-docker', '>= 2.9' +gem 'kitchen-salt', '>= 0.6.0' +gem 'kitchen-inspec', '>= 1.1' + diff --git a/kitchen.yml b/kitchen.yml new file mode 100644 index 0000000..16e2679 --- /dev/null +++ b/kitchen.yml @@ -0,0 +1,110 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +# For help on this file's format, see https://kitchen.ci/ +driver: + name: docker + use_sudo: false + privileged: true + run_command: /lib/systemd/systemd + +# Make sure the platforms listed below match up with +# the `env.matrix` instances defined in `.travis.yml` +platforms: + ## SALT 2019.2 + - name: debian-9-2019-2-py3 + driver: + image: netmanagers/salt-2019.2-py3:debian-9 + - name: ubuntu-1804-2019-2-py3 + driver: + image: netmanagers/salt-2019.2-py3:ubuntu-18.04 + - name: centos-7-2019-2-py3 + driver: + image: netmanagers/salt-2019.2-py3:centos-7 + - name: fedora-29-2019-2-py3 + driver: + image: netmanagers/salt-2019.2-py3:fedora-29 + - name: opensuse-leap-15-2019-2-py3 + driver: + image: netmanagers/salt-2019.2-py3:opensuse-leap-15 + run_command: /usr/lib/systemd/systemd + + ## SALT 2018.3 + - name: debian-9-2018-3-py2 + driver: + image: netmanagers/salt-2018.3-py2:debian-9 + - name: ubuntu-1604-2018-3-py2 + driver: + image: netmanagers/salt-2018.3-py2:ubuntu-16.04 + - name: centos-7-2018-3-py2 + driver: + image: netmanagers/salt-2018.3-py2:centos-7 + - name: fedora-29-2018-3-py2 + driver: + image: netmanagers/salt-2018.3-py2:fedora-29 + # TODO: Use this when fixed instead of `opensuse-leap-42` + # Ref: https://github.com/netmanagers/salt-image-builder/issues/2 + # - name: opensuse-leap-15-2018-3-py2 + # driver: + # image: netmanagers/salt-2018.3-py2:opensuse-leap-15 + # run_command: /usr/lib/systemd/systemd + - name: opensuse-leap-42-2018-3-py2 + driver: + image: netmanagers/salt-2018.3-py2:opensuse-leap-42 + run_command: /usr/lib/systemd/systemd + + ## SALT 2017.7 + - name: debian-8-2017-7-py2 + driver: + image: netmanagers/salt-2017.7-py2:debian-8 + - name: ubuntu-1604-2017-7-py2 + driver: + image: netmanagers/salt-2017.7-py2:ubuntu-16.04 + # TODO: Modify the formula to work for non-`systemd` platforms + - name: centos-6-2017-7-py2 + driver: + image: netmanagers/salt-2017.7-py2:centos-6 + run_command: /sbin/init + - name: fedora-28-2017-7-py2 + driver: + image: netmanagers/salt-2017.7-py2:fedora-28 + - name: opensuse-leap-42-2017-7-py2 + driver: + image: netmanagers/salt-2017.7-py2:opensuse-leap-42 + run_command: /usr/lib/systemd/systemd + +provisioner: + name: salt_solo + log_level: info + salt_install: none + require_chef: false + formula: sudoers + salt_copy_filter: + - .kitchen + - .git + state_top: + base: + '*': + - sudoers + pillars: + top.sls: + base: + '*': + - kitchen + - sudoers + pillars_from_files: + kitchen.sls: test/salt/pillar/kitchen.sls + sudoers.sls: test/salt/pillar/default.sls + +verifier: + # https://www.inspec.io/ + name: inspec + sudo: true + # cli, documentation, html, progress, json, json-min, json-rspec, junit + reporter: + - cli + inspec_tests: + - path: test/integration/default + +suites: + - name: default diff --git a/test/integration/default/controls/package.rb b/test/integration/default/controls/package.rb new file mode 100644 index 0000000..016eec0 --- /dev/null +++ b/test/integration/default/controls/package.rb @@ -0,0 +1,8 @@ + +control 'Sudo package' do + title 'should be installed' + + describe package('sudo') do + it { should be_installed } + end +end diff --git a/test/integration/default/inspec.yml b/test/integration/default/inspec.yml new file mode 100644 index 0000000..b16d5dd --- /dev/null +++ b/test/integration/default/inspec.yml @@ -0,0 +1,12 @@ +name: sudoers +title: Sudoers Formula +maintainer: Saltstack-formulas +license: Apache-2.0 +summary: Verify that the sudoers formula is setup and configured correctly +supports: + - os-name: debian + - os-name: ubuntu + - os-name: centos + - os-name: fedora + - os-name: opensuse + - os-name: suse diff --git a/test/salt/pillar/default.sls b/test/salt/pillar/default.sls new file mode 100644 index 0000000..bc7e856 --- /dev/null +++ b/test/salt/pillar/default.sls @@ -0,0 +1,60 @@ +sudoers: + # By default the main sudoers file is managed by this formula (False to skip) + manage_main_config: True + users: + johndoe: + - 'ALL=(ALL) ALL' + - 'ALL=(root) NOPASSWD: /etc/init.d/httpd' + groups: + sudo: + - 'ALL=(ALL) ALL' + - 'ALL=(nodejs) NOPASSWD: ALL' + netgroups: + sysadmins: + - 'ALL=(ALL) ALL' + defaults: + generic: + - env_reset + - mail_badpass + - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + user_list: + johndoe: '!requiretty' + ADMINS: '!lecture' + host_list: + www1: 'log_year, logfile=/var/log/sudo.log' + command_list: + PROCESSES: 'noexec' + runas_list: + root: '!set_logname' + aliases: + hosts: + WEBSERVERS: + - www1 + - www2 + - www3 + users: + ADMINS: + - millert + - dowdy + - mikef + commands: + PROCESSES: + - /usr/bin/nice + - /bin/kill + - /usr/bin/renice + - /usr/bin/pkill + - /usr/bin/top + includedir: /etc/sudoers.d + included_files: + /etc/sudoers.d/extra-file: + users: + foo: + - 'ALL=(ALL) ALL' + extra-file-2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + extra-file-3: + netgroups: + other_netgroup: + - 'ALL=(ALL) ALL' diff --git a/test/salt/pillar/kitchen.sls b/test/salt/pillar/kitchen.sls new file mode 100644 index 0000000..2acf60f --- /dev/null +++ b/test/salt/pillar/kitchen.sls @@ -0,0 +1,7 @@ +# Pillar needed to run Inspec inside Docker image using sudo to authenticate +# Must be added to pillar of all test suites +sudoers: + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' +