1
0
Fork 0
mirror of synced 2024-11-16 22:25:34 -05:00

test(map): verify map.jinja dump using _mapdata state

* Semi-automated using https://github.com/myii/ssf-formula/pull/245
This commit is contained in:
Imran Iqbal 2020-08-25 05:03:17 +01:00
parent cd2950289e
commit 63865a286e
No known key found for this signature in database
GPG key ID: 6D8629439D2B7819
22 changed files with 276 additions and 0 deletions

View file

@ -153,6 +153,7 @@ suites:
state_top:
base:
'*':
- sudoers._mapdata
- sudoers
- sudoers.included
pillars:

View file

@ -0,0 +1,13 @@
# yamllint disable rule:indentation rule:line-length
# {{ grains.get('osfinger', grains.os) }}
---
{#- use salt.slsutil.serialize to avoid encoding errors on some platforms #}
{{ salt['slsutil.serialize'](
'yaml',
map,
default_flow_style=False,
allow_unicode=True,
)
| regex_replace("^\s+'$", "'", multiline=True)
| trim
}}

21
sudoers/_mapdata/init.sls Normal file
View file

@ -0,0 +1,21 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
---
{#- Get the `tplroot` from `tpldir` #}
{%- set tplroot = tpldir.split('/')[0] %}
{%- from tplroot ~ "/map.jinja" import sudoers with context %}
{%- set map = {
'sudoers': sudoers,
} %}
{%- do salt['log.debug']('### MAP.JINJA DUMP ###\n' ~ map | yaml(False)) %}
{%- set output_file = '/tmp/salt_mapdata_dump.yaml' %}
{{ tplroot }}-mapdata-dump:
file.managed:
- name: {{ output_file }}
- source: salt://{{ tplroot }}/_mapdata/_mapdata.jinja
- template: jinja
- context:
map: {{ map | yaml }}

View file

@ -0,0 +1,13 @@
# frozen_string_literal: true
control '`map.jinja` YAML dump' do
title 'should contain the lines'
mapdata_file = "_mapdata/#{system.platform[:finger].split('.').first}.yaml"
mapdata_dump = inspec.profile.file(mapdata_file)
describe file('/tmp/salt_mapdata_dump.yaml') do
it { should exist }
its('content') { should include mapdata_dump }
end
end

View file

@ -0,0 +1,5 @@
# yamllint disable rule:indentation rule:line-length
# Amazon Linux AMI-2018
---
sudoers:
pkg: sudo

View file

@ -0,0 +1,5 @@
# yamllint disable rule:indentation rule:line-length
# Amazon Linux-2
---
sudoers:
pkg: sudo

View file

@ -0,0 +1,5 @@
# yamllint disable rule:indentation rule:line-length
# Arch
---
sudoers:
pkg: sudo

View file

@ -0,0 +1,5 @@
# yamllint disable rule:indentation rule:line-length
# CentOS-6
---
sudoers:
pkg: sudo

View file

@ -0,0 +1,5 @@
# yamllint disable rule:indentation rule:line-length
# CentOS Linux-7
---
sudoers:
pkg: sudo

View file

@ -0,0 +1,5 @@
# yamllint disable rule:indentation rule:line-length
# CentOS Linux-8
---
sudoers:
pkg: sudo

View file

@ -0,0 +1,5 @@
# yamllint disable rule:indentation rule:line-length
# Debian-10
---
sudoers:
pkg: sudo

View file

@ -0,0 +1,5 @@
# yamllint disable rule:indentation rule:line-length
# Debian-9
---
sudoers:
pkg: sudo

View file

@ -0,0 +1,5 @@
# yamllint disable rule:indentation rule:line-length
# Fedora-31
---
sudoers:
pkg: sudo

View file

@ -0,0 +1,5 @@
# yamllint disable rule:indentation rule:line-length
# Fedora-32
---
sudoers:
pkg: sudo

View file

@ -0,0 +1,5 @@
# yamllint disable rule:indentation rule:line-length
# Leap-15
---
sudoers:
pkg: sudo

View file

@ -0,0 +1,5 @@
# yamllint disable rule:indentation rule:line-length
# Ubuntu-16.04
---
sudoers:
pkg: sudo

View file

@ -0,0 +1,5 @@
# yamllint disable rule:indentation rule:line-length
# Ubuntu-18.04
---
sudoers:
pkg: sudo

View file

@ -0,0 +1,5 @@
# yamllint disable rule:indentation rule:line-length
# Ubuntu-20.04
---
sudoers:
pkg: sudo

View file

@ -6,6 +6,9 @@ title: sudoers formula
maintainer: SaltStack Formulas
license: Apache-2.0
summary: Verify that the sudoers formula is setup and configured correctly
depends:
- name: share
path: test/integration/share
supports:
- platform-name: debian
- platform-name: ubuntu

View file

@ -0,0 +1,38 @@
# InSpec Profile: `share`
This shows the implementation of the `share` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md).
It's goal is to share the libraries between all profiles.
## Verify a profile
InSpec ships with built-in features to verify a profile structure.
```bash
$ inspec check share
Summary
-------
Location: share
Profile: profile
Controls: 4
Timestamp: 2019-06-24T23:09:01+00:00
Valid: true
Errors
------
Warnings
--------
```
## Execute a profile
To run all **supported** controls on a local machine use `inspec exec /path/to/profile`.
```bash
$ inspec exec share
..
Finished in 0.0025 seconds (files took 0.12449 seconds to load)
8 examples, 0 failures
```

View file

@ -0,0 +1,18 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
name: share
title: sudoers formula
maintainer: SaltStack Formulas
license: Apache-2.0
summary: shared resources
supports:
- platform-name: debian
- platform-name: ubuntu
- platform-name: centos
- platform-name: fedora
- platform-name: opensuse
- platform-name: suse
- platform-name: freebsd
- platform-name: amazon
- platform-name: arch

View file

@ -0,0 +1,99 @@
# frozen_string_literal: true
# system.rb -- InSpec resources for system values
# Author: Daniel Dehennin <daniel.dehennin@ac-dijon.fr>
# Copyright (C) 2020 Daniel Dehennin <daniel.dehennin@ac-dijon.fr>
HOSTNAME_CMDS = %w[hostname hostnamectl].freeze
HOSTNAME_CMDS_OPT = {
'hostname' => '-s',
'hostnamectl' => '--static'
}.freeze
class SystemResource < Inspec.resource(1)
name 'system'
attr_reader :platform
attr_reader :hostname
def initialize
@platform = build_platform
@hostname = found_hostname
end
private
def found_hostname
cmd = guess_hostname_cmd
unless cmd.exit_status.zero?
raise Inspec::Exceptions::ResourceSkipped,
"Error running '#{cmd}': #{cmd.stderr}"
end
cmd.stdout.chomp
end
def guess_hostname_cmd
HOSTNAME_CMDS.each do |cmd|
if inspec.command(cmd).exist?
return inspec.command("#{cmd} #{HOSTNAME_CMDS_OPT[cmd]}")
end
end
raise Inspec::Exceptions::ResourceSkipped,
"Error: #{@platform[:finger]}} has none of #{HOSTNAME_CMDS.join(', ')}"
end
def build_platform
{
family: build_platform_family,
name: build_platform_name,
release: build_platform_release,
finger: build_platform_finger
}
end
def build_platform_family
case inspec.platform[:name]
when 'arch'
'arch'
else
inspec.platform[:family]
end
end
def build_platform_name
case inspec.platform[:name]
when 'amazon'
'amazonlinux'
else
inspec.platform[:name]
end
end
def build_platform_release
case inspec.platform[:name]
when 'amazon'
# `2018` relase is named `1` in kitchen.yaml
inspec.platform[:release].gsub(/2018.*/, '1')
when 'arch'
'base-latest'
else
inspec.platform[:release]
end
end
def build_platform_finger
"#{build_platform_name}-#{build_finger_release}"
end
def build_finger_release
case inspec.platform[:name]
when 'ubuntu'
build_platform_release.split('.').slice(0, 2).join('.')
else
build_platform_release.split('.')[0]
end
end
end