Merge pull request #68 from myii/test/verify_map.jinja_dump

test(map): verify `map.jinja` dump using `_mapdata` state
This commit is contained in:
Imran Iqbal 2020-08-26 15:44:49 +01:00 committed by GitHub
commit 997a7324b7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
23 changed files with 367 additions and 92 deletions

View File

@ -59,34 +59,36 @@ jobs:
# Make sure the instances listed below match up with
# the `platforms` defined in `kitchen.yml`
- env: INSTANCE=default-debian-10-master-py3
- env: INSTANCE=default-ubuntu-2004-master-py3
# - env: INSTANCE=default-ubuntu-1804-master-py3
# - env: INSTANCE=default-centos-8-master-py3
- env: INSTANCE=default-centos-8-master-py3
- env: INSTANCE=default-fedora-32-master-py3
# - env: INSTANCE=default-fedora-31-master-py3
# - env: INSTANCE=default-opensuse-leap-151-master-py3
# - env: INSTANCE=default-amazonlinux-2-master-py3
- env: INSTANCE=default-opensuse-leap-152-master-py3
- env: INSTANCE=default-amazonlinux-2-master-py3
# - env: INSTANCE=default-debian-10-3000-3-py3
# - env: INSTANCE=default-debian-9-3000-3-py3
# - env: INSTANCE=default-ubuntu-1804-3000-3-py3
# - env: INSTANCE=default-centos-8-3000-3-py3
# - env: INSTANCE=default-centos-7-3000-3-py3
# - env: INSTANCE=default-fedora-31-3000-3-py3
# - env: INSTANCE=default-opensuse-leap-152-3000-3-py3
# - env: INSTANCE=default-amazonlinux-2-3000-3-py3
# - env: INSTANCE=default-ubuntu-1804-3000-3-py2
# - env: INSTANCE=default-ubuntu-1604-3000-3-py2
# - env: INSTANCE=default-arch-base-latest-3000-3-py2
# - env: INSTANCE=default-debian-10-2019-2-py3
# - env: INSTANCE=default-debian-9-2019-2-py3
- env: INSTANCE=default-ubuntu-1804-2019-2-py3
# - env: INSTANCE=default-ubuntu-1804-2019-2-py3
# - env: INSTANCE=default-ubuntu-1604-2019-2-py3
# - env: INSTANCE=default-centos-8-2019-2-py3
# - env: INSTANCE=default-centos-7-2019-2-py3
# - env: INSTANCE=default-fedora-31-2019-2-py3
- env: INSTANCE=default-opensuse-leap-151-2019-2-py3
# - env: INSTANCE=default-centos-7-2019-2-py2
- env: INSTANCE=default-amazonlinux-2-2019-2-py3
# - env: INSTANCE=default-arch-base-latest-2019-2-py2
- env: INSTANCE=default-fedora-30-2018-3-py3
# - env: INSTANCE=default-debian-9-2018-3-py2
# - env: INSTANCE=default-ubuntu-1604-2018-3-py2
# - env: INSTANCE=default-centos-7-2018-3-py2
# - env: INSTANCE=default-opensuse-leap-151-2018-3-py2
# - env: INSTANCE=default-amazonlinux-1-2018-3-py2
- env: INSTANCE=default-arch-base-latest-2018-3-py2
# - env: INSTANCE=default-debian-8-2017-7-py2
# - env: INSTANCE=default-ubuntu-1604-2017-7-py2
- env: INSTANCE=default-centos-6-2017-7-py2
# - env: INSTANCE=default-fedora-30-2017-7-py2
# - env: INSTANCE=default-opensuse-leap-151-2017-7-py2
# - env: INSTANCE=default-amazonlinux-1-2017-7-py2
# - env: INSTANCE=default-arch-base-latest-2017-7-py2
# - env: INSTANCE=default-opensuse-leap-152-2019-2-py3
# - env: INSTANCE=default-amazonlinux-2-2019-2-py3
# - env: INSTANCE=default-centos-6-2019-2-py2
# - env: INSTANCE=default-amazonlinux-1-2019-2-py2
- env: INSTANCE=default-arch-base-latest-2019-2-py2
## Define the release stage that runs `semantic-release`
- stage: 'release'

View File

@ -15,20 +15,26 @@ platforms:
- name: debian-10-master-py3
driver:
image: saltimages/salt-master-py3:debian-10
- name: ubuntu-2004-master-py3
driver:
image: saltimages/salt-master-py3:ubuntu-20.04
- name: ubuntu-1804-master-py3
driver:
image: saltimages/salt-master-py3:ubuntu-18.04
- name: centos-8-master-py3
driver:
image: saltimages/salt-master-py3:centos-8
- name: fedora-32-master-py3
driver:
image: saltimages/salt-master-py3:fedora-32
- name: fedora-31-master-py3
driver:
image: saltimages/salt-master-py3:fedora-31
- name: opensuse-leap-151-master-py3
- name: opensuse-leap-152-master-py3
driver:
image: netmanagers/salt-master-py3:opensuse-leap-15.1
image: saltimages/salt-master-py3:opensuse-leap-15.2
run_command: /usr/lib/systemd/systemd
# Workaround to avoid intermittent failures on `opensuse-leap-15.1`:
# Workaround to avoid intermittent failures on `opensuse-leap-15.2`:
# => SCP did not finish successfully (255): (Net::SCP::Error)
transport:
max_ssh_sessions: 1
@ -36,6 +42,47 @@ platforms:
driver:
image: saltimages/salt-master-py3:amazonlinux-2
## SALT `3000.3`
- name: debian-10-3000-3-py3
driver:
image: saltimages/salt-3000.3-py3:debian-10
- name: debian-9-3000-3-py3
driver:
image: saltimages/salt-3000.3-py3:debian-9
- name: ubuntu-1804-3000-3-py3
driver:
image: saltimages/salt-3000.3-py3:ubuntu-18.04
- name: centos-8-3000-3-py3
driver:
image: saltimages/salt-3000.3-py3:centos-8
- name: centos-7-3000-3-py3
driver:
image: saltimages/salt-3000.3-py3:centos-7
- name: fedora-31-3000-3-py3
driver:
image: saltimages/salt-3000.3-py3:fedora-31
- name: opensuse-leap-152-3000-3-py3
driver:
image: saltimages/salt-3000.3-py3:opensuse-leap-15.2
run_command: /usr/lib/systemd/systemd
# Workaround to avoid intermittent failures on `opensuse-leap-15.2`:
# => SCP did not finish successfully (255): (Net::SCP::Error)
transport:
max_ssh_sessions: 1
- name: amazonlinux-2-3000-3-py3
driver:
image: saltimages/salt-3000.3-py3:amazonlinux-2
- name: ubuntu-1804-3000-3-py2
driver:
image: saltimages/salt-3000.3-py2:ubuntu-18.04
- name: ubuntu-1604-3000-3-py2
driver:
image: saltimages/salt-3000.3-py2:ubuntu-16.04
- name: arch-base-latest-3000-3-py2
driver:
image: saltimages/salt-3000.3-py2:arch-base-latest
run_command: /usr/lib/systemd/systemd
## SALT `2019.2`
- name: debian-10-2019-2-py3
driver:
@ -46,92 +93,42 @@ platforms:
- name: ubuntu-1804-2019-2-py3
driver:
image: saltimages/salt-2019.2-py3:ubuntu-18.04
- name: ubuntu-1604-2019-2-py3
driver:
image: saltimages/salt-2019.2-py3:ubuntu-16.04
- name: centos-8-2019-2-py3
driver:
image: saltimages/salt-2019.2-py3:centos-8
- name: centos-7-2019-2-py3
driver:
image: saltimages/salt-2019.2-py3:centos-7
- name: fedora-31-2019-2-py3
driver:
image: saltimages/salt-2019.2-py3:fedora-31
- name: opensuse-leap-151-2019-2-py3
- name: opensuse-leap-152-2019-2-py3
driver:
image: netmanagers/salt-2019.2-py3:opensuse-leap-15.1
image: saltimages/salt-2019.2-py3:opensuse-leap-15.2
run_command: /usr/lib/systemd/systemd
# Workaround to avoid intermittent failures on `opensuse-leap-15.1`:
# Workaround to avoid intermittent failures on `opensuse-leap-15.2`:
# => SCP did not finish successfully (255): (Net::SCP::Error)
transport:
max_ssh_sessions: 1
- name: centos-7-2019-2-py2
driver:
image: netmanagers/salt-2019.2-py2:centos-7
- name: amazonlinux-2-2019-2-py3
driver:
image: saltimages/salt-2019.2-py3:amazonlinux-2
- name: centos-6-2019-2-py2
driver:
image: saltimages/salt-2019.2-py2:centos-6
run_command: /sbin/init
- name: amazonlinux-1-2019-2-py2
driver:
image: saltimages/salt-2019.2-py2:amazonlinux-1
run_command: /sbin/init
- name: arch-base-latest-2019-2-py2
driver:
image: saltimages/salt-2019.2-py2:arch-base-latest
run_command: /usr/lib/systemd/systemd
## SALT `2018.3`
- name: fedora-30-2018-3-py3
driver:
image: netmanagers/salt-2018.3-py3:fedora-30
- name: debian-9-2018-3-py2
driver:
image: netmanagers/salt-2018.3-py2:debian-9
- name: ubuntu-1604-2018-3-py2
driver:
image: netmanagers/salt-2018.3-py2:ubuntu-16.04
- name: centos-7-2018-3-py2
driver:
image: netmanagers/salt-2018.3-py2:centos-7
- name: opensuse-leap-151-2018-3-py2
driver:
image: netmanagers/salt-2018.3-py2:opensuse-leap-15.1
run_command: /usr/lib/systemd/systemd
# Workaround to avoid intermittent failures on `opensuse-leap-15.1`:
# => SCP did not finish successfully (255): (Net::SCP::Error)
transport:
max_ssh_sessions: 1
- name: amazonlinux-1-2018-3-py2
driver:
image: netmanagers/salt-2018.3-py2:amazonlinux-1
run_command: /sbin/init
- name: arch-base-latest-2018-3-py2
driver:
image: netmanagers/salt-2018.3-py2:arch-base-latest
run_command: /usr/lib/systemd/systemd
## SALT `2017.7`
- name: debian-8-2017-7-py2
driver:
image: netmanagers/salt-2017.7-py2:debian-8
- name: ubuntu-1604-2017-7-py2
driver:
image: netmanagers/salt-2017.7-py2:ubuntu-16.04
- name: centos-6-2017-7-py2
driver:
image: netmanagers/salt-2017.7-py2:centos-6
run_command: /sbin/init
- name: fedora-30-2017-7-py2
driver:
image: netmanagers/salt-2017.7-py2:fedora-30
- name: opensuse-leap-151-2017-7-py2
driver:
image: netmanagers/salt-2017.7-py2:opensuse-leap-15.1
run_command: /usr/lib/systemd/systemd
# Workaround to avoid intermittent failures on `opensuse-leap-15.1`:
# => SCP did not finish successfully (255): (Net::SCP::Error)
transport:
max_ssh_sessions: 1
- name: amazonlinux-1-2017-7-py2
driver:
image: netmanagers/salt-2017.7-py2:amazonlinux-1
run_command: /sbin/init
- name: arch-base-latest-2017-7-py2
driver:
image: netmanagers/salt-2017.7-py2:arch-base-latest
run_command: /usr/lib/systemd/systemd
provisioner:
name: salt_solo
log_level: debug
@ -156,6 +153,7 @@ suites:
state_top:
base:
'*':
- sudoers._mapdata
- sudoers
- sudoers.included
pillars:

View File

@ -0,0 +1,13 @@
# yamllint disable rule:indentation rule:line-length
# {{ grains.get('osfinger', grains.os) }}
---
{#- use salt.slsutil.serialize to avoid encoding errors on some platforms #}
{{ salt['slsutil.serialize'](
'yaml',
map,
default_flow_style=False,
allow_unicode=True,
)
| regex_replace("^\s+'$", "'", multiline=True)
| trim
}}

21
sudoers/_mapdata/init.sls Normal file
View File

@ -0,0 +1,21 @@
# -*- coding: utf-8 -*-
# vim: ft=sls
---
{#- Get the `tplroot` from `tpldir` #}
{%- set tplroot = tpldir.split('/')[0] %}
{%- from tplroot ~ "/map.jinja" import sudoers with context %}
{%- set map = {
'sudoers': sudoers,
} %}
{%- do salt['log.debug']('### MAP.JINJA DUMP ###\n' ~ map | yaml(False)) %}
{%- set output_file = '/tmp/salt_mapdata_dump.yaml' %}
{{ tplroot }}-mapdata-dump:
file.managed:
- name: {{ output_file }}
- source: salt://{{ tplroot }}/_mapdata/_mapdata.jinja
- template: jinja
- context:
map: {{ map | yaml }}

View File

@ -0,0 +1,13 @@
# frozen_string_literal: true
control '`map.jinja` YAML dump' do
title 'should contain the lines'
mapdata_file = "_mapdata/#{system.platform[:finger].split('.').first}.yaml"
mapdata_dump = inspec.profile.file(mapdata_file)
describe file('/tmp/salt_mapdata_dump.yaml') do
it { should exist }
its('content') { should include mapdata_dump }
end
end

View File

@ -0,0 +1,5 @@
# yamllint disable rule:indentation rule:line-length
# Amazon Linux AMI-2018
---
sudoers:
pkg: sudo

View File

@ -0,0 +1,5 @@
# yamllint disable rule:indentation rule:line-length
# Amazon Linux-2
---
sudoers:
pkg: sudo

View File

@ -0,0 +1,5 @@
# yamllint disable rule:indentation rule:line-length
# Arch
---
sudoers:
pkg: sudo

View File

@ -0,0 +1,5 @@
# yamllint disable rule:indentation rule:line-length
# CentOS-6
---
sudoers:
pkg: sudo

View File

@ -0,0 +1,5 @@
# yamllint disable rule:indentation rule:line-length
# CentOS Linux-7
---
sudoers:
pkg: sudo

View File

@ -0,0 +1,5 @@
# yamllint disable rule:indentation rule:line-length
# CentOS Linux-8
---
sudoers:
pkg: sudo

View File

@ -0,0 +1,5 @@
# yamllint disable rule:indentation rule:line-length
# Debian-10
---
sudoers:
pkg: sudo

View File

@ -0,0 +1,5 @@
# yamllint disable rule:indentation rule:line-length
# Debian-9
---
sudoers:
pkg: sudo

View File

@ -0,0 +1,5 @@
# yamllint disable rule:indentation rule:line-length
# Fedora-31
---
sudoers:
pkg: sudo

View File

@ -0,0 +1,5 @@
# yamllint disable rule:indentation rule:line-length
# Fedora-32
---
sudoers:
pkg: sudo

View File

@ -0,0 +1,5 @@
# yamllint disable rule:indentation rule:line-length
# Leap-15
---
sudoers:
pkg: sudo

View File

@ -0,0 +1,5 @@
# yamllint disable rule:indentation rule:line-length
# Ubuntu-16.04
---
sudoers:
pkg: sudo

View File

@ -0,0 +1,5 @@
# yamllint disable rule:indentation rule:line-length
# Ubuntu-18.04
---
sudoers:
pkg: sudo

View File

@ -0,0 +1,5 @@
# yamllint disable rule:indentation rule:line-length
# Ubuntu-20.04
---
sudoers:
pkg: sudo

View File

@ -6,6 +6,9 @@ title: sudoers formula
maintainer: SaltStack Formulas
license: Apache-2.0
summary: Verify that the sudoers formula is setup and configured correctly
depends:
- name: share
path: test/integration/share
supports:
- platform-name: debian
- platform-name: ubuntu

View File

@ -0,0 +1,38 @@
# InSpec Profile: `share`
This shows the implementation of the `share` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md).
It's goal is to share the libraries between all profiles.
## Verify a profile
InSpec ships with built-in features to verify a profile structure.
```bash
$ inspec check share
Summary
-------
Location: share
Profile: profile
Controls: 4
Timestamp: 2019-06-24T23:09:01+00:00
Valid: true
Errors
------
Warnings
--------
```
## Execute a profile
To run all **supported** controls on a local machine use `inspec exec /path/to/profile`.
```bash
$ inspec exec share
..
Finished in 0.0025 seconds (files took 0.12449 seconds to load)
8 examples, 0 failures
```

View File

@ -0,0 +1,18 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
name: share
title: sudoers formula
maintainer: SaltStack Formulas
license: Apache-2.0
summary: shared resources
supports:
- platform-name: debian
- platform-name: ubuntu
- platform-name: centos
- platform-name: fedora
- platform-name: opensuse
- platform-name: suse
- platform-name: freebsd
- platform-name: amazon
- platform-name: arch

View File

@ -0,0 +1,99 @@
# frozen_string_literal: true
# system.rb -- InSpec resources for system values
# Author: Daniel Dehennin <daniel.dehennin@ac-dijon.fr>
# Copyright (C) 2020 Daniel Dehennin <daniel.dehennin@ac-dijon.fr>
HOSTNAME_CMDS = %w[hostname hostnamectl].freeze
HOSTNAME_CMDS_OPT = {
'hostname' => '-s',
'hostnamectl' => '--static'
}.freeze
class SystemResource < Inspec.resource(1)
name 'system'
attr_reader :platform
attr_reader :hostname
def initialize
@platform = build_platform
@hostname = found_hostname
end
private
def found_hostname
cmd = guess_hostname_cmd
unless cmd.exit_status.zero?
raise Inspec::Exceptions::ResourceSkipped,
"Error running '#{cmd}': #{cmd.stderr}"
end
cmd.stdout.chomp
end
def guess_hostname_cmd
HOSTNAME_CMDS.each do |cmd|
if inspec.command(cmd).exist?
return inspec.command("#{cmd} #{HOSTNAME_CMDS_OPT[cmd]}")
end
end
raise Inspec::Exceptions::ResourceSkipped,
"Error: #{@platform[:finger]}} has none of #{HOSTNAME_CMDS.join(', ')}"
end
def build_platform
{
family: build_platform_family,
name: build_platform_name,
release: build_platform_release,
finger: build_platform_finger
}
end
def build_platform_family
case inspec.platform[:name]
when 'arch'
'arch'
else
inspec.platform[:family]
end
end
def build_platform_name
case inspec.platform[:name]
when 'amazon'
'amazonlinux'
else
inspec.platform[:name]
end
end
def build_platform_release
case inspec.platform[:name]
when 'amazon'
# `2018` relase is named `1` in kitchen.yaml
inspec.platform[:release].gsub(/2018.*/, '1')
when 'arch'
'base-latest'
else
inspec.platform[:release]
end
end
def build_platform_finger
"#{build_platform_name}-#{build_finger_release}"
end
def build_finger_release
case inspec.platform[:name]
when 'ubuntu'
build_platform_release.split('.').slice(0, 2).join('.')
else
build_platform_release.split('.')[0]
end
end
end