test(map): standardise `map.jinja` verification
* Automated using https://github.com/myii/ssf-formula/pull/281
This commit is contained in:
parent
c2182efdfa
commit
ac8921f11a
|
@ -19,8 +19,11 @@
|
||||||
/docs/AUTHORS.rst @saltstack-formulas/ssf
|
/docs/AUTHORS.rst @saltstack-formulas/ssf
|
||||||
/docs/CHANGELOG.rst @saltstack-formulas/ssf
|
/docs/CHANGELOG.rst @saltstack-formulas/ssf
|
||||||
/docs/TOFS_pattern.rst @saltstack-formulas/ssf
|
/docs/TOFS_pattern.rst @saltstack-formulas/ssf
|
||||||
|
/*/_mapdata/ @saltstack-formulas/ssf
|
||||||
/*/libsaltcli.jinja @saltstack-formulas/ssf
|
/*/libsaltcli.jinja @saltstack-formulas/ssf
|
||||||
/*/libtofs.jinja @saltstack-formulas/ssf
|
/*/libtofs.jinja @saltstack-formulas/ssf
|
||||||
|
/test/integration/**/_mapdata_spec.rb @saltstack-formulas/ssf
|
||||||
|
/test/integration/**/libraries/system.rb @saltstack-formulas/ssf
|
||||||
/test/integration/**/inspec.yml @saltstack-formulas/ssf
|
/test/integration/**/inspec.yml @saltstack-formulas/ssf
|
||||||
/test/integration/**/README.md @saltstack-formulas/ssf
|
/test/integration/**/README.md @saltstack-formulas/ssf
|
||||||
/.gitignore @saltstack-formulas/ssf
|
/.gitignore @saltstack-formulas/ssf
|
||||||
|
|
|
@ -3,14 +3,12 @@
|
||||||
---
|
---
|
||||||
{#- Get the `tplroot` from `tpldir` #}
|
{#- Get the `tplroot` from `tpldir` #}
|
||||||
{%- set tplroot = tpldir.split('/')[0] %}
|
{%- set tplroot = tpldir.split('/')[0] %}
|
||||||
{%- from tplroot ~ "/map.jinja" import sudoers with context %}
|
{%- from tplroot ~ "/map.jinja" import sudoers as mapdata with context %}
|
||||||
|
|
||||||
{%- set map = {
|
{%- do salt['log.debug']('### MAP.JINJA DUMP ###\n' ~ mapdata | yaml(False)) %}
|
||||||
'sudoers': sudoers,
|
|
||||||
} %}
|
|
||||||
{%- do salt['log.debug']('### MAP.JINJA DUMP ###\n' ~ map | yaml(False)) %}
|
|
||||||
|
|
||||||
{%- set output_file = '/tmp/salt_mapdata_dump.yaml' %}
|
{%- set output_dir = '/temp' if grains.os_family == 'Windows' else '/tmp' %}
|
||||||
|
{%- set output_file = output_dir ~ '/salt_mapdata_dump.yaml' %}
|
||||||
|
|
||||||
{{ tplroot }}-mapdata-dump:
|
{{ tplroot }}-mapdata-dump:
|
||||||
file.managed:
|
file.managed:
|
||||||
|
@ -18,4 +16,4 @@
|
||||||
- source: salt://{{ tplroot }}/_mapdata/_mapdata.jinja
|
- source: salt://{{ tplroot }}/_mapdata/_mapdata.jinja
|
||||||
- template: jinja
|
- template: jinja
|
||||||
- context:
|
- context:
|
||||||
map: {{ map | yaml }}
|
map: {{ mapdata | yaml }}
|
||||||
|
|
|
@ -1,13 +1,23 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
|
require 'yaml'
|
||||||
|
|
||||||
control '`map.jinja` YAML dump' do
|
control '`map.jinja` YAML dump' do
|
||||||
title 'should contain the lines'
|
title 'should match the comparison file'
|
||||||
|
|
||||||
|
# Strip the `platform[:finger]` version number down to the "OS major release"
|
||||||
mapdata_file = "_mapdata/#{system.platform[:finger].split('.').first}.yaml"
|
mapdata_file = "_mapdata/#{system.platform[:finger].split('.').first}.yaml"
|
||||||
mapdata_dump = inspec.profile.file(mapdata_file)
|
|
||||||
|
|
||||||
describe file('/tmp/salt_mapdata_dump.yaml') do
|
# Load the mapdata from profile https://docs.chef.io/inspec/profiles/#profile-files
|
||||||
it { should exist }
|
mapdata_dump = YAML.safe_load(inspec.profile.file(mapdata_file))
|
||||||
its('content') { should eq mapdata_dump }
|
|
||||||
|
# Derive the location of the dumped mapdata
|
||||||
|
output_dir = platform[:family] == 'windows' ? '/temp' : '/tmp'
|
||||||
|
output_file = "#{output_dir}/salt_mapdata_dump.yaml"
|
||||||
|
|
||||||
|
describe 'File content' do
|
||||||
|
it 'should match profile map data exactly' do
|
||||||
|
expect(yaml(output_file).params).to eq(mapdata_dump)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -2,37 +2,20 @@
|
||||||
|
|
||||||
This shows the implementation of the `share` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md).
|
This shows the implementation of the `share` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md).
|
||||||
|
|
||||||
It's goal is to share the libraries between all profiles.
|
Its goal is to share the libraries between all profiles.
|
||||||
|
|
||||||
## Verify a profile
|
## Libraries
|
||||||
|
|
||||||
InSpec ships with built-in features to verify a profile structure.
|
### `system`
|
||||||
|
|
||||||
```bash
|
The `system` library provides easy access to system dependent information:
|
||||||
$ inspec check share
|
|
||||||
Summary
|
|
||||||
-------
|
|
||||||
Location: share
|
|
||||||
Profile: profile
|
|
||||||
Controls: 4
|
|
||||||
Timestamp: 2019-06-24T23:09:01+00:00
|
|
||||||
Valid: true
|
|
||||||
|
|
||||||
Errors
|
- `system.platform`: based on `inspec.platform`, modify to values that are more consistent from a SaltStack perspective
|
||||||
------
|
- `system.platform[:family]` provide a family name for Arch and Gentoo
|
||||||
|
- `system.platform[:name]` append `linux` to both `amazon` and `oracle`; ensure Windows platforms are resolved as simply `windows`
|
||||||
Warnings
|
- `system.platform[:release]` tweak Arch, Amazon Linux, Gentoo and Windows:
|
||||||
--------
|
- `Arch` is always `base-latest`
|
||||||
```
|
- `Amazon Linux` release `2018` is resolved as `1`
|
||||||
|
- `Gentoo` release is trimmed to its major version number and then the init system is appended (i.e. `sysv` or `sysd`)
|
||||||
## Execute a profile
|
- `Windows` uses the widely-used release number (e.g. `8.1` or `2019-server`) in place of the actual system release version
|
||||||
|
- `system.platform[:finger]` is the concatenation of the name and the major release number (except for Ubuntu, which gives `ubuntu-20.04` for example)
|
||||||
To run all **supported** controls on a local machine use `inspec exec /path/to/profile`.
|
|
||||||
|
|
||||||
```bash
|
|
||||||
$ inspec exec share
|
|
||||||
..
|
|
||||||
|
|
||||||
Finished in 0.0025 seconds (files took 0.12449 seconds to load)
|
|
||||||
8 examples, 0 failures
|
|
||||||
```
|
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
# vim: ft=yaml
|
# vim: ft=yaml
|
||||||
---
|
---
|
||||||
name: share
|
name: share
|
||||||
title: sudoers formula
|
title: InSpec shared resources
|
||||||
maintainer: SaltStack Formulas
|
maintainer: SaltStack Formulas
|
||||||
license: Apache-2.0
|
license: Apache-2.0
|
||||||
summary: shared resources
|
summary: shared resources
|
||||||
|
@ -15,4 +15,7 @@ supports:
|
||||||
- platform-name: suse
|
- platform-name: suse
|
||||||
- platform-name: freebsd
|
- platform-name: freebsd
|
||||||
- platform-name: amazon
|
- platform-name: amazon
|
||||||
|
- platform-name: oracle
|
||||||
- platform-name: arch
|
- platform-name: arch
|
||||||
|
- platform-name: gentoo
|
||||||
|
- platform: windows
|
||||||
|
|
|
@ -27,8 +27,8 @@ class SystemResource < Inspec.resource(1)
|
||||||
|
|
||||||
def build_platform_family
|
def build_platform_family
|
||||||
case inspec.platform[:name]
|
case inspec.platform[:name]
|
||||||
when 'arch'
|
when 'arch', 'gentoo'
|
||||||
'arch'
|
inspec.platform[:name]
|
||||||
else
|
else
|
||||||
inspec.platform[:family]
|
inspec.platform[:family]
|
||||||
end
|
end
|
||||||
|
@ -36,13 +36,16 @@ class SystemResource < Inspec.resource(1)
|
||||||
|
|
||||||
def build_platform_name
|
def build_platform_name
|
||||||
case inspec.platform[:name]
|
case inspec.platform[:name]
|
||||||
when 'amazon'
|
when 'amazon', 'oracle'
|
||||||
'amazonlinux'
|
"#{inspec.platform[:name]}linux"
|
||||||
|
when 'windows_8.1_pro', 'windows_server_2019_datacenter'
|
||||||
|
'windows'
|
||||||
else
|
else
|
||||||
inspec.platform[:name]
|
inspec.platform[:name]
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# rubocop:disable Metrics/MethodLength
|
||||||
def build_platform_release
|
def build_platform_release
|
||||||
case inspec.platform[:name]
|
case inspec.platform[:name]
|
||||||
when 'amazon'
|
when 'amazon'
|
||||||
|
@ -52,10 +55,15 @@ class SystemResource < Inspec.resource(1)
|
||||||
'base-latest'
|
'base-latest'
|
||||||
when 'gentoo'
|
when 'gentoo'
|
||||||
"#{inspec.platform[:release].split('.')[0]}-#{derive_gentoo_init_system}"
|
"#{inspec.platform[:release].split('.')[0]}-#{derive_gentoo_init_system}"
|
||||||
|
when 'windows_8.1_pro'
|
||||||
|
'8.1'
|
||||||
|
when 'windows_server_2019_datacenter'
|
||||||
|
'2019-server'
|
||||||
else
|
else
|
||||||
inspec.platform[:release]
|
inspec.platform[:release]
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
# rubocop:enable Metrics/MethodLength
|
||||||
|
|
||||||
def derive_gentoo_init_system
|
def derive_gentoo_init_system
|
||||||
case inspec.command('systemctl').exist?
|
case inspec.command('systemctl').exist?
|
||||||
|
|
Loading…
Reference in New Issue