diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..0bbb03c --- /dev/null +++ b/.gitignore @@ -0,0 +1,122 @@ +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +env/ +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +*.egg-info/ +.installed.cfg +*.egg + +# PyInstaller +# Usually these files are written by a python script from a packager +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +.hypothesis/ +.kitchen +.kitchen.local.yml +kitchen.local.yml +junit-*.xml + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# pyenv +.python-version + +# celery beat schedule file +celerybeat-schedule + +# SageMath parsed files +*.sage.py + +# dotenv +.env + +# virtualenv +.venv +venv/ +ENV/ + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ + +# Bundler +Gemfile.lock + +# copied `.md` files used for conversion to `.rst` using `m2r` +docs/*.md + +# Vim +*.sw? + +## Collected when centralising formulas (check and sort) +# `collectd-formula` +.pytest_cache/ +/.idea/ +Dockerfile.*_* +ignore/ +tmp/ diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..f6ebb6c --- /dev/null +++ b/.travis.yml @@ -0,0 +1,45 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +stages: + - test + +sudo: required +cache: bundler +language: ruby +dist: xenial + +services: + - docker + +# Make sure the instances listed below match up with +# the `platforms` defined in `kitchen.yml` +env: + matrix: + - INSTANCE: default-debian-10-develop-py3 + # - INSTANCE: default-ubuntu-1804-develop-py3 + # - INSTANCE: default-centos-7-develop-py3 + # - INSTANCE: default-fedora-30-develop-py3 + # - INSTANCE: default-opensuse-leap-15-develop-py3 + # - INSTANCE: default-amazonlinux-2-develop-py2 + # - INSTANCE: default-debian-9-2019-2-py3 + - INSTANCE: default-ubuntu-1804-2019-2-py3 + # - INSTANCE: default-centos-7-2019-2-py3 + # - INSTANCE: default-fedora-30-2019-2-py3 + # - INSTANCE: default-opensuse-leap-15-2019-2-py3 + - INSTANCE: default-amazonlinux-2-2019-2-py2 + # - INSTANCE: default-debian-9-2018-3-py2 + # - INSTANCE: default-ubuntu-1604-2018-3-py2 + # - INSTANCE: default-centos-7-2018-3-py2 + - INSTANCE: default-fedora-29-2018-3-py2 + - INSTANCE: default-opensuse-leap-15-2018-3-py2 + # - INSTANCE: default-amazonlinux-2-2018-3-py2 + # - INSTANCE: default-debian-8-2017-7-py2 + # - INSTANCE: default-ubuntu-1604-2017-7-py2 + - INSTANCE: default-centos-6-2017-7-py2 + # - INSTANCE: default-fedora-29-2017-7-py2 + # - INSTANCE: default-opensuse-leap-15-2017-7-py2 + # - INSTANCE: default-amazonlinux-2-2017-7-py2 + +script: + - bin/kitchen verify ${INSTANCE} diff --git a/Gemfile b/Gemfile new file mode 100644 index 0000000..3b36de3 --- /dev/null +++ b/Gemfile @@ -0,0 +1,6 @@ +source "https://rubygems.org" + +gem 'kitchen-docker', '>= 2.9' +gem 'kitchen-salt', '>= 0.6.0' +gem 'kitchen-inspec', '>= 1.1' + diff --git a/bin/kitchen b/bin/kitchen new file mode 100755 index 0000000..1cd44f3 --- /dev/null +++ b/bin/kitchen @@ -0,0 +1,29 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +# +# This file was generated by Bundler. +# +# The application 'kitchen' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +require "pathname" +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile", + Pathname.new(__FILE__).realpath) + +bundle_binstub = File.expand_path("../bundle", __FILE__) + +if File.file?(bundle_binstub) + if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/ + load(bundle_binstub) + else + abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. +Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") + end +end + +require "rubygems" +require "bundler/setup" + +load Gem.bin_path("test-kitchen", "kitchen") diff --git a/kitchen.yml b/kitchen.yml new file mode 100644 index 0000000..ecc5458 --- /dev/null +++ b/kitchen.yml @@ -0,0 +1,151 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +# For help on this file's format, see https://kitchen.ci/ +driver: + name: docker + use_sudo: false + privileged: true + run_command: /lib/systemd/systemd + +# Make sure the platforms listed below match up with +# the `env.matrix` instances defined in `.travis.yml` +platforms: + ## SALT `develop` + - name: debian-10-develop-py3 + driver: + image: netmanagers/salt-develop-py3:debian-10 + provision_command: + - curl -o bootstrap-salt.sh -L https://bootstrap.saltstack.com + - sh bootstrap-salt.sh -XdPbfrq -x python3 git develop + - name: ubuntu-1804-develop-py3 + driver: + image: netmanagers/salt-develop-py3:ubuntu-18.04 + provision_command: + - curl -o bootstrap-salt.sh -L https://bootstrap.saltstack.com + - sh bootstrap-salt.sh -XdPbfrq -x python3 git develop + - name: centos-7-develop-py3 + driver: + image: netmanagers/salt-develop-py3:centos-7 + provision_command: + - curl -o bootstrap-salt.sh -L https://bootstrap.saltstack.com + - sh bootstrap-salt.sh -XdPbfrq -x python3 git develop + - name: fedora-30-develop-py3 + driver: + image: netmanagers/salt-develop-py3:fedora-30 + provision_command: + - curl -o bootstrap-salt.sh -L https://bootstrap.saltstack.com + - sh bootstrap-salt.sh -XdPbfrq -x python3 git develop + - name: opensuse-leap-15-develop-py3 + driver: + image: netmanagers/salt-develop-py3:opensuse-leap-15 + provision_command: + - curl -o bootstrap-salt.sh -L https://bootstrap.saltstack.com + - sh bootstrap-salt.sh -XdPbfrq -x python3 git develop + run_command: /usr/lib/systemd/systemd + - name: amazonlinux-2-develop-py2 + driver: + image: netmanagers/salt-develop-py2:amazonlinux-2 + provision_command: + - curl -o bootstrap-salt.sh -L https://bootstrap.saltstack.com + - sh bootstrap-salt.sh -XdPbfrq -x python2 git develop + + ## SALT `2019.2` + - name: debian-9-2019-2-py3 + driver: + image: netmanagers/salt-2019.2-py3:debian-9 + - name: ubuntu-1804-2019-2-py3 + driver: + image: netmanagers/salt-2019.2-py3:ubuntu-18.04 + - name: centos-7-2019-2-py3 + driver: + image: netmanagers/salt-2019.2-py3:centos-7 + - name: fedora-30-2019-2-py3 + driver: + image: netmanagers/salt-2019.2-py3:fedora-30 + - name: opensuse-leap-15-2019-2-py3 + driver: + image: netmanagers/salt-2019.2-py3:opensuse-leap-15 + run_command: /usr/lib/systemd/systemd + - name: amazonlinux-2-2019-2-py2 + driver: + image: netmanagers/salt-2019.2-py2:amazonlinux-2 + + ## SALT `2018.3` + - name: debian-9-2018-3-py2 + driver: + image: netmanagers/salt-2018.3-py2:debian-9 + - name: ubuntu-1604-2018-3-py2 + driver: + image: netmanagers/salt-2018.3-py2:ubuntu-16.04 + - name: centos-7-2018-3-py2 + driver: + image: netmanagers/salt-2018.3-py2:centos-7 + - name: fedora-29-2018-3-py2 + driver: + image: netmanagers/salt-2018.3-py2:fedora-29 + - name: opensuse-leap-15-2018-3-py2 + driver: + image: netmanagers/salt-2018.3-py2:opensuse-leap-15 + run_command: /usr/lib/systemd/systemd + - name: amazonlinux-2-2018-3-py2 + driver: + image: netmanagers/salt-2018.3-py2:amazonlinux-2 + + ## SALT `2017.7` + - name: debian-8-2017-7-py2 + driver: + image: netmanagers/salt-2017.7-py2:debian-8 + - name: ubuntu-1604-2017-7-py2 + driver: + image: netmanagers/salt-2017.7-py2:ubuntu-16.04 + - name: centos-6-2017-7-py2 + driver: + image: netmanagers/salt-2017.7-py2:centos-6 + run_command: /sbin/init + - name: fedora-29-2017-7-py2 + driver: + image: netmanagers/salt-2017.7-py2:fedora-29 + - name: opensuse-leap-15-2017-7-py2 + driver: + image: netmanagers/salt-2017.7-py2:opensuse-leap-15 + run_command: /usr/lib/systemd/systemd + - name: amazonlinux-2-2017-7-py2 + driver: + image: netmanagers/salt-2017.7-py2:amazonlinux-2 + +provisioner: + name: salt_solo + log_level: info + salt_install: none + require_chef: false + formula: sysctl + salt_copy_filter: + - .kitchen + - .git + +verifier: + # https://www.inspec.io/ + name: inspec + sudo: true + # cli, documentation, html, progress, json, json-min, json-rspec, junit + reporter: + - cli + +suites: + - name: default + provisioner: + state_top: + base: + '*': + - sysctl + pillars: + top.sls: + base: + '*': + - sysctl + pillars_from_files: + sysctl.sls: test/salt/pillar/sysctl.sls + verifier: + inspec_tests: + - path: test/integration/default diff --git a/pillar.example b/pillar.example index d7e20de..f519b91 100644 --- a/pillar.example +++ b/pillar.example @@ -1,3 +1,4 @@ +--- sysctl: lookup: pkg: procps-ng diff --git a/sysctl/osfamilymap.yml b/sysctl/osfamilymap.yml index 108ffa0..8f22984 100644 --- a/sysctl/osfamilymap.yml +++ b/sysctl/osfamilymap.yml @@ -1,12 +1,17 @@ +--- RedHat: config: location: /etc/sysctl.conf + Suse: pkg: procps + Debian: pkg: procps + Gentoo: pkg: sys-process/procps + FreeBSD: config: - location: /etc/sysctl.conf \ No newline at end of file + location: /etc/sysctl.conf diff --git a/sysctl/package.sls b/sysctl/package.sls index 9e0abfb..26b0517 100644 --- a/sysctl/package.sls +++ b/sysctl/package.sls @@ -2,7 +2,7 @@ # vim: ft=sls {## import settings from map.jinja ##} -{% from "sysctl/map.jinja" import sysctl_settings with context %} +{%- from "sysctl/map.jinja" import sysctl_settings with context %} sysctl-pkg: pkg.installed: diff --git a/sysctl/param.sls b/sysctl/param.sls index 0650766..65f5abf 100644 --- a/sysctl/param.sls +++ b/sysctl/param.sls @@ -2,7 +2,7 @@ # vim: ft=sls {## import settings from map.jinja ##} -{%- from "sysctl/map.jinja" import sysctl_settings with context -%} +{%- from "sysctl/map.jinja" import sysctl_settings with context %} {% if sysctl_settings.params is defined %} {% for param_name, param in sysctl_settings.get('params').items() %} diff --git a/test/integration/default/README.md b/test/integration/default/README.md new file mode 100644 index 0000000..37cf963 --- /dev/null +++ b/test/integration/default/README.md @@ -0,0 +1,50 @@ +# InSpec Profile: `default` + +This shows the implementation of the `default` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md). + +## Verify a profile + +InSpec ships with built-in features to verify a profile structure. + +```bash +$ inspec check default +Summary +------- +Location: default +Profile: profile +Controls: 4 +Timestamp: 2019-06-24T23:09:01+00:00 +Valid: true + +Errors +------ + +Warnings +-------- +``` + +## Execute a profile + +To run all **supported** controls on a local machine use `inspec exec /path/to/profile`. + +```bash +$ inspec exec default +.. + +Finished in 0.0025 seconds (files took 0.12449 seconds to load) +8 examples, 0 failures +``` + +## Execute a specific control from a profile + +To run one control from the profile use `inspec exec /path/to/profile --controls name`. + +```bash +$ inspec exec default --controls package +. + +Finished in 0.0025 seconds (files took 0.12449 seconds to load) +1 examples, 0 failures +``` + +See an [example control here](https://github.com/inspec/inspec/blob/master/examples/profile/controls/example.rb). diff --git a/test/integration/default/controls/package_spec.rb b/test/integration/default/controls/package_spec.rb new file mode 100644 index 0000000..6ce34b2 --- /dev/null +++ b/test/integration/default/controls/package_spec.rb @@ -0,0 +1,15 @@ +control 'Sysctl package' do + title 'should be installed' + + package_name = + case os[:family] + when 'debian', 'suse' + 'procps' + else + 'procps-ng' + end + + describe package(package_name) do + it { should be_installed } + end +end diff --git a/test/integration/default/inspec.yml b/test/integration/default/inspec.yml new file mode 100644 index 0000000..4472412 --- /dev/null +++ b/test/integration/default/inspec.yml @@ -0,0 +1,17 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +name: default +title: sysctl formula +maintainer: SaltStack Formulas +license: Apache-2.0 +summary: Verify that the sysctl formula is setup and configured correctly +supports: + - platform-name: debian + - platform-name: ubuntu + - platform-name: centos + - platform-name: fedora + - platform-name: opensuse + - platform-name: suse + - platform-name: freebsd + - platform-name: amazon diff --git a/test/salt/pillar/sysctl.sls b/test/salt/pillar/sysctl.sls new file mode 100644 index 0000000..a278bbb --- /dev/null +++ b/test/salt/pillar/sysctl.sls @@ -0,0 +1,4 @@ +--- +sysctl: + params: + vm.swappiness: 20