cem_acpt 0.2.5 → 0.6.1

data/lib/cem_acpt/utils.rb

@@ -1,144 +1,10 @@
 # frozen_string_literal: true
 
-require 'open3'
-require 'securerandom'
+require_relative 'utils/puppet'
+require_relative 'utils/ssh'
+require_relative 'utils/terminal'
 
 module CemAcpt
   # Utility methods and modules for CemAcpt.
-  module Utils
-    def self.os
-      case RbConfig::CONFIG['host_os']
-      when /mswin|msys|mingw|cygwin|bccwin|wince|emc/
-        :windows
-      else
-        :nix
-      end
-    end
-
-    # File-related utilities
-    module File
-      def self.set_permissions(permission, *file_paths)
-        file_paths.map { |p| ::File.chmod(permission, p) }
-      end
-    end
-
-    # Puppet-related utilities
-    module Puppet
-      DEFAULT_PUPPET_PATH = {
-        nix: '/opt/puppetlabs/bin/puppet',
-        windows: 'C:/Program Files/Puppet Labs/Puppet/bin/puppet.bat',
-      }.freeze
-
-      # Finds and returns the Puppet executable
-      def self.puppet_executable
-        this_os = CemAcpt::Utils.os
-        if ::File.file?(DEFAULT_PUPPET_PATH[this_os]) && ::File.executable?(DEFAULT_PUPPET_PATH[this_os])
-          return DEFAULT_PUPPET_PATH[this_os]
-        end
-
-        file_name = 'puppet'
-        if this_os == :windows
-          exts = ENV['PATHEXT'] ? ".{#{ENV['PATHEXT'].tr(';', ',').tr('.', '').downcase}}" : '.{exe,com,bat}'
-          file_name = "#{file_name}#{exts}"
-        end
-        ENV['PATH'].split(::File::PATH_SEPARATOR).each do |path|
-          if ::File.file?(::File.join(path, file_name)) && ::File.executable?(::File.join(path, file_name))
-            return ::File.join(path, file_name)
-          end
-        end
-        raise 'Could not find Puppet executable! Is Puppet installed?'
-      end
-
-      # Builds a Puppet module package.
-      # @param module_dir [String] Path to the module directory. If target_dir
-      #   is specified as a relative path, it will be relative to the module dir.
-      # @param target_dir [String] Path to the target directory where the package
-      #   will be built. This defaults to the relative path 'pkg/'.
-      # @param should_log [Boolean] Whether or not to log the build process.
-      # @return [String] Path to the built package.
-      def self.build_module_package(module_dir, target_dir = nil, should_log: false)
-        require 'puppet/modulebuilder'
-        require 'fileutils'
-
-        builder_logger = should_log ? logger : nil
-        builder = ::Puppet::Modulebuilder::Builder.new(::File.expand_path(module_dir), target_dir, builder_logger)
-
-        # Validates module metadata by raising exception if invalid
-        _metadata = builder.metadata
-
-        # Builds the module package
-        builder.build
-      end
-    end
-
-    # Node-related utilities
-    module Node
-      def self.random_instance_name(prefix: 'cem-acpt-', length: 24)
-        rand_length = length - prefix.length
-        "#{prefix}#{::SecureRandom.hex(rand_length)}"
-      end
-    end
-
-    # SSH-related utilities
-    module SSH
-      def self.ssh_keygen
-        bin_path = `#{ENV['SHELL']} -c 'command -v ssh-keygen'`.chomp
-        raise 'Cannot find ssh-keygen! Install it and verify PATH' unless bin_path
-
-        bin_path
-      rescue StandardError => e
-        raise "Cannot find ssh-keygen! Install it and verify PATH. Orignal error: #{e}"
-      end
-
-      def self.default_keydir
-        ssh_dir = ::File.join(ENV['HOME'], '.ssh')
-        raise "SSH directory at #{ssh_dir} does not exist" unless ::File.directory?(ssh_dir)
-
-        ssh_dir
-      end
-
-      def self.ephemeral_ssh_key(type: 'rsa', bits: '4096', comment: nil, keydir: default_keydir)
-        raise ArgumentError, 'keydir does not exist' unless ::File.directory?(keydir)
-
-        keyfile = ::File.join(keydir, 'acpt_test_key')
-        keygen_cmd = [ssh_keygen, "-t #{type}", "-b #{bits}", "-f #{keyfile}", '-N ""']
-        keygen_cmd << "-C \"#{comment}\"" if comment
-        _, stderr, status = Open3.capture3(keygen_cmd.join(' '))
-        raise "Failed to generate ephemeral SSH key: #{stderr}" unless status.success?
-
-        [keyfile, "#{keyfile}.pub"]
-      end
-
-      def self.acpt_known_hosts(keydir: default_keydir, file_name: 'acpt_known_hosts', overwrite: true)
-        kh_file = ::File.join(keydir, file_name)
-        ::File.open(kh_file, 'w') { |f| f.write("\n") } unless ::File.exist?(kh_file) && !overwrite
-        kh_file
-      end
-
-      def self.set_ssh_file_permissions(priv_key, pub_key, known_hosts)
-        CemAcpt::Utils::File.set_permissions(0o600, priv_key, pub_key, known_hosts)
-      end
-    end
-
-    # Terminal-related utilities
-    module Terminal
-      def self.keep_terminal_alive
-        require 'concurrent-ruby'
-        executor = Concurrent::SingleThreadExecutor.new
-        executor.post do
-          loop do
-            $stdout.print(".\r")
-            sleep(1)
-            $stdout.print("..\r")
-            sleep(1)
-            $stdout.print("...\r")
-            sleep(1)
-            $stdout.print("   \r")
-            sleep(1)
-          end
-        end
-        executor
-      end
-    end
-  end
+  module Utils; end
 end

data/lib/cem_acpt/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module CemAcpt
-  VERSION = '0.2.5'
+  VERSION = '0.6.1'
 end

data/lib/cem_acpt.rb

@@ -1,34 +1,84 @@
 # frozen_string_literal: true
 
 module CemAcpt
+  require_relative 'cem_acpt/config'
   require_relative 'cem_acpt/logging'
+  require_relative 'cem_acpt/test_runner'
   require_relative 'cem_acpt/version'
-  require_relative 'cem_acpt/spec_helper_acceptance'
 
   class << self
     include CemAcpt::Logging
-  end
 
-  def self.run(params)
-    require_relative 'cem_acpt/context'
+    attr_reader :config
+
+    def version(as_str: false)
+      return VERSION unless as_str
+
+      "cem_acpt v#{VERSION}"
+    end
+
+    def print_config(options, format: :yaml)
+      config = new_config(options)
+      if format == :explain
+        puts config.explain
+        return
+      end
+      puts config.send("to_#{format}".to_sym)
+    end
+
+    def run(options)
+      # Set up config, logger, and helper
+      @config = new_config(options)
+      initialize_logger!
+      runner = new_runner
+
+      # Set up signal handlers
+      Signal.trap('INT') do
+        @trap_context = true
+        logger.trap_context = @trap_context
+        logger.fatal('Signal Handler') { 'Received interrupt signal. Cleaning up test suite...' }
+        runner.clean_up(@trap_context)
+        logger.fatal('Signal Handler') { 'Exiting due to interrupt signal' }
+        exit 1
+      end
 
-    log_level = params[:log_level]
-    log_formatter = params[:log_format] ? new_log_formatter(params[:log_format]) : nil
-    logdevs = [$stdout]
-    if params[:log_file] && params[:quiet]
-      logdevs = [params[:log_file]]
-    elsif params[:log_file] && !params[:quiet]
-      logdevs << params[:log_file]
+      # Run the test suite
+      runner.run
+
+      exit runner.exit_code
+    end
+
+    private
+
+    def new_config(options)
+      CemAcpt::Config.new(opts: options, config_file: options[:config_file])
     end
-    if (params[:CI] || ENV['CI'] || ENV['GITHUB_ACTION']) && !logdevs.include?($stdout)
-      logdevs << $stdout
+
+    def new_runner
+      CemAcpt::TestRunner::Runner.new(@config)
+    end
+
+    def initialize_logger!
+      raise 'Config must be loaded before logger can be initialized' if config.nil? || config.empty?
+
+      log_formatter = config.get('log_format')&.to_sym || :text
+      logdevs = [$stdout]
+      # If log_file is set, and quiet is set, only log to the file
+      if config.get('log_file') && config.get('quiet')
+        logdevs = [config.get('log_file')]
+      elsif config.get('log_file') && !config.get('quiet')
+        logdevs << config.get('log_file')
+      end
+      if config.ci_mode? && !logdevs.include?($stdout)
+        logdevs << $stdout
+      end
+      new_log = new_logger(
+        *logdevs,
+        level: config.get('log_level'),
+        formatter: log_formatter,
+      )
+      new_log.set_verbose(!!config.get('verbose'))
+      new_log
     end
-    new_logger(
-      *logdevs,
-      level: log_level,
-      formatter: log_formatter,
-    )
-    exit_code = CemAcpt::Context.with(params, &:run)
-    exit exit_code
   end
 end

data/lib/terraform/gcp/linux/goss/puppet_idempotent.yaml

@@ -0,0 +1,10 @@
+command:
+  puppet_idempotent:
+    exec: 'sudo /opt/puppetlabs/puppet/bin/puppet apply --verbose --detailed-exitcodes /opt/cem_acpt/manifest.pp'
+    timeout: 300000 # 5 mins in miliseconds
+    stdout:
+      - "Applied catalog in"
+    stderr:
+      - ""
+    exit-status: 0
+    

data/lib/terraform/gcp/linux/goss/puppet_noop.yaml

@@ -0,0 +1,12 @@
+command:
+  puppet_noop:
+    exec: 'sudo /opt/puppetlabs/puppet/bin/puppet apply --verbose --detailed-exitcodes --noop /opt/cem_acpt/manifest.pp'
+    timeout: 300000 # 5 mins in miliseconds
+    stdout:
+      - "Applied catalog in"
+    stderr:
+      - ""
+    exit-status:
+      or:
+        - 0
+        - 2

data/lib/terraform/gcp/linux/main.tf

@@ -0,0 +1,191 @@
+terraform {
+  required_providers {
+      google = {
+          source = "hashicorp/google"
+          version = "4.59.0"
+      }
+  }
+}
+
+variable "credentials_file" {
+    type = string
+}
+
+variable "project" {
+    type = string
+}
+
+variable "region" {
+    type = string
+}
+
+variable "zone" {
+    type = string
+}
+
+variable "subnetwork" {
+    type = string
+}
+
+variable "username" {
+    type = string
+}
+
+variable "private_key" {
+    type = string
+    sensitive = true
+}
+
+variable "public_key" {
+    type = string
+}
+
+variable "puppet_module_package" {
+    type = string
+}
+
+variable "node_data" {
+    type = map(object({
+        machine_type = string
+        image = string
+        disk_size = number
+        test_name = string
+        goss_file = string
+        puppet_manifest = string
+        provision_dir_source = string
+        provision_dir_dest = string
+        provision_commands = list(string)
+    }))
+}
+
+provider "google" {
+    credentials = file(var.credentials_file)
+    project = var.project
+    region = var.region
+    zone = var.zone
+}
+
+resource "google_compute_instance" "acpt-test-node" {
+    provider = google
+    for_each = var.node_data
+    name = each.key
+    machine_type = each.value.machine_type
+
+    boot_disk {
+        initialize_params {
+            image = each.value.image
+            size = each.value.disk_size
+            type = "pd-standard"
+        }
+    }
+
+    scheduling {
+        preemptible = true
+        automatic_restart = false
+        provisioning_model = "SPOT"
+        instance_termination_action = "DELETE"
+    }
+
+    network_interface {
+        subnetwork = var.subnetwork
+        access_config {
+            network_tier = "STANDARD"
+        }
+    }
+
+    provisioner "remote-exec" {
+        connection {
+            type = "ssh"
+            user = "${var.username}"
+            timeout = "5m"
+            host = self.network_interface.0.access_config.0.nat_ip
+            private_key = "${file(var.private_key)}"
+            agent = false
+        }
+        inline = [
+            "sudo mkdir -p ${each.value.provision_dir_dest}",
+            "sudo chown -R ${var.username}:${var.username} ${each.value.provision_dir_dest}"
+        ]
+    }
+
+    provisioner "file" {
+        source = "${each.value.provision_dir_source}/"
+        destination = each.value.provision_dir_dest
+        connection {
+            type = "ssh"
+            user = "${var.username}"
+            timeout = "2m"
+            host = self.network_interface.0.access_config.0.nat_ip
+            private_key = "${file(var.private_key)}"
+            agent = false
+        }
+    }
+
+    provisioner "file" {
+        source = var.puppet_module_package
+        destination = "${each.value.provision_dir_dest}/puppet-module.tar.gz"
+        connection {
+            type = "ssh"
+            user = "${var.username}"
+            timeout = "2m"
+            host = self.network_interface.0.access_config.0.nat_ip
+            private_key = "${file(var.private_key)}"
+            agent = false
+        }
+    }
+
+    provisioner "file" {
+        source = each.value.goss_file
+        destination = "${each.value.provision_dir_dest}/goss.yaml"
+        connection {
+            type = "ssh"
+            user = "${var.username}"
+            timeout = "2m"
+            host = self.network_interface.0.access_config.0.nat_ip
+            private_key = "${file(var.private_key)}"
+            agent = false
+        }
+    }
+
+    provisioner "file" {
+        source = each.value.puppet_manifest
+        destination = "${each.value.provision_dir_dest}/manifest.pp"
+        connection {
+            type = "ssh"
+            user = "${var.username}"
+            timeout = "2m"
+            host = self.network_interface.0.access_config.0.nat_ip
+            private_key = "${file(var.private_key)}"
+            agent = false
+        }
+    }
+
+    provisioner "remote-exec" {
+        connection {
+            type = "ssh"
+            user = "${var.username}"
+            timeout = "5m"
+            host = self.network_interface.0.access_config.0.nat_ip
+            private_key = "${file(var.private_key)}"
+            agent = false
+        }
+        inline = each.value.provision_commands
+    }
+
+    metadata = {
+        oslogin = "TRUE"
+        ssh-keys = "${var.username}:${file(var.public_key)}"
+        cem-acpt-test = each.value.test_name
+    }
+
+    tags = [ "cem-acpt-test-node" ]
+}
+
+output "instance_name_ip" {
+    value = {
+        for k, v in google_compute_instance.acpt-test-node : v.name => {
+            ip = v.network_interface.0.access_config.0.nat_ip,
+            test_name = v.metadata.cem-acpt-test,
+        }
+    }
+}

data/lib/terraform/gcp/linux/systemd/goss-acpt.service

@@ -0,0 +1,8 @@
+[Unit]
+Description=unit file for goss server acpt endpoint service
+
+[Service]
+ExecStart=/usr/local/bin/goss -g /opt/cem_acpt/goss.yaml serve -f json --endpoint "/acpt" --cache "10m"
+
+[Install]
+WantedBy=multi-user.target

data/lib/terraform/gcp/linux/systemd/goss-idempotent.service

@@ -0,0 +1,8 @@
+[Unit]
+Description=unit file for goss server acpt endpoint service
+
+[Service]
+ExecStart=/usr/local/bin/goss -g /opt/cem_acpt/goss/puppet_idempotent.yaml serve -f json -l ":8081" --endpoint "/idempotent" --cache "10m"
+
+[Install]
+WantedBy=multi-user.target

data/lib/terraform/gcp/linux/systemd/goss-noop.service

@@ -0,0 +1,8 @@
+[Unit]
+Description=unit file for goss server acpt endpoint service
+
+[Service]
+ExecStart=/usr/local/bin/goss -g /opt/cem_acpt/goss/puppet_noop.yaml serve -f json -l ":8082" --endpoint "/noop" --cache "10m"
+
+[Install]
+WantedBy=multi-user.target

data/sample_config.yaml

@@ -1,7 +1,6 @@
 test_data:
   for_each:
     collection:
-      - puppet6
       - puppet7
   vars:
     test_static_var: 'static_var_value'
@@ -21,24 +20,24 @@ test_data:
     delete_vars:
       - 'framework_vars'
 
-platform: gcp
+platform:
+  name: gcp
+  project: 'team-sse'
+  region: 'us-west1'
+  zone: 'us-west1-b'
+  subnetwork: 'cem-acpt-subnet'
+
+# terraform:
+#   environment:
+#     TF_LOG: 'DEBUG'
+
+actions:
+  only:
+    - 'acpt'
 
 node_data:
   machine_type: 'e2-small'
-  project:
-    name: 'some-project'
-    zone: 'us-west1-b'
-  disk:
-    name: 'disk-1'
-    size: 20
-    type: 'pd-standard'
-  network_interface:
-    tier: 'STANDARD'
-    subnetwork: 'some-subnet'
-  metadata:
-    ephemeral_ssh_key:
-      lifetime: 2
-      keydir: '/tmp/acpt_test_keys'
+  disk_size: 40
 
 image_name_builder:
   character_substitutions:
@@ -48,11 +47,13 @@ image_name_builder:
     - '$image_fam'
     - '$collection'
     - '$firewall'
-  join_with: '-'    
+  join_with: '-'
 
 tests:
-  - cis_rhel-7_firewalld_server_1  
-  - cis_rhel-7_iptables_server_1
-  - cis_rhel-8_firewalld_server_1
+  # - cis_rhel-7_firewalld_server_2
   - cis_rhel-8_firewalld_server_2
-  - cis_rhel-8_iptables_server_1
+  # - cis_oel-7_firewalld_server_2
+  # - cis_oel-8_firewalld_server_2
+  # - cis_alma-8_firewalld_server_2
+  # - stig_rhel-7_firewalld_public_3
+  # - stig_rhel-8_firewalld_public_3