cem_acpt 0.2.6-universal-java-17

data/lib/cem_acpt/test_runner/runner.rb

@@ -0,0 +1,210 @@
+# frozen_string_literal: true
+
+require 'concurrent-ruby'
+require 'English'
+require_relative '../logging'
+require_relative '../rspec_utils'
+require_relative 'runner_result'
+
+module CemAcpt
+  module TestRunner
+    class RunnerError < StandardError; end
+    # Error used to wrap fatal errors raised in Runner steps
+    class RunnerStepError < StandardError
+      attr_reader :step
+
+      def initialize(step, err)
+        @step = step
+        super err
+        set_backtrace err.backtrace if err.respond_to?(:backtrace)
+      end
+    end
+    class RunnerProvisionError < RunnerStepError; end
+
+    # Runner is a class that runs a single acceptance test suite on a single node.
+    # It is responsible for managing the lifecycle of the test suite and
+    # reporting the results back to the main thread. Runner objects are created
+    # by the RunHandler and then, when started, execute their logic in a thread.
+    class Runner
+      include CemAcpt::LoggingAsync
+
+      attr_reader :node, :node_exists, :run_result
+
+      # @param node [String] the name of the node to run the acceptance test suite on
+      # @param ctx [CemAcpt::RunnerCtx] a cem_acpt Ctx (context) object
+      # @param module_pkg_path [Concurrent::IVar] the path to the module package
+      def initialize(node, context, platform)
+        @node = node
+        @context = context
+        @platform = platform
+        @debug_mode = @context.config.debug_mode?
+        @node_inventory = @context.node_inventory
+        @module_pkg_path = @context.module_package_path
+        @node_exists = false
+        @run_result = CemAcpt::TestRunner::RunnerResult.new(@node, debug: @debug_mode)
+        @completed_steps = []
+        validate!
+      end
+
+      def run_step(step_sym)
+        send(step_sym)
+        @completed_steps << step_sym
+      rescue StandardError => e
+        err = CemAcpt::TestRunner::RunnerStepError.new(step_sym, e)
+        step_error_logging(err)
+        @run_result.from_error(err)
+        destroy unless step_sym == :destroy
+      end
+
+      # Executes test suite steps
+      def start
+        async_info("Starting test suite for #{@node.node_name}", log_prefix('RUNNER'))
+        run_step(:provision)
+        run_step(:bootstrap)
+        run_step(:run_tests)
+        run_step(:destroy)
+        true
+      rescue StandardError => e
+        step_error_logging(e)
+        @run_result.from_error(e)
+        destroy
+      end
+
+      # Checks for failures in the test results.
+      # @param result [Hash] the test result to check
+      # @return [Boolean] whether or not there are test failures in result
+      def test_failures?
+        @run_result.result_errors? || @run_result.result_failures?
+      end
+
+      private
+
+      def step_error_logging(err)
+        prefix = err.respond_to?(:step) ? log_prefix(err.step.capitalize) : log_prefix('RUNNER')
+        fatal_msg = ["runner failed: #{err.message}"]
+        async_fatal(fatal_msg, prefix)
+        async_debug("Completed steps: #{@completed_steps}", prefix)
+        async_debug("Failed runner backtrace:\n#{err.backtrace.join("\n")}", prefix)
+        async_debug("Failed runner test data: #{@node.test_data}", prefix)
+      end
+
+      def log_prefix(prefix)
+        "#{prefix}: #{@node.test_data[:test_name]}:"
+      end
+
+      # Provisions the node for the acceptance test suite.
+      def provision
+        async_info("Provisioning #{@node.node_name}...", log_prefix('PROVISION'))
+        start_time = Time.now
+        @node.provision
+        @node_exists = true
+        max_retries = 60 # equals 300 seconds because we check every five seconds
+        until @node.ready?
+          if max_retries <= 0
+            async_fatal("Node #{@node.node_name} failed to provision", log_prefix('PROVISION'))
+            raise CemAcpt::TestRunner::RunnerProvisionError, "Provisioning timed out for node #{@node.node_name}"
+          end
+
+          async_info("Waiting for #{@node.node_name} to be ready for remote connections...", log_prefix('PROVISION'))
+          max_retries -= 1
+          sleep(5)
+        end
+        async_info("Node #{@node.node_name} is ready...", log_prefix('PROVISION'))
+        node_desc = {
+          test_data: @node.test_data,
+          platform: @platform,
+          local_port: @node.local_port,
+        }.merge(@node.node)
+        @node_inventory.add(@node.node_name, node_desc)
+        @node_inventory.save
+        async_info("Node #{@node.node_name} provisioned in #{Time.now - start_time} seconds", log_prefix('PROVISION'))
+      end
+
+      # Bootstraps the node for the acceptance test suite. Currently, this
+      # just uploads and installs the module package.
+      def bootstrap
+        async_info("Bootstrapping #{@node.node_name}...", log_prefix('BOOTSTRAP'))
+        until File.exist?(@module_pkg_path)
+          async_debug("Waiting for module package #{@module_pkg_path} to exist...", log_prefix('BOOTSTRAP'))
+          sleep(1)
+        end
+        async_info("Installing module package #{@module_pkg_path}...", log_prefix('BOOTSTRAP'))
+        @node.install_puppet_module_package(@module_pkg_path)
+      end
+
+      # Runs the acceptance test suite via rspec.
+      def run_tests
+        attempts = 0
+        until File.exist?(@node_inventory.save_file_path)
+          raise 'Node inventory file not found' if (attempts += 1) > 3
+
+          sleep(1)
+        end
+        async_info("Running test #{@node.test_data[:test_name]} on node #{@node.node_name}...", log_prefix('RSPEC'))
+        @node.run_tests do |cmd_env|
+          cmd_opts = rspec_opts
+          cmd_opts[:env].merge!(cmd_env) if cmd_env
+          # Documentation format gets logged in real time, JSON file is read after the fact
+          begin
+            @rspec_cmd = CemAcpt::RSpecUtils::Command.new(cmd_opts)
+            @rspec_cmd.execute(log_prefix: log_prefix('RSPEC'))
+            @run_result.from_json_file(cmd_opts[:format][:json])
+          rescue Errno::EIO => e
+            async_error("failed to run rspec: #{@node.test_data[:test_name]}: #{$ERROR_INFO}", log_prefix('RSPEC'))
+            @run_result.from_error(e)
+          rescue StandardError => e
+            async_error("failed to run rspec: #{@node.test_data[:test_name]}: #{e.message}", log_prefix('RSPEC'))
+            async_debug("Backtrace:\n#{e.backtrace}", log_prefix('RSPEC'))
+            @run_result.from_error(e)
+          end
+        end
+        async_info("Tests completed with exit code: #{@run_result.exit_status}", log_prefix('RSPEC'))
+      end
+
+      # Destroys the node for the acceptance test suite.
+      def destroy
+        kill_spec_pty_if_exists
+        if @context.config.get('no_destroy_nodes')
+          async_info("Not destroying node #{@node.node_name} because 'no_destroy_nodes' is set to true",
+                     log_prefix('DESTROY'))
+        else
+          async_info("Destroying #{@node.node_name}...", log_prefix('DESTROY'))
+          @node.destroy
+          @node_exists = false
+          async_info("Node #{@node.node_name} destroyed successfully", log_prefix('DESTROY'))
+        end
+      end
+
+      def kill_spec_pty_if_exists
+        @rspec_cmd&.kill_pty
+      end
+
+      # Validates the runner configuration.
+      def validate!
+        raise 'No node provided' unless @node
+        raise 'Node does not have config' if @node.config.nil? || @node.config.empty?
+        raise 'Node does not have test data' if @node.test_data.nil? || @node.test_data.empty?
+        raise 'No node inventory provided' unless @node_inventory
+      end
+
+      # Options used with RSpec
+      def rspec_opts
+        opts = {
+          test_path: @node.test_data[:test_file],
+          use_bundler: false,
+          bundle_install: false,
+          format: {
+            json: "results_#{@node.test_data[:test_name]}.json",
+          },
+          debug: (@debug_mode && @context.config.get('verbose')),
+          quiet: @context.config.get('quiet'),
+          env: {
+            'TARGET_HOST' => @node.node_name,
+          }
+        }
+        opts[:format][:documentation] = nil unless @context.config.get('verbose')
+        opts
+      end
+    end
+  end
+end

data/lib/cem_acpt/test_runner/runner_result.rb

@@ -0,0 +1,103 @@
+# frozen_string_literal: true
+
+module CemAcpt
+  module TestRunner
+    require 'json'
+
+    # Error thrown when there are problems parsing the JSON output from Rspec
+    class RspecOutputJSONParserError < StandardError
+      def initialize(err = nil)
+        super err
+        set_backtrace err.backtrace unless err.nil?
+      end
+    end
+
+    # Class to process the results of a Runner
+    class RunnerResult
+      attr_reader :run_result
+
+      def initialize(node, debug: false)
+        @node = node
+        @run_result = {}
+        @debug = debug
+      end
+
+      def to_h
+        @run_result
+      end
+
+      def debug?
+        @debug
+      end
+
+      def exit_status
+        if run_result.nil?
+          99
+        elsif run_result.empty?
+          66
+        elsif result_errors? || result_failures?
+          1
+        else
+          0
+        end
+      end
+
+      def result_array
+        [run_result, exit_status]
+      end
+
+      def from_json_file(file_path)
+        res = JSON.parse(File.read(file_path))
+        new_run_result(res)
+      rescue StandardError => e
+        from_error(RspecOutputJSONParserError.new(e))
+      end
+
+      def from_error(err)
+        label = err.class.to_s.start_with?('Errno::') ? 'system_error' : 'standard_error'
+        res = {
+          label => {
+            'message' => err.message,
+            'error_class' => err.class.to_s,
+            'backtrace' => err.backtrace,
+            'cause' => err.cause,
+            'full_message' => err.full_message,
+          }
+        }
+        res[label]['errno'] = err.errno if label == 'system_error'
+        new_run_result(res)
+      end
+
+      def result_errors?
+        run_result.keys.any? { |k| k.end_with?('error') }
+      end
+
+      def result_failures?
+        if run_result['summary']
+          run_result['summary']['failure_count'].positive? ||
+            run_result['summary']['errors_outside_of_examples_count'].positive?
+        else
+          true
+        end
+      end
+
+      private
+
+      def new_run_result(results)
+        @run_result = debug? ? with_debug_data(results) : results
+      end
+
+      def with_debug_data(results)
+        results.merge(
+          {
+            'debug' => {
+              'node' => @node,
+              'config' => @config,
+              'test_data' => @test_data,
+            }
+          }
+        )
+      end
+    end
+  end
+end

data/lib/cem_acpt/test_runner.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+module CemAcpt
+  # Namespace for all Runner-related classes and modules
+  module TestRunner
+    require_relative 'test_runner/run_handler'
+    require_relative 'test_runner/runner'
+    require_relative 'test_runner/runner_result'
+  end
+end

data/lib/cem_acpt/utils.rb

@@ -0,0 +1,144 @@
+# frozen_string_literal: true
+
+require 'open3'
+require 'securerandom'
+
+module CemAcpt
+  # Utility methods and modules for CemAcpt.
+  module Utils
+    def self.os
+      case RbConfig::CONFIG['host_os']
+      when /mswin|msys|mingw|cygwin|bccwin|wince|emc/
+        :windows
+      else
+        :nix
+      end
+    end
+
+    # File-related utilities
+    module File
+      def self.set_permissions(permission, *file_paths)
+        file_paths.map { |p| ::File.chmod(permission, p) }
+      end
+    end
+
+    # Puppet-related utilities
+    module Puppet
+      DEFAULT_PUPPET_PATH = {
+        nix: '/opt/puppetlabs/bin/puppet',
+        windows: 'C:/Program Files/Puppet Labs/Puppet/bin/puppet.bat',
+      }.freeze
+
+      # Finds and returns the Puppet executable
+      def self.puppet_executable
+        this_os = CemAcpt::Utils.os
+        if ::File.file?(DEFAULT_PUPPET_PATH[this_os]) && ::File.executable?(DEFAULT_PUPPET_PATH[this_os])
+          return DEFAULT_PUPPET_PATH[this_os]
+        end
+
+        file_name = 'puppet'
+        if this_os == :windows
+          exts = ENV['PATHEXT'] ? ".{#{ENV['PATHEXT'].tr(';', ',').tr('.', '').downcase}}" : '.{exe,com,bat}'
+          file_name = "#{file_name}#{exts}"
+        end
+        ENV['PATH'].split(::File::PATH_SEPARATOR).each do |path|
+          if ::File.file?(::File.join(path, file_name)) && ::File.executable?(::File.join(path, file_name))
+            return ::File.join(path, file_name)
+          end
+        end
+        raise 'Could not find Puppet executable! Is Puppet installed?'
+      end
+
+      # Builds a Puppet module package.
+      # @param module_dir [String] Path to the module directory. If target_dir
+      #   is specified as a relative path, it will be relative to the module dir.
+      # @param target_dir [String] Path to the target directory where the package
+      #   will be built. This defaults to the relative path 'pkg/'.
+      # @param should_log [Boolean] Whether or not to log the build process.
+      # @return [String] Path to the built package.
+      def self.build_module_package(module_dir, target_dir = nil, should_log: false)
+        require 'puppet/modulebuilder'
+        require 'fileutils'
+
+        builder_logger = should_log ? logger : nil
+        builder = ::Puppet::Modulebuilder::Builder.new(::File.expand_path(module_dir), target_dir, builder_logger)
+
+        # Validates module metadata by raising exception if invalid
+        _metadata = builder.metadata
+
+        # Builds the module package
+        builder.build
+      end
+    end
+
+    # Node-related utilities
+    module Node
+      def self.random_instance_name(prefix: 'cem-acpt-', length: 24)
+        rand_length = length - prefix.length
+        "#{prefix}#{::SecureRandom.hex(rand_length)}"
+      end
+    end
+
+    # SSH-related utilities
+    module SSH
+      def self.ssh_keygen
+        bin_path = `#{ENV['SHELL']} -c 'command -v ssh-keygen'`.chomp
+        raise 'Cannot find ssh-keygen! Install it and verify PATH' unless bin_path
+
+        bin_path
+      rescue StandardError => e
+        raise "Cannot find ssh-keygen! Install it and verify PATH. Orignal error: #{e}"
+      end
+
+      def self.default_keydir
+        ssh_dir = ::File.join(ENV['HOME'], '.ssh')
+        raise "SSH directory at #{ssh_dir} does not exist" unless ::File.directory?(ssh_dir)
+
+        ssh_dir
+      end
+
+      def self.ephemeral_ssh_key(type: 'rsa', bits: '4096', comment: nil, keydir: default_keydir)
+        raise ArgumentError, 'keydir does not exist' unless ::File.directory?(keydir)
+
+        keyfile = ::File.join(keydir, 'acpt_test_key')
+        keygen_cmd = [ssh_keygen, "-t #{type}", "-b #{bits}", "-f #{keyfile}", '-N ""']
+        keygen_cmd << "-C \"#{comment}\"" if comment
+        _, stderr, status = Open3.capture3(keygen_cmd.join(' '))
+        raise "Failed to generate ephemeral SSH key: #{stderr}" unless status.success?
+
+        [keyfile, "#{keyfile}.pub"]
+      end
+
+      def self.acpt_known_hosts(keydir: default_keydir, file_name: 'acpt_known_hosts', overwrite: true)
+        kh_file = ::File.join(keydir, file_name)
+        ::File.open(kh_file, 'w') { |f| f.write("\n") } unless ::File.exist?(kh_file) && !overwrite
+        kh_file
+      end
+
+      def self.set_ssh_file_permissions(priv_key, pub_key, known_hosts)
+        CemAcpt::Utils::File.set_permissions(0o600, priv_key, pub_key, known_hosts)
+      end
+    end
+
+    # Terminal-related utilities
+    module Terminal
+      def self.keep_terminal_alive
+        require 'concurrent-ruby'
+        executor = Concurrent::SingleThreadExecutor.new
+        executor.post do
+          loop do
+            $stdout.print(".\r")
+            sleep(1)
+            $stdout.print("..\r")
+            sleep(1)
+            $stdout.print("...\r")
+            sleep(1)
+            $stdout.print("   \r")
+            sleep(1)
+          end
+        end
+        executor
+      end
+    end
+  end
+end

data/lib/cem_acpt/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module CemAcpt
+  VERSION = '0.2.6'
+end

data/lib/cem_acpt.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module CemAcpt
+  require_relative 'cem_acpt/logging'
+  require_relative 'cem_acpt/version'
+  require_relative 'cem_acpt/spec_helper_acceptance'
+
+  class << self
+    include CemAcpt::Logging
+  end
+
+  def self.run(params)
+    require_relative 'cem_acpt/context'
+
+    log_level = params[:log_level]
+    log_formatter = params[:log_format] ? new_log_formatter(params[:log_format]) : nil
+    logdevs = [$stdout]
+    if params[:log_file] && params[:quiet]
+      logdevs = [params[:log_file]]
+    elsif params[:log_file] && !params[:quiet]
+      logdevs << params[:log_file]
+    end
+    if (params[:CI] || ENV['CI'] || ENV['GITHUB_ACTION']) && !logdevs.include?($stdout)
+      logdevs << $stdout
+    end
+    new_logger(
+      *logdevs,
+      level: log_level,
+      formatter: log_formatter,
+    )
+    exit_code = CemAcpt::Context.with(params, &:run)
+    exit exit_code
+  end
+end

data/sample_config.yaml

@@ -0,0 +1,58 @@
+test_data:
+  for_each:
+    collection:
+      - puppet6
+      - puppet7
+  vars:
+    test_static_var: 'static_var_value'
+  name_pattern_vars: !ruby/regexp '/^(?<framework>[a-z]+)_(?<image_fam>[a-z0-9-]+)_(?<firewall>[a-z]+)_(?<framework_vars>[-_a-z0-9]+)$/'
+  vars_post_processing:
+    new_vars:
+      - name: 'profile'
+        string_split:
+          from: 'framework_vars'
+          using: '_'
+          part: 0
+      - name: 'level'
+        string_split:
+          from: 'framework_vars'
+          using: '_'
+          part: 1
+    delete_vars:
+      - 'framework_vars'
+
+platform: gcp
+
+node_data:
+  machine_type: 'e2-small'
+  project:
+    name: 'some-project'
+    zone: 'us-west1-b'
+  disk:
+    name: 'disk-1'
+    size: 20
+    type: 'pd-standard'
+  network_interface:
+    tier: 'STANDARD'
+    subnetwork: 'some-subnet'
+  metadata:
+    ephemeral_ssh_key:
+      lifetime: 2
+      keydir: '/tmp/acpt_test_keys'
+
+image_name_builder:
+  character_substitutions:
+    - ['_', '-']
+  parts:
+    - 'cem-acpt'
+    - '$image_fam'
+    - '$collection'
+    - '$firewall'
+  join_with: '-'    
+
+tests:
+  - cis_rhel-7_firewalld_server_1  
+  - cis_rhel-7_iptables_server_1
+  - cis_rhel-8_firewalld_server_1
+  - cis_rhel-8_firewalld_server_2
+  - cis_rhel-8_iptables_server_1