cem_acpt 0.6.5 → 0.7.0

data/lib/cem_acpt.rb

@@ -3,6 +3,7 @@
 module CemAcpt
   require_relative 'cem_acpt/config'
   require_relative 'cem_acpt/logging'
+  require_relative 'cem_acpt/image_builder'
   require_relative 'cem_acpt/test_runner'
   require_relative 'cem_acpt/version'
 
@@ -11,14 +12,8 @@ module CemAcpt
 
     attr_reader :config
 
-    def version(as_str: false)
-      return VERSION unless as_str
-
-      "cem_acpt v#{VERSION}"
-    end
-
-    def print_config(options, format: :yaml)
-      config = new_config(options)
+    def print_config(options, command: :cem_acpt, format: :yaml)
+      config = new_config(options, command: command)
       if format == :explain
         puts config.explain
         return
@@ -26,32 +21,34 @@ module CemAcpt
       puts config.send("to_#{format}".to_sym)
     end
 
-    def run(options)
-      # Set up config, logger, and helper
-      @config = new_config(options)
-      initialize_logger!
-      runner = new_runner
-
-      # Set up signal handlers
-      Signal.trap('INT') do
-        @trap_context = true
-        logger.trap_context = @trap_context
-        logger.fatal('Signal Handler') { 'Received interrupt signal. Cleaning up test suite...' }
-        runner.clean_up(@trap_context)
-        logger.fatal('Signal Handler') { 'Exiting due to interrupt signal' }
-        exit 1
+    def run(command, original_command, options)
+      case command
+      when :version
+        puts "#{original_command} v#{CemAcpt::VERSION}"
+      when :print_yaml_config
+        print_config(options, command: original_command.to_sym, format: :yaml)
+      when :print_explain_config
+        print_config(options, command: original_command.to_sym, format: :explain)
+      when :cem_acpt
+        run_cem_acpt(options)
+      when :cem_acpt_image
+        run_cem_acpt_image(options)
+      else
+        raise "Command #{command} does not exist"
       end
-
-      # Run the test suite
-      runner.run
-
-      exit runner.exit_code
     end
 
     private
 
-    def new_config(options)
-      CemAcpt::Config.new(opts: options, config_file: options[:config_file])
+    def new_config(options, command: :cem_acpt)
+      case command
+      when :cem_acpt
+        CemAcpt::Config::CemAcpt.new(opts: options, config_file: options[:config_file])
+      when :cem_acpt_image
+        CemAcpt::Config::CemAcptImage.new(opts: options, config_file: options[:config_file])
+      else
+        raise "Config does not exist for command: #{command}"
+      end
     end
 
     def new_runner
@@ -80,5 +77,43 @@ module CemAcpt
       new_log.set_verbose(!!config.get('verbose'))
       new_log
     end
+
+    def run_cem_acpt(options)
+      # Set up config, logger, and helper
+      @config = new_config(options)
+      initialize_logger!
+      runner = new_runner
+
+      # Set up signal handlers
+      Signal.trap('INT') do
+        @trap_context = true
+        logger.trap_context = @trap_context
+        logger.fatal('Signal Handler') { 'Received interrupt signal. Cleaning up test suite...' }
+        runner.clean_up(@trap_context)
+        logger.fatal('Signal Handler') { 'Exiting due to interrupt signal' }
+        exit 1
+      end
+
+      # Run the test suite
+      runner.run
+
+      exit runner.exit_code
+    end
+
+    def run_cem_acpt_image(options)
+      @config = new_config(options, command: :cem_acpt_image)
+      initialize_logger!
+
+      # Set up signal handlers
+      Signal.trap('INT') do
+        @trap_context = true
+        logger.trap_context = @trap_context
+        logger.fatal('Signal Handler') { 'Received interrupt signal. Cleaning up test suite...' }
+        exit 1
+      end
+
+      # Build the images
+      CemAcpt::ImageBuilder.build_images(@config)
+    end
   end
 end

data/lib/terraform/image/gcp/linux/main.tf

@@ -0,0 +1,112 @@
+terraform {
+  required_providers {
+      google = {
+          source = "hashicorp/google"
+          version = "4.59.0"
+      }
+  }
+}
+
+variable "credentials_file" {
+    type = string
+}
+
+variable "project" {
+    type = string
+}
+
+variable "region" {
+    type = string
+}
+
+variable "zone" {
+    type = string
+}
+
+variable "subnetwork" {
+    type = string
+}
+
+variable "username" {
+    type = string
+}
+
+variable "private_key" {
+    type = string
+    sensitive = true
+}
+
+variable "public_key" {
+    type = string
+}
+
+variable "node_data" {
+    type = map(object({
+        image_family = string
+        machine_type = string
+        base_image = string
+        disk_size = number
+        provision_commands = list(string)
+    }))
+}
+
+provider "google" {
+    credentials = file(var.credentials_file)
+    project = var.project
+    region = var.region
+    zone = var.zone
+}
+
+resource "google_compute_instance" "acpt-test-node" {
+    provider = google
+    for_each = var.node_data
+    name = each.key
+    machine_type = each.value.machine_type
+    zone = var.zone
+
+    boot_disk {
+        initialize_params {
+            image = each.value.base_image
+            size = each.value.disk_size
+            type = "pd-standard"
+        }
+    }
+
+    network_interface {
+        subnetwork = var.subnetwork
+        access_config {
+            network_tier = "STANDARD"
+        }
+    }
+
+    provisioner "remote-exec" {
+        connection {
+            type = "ssh"
+            user = "${var.username}"
+            timeout = "5m"
+            host = self.network_interface.0.access_config.0.nat_ip
+            port = 22
+            private_key = "${file(var.private_key)}"
+            agent = false
+        }
+        inline = each.value.provision_commands
+    }
+
+    metadata = {
+        "enable-oslogin" = "FALSE"
+        "ssh-keys" = "${var.username}:${file(var.public_key)}"
+        "for-image-family" = each.value.image_family
+    }
+
+    tags = [ "cem-acpt-test-node" ]
+}
+
+output "node-data" {
+    value = {
+        for k, v in google_compute_instance.acpt-test-node : v.name => {
+            ip = v.network_interface.0.access_config.0.nat_ip
+            image_family = v.metadata["for-image-family"]
+            disk_link = v.boot_disk.0.source
+        }
+    }
+}

data/sample_config.yaml

@@ -36,7 +36,7 @@ actions:
     - 'acpt'
 
 node_data:
-  machine_type: 'e2-small'
+  machine_type: 'e2-medium'
   disk_size: 40
 
 image_name_builder:
@@ -56,4 +56,91 @@ tests:
   # - cis_oel-8_firewalld_server_2
   # - cis_alma-8_firewalld_server_2
   # - stig_rhel-7_firewalld_public_3
-  # - stig_rhel-8_firewalld_public_3
+  # - stig_rhel-8_firewalld_public_3
+
+cem_acpt_image:
+  no_windows: true
+  no_linux: false
+
+images:
+  cem-acpt-alma-8-puppet8-firewalld:
+    os: alma
+    os_major_version: 8
+    puppet_version: 8
+    base_image: 'almalinux-cloud/almalinux-8'
+    provision_commands:
+      - 'sudo systemctl enable firewalld'
+      - 'sudo systemctl start firewalld'
+      - 'sudo firewall-cmd --permanent --add-service=ssh'
+      - 'sudo firewall-cmd --reload'
+      - 'sudo useradd testuser1'
+      - "echo 'testuser1:P@s5W-rd$' | sudo chpasswd"
+  # cem-acpt-alma-8-puppet7-firewalld:
+  #   os: alma
+  #   os_major_version: 8
+  #   puppet_version: 7
+  #   base_image: 'almalinux-cloud/almalinux-8'
+  #   provision_commands:
+  #     - 'systemctl enable firewalld'
+  #     - 'systemctl start firewalld'
+  #     - 'firewall-cmd --permanent --add-service=ssh'
+  #     - 'firewall-cmd --reload'
+  #     - 'useradd testuser1'
+  #     - "echo 'testuser1:P@s5W-rd$' | chpasswd"
+  cem-acpt-rhel-8-puppet8-firewalld:
+    os: rhel
+    os_major_version: 8
+    puppet_version: 8
+    base_image: 'rhel-cloud/rhel-8'
+    provision_commands:
+      - 'sudo systemctl enable firewalld'
+      - 'sudo systemctl start firewalld'
+      - 'sudo firewall-cmd --permanent --add-service=ssh'
+      - 'sudo firewall-cmd --reload'
+      - 'sudo useradd testuser1'
+      - "echo 'testuser1:P@s5W-rd$' | sudo chpasswd"
+  # cem-acpt-rhel-8-puppet7-firewalld:
+  #   os: rhel
+  #   os_major_version: 8
+  #   puppet_version: 7
+  #   base_image: 'rhel-cloud/rhel-8'
+  #   provision_commands:
+  #     - 'systemctl enable firewalld'
+  #     - 'systemctl start firewalld'
+  #     - 'firewall-cmd --permanent --add-service=ssh'
+  #     - 'firewall-cmd --reload'
+  #     - 'useradd testuser1'
+  #     - "echo 'testuser1:P@s5W-rd$' | chpasswd"
+  cem-acpt-rhel-7-puppet8-firewalld:
+    os: rhel
+    os_major_version: 7
+    puppet_version: 8
+    base_image: 'rhel-cloud/rhel-7'
+    provision_commands:
+      - 'sudo systemctl enable firewalld'
+      - 'sudo systemctl start firewalld'
+      - 'sudo firewall-cmd --permanent --add-service=ssh'
+      - 'sudo firewall-cmd --reload'
+      - 'sudo useradd testuser1'
+      - "echo 'testuser1:P@s5W-rd$' | sudo chpasswd"
+  # cem-acpt-rhel-7-puppet7-firewalld:
+  #   os: rhel
+  #   os_major_version: 7
+  #   puppet_version: 7
+  #   base_image: 'rhel-cloud/rhel-7'
+  #   provision_commands:
+  #     - 'systemctl enable firewalld'
+  #     - 'systemctl start firewalld'
+  #     - 'firewall-cmd --permanent --add-service=ssh'
+  #     - 'firewall-cmd --reload'
+  #     - 'useradd testuser1'
+  #     - "echo 'testuser1:P@s5W-rd$' | chpasswd"
+  # cem-acpt-windows-2019-puppet7-default:
+  #   os: windows
+  #   os_major_version: 2019
+  #   puppet_version: 7
+  #   base_image: 'windows-cloud/windows-server-2019-dc-core-v20210914'
+  #   provision_commands:
+  #     - powershell.exe -Command "Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False"
+  #     - powershell.exe -Command "New-NetFirewallRule -DisplayName 'Allow SSH' -Direction Inbound -LocalPort 22 -Protocol TCP -Action Allow"
+  #     - powershell.exe -Command "New-LocalUser -Name testuser1 -Password (ConvertTo-SecureString -AsPlainText 'P@s5W0rd$' -Force)"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cem_acpt
 version: !ruby/object:Gem::Version
-  version: 0.6.5
+  version: 0.7.0
 platform: ruby
 authors:
 - puppetlabs
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-04-26 00:00:00.000000000 Z
+date: 2023-05-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: async-http
@@ -151,6 +151,7 @@ email:
 - abide-team@puppet.com
 executables:
 - cem_acpt
+- cem_acpt_image
 extensions: []
 extra_rdoc_files: []
 files:
@@ -167,12 +168,20 @@ files:
 - bin/setup
 - cem_acpt.gemspec
 - exe/cem_acpt
+- exe/cem_acpt_image
 - lib/cem_acpt.rb
+- lib/cem_acpt/cli.rb
 - lib/cem_acpt/config.rb
-- lib/cem_acpt/core_extensions.rb
+- lib/cem_acpt/config/base.rb
+- lib/cem_acpt/config/cem_acpt.rb
+- lib/cem_acpt/config/cem_acpt_image.rb
+- lib/cem_acpt/core_ext.rb
 - lib/cem_acpt/goss.rb
 - lib/cem_acpt/goss/api.rb
 - lib/cem_acpt/goss/api/action_response.rb
+- lib/cem_acpt/image_builder.rb
+- lib/cem_acpt/image_builder/exec.rb
+- lib/cem_acpt/image_builder/provision_commands.rb
 - lib/cem_acpt/image_name_builder.rb
 - lib/cem_acpt/logging.rb
 - lib/cem_acpt/logging/formatter.rb
@@ -201,6 +210,8 @@ files:
 - lib/terraform/gcp/linux/systemd/goss-idempotent.service
 - lib/terraform/gcp/linux/systemd/goss-noop.service
 - lib/terraform/gcp/windows/.keep
+- lib/terraform/image/gcp/linux/main.tf
+- lib/terraform/image/gcp/windows/.keep
 - sample_config.yaml
 homepage: https://github.com/puppetlabs/cem_acpt
 licenses: