kitchen-cinc 1.0.0

data/lib/kitchen/provisioner/cinc/common_sandbox.rb

@@ -0,0 +1,348 @@
+#
+# Copyright (C) 2015, Fletcher Nichol
+# Copyright (C) 2026, Oregon State University
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "json" unless defined?(JSON)
+
+module Kitchen
+  module Provisioner
+    module Cinc
+      # Internal object to manage common sandbox preparation for
+      # Cinc-related provisioners.
+      #
+      # @author Cinc Project
+      # @api private
+      class CommonSandbox
+        include Logging
+
+        # Constructs a new object, taking config, a sandbox path, and an
+        # instance.
+        #
+        # @param config [Hash] configuration hash
+        # @param sandbox_path [String] path to local sandbox directory
+        # @param instance [Instance] an instance
+        def initialize(config, sandbox_path, instance)
+          @config = config
+          @sandbox_path = sandbox_path
+          @instance = instance
+        end
+
+        # Populate the sandbox.
+        def populate
+          prepare_json
+          prepare_cache
+          prepare_cookbooks
+          prepare(:data)
+          prepare(:data_bags)
+          prepare(:environments)
+          prepare(:nodes)
+          prepare(:roles)
+          prepare(:clients)
+          prepare(
+            :secret,
+            type: :file,
+            dest_name: "encrypted_data_bag_secret",
+            key_name: :encrypted_data_bag_secret_key_path
+          )
+        end
+
+        private
+
+        # @return [Hash] configuration hash
+        # @api private
+        attr_reader :config
+
+        # @return [Instance] an instance
+        # @api private
+        attr_reader :instance
+
+        # @return [String] path to local sandbox directory
+        # @api private
+        attr_reader :sandbox_path
+
+        # @return [String] name of the policy_group, nil results in "local"
+        # @api private
+        attr_reader :policy_group
+
+        # Generates a list of all files in the cookbooks directory in the
+        # sandbox path.
+        #
+        # @return [Array<String>] an array of absolute paths to files
+        # @api private
+        def all_files_in_cookbooks
+          Util.list_directory(tmpbooks_dir, include_dot: true, recurse: true)
+            .select { |fn| File.file?(fn) }
+        end
+
+        # @return [String] an absolute path to a Policyfile, relative to the
+        #   kitchen root
+        # @api private
+        def policyfile
+          basename = config[:policyfile_path] || config[:policyfile] || "Policyfile.rb"
+          File.expand_path(basename, config[:kitchen_root])
+        end
+
+        # @return [String] an absolute path to a Berksfile, relative to the
+        #   kitchen root
+        # @api private
+        def berksfile
+          basename = config[:berksfile_path] || "Berksfile"
+          File.expand_path(basename, config[:kitchen_root])
+        end
+
+        # @return [String] an absolute path to a cookbooks/ directory, relative
+        #   to the kitchen root
+        # @api private
+        def cookbooks_dir
+          File.join(config[:kitchen_root], "cookbooks")
+        end
+
+        # Copies a cookbooks/ directory into the sandbox path.
+        #
+        # @api private
+        def cp_cookbooks
+          info("Preparing cookbooks from project directory")
+          debug("Using cookbooks from #{cookbooks_dir}")
+
+          FileUtils.mkdir_p(tmpbooks_dir)
+          FileUtils.cp_r(File.join(cookbooks_dir, "."), tmpbooks_dir)
+
+          cp_site_cookbooks if File.directory?(site_cookbooks_dir)
+          cp_this_cookbook if File.exist?(metadata_rb)
+        end
+
+        # Copies a site-cookbooks/ directory into the sandbox path.
+        #
+        # @api private
+        def cp_site_cookbooks
+          info("Preparing site-cookbooks from project directory")
+          debug("Using cookbooks from #{site_cookbooks_dir}")
+
+          FileUtils.mkdir_p(tmpsitebooks_dir)
+          FileUtils.cp_r(File.join(site_cookbooks_dir, "."), tmpsitebooks_dir)
+        end
+
+        # Copies the current project, assumed to be a cookbook into the
+        # sandbox path.
+        #
+        # @api private
+        def cp_this_cookbook
+          info("Preparing current project directory as a cookbook")
+          debug("Using metadata.rb from #{metadata_rb}")
+
+          cb_name = MetadataChopper.extract(metadata_rb).first || raise(UserError,
+            "The metadata.rb does not define the 'name' key." \
+              " Please add: `name '<cookbook_name>'` to metadata.rb and retry")
+
+          cb_path = File.join(tmpbooks_dir, cb_name)
+
+          glob = Util.list_directory(config[:kitchen_root])
+
+          FileUtils.mkdir_p(cb_path)
+          FileUtils.cp_r(glob, cb_path)
+        end
+
+        # Removes all non-cookbook files in the sandbox path.
+        #
+        # @api private
+        def filter_only_cookbook_files
+          info("Removing non-cookbook files before transfer")
+          FileUtils.rm(all_files_in_cookbooks - only_cookbook_files)
+          Util.list_directory(tmpbooks_dir, recurse: true)
+            .reverse_each { |fn| FileUtils.rmdir(fn) if File.directory?(fn) && Dir.empty?(fn) }
+        end
+
+        # @return [Logger] the instance's logger or Test Kitchen's common
+        #   logger otherwise
+        # @api private
+        def logger
+          instance ? instance.logger : Kitchen.logger
+        end
+
+        # Creates a minimal, no-op cookbook in the sandbox path.
+        #
+        # @api private
+        def make_fake_cookbook
+          info("Policyfile, Berksfile, cookbooks/, or metadata.rb not found " \
+            "so Cinc Client will run, but do nothing. Is this intended?")
+          name = File.basename(config[:kitchen_root])
+          fake_cb = File.join(tmpbooks_dir, name)
+          FileUtils.mkdir_p(fake_cb)
+          File.open(File.join(fake_cb, "metadata.rb"), "wb") do |file|
+            file.write(%{name "#{name}"\n})
+          end
+        end
+
+        # @return [String] an absolute path to a metadata.rb, relative to the
+        #   kitchen root
+        # @api private
+        def metadata_rb
+          File.join(config[:kitchen_root], "metadata.rb")
+        end
+
+        # Generates a list of all typical cookbook files needed in a run,
+        # located in the cookbooks directory in the sandbox path.
+        #
+        # @return [Array<String>] an array of absolute paths to files
+        # @api private
+        def only_cookbook_files
+          glob = File.join("*", "{#{config[:cookbook_files_glob]}}")
+          Util.safe_glob(tmpbooks_dir, glob, File::FNM_DOTMATCH)
+            .select { |fn| File.file?(fn) && ! %w{. ..}.include?(fn) }
+        end
+
+        # Prepares a generic component source directory or file for
+        # inclusion in the sandbox path. These components might includes nodes,
+        # roles, etc.
+        #
+        # @param component [Symbol,String] a component name such as `:node`
+        # @param opts [Hash] optional configuration
+        # @option opts [Symbol] :type whether the component is a directory or
+        #   file (default: `:directory`)
+        # @option opts [Symbol] :key_name the key name in the config hash from
+        #   which to pull the source path (default: `"#{component}_path"`)
+        # @option opts [String] :dest_name the destination file or directory
+        #   basename in the sandbox path (default: `component.to_s`)
+        # @api private
+        def prepare(component, opts = {})
+          opts = { type: :directory }.merge(opts)
+          key_name = opts.fetch(:key_name, "#{component}_path")
+          src = config[key_name.to_sym]
+          return if src.nil?
+
+          info("Preparing #{component}")
+          debug("Using #{component} from #{src}")
+
+          dest = File.join(sandbox_path, opts.fetch(:dest_name, component.to_s))
+
+          case opts[:type]
+          when :directory
+            FileUtils.mkdir_p(dest)
+            Array(src).each { |dir| FileUtils.cp_r(Util.list_directory(dir), dest) }
+          when :file
+            FileUtils.mkdir_p(File.dirname(dest))
+            Array(src).each { |file| FileUtils.cp_r(file, dest) }
+          end
+        end
+
+        # Prepares a cache directory for inclusion in the sandbox path.
+        #
+        # @api private
+        def prepare_cache
+          FileUtils.mkdir_p(File.join(sandbox_path, "cache"))
+        end
+
+        # Prepares cookbooks for inclusion in the sandbox path.
+        #
+        # @api private
+        def prepare_cookbooks
+          if File.exist?(policyfile)
+            resolve_with_policyfile
+          elsif File.exist?(berksfile)
+            resolve_with_berkshelf
+          elsif File.directory?(cookbooks_dir)
+            cp_cookbooks
+          elsif File.exist?(metadata_rb)
+            cp_this_cookbook
+          else
+            make_fake_cookbook
+          end
+
+          filter_only_cookbook_files
+        end
+
+        # Prepares a JSON file, sometimes called a dna.json or
+        # first-boot.json, for inclusion in the sandbox path.
+        #
+        # @api private
+        def prepare_json
+          dna = if File.exist?(policyfile)
+                  update_dna_for_policyfile
+                else
+                  config[:attributes].merge(run_list: config[:run_list])
+                end
+
+          info("Preparing dna.json")
+          debug("Creating dna.json from #{dna.inspect}")
+
+          File.open(File.join(sandbox_path, "dna.json"), "wb") do |file|
+            file.write(dna.to_json)
+          end
+        end
+
+        def update_dna_for_policyfile
+          policy = Cinc::Policyfile.new(
+            policyfile, sandbox_path,
+            logger:,
+            always_update: config[:always_update_cookbooks],
+            policy_group:
+          )
+          Kitchen.mutex.synchronize do
+            policy.compile
+          end
+          policy_name = JSON.parse(File.read(policy.lockfile))["name"]
+          policy_group = config[:policy_group] || "local"
+          config[:attributes].merge(policy_name:, policy_group:)
+        end
+
+        # Performs a Policyfile cookbook resolution inside a common mutex.
+        #
+        # @api private
+        def resolve_with_policyfile
+          Kitchen.mutex.synchronize do
+            Cinc::Policyfile.new(
+              policyfile, sandbox_path,
+              logger:,
+              always_update: config[:always_update_cookbooks],
+              policy_group: config[:policy_group]
+            ).resolve
+          end
+        end
+
+        # Performs a Berkshelf cookbook resolution inside a common mutex.
+        #
+        # @api private
+        def resolve_with_berkshelf
+          Kitchen.mutex.synchronize do
+            Cinc::Berkshelf.new(berksfile, tmpbooks_dir,
+              logger:,
+              always_update: config[:always_update_cookbooks]).resolve
+          end
+        end
+
+        # @return [String] an absolute path to a site-cookbooks/ directory,
+        #   relative to the kitchen root
+        # @api private
+        def site_cookbooks_dir
+          File.join(config[:kitchen_root], "site-cookbooks")
+        end
+
+        # @return [String] an absolute path to a cookbooks/ directory in the
+        #   sandbox path
+        # @api private
+        def tmpbooks_dir
+          File.join(sandbox_path, "cookbooks")
+        end
+
+        # @return [String] an absolute path to a site cookbooks directory in the
+        #   sandbox path
+        # @api private
+        def tmpsitebooks_dir
+          File.join(sandbox_path, "cookbooks")
+        end
+      end
+    end
+  end
+end

data/lib/kitchen/provisioner/cinc/policyfile.rb

@@ -0,0 +1,154 @@
+#
+# Copyright (C) 2013, Fletcher Nichol
+# Copyright (C) 2026, Oregon State University
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "shellwords" unless defined?(Shellwords)
+require "rbconfig" unless defined?(RbConfig)
+
+require "kitchen/errors"
+require "kitchen/logging"
+require "kitchen/shell_out"
+require "kitchen/which"
+
+module Kitchen
+  module Provisioner
+    module Cinc
+      # Cinc cookbook resolver that uses Policyfiles to calculate dependencies.
+      #
+      # @author Cinc Project
+      class Policyfile
+        include Logging
+        include ShellOut
+        include Which
+
+        # Creates a new cookbook resolver.
+        #
+        # @param policyfile [String] path to a Policyfile
+        # @param path [String] path in which to vendor the resulting
+        #   cookbooks
+        # @param logger [Kitchen::Logger] a logger to use for output, defaults
+        #   to `Kitchen.logger`
+        def initialize(policyfile, path, logger: Kitchen.logger, always_update: false, policy_group: nil)
+          @policyfile    = policyfile
+          @path          = path
+          @logger        = logger
+          @always_update = always_update
+          @policy_group  = policy_group
+        end
+
+        # Loads the library code required to use the resolver.
+        #
+        # @param logger [Kitchen::Logger] a logger to use for output, defaults
+        #   to `Kitchen.logger`
+        def self.load!(logger: Kitchen.logger)
+          # intentionally left blank
+        end
+
+        # Performs the cookbook resolution and vendors the resulting cookbooks
+        # in the desired path.
+        def resolve
+          if policy_group
+            info("Exporting cookbook dependencies from Policyfile #{path} with policy_group #{policy_group} using `#{cli_path} export`...")
+            run_command("#{cli_path} export #{escape_path(policyfile)} #{escape_path(path)} --policy_group #{policy_group} --force")
+          else
+            info("Exporting cookbook dependencies from Policyfile #{path} using `#{cli_path} export`...")
+            run_command("#{cli_path} export #{escape_path(policyfile)} #{escape_path(path)} --force")
+          end
+        end
+
+        # Runs `cinc install` to determine the correct cookbook set and
+        # generate the policyfile lock.
+        def compile
+          if File.exist?(lockfile)
+            info("Installing cookbooks for Policyfile #{policyfile} using `#{cli_path} install`")
+          else
+            info("Policy lock file doesn't exist, running `#{cli_path} install` for Policyfile #{policyfile}...")
+          end
+          run_command("#{cli_path} install #{escape_path(policyfile)}")
+
+          if always_update
+            info("Updating policy lock using `#{cli_path} update`")
+            run_command("#{cli_path} update #{escape_path(policyfile)}")
+          end
+        end
+
+        # Return the path to the lockfile corresponding to this policyfile.
+        #
+        # @return [String]
+        def lockfile
+          policyfile.gsub(/\.rb\Z/, ".lock.json")
+        end
+
+        private
+
+        # @return [String] path to a Policyfile
+        # @api private
+        attr_reader :policyfile
+
+        # @return [String] path in which to vendor the resulting cookbooks
+        # @api private
+        attr_reader :path
+
+        # @return [Kitchen::Logger] a logger to use for output
+        # @api private
+        attr_reader :logger
+
+        # @return [Boolean] If true, always update cookbooks in the policy.
+        # @api private
+        attr_reader :always_update
+
+        # @return [String] name of the policy_group, nil results in "local"
+        # @api private
+        attr_reader :policy_group
+
+        # Escape spaces in a path in way that works with both Sh (Unix) and
+        # Windows.
+        #
+        # @param path [String] Path to escape
+        # @return [String]
+        # @api private
+        def escape_path(path)
+          if /mswin|mingw/.match?(RbConfig::CONFIG["host_os"])
+            if /[ \t\n\v"]/.match?(path)
+              "\"#{path.gsub(/[ \t\n\v\"\\]/) { |m| "\\" + m[0] }}\""
+            else
+              path
+            end
+          else
+            Shellwords.escape(path)
+          end
+        end
+
+        # Find the `cinc` or `cinc-cli` commands in the path. `cinc-cli` is the
+        # Ruby CLI shipped in the `cinc-cli` gem.
+        #
+        # @api private
+        # @returns [String]
+        def cli_path
+          @cli_path ||= which("cinc-cli") || which("cinc") || which("chef-cli") || which("chef") || no_cli_found_error
+        end
+
+        # @api private
+        def no_cli_found_error
+          @logger.fatal("The `cinc`, `cinc-cli`, `chef`, or `chef-cli` executables cannot be found in your " \
+                        "PATH. Ensure you have installed Cinc Workstation " \
+                        "from https://cinc.sh/download/ and that your PATH " \
+                        "setting includes the path to the `cinc` or `cinc-cli` commands.")
+          raise UserError, "Could not find the cinc or cinc-cli executables in your PATH."
+        end
+      end
+    end
+  end
+end

data/lib/kitchen/provisioner/cinc_apply.rb

@@ -0,0 +1,124 @@
+#
+# Copyright (C) 2015, HiganWorks LLC
+# Copyright (C) 2026, Oregon State University
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Usage:
+#
+# puts your recipes to `apply/` directory.
+#
+# An example of .kitchen.yml.
+#
+# ---
+# driver:
+#   name: vagrant
+#
+# provisioner:
+#   name: cinc_apply
+#
+# platforms:
+#   - name: ubuntu-24.04
+#   - name: almalinux-10
+#
+# suites:
+#   - name: default
+#     run_list:
+#       - recipe1
+#       - recipe2
+#
+#
+# The cinc-apply runs twice below.
+#
+# cinc-apply apply/recipe1.rb
+# cinc-apply apply/recipe2.rb
+
+require_relative "cinc_base"
+
+module Kitchen
+  module Provisioner
+    # Cinc Apply provisioner.
+    #
+    # @author Cinc Project
+    class CincApply < CincBase
+      kitchen_provisioner_api_version 2
+
+      plugin_version Kitchen::VERSION
+
+      default_config :cinc_apply_path do |provisioner|
+        provisioner
+          .remote_path_join(%W{#{provisioner[:cinc_omnibus_root]} bin cinc-apply})
+          .tap { |path| path.concat(".bat") if provisioner.windows_os? }
+      end
+
+      default_config :ruby_bindir do |provisioner|
+        provisioner
+          .remote_path_join(%W{#{provisioner[:cinc_omnibus_root]} embedded bin})
+      end
+
+      default_config :apply_path do |provisioner|
+        provisioner.calculate_path("apply")
+      end
+      expand_path_for :apply_path
+
+      # (see CincBase#create_sandbox)
+      def create_sandbox
+        @sandbox_path = Dir.mktmpdir("#{instance.name}-sandbox-")
+        File.chmod(0755, sandbox_path)
+        info("Preparing files for transfer")
+        debug("Creating local sandbox in #{sandbox_path}")
+
+        prepare_json
+        prepare(:apply)
+      end
+
+      # (see CincBase#init_command)
+      def init_command
+        dirs = %w{
+          apply
+        }.sort.map { |dir| remote_path_join(config[:root_path], dir) }
+
+        vars = if powershell_shell?
+                 init_command_vars_for_powershell(dirs)
+               else
+                 init_command_vars_for_bourne(dirs)
+               end
+
+        prefix_command(shell_code_from_file(vars, "cinc_base_init_command"))
+      end
+
+      # (see CincSolo#run_command)
+      def run_command
+        level = config[:log_level]
+        lines = []
+        config[:run_list].map do |recipe|
+          cmd = sudo(config[:cinc_apply_path]).dup
+            .tap { |str| str.insert(0, "& ") if powershell_shell? }
+          args = [
+            "apply/#{recipe}.rb",
+            "--log_level #{level}",
+            "--no-color",
+          ]
+          args << "--logfile #{config[:log_file]}" if config[:log_file]
+
+          lines << wrap_shell_code(
+            [cmd, *args].join(" ")
+            .tap { |str| str.insert(0, reload_ps1_path) if windows_os? }
+          )
+        end
+
+        prefix_command(lines.join("\n"))
+      end
+    end
+  end
+end