kitchen-kubernetes 1.0.0

data/lib/kitchen/transport/kubernetes.rb

@@ -0,0 +1,84 @@
+#
+# Copyright 2017, Noah Kantrowitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'shellwords'
+
+require 'kitchen/login_command'
+require 'kitchen/shell_out'
+require 'kitchen/transport/base'
+
+require 'kitchen-kubernetes/helper'
+
+
+module Kitchen
+  module Transport
+
+    # Kubernetes transport for Kitchen. Uses kubectl exec.
+    #
+    # @author Noah Kantrowitz <noah@coderanger>
+    # @since 1.0.0
+    # @see Kitchen::Driver::Kubernetes
+    class Kubernetes < Kitchen::Transport::Base
+      # All configuration options can be found in the Driver class.
+
+      # (see Base#connection)
+      def connection(state, &block)
+        # No persistent anything so no need to reuse connections.
+        Connection.new(
+          pod_id: state[:pod_id],
+          kubectl_command: config[:kubectl_command],
+          rsync_command: config[:rsync_command],
+          rsync_rsh: config[:rsync_rsh],
+          log_level: config[:log_level],
+          logger: logger
+        ).tap do |conn|
+          block.call(conn) if block
+        end
+      end
+
+      class Connection < Kitchen::Transport::Base::Connection
+        include ShellOut
+        include KitchenKubernetes::Helper
+
+        # (see Base::Connection#execute)
+        def execute(command)
+          return if command.nil?
+          # Run via kubectl exec.
+          run_command(kubectl_command('exec', '--tty', '--container=default', options[:pod_id], '--', *Shellwords.split(command)))
+        end
+
+        # (see Base::Connection#upload)
+        def upload(locals, remote)
+          return if locals.empty?
+          # Use rsync over kubectl exec to send files.
+          run_command([options[:rsync_command], '--archive', '--progress', '--blocking-io', '--rsh', options[:rsync_rsh]] + (options[:log_level] == :debug ? %w{--verbose --verbose --verbose} : []) + locals + ["#{options[:pod_id]}:#{remote}"])
+        end
+
+        # (see Base::Connection#login_command)
+        def login_command
+          # Find a valid login shell and exec it. This is so weridly complex
+          # because it has to work with a /bin/sh that might be bash, dash, or
+          # busybox. Also CentOS images doesn't have `which` for some reason.
+          # Dash's `type` is super weird so use `which` first in case of dash but
+          # fall back to `type` for basically just CentOS.
+          login_cmd = "IFS=$'\n'; for f in `which bash zsh sh 2>/dev/null || type -P bash zsh sh`; do exec \"$f\" -l; done"
+          cmd = kubectl_command('exec', '--stdin', '--tty', '--container=default', options[:pod_id], '--', '/bin/sh', '-c', login_cmd)
+          LoginCommand.new(cmd[0], cmd.drop(1))
+        end
+      end
+    end
+  end
+end

data/lib/kitchen/verifier/train_kubernetes_hack.rb

@@ -0,0 +1,90 @@
+#
+# Copyright 2017, Noah Kantrowitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This is copied from https://github.com/chef/train/pull/205 until InSpec can
+# support it internally. The only changes are to rename with _hack and
+# back-compat support for the changes in the files API (LinuxFile vs File::Remote::Linux).
+
+require 'mixlib/shellout'
+
+require 'train'
+
+module Train::Transports
+  class KubernetesHack < Train.plugin(1)
+    name 'kubernetes_hack'
+
+    include_options Train::Extras::CommandWrapper
+    option :pod, required: true
+    option :container, default: nil
+    option :kubectl_path, default: 'kubectl'
+    option :context, default: nil
+
+    def connection(state = {})
+      opts = merge_options(options, state || {})
+      validate_options(opts)
+      opts[:logger] ||= logger
+      unless @connection && @connection_opts == opts
+        @connection ||= Connection.new(opts)
+        @connection_opts = opts.dup
+      end
+      @connection
+    end
+
+    class Connection < BaseConnection
+      if Gem::Requirement.create('< 0.30').satisfied_by?(Gem::Version.create(Train::VERSION))
+        # The API for a connection changed a lot in 0.30, this is a compat shim.
+        def os
+          @os ||= OSCommon.new(self, family: 'unix')
+        end
+
+        def file(path)
+          @files[path] ||= file_via_connection(path)
+        end
+
+        def run_command(cmd)
+          run_command_via_connection(cmd)
+        end
+      end
+
+      def file_via_connection(path)
+        defined?(Train::File::Remote::Linux) ? Train::File::Remote::Linux.new(self, path) : LinuxFile.new(self, path)
+      end
+
+      def run_command_via_connection(cmd)
+        kubectl_cmd = [options[:kubectl_path], 'exec']
+        kubectl_cmd.concat(['--context', options[:context]]) if options[:context]
+        kubectl_cmd.concat(['--container', options[:container]]) if options[:container]
+        kubectl_cmd.concat([options[:pod], '--', '/bin/sh', '-c', cmd])
+
+        so = Mixlib::ShellOut.new(kubectl_cmd, logger: logger)
+        so.run_command
+        if so.error?
+          # Trim the "command terminated with exit code N" line from the end
+          # of the stderr content.
+          so.stderr.gsub!(/command terminated with exit code #{so.exitstatus}\n\Z/, '')
+        end
+        CommandResult.new(so.stdout, so.stderr, so.exitstatus)
+      end
+
+      def uri
+        if options[:container]
+          "kubernetes://#{options[:pod]}/#{options[:container]}"
+        else
+          "kubernetes://#{options[:pod]}"
+        end
+      end
+    end
+  end
+end

data/rsync/Dockerfile

@@ -0,0 +1,21 @@
+#
+# Copyright 2017, Noah Kantrowitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# This is used to build the kitchenkubernetes/rsync image.
+
+FROM alpine
+RUN apk add --update-cache rsync
+ENTRYPOINT ["/bin/sh", "-c", "trap 'exit 0' TERM; sleep 2147483647 & wait"]

data/test/.kitchen.yml

@@ -0,0 +1,57 @@
+#
+# Copyright 2017, Noah Kantrowitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+driver:
+  name: kubernetes
+
+provisioner:
+  cookbooks_path: test/cookbooks/
+
+kitchen:
+  test_base_path: <%= File.expand_path('../integration', __FILE__) %>
+
+platforms:
+- name: centos-6
+- name: centos-7
+- name: ubuntu-14.04
+- name: ubuntu-16.04
+- name: debian-7
+- name: debian-8
+- name: debian-9
+- name: amazonlinux-2016.09
+- name: amazonlinux-2017.03
+- name: amazonlinux-2017.09
+- name: fedora-25
+- name: fedora-26
+
+suites:
+- name: default
+  run_list:
+  - recipe[test]
+- name: service
+  run_list:
+  - recipe[test::service]
+  driver:
+    init_system: systemd
+  includes:
+  - centos-7
+  - ubuntu-16.04
+  - fedora-26
+- name: inspec
+  run_list:
+  - recipe[test]
+  verifier:
+    name: inspec

data/test/cookbooks/test/metadata.rb

@@ -0,0 +1,17 @@
+#
+# Copyright 2017, Noah Kantrowitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name 'test'

data/test/cookbooks/test/recipes/default.rb

@@ -0,0 +1,30 @@
+#
+# Copyright 2017, Noah Kantrowitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+file '/testfile' do
+  owner 'root'
+  group 'root'
+  mode '741'
+  content "I am a teapot\n"
+end
+
+template '/testtemplate' do
+  owner 'root'
+  group 'root'
+  mode '444'
+  source 'template.erb'
+  variables chef_version: Chef::VERSION
+end

data/test/cookbooks/test/recipes/service.rb

@@ -0,0 +1,28 @@
+#
+# Copyright 2017, Noah Kantrowitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apt_update if platform_family?('debian')
+
+package_name = platform_family?('rhel', 'amazon', 'fedora') ? 'httpd' : 'apache2'
+
+package package_name
+
+service package_name do
+  action [:enable, :start]
+end
+
+# For tests.
+package 'curl'

data/test/cookbooks/test/templates/template.erb

@@ -0,0 +1 @@
+ver=<%= @chef_version %>

data/test/gemfiles/master.gemfile

@@ -0,0 +1,22 @@
+#
+# Copyright 2017, Noah Kantrowitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+eval_gemfile File.expand_path('../../../Gemfile', __FILE__)
+
+gem 'train', github: 'chef/train'
+gem 'inspec', github: 'chef/inspec'
+gem 'kitchen-inspec', github: 'chef/kitchen-inspec'
+gem 'test-kitchen', github: 'test-kitchen/test-kitchen'

data/test/gemfiles/train-new.gemfile

@@ -0,0 +1,19 @@
+#
+# Copyright 2017, Noah Kantrowitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+eval_gemfile File.expand_path('../../../Gemfile', __FILE__)
+
+gem 'train', '>= 0.30'

data/test/gemfiles/train-old.gemfile

@@ -0,0 +1,19 @@
+#
+# Copyright 2017, Noah Kantrowitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+eval_gemfile File.expand_path('../../../Gemfile', __FILE__)
+
+gem 'train', '< 0.30'

data/test/integration/default/serverspec/default_spec.rb

@@ -0,0 +1,32 @@
+#
+# Copyright 2017, Noah Kantrowitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'serverspec'
+set :backend, :exec
+
+describe file('/testfile') do
+  it { is_expected.to be_a_file }
+  it { is_expected.to be_owned_by 'root' }
+  it { is_expected.to be_mode 741 }
+  its(:content) { is_expected.to eq "I am a teapot\n" }
+end
+
+describe file('/testtemplate') do
+  it { is_expected.to be_a_file }
+  it { is_expected.to be_owned_by 'root' }
+  it { is_expected.to be_mode 444 }
+  its(:content) { is_expected.to match /^ver=13/ }
+end

data/test/integration/inspec/default_spec.rb

@@ -0,0 +1,29 @@
+#
+# Copyright 2017, Noah Kantrowitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+describe file('/testfile') do
+  it { is_expected.to be_a_file }
+  it { is_expected.to be_owned_by 'root' }
+  it { is_expected.to be_mode 0741 }
+  its(:content) { is_expected.to eq "I am a teapot\n" }
+end
+
+describe file('/testtemplate') do
+  it { is_expected.to be_a_file }
+  it { is_expected.to be_owned_by 'root' }
+  it { is_expected.to be_mode 0444 }
+  its(:content) { is_expected.to match /^ver=13/ }
+end