kitchen-oci 1.12.1 → 1.13.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ca0eb69dede4d52baea704de587e6482148229f09a26137993a7a3fc2cf05051
-  data.tar.gz: 7555a7a550d8db12668014d1bb9a587b707144e688fe3de3be74e796247d417a
+  metadata.gz: 7e1357de8069c06276801117608aa999544eee7db3af9f4829b65236600ef602
+  data.tar.gz: fe073de0b5ab64c48dbc706df628ce7e1fed54f865234732fc484778b68c6106
 SHA512:
-  metadata.gz: d2e53b809addf74284e222b0c402a177ce4a777dd6df1ba7c1e621c5fc9b3cd18c56d2833ef159615aa715a1dd14347fe31a62c2426c477b0e820c21ae1c5a91
-  data.tar.gz: b6c543c4342706e53a0d86de012ed61a8e55f4c063bf9c039cd4585e7ad87e71f0d75d2cee8b3bdfb0b59210a75fc93de011e5680a6b24c25872a13a4663c04f
+  metadata.gz: 454e20b024cf7c4c1b2615db89b51b7897561484aa633a01c3b5a2332fcb989903cf556a3de1a589b5390ab8021940dc6840b7f8bb0955b5bc613713382b9df3
+  data.tar.gz: 141394aa371177bdfff43273d91e276879afc16159c1faa01bcdce5f4db527373a4d14abd70033d0d2f427ed8c46a44cbaa67557da65d654f396d412a8e4f70d

data/CHANGELOG.md

@@ -1,3 +1,11 @@
+# kitchen-oci CHANGELOG
+
+# 1.13.0
+- feat: add Network Security Group support
+- feat: add support for attaching multiple volumes
+
+## 1.12.3
+- feat: add support for specifying compartment by name
 
 ## 1.12.1
 - Refactor `oci_config` method to account for `warning: Using the last argument as keyword parameters is deprecated` deprecation warning

data/README.md

@@ -53,7 +53,7 @@ gem install pkg/kitchen-oci-<VERSION>.gem
 
 Adjust below template as required.  The following configuration is mandatory for all instance types:
 
-   - `compartment_id`
+   - `compartment_id` or `compartment_name`
    - `availability_domain`
    - `shape`
    - `subnet_id`
@@ -74,9 +74,11 @@ The following configuration is mandatory:
 
 These settings are optional:
 
+   - `boot_volume_size_in_gbs`, The size of the boot volume, in GB
    - `use_private_ip`, Whether to connect to the instance using a private IP, default is false (public ip)
    - `oci_config_file`, OCI configuration file, by default this is ~/.oci/config
    - `oci_profile_name`, OCI profile to use, default value is "DEFAULT"
+   - `oci_config`, Hash of additional `OCI::Config` settings. Allows you to test without an oci config file (see below)
    - `ssh_keypath`, SSH public key, default is ~/.ssh/id\_rsa.pub
    - `post_create_script`, run a script on compute\_instance after deployment
    - `proxy_url`, Connect via the specified proxy URL
@@ -84,11 +86,18 @@ These settings are optional:
    - `hostname_prefix`, Prefix for the generated hostnames (note that OCI doesn't like underscores)
    - `freeform_tags`, Hash containing tag name(s) and values(s)
    - `use_instance_principals`, Boolean flag indicated whether Instance Principals should be used as credentials (see below)
+   - `use_token_auth`, Boolean flag indicating if token authentication should be used (see below)
    - `preemptible_instance`, Boolean flag to indicate if the compute instance should be preemptible, default is `false`.
    - `shape_config`, Hash of shape config parameters required when using Flex shapes.
      - `ocpus`, number of CPUs requested
      - `memory_in_gbs`, the amount of memory requested
      - `baseline_ocpu_utilization`, the minimum CPU utilization, default `BASELINE_1_1`
+   - `volumes`, an array of hashes with configuration options of each volume
+     - `name`, the display name of the volume
+     - `size_in_gbs`, the size in Gbs for the volume. Can't be lower than 50Gbs (Oracle Limit)
+     - `type`, oracle only supports `iscsi` or `paravirtual` options (default: `paravirtual`)
+     - `vpus_per_gb`, vpus per gb. Make sure to consult the documentation for your shape to take advantage of UHP as MultiPath is enabled only with certain combinations of memory/cpus.
+   - `nsg_ids`, The option to connect up to 5 Network Security Groups to compute instance.
 
 Optional settings for WinRM support in Windows:
 
@@ -105,7 +114,7 @@ If the `subnet_id` refers to a subnet configured to disallow public IPs on any a
   driver:
     name: oci
     # These are mandatory
-    compartment_id: "ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+    compartment_name: "dev-00"
     availability_domain: "XyAb:US-ASHBURN-AD-1"
     image_id: "ocid1.image.oc1.phx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
     shape: "VM.Standard1.2"
@@ -116,6 +125,9 @@ If the `subnet_id` refers to a subnet configured to disallow public IPs on any a
     oci_config_file: "~/.oci/config"
     oci_profile_name: "DEFAULT"
     ssh_keypath: "~/.ssh/id_rsa.pub"
+    nsg_ids:
+      - ocid1.networksecuritygroup.oc1.phx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+      - ocid1.networksecuritygroup.oc1.phx.yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
     post_create_script: >-
 ```
 
@@ -173,6 +185,43 @@ export no_proxy=169.254.0.0/16
 
 This will allow the OCI lib to retrieve the certificate, key and ca-chain from the metadata service.
 
+## Token Auth
+
+If you are launching Kitchen from system configured for token authentication (by running `oci session authenticate`), you need to set `use_token_auth: true`. This is in addition to the `oci_config_file` and `oci_profile_name` settings.
+
+```yml
+platforms:
+  - name: ubuntu-18.04
+    driver:
+      ...
+      oci_config_file: "~/.oci/config"
+      oci_profile_name: "DEFAULT"
+      use_token_auth: true
+      ...
+```
+
+## Use without OCI config file
+
+If you want to run without running `oci setup config` (such as on a build server) you can specify configuration settings that would be in the `~/.oci/config` file directly in the `kitchen.yml`
+
+For example, to use the [OCI CLI Environment Variables](https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/clienvironmentvariables.htm) without a config you could have use kitchen's ERB to read environment variables.
+
+```yml
+platforms:
+  - name: ubuntu-18.04
+    driver:
+      ...
+      oci_config:
+        region: <%= ENV['OCI_CLI_REGION'] %>
+        user: <%= ENV['OCI_CLI_USER'] %>
+        fingerprint: <%= ENV['OCI_CLI_FINGERPRINT'] %>
+        authentication_type: <%= ENV['OCI_CLI_AUTH'] %>
+        key_file: <%= ENV['OCI_CLI_KEY_FILE'] %>
+        tenancy: <%= ENV['OCI_CLI_TENANCY'] %>
+      ...
+```
+
+
 ## Support for user data scripts and cloud-init
 
 The driver has support for adding user data that can be executed as scripts by cloud-init.  These can either be specified inline or by referencing a file.  Examples:

data/kitchen-oci.gemspec

@@ -35,7 +35,7 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ['lib']
 
-  spec.add_dependency 'oci', '~> 2.15.0'
+  spec.add_dependency 'oci', '~> 2.18.0'
   spec.add_dependency 'test-kitchen'
 
   spec.add_development_dependency 'bundler'

data/lib/kitchen/driver/oci.rb

@@ -25,6 +25,7 @@ require 'base64'
 require 'erb'
 require 'kitchen'
 require 'oci'
+require 'openssl'
 require 'uri'
 require 'zlib'
 
@@ -35,12 +36,13 @@ module Kitchen
     # @author Stephen Pearson <stephen.pearson@oracle.com>
     class Oci < Kitchen::Driver::Base # rubocop:disable Metrics/ClassLength
       # required config items
-      required_config :compartment_id
       required_config :availability_domain
       required_config :shape
       required_config :subnet_id
 
       # common config items
+      default_config :compartment_id, nil
+      default_config :compartment_name, nil
       default_config :instance_type, 'compute'
       default_config :hostname_prefix, nil
       default_keypath = File.expand_path(File.join(%w[~ .ssh id_rsa.pub]))
@@ -52,19 +54,25 @@ module Kitchen
 
       # compute config items
       default_config :image_id
+      default_config :boot_volume_size_in_gbs, nil
       default_config :use_private_ip, false
+      default_config :oci_config, {}
       default_config :oci_config_file, nil
       default_config :oci_profile_name, nil
       default_config :setup_winrm, false
       default_config :winrm_user, 'opc'
       default_config :winrm_password, nil
       default_config :use_instance_principals, false
+      default_config :use_token_auth, false
       default_config :preemptible_instance, false
       default_config :shape_config, {}
 
       # dbaas config items
       default_config :dbaas, {}
 
+      # blockstorage config items
+      default_config :volumes, {}
+
       def create(state)
         return if state[:server_id]
 
@@ -77,6 +85,9 @@ module Kitchen
 
         instance.transport.connection(state).wait_until_ready
 
+        state[:volumes] = process_volumes_list(state)
+        state[:volume_attachments] = process_volume_attachments(state)
+
         return unless config[:post_create_script]
 
         info('Running post create script')
@@ -89,6 +100,18 @@ module Kitchen
 
         instance.transport.connection(state).close
 
+        if state[:volume_attachments]
+          state[:volume_attachments].each do |attachment|
+            volume_detach(attachment)
+          end
+        end
+
+        if state[:volumes]
+          state[:volumes].each do |vol|
+            volume_delete(vol[:id])
+          end
+        end
+
         if instance_type == 'compute'
           comp_api.terminate_instance(state[:server_id])
         elsif instance_type == 'dbaas'
@@ -121,6 +144,24 @@ module Kitchen
 
       private
 
+      def compartment_id
+        return config[:compartment_id] if config[:compartment_id]
+        raise 'must specify either compartment_id or compartment_name' unless config[:compartment_name]
+        ident_api.list_compartments(tenancy).data.find do |item|
+          return item.id if item.name == config[:compartment_name]
+        end
+        raise 'compartment not found'
+      end
+
+      def tenancy
+        if config[:use_instance_principals]
+          sign = OCI::Auth::Signers::InstancePrincipalsSecurityTokenSigner.new
+          sign.instance_variable_get '@tenancy_id'
+        else
+          oci_config.tenancy
+        end
+      end
+
       def instance_type
         raise 'instance_type must be either compute or dbaas!' unless %w[compute dbaas].include?(config[:instance_type].downcase)
 
@@ -131,10 +172,23 @@ module Kitchen
       # OCI config setup #
       ####################
       def oci_config
+        # OCI::Config is missing this
+        OCI::Config.class_eval { attr_accessor :security_token_file } if config[:use_token_auth]
+
         opts = {}
         opts[:config_file_location] = config[:oci_config_file] if config[:oci_config_file]
         opts[:profile_name] = config[:oci_profile_name] if config[:oci_profile_name]
-        OCI::ConfigFileLoader.load_config(**opts)
+
+        oci_config = begin
+                       OCI::ConfigFileLoader.load_config(**opts)
+                     rescue OCI::ConfigFileLoader::Errors::ConfigFileNotFoundError
+                       OCI::Config.new
+                     end
+
+        config[:oci_config].each do |key, value|
+          oci_config.send("#{key}=", value) unless value.nil? || value.empty?
+        end
+        oci_config
       end
 
       def proxy_config
@@ -165,6 +219,13 @@ module Kitchen
         if config[:use_instance_principals]
           sign = OCI::Auth::Signers::InstancePrincipalsSecurityTokenSigner.new
           params = { signer: sign }
+        elsif config[:use_token_auth]
+          pkey_content = oci_config.key_content || IO.read(oci_config.key_file).strip
+          pkey = OpenSSL::PKey::RSA.new(pkey_content, oci_config.pass_phrase)
+
+          token = IO.read(oci_config.security_token_file).strip
+          sign = OCI::Auth::Signers::SecurityTokenSigner.new(token, pkey)
+          params = { config: oci_config, signer: sign }
         else
           params = { config: oci_config }
         end
@@ -184,6 +245,14 @@ module Kitchen
         generic_api(OCI::Database::DatabaseClient)
       end
 
+      def ident_api
+        generic_api(OCI::Identity::IdentityClient)
+      end
+
+      def blockstorage_api
+        generic_api(OCI::Core::BlockstorageClient)
+      end
+
       ##################
       # Common methods #
       ##################
@@ -288,7 +357,7 @@ module Kitchen
         OCI::Core::Models::LaunchInstanceDetails.new.tap do |l|
           hostname = generate_hostname
           l.availability_domain = config[:availability_domain]
-          l.compartment_id = config[:compartment_id]
+          l.compartment_id = compartment_id
           l.display_name = hostname
           l.source_details = instance_source_details
           l.shape = config[:shape]
@@ -302,7 +371,8 @@ module Kitchen
       def instance_source_details
         OCI::Core::Models::InstanceSourceViaImageDetails.new(
           sourceType: 'image',
-          imageId: config[:image_id]
+          imageId: config[:image_id],
+          bootVolumeSizeInGBs: config[:boot_volume_size_in_gbs],
         )
       end
 
@@ -324,10 +394,13 @@ module Kitchen
       end
 
       def create_vnic_details(name)
+        nsg_ids = config[:nsg_ids] || []
+        raise 'nsg_ids cannot have more than 5 NSGs.' if nsg_ids.length > 5
         OCI::Core::Models::CreateVnicDetails.new(
           assign_public_ip: public_ip_allowed?,
           display_name: name,
           hostname_label: name,
+          nsg_ids: nsg_ids,
           subnetId: config[:subnet_id]
         )
       end
@@ -340,7 +413,7 @@ module Kitchen
 
       def vnic_attachments(instance_id)
         att = comp_api.list_vnic_attachments(
-          config[:compartment_id],
+          compartment_id,
           instance_id: instance_id
         ).data
 
@@ -413,6 +486,107 @@ module Kitchen
         end
       end
 
+      ########################
+      # BlockStorage methods #
+      ########################
+      def process_volumes_list(state)
+        created_vol = []
+        config[:volumes].each do |vol_settings|
+          # convert to hash because otherwise it's an an OCI API Object and won't load
+          volume_attachment_type = vol_settings[:type].downcase || 'paravirtual'
+          unless %w[iscsi paravirtual].include?(volume_attachment_type)
+            info("invalid volume attachment type: #{volume_attachment_type}")
+            next
+          end
+          volume = volume_create(
+            config[:availability_domain],
+            vol_settings[:name],
+            vol_settings[:size_in_gbs],
+            vol_settings[:vpus_per_gb] || 10
+          ).to_hash
+          # convert to string otherwise it's a ruby datetime object and won't load
+          volume[:attachment_type] = volume_attachment_type
+          created_vol << volume
+        end
+        created_vol
+      end
+
+      def volume_create(availability_domain, display_name, size_in_gbs, vpus_per_gb)
+        info("Creating volume <#{display_name}>...")
+        result = blockstorage_api.create_volume(
+          OCI::Core::Models::CreateVolumeDetails.new(
+            compartment_id: compartment_id,
+            availability_domain: availability_domain,
+            display_name: display_name,
+            size_in_gbs: size_in_gbs,
+            vpus_per_gb: vpus_per_gb
+          )
+        )
+        get_volume_response = blockstorage_api.get_volume(result.data.id)
+                                              .wait_until(:lifecycle_state, OCI::Core::Models::Volume::LIFECYCLE_STATE_AVAILABLE)
+        info("Finished creating volume <#{display_name}>.")
+        state_data = {
+          :id => get_volume_response.data.id
+        }
+      end
+
+      def volume_delete(volume_id)
+        info("Deleting volume: <#{volume_id}>...")
+        blockstorage_api.delete_volume(volume_id)
+        blockstorage_api.get_volume(volume_id)
+                        .wait_until(:lifecycle_state, OCI::Core::Models::Volume::LIFECYCLE_STATE_TERMINATED)
+        info("Deleted volume: <#{volume_id}>")
+      end
+
+      def process_volume_attachments(state)
+        attachments = []
+        state[:volumes].each do |volume|
+          info("Attaching Volume: #{volume[:displayName]} - #{volume[:attachment_type]}")
+          details = volume_create_attachment_details(volume, state[:server_id])
+          attachment = volume_attach(details).to_hash
+          attachments << attachment
+          info("Attached Volume #{volume[:displayName]} - #{volume[:attachment_type]}")
+        end
+        attachments
+      end
+
+      def volume_create_attachment_details(volume, instance_id)
+        if volume[:attachment_type].eql?('iscsi')
+          OCI::Core::Models::AttachIScsiVolumeDetails.new(
+            display_name: 'iSCSIAttachment',
+            volume_id: volume[:id],
+            instance_id: instance_id
+          )
+        elsif volume[:attachment_type].eq?('paravirtual')
+          OCI::Core::Models::AttachParavirtualizedVolumeDetails.new(
+            display_name: 'paravirtAttachment',
+            volume_id: volume[:id],
+            instance_id: instance_id
+          )
+        end
+      end
+
+      def volume_attach(volume_attachment_details)
+        result = comp_api.attach_volume(volume_attachment_details)
+        get_volume_attachment_response =
+          comp_api.get_volume_attachment(result.data.id)
+                  .wait_until(:lifecycle_state, OCI::Core::Models::VolumeAttachment::LIFECYCLE_STATE_ATTACHED)
+        state_data = {
+          :id => get_volume_attachment_response.data.id,
+          :iqn_ipv4 => get_volume_attachment_response.data.ipv4,
+          :iqn => get_volume_attachment_response.data.iqn,
+          :port => get_volume_attachment_response.data.port,
+        }
+      end
+
+      def volume_detach(volume_attachment)
+        info("Detaching volume: #{volume_attachment[:id]}")
+        comp_api.detach_volume(volume_attachment[:id])
+        comp_api.get_volume_attachment(volume_attachment[:id])
+                .wait_until(:lifecycle_state, OCI::Core::Models::VolumeAttachment::LIFECYCLE_STATE_DETACHED)
+        info("Detached volume: #{volume_attachment[:id]}")
+      end
+
       #################
       # DBaaS methods #
       #################
@@ -438,7 +612,7 @@ module Kitchen
 
         OCI::Database::Models::LaunchDbSystemDetails.new.tap do |l|
           l.availability_domain = config[:availability_domain]
-          l.compartment_id = config[:compartment_id]
+          l.compartment_id = compartment_id
           l.cpu_core_count = cpu_core_count
           l.database_edition = database_edition
           l.db_home = create_db_home_details
@@ -501,7 +675,7 @@ module Kitchen
 
       def dbaas_node(instance_id)
         dbaas_api.list_db_nodes(
-          config[:compartment_id],
+          compartment_id,
           db_system_id: instance_id
         ).data
       end

data/lib/kitchen/driver/oci_version.rb

@@ -20,6 +20,6 @@
 module Kitchen
   module Driver
     # Version string for Oracle OCI Kitchen driver
-    OCI_VERSION = '1.12.1'
+    OCI_VERSION = '1.13.0'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kitchen-oci
 version: !ruby/object:Gem::Version
-  version: 1.12.1
+  version: 1.13.0
 platform: ruby
 authors:
 - Stephen Pearson
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-08-30 00:00:00.000000000 Z
+date: 2024-02-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: oci
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.15.0
+        version: 2.18.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.15.0
+        version: 2.18.0
 - !ruby/object:Gem::Dependency
   name: test-kitchen
   requirement: !ruby/object:Gem::Requirement
@@ -148,7 +148,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.3.7
 signing_key: 
 specification_version: 4
 summary: A Test Kitchen Driver for Oracle OCI