kitchen-oci 1.12.1 → 1.12.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +42 -2
- data/kitchen-oci.gemspec +1 -1
- data/lib/kitchen/driver/oci.rb +55 -7
- data/lib/kitchen/driver/oci_version.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a10f6ca7b7c04c9156e106fefce6077699d9fb82e377d3475fa1876b7d96b411
|
4
|
+
data.tar.gz: eff8e99b111c337b3d748f305d4fecd80952c59ac3220f144b034c14061db807
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3fd050c58446fc60c4ac4e6e8e95b62503b00402d48b6b83d35f75b698cef3d84747cb3a5e0d7e8ca8f367cb157d99cc726c5a9a6317fbc9a2d3c704a0fcba3c
|
7
|
+
data.tar.gz: 201e5ae042165df1be1fdf11a3f70e2afe8df78907c396d8afbda53dea56a55a29bf2d76a52acfcc10d60d7b68097e968ccd28eadfa3c39936cb3db5e1bdfb14
|
data/README.md
CHANGED
@@ -53,7 +53,7 @@ gem install pkg/kitchen-oci-<VERSION>.gem
|
|
53
53
|
|
54
54
|
Adjust below template as required. The following configuration is mandatory for all instance types:
|
55
55
|
|
56
|
-
- `compartment_id`
|
56
|
+
- `compartment_id` or `compartment_name`
|
57
57
|
- `availability_domain`
|
58
58
|
- `shape`
|
59
59
|
- `subnet_id`
|
@@ -74,9 +74,11 @@ The following configuration is mandatory:
|
|
74
74
|
|
75
75
|
These settings are optional:
|
76
76
|
|
77
|
+
- `boot_volume_size_in_gbs`, The size of the boot volume, in GB
|
77
78
|
- `use_private_ip`, Whether to connect to the instance using a private IP, default is false (public ip)
|
78
79
|
- `oci_config_file`, OCI configuration file, by default this is ~/.oci/config
|
79
80
|
- `oci_profile_name`, OCI profile to use, default value is "DEFAULT"
|
81
|
+
- `oci_config`, Hash of additional `OCI::Config` settings. Allows you to test without an oci config file (see below)
|
80
82
|
- `ssh_keypath`, SSH public key, default is ~/.ssh/id\_rsa.pub
|
81
83
|
- `post_create_script`, run a script on compute\_instance after deployment
|
82
84
|
- `proxy_url`, Connect via the specified proxy URL
|
@@ -84,6 +86,7 @@ These settings are optional:
|
|
84
86
|
- `hostname_prefix`, Prefix for the generated hostnames (note that OCI doesn't like underscores)
|
85
87
|
- `freeform_tags`, Hash containing tag name(s) and values(s)
|
86
88
|
- `use_instance_principals`, Boolean flag indicated whether Instance Principals should be used as credentials (see below)
|
89
|
+
- `use_token_auth`, Boolean flag indicating if token authentication should be used (see below)
|
87
90
|
- `preemptible_instance`, Boolean flag to indicate if the compute instance should be preemptible, default is `false`.
|
88
91
|
- `shape_config`, Hash of shape config parameters required when using Flex shapes.
|
89
92
|
- `ocpus`, number of CPUs requested
|
@@ -105,7 +108,7 @@ If the `subnet_id` refers to a subnet configured to disallow public IPs on any a
|
|
105
108
|
driver:
|
106
109
|
name: oci
|
107
110
|
# These are mandatory
|
108
|
-
|
111
|
+
compartment_name: "dev-00"
|
109
112
|
availability_domain: "XyAb:US-ASHBURN-AD-1"
|
110
113
|
image_id: "ocid1.image.oc1.phx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
|
111
114
|
shape: "VM.Standard1.2"
|
@@ -173,6 +176,43 @@ export no_proxy=169.254.0.0/16
|
|
173
176
|
|
174
177
|
This will allow the OCI lib to retrieve the certificate, key and ca-chain from the metadata service.
|
175
178
|
|
179
|
+
## Token Auth
|
180
|
+
|
181
|
+
If you are launching Kitchen from system configured for token authentication (by running `oci session authenticate`), you need to set `use_token_auth: true`. This is in addition to the `oci_config_file` and `oci_profile_name` settings.
|
182
|
+
|
183
|
+
```yml
|
184
|
+
platforms:
|
185
|
+
- name: ubuntu-18.04
|
186
|
+
driver:
|
187
|
+
...
|
188
|
+
oci_config_file: "~/.oci/config"
|
189
|
+
oci_profile_name: "DEFAULT"
|
190
|
+
use_token_auth: true
|
191
|
+
...
|
192
|
+
```
|
193
|
+
|
194
|
+
## Use without OCI config file
|
195
|
+
|
196
|
+
If you want to run without running `oci setup config` (such as on a build server) you can specify configuration settings that would be in the `~/.oci/config` file directly in the `kitchen.yml`
|
197
|
+
|
198
|
+
For example, to use the [OCI CLI Environment Variables](https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/clienvironmentvariables.htm) without a config you could have use kitchen's ERB to read environment variables.
|
199
|
+
|
200
|
+
```yml
|
201
|
+
platforms:
|
202
|
+
- name: ubuntu-18.04
|
203
|
+
driver:
|
204
|
+
...
|
205
|
+
oci_config:
|
206
|
+
region: <%= ENV['OCI_CLI_REGION'] %>
|
207
|
+
user: <%= ENV['OCI_CLI_USER'] %>
|
208
|
+
fingerprint: <%= ENV['OCI_CLI_FINGERPRINT'] %>
|
209
|
+
authentication_type: <%= ENV['OCI_CLI_AUTH'] %>
|
210
|
+
key_file: <%= ENV['OCI_CLI_KEY_FILE'] %>
|
211
|
+
tenancy: <%= ENV['OCI_CLI_TENANCY'] %>
|
212
|
+
...
|
213
|
+
```
|
214
|
+
|
215
|
+
|
176
216
|
## Support for user data scripts and cloud-init
|
177
217
|
|
178
218
|
The driver has support for adding user data that can be executed as scripts by cloud-init. These can either be specified inline or by referencing a file. Examples:
|
data/kitchen-oci.gemspec
CHANGED
@@ -35,7 +35,7 @@ Gem::Specification.new do |spec|
|
|
35
35
|
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
36
36
|
spec.require_paths = ['lib']
|
37
37
|
|
38
|
-
spec.add_dependency 'oci', '~> 2.
|
38
|
+
spec.add_dependency 'oci', '~> 2.18.0'
|
39
39
|
spec.add_dependency 'test-kitchen'
|
40
40
|
|
41
41
|
spec.add_development_dependency 'bundler'
|
data/lib/kitchen/driver/oci.rb
CHANGED
@@ -25,6 +25,7 @@ require 'base64'
|
|
25
25
|
require 'erb'
|
26
26
|
require 'kitchen'
|
27
27
|
require 'oci'
|
28
|
+
require 'openssl'
|
28
29
|
require 'uri'
|
29
30
|
require 'zlib'
|
30
31
|
|
@@ -35,12 +36,13 @@ module Kitchen
|
|
35
36
|
# @author Stephen Pearson <stephen.pearson@oracle.com>
|
36
37
|
class Oci < Kitchen::Driver::Base # rubocop:disable Metrics/ClassLength
|
37
38
|
# required config items
|
38
|
-
required_config :compartment_id
|
39
39
|
required_config :availability_domain
|
40
40
|
required_config :shape
|
41
41
|
required_config :subnet_id
|
42
42
|
|
43
43
|
# common config items
|
44
|
+
default_config :compartment_id, nil
|
45
|
+
default_config :compartment_name, nil
|
44
46
|
default_config :instance_type, 'compute'
|
45
47
|
default_config :hostname_prefix, nil
|
46
48
|
default_keypath = File.expand_path(File.join(%w[~ .ssh id_rsa.pub]))
|
@@ -52,13 +54,16 @@ module Kitchen
|
|
52
54
|
|
53
55
|
# compute config items
|
54
56
|
default_config :image_id
|
57
|
+
default_config :boot_volume_size_in_gbs, nil
|
55
58
|
default_config :use_private_ip, false
|
59
|
+
default_config :oci_config, {}
|
56
60
|
default_config :oci_config_file, nil
|
57
61
|
default_config :oci_profile_name, nil
|
58
62
|
default_config :setup_winrm, false
|
59
63
|
default_config :winrm_user, 'opc'
|
60
64
|
default_config :winrm_password, nil
|
61
65
|
default_config :use_instance_principals, false
|
66
|
+
default_config :use_token_auth, false
|
62
67
|
default_config :preemptible_instance, false
|
63
68
|
default_config :shape_config, {}
|
64
69
|
|
@@ -121,6 +126,24 @@ module Kitchen
|
|
121
126
|
|
122
127
|
private
|
123
128
|
|
129
|
+
def compartment_id
|
130
|
+
return config[:compartment_id] if config[:compartment_id]
|
131
|
+
raise 'must specify either compartment_id or compartment_name' unless config[:compartment_name]
|
132
|
+
ident_api.list_compartments(tenancy).data.find do |item|
|
133
|
+
return item.id if item.name == config[:compartment_name]
|
134
|
+
end
|
135
|
+
raise 'compartment not found'
|
136
|
+
end
|
137
|
+
|
138
|
+
def tenancy
|
139
|
+
if config[:use_instance_principals]
|
140
|
+
sign = OCI::Auth::Signers::InstancePrincipalsSecurityTokenSigner.new
|
141
|
+
sign.instance_variable_get '@tenancy_id'
|
142
|
+
else
|
143
|
+
oci_config.tenancy
|
144
|
+
end
|
145
|
+
end
|
146
|
+
|
124
147
|
def instance_type
|
125
148
|
raise 'instance_type must be either compute or dbaas!' unless %w[compute dbaas].include?(config[:instance_type].downcase)
|
126
149
|
|
@@ -131,10 +154,23 @@ module Kitchen
|
|
131
154
|
# OCI config setup #
|
132
155
|
####################
|
133
156
|
def oci_config
|
157
|
+
# OCI::Config is missing this
|
158
|
+
OCI::Config.class_eval { attr_accessor :security_token_file } if config[:use_token_auth]
|
159
|
+
|
134
160
|
opts = {}
|
135
161
|
opts[:config_file_location] = config[:oci_config_file] if config[:oci_config_file]
|
136
162
|
opts[:profile_name] = config[:oci_profile_name] if config[:oci_profile_name]
|
137
|
-
|
163
|
+
|
164
|
+
oci_config = begin
|
165
|
+
OCI::ConfigFileLoader.load_config(**opts)
|
166
|
+
rescue OCI::ConfigFileLoader::Errors::ConfigFileNotFoundError
|
167
|
+
OCI::Config.new
|
168
|
+
end
|
169
|
+
|
170
|
+
config[:oci_config].each do |key, value|
|
171
|
+
oci_config.send("#{key}=", value) unless value.nil? || value.empty?
|
172
|
+
end
|
173
|
+
oci_config
|
138
174
|
end
|
139
175
|
|
140
176
|
def proxy_config
|
@@ -165,6 +201,13 @@ module Kitchen
|
|
165
201
|
if config[:use_instance_principals]
|
166
202
|
sign = OCI::Auth::Signers::InstancePrincipalsSecurityTokenSigner.new
|
167
203
|
params = { signer: sign }
|
204
|
+
elsif config[:use_token_auth]
|
205
|
+
pkey_content = oci_config.key_content || IO.read(oci_config.key_file).strip
|
206
|
+
pkey = OpenSSL::PKey::RSA.new(pkey_content, oci_config.pass_phrase)
|
207
|
+
|
208
|
+
token = IO.read(oci_config.security_token_file).strip
|
209
|
+
sign = OCI::Auth::Signers::SecurityTokenSigner.new(token, pkey)
|
210
|
+
params = { config: oci_config, signer: sign }
|
168
211
|
else
|
169
212
|
params = { config: oci_config }
|
170
213
|
end
|
@@ -184,6 +227,10 @@ module Kitchen
|
|
184
227
|
generic_api(OCI::Database::DatabaseClient)
|
185
228
|
end
|
186
229
|
|
230
|
+
def ident_api
|
231
|
+
generic_api(OCI::Identity::IdentityClient)
|
232
|
+
end
|
233
|
+
|
187
234
|
##################
|
188
235
|
# Common methods #
|
189
236
|
##################
|
@@ -288,7 +335,7 @@ module Kitchen
|
|
288
335
|
OCI::Core::Models::LaunchInstanceDetails.new.tap do |l|
|
289
336
|
hostname = generate_hostname
|
290
337
|
l.availability_domain = config[:availability_domain]
|
291
|
-
l.compartment_id =
|
338
|
+
l.compartment_id = compartment_id
|
292
339
|
l.display_name = hostname
|
293
340
|
l.source_details = instance_source_details
|
294
341
|
l.shape = config[:shape]
|
@@ -302,7 +349,8 @@ module Kitchen
|
|
302
349
|
def instance_source_details
|
303
350
|
OCI::Core::Models::InstanceSourceViaImageDetails.new(
|
304
351
|
sourceType: 'image',
|
305
|
-
imageId: config[:image_id]
|
352
|
+
imageId: config[:image_id],
|
353
|
+
bootVolumeSizeInGBs: config[:boot_volume_size_in_gbs],
|
306
354
|
)
|
307
355
|
end
|
308
356
|
|
@@ -340,7 +388,7 @@ module Kitchen
|
|
340
388
|
|
341
389
|
def vnic_attachments(instance_id)
|
342
390
|
att = comp_api.list_vnic_attachments(
|
343
|
-
|
391
|
+
compartment_id,
|
344
392
|
instance_id: instance_id
|
345
393
|
).data
|
346
394
|
|
@@ -438,7 +486,7 @@ module Kitchen
|
|
438
486
|
|
439
487
|
OCI::Database::Models::LaunchDbSystemDetails.new.tap do |l|
|
440
488
|
l.availability_domain = config[:availability_domain]
|
441
|
-
l.compartment_id =
|
489
|
+
l.compartment_id = compartment_id
|
442
490
|
l.cpu_core_count = cpu_core_count
|
443
491
|
l.database_edition = database_edition
|
444
492
|
l.db_home = create_db_home_details
|
@@ -501,7 +549,7 @@ module Kitchen
|
|
501
549
|
|
502
550
|
def dbaas_node(instance_id)
|
503
551
|
dbaas_api.list_db_nodes(
|
504
|
-
|
552
|
+
compartment_id,
|
505
553
|
db_system_id: instance_id
|
506
554
|
).data
|
507
555
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: kitchen-oci
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.12.
|
4
|
+
version: 1.12.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Stephen Pearson
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-07-07 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: oci
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 2.
|
19
|
+
version: 2.18.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 2.
|
26
|
+
version: 2.18.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: test-kitchen
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -148,7 +148,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
148
148
|
- !ruby/object:Gem::Version
|
149
149
|
version: '0'
|
150
150
|
requirements: []
|
151
|
-
rubygems_version: 3.
|
151
|
+
rubygems_version: 3.3.7
|
152
152
|
signing_key:
|
153
153
|
specification_version: 4
|
154
154
|
summary: A Test Kitchen Driver for Oracle OCI
|