kitchen-oci 1.15.1 → 1.16.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3e3fbf95593303d5f9538c59a7f07eb03dd1871b05b12ca0a82e5d2ed9b529b4
-  data.tar.gz: d0c4e60f05ebaf18293ce93bad6f6a52d5d9657de9a0d34b4bb1d61ddaf3d57e
+  metadata.gz: 54d56f663b88d438c3b210755b53c04b1103445cd3f7736dd783679cda016bb7
+  data.tar.gz: d21f780ff87721d8027d2a4cbcbee1c449644515d61b36207d52d0478651be0a
 SHA512:
-  metadata.gz: dac56f0b424e0b74ca273de0242d5f0883c95eee61c4e086a7cfa66c9382b9b933f5eb907099c83860f1a44c64c10277a0a656e56c755658a44b548b824c2875
-  data.tar.gz: 19adf812199ecbba332985656ffbcc67252107f3f3d1ae2d9fbd1401a9c05e00342bf3d0ba2285f76388ba3075b111de0cb54dab43b94de8424c9ff3359aa04c
+  metadata.gz: 810d92317048752b4d2ad40b952aa8656153c14243fb19fbde92610c6dbc668094d49af4f130f6f3ab4b584e85199d08369ecb35d0f48bd627483b4d272254d9
+  data.tar.gz: b17e5a0695d27d9fab17fb3e415820bb2e62a81124a83bd506e6552f89bfc01d816e66fd3bf681a87629e661d3fed3d3c4b3902c697db854aabdef97136c61ab

data/lib/kitchen/driver/oci/api.rb

@@ -0,0 +1,95 @@
+# frozen_string_literal: true
+
+#
+# Author:: Justin Steele (<justin.steele@oracle.com>)
+#
+# Copyright:: (C) 2024, Stephen Pearson
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module Kitchen
+  module Driver
+    class Oci
+      # Api class that defines the various API classes used to interact with OCI
+      class Api
+        attr_reader :oci_config, :config
+        def initialize(oci_config, config)
+          @oci_config = oci_config
+          @config = config
+        end
+
+        def compute
+          generic_api(OCI::Core::ComputeClient)
+        end
+
+        def network
+          generic_api(OCI::Core::VirtualNetworkClient)
+        end
+
+        def dbaas
+          generic_api(OCI::Database::DatabaseClient)
+        end
+
+        def identity
+          generic_api(OCI::Identity::IdentityClient)
+        end
+
+        def blockstorage
+          generic_api(OCI::Core::BlockstorageClient)
+        end
+
+        private
+
+        def generic_api(klass)
+          params = {}
+          params[:proxy_settings] = api_proxy if api_proxy
+          params[:signer] = if config[:use_instance_principals]
+                              OCI::Auth::Signers::InstancePrincipalsSecurityTokenSigner.new
+                            elsif config[:use_token_auth]
+                              token_signer
+                            end
+          params[:config] = oci_config unless config[:use_instance_principals]
+          klass.new(**params.compact)
+        end
+
+        def token_signer
+          pkey_content = oci_config.key_content || File.read(oci_config.key_file).strip
+          pkey = OpenSSL::PKey::RSA.new(pkey_content, oci_config.pass_phrase)
+
+          token = File.read(oci_config.security_token_file).strip
+          OCI::Auth::Signers::SecurityTokenSigner.new(token, pkey)
+        end
+
+        def proxy_config
+          if config[:proxy_url]
+            URI.parse(config[:proxy_url])
+          else
+            URI.parse("http://example.com").find_proxy
+          end
+        end
+
+        def api_proxy
+          prx = proxy_config
+          return unless prx
+
+          if prx.user
+            OCI::ApiClientProxySettings.new(prx.host, prx.port, prx.user,
+                                            prx.password)
+          else
+            OCI::ApiClientProxySettings.new(prx.host, prx.port)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/kitchen/driver/oci/blockstorage.rb

@@ -0,0 +1,127 @@
+# frozen_string_literal: true
+
+# Author:: Justin Steele (<justin.steele@oracle.com>)
+#
+# Copyright (C) 2024, Stephen Pearson
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module Kitchen
+  module Driver
+    class Oci
+      # generic class for blockstorage
+      class Blockstorage < Oci
+        require_relative "api"
+        require_relative "config"
+        require_relative "models/iscsi"
+        require_relative "models/paravirtual"
+
+        attr_accessor :config, :state, :oci, :api, :volume_state, :volume_attachment_state
+
+        def initialize(config, state, oci, api, action = :create)
+          super()
+          @config = config
+          @state = state
+          @oci = oci
+          @api = api
+          @volume_state = {}
+          @volume_attachment_state = {}
+          oci.compartment if action == :create
+        end
+
+        def create_volume(volume)
+          info("Creating <#{volume[:name]}>...")
+          result = api.blockstorage.create_volume(volume_details(volume))
+          response = volume_response(result.data.id)
+          info("Finished creating <#{volume[:name]}>.")
+          [response, final_state(response)]
+        end
+
+        def attach_volume(volume_details, server_id)
+          info("Attaching <#{volume_details.display_name}>...")
+          attach_volume = api.compute.attach_volume(attachment_details(volume_details, server_id))
+          response = attachment_response(attach_volume.data.id)
+          info("Finished attaching <#{volume_details.display_name}>.")
+          final_state(response)
+        end
+
+        def delete_volume(volume)
+          info("Deleting <#{volume[:display_name]}>...")
+          api.blockstorage.delete_volume(volume[:id])
+          api.blockstorage.get_volume(volume[:id])
+            .wait_until(:lifecycle_state, OCI::Core::Models::Volume::LIFECYCLE_STATE_TERMINATED)
+          info("Finished deleting <#{volume[:display_name]}>.")
+        end
+
+        def detatch_volume(volume_attachment)
+          info("Detaching <#{attachment_name(volume_attachment)}>...")
+          api.compute.detach_volume(volume_attachment[:id])
+          api.compute.get_volume_attachment(volume_attachment[:id])
+            .wait_until(:lifecycle_state, OCI::Core::Models::VolumeAttachment::LIFECYCLE_STATE_DETACHED)
+          info("Finished detaching <#{attachment_name(volume_attachment)}>.")
+        end
+
+        def detatch_and_delete
+          state[:volume_attachments].each do |att|
+            detatch_volume(att)
+          end
+
+          state[:volumes].each do |vol|
+            delete_volume(vol)
+          end
+        end
+
+        def final_state(response)
+          case response
+          when OCI::Core::Models::Volume
+            final_volume_state(response)
+          when OCI::Core::Models::VolumeAttachment
+            final_volume_attachment_state(response)
+          end
+        end
+
+        private
+
+        def volume_response(volume_id)
+          api.blockstorage.get_volume(volume_id)
+            .wait_until(:lifecycle_state, OCI::Core::Models::Volume::LIFECYCLE_STATE_AVAILABLE).data
+        end
+
+        def attachment_response(attachment_id)
+          api.compute.get_volume_attachment(attachment_id)
+            .wait_until(:lifecycle_state, OCI::Core::Models::VolumeAttachment::LIFECYCLE_STATE_ATTACHED).data
+        end
+
+        def volume_details(volume)
+          OCI::Core::Models::CreateVolumeDetails.new(
+            compartment_id: oci.compartment,
+            availability_domain: config[:availability_domain],
+            display_name: volume[:name],
+            size_in_gbs: volume[:size_in_gbs],
+            vpus_per_gb: volume[:vpus_per_gb] || 10
+          )
+        end
+
+        def attachment_name(attachment)
+          attachment[:display_name].gsub(/(?:paravirtual|iscsi)-/, "")
+        end
+
+        def final_volume_state(response)
+          volume_state.store(:id, response.id)
+          volume_state.store(:display_name, response.display_name)
+          volume_state
+        end
+      end
+    end
+  end
+end

data/lib/kitchen/driver/oci/config.rb

@@ -0,0 +1,92 @@
+# frozen_string_literal: true
+
+#
+# Author:: Justin Steele (<justin.steele@oracle.com>)
+#
+# Copyright (C) 2024, Stephen Pearson
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require_relative "api"
+
+module Kitchen
+  module Driver
+    class Oci
+      # Config class that defines the oci config that will be used for the API calls
+      class Config
+        attr_reader :config
+
+        def initialize(driver_config)
+          setup_driver_config(driver_config)
+          @config = oci_config
+        end
+
+        def oci_config
+          # OCI::Config is missing this and we're definitely using compartment and security_token_file if specified in the config
+          OCI::Config.class_eval { attr_accessor :security_token_file } if @driver_config[:use_token_auth]
+          conf = config_loader(config_file_location: @driver_config[:oci_config_file], profile_name: @driver_config[:oci_profile_name])
+          @driver_config[:oci_config].each do |key, value|
+            conf.send("#{key}=", value) unless value.nil? || value.empty?
+          end
+          conf
+        end
+
+        def compartment
+          @compartment ||= @compartment_id
+          return @compartment if @compartment
+
+          raise "must specify either compartment_id or compartment_name" unless [@compartment_id, @compartment_name].any?
+
+          @compartment ||= compartment_id_by_name(@compartment_name)
+          raise "compartment not found" unless @compartment
+        end
+
+        private
+
+        def setup_driver_config(config)
+          @driver_config = config
+          @compartment_id = config[:compartment_id]
+          @compartment_name = config[:compartment_name]
+        end
+
+        def config_loader(opts = {})
+          OCI::ConfigFileLoader.load_config(**opts.compact)
+        rescue OCI::ConfigFileLoader::Errors::ConfigFileNotFoundError
+          OCI::Config.new
+        end
+
+        def tenancy
+          if @driver_config[:use_instance_principals]
+            sign = OCI::Auth::Signers::InstancePrincipalsSecurityTokenSigner.new
+            sign.instance_variable_get "@tenancy_id"
+          else
+            config.tenancy
+          end
+        end
+
+        def compartment_id_by_name(name)
+          api = Oci::Api.new(config, @driver_config).identity
+          all_compartments(api, config.tenancy).select { |c| c.name == name }&.first&.id
+        end
+
+        def all_compartments(api, tenancy, compartments = [], page = nil)
+          current_compartments = api.list_compartments(tenancy, page: page)
+          next_page = current_compartments.next_page
+          compartments << current_compartments.data
+          all_compartments(api, tenancy, compartments, next_page) unless next_page.nil?
+          compartments.flatten
+        end
+      end
+    end
+  end
+end

data/lib/kitchen/driver/oci/instance.rb

@@ -0,0 +1,146 @@
+# frozen_string_literal: true
+
+#
+# Author:: Justin Steele (<justin.steele@oracle.com>)
+#
+# Copyright (C) 2024, Stephen Pearson
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module Kitchen
+  module Driver
+    class Oci
+      # generic class for instance models
+      class Instance < Oci
+        require_relative "api"
+        require_relative "config"
+        require_relative "models/compute"
+        require_relative "models/dbaas"
+
+        attr_accessor :config, :state, :oci, :api
+
+        def initialize(config, state, oci, api, action)
+          super()
+          @config = config
+          @state = state
+          @oci = oci
+          @api = api
+        end
+
+        def compartment_id
+          launch_details.compartment_id = oci.compartment
+        end
+
+        def availability_domain
+          launch_details.availability_domain = config[:availability_domain]
+        end
+
+        def defined_tags
+          launch_details.defined_tags = config[:defined_tags]
+        end
+
+        def shape
+          launch_details.shape = config[:shape]
+        end
+
+        def freeform_tags
+          launch_details.freeform_tags = process_freeform_tags
+        end
+
+        def final_state(state, instance_id)
+          state.store(:server_id, instance_id)
+          state.store(:hostname, instance_ip(instance_id))
+          state
+        end
+
+        private
+
+        def public_ip_allowed?
+          subnet = api.network.get_subnet(config[:subnet_id]).data
+          !subnet.prohibit_public_ip_on_vnic
+        end
+
+        def random_password(special_chars)
+          (Array.new(5) { special_chars.sample } +
+            Array.new(5) { ("a".."z").to_a.sample } +
+            Array.new(5) { ("A".."Z").to_a.sample } +
+            Array.new(5) { ("0".."9").to_a.sample }).shuffle.join
+        end
+
+        def random_string(length)
+          Array.new(length) { ("a".."z").to_a.sample }.join
+        end
+
+        def random_number(length)
+          Array.new(length) { ("0".."9").to_a.sample }.join
+        end
+
+        def process_freeform_tags
+          tags = %w{run_list policyfile}
+          fft = config[:freeform_tags]
+          tags.each do |tag|
+            unless fft[tag.to_sym].nil? || fft[tag.to_sym].empty?
+              fft[tag] =
+                prov[tag.to_sym].join(",")
+            end
+          end
+          fft[:kitchen] = true
+          fft
+        end
+
+        def user_data
+          case config[:user_data]
+          when Array
+            Base64.encode64(multi_part_user_data.close.string).delete("\n")
+          when String
+            Base64.encode64(config[:user_data]).delete("\n")
+          end
+        end
+
+        def multi_part_user_data
+          boundary = "MIMEBOUNDARY_#{random_string(20)}"
+          msg = ["Content-Type: multipart/mixed; boundary=\"#{boundary}\"",
+                 "MIME-Version: 1.0", ""]
+          msg += mime_parts(boundary)
+          txt = "#{msg.join("\n")}\n"
+          gzip = Zlib::GzipWriter.new(StringIO.new)
+          gzip << txt
+        end
+
+        def mime_parts(boundary)
+          msg = []
+          config[:user_data].each do |m|
+            msg << "--#{boundary}"
+            msg << "Content-Disposition: attachment; filename=\"#{m[:filename]}\""
+            msg << "Content-Transfer-Encoding: 7bit"
+            msg << "Content-Type: text/#{m[:type]}" << "Mime-Version: 1.0" << ""
+            msg << read_part(m) << ""
+          end
+          msg << "--#{boundary}--"
+          msg
+        end
+
+        def read_part(part)
+          if part[:path]
+            content = File.read part[:path]
+          elsif part[:inline]
+            content = part[:inline]
+          else
+            raise "Invalid user data"
+          end
+          content.split("\n")
+        end
+      end
+    end
+  end
+end

data/lib/kitchen/driver/oci/models/compute.rb

@@ -0,0 +1,179 @@
+# frozen_string_literal: true
+
+# Author:: Justin Steele (<justin.steele@oracle.com>)
+#
+# Copyright (C) 2024, Stephen Pearson
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module Kitchen
+  module Driver
+    class Oci
+      module Models
+        # Compute instance model
+        class Compute < Instance # rubocop:disable Metrics/ClassLength
+          attr_accessor :launch_details
+
+          def initialize(config, state, oci, api, action = :create)
+            super
+            @launch_details = OCI::Core::Models::LaunchInstanceDetails.new
+          end
+
+          def launch
+            process_windows_options
+            response = api.compute.launch_instance(launch_instance_details)
+            instance_id = response.data.id
+            api.compute.get_instance(instance_id).wait_until(:lifecycle_state, OCI::Core::Models::Instance::LIFECYCLE_STATE_RUNNING )
+            final_state(state, instance_id)
+          end
+
+          def terminate
+            api.compute.terminate_instance(state[:server_id])
+            api.compute.get_instance(state[:server_id]).wait_until(:lifecycle_state, OCI::Core::Models::Instance::LIFECYCLE_STATE_TERMINATING)
+          end
+
+          private
+
+          def launch_instance_details # rubocop:disable Metrics/MethodLength
+            compartment_id
+            availability_domain
+            defined_tags
+            shape
+            freeform_tags
+            hostname_display_name
+            instance_source_details
+            instance_metadata
+            preemptible_instance_config
+            shape_config
+            launch_details
+          end
+
+          def hostname_display_name
+            display_name = hostname
+            launch_details.display_name = display_name
+            launch_details.create_vnic_details = create_vnic_details(display_name)
+          end
+
+          def hostname
+            [config[:hostname_prefix], random_string(6)].compact.join("-")
+          end
+
+          def preemptible_instance_config
+            return unless config[:preemptible_instance]
+
+            launch_details.preemptible_instance_config = OCI::Core::Models::PreemptibleInstanceConfigDetails.new(
+              preemption_action:
+                OCI::Core::Models::TerminatePreemptionAction.new(
+                  type: "TERMINATE", preserve_boot_volume: true
+                )
+            )
+          end
+
+          def shape_config
+            return if config[:shape_config].empty?
+
+            launch_details.shape_config = OCI::Core::Models::LaunchInstanceShapeConfigDetails.new(
+              ocpus: config[:shape_config][:ocpus],
+              memory_in_gbs: config[:shape_config][:memory_in_gbs],
+              baseline_ocpu_utilization: config[:shape_config][:baseline_ocpu_utilization] || "BASELINE_1_1"
+            )
+          end
+
+          def instance_source_details
+            launch_details.source_details = OCI::Core::Models::InstanceSourceViaImageDetails.new(
+              sourceType: "image",
+              imageId: config[:image_id],
+              bootVolumeSizeInGBs: config[:boot_volume_size_in_gbs]
+            )
+          end
+
+          def create_vnic_details(name)
+            OCI::Core::Models::CreateVnicDetails.new(
+              assign_public_ip: public_ip_allowed?,
+              display_name: name,
+              hostname_label: name,
+              nsg_ids: config[:nsg_ids],
+              subnetId: config[:subnet_id]
+            )
+          end
+
+          def pubkey
+            File.readlines(config[:ssh_keypath]).first.chomp
+          end
+
+          def instance_metadata
+            launch_details.metadata = metadata
+          end
+
+          def metadata
+            md = {}
+            inject_powershell
+            config[:custom_metadata]&.each { |k, v| md.store(k, v) }
+            md.store("ssh_authorized_keys", pubkey)
+            md.store("user_data", user_data) if config[:user_data] && !config[:user_data].empty?
+            md
+          end
+
+          def vnics(instance_id)
+            vnic_attachments(instance_id).map { |att| api.network.get_vnic(att.vnic_id).data }
+          end
+
+          def vnic_attachments(instance_id)
+            att = api.compute.list_vnic_attachments(oci.compartment, instance_id: instance_id).data
+            raise "Could not find any VNIC attachments" unless att.any?
+
+            att
+          end
+
+          def instance_ip(instance_id)
+            vnic = vnics(instance_id).select(&:is_primary).first
+            if public_ip_allowed?
+              config[:use_private_ip] ? vnic.private_ip : vnic.public_ip
+            else
+              vnic.private_ip
+            end
+          end
+
+          def process_windows_options
+            return unless windows_state?
+
+            state.store(:username, config[:winrm_user])
+            state.store(:password, config[:winrm_password] || random_password(%w{@ - ( ) .}))
+          end
+
+          def windows_state?
+            config[:setup_winrm] && config[:password].nil? && state[:password].nil?
+          end
+
+          def winrm_ps1
+            filename = File.join(__dir__, %w{.. .. .. .. .. tpl setup_winrm.ps1.erb})
+            tpl = ERB.new(File.read(filename))
+            tpl.result(binding)
+          end
+
+          def inject_powershell
+            return unless config[:setup_winrm]
+
+            data = winrm_ps1
+            config[:user_data] ||= []
+            config[:user_data] << {
+              type: "x-shellscript",
+              inline: data,
+              filename: "setup_winrm.ps1",
+            }
+          end
+        end
+      end
+    end
+  end
+end