kitchen-oci 1.8.0 → 1.9.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +46 -13
- data/lib/kitchen/driver/oci.rb +7 -3
- data/lib/kitchen/driver/oci_version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8ac8fb8a6a0caaf9b86de1a6178009101fa642e4c6912acb6774fde2f664ae26
|
4
|
+
data.tar.gz: 4a635fbcff0cec7a548709f65e780fe24628733b61441f6feafdf9e988900166
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 96e29112bec4d1f0dad5fbbe46e9accf959b27c63b6ca86e81bb32f9e89e7f646aaf720b7185072f9d9c04f45681172d0e6f5bfd14b212fbeee4e87cd9f6cc3f
|
7
|
+
data.tar.gz: cc7f3a9dce9e3b7470ba8480551baa908e0b3880e5a17bfbceec0b0cdea9f2c6c7d9191438b4dbd0248416954d2bd26021748b9148be1c055c477b60448a5dcc
|
data/README.md
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
# Kitchen::OCI
|
2
2
|
|
3
|
-
A Test Kitchen Driver for Oracle
|
3
|
+
A Test Kitchen Driver for Oracle Cloud Infrastructure (OCI)
|
4
4
|
|
5
5
|
## Prerequisites
|
6
6
|
|
@@ -10,7 +10,7 @@ overridden in .kitchen.yml.
|
|
10
10
|
|
11
11
|
You need to create suitable configuration for OCI in ~/.oci/config and this
|
12
12
|
can be created using the CLI:
|
13
|
-
```
|
13
|
+
```bash
|
14
14
|
oci setup config
|
15
15
|
```
|
16
16
|
|
@@ -20,23 +20,32 @@ pull the Chef binaries.
|
|
20
20
|
|
21
21
|
## Building the gem
|
22
22
|
|
23
|
-
|
23
|
+
This step is only necessary if you wish to make local modifications. The gem
|
24
|
+
has already been published to rubygems.org.
|
25
|
+
|
26
|
+
```bash
|
24
27
|
rake build
|
25
28
|
```
|
26
29
|
|
27
30
|
## Installing the gem
|
28
31
|
|
29
|
-
You must install the gem into whatever Ruby is used to run
|
32
|
+
You must install the gem into whatever Ruby is used to run kitchen. On a
|
30
33
|
workstation this will likely be the ChefDK environment. To switch to
|
31
34
|
ChefDK if you haven't already:
|
32
35
|
|
33
|
-
```
|
36
|
+
```bash
|
34
37
|
eval "$(chef shell-init bash)"
|
35
38
|
```
|
36
39
|
|
37
|
-
|
40
|
+
You can install the gem from RubyGems.org with:
|
38
41
|
|
42
|
+
```bash
|
43
|
+
gem install kitchen-oci
|
39
44
|
```
|
45
|
+
|
46
|
+
To install a gem you built yourself:
|
47
|
+
|
48
|
+
```bash
|
40
49
|
gem install pkg/kitchen-oci-<VERSION>.gem
|
41
50
|
```
|
42
51
|
|
@@ -63,6 +72,7 @@ These settings are optional:
|
|
63
72
|
- user\_data, Add user data scripts
|
64
73
|
- hostname\_prefix, Prefix for the generated hostnames (note that OCI doesn't like underscores)
|
65
74
|
- freeform\_tags, Hash containing tag name(s) and values(s)
|
75
|
+
- use\_instance\_principals, Boolean flag indicated whether Instance Principals should be used as credentials (see below)
|
66
76
|
|
67
77
|
Optional settings for WinRM support in Windows:
|
68
78
|
|
@@ -74,7 +84,7 @@ The use\_private\_ip influences whether the public or private IP will be used by
|
|
74
84
|
|
75
85
|
If the subnet\_id refers to a subnet configured to disallow public IPs on any attached VNICs, then the VNIC will be created without a public IP and the use\_private\_ip flag will assumed to be true irrespective of the config setting. On subnets that do allow a public IP a public IP will be allocated to the VNIC, but the use\_private\_ip flag can still be used to override whether the private or public IP will be used.
|
76
86
|
|
77
|
-
```
|
87
|
+
```yml
|
78
88
|
---
|
79
89
|
driver:
|
80
90
|
name: oci
|
@@ -87,7 +97,7 @@ verifier:
|
|
87
97
|
name: inspec
|
88
98
|
|
89
99
|
platforms:
|
90
|
-
- name: ubuntu-
|
100
|
+
- name: ubuntu-18.04
|
91
101
|
driver:
|
92
102
|
# These are mandatory
|
93
103
|
compartment_id: "ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
|
@@ -116,11 +126,32 @@ suites:
|
|
116
126
|
attributes:
|
117
127
|
```
|
118
128
|
|
129
|
+
## Instance Principals
|
130
|
+
|
131
|
+
If you are launching Kitchen from a compute instance running in OCI then you might prefer to use Instance Principals to authenticate to the OCI APIs. To set this up you can omit the `oci_config_file` and `oci_profile_name` settings and insert `use_instance_principals: true` into your .kitchen.yml instead.
|
132
|
+
|
133
|
+
```yml
|
134
|
+
platforms:
|
135
|
+
- name: ubuntu-18.04
|
136
|
+
driver:
|
137
|
+
...
|
138
|
+
use_instance_principals: true
|
139
|
+
...
|
140
|
+
```
|
141
|
+
|
142
|
+
__Important__: If you want to configure a proxy when using Instance Principals, ensure you define the `no_proxy` environment variable so that all link-local access bypasses the proxy. For example:
|
143
|
+
|
144
|
+
```sh
|
145
|
+
export no_proxy=169.254.0.0/16
|
146
|
+
```
|
147
|
+
|
148
|
+
This will allow the OCI lib to retrieve the certificate, key and ca-chain from the metadata service.
|
149
|
+
|
119
150
|
## Support for user data scripts and cloud-init
|
120
151
|
|
121
152
|
The driver has support for adding user data that can be executed as scripts by cloud-init. These can either be specified inline or by referencing a file. Examples:
|
122
153
|
|
123
|
-
```
|
154
|
+
```yml
|
124
155
|
user_data:
|
125
156
|
- type: x-shellscript
|
126
157
|
inline: |
|
@@ -139,14 +170,14 @@ The scripts will be encoded into a gzipped, base64 encoded multipart mime messag
|
|
139
170
|
## Proxy support
|
140
171
|
|
141
172
|
If running Kitchen on a private subnet with no public IPs permitted, it may be necessary to connect to the OCI API via a web proxy. The proxy URL can either be specified on the command line:
|
142
|
-
```
|
173
|
+
```bash
|
143
174
|
# With authentication
|
144
175
|
export http_proxy=http://<proxy_user>:<proxy_password>@<proxy_host>:<proxy_port>"
|
145
176
|
# Without authentication
|
146
177
|
export http_proxy=http://<proxy_host>:<proxy_port>"
|
147
178
|
```
|
148
179
|
.. or if preferred in the cookbook's .kitchen.yml file.
|
149
|
-
```
|
180
|
+
```yml
|
150
181
|
driver:
|
151
182
|
...
|
152
183
|
proxy_url: "http://<proxy_user>:<proxy_password>@<proxy_host>:<proxy_port>"
|
@@ -154,7 +185,7 @@ driver:
|
|
154
185
|
|
155
186
|
The SSH transport can also be tunneled via the web proxy using the CONNECT http method, but note that this is not handled by the kitchen-oci gem. Configuration is provided here for convenience only:
|
156
187
|
|
157
|
-
```
|
188
|
+
```yml
|
158
189
|
transport:
|
159
190
|
username: "<os_username>"
|
160
191
|
ssh_http_proxy: "<proxy_host>"
|
@@ -163,6 +194,8 @@ transport:
|
|
163
194
|
ssh_http_proxy_password: <proxy_password>
|
164
195
|
```
|
165
196
|
|
197
|
+
See also the section above on Instance Principals if you plan to use a proxy in conjunction with a proxy. The proxy needs to be avoided when accessing the metadata address.
|
198
|
+
|
166
199
|
## Windows Support
|
167
200
|
|
168
201
|
When launching Oracle provided Windows images, it may be helpful to allow Kitchen-oci to inject powershell to configure WinRM and to set a randomized password that does not need to be changed on first login. If the `setup_winrm` parameter is set to true then the following steps will happen:
|
@@ -176,7 +209,7 @@ Make sure that the transport name is set to `winrm` and that the os\_type in the
|
|
176
209
|
|
177
210
|
Full example (.kitchen.yml):
|
178
211
|
|
179
|
-
```
|
212
|
+
```yml
|
180
213
|
---
|
181
214
|
driver:
|
182
215
|
name: oci
|
data/lib/kitchen/driver/oci.rb
CHANGED
@@ -54,6 +54,7 @@ module Kitchen
|
|
54
54
|
default_config :setup_winrm, false
|
55
55
|
default_config :winrm_user, 'opc'
|
56
56
|
default_config :winrm_password, nil
|
57
|
+
default_config :use_instance_principals, false
|
57
58
|
|
58
59
|
def process_freeform_tags(freeform_tags)
|
59
60
|
prov = instance.provisioner.instance_variable_get(:@config)
|
@@ -142,11 +143,14 @@ module Kitchen
|
|
142
143
|
|
143
144
|
def generic_api(klass)
|
144
145
|
api_prx = api_proxy
|
145
|
-
if
|
146
|
-
|
146
|
+
if config[:use_instance_principals]
|
147
|
+
sign = OCI::Auth::Signers::InstancePrincipalsSecurityTokenSigner.new
|
148
|
+
params = { signer: sign }
|
147
149
|
else
|
148
|
-
|
150
|
+
params = { config: oci_config }
|
149
151
|
end
|
152
|
+
params[:proxy_settings] = api_prx if api_prx
|
153
|
+
klass.new(**params)
|
150
154
|
end
|
151
155
|
|
152
156
|
def comp_api
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: kitchen-oci
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.9.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Stephen Pearson
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-01-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: oci
|
@@ -146,7 +146,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
146
146
|
- !ruby/object:Gem::Version
|
147
147
|
version: '0'
|
148
148
|
requirements: []
|
149
|
-
rubygems_version: 3.0.
|
149
|
+
rubygems_version: 3.0.1
|
150
150
|
signing_key:
|
151
151
|
specification_version: 4
|
152
152
|
summary: A Test Kitchen Driver for Oracle OCI
|