kitchen-oci 1.8.0 → 1.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bef4a4b0aadfd5e5f47b67c4a4807d227cf5f636bacbb1a202579f9bda6fd7fc
-  data.tar.gz: b7cef03d39724831643dbaf5d04ed21222d4cb496ff65da9ac724fafa6e8ee97
+  metadata.gz: 8ac8fb8a6a0caaf9b86de1a6178009101fa642e4c6912acb6774fde2f664ae26
+  data.tar.gz: 4a635fbcff0cec7a548709f65e780fe24628733b61441f6feafdf9e988900166
 SHA512:
-  metadata.gz: 86cb6549515a0f169ff4fbfcc0875688f7c0f374ffcccd366a5ce26b20cfe034e18784d22f70df585e37c675c2c48699c80dcfe2d253da3968fb1efd54dd819e
-  data.tar.gz: a49d0d696d9ba6b7af17c9cba108e77a63c1c3c263083a7346afc87406cf081c6160953886165cc8e29578a4d9c92228e91e7fd95f554e8dad4f9e9406c08151
+  metadata.gz: 96e29112bec4d1f0dad5fbbe46e9accf959b27c63b6ca86e81bb32f9e89e7f646aaf720b7185072f9d9c04f45681172d0e6f5bfd14b212fbeee4e87cd9f6cc3f
+  data.tar.gz: cc7f3a9dce9e3b7470ba8480551baa908e0b3880e5a17bfbceec0b0cdea9f2c6c7d9191438b4dbd0248416954d2bd26021748b9148be1c055c477b60448a5dcc

data/README.md

@@ -1,6 +1,6 @@
 # Kitchen::OCI
 
-A Test Kitchen Driver for Oracle Bare Metal Cloud
+A Test Kitchen Driver for Oracle Cloud Infrastructure (OCI)
 
 ## Prerequisites
 
@@ -10,7 +10,7 @@ overridden in .kitchen.yml.
 
 You need to create suitable configuration for OCI in ~/.oci/config and this
 can be created using the CLI:
-```
+```bash
 oci setup config
 ```
 
@@ -20,23 +20,32 @@ pull the Chef binaries.
 
 ## Building the gem
 
-```
+This step is only necessary if you wish to make local modifications.  The gem
+has already been published to rubygems.org.
+
+```bash
 rake build
 ```
 
 ## Installing the gem
 
-You must install the gem into whatever Ruby is used to run knife.  On a
+You must install the gem into whatever Ruby is used to run kitchen.  On a
 workstation this will likely be the ChefDK environment.  To switch to
 ChefDK if you haven't already:
 
-```
+```bash
 eval "$(chef shell-init bash)"
 ```
 
-Then install the package you built earlier:
+You can install the gem from RubyGems.org with:
 
+```bash
+gem install kitchen-oci
 ```
+
+To install a gem you built yourself:
+
+```bash
 gem install pkg/kitchen-oci-<VERSION>.gem
 ```
 
@@ -63,6 +72,7 @@ These settings are optional:
    - user\_data, Add user data scripts
    - hostname\_prefix, Prefix for the generated hostnames (note that OCI doesn't like underscores)
    - freeform\_tags, Hash containing tag name(s) and values(s)
+   - use\_instance\_principals, Boolean flag indicated whether Instance Principals should be used as credentials (see below)
 
 Optional settings for WinRM support in Windows:
 
@@ -74,7 +84,7 @@ The use\_private\_ip influences whether the public or private IP will be used by
 
 If the subnet\_id refers to a subnet configured to disallow public IPs on any attached VNICs, then the VNIC will be created without a public IP and the use\_private\_ip flag will assumed to be true irrespective of the config setting.  On subnets that do allow a public IP a public IP will be allocated to the VNIC, but the use\_private\_ip flag can still be used to override whether the private or public IP will be used.
 
-```
+```yml
 ---
 driver:
   name: oci
@@ -87,7 +97,7 @@ verifier:
   name: inspec
 
 platforms:
-  - name: ubuntu-16.04
+  - name: ubuntu-18.04
     driver:
       # These are mandatory
       compartment_id: "ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
@@ -116,11 +126,32 @@ suites:
     attributes:
 ```
 
+## Instance Principals
+
+If you are launching Kitchen from a compute instance running in OCI then you might prefer to use Instance Principals to authenticate to the OCI APIs.  To set this up you can omit the `oci_config_file` and `oci_profile_name` settings and insert `use_instance_principals: true` into your .kitchen.yml instead.
+
+```yml
+platforms:
+  - name: ubuntu-18.04
+    driver:
+      ...
+      use_instance_principals: true
+      ...
+```
+
+__Important__: If you want to configure a proxy when using Instance Principals, ensure you define the `no_proxy` environment variable so that all link-local access bypasses the proxy.  For example:
+
+```sh
+export no_proxy=169.254.0.0/16
+```
+
+This will allow the OCI lib to retrieve the certificate, key and ca-chain from the metadata service.
+
 ## Support for user data scripts and cloud-init
 
 The driver has support for adding user data that can be executed as scripts by cloud-init.  These can either be specified inline or by referencing a file.  Examples:
 
-```
+```yml
       user_data:
         - type: x-shellscript
           inline: |
@@ -139,14 +170,14 @@ The scripts will be encoded into a gzipped, base64 encoded multipart mime messag
 ## Proxy support
 
 If running Kitchen on a private subnet with no public IPs permitted, it may be necessary to connect to the OCI API via a web proxy.  The proxy URL can either be specified on the command line:
-```
+```bash
 # With authentication
 export http_proxy=http://<proxy_user>:<proxy_password>@<proxy_host>:<proxy_port>"
 # Without authentication
 export http_proxy=http://<proxy_host>:<proxy_port>"
 ```
 .. or if preferred in the cookbook's .kitchen.yml file.
-```
+```yml
 driver:
   ...
   proxy_url: "http://<proxy_user>:<proxy_password>@<proxy_host>:<proxy_port>"
@@ -154,7 +185,7 @@ driver:
 
 The SSH transport can also be tunneled via the web proxy using the CONNECT http method, but note that this is not handled by the kitchen-oci gem.  Configuration is provided here for convenience only:
 
-```
+```yml
 transport:
   username: "<os_username>"
   ssh_http_proxy: "<proxy_host>"
@@ -163,6 +194,8 @@ transport:
   ssh_http_proxy_password: <proxy_password>
 ```
 
+See also the section above on Instance Principals if you plan to use a proxy in conjunction with a proxy.  The proxy needs to be avoided when accessing the metadata address.
+
 ## Windows Support
 
 When launching Oracle provided Windows images, it may be helpful to allow Kitchen-oci to inject powershell to configure WinRM and to set a randomized password that does not need to be changed on first login.  If the `setup_winrm` parameter is set to true then the following steps will happen:
@@ -176,7 +209,7 @@ Make sure that the transport name is set to `winrm` and that the os\_type in the
 
 Full example (.kitchen.yml):
 
-```
+```yml
 ---
 driver:
   name: oci

data/lib/kitchen/driver/oci.rb

@@ -54,6 +54,7 @@ module Kitchen
       default_config :setup_winrm, false
       default_config :winrm_user, 'opc'
       default_config :winrm_password, nil
+      default_config :use_instance_principals, false
 
       def process_freeform_tags(freeform_tags)
         prov = instance.provisioner.instance_variable_get(:@config)
@@ -142,11 +143,14 @@ module Kitchen
 
       def generic_api(klass)
         api_prx = api_proxy
-        if api_prx
-          klass.new(config: oci_config, proxy_settings: api_prx)
+        if config[:use_instance_principals]
+          sign = OCI::Auth::Signers::InstancePrincipalsSecurityTokenSigner.new
+          params = { signer: sign }
         else
-          klass.new(config: oci_config)
+          params = { config: oci_config }
         end
+        params[:proxy_settings] = api_prx if api_prx
+        klass.new(**params)
       end
 
       def comp_api

data/lib/kitchen/driver/oci_version.rb

@@ -20,6 +20,6 @@
 module Kitchen
   module Driver
     # Version string for Oracle OCI Kitchen driver
-    OCI_VERSION = '1.8.0'
+    OCI_VERSION = '1.9.0'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kitchen-oci
 version: !ruby/object:Gem::Version
-  version: 1.8.0
+  version: 1.9.0
 platform: ruby
 authors:
 - Stephen Pearson
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-07-15 00:00:00.000000000 Z
+date: 2020-01-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: oci
@@ -146,7 +146,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.0.1
 signing_key: 
 specification_version: 4
 summary: A Test Kitchen Driver for Oracle OCI