kitchen-pulumi 0.1.0.pre.beta

data/lib/kitchen/pulumi/config_schemas/systems.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+require 'dry/validation'
+require 'kitchen/pulumi/config_schemas'
+require 'kitchen/pulumi/config_schemas/system'
+
+module Kitchen
+  module Pulumi
+    module ConfigSchemas
+      # The value of the +systems+ key must be a sequence of systems.
+      #
+      # {include:Kitchen::Pulumi::ConfigSchemas::System}
+      Systems = ::Dry::Validation.Schema do
+        required(:value).each do
+          schema ::Kitchen::Pulumi::ConfigSchemas::System
+        end
+      end
+    end
+  end
+end

data/lib/kitchen/pulumi/configurable.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+require 'kitchen'
+require 'kitchen/pulumi'
+require 'kitchen/pulumi/kitchen_instance'
+require 'kitchen/pulumi/version'
+
+module Kitchen
+  module Pulumi
+    # Module for plugins which are configurable via user-provided values
+    # in .kitchen.yaml
+    module Configurable
+      # Alternative implementation of Kitchen::Configurable#finalize_config!
+      # which validates the configuration before attempting to expand paths.
+      # See https://github.com/test-kitchen/test-kitchen/issues/1229
+      def finalize_config!(kitchen_instance)
+        kitchen_instance || raise(::Kitchen::ClientError,
+                                  "Instance must be provided to #{self}")
+        @instance = KitchenInstance.new(kitchen_instance)
+        validate_config!
+        expand_paths!
+        load_needed_dependencies!
+        self
+      end
+    end
+  end
+end

data/lib/kitchen/pulumi/error.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+require 'kitchen'
+
+module Kitchen
+  module Pulumi
+    class Error < ::StandardError
+    end
+  end
+end

data/lib/kitchen/pulumi/file_path_config_attribute_definer.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+require 'kitchen/pulumi'
+require 'kitchen/pulumi/config_attribute_definer'
+
+module Kitchen
+  module Pulumi
+    # Class for defining config attributes that are consumed as file paths
+    class FilePathConfigAttributeDefiner
+      def initialize(attribute:, schema:)
+        @attribute = attribute
+        @definer = ConfigAttributeDefiner.new(
+          attribute: attribute,
+          schema: schema,
+        )
+      end
+
+      # Defines the config attribute and then expands the file path
+      def define(plugin_class: plugin)
+        @definer.define(plugin_class: plugin_class)
+        plugin_class.expand_path_for(@attribute.to_sym)
+      end
+    end
+  end
+end

data/lib/kitchen/pulumi/inspec.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+require 'inspec'
+require 'kitchen/pulumi/error'
+require 'train'
+
+module Kitchen
+  module Pulumi
+    # InSpec is the class of objects which act as interfaces to InSpec.
+    class InSpec
+      class << self
+        # .logger= sets the logger for all InSpec processes.
+        #
+        # The logdev of the logger is extended to conform to interface
+        # expected by InSpec.
+        #
+        # @param logger [::Kitchen::Logger] the logger to use.
+        # @return [void]
+        def logger=(logger)
+          logger.logdev.define_singleton_method :filename do
+            false
+          end
+
+          ::Inspec::Log.logger = logger
+        end
+      end
+
+      # #exec executes InSpec.
+      #
+      # @raise [::Kitchen::Pulumi::Error] if executing InSpec fails.
+      # @return [self]
+      def exec
+        @runner.run.tap do |exit_code|
+          if exit_code != 0
+            raise ::Kitchen::Pulumi::Error, "InSpec exited with #{exit_code}"
+          end
+        end
+
+        self
+      rescue ::ArgumentError, ::RuntimeError, ::Train::UserError => e
+        raise ::Kitchen::Pulumi::Error, "Executing InSpec failed\n#{e.message}"
+      end
+
+      # #info logs an information message using the InSpec logger.
+      #
+      # @param message [::String] the message to be logged.
+      # @return [self]
+      def info(message:)
+        ::Inspec::Log.info ::String.new message
+
+        self
+      end
+
+      private
+
+      def initialize(options:, profile_locations:)
+        @runner = ::Inspec::Runner.new options.merge(
+          logger: ::Inspec::Log.logger,
+        )
+        profile_locations.each do |profile_location|
+          @runner.add_target profile_location
+        end
+      end
+    end
+  end
+end

data/lib/kitchen/pulumi/inspec_options_mapper.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+require 'kitchen/pulumi'
+
+module Kitchen
+  module Pulumi
+    # Kitchen::Pulumi::InSpecOptionsMapper maps system configuration attributes
+    # to an InSpec options hash.
+    class InSpecOptionsMapper
+      SYSTEM_ATTRIBUTES_TO_OPTIONS = {
+        attrs: :input_file,
+        backend_cache: :backend_cache,
+        backend: :backend,
+        bastion_host: :bastion_host,
+        bastion_port: :bastion_port,
+        bastion_user: :bastion_user,
+        controls: :controls,
+        enable_password: :enable_password,
+        key_files: :key_files,
+        password: :password,
+        path: :path,
+        port: :port,
+        proxy_command: :proxy_command,
+        reporter: 'reporter',
+        self_signed: :self_signed,
+        shell_command: :shell_command,
+        shell_options: :shell_options,
+        shell: :shell,
+        show_progress: :show_progress,
+        ssl: :ssl,
+        sudo_command: :sudo_command,
+        sudo_options: :sudo_options,
+        sudo_password: :sudo_password,
+        sudo: :sudo,
+        user: :user,
+        vendor_cache: :vendor_cache,
+      }.freeze
+
+      # map populates an InSpec options hash based on the intersection between
+      # the system keys and the supported options
+      # keys, converting keys from symbols to strings as required by InSpec.
+      #
+      # @param options [::Hash] the InSpec options hash to be populated.
+      # @return [void]
+      def map(options:, system:)
+        supported = system.lazy.select do |attribute_name, _|
+          system_attributes_to_options.key?(attribute_name)
+        end
+
+        supported.each do |attribute_name, attribute_value|
+          options.store(
+            system_attributes_to_options.fetch(attribute_name),
+            attribute_value,
+          )
+        end
+
+        options
+      end
+
+      private
+
+      attr_accessor :system_attributes_to_options
+
+      def initialize
+        self.system_attributes_to_options = ::Kitchen::Pulumi::InSpecOptionsMapper::SYSTEM_ATTRIBUTES_TO_OPTIONS.dup # rubocop:disable Metrics/LineLength
+      end
+    end
+  end
+end

data/lib/kitchen/pulumi/inspec_with_hosts.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require 'kitchen'
+require 'kitchen/pulumi/error'
+require 'kitchen/pulumi/inspec'
+
+module Kitchen
+  module Pulumi
+    # InSpec instances act as interfaces to the InSpec gem.
+    class InSpecWithHosts
+      # exec executes the InSpec controls of an InSpec profile.
+      #
+      # @raise [::Kitchen::Pulumi::Error] if the execution of the InSpec
+      #  controls fails.
+      # @return [void]
+      def exec(system:)
+        system.each_host do |host:|
+          ::Kitchen::Pulumi::InSpec
+            .new(
+              options: options.merge(host: host),
+              profile_locations: profile_locations,
+            )
+            .info(message: "#{system}: Verifying host #{host}").exec
+        end
+      end
+
+      private
+
+      attr_accessor :options, :profile_locations
+
+      # @param options [::Hash] options for execution.
+      # @param profile_locations [::Array<::String>] the locations of the
+      #   InSpec profiles which contain the controls to be executed.
+      def initialize(options:, profile_locations:)
+        self.options = options
+        self.profile_locations = profile_locations
+      end
+    end
+  end
+end

data/lib/kitchen/pulumi/inspec_without_hosts.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+require 'kitchen/pulumi/inspec'
+
+module Kitchen
+  module Pulumi
+    # InSpec instances act as interfaces to the InSpec gem.
+    class InSpecWithoutHosts
+      # exec executes the InSpec controls of an InSpec profile.
+      #
+      # @raise [::Kitchen::Pulumi::Error] if the execution of the InSpec
+      #   controls fails.
+      # @return [void]
+      def exec(system:)
+        ::Kitchen::Pulumi::InSpec
+          .new(options: options, profile_locations: profile_locations)
+          .info(message: "#{system}: Verifying")
+          .exec
+      end
+
+      private
+
+      attr_accessor :options, :profile_locations
+
+      # @param options [::Hash] options for execution.
+      # @param profile_locations [::Array<::String>] the locations of the
+      #   InSpec profiles which contain the controls to be executed.
+      def initialize(options:, profile_locations:)
+        self.options = options
+        self.profile_locations = profile_locations
+      end
+    end
+  end
+end

data/lib/kitchen/pulumi/kitchen_instance.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require 'delegate'
+require 'kitchen'
+require 'kitchen/pulumi'
+
+module Kitchen
+  module Pulumi
+    class KitchenInstance < DelegateClass ::Kitchen::Instance
+    end
+  end
+end

data/lib/kitchen/pulumi/shell_out.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require 'kitchen/pulumi'
+require 'kitchen/pulumi/error'
+require 'mixlib/shellout'
+
+module Kitchen
+  module Pulumi
+    # Module orchestrating calls to the Pulumi CLI
+    module ShellOut
+      # Shells out to the Pulumi CLI
+      def self.run(cmd:, duration: 7200, logger:, &block)
+        cmds = Array(cmd)
+        block ||= ->(stdout) { stdout }
+        shell_out(commands: cmds, duration: duration, logger: logger, &block)
+      rescue ::Errno::EACCES, ::Errno::ENOENT,
+             ::Mixlib::ShellOut::InvalidCommandOption,
+             ::Mixlib::ShellOut::CommandTimeout,
+             ::Mixlib::ShellOut::ShellCommandFailed => e
+        raise(::Kitchen::Pulumi::Error, "Error: #{e.message}")
+      end
+
+      def self.shell_out(commands:, duration: 7200, logger:)
+        commands.each do |command|
+          shell_out = ::Mixlib::ShellOut.new(
+            "pulumi #{command}",
+            live_stream: logger,
+            timeout: duration,
+          )
+
+          logger.warn("Running #{shell_out.command}")
+
+          shell_out.run_command
+          shell_out.error!
+          yield(stdout: shell_out.stdout)
+        end
+      end
+    end
+  end
+end

data/lib/kitchen/pulumi/system.rb

@@ -0,0 +1,130 @@
+# frozen_string_literal: true
+
+require 'kitchen/pulumi/error'
+require 'kitchen/pulumi/inspec_with_hosts'
+require 'kitchen/pulumi/inspec_without_hosts'
+require 'kitchen/pulumi/system_attrs_resolver'
+require 'kitchen/pulumi/system_hosts_resolver'
+
+module Kitchen
+  module Pulumi
+    # System is the class of objects which are verified by the Pulumi Verifier.
+    class System
+      # #add_attrs adds attributes to the system.
+      #
+      # @param attrs [#to_hash] the attributes to be added.
+      # @return [self]
+      def add_attrs(attrs:)
+        @attributes = @attributes.merge Hash attrs
+
+        self
+      end
+
+      # #add_hosts adds hosts to the system.
+      #
+      # @param hosts [#to_arr,#to_a] the hosts to be added.
+      # @return [self]
+      def add_hosts(hosts:)
+        @hosts += Array hosts
+
+        self
+      end
+
+      # #each_host enumerates each host of the system.
+      #
+      # @yieldparam host [::String] the next host.
+      # @return [self]
+      def each_host
+        @hosts.each do |host|
+          yield host: host
+        end
+
+        self
+      end
+
+      # #to_s returns a string representation of the system.
+      #
+      # @return [::String] the name of the system.
+      def to_s
+        @mapping.fetch :name
+      end
+
+      # #verify verifies the system by executing InSpec.
+      #
+      # @param inputs [::Hash] the Pulumi input values to be utilized as
+      #   InSpec profile attributes.
+      # @param inspec_options [::Hash] the options to be passed to InSpec.
+      # @param outputs [::Hash] the Pulumi output values to be utilized as
+      #   InSpec profile attributes.
+      # @return [self]
+      def verify(inputs:, inspec_options:, outputs:)
+        resolve inputs: inputs, outputs: outputs
+        execute_inspec options: inspec_options
+
+        self
+      rescue StandardError => e
+        raise ::Kitchen::Pulumi::Error, "#{self}: #{e.message}"
+      end
+
+      private
+
+      def execute_inspec(options:)
+        inspec.new(
+          options: options_with_attributes(options: options),
+          profile_locations: @mapping.fetch(:profile_locations),
+        ).exec(system: self)
+      end
+
+      def initialize(mapping:)
+        @attributes = {}
+        @attrs_outputs = mapping.fetch :attrs_outputs do
+          {}
+        end
+        @hosts = mapping.fetch :hosts do
+          []
+        end
+        @mapping = mapping
+      end
+
+      def inspec
+        if @hosts.empty?
+          ::Kitchen::Pulumi::InSpecWithoutHosts
+        else
+          ::Kitchen::Pulumi::InSpecWithHosts
+        end
+      end
+
+      def options_with_attributes(options:)
+        options.merge attributes: @attributes
+      end
+
+      def resolve(inputs:, outputs:)
+        resolve_attrs inputs: inputs, outputs: outputs
+        resolve_hosts outputs: outputs
+      end
+
+      def resolve_attrs(inputs:, outputs:)
+        ::Kitchen::Pulumi::SystemAttrsResolver.new(
+          inputs: inputs, outputs: outputs,
+        ).resolve(
+          attrs_outputs_keys: @attrs_outputs.keys,
+          attrs_outputs_values: @attrs_outputs.values,
+          system: self,
+        )
+
+        self
+      end
+
+      def resolve_hosts(outputs:)
+        return self unless @mapping.key? :hosts_output
+
+        ::Kitchen::Pulumi::SystemHostsResolver.new(outputs: outputs).resolve(
+          hosts_output: @mapping.fetch(:hosts_output),
+          system: self,
+        )
+
+        self
+      end
+    end
+  end
+end