kitchen-terraform 0.7.0 → 1.0.0

data/lib/kitchen/verifier/terraform/configure_inspec_runner_attributes.rb

@@ -0,0 +1,93 @@
+# frozen_string_literal: true
+
+# Copyright 2016-2017 New Context Services, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "dry/monads"
+require "kitchen/verifier/terraform"
+
+# Configures the InSpec profile attributes for the Inspec::Runner used by the verifier to verify a group.
+#
+# Three different maps are merged to create the profile attributes.
+#
+# The first map is comprised of attributes that are external to the Terraform state.
+#
+#   {
+#     "terraform_state" => "/path/to/terraform/state"
+#   }
+#
+# The second map is comprised of attributes that represent the Terraform output variables of the Terraform state. This
+# map takes precedence in any key conflicts with the first map.
+#
+#   {
+#     "first_output_variable_name" => "first_output_variable_value",
+#     "second_output_variable_name" => "second_output_variable_value"
+#   }
+#
+# The third map is comprised of attributes defined by a group's +:attributes+; the keys are converted to strings and the
+# values are assumed to be Terraform output variable names which are resolved. This map takes precedence in any key
+# conflicts with the second map.
+#
+#   {
+#     first_attribute_name: "second_output_variable_name"
+#   }
+#
+#   # becomes
+#
+#   {
+#     "first_attribute_name" => "second_output_variable_value"
+#   }
+#
+# @see https://github.com/chef/inspec/blob/master/lib/inspec/runner.rb Inspec::Runner
+# @see https://github.com/chef/kitchen-inspec/blob/master/lib/kitchen/verifier/inspec.rb kitchen-inspec verifier
+# @see https://www.inspec.io/docs/reference/profiles/ InSpec Profiles
+# @see https://www.terraform.io/docs/configuration/outputs.html Terraform output variables
+# @see https://www.terraform.io/docs/state/index.html Terraform state
+module ::Kitchen::Verifier::Terraform::ConfigureInspecRunnerAttributes
+  extend ::Dry::Monads::Either::Mixin
+
+  extend ::Dry::Monads::Maybe::Mixin
+
+  extend ::Dry::Monads::Try::Mixin
+
+  # Invokes the function
+  #
+  # @param driver [::Kitchen::Driver::Terraform] a kitchen-terraform driver
+  # @param group [::Hash] a kitchen-terraform verifier group
+  # @param terraform_state [::String] the path of a Terraform state file
+  # @return [::Dry::Monads::Either] the result of the function
+  def self.call(driver:, group:, terraform_state:)
+    Right("terraform_state" => terraform_state).bind do |attributes|
+      driver.output.fmap do |output|
+        [attributes, output]
+      end
+    end.bind do |attributes, output|
+      Try ::KeyError do
+        output.each_pair do |output_name, output_body|
+          attributes.store output_name, output_body.fetch("value")
+        end
+        [attributes, output]
+      end
+    end.fmap do |attributes, output|
+      Maybe(group[:attributes]).bind do |group_attributes|
+        group_attributes.each_pair do |attribute_name, output_name|
+          attributes.store attribute_name.to_s, output.fetch(output_name.to_s).fetch("value")
+        end
+      end
+      attributes
+    end.to_either.or do |error|
+      Left "configuring Inspec::Runner attributes failed\n#{error}"
+    end
+  end
+end

data/lib/kitchen/verifier/terraform/configure_inspec_runner_backend.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+# Copyright 2016 New Context Services, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "kitchen/verifier/terraform"
+
+# Configures the backend for the Inspec::Runner used by the verifier to verify a group's host.
+#
+# If the hostname is "localhost" then the existing backend is overwritten to be "local".
+#
+# @see https://github.com/chef/inspec/blob/master/lib/inspec/runner.rb Inspec::Runner
+module ::Kitchen::Verifier::Terraform::ConfigureInspecRunnerBackend
+  # Invokes the function.
+  #
+  # @param hostname [::String] the hostname being verified.
+  # @param options [::Hash] the verifier's Inspec::Runner options.
+  def self.call(hostname:, options:)
+    hostname == "localhost" and options.store "backend", "local"
+  end
+end

data/lib/kitchen/verifier/terraform/configure_inspec_runner_controls.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+# Copyright 2016 New Context Services, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "dry/monads"
+require "kitchen/verifier/terraform"
+
+# Configures a group's InSpec profile controls to be inclued by the Inspec::Runner used by the verifier.
+#
+# If a group omits +:controls+ or if +:controls+ is empty then all of the profile's controls will be included.
+#
+# @see https://github.com/chef/inspec/blob/master/lib/inspec/runner.rb ::Inspec::Runner
+# @see https://www.inspec.io/docs/reference/profiles/ InSpec profiles
+module ::Kitchen::Verifier::Terraform::ConfigureInspecRunnerControls
+  extend ::Dry::Monads::Either::Mixin
+  extend ::Dry::Monads::Maybe::Mixin
+
+  # Invokes the function
+  #
+  # @param group [::Hash] the group being verified.
+  # @param options [:Hash] the verifier's Inspec::Runner's options.
+  def self.call(group:, options:)
+    Maybe(group[:controls]).bind do |controls|
+      options.store :controls, controls
+    end
+  end
+end

data/lib/{terraform/apply_command.rb → kitchen/verifier/terraform/configure_inspec_runner_host.rb}

@@ -14,21 +14,17 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require 'terraform/command'
-require 'terraform/prepare_input_file'
-require 'terraform/prepare_output_file'
+require "kitchen/verifier/terraform"
 
-module Terraform
-  # A command to apply an execution plan
-  class ApplyCommand < ::Terraform::Command
-    private
-
-    def initialize(target: '')
-      super
-      preparations.concat [
-        ::Terraform::PrepareOutputFile.new(file: options.state_out),
-        ::Terraform::PrepareInputFile.new(file: target)
-      ]
-    end
+# Configures the host for the Inspec::Runner used by the verifier to verify a group's host.
+#
+# @see https://github.com/chef/inspec/blob/master/lib/inspec/runner.rb Inspec::Runner
+module ::Kitchen::Verifier::Terraform::ConfigureInspecRunnerHost
+  # Invokes the function.
+  #
+  # @param hostname [::String] the hostname of a group's host.
+  # @param options [::Hash] the Inspec::Runner's options.
+  def self.call(hostname:, options:)
+    options.store "host", hostname
   end
 end

data/lib/{terraform/deprecated_output_parser.rb → kitchen/verifier/terraform/configure_inspec_runner_port.rb}

@@ -14,28 +14,24 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-module Terraform
-  # A parser for deprecated output command values
-  class DeprecatedOutputParser
-    def each_name(&block)
-      output.scan(/(\w+)\s*=/).flatten.each(&block)
-    end
-
-    def iterate_parsed_output(&block)
-      Array(parsed_output)
-        .each { |list_value| list_value.split(',').each(&block) }
-    end
-
-    def parsed_output
-      output.strip
-    end
-
-    private
+require "dry/monads"
+require "kitchen/verifier/terraform"
 
-    attr_accessor :output
+# Configures the port for the Inspec::Runner used by the verifier to verify a group.
+#
+# The default port is the transport's +:port+.
+#
+# @see https://github.com/chef/inspec/blob/master/lib/inspec/runner.rb Inspec::Runner
+module ::Kitchen::Verifier::Terraform::ConfigureInspecRunnerPort
+  extend ::Dry::Monads::Maybe::Mixin
 
-    def initialize(output:)
-      self.output = output
+  # Invokes the function.
+  #
+  # @param group [::Hash] the group being verified.
+  # @param options [::Hash] the Inspec::Runner's options.
+  def self.call(group:, options:)
+    Maybe(group[:port]).bind do |port|
+      options.store "port", port
     end
   end
 end

data/lib/{terraform/deprecated_variables_coercer.rb → kitchen/verifier/terraform/configure_inspec_runner_user.rb}

@@ -14,22 +14,24 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-module Terraform
-  # Coerces deprecated variables config
-  class DeprecatedVariablesCoercer
-    def coerce(attr:, value:)
-      configurable.config_deprecated attr: attr, remediation: 'Use a mapping',
-                                     type: 'a list or string'
-      configurable[attr] =
-        ::Hash[Array(value).map { |string| string.split '=' }]
-    end
-
-    private
+require "dry/monads"
+require "kitchen/verifier/terraform"
 
-    attr_accessor :configurable
+# Configures the user for the Inspec::Runner used by the verifier to verify a group.
+#
+# The default user is the transport's +:username+.
+#
+# @see https://github.com/chef/inspec/blob/master/lib/inspec/runner.rb Inspec::Runner
+module ::Kitchen::Verifier::Terraform::ConfigureInspecRunnerUser
+  extend ::Dry::Monads::Maybe::Mixin
 
-    def initialize(configurable:)
-      self.configurable = configurable
+  # Invoke the function.
+  #
+  # @param group [::Hash] the group being verified.
+  # @param options [::Hash] the Inspec::Runner's options.
+  def self.call(group:, options:)
+    Maybe(group[:username]).bind do |username|
+      options.store "user", username
     end
   end
 end

data/lib/kitchen/verifier/terraform/enumerate_groups_and_hostnames.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+# Copyright 2016 New Context Services, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "dry/monads"
+require "kitchen/verifier/terraform"
+
+# Enumerates each group and the hostnames of each group.
+#
+# If a group associates +:hostnames+ with a value then that value is assumed to be the name of a Terraform output
+# variable which has a value of a string or array containing one or more hostnames; those hostnames will be enumerated
+# with the group.
+#
+# If a group omits +:hostnames+ then the hostname +"localhost"+ will be enumerated with that group; this hostname will
+# cause the InSpec profile to be executed locally and enable verification of resources in the Terraform state without
+# the use of Secure Shell (SSH).
+#
+# @see https://en.wikipedia.org/wiki/Secure_Shell Secure Shell
+# @see https://www.terraform.io/docs/configuration/outputs.html Terraform output variables
+# @see https://www.terraform.io/docs/state/index.html Terraform state
+module ::Kitchen::Verifier::Terraform::EnumerateGroupsAndHostnames
+  extend ::Dry::Monads::Either::Mixin
+  extend ::Dry::Monads::List::Mixin
+  extend ::Dry::Monads::Maybe::Mixin
+  extend ::Dry::Monads::Try::Mixin
+
+  # Invokes the function.
+  #
+  # @param driver [::Kitchen::Driver::Terraform] a kitchen-terraform driver.
+  # @param groups [::Array] a collection of groups.
+  # @return [::Dry::Monads::Either] the result of the function.
+  # @yieldparam group [::Hash] the group from which hostnamess are being enumerated.
+  # @yieldparam hostname [::String] a hostname from the group.
+  def self.call(driver:, groups:, &block)
+    List(groups).fmap(&method(:Right)).typed(::Dry::Monads::Either).traverse do |member|
+      member.bind do |group|
+        if group.key? :hostnames
+          driver.output.bind do |output|
+            Try ::KeyError do
+              Array(output.fetch(group.fetch(:hostnames)).fetch("value")).each do |hostname|
+                block.call group: group, hostname: hostname
+              end
+            end.to_either.or do |error|
+              Left error.to_s
+            end
+          end
+        else
+          Right block.call group: group, hostname: "localhost"
+        end
+      end
+    end.fmap do
+      "finished enumeration of groups and hostnames"
+    end
+  end
+end

data/lib/{terraform/version_command.rb → terraform.rb}

@@ -14,10 +14,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require 'terraform/command'
-
+# Namespace for kitchen-terraform
 module Terraform
-  # A command to obtain the version
-  class VersionCommand < ::Terraform::Command
-  end
 end

data/lib/terraform/configurable.rb

@@ -14,72 +14,29 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require 'forwardable'
-require 'kitchen'
-require 'pathname'
-require 'terraform/client'
-require 'terraform/debug_logger'
-require 'terraform/project_version'
+require "forwardable"
+require "kitchen"
+require "terraform"
+require "terraform/debug_logger"
+require "terraform/project_version"
 
-module Terraform
-  # Behaviour for objects that extend ::Kitchen::Configurable
-  module Configurable
-    extend ::Forwardable
+# Miscellaneous behaviour for objects that extend ::Kitchen::Configurable.
+module ::Terraform::Configurable
+  extend ::Forwardable
 
-    def_delegator :config, :[]=
+  def_delegator :config, :[]=
 
-    def_delegators :instance, :driver, :provisioner, :transport
+  def_delegators :instance, :driver, :provisioner, :transport
 
-    def self.included(configurable_class)
-      configurable_class.plugin_version ::Terraform::PROJECT_VERSION
-    end
-
-    def client
-      ::Terraform::Client.new config: verbose_config, logger: logger
-    end
-
-    def config_deprecated(attr:, remediation:, type:)
-      log_deprecation aspect: "#{formatted_config attr: attr} as #{type}",
-                      remediation: remediation
-    end
-
-    def config_error(attr:, expected:)
-      raise ::Kitchen::UserError, "#{formatted_config attr: attr} must be " \
-                                    "interpretable as #{expected}"
-    end
-
-    def debug_logger
-      ::Terraform::DebugLogger.new logger: logger
-    end
-
-    def instance_pathname(filename:)
-      ::Pathname.new(config[:kitchen_root])
-                .join '.kitchen', 'kitchen-terraform', instance.name, filename
-    end
-
-    def log_deprecation(aspect:, remediation:)
-      logger.warn 'DEPRECATION NOTICE'
-      logger
-        .warn "Support for #{aspect} will be dropped in kitchen-terraform v1.0"
-      logger.warn remediation
-    end
-
-    def silent_client
-      ::Terraform::Client.new config: silent_config, logger: debug_logger
-    end
-
-    private
-
-    def formatted_config(attr:)
-      "#{self.class}#{instance.to_str}#config[:#{attr}]"
-    end
+  def self.included(configurable_class)
+    configurable_class.plugin_version ::Terraform::PROJECT_VERSION
+  end
 
-    def silent_config
-      verbose_config.tap { |config| config[:color] = false }
-    end
+  def debug_logger
+    @debug_logger ||= ::Terraform::DebugLogger.new logger: logger
+  end
 
-    def verbose_config
-      provisioner.dup.tap { |config| config[:cli] = driver[:cli] }
-    end
+  def instance_pathname(filename:)
+    ::File.join config.fetch(:kitchen_root), ".kitchen", "kitchen-terraform", instance.name, filename
   end
 end