kitchen-terraform 3.3.1 → 4.0.0

data/lib/kitchen/terraform/{breaking/kitchen_instance.rb → config_schemas/systems.rb}

@@ -14,10 +14,21 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require "delegate"
-require "kitchen"
-require "kitchen/terraform/breaking"
+require "dry/validation"
+require "kitchen/terraform/config_schemas"
+require "kitchen/terraform/config_schemas/system"
 
-# This class provides the breaking change to the KitchenInstance.
-class ::Kitchen::Terraform::Breaking::KitchenInstance < DelegateClass ::Kitchen::Instance
+module Kitchen
+  module Terraform
+    module ConfigSchemas
+      # The value of the +systems+ key must be a sequence of systems.
+      #
+      # {include:Kitchen::Terraform::ConfigSchemas::System}
+      Systems = ::Dry::Validation.Schema do
+        required(:value).each do
+          schema ::Kitchen::Terraform::ConfigSchemas::System
+        end
+      end
+    end
+  end
 end

data/lib/kitchen/terraform/configurable.rb

@@ -16,7 +16,6 @@
 
 require "kitchen"
 require "kitchen/terraform"
-require "kitchen/terraform/kitchen_instance"
 require "kitchen/terraform/version"
 
 # Refinements to Kitchen::Configurable.
@@ -27,10 +26,7 @@ module ::Kitchen::Terraform::Configurable
   #
   # @return [self]
   def self.included(configurable_class)
-    ::Kitchen::Terraform::Version
-      .new
-      .assign_plugin_version configurable_class: configurable_class
-
+    ::Kitchen::Terraform::Version.assign_plugin_version configurable_class: configurable_class
     self
   end
 
@@ -51,7 +47,7 @@ module ::Kitchen::Terraform::Configurable
         "Instance must be provided to #{self}"
       )
 
-    @instance = ::Kitchen::Terraform::KitchenInstance.new kitchen_instance: kitchen_instance
+    @instance = kitchen_instance
     validate_config!
     expand_paths!
     load_needed_dependencies!

data/lib/kitchen/terraform/inspec.rb

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+# Copyright 2016 New Context Services, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "inspec"
+require "kitchen/terraform/error"
+require "train"
+
+module Kitchen
+  module Terraform
+    # InSpec is the class of objects which act as interfaces to InSpec.
+    class InSpec
+      class << self
+        # .logger= sets the logger for all InSpec processes.
+        #
+        # The logdev of the logger is extended to conform to interface expected by InSpec.
+        #
+        # @param logger [::Kitchen::Logger] the logger to use.
+        # @return [void]
+        def logger=(logger)
+          logger.logdev.define_singleton_method :filename do
+            false
+          end
+
+          ::Inspec::Log.logger = logger
+        end
+      end
+
+      # #exec executes InSpec.
+      #
+      # @return [self]
+      def exec
+        @runner.run.tap do |exit_code|
+          if 0 != exit_code
+            raise ::Kitchen::Terraform::Error, "InSpec Runner exited with #{exit_code}"
+          end
+        end
+
+        self
+      rescue ::ArgumentError, ::RuntimeError, ::Train::UserError => error
+        raise ::Kitchen::Terraform::Error, "Executing InSpec failed\n#{error.message}"
+      end
+
+      # #info logs an information message using the InSpec logger.
+      #
+      # @param message [::String] the message to be logged.
+      # @return [self]
+      def info(message:)
+        ::Inspec::Log.info ::String.new message
+
+        self
+      end
+
+      private
+
+      def initialize(options:, profile_path:)
+        @runner = ::Inspec::Runner.new options.merge logger: ::Inspec::Log.logger
+        @runner.add_target path: profile_path
+      end
+    end
+  end
+end

data/lib/kitchen/terraform/inspec_options_mapper.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+# Copyright 2016 New Context Services, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "kitchen/terraform"
+
+# Kitchen::Terraform::InSpecOptionsMapper maps system configuration attributes to an InSpec options hash.
+class ::Kitchen::Terraform::InSpecOptionsMapper
+  # map populates an InSpec options hash based on the intersection between the system keys and the supported options
+  # keys, converting keys from symbols to strings as required by InSpec.
+  #
+  # @param options [::Hash] the InSpec options hash to be populated.
+  # @return [void]
+  def map(options:)
+    system_keys.&(options_keys).each do |key|
+      options.store system_to_options.dig(key), system.fetch(key)
+    end
+  end
+
+  private
+
+  attr_accessor :system, :system_keys, :system_to_options, :options_keys
+
+  # @api private
+  def initialize(system:)
+    self.system = system
+    self.system_keys = system.keys
+    self.system_to_options = ::Hash.new do |hash, key|
+      hash.store key, key
+    end
+    system_to_options.store :reporter, "reporter"
+    self.options_keys = [:attrs, :backend, :backend_cache, :bastion_host, :bastion_port, :bastion_user, :controls,
+                         :enable_password, :key_files, :password, :path, :port, :proxy_command, :reporter, :self_signed,
+                         :shell, :shell_command, :shell_options, :show_progress, :ssl, :sudo, :sudo_command,
+                         :sudo_options, :sudo_password, :user, :vendor_cache]
+  end
+end

data/lib/kitchen/terraform/inspec_with_hosts.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+# Copyright 2016 New Context Services, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "kitchen"
+require "kitchen/terraform/error"
+require "kitchen/terraform/inspec"
+
+module Kitchen
+  module Terraform
+    # InSpec instances act as interfaces to the InSpec gem.
+    class InSpecWithHosts
+      # exec executes the InSpec controls of an InSpec profile.
+      #
+      # @raise [::Kitchen::Terraform::Error] if the execution of the InSpec controls fails.
+      # @return [void]
+      def exec(system:)
+        system.each_host do |host:|
+          ::Kitchen::Terraform::InSpec
+            .new(options: options.merge(host: host), profile_path: profile_path)
+            .info(message: "Verifying host #{host} of #{system}").exec
+        end
+      end
+
+      private
+
+      attr_accessor :options, :profile_path
+
+      # @param options [::Hash] options for execution.
+      # @param profile_path [::String] the path to the InSpec profile which contains the controls to be executed.
+      def initialize(options:, profile_path:)
+        self.options = options
+        self.profile_path = profile_path
+      end
+    end
+  end
+end

data/lib/kitchen/terraform/inspec_without_hosts.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+# Copyright 2016 New Context Services, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "kitchen/terraform/inspec"
+
+module Kitchen
+  module Terraform
+    # InSpec instances act as interfaces to the InSpec gem.
+    class InSpecWithoutHosts
+      # exec executes the InSpec controls of an InSpec profile.
+      #
+      # @raise [::Kitchen::Terraform::Error] if the execution of the InSpec controls fails.
+      # @return [void]
+      def exec(system:)
+        ::Kitchen::Terraform::InSpec
+          .new(options: options, profile_path: profile_path).info(message: "Verifying #{system}").exec
+      end
+
+      private
+
+      attr_accessor :options, :profile_path
+
+      # @param options [::Hash] options for execution.
+      # @param profile_path [::String] the path to the InSpec profile which contains the controls to be executed.
+      def initialize(options:, profile_path:)
+        self.options = options
+        self.profile_path = profile_path
+      end
+    end
+  end
+end

data/lib/kitchen/terraform/shell_out.rb

@@ -26,14 +26,17 @@ require "mixlib/shellout"
 module ::Kitchen::Terraform::ShellOut
   # Runs a Terraform command.
   #
+  # @option options [::String] :cwd the directory in which to run the command.
+  # @option options [::Kitchen::Logger] :live_stream a Test Kitchen logger to capture the output from running the
+  #   command.
+  # @option options [::Integer] :timeout the maximum duration in seconds to run the command.
   # @param command [::String] the command to run.
-  # @param duration [::Integer] the maximum duration in seconds to run the command.
-  # @param logger [::Kitchen::Logger] a Test Kitchen logger to capture the output from running the command.
+  # @param options [::Hash] options which adjust the execution of the command.
   # @raise [::Kitchen::Terraform::Error] if running the command fails.
   # @return [::String] the standard output from running the command.
   # @see https://rubygems.org/gems/mixlib-shellout mixlib-shellout
   # @yieldparam standard_output [::String] the standard output from running the command.
-  def self.run(command:, duration: ::Mixlib::ShellOut::DEFAULT_READ_TIMEOUT, logger:, &block)
+  def self.run(command:, options:, &block)
     block ||=
       lambda do |standard_output:|
         standard_output
@@ -41,8 +44,7 @@ module ::Kitchen::Terraform::ShellOut
 
     run_shell_out(
       command: command,
-      duration: duration,
-      logger: logger,
+      options: options,
       &block
     )
   rescue ::Errno::EACCES,
@@ -64,18 +66,19 @@ module ::Kitchen::Terraform::ShellOut
   end
 
   # @api private
-  def self.run_shell_out(command:, duration:, logger:)
+  def self.run_shell_out(command:, options:)
     yield(
       standard_output:
         ::Mixlib::ShellOut
           .new(
             "terraform #{command}",
-            environment: {"TF_IN_AUTOMATION" => "true"},
-            live_stream: logger,
-            timeout: duration
+            options.merge(environment: {"TF_IN_AUTOMATION" => "true", "TF_WARN_OUTPUT_ERRORS" => "1"})
           )
           .tap do |shell_out|
-            logger.warn "Running command `#{shell_out.command}`"
+            shell_out
+              .live_stream
+              .warn "Running command `#{shell_out.command}` in directory #{shell_out.cwd}"
+
             shell_out.run_command
             shell_out.error!
           end

data/lib/kitchen/terraform/system.rb

@@ -0,0 +1,120 @@
+# frozen_string_literal: true
+
+# Copyright 2016 New Context Services, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "kitchen/terraform/inspec_with_hosts"
+require "kitchen/terraform/inspec_without_hosts"
+
+module Kitchen
+  module Terraform
+    # System is the class of objects which are verified by the Terraform Verifier.
+    class System
+      # #add_attrs adds attributes to the system.
+      #
+      # @param attrs [#to_hash] the attributes to be added.
+      # @return [self]
+      def add_attrs(attrs:)
+        @attributes = @attributes.merge Hash attrs
+
+        self
+      end
+
+      # #add_hosts adds hosts to the system.
+      #
+      # @param hosts [#to_arr,#to_a] the hosts to be added.
+      # @return [self]
+      def add_hosts(hosts:)
+        @hosts = @hosts.+ Array hosts
+
+        self
+      end
+
+      # #each_host enumerates each host of the system.
+      #
+      # @yieldparam host [::String] the next host.
+      # @return [self]
+      def each_host
+        @hosts.each do |host|
+          yield host: host
+        end
+
+        self
+      end
+
+      # #resolve_attrs resolves the attributes of the system which are contained in Terraform outputs.
+      #
+      # @param system_attrs_resolver [::Kitchen::Terraform::SystemAttrsResolver] the resolver.
+      # @return [self]
+      def resolve_attrs(system_attrs_resolver:)
+        system_attrs_resolver.resolve attrs_outputs_keys: @attrs_outputs.keys,
+                                      attrs_outputs_values: @attrs_outputs.values, system: self
+
+        self
+      end
+
+      # #resolve_hosts resolves the hosts of the system which are contained a Terraform output.
+      #
+      # @param system_hosts_resolver [::Kitchen::Terraform::SystemHostsResolver] the resolver.
+      # @return [self]
+      def resolve_hosts(system_hosts_resolver:)
+        system_hosts_resolver.resolve(
+          hosts_output: @mapping.fetch(:hosts_output) do
+            return self
+          end,
+          system: self,
+        )
+
+        self
+      end
+
+      # #to_s returns a string representation of the system.
+      #
+      # @return [::String] the name of the system.
+      def to_s
+        @mapping.fetch :name
+      end
+
+      # #verify verifies the system by executing InSpec.
+      #
+      # @param inspec_options [::Hash] the options to be passed to InSpec.
+      # @param inspec_profile_path [::String] the path to the profile which InSpec will execute.
+      # @return [self]
+      def verify(inspec_options:, inspec_profile_path:)
+        if @hosts.empty?
+          ::Kitchen::Terraform::InSpecWithoutHosts
+        else
+          ::Kitchen::Terraform::InSpecWithHosts
+        end
+          .new(options: inspec_options.merge(attributes: @attributes), profile_path: inspec_profile_path)
+          .exec(system: self)
+
+        self
+      end
+
+      private
+
+      def initialize(mapping:)
+        @attributes = {}
+        @attrs_outputs = mapping.fetch :attrs_outputs do
+          {}
+        end
+        @hosts = mapping.fetch :hosts do
+          []
+        end
+        @mapping = mapping
+      end
+    end
+  end
+end