kitchen-terraform 3.3.1 → 4.0.0

data/lib/kitchen/terraform/system_attrs_resolver.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+# Copyright 2016 New Context Services, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "kitchen/terraform"
+require "kitchen/terraform/error"
+
+module Kitchen
+  module Terraform
+    # SystemAttrsResolver is the class of objects which resolve for systems the attrs which are contained in outputs.
+    class SystemAttrsResolver
+      # #resolve resolves the attrs.
+      #
+      # @param attrs_outputs_keys [::Array<::String>] the names of the InSpec attributes.
+      # @param attrs_outputs_values [::Array<::String>] the names of the Terraform outputs.
+      # @param system [::Kitchen::Terraform::System] the system.
+      # @raise [::Kitchen::Terraform::Error] if the fetching the value of the output fails.
+      def resolve(attrs_outputs_keys:, attrs_outputs_values:, system:)
+        system.add_attrs attrs: @outputs.merge(
+          attrs_outputs_keys.lazy.map(&:to_s).zip(@outputs.fetch_values(*attrs_outputs_values)).to_h
+        )
+
+        self
+      rescue ::KeyError => key_error
+        raise ::Kitchen::Terraform::Error,
+              "Resolving the attrs of system #{system} failed\n#{key_error}"
+      end
+
+      private
+
+      # #initialize prepares the instance to be used.
+      #
+      # @param outputs [#to_hash] the outputs of the Terraform state under test.
+      def initialize(outputs:)
+        @outputs = Hash[outputs].inject({}) do |hash, (key, value)|
+          hash.store key, value.fetch("value")
+
+          hash
+        end
+      rescue ::KeyError => key_error
+        raise ::Kitchen::Terraform::Error, "Preparing to resolve attrs failed\n#{key_error}"
+      end
+    end
+  end
+end

data/lib/kitchen/terraform/system_hosts_resolver.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+# Copyright 2016 New Context Services, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "kitchen/terraform"
+require "kitchen/terraform/error"
+
+module Kitchen
+  module Terraform
+    # SystemHostsResolver is the class of objects which resolve for systems the hosts which are contained in outputs.
+    class SystemHostsResolver
+      # #resolve resolves the hosts.
+      #
+      # @param hosts_output [::String] the name of the Terraform output which has a value of hosts for the system.
+      # @param system [::Kitchen::Terraform::System] the system.
+      # @raise [::Kitchen::Terraform::Error] if the fetching the value of the output fails.
+      def resolve(hosts_output:, system:)
+        system.add_hosts hosts: @outputs.fetch(hosts_output).fetch("value")
+      rescue ::KeyError => key_error
+        raise ::Kitchen::Terraform::Error, "Resolving the hosts of system #{system} failed\n#{key_error}"
+      end
+
+      private
+
+      # #initialize prepares the instance to be used.
+      #
+      # @param outputs [#to_hash] the outputs of the Terraform state under test.
+      def initialize(outputs:)
+        @outputs = Hash[outputs]
+      end
+    end
+  end
+end

data/lib/kitchen/terraform/version.rb

@@ -17,26 +17,69 @@
 require "rubygems"
 require "kitchen/terraform"
 
-# The version of the kitchen-terraform gem.
-class ::Kitchen::Terraform::Version
-  def assign_specification_version(specification:)
-    specification.version = @version.to_s
-    self
-  end
+# Kitchen::Terraform::Version represents the version of the Kitchen-Terraform gem. The module can send the version to
+# different containers as well as conditionally yield to blocks based on version requirements.
+module ::Kitchen::Terraform::Version
+  class << self
+    # assign_plugin_version assigns the version to a class which includes Kitchen::Configurable.
+    #
+    # @param configurable_class [::Kitchen::Configurable] the configurable class to which the version will be assigned.
+    # @return [self]
+    def assign_plugin_version(configurable_class:)
+      configurable_class.plugin_version value.to_s
+      self
+    end
 
-  def assign_plugin_version(configurable_class:)
-    configurable_class.plugin_version @version.to_s
-    self
-  end
+    # assign_specification_version assigns the version to a Gem::Specification.
+    #
+    # @param specification [::Gem::Specification] the specification to which the version will be assigned.
+    # @return [self]
+    def assign_specification_version(specification:)
+      specification.version = value
+      self
+    end
 
-  def if_satisfies(requirement:)
-    yield if requirement.satisfied_by? @version
-    self
-  end
+    # if_satisfies yields control if the provided requirement is satisfied by the version.
+    #
+    # @param requirement [::Gem::Requirement, ::String] the requirement to be satisfied by the version.
+    # @raise [::Gem::Requirement::BadRequirementError] if the requirement is illformed.
+    # @return [self]
+    # @yield [] if the requirement is satisfied by the version.
+    def if_satisfies(requirement:)
+      yield if
+        ::Gem::Requirement
+        .new(requirement).satisfied_by? value
+
+      self
+    end
+
+    # temporarily_override overrides the current version with the version provided, yields control, and then resets the
+    # version.
+    #
+    # @note temporarily_override must only be used in tests to validate version flow control logic.
+    # @raise [::ArgumentError] if the version is malformed.
+    # @return [self]
+    # @yield [] the value of the version will be overridden while control is yielded.
+    def temporarily_override(version:)
+      current_value = value
+      self.value = version
+      yield
+      self.value = current_value
+      self
+    end
+
+    private
 
-  private
+    # @api private
+    def value
+      self.value = ::Gem::Version.new "4.0.0" if not @value
+      @value
+    end
 
-  def initialize(version: "3.3.1")
-    @version = ::Gem::Version.new version
+    # @api private
+    def value=(version)
+      @value = ::Gem::Version.new version
+      self
+    end
   end
 end

data/lib/kitchen/verifier/terraform.rb

@@ -16,175 +16,181 @@
 
 require "kitchen"
 require "kitchen/terraform/config_attribute/color"
-require "kitchen/terraform/config_attribute/groups"
+require "kitchen/terraform/config_attribute/systems"
 require "kitchen/terraform/configurable"
 require "kitchen/terraform/error"
-require "kitchen/verifier/inspec"
+require "kitchen/terraform/inspec_options_mapper"
+require "kitchen/terraform/system_attrs_resolver"
+require "kitchen/terraform/system_hosts_resolver"
 
-# This namespace is defined by Kitchen.
-#
-# @see http://www.rubydoc.info/gems/test-kitchen/Kitchen/Verifier
-module ::Kitchen::Verifier
-end
+module Kitchen
+  # This namespace is defined by Kitchen.
+  #
+  # @see https://www.rubydoc.info/gems/test-kitchen/Kitchen/Verifier
+  module Verifier
+    # The verifier utilizes the {https://www.inspec.io/ InSpec infrastructure testing framework} to verify the behaviour and
+    # state of resources in the Terraform state.
+    #
+    # === Commands
+    #
+    # The following command-line commands are provided by the verifier.
+    #
+    # ==== kitchen verify
+    #
+    # A Test Kitchen instance is verified by iterating through the systems and executing the associated InSpec controls
+    # against the hosts of each system.
+    #
+    # === Configuration Attributes
+    #
+    # The configuration attributes of the verifier control the behaviour of the InSpec runner. Within the
+    # {http://kitchen.ci/docs/getting-started/kitchen-yml Test Kitchen configuration file}, these attributes must be
+    # declared in the +verifier+ mapping along with the plugin name.
+    #
+    #   verifier:
+    #     name: terraform
+    #     a_configuration_attribute: some value
+    #
+    # ==== color
+    #
+    # {include:Kitchen::Terraform::ConfigAttribute::Color}
+    #
+    # ==== systems
+    #
+    # {include:Kitchen::Terraform::ConfigAttribute::Systems}
+    #
+    # === Ruby Interface
+    #
+    # This class implements the interface of Kitchen::Configurable which requires the following Reek suppressions:
+    # :reek:PrimaDonnaMethod { exclude: [ finalize_config!, load_needed_dependencies! ] }
+    class Terraform
+      include ::Kitchen::Configurable
+      include ::Kitchen::Logging
+      include ::Kitchen::Terraform::ConfigAttribute::Color
+      include ::Kitchen::Terraform::ConfigAttribute::Systems
+      include ::Kitchen::Terraform::Configurable
+      @api_version = 2
 
-# The verifier utilizes the {https://www.inspec.io/ InSpec infrastructure testing framework} to verify the behaviour and
-# state of resources in the Terraform state.
-#
-# === Commands
-#
-# The following command-line commands are provided by the verifier.
-#
-# ==== kitchen verify
-#
-# A Test Kitchen instance is verified by iterating through the groups and executing the associated InSpec controls in a
-# manner similar to the following command-line command.
-#
-#   inspec exec \
-#     [--attrs=<terraform_outputs>] \
-#     --backend=<ssh|local> \
-#     [--no-color] \
-#     [--controls=<group.controls>] \
-#     --host=<group.hostnames.current|localhost> \
-#     [--password=<group.password>] \
-#     [--port=<group.port>] \
-#     --profiles-path=test/integration/<suite> \
-#     [--user=<group.username>] \
-#
-# === InSpec Profiles
-#
-# The {https://www.inspec.io/docs/reference/profiles/ InSpec profile} for a Test Kitchen suite must be defined under
-# +./test/integration/<suite>/+.
-#
-# === Configuration Attributes
-#
-# The configuration attributes of the verifier control the behaviour of the InSpec runner. Within the
-# {http://kitchen.ci/docs/getting-started/kitchen-yml Test Kitchen configuration file}, these attributes must be
-# declared in the +verifier+ mapping along with the plugin name.
-#
-#   verifier:
-#     name: terraform
-#     a_configuration_attribute: some value
-#
-# ==== color
-#
-# {include:Kitchen::Terraform::ConfigAttribute::Color}
-#
-# ==== groups
-#
-# {include:Kitchen::Terraform::ConfigAttribute::Groups}
-#
-# @version 2
-class ::Kitchen::Verifier::Terraform < ::Kitchen::Verifier::Inspec
-  kitchen_verifier_api_version 2
+      # The verifier enumerates through each host of each system and verifies the associated InSpec controls.
+      #
+      # @example
+      #   `kitchen verify suite-name`
+      # @param kitchen_state [::Hash] the mutable instance and verifier state.
+      # @raise [::Kitchen::ActionFailed] if the result of the action is a failure.
+      # @return [void]
+      def call(kitchen_state)
+        load_outputs kitchen_state: kitchen_state
+        config_systems.each do |system|
+          verify system: system
+        end
+      rescue ::Kitchen::Terraform::Error => error
+        raise ::Kitchen::ActionFailed, error.message
+      end
+
+      # doctor checks the system and configuration for common errors.
+      #
+      # @param _kitchen_state [::Hash] the mutable Kitchen instance state.
+      # @return [Boolean] +true+ if any errors are found; +false+ if no errors are found.
+      # @see https://github.com/test-kitchen/test-kitchen/blob/v1.21.2/lib/kitchen/verifier/base.rb#L85-L91
+      def doctor(_kitchen_state)
+        false
+      end
 
-  include ::Kitchen::Terraform::ConfigAttribute::Color
+      # finalize_config! configures InSpec options which remain consistent between systems.
+      #
+      # @param kitchen_instance [::Kitchen::Instance] an associated Kitchen instance.
+      # @return [self]
+      def finalize_config!(kitchen_instance)
+        super kitchen_instance
+        configure_inspec_connection_options
+        configure_inspec_miscellaneous_options
+      end
 
-  include ::Kitchen::Terraform::ConfigAttribute::Groups
+      private
 
-  include ::Kitchen::Terraform::Configurable
+      def configure_inspec_connection_options
+        @inspec_options.merge! transport_connection_options
 
-  # The verifier enumerates through each hostname of each group and verifies the associated InSpec controls.
-  #
-  # @example
-  #   `kitchen verify suite-name`
-  # @param state [::Hash] the mutable instance and verifier state.
-  # @raise [::Kitchen::ActionFailed] if the result of the action is a failure.
-  # @return [void]
-  def call(state)
-    state
-      .fetch :kitchen_terraform_output do
-        raise(
-          ::Kitchen::Terraform::Error,
-          "The Test Kitchen state does not include :kitchen_terraform_output; this implies that the " \
-            "kitchen-terraform provisioner has not successfully converged"
+        @inspec_options
+          .store(
+            "connection_timeout",
+            @inspec_options.delete("timeout")
+          )
+      end
+
+      def configure_inspec_miscellaneous_options
+        @inspec_options.merge!(
+          "color" => config_color,
+          "distinct_exit" => false,
+          "sudo" => false,
+          "sudo_command" => "sudo -E",
+          "sudo_options" => "",
         )
       end
-      .tap do |output|
-        ::Kitchen::Verifier::Terraform::EnumerateGroupsAndHostnames
-          .call(
-            groups: config_groups,
-            output: ::Kitchen::Util.stringified_hash(output)
-          ) do |group:, hostname:|
-            state
-              .store(
-                :kitchen_terraform_group,
-                group
-              )
-            state
-              .store(
-                :kitchen_terraform_hostname,
-                hostname
-              )
-            info "Verifying host '#{hostname}' of group '#{group.fetch :name}'"
-            super state
-          end
+
+      def configure_inspec_system_options(system:)
+        ::Kitchen::Terraform::InSpecOptionsMapper.new(system: system).map options: @inspec_options
       end
-  rescue ::Kitchen::Terraform::Error => error
-    raise(
-      ::Kitchen::ActionFailed,
-      error.message
-    )
-  end
 
-  private
+      def load_outputs(kitchen_state:)
+        @outputs = ::Kitchen::Util.stringified_hash Hash kitchen_state.fetch :kitchen_terraform_outputs
+      rescue ::KeyError => key_error
+        raise ::Kitchen::Terraform::Error,
+              "Loading Terraform outputs from the Kitchen state failed; this implies that the " \
+              "Kitchen-Terraform provisioner has not successfully converged\n#{key_error}"
+      end
 
-  # Modifies the Inspec Runner options generated by the kitchen-inspec verifier to support the verification of each
-  # group's hosts.
-  #
-  # @api private
-  # @return [::Hash] Inspec Runner options.
-  # @see https://github.com/chef/inspec/blob/master/lib/inspec/runner.rb ::Inspec::Runner
-  def runner_options(transport, state = {}, platform = nil, suite = nil)
-    super(transport, state, platform, suite)
-      .tap do |options|
-        ::Kitchen::Verifier::Terraform::ConfigureInspecRunnerBackend
-          .call(
-            hostname: state.fetch(:kitchen_terraform_hostname),
-            options: options
-          )
-        ::Kitchen::Verifier::Terraform::ConfigureInspecRunnerHost
-          .call(
-            hostname: state.fetch(:kitchen_terraform_hostname),
-            options: options
-          )
-        ::Kitchen::Verifier::Terraform::ConfigureInspecRunnerPort
-          .call(
-            group: state.fetch(:kitchen_terraform_group),
-            options: options
-          )
-        ::Kitchen::Verifier::Terraform::ConfigureInspecRunnerSSHKey
-          .call(
-            group: state.fetch(:kitchen_terraform_group),
-            options: options
-          )
-        ::Kitchen::Verifier::Terraform::ConfigureInspecRunnerUser
-          .call(
-            group: state.fetch(:kitchen_terraform_group),
-            options: options
-          )
-        options
-          .store(
-            :attributes,
-            ::Kitchen::Verifier::Terraform::ConfigureInspecRunnerAttributes
-              .call(
-                group: state.fetch(:kitchen_terraform_group),
-                output: ::Kitchen::Util.stringified_hash(state.fetch(:kitchen_terraform_output))
-              )
-          )
-        ::Kitchen::Verifier::Terraform::ConfigureInspecRunnerControls
-          .call(
-            group: state.fetch(:kitchen_terraform_group),
-            options: options
-          )
+      def initialize(configuration = {})
+        init_config configuration
+        @inspec_options = {}
+        @outputs = {}
+        @transport_attributes = [
+          :compression, :compression_level, :connection_retries, :connection_retry_sleep, :connection_timeout,
+          :keepalive, :keepalive_interval, :max_wait_until_ready,
+        ]
+      end
+
+      def inspec_profile_path
+        @inspec_profile_path ||= ::File.join config.fetch(:test_base_path), instance.suite.name
       end
+
+      # load_needed_dependencies! loads the InSpec libraries required to verify a Terraform state.
+      #
+      # @raise [::Kitchen::ClientError] if loading the InSpec libraries fails.
+      # @see https://github.com/test-kitchen/test-kitchen/blob/v1.21.2/lib/kitchen/configurable.rb#L252-L274
+      def load_needed_dependencies!
+        require "kitchen/terraform/inspec"
+        require "kitchen/terraform/system"
+        ::Kitchen::Terraform::InSpec.logger = logger
+      rescue ::LoadError => load_error
+        raise ::Kitchen::ClientError, load_error.message
+      end
+
+      def system_attrs_resolver
+        @system_attrs_resolver ||= ::Kitchen::Terraform::SystemAttrsResolver.new outputs: @outputs
+      end
+
+      def system_hosts_resolver
+        @system_hosts_resolver ||= ::Kitchen::Terraform::SystemHostsResolver.new outputs: @outputs
+      end
+
+      def transport_connection_options
+        ::Kitchen::Util.stringified_hash(
+          instance.transport.diagnose.select do |key|
+            @transport_attributes.include? key
+          end.tap do |options|
+            options.store :timeout, options.fetch(:connection_timeout)
+          end
+        )
+      end
+
+      def verify(system:)
+        configure_inspec_system_options system: system
+        ::Kitchen::Terraform::System
+          .new(mapping: system)
+          .resolve_attrs(system_attrs_resolver: system_attrs_resolver)
+          .resolve_hosts(system_hosts_resolver: system_hosts_resolver)
+          .verify(inspec_options: @inspec_options, inspec_profile_path: inspec_profile_path)
+      end
+    end
   end
 end
-
-require "kitchen/verifier/terraform/configure_inspec_runner_attributes"
-require "kitchen/verifier/terraform/configure_inspec_runner_backend"
-require "kitchen/verifier/terraform/configure_inspec_runner_controls"
-require "kitchen/verifier/terraform/configure_inspec_runner_host"
-require "kitchen/verifier/terraform/configure_inspec_runner_port"
-require "kitchen/verifier/terraform/configure_inspec_runner_ssh_key"
-require "kitchen/verifier/terraform/configure_inspec_runner_user"
-require "kitchen/verifier/terraform/enumerate_groups_and_hostnames"