kitchen-terraform 5.1.1 → 5.6.0

data/lib/kitchen/terraform/inspec/fail_fast_with_hosts.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+# Copyright 2016-2019 New Context, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "kitchen/terraform/inspec_runner"
+
+module Kitchen
+  module Terraform
+    module InSpec
+      # FailFastWithHosts is the class of objects which execute InSpec against multiple hosts and raise rescued errors
+      # immediately.
+      class FailFastWithHosts
+        # exec executes the InSpec controls of an InSpec profile.
+        #
+        # @raise [Kitchen::TransientFailure] if the execution of InSpec fails.
+        # @return [self]
+        def exec
+          hosts.each do |host|
+            ::Kitchen::Terraform::InSpecRunner.new(
+              options: options.merge(host: host),
+              profile_locations: profile_locations,
+            ).exec
+          end
+
+          self
+        end
+
+        # #initialize prepares a new instance of the class.
+        #
+        # @param hosts [Array<::String>] the names or addresses of hosts on which Inspec controls will be executed.
+        # @param options [Hash] options for execution.
+        # @param profile_locations [Array<::String>] the locations of the InSpec profiles which contain the controls
+        #   to be executed.
+        # @return [Kitchen::Terraform::InSpec::FailFastWithHosts]
+        def initialize(hosts:, options:, profile_locations:)
+          self.hosts = hosts
+          self.options = options
+          self.profile_locations = profile_locations
+        end
+
+        private
+
+        attr_accessor :hosts, :options, :profile_locations
+      end
+    end
+  end
+end

data/lib/kitchen/terraform/inspec/fail_slow_with_hosts.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+# Copyright 2016-2019 New Context, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "kitchen"
+require "kitchen/terraform/inspec_runner"
+
+module Kitchen
+  module Terraform
+    module InSpec
+      # FailSlowWithHosts is the class of objects which execute InSpec against multiple hosts and raise rescued errors
+      # after all hosts have been tested.
+      class FailSlowWithHosts
+        # exec executes the InSpec controls of an InSpec profile.
+        #
+        # @raise [Kitchen::TransientFailure] if the execution of InSpec fails.
+        # @return [self]
+        def exec
+          hosts.each do |host|
+            exec_and_continue host: host
+          end
+
+          raise ::Kitchen::TransientFailure, messages.join("\n\n") if !messages.empty?
+
+          self
+        end
+
+        # #initialize prepares a new instance of the class.
+        #
+        # @param hosts [Array<::String>] the names or addresses of hosts on which Inspec controls will be executed.
+        # @param options [Hash] options for execution.
+        # @param profile_locations [Array<::String>] the locations of the InSpec profiles which contain the controls
+        #   to be executed.
+        # @return [Kitchen::Terraform::InSpec::FailSlowWithHosts]
+        def initialize(hosts:, options:, profile_locations:)
+          self.hosts = hosts
+          self.messages = []
+          self.options = options
+          self.profile_locations = profile_locations
+        end
+
+        private
+
+        attr_accessor :hosts, :messages, :options, :profile_locations
+
+        def exec_and_continue(host:)
+          ::Kitchen::Terraform::InSpecRunner.new(
+            options: options.merge(host: host),
+            profile_locations: profile_locations,
+          ).exec
+        rescue => error
+          messages.push error.message
+        end
+      end
+    end
+  end
+end

data/lib/kitchen/terraform/inspec/without_hosts.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+# Copyright 2016-2019 New Context, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "kitchen"
+require "kitchen/terraform/inspec_runner"
+
+module Kitchen
+  module Terraform
+    module InSpec
+      # WithoutHosts is the class of objects which execute InSpec without hosts.
+      class WithoutHosts
+        # #exec executes the InSpec controls of an InSpec profile.
+        #
+        # @raise [Kitchen::TransientFailure] if the execution of InSpec fails.
+        # @return [self]
+        def exec
+          ::Kitchen::Terraform::InSpecRunner.new(options: options, profile_locations: profile_locations).exec
+
+          self
+        end
+
+        # #initialize prepares a new instance of the class.
+        #
+        # @param options [Hash] a mapping of InSpec options.
+        # @param profile_locations [Array<::String>] the locations of the InSpec profiles which contain the controls
+        #   to be executed.
+        # @return [Kitchen::Terraform::InSpec::WithoutHosts]
+        def initialize(options:, profile_locations:)
+          self.options = options
+          self.profile_locations = profile_locations
+        end
+
+        private
+
+        attr_accessor :options, :profile_locations
+      end
+    end
+  end
+end

data/lib/kitchen/terraform/inspec_factory.rb

@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+# Copyright 2016-2019 New Context, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "kitchen/terraform/inspec/fail_fast_with_hosts"
+require "kitchen/terraform/inspec/fail_slow_with_hosts"
+require "kitchen/terraform/inspec/without_hosts"
+
+module Kitchen
+  module Terraform
+    # InSpecFactory is the class of objects which build InSpec objects.
+    class InSpecFactory
+      # #build creates a new instance of an InSpec object.
+      #
+      # @param options [Hash] a mapping of InSpec options.
+      # @param profile_locations [Array<::String>] the locations of the InSpec profiles which contain the controls to
+      #   be executed.
+      # @return [Kitchen::Terraform::InSpec::WithoutHosts, Kitchen::Terraform::InSpec::FailFastWithHosts,
+      #   Kitchen::Terraform::InSpec::FailFastWithoutHosts]
+      def build(options:, profile_locations:)
+        if hosts.empty?
+          ::Kitchen::Terraform::InSpec::WithoutHosts.new(
+            options: options,
+            profile_locations: profile_locations,
+          )
+        elsif fail_fast
+          ::Kitchen::Terraform::InSpec::FailFastWithHosts.new(
+            hosts: hosts,
+            options: options,
+            profile_locations: profile_locations,
+          )
+        else
+          ::Kitchen::Terraform::InSpec::FailSlowWithHosts.new(
+            hosts: hosts,
+            options: options,
+            profile_locations: profile_locations,
+          )
+        end
+      end
+
+      # #initialize prepares a new instance of the class
+      #
+      # @param fail_fast [Boolean] a toggle for fail fast or fail slow behaviour.
+      # @param hosts [Array<String>] a list of hosts to verify with InSpec.
+      # @return [Kitchen::Terraform::InSpecFactory]
+      def initialize(fail_fast:, hosts:)
+        self.fail_fast = fail_fast
+        self.hosts = hosts
+      end
+
+      private
+
+      attr_accessor :fail_fast, :hosts
+    end
+  end
+end

data/lib/kitchen/terraform/inspec_options_factory.rb

@@ -0,0 +1,86 @@
+# frozen_string_literal: true
+
+# Copyright 2016-2019 New Context, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "inspec"
+require "kitchen/terraform/system_bastion_host_resolver"
+require "kitchen/terraform/system_inspec_map"
+require "rubygems"
+
+module Kitchen
+  module Terraform
+    # InSpecOptionsMapper is the class of objects which build Inspec options.
+    class InSpecOptionsFactory
+      class << self
+        # #inputs_key provides a key for InSpec profile inputs which depends on the version of InSpec.
+        #
+        # @return [Symbol] if the version is less than 4.3.2, :attributes; else, :inputs.
+        def inputs_key
+          if ::Gem::Requirement.new("< 4.3.2").satisfied_by? ::Gem::Version.new ::Inspec::VERSION
+            :attributes
+          else
+            :inputs
+          end
+        end
+      end
+
+      # #build creates a mapping of InSpec options. Most key-value pairs are derived from the configuration attributes
+      # of a system; some key-value pairs are hard-coded.
+      #
+      # @param attributes [Hash] the attributes to be added to the InSpec options.
+      # @param system_configuration_attributes [Hash] the configuration attributes of a system.
+      # @raise [Kitchen::ClientError] if the system bastion host fails to be resolved.
+      # @return [Hash] a mapping of InSpec options.
+      def build(attributes:, system_configuration_attributes:)
+        map_system_to_inspec system_configuration_attributes: system_configuration_attributes
+        options.store self.class.inputs_key, attributes
+        resolve_bastion_host system_configuration_attributes: system_configuration_attributes
+
+        options
+      end
+
+      # #initialize prepares a new instance of the class.
+      #
+      # @param outputs [Hash] the Terraform output variables.
+      # @return [Kitchen::Terraform::InSpecOptionsFactory]
+      def initialize(outputs:)
+        self.options = { "distinct_exit" => false }
+        self.system_bastion_host_resolver = ::Kitchen::Terraform::SystemBastionHostResolver.new outputs: outputs
+        self.system_inspec_map = ::Kitchen::Terraform::SYSTEM_INSPEC_MAP.dup
+      end
+
+      private
+
+      attr_accessor :options, :system_bastion_host_resolver, :system_inspec_map
+
+      def map_system_to_inspec(system_configuration_attributes:)
+        system_configuration_attributes.lazy.select do |attribute_name, _|
+          system_inspec_map.key?(attribute_name)
+        end.each do |attribute_name, attribute_value|
+          options.store system_inspec_map.fetch(attribute_name), attribute_value
+        end
+      end
+
+      def resolve_bastion_host(system_configuration_attributes:)
+        system_bastion_host_resolver.resolve(
+          bastion_host: system_configuration_attributes.fetch(:bastion_host, ""),
+          bastion_host_output: system_configuration_attributes.fetch(:bastion_host_output, ""),
+        ) do |bastion_host:|
+          options.store :bastion_host, bastion_host
+        end
+      end
+    end
+  end
+end

data/lib/kitchen/terraform/inspec_runner.rb

@@ -0,0 +1,88 @@
+# frozen_string_literal: true
+
+# Copyright 2016-2019 New Context, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "inspec"
+require "kitchen"
+
+module Kitchen
+  module Terraform
+    # InSpecRunner is the class of objects which act as interfaces to the InSpec gem.
+    class InSpecRunner
+      class << self
+        # .logger= sets the logger for all InSpec processes.
+        #
+        # The logdev of the logger is extended to conform to interface expected by InSpec.
+        #
+        # @param logger [Kitchen::Logger] the logger to use.
+        # @return [Kitchen::Logger] the logger.
+        def logger=(logger)
+          logger.logdev.define_singleton_method :filename do
+            false
+          end
+
+          ::Inspec::Log.logger = logger
+        end
+      end
+
+      # #exec executes InSpec.
+      #
+      # @raise [Kitchen::TransientFailure] if the execution of InSpec fails.
+      # @return [self]
+      def exec
+        run do |exit_code:|
+          if 0 != exit_code
+            raise ::Kitchen::TransientFailure, "#{action} failed due to a non-zero exit code of #{exit_code}."
+          end
+        end
+
+        self
+      end
+
+      # #initialize prepares a new instance of the class.
+      #
+      # @param options [Hash] options to configure the runner.
+      # @param profile_locations [Array<String>] a list of pathnames of profiles.
+      # @return [Kitchen::Terraform::InSpecRunner]
+      def initialize(options:, profile_locations:)
+        self.host = options.fetch :host do
+          ""
+        end
+        self.runner = ::Inspec::Runner.new options.merge logger: ::Inspec::Log.logger
+        profile_locations.each do |profile_location|
+          runner.add_target profile_location
+        end
+      end
+
+      private
+
+      attr_accessor :host, :runner
+
+      def action
+        if host.empty?
+          "Running InSpec"
+        else
+          "Running InSpec against the '#{host}' host"
+        end
+      end
+
+      def run
+        yield exit_code: runner.run
+      rescue => error
+        raise ::Kitchen::TransientFailure, "#{action} failed:\n\t\t#{error.message}"
+      end
+    end
+  end
+end

data/lib/kitchen/terraform/outputs_manager.rb

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+# Copyright 2016-2019 New Context, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "kitchen"
+
+module Kitchen
+  module Terraform
+    # OutputsManager manages Terraform outputs in the Kitchen instance state.
+    class OutputsManager
+      # #initialize prepares a new instance of the class.
+      #
+      # @return [Kitchen::Terraform::OutputsManager]
+      def initialize
+        self.state_key = :kitchen_terraform_outputs
+      end
+
+      # #load reads the Terraform outputs from the Kitchen instance state and writes them to a container.
+      #
+      # @param outputs [Hash] the container to which the Terraform outputs will be written.
+      # @param state [Hash] the Kitchen instance state from which the Terraform outputs will be read.
+      # @return [self]
+      def load(outputs:, state:)
+        outputs.replace state.fetch state_key
+
+        self
+      rescue ::KeyError
+        raise(
+          ::Kitchen::ClientError,
+          "Reading the Terraform output variables from the Kitchen instance state failed due to the absence of the " \
+          "'#{state_key}' key. This error could indicate that the Kitchen-Terraform provisioner plugin was not used " \
+          "to converge the Kitchen instance."
+        )
+      end
+
+      # #save reads the Terraform outputs from container and writes them to the Kitchen instance state.
+      #
+      # @param outputs [Hash] the container from which the Terraform outputs will be read.
+      # @param state [Hash] the Kitchen instance state to which the Terraform outputs will be written.
+      # @return [self]
+      def save(outputs:, state:)
+        state.store state_key, outputs.dup
+
+        self
+      end
+
+      private
+
+      attr_accessor :state_key
+    end
+  end
+end