kitchen-terraform 5.2.0 → 5.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: df1c8cf5af302e8ff0157356cdcd17b629b4613a279f44f6776b1c83532fee55
-  data.tar.gz: ddf2fee8e8b4191bdae7305ca3c2fb1464c58aa9eff9edbfe14495051f31d757
+  metadata.gz: 6a04795845f5a5170e57deaad7c5741daacfd678429a0089d1b94bd14c1affe6
+  data.tar.gz: 6e448fa5468092c57bb10876b4d326db67ebd845cd863b4ce6866712d8238b8b
 SHA512:
-  metadata.gz: 179e8d7217c594ad88c2bcfe3c81537a7ac18a4b9a0ff9645a56261ec6143468e08d026e99fdd105c253a8567e19f0df9293a1b91a0143a81687ae7b69c963ac
-  data.tar.gz: f32b9ebb0be2ca34102d51650bf0d73e83807a6d49ab38de21aac89c188be9850ff9d2c1a995d9a154c4a83fe044a3529f2ee53f3f8153158b77049bbd655aee
+  metadata.gz: 6808efc6bdeee619f164e8f6f9d06efec200828a21d79138ae481ca2eec756e4904694c55ed9c87fc0b619f724e5e3d641ab1da9e742549ef34c327a0656d7a7
+  data.tar.gz: 89acb6a22c11637b82afdf6c42fedaff6adab1f18dc4501c3a829b00b03750d6af8904062e940c276cd63727a0d33cc5c794375312acb3773f548518e1b6b5e6

data/README.md

@@ -1,6 +1,6 @@
 # ![Kitchen-Terraform Logo][kitchen-terraform-logo] Kitchen-Terraform
 
-> Kitchen-Terraform enables verification of Terraform state.
+> Kitchen-Terraform enables verification of infrastructure systems provisioned with Terraform.
 
 [![Gem version][gem-version-shield]][kitchen-terraform-gem]
 [![Gem downloads version][gem-downloads-version-shield]][kitchen-terraform-gem]
@@ -15,10 +15,10 @@
 
 [![Gitter chat][gitter-shield]][gitter]
 
-Kitchen-Terraform provides a set of [Test Kitchen][test-kitchen] plugins
-which enable a system to use Test Kitchen to converge a
-[Terraform][terraform] configuration and verify the resulting Terraform
-state with [InSpec][inspec] controls.
+Kitchen-Terraform provides a set of [Kitchen][kitchen] plugins
+which enable the use of Kitchen to converge a [Terraform][terraform]
+configuration and verify the resulting infrastructure systems with
+[InSpec][inspec] controls.
 
 As Kitchen-Terraform integrates several distinctive technologies in a
 nontrivial manner, reviewing the documentation of each of the
@@ -36,7 +36,7 @@ Installation instructions can be found in the
 [Terraform: Install Terraform][terraform-install] article.
 
 Kitchen-Terraform supports versions of Terraform in the interval of
-`>= 0.11.4, < 0.13.0`.
+`>= 0.11.4, < 0.15.0`.
 
 [tfenv] can be used to manage versions of Terraform on the system.
 
@@ -50,7 +50,7 @@ Installation instructions can be found in the
 
 Kitchen-Terraform aims to support all versions of Ruby that are in
 ["normal" or "security" maintenance][ruby-branches], which is currently
-the interval of `>= 2.4, < 2.7`.
+the interval of `>= 2.4, < 2.8`.
 
 [rbenv] can be used to manage versions of Ruby on the system.
 
@@ -75,7 +75,7 @@ the semantic versioning of the Ruby gem.
 
 ```ruby
 source "https://rubygems.org/" do
-  gem "kitchen-terraform", "~> 5.2"
+  gem "kitchen-terraform", "~> 5.6"
 end
 ```
 
@@ -102,7 +102,7 @@ example.
 > Installing Kitchen-Terraform with RubyGems
 
 ```sh
-gem install kitchen-terraform --version 5.2.0
+gem install kitchen-terraform --version 5.7.0
 ```
 
 This approach is not recommended as it requires more effort to install
@@ -128,7 +128,7 @@ Ed25519-type SSH keys.
 
 Kitchen-Terraform provides three Test Kitchen plugins which must be
 configured in a
-[Test Kitchen configuration file][test-kitchen-configuration-file] in
+[Kitchen configuration file][kitchen-configuration-file] in
 order to successfully test Terraform configuration.
 
 The [Terraform driver][terraform-driver] manages the state of the
@@ -143,167 +143,27 @@ Terraform state.
 More information can be found in the
 [Ruby gem documentation][ruby-gem-documentation].
 
-### Example
+### Caveats
 
-This example demonstrates how to test a simple Terraform configuration
-which utilizes the [Docker provider][docker-provider].
+Versions of Terraform in the 0.11 series may cause `kitchen test` to
+fail if the initial destroy targets an empty Terraform state. A
+workaround for this problem is to use
+`kitchen verify && kitchen destroy` instead of `kitchen test`. More
+details about the problem are available in
+[issue #271](issue-271).
 
-The test system is assumed to be running Ubuntu 17.04.
+### Tutorials and Examples
 
-Terraform, Ruby, and Bundler are assumed to have been installed on the
-test system as described in the [Installation](#installation) section.
-
-The [Docker Community Edition][docker-community-edition] is assumed to
-have been installed on the test system.
-
-The working directory on the test system is assumed to contain a
-hierarchy of files comprising the following blocks.
-
-> Directory hierarchy
-
-```
-.
-├── .kitchen.yml
-├── Gemfile
-├── main.tf
-├── outputs.tf
-└── test
-    └── integration
-        └── example
-            ├── controls
-            │   ├── operating_system.rb
-            └── inspec.yml
-```
-
-> Gemfile
-
-```ruby
-source "https://rubygems.org/"
-
-gem 'kitchen-terraform', '~> 5.1'
-```
-
-> ./kitchen.yml (Test Kitchen configuration)
-
-```yaml
-driver:
-  name: terraform
-
-provisioner:
-  name: terraform
-
-verifier:
-  name: terraform
-  systems:
-    - name: container
-      backend: ssh
-      hosts_output: container_hostname
-      password: root
-      port: 2222
-      user: root
-
-platforms:
-  - name: ubuntu
-
-suites:
-  - name: example
-```
-
-Although Kitchen-Terraform supports multiple versions of Terraform, below snippets are compatible with v0.12:
-> ./main.tf
-
-```hcl
-provider "docker" {
-  host = "unix:///var/run/docker.sock"
-}
-
-data "docker_registry_image" "ubuntu" {
-  name = "rastasheep/ubuntu-sshd:latest"
-}
-
-resource "docker_image" "ubuntu" {
-  name          = data.docker_registry_image.ubuntu.name
-  pull_triggers = ["${data.docker_registry_image.ubuntu.sha256_digest}"]
-}
-
-resource "docker_container" "ubuntu" {
-  image    = docker_image.ubuntu.name
-  must_run = true
-  name     = "ubuntu_container"
-
-  ports {
-    external = 2222
-    internal = 22
-  }
-}
-```
-
-> ./outputs.tf
-
-```hcl
-output "container_hostname" {
-  description = "The hostname of the container."
-  value       = "127.0.0.1"
-}
-```
-
-> ./test/integration/example/inspec.yml
-
-```yaml
-name: example
-```
-
-> ./test/integration/example/controls/operating_system.rb
-
-```ruby
-# frozen_string_literal: true
-
-control "operating_system" do
-  describe "the operating system" do
-    subject do
-      command("cat /etc/os-release").stdout
-    end
-
-    it "is Ubuntu" do
-      is_expected.to match /Ubuntu/
-    end
-  end
-end
-```
-
-Running the following command would initialize the working directory for
-Terraform, create a Docker container by applying the configuration file,
-and verify that the container is running Ubuntu.
-
-> Verifying with Kitchen-Terraform
-
-```sh
-$ bundle install
-$ bundle exec kitchen test
------> Starting Kitchen...
-...
-$$$$$$ Running command `terraform init...`
-...
-$$$$$$ Running command `terraform apply...`
-...
-       docker_container.ubuntu: Creation complete after 1s...
-
-       Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
-...
-       Finished converging <example-ubuntu>...
-...
------> Verifying <example-ubuntu>...
-       Verifying host 'localhost' of system 'container'
-...
-  ✔  operating_system: the operating system is Ubuntu
-...
-Profile Summary: 1 successful control, 0 control failures, 0 controls skipped
-...
-```
-
-More information can be found on the
+Several tutorials are available on the
 [Kitchen-Terraform Tutorials][kitchen-terraform-tutorials] page.
 
+The integration tests for Kitchen-Terraform can also be viewed as
+examples of how it works. The
+[integration test Kitchen configuration file][int-kitchen-config]
+and the [integration test directory][test-directory] provide several
+functional examples which exercise various features of
+Kitchen-Terraform.
+
 ## Contributing
 
 Kitchen-Terraform thrives on community contributions.
@@ -321,7 +181,8 @@ Information about changes to Kitchen-Terraform can be found in the
 
 ## Maintainers
 
-Kitchen-Terraform is maintained by New Context.
+Kitchen-Terraform is maintained by [community contributors][contributors]
+and New Context.
 
 <img
   alt="New Context logo"
@@ -374,17 +235,22 @@ Kitchen-Terraform is distributed under the [Apache License][license].
 [code-coverage-shield]: https://img.shields.io/codeclimate/coverage/newcontext-oss/kitchen-terraform.svg
 [code-coverage]: https://codeclimate.com/github/newcontext-oss/kitchen-terraform/
 [contributing-document]: https://github.com/newcontext-oss/kitchen-terraform/blob/master/CONTRIBUTING.md
+[contributors]: https://github.com/newcontext-oss/kitchen-terraform/graphs/contributors
 [docker]: https://www.docker.com/
 [docker-community-edition]: https://store.docker.com/editions/community/docker-ce-server-ubuntu
 [docker-provider]: https://www.terraform.io/docs/providers/docker/index.html
 [gem-downloads-total-shield]: https://img.shields.io/gem/dt/kitchen-terraform.svg
 [gem-downloads-version-shield]: https://img.shields.io/gem/dtv/kitchen-terraform.svg
 [gem-version-shield]: https://img.shields.io/gem/v/kitchen-terraform.svg
-[hakiri-shield]: https://hakiri.io/github/newcontext-oss/kitchen-terraform/master.svg
-[hakiri]: https://hakiri.io/github/newcontext-oss/kitchen-terraform/
 [gitter-shield]: https://img.shields.io/gitter/room/kitchen-terraform/Lobby.svg
 [gitter]: https://gitter.im/kitchen-terraform/Lobby
+[hakiri-shield]: https://hakiri.io/github/newcontext-oss/kitchen-terraform/master.svg
+[hakiri]: https://hakiri.io/github/newcontext-oss/kitchen-terraform/
 [inspec]: https://www.inspec.io/
+[int-kitchen-config]: https://github.com/newcontext-oss/kitchen-terraform/blob/master/kitchen.yml
+[issue-271]: https://github.com/newcontext-oss/kitchen-terraform/issues/271
+[kitchen]: http://kitchen.ci/index.html
+[kitchen-configuration-file]: https://docs.chef.io/config_yml_kitchen.html
 [kitchen-terraform-gem]: https://rubygems.org/gems/kitchen-terraform
 [kitchen-terraform-logo]: https://raw.githubusercontent.com/newcontext-oss/kitchen-terraform/master/assets/logo.png
 [kitchen-terraform-tutorials]: https://newcontext-oss.github.io/kitchen-terraform/tutorials/
@@ -411,8 +277,7 @@ Kitchen-Terraform is distributed under the [Apache License][license].
 [terraform-provisioner]: http://www.rubydoc.info/github/newcontext-oss/kitchen-terraform/Kitchen/Provisioner/Terraform
 [terraform-verifier]: http://www.rubydoc.info/github/newcontext-oss/kitchen-terraform/Kitchen/Verifier/Terraform
 [terraform]: https://www.terraform.io/
-[test-kitchen-configuration-file]: https://docs.chef.io/config_yml_kitchen.html
-[test-kitchen]: http://kitchen.ci/index.html
+[test-directory]: https://github.com/newcontext-oss/kitchen-terraform/tree/master/test
 [tfenv]: https://github.com/kamatama41/tfenv
 [travis-build-status-shield]: https://img.shields.io/travis/com/newcontext-oss/kitchen-terraform.svg
 [travis-build-status]: https://travis-ci.com/newcontext-oss/kitchen-terraform

data/lib/kitchen/terraform/config_schemas/system.rb

@@ -130,6 +130,8 @@ module Kitchen
       #
       # The +bastion_host+ key must be used in combination with a backend which supports remote connections.
       #
+      # The +bastion_host_output+ key will take priority over the +bastion_host+ key.
+      #
       # <em>Example kitchen.yml</em>
       #   verifier:
       #     name: terraform
@@ -138,12 +140,29 @@ module Kitchen
       #         backend: ssh
       #         bastion_host: bastion-host.domain
       #
+      # ====== bastion_host_output
+      #
+      # The value of the +bastion_host_output+ key is a scalar which is used to obtain the address of a bastion host in
+      # the system from a Terraform output.
+      #
+      # The scalar must match the name of an output with a value which is a string.
+      #
+      # The +bastion_host_output+ key must be used in combination with a backend which enables remote connections.
+      #
+      # <em>Example kitchen.yml</em>
+      #   verifier:
+      #     name: terraform
+      #     systems:
+      #       - name: a system
+      #         backend: ssh
+      #         bastion_host_output: an_output
+      #
       # ====== bastion_port
       #
       # The value of the +bastion_port+ key is an integer which is used as the port number to connect to on the bastion
       # host.
       #
-      # The +bastion_port+ key must be used in combination with the +bastion_host+ key.
+      # The +bastion_port+ key must be used in combination with the +bastion_host_output+ key or the +bastion_host+ key.
       #
       # <em>Example kitchen.yml</em>
       #   verifier:
@@ -151,7 +170,7 @@ module Kitchen
       #     systems:
       #       - name: a system
       #         backend: ssh
-      #         bastion_host: bastion-host.domain
+      #         bastion_host_output: an_output
       #         bastion_port: 1234
       #
       # ====== bastion_user
@@ -159,7 +178,7 @@ module Kitchen
       # The value of the +bastion_user+ key is a scalar which is used as the username for authentication with the
       # bastion host.
       #
-      # The +bastion_user+ key must be used in combination with the +bastion_host+ key.
+      # The +bastion_user+ key must be used in combination with the +bastion_host_output+ key or the +bastion_host+ key.
       #
       # <em>Example kitchen.yml</em>
       #   verifier:
@@ -167,7 +186,7 @@ module Kitchen
       #     systems:
       #       - name: a system
       #         backend: ssh
-      #         bastion_host: bastion-host.domain
+      #         bastion_host_output: an_output
       #         bastion_user: bastion-user
       #
       # ====== controls
@@ -554,6 +573,7 @@ module Kitchen
         optional(:attrs_outputs).filled :hash?
         optional(:backend_cache).value :bool?
         optional(:bastion_host).filled :str?
+        optional(:bastion_host_output).filled :str?
         optional(:bastion_port).value :int?
         optional(:bastion_user).filled :str?
         optional(:controls).each(:filled?, :str?)

data/lib/kitchen/terraform/configurable.rb

@@ -42,7 +42,7 @@ module Kitchen
       # @see Kitchen::Configurable#finalize_config!
       def finalize_config!(instance)
         super instance
-        self.version_requirement = ::Gem::Requirement.new ">= 0.11.4", "< 0.13.0"
+        self.version_requirement = ::Gem::Requirement.new ">= 0.11.4", "< 0.15.0"
         self.workspace_name = "kitchen-terraform-#{::Shellwords.escape instance.name}"
       end
 

data/lib/kitchen/terraform/inspec_options_factory.rb

@@ -15,6 +15,7 @@
 # limitations under the License.
 
 require "inspec"
+require "kitchen/terraform/system_bastion_host_resolver"
 require "kitchen/terraform/system_inspec_map"
 require "rubygems"
 
@@ -40,28 +41,46 @@ module Kitchen
       #
       # @param attributes [Hash] the attributes to be added to the InSpec options.
       # @param system_configuration_attributes [Hash] the configuration attributes of a system.
+      # @raise [Kitchen::ClientError] if the system bastion host fails to be resolved.
       # @return [Hash] a mapping of InSpec options.
       def build(attributes:, system_configuration_attributes:)
-        system_configuration_attributes.lazy.select do |attribute_name, _|
-          system_inspec_map.key?(attribute_name)
-        end.each do |attribute_name, attribute_value|
-          options.store system_inspec_map.fetch(attribute_name), attribute_value
-        end
+        map_system_to_inspec system_configuration_attributes: system_configuration_attributes
+        options.store self.class.inputs_key, attributes
+        resolve_bastion_host system_configuration_attributes: system_configuration_attributes
 
-        options.merge self.class.inputs_key => attributes
+        options
       end
 
       # #initialize prepares a new instance of the class.
       #
+      # @param outputs [Hash] the Terraform output variables.
       # @return [Kitchen::Terraform::InSpecOptionsFactory]
-      def initialize
+      def initialize(outputs:)
         self.options = { "distinct_exit" => false }
+        self.system_bastion_host_resolver = ::Kitchen::Terraform::SystemBastionHostResolver.new outputs: outputs
         self.system_inspec_map = ::Kitchen::Terraform::SYSTEM_INSPEC_MAP.dup
       end
 
       private
 
-      attr_accessor :options, :system_inspec_map
+      attr_accessor :options, :system_bastion_host_resolver, :system_inspec_map
+
+      def map_system_to_inspec(system_configuration_attributes:)
+        system_configuration_attributes.lazy.select do |attribute_name, _|
+          system_inspec_map.key?(attribute_name)
+        end.each do |attribute_name, attribute_value|
+          options.store system_inspec_map.fetch(attribute_name), attribute_value
+        end
+      end
+
+      def resolve_bastion_host(system_configuration_attributes:)
+        system_bastion_host_resolver.resolve(
+          bastion_host: system_configuration_attributes.fetch(:bastion_host, ""),
+          bastion_host_output: system_configuration_attributes.fetch(:bastion_host_output, ""),
+        ) do |bastion_host:|
+          options.store :bastion_host, bastion_host
+        end
+      end
     end
   end
 end

data/lib/kitchen/terraform/inspec_runner.rb

@@ -61,6 +61,11 @@ module Kitchen
           ""
         end
         self.runner = ::Inspec::Runner.new options.merge logger: ::Inspec::Log.logger
+
+        v2_loader = ::Inspec::Plugin::V2::Loader.new
+        v2_loader.load_all
+        v2_loader.exit_on_load_error
+
         profile_locations.each do |profile_location|
           runner.add_target profile_location
         end
@@ -81,7 +86,7 @@ module Kitchen
       def run
         yield exit_code: runner.run
       rescue => error
-        raise ::Kitchen::TransientFailure, "#{action} failed:\n\t#{error.message}"
+        raise ::Kitchen::TransientFailure, "#{action} failed:\n\t\t#{error.message}"
       end
     end
   end

data/lib/kitchen/terraform/provisioner/converge.rb

@@ -75,9 +75,10 @@ module Kitchen
         # @param workspace_name [String] the name of the Terraform workspace to select or to create.
         # @return [Kitchen::Terraform::Driver::Converge]
         def initialize(config:, logger:, version_requirement:, workspace_name:)
+          client = config.fetch :client
           hash_config = config.to_hash.merge workspace_name: workspace_name
           self.command_executor = ::Kitchen::Terraform::CommandExecutor.new(
-            client: config.fetch(:client),
+            client: client,
             logger: logger,
           )
           self.logger = logger
@@ -86,11 +87,9 @@ module Kitchen
           self.apply = ::Kitchen::Terraform::Command::Apply.new config: config
           self.get = ::Kitchen::Terraform::Command::Get.new
           self.output = ::Kitchen::Terraform::Command::Output.new
+          initialize_outputs_handlers client: client, logger: logger
           self.validate = ::Kitchen::Terraform::Command::Validate.new config: config
           self.workspace_select = ::Kitchen::Terraform::Command::WorkspaceSelect.new config: hash_config
-          self.outputs_manager = ::Kitchen::Terraform::OutputsManager.new
-          self.outputs_parser = ::Kitchen::Terraform::OutputsParser.new
-          self.outputs_reader = ::Kitchen::Terraform::OutputsReader.new command_executor: command_executor
           self.variables = config.fetch :variables
           self.variables_manager = ::Kitchen::Terraform::VariablesManager.new
           self.verify_version = ::Kitchen::Terraform::VerifyVersion.new(
@@ -144,6 +143,17 @@ module Kitchen
           build_infrastructure
         end
 
+        def initialize_outputs_handlers(client:, logger:)
+          self.outputs_manager = ::Kitchen::Terraform::OutputsManager.new
+          self.outputs_parser = ::Kitchen::Terraform::OutputsParser.new
+          self.outputs_reader = ::Kitchen::Terraform::OutputsReader.new(
+            command_executor: ::Kitchen::Terraform::CommandExecutor.new(
+              client: client,
+              logger: ::Kitchen::Terraform::DebugLogger.new(logger),
+            ),
+          )
+        end
+
         def parse_outputs(json_outputs:)
           logger.warn "Parsing the Terraform output variables as JSON..."
           outputs_parser.parse json_outputs: json_outputs do |parsed_outputs:|
@@ -165,7 +175,7 @@ module Kitchen
         def save_outputs(parsed_outputs:, state:)
           logger.warn "Writing the output variables to the Kitchen instance state..."
           outputs_manager.save outputs: parsed_outputs, state: state
-          logger.warn "Finished writing the output varibales to the Kitchen instance state."
+          logger.warn "Finished writing the output variables to the Kitchen instance state."
         end
 
         def save_variables_and_outputs(state:)

data/lib/kitchen/terraform/raise/action_failed.rb

@@ -19,31 +19,31 @@ require "kitchen"
 module Kitchen
   module Terraform
     module Raise
-    # ActionFailed is the class of objects which handle errors resulting in failed actions.
-    class ActionFailed
-      # #call logs an error message and raises an error with the message.
-      #
-      # @param message [String] the error message.
-      # @raise [Kitchen::ActionFailed]
-      # @return [void]
-      def call(message:)
-        logger.error message
+      # ActionFailed is the class of objects which handle errors resulting in failed actions.
+      class ActionFailed
+        # #call logs an error message and raises an error with the message.
+        #
+        # @param message [String] the error message.
+        # @raise [Kitchen::ActionFailed]
+        # @return [void]
+        def call(message:)
+          logger.error message
 
-        raise ::Kitchen::ActionFailed, message
-      end
+          raise ::Kitchen::ActionFailed, message
+        end
 
-      # #initialize prepares a new instance of the class.
-      #
-      # @param logger [Kitchen::Logger] a logger to log messages.
-      # @return [Kitchen::Terraform::ActionFailed]
-      def initialize(logger:)
-        self.logger = logger
-      end
+        # #initialize prepares a new instance of the class.
+        #
+        # @param logger [Kitchen::Logger] a logger to log messages.
+        # @return [Kitchen::Terraform::ActionFailed]
+        def initialize(logger:)
+          self.logger = logger
+        end
 
-      private
+        private
 
-      attr_accessor :logger
+        attr_accessor :logger
+      end
     end
   end
 end
-end

data/lib/kitchen/terraform/system.rb

@@ -46,7 +46,6 @@ module Kitchen
         self.hosts = configuration_attributes.fetch :hosts do
           []
         end.dup
-        self.inspec_options_factory = ::Kitchen::Terraform::InSpecOptionsFactory.new
         self.logger = logger
       end
 
@@ -72,17 +71,20 @@ module Kitchen
 
       private
 
-      attr_accessor :attrs, :attrs_outputs, :configuration_attributes, :hosts, :inspec_options_factory, :logger
+      attr_accessor :attrs, :attrs_outputs, :configuration_attributes, :hosts, :logger
 
-      def execute_inspec_runner(fail_fast:)
+      def execute_inspec_runner(fail_fast:, options:)
         ::Kitchen::Terraform::InSpecFactory.new(fail_fast: fail_fast, hosts: hosts).build(
-          options: inspec_options,
+          options: options,
           profile_locations: configuration_attributes.fetch(:profile_locations),
         ).exec
       end
 
-      def inspec_options
-        inspec_options_factory.build attributes: attrs, system_configuration_attributes: configuration_attributes
+      def inspec_options(outputs:)
+        ::Kitchen::Terraform::InSpecOptionsFactory.new(outputs: outputs).build(
+          attributes: attrs,
+          system_configuration_attributes: configuration_attributes,
+        )
       end
 
       def resolve(outputs:, variables:)
@@ -102,7 +104,7 @@ module Kitchen
       def resolve_and_execute(fail_fast:, outputs:, variables:)
         logger.warn "Verifying the '#{self}' system..."
         resolve outputs: outputs, variables: variables
-        execute_inspec_runner fail_fast: fail_fast
+        execute_inspec_runner fail_fast: fail_fast, options: inspec_options(outputs: outputs)
         logger.warn "Finished verifying the '#{self}' system."
       end
     end

data/lib/kitchen/terraform/system_bastion_host_resolver.rb

@@ -0,0 +1,72 @@
+# frozen_string_literal: true
+
+# Copyright 2016-2019 New Context, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "kitchen"
+
+module Kitchen
+  module Terraform
+    # SystemBastionHostResolver is the class of objects which resolve a bastion host of a system which may be either
+    # dynamically obtained from a Terraform output variable or statically defined.
+    class SystemBastionHostResolver
+      # #initialize prepares a new instance of the class.
+      #
+      # @param outputs [Hash] a map of Terraform output variables.
+      # @return [Kitchen::Terraform::SystemBastionHostResolver]
+      def initialize(outputs:)
+        self.outputs = Hash[outputs]
+      end
+
+      # #resolve resolves a bastion host from either the specified Terraform output or the static value.
+      #
+      # @param bastion_host [String] a statically defined host.
+      # @param bastion_host_output [String] the name of the Terraform output which contains a bastion host.
+      # @yieldparam bastion_host [String] the bastion host.
+      # @raise [Kitchen::ClientError] if the specified Terraform output is not found.
+      # @return [self]
+      def resolve(bastion_host:, bastion_host_output:)
+        if !bastion_host.empty?
+          yield bastion_host: bastion_host
+        elsif !bastion_host_output.empty?
+          yield bastion_host: resolved_output(bastion_host_output: bastion_host_output).fetch(:value)
+        end
+
+        self
+      rescue ::KeyError
+        raise(
+          ::Kitchen::ClientError,
+          "Resolving the system bastion host failed due to the absence of the 'value' key from the " \
+          "'#{bastion_host_output}' Terraform output of the Kitchen instance state. This error indicates that the " \
+          "output format of `terraform output -json` is unexpected."
+        )
+      end
+
+      private
+
+      attr_accessor :outputs
+
+      def resolved_output(bastion_host_output:)
+        outputs.fetch bastion_host_output.to_sym
+      rescue ::KeyError
+        raise(
+          ::Kitchen::ClientError,
+          "Resolving the system bastion host failed due to the absence of the '#{bastion_host_output}' key from the " \
+          "Terraform outputs of the Kitchen instance state. This error indicates either that `kitchen converge` must " \
+          "be executed again to update the Terraform outputs or that the wrong key was provided."
+        )
+      end
+    end
+  end
+end

data/lib/kitchen/terraform/system_inspec_map.rb

@@ -21,7 +21,6 @@ module Kitchen
       attrs: :input_file,
       backend_cache: :backend_cache,
       backend: :backend,
-      bastion_host: :bastion_host,
       bastion_port: :bastion_port,
       bastion_user: :bastion_user,
       color: "color",

data/lib/kitchen/terraform/version.rb

@@ -71,7 +71,7 @@ module Kitchen
 
         # @api private
         def value
-          self.value = ::Gem::Version.new "5.2.0" if not @value
+          self.value = ::Gem::Version.new "5.7.0" if not @value
           @value
         end
 

data/lib/kitchen/verifier/terraform.rb

@@ -160,7 +160,7 @@ module Kitchen
       def load_outputs(state:)
         logger.warn "Reading the Terraform output variables from the Kitchen instance state..."
         ::Kitchen::Terraform::OutputsManager.new.load outputs: outputs, state: state
-        logger.warn "Finished reading the Terraform output varibales from the Kitchen instance state."
+        logger.warn "Finished reading the Terraform output variables from the Kitchen instance state."
       end
 
       def profile_locations
@@ -183,9 +183,9 @@ module Kitchen
       end
 
       def verify_systems
-        logger.banner "Starting verification of the systems."
+        logger.warn "Verifying the systems..."
         systems_verifier.verify outputs: outputs, variables: variables
-        logger.banner "Finished verification of the systems."
+        logger.warn "Finished verifying the systems."
       end
     end
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: kitchen-terraform
 version: !ruby/object:Gem::Version
-  version: 5.2.0
+  version: 5.7.0
 platform: ruby
 authors:
 - Aaron Lane
@@ -21,6 +21,7 @@ authors:
 - curleighbraces
 - Austin Heiman
 - Gary Foster
+- Ed Bartholomew
 autorequire: 
 bindir: bin
 cert_chain:
@@ -61,7 +62,7 @@ cert_chain:
   JH4yGDzVEYaZHaohSDcYuGLK6OQylPu7oM75S+TNLWseDIT8bWgQk6NelVjtQQ2Q
   XSbgfu863jyey/0qO01cUo3+iTqzl85cWg==
   -----END CERTIFICATE-----
-date: 2020-02-28 00:00:00.000000000 Z
+date: 2021-02-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -204,145 +205,131 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '4.2'
 - !ruby/object:Gem::Dependency
-  name: mini_racer
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 0.2.0
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 0.2.0
-- !ruby/object:Gem::Dependency
-  name: pry-coolline
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.2'
+        version: '3.4'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.2'
+        version: '3.4'
 - !ruby/object:Gem::Dependency
-  name: pry
+  name: rufo
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.10'
+        version: '0.7'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.10'
+        version: '0.7'
 - !ruby/object:Gem::Dependency
-  name: reek
+  name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.5'
+        version: 0.16.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.5'
+        version: 0.16.1
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: travis
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.4'
+        version: '1.8'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.4'
+        version: '1.8'
 - !ruby/object:Gem::Dependency
-  name: rufo
+  name: yard
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.7'
+        version: '0.9'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.7'
+        version: '0.9'
 - !ruby/object:Gem::Dependency
-  name: simplecov
+  name: reek
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.16.1
+        version: 6.0.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.16.1
+        version: 6.0.2
 - !ruby/object:Gem::Dependency
-  name: travis
+  name: delegate
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.8'
-  type: :development
+        version: 0.1.0
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.8'
+        version: 0.1.0
 - !ruby/object:Gem::Dependency
-  name: yard
+  name: dry-validation
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.9'
-  type: :development
+        version: '0.13'
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.9'
+        version: '0.13'
 - !ruby/object:Gem::Dependency
-  name: dry-validation
+  name: mixlib-shellout
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.13'
+        version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.13'
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: inspec
   requirement: !ruby/object:Gem::Requirement
@@ -350,6 +337,15 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '3'
+    - - "!="
+      - !ruby/object:Gem::Version
+        version: 4.24.26
+    - - "!="
+      - !ruby/object:Gem::Version
+        version: 4.24.28
+    - - "!="
+      - !ruby/object:Gem::Version
+        version: 4.24.32
     - - "<"
       - !ruby/object:Gem::Version
         version: '5'
@@ -360,6 +356,15 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '3'
+    - - "!="
+      - !ruby/object:Gem::Version
+        version: 4.24.26
+    - - "!="
+      - !ruby/object:Gem::Version
+        version: 4.24.28
+    - - "!="
+      - !ruby/object:Gem::Version
+        version: 4.24.32
     - - "<"
       - !ruby/object:Gem::Version
         version: '5'
@@ -369,28 +374,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.2'
+        version: '2.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.2'
-- !ruby/object:Gem::Dependency
-  name: mixlib-shellout
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '2.3'
 - !ruby/object:Gem::Dependency
   name: test-kitchen
   requirement: !ruby/object:Gem::Requirement
@@ -508,6 +499,7 @@ files:
 - lib/kitchen/terraform/system.rb
 - lib/kitchen/terraform/system_attrs_inputs_resolver.rb
 - lib/kitchen/terraform/system_attrs_outputs_resolver.rb
+- lib/kitchen/terraform/system_bastion_host_resolver.rb
 - lib/kitchen/terraform/system_hosts_resolver.rb
 - lib/kitchen/terraform/system_inspec_map.rb
 - lib/kitchen/terraform/systems_verifier.rb
@@ -543,16 +535,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '2.4'
   - - "<"
     - !ruby/object:Gem::Version
-      version: '2.7'
+      version: '2.8'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements:
-- Terraform >= v0.11.4, < v0.13.0
-rubyforge_project: 
-rubygems_version: 2.7.7
+- Terraform >= v0.11.4, < v0.15.0
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: Test Kitchen plugins for testing Terraform configuration