kitchen-terraform 5.2.0 → 5.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: df1c8cf5af302e8ff0157356cdcd17b629b4613a279f44f6776b1c83532fee55
-  data.tar.gz: ddf2fee8e8b4191bdae7305ca3c2fb1464c58aa9eff9edbfe14495051f31d757
+  metadata.gz: d8dc1f0460a8fe0af7e998d2e4b9a898faee66436930a3be0701c230c6eed625
+  data.tar.gz: a906eb2ca2f29a01be6e8b9bbc8e555c5d666941e0f73cbd34162946b77d238e
 SHA512:
-  metadata.gz: 179e8d7217c594ad88c2bcfe3c81537a7ac18a4b9a0ff9645a56261ec6143468e08d026e99fdd105c253a8567e19f0df9293a1b91a0143a81687ae7b69c963ac
-  data.tar.gz: f32b9ebb0be2ca34102d51650bf0d73e83807a6d49ab38de21aac89c188be9850ff9d2c1a995d9a154c4a83fe044a3529f2ee53f3f8153158b77049bbd655aee
+  metadata.gz: 811fd1d6476ec8364ddd5e5c6022e487cdc8d53c54674a1d6f5c51805fb1b10d8942315f4d4efebf6ea4c20d0a44099bac4f55af6ef3ffe738d92deea2db8b43
+  data.tar.gz: bc8fbbae6a4ad9db3ffed99be1afcf953cee0dba241834ff5053f30738486388b2ffc9856d5c10b8dba503a3c68b15d54e9bf139c9d2b375bce9b154a688f78f

data/README.md

@@ -75,7 +75,7 @@ the semantic versioning of the Ruby gem.
 
 ```ruby
 source "https://rubygems.org/" do
-  gem "kitchen-terraform", "~> 5.2"
+  gem "kitchen-terraform", "~> 5.3"
 end
 ```
 
@@ -102,7 +102,7 @@ example.
 > Installing Kitchen-Terraform with RubyGems
 
 ```sh
-gem install kitchen-terraform --version 5.2.0
+gem install kitchen-terraform --version 5.3.0
 ```
 
 This approach is not recommended as it requires more effort to install
@@ -143,6 +143,15 @@ Terraform state.
 More information can be found in the
 [Ruby gem documentation][ruby-gem-documentation].
 
+### Caveats
+
+Versions of Terraform in the 0.11 series may cause `kitchen test` to
+fail if the initial destroy targets an empty Terraform state. A
+workaround for this problem is to use
+`kitchen verify && kitchen destroy` instead of `kitchen test`. More
+details about the problem are available in
+[issue #271](issue-271).
+
 ### Example
 
 This example demonstrates how to test a simple Terraform configuration
@@ -209,7 +218,8 @@ suites:
   - name: example
 ```
 
-Although Kitchen-Terraform supports multiple versions of Terraform, below snippets are compatible with v0.12:
+Although Kitchen-Terraform supports multiple versions of Terraform,
+below snippets are compatible with v0.12:
 > ./main.tf
 
 ```hcl
@@ -380,11 +390,12 @@ Kitchen-Terraform is distributed under the [Apache License][license].
 [gem-downloads-total-shield]: https://img.shields.io/gem/dt/kitchen-terraform.svg
 [gem-downloads-version-shield]: https://img.shields.io/gem/dtv/kitchen-terraform.svg
 [gem-version-shield]: https://img.shields.io/gem/v/kitchen-terraform.svg
-[hakiri-shield]: https://hakiri.io/github/newcontext-oss/kitchen-terraform/master.svg
-[hakiri]: https://hakiri.io/github/newcontext-oss/kitchen-terraform/
 [gitter-shield]: https://img.shields.io/gitter/room/kitchen-terraform/Lobby.svg
 [gitter]: https://gitter.im/kitchen-terraform/Lobby
+[hakiri-shield]: https://hakiri.io/github/newcontext-oss/kitchen-terraform/master.svg
+[hakiri]: https://hakiri.io/github/newcontext-oss/kitchen-terraform/
 [inspec]: https://www.inspec.io/
+[issue-271]: https://github.com/newcontext-oss/kitchen-terraform/issues/271
 [kitchen-terraform-gem]: https://rubygems.org/gems/kitchen-terraform
 [kitchen-terraform-logo]: https://raw.githubusercontent.com/newcontext-oss/kitchen-terraform/master/assets/logo.png
 [kitchen-terraform-tutorials]: https://newcontext-oss.github.io/kitchen-terraform/tutorials/

data/lib/kitchen/terraform/config_schemas/system.rb

@@ -130,6 +130,8 @@ module Kitchen
       #
       # The +bastion_host+ key must be used in combination with a backend which supports remote connections.
       #
+      # The +bastion_host_output+ key will take priority over the +bastion_host+ key.
+      #
       # <em>Example kitchen.yml</em>
       #   verifier:
       #     name: terraform
@@ -138,12 +140,29 @@ module Kitchen
       #         backend: ssh
       #         bastion_host: bastion-host.domain
       #
+      # ====== bastion_host_output
+      #
+      # The value of the +bastion_host_output+ key is a scalar which is used to obtain the address of a bastion host in
+      # the system from a Terraform output.
+      #
+      # The scalar must match the name of an output with a value which is a string.
+      #
+      # The +bastion_host_output+ key must be used in combination with a backend which enables remote connections.
+      #
+      # <em>Example kitchen.yml</em>
+      #   verifier:
+      #     name: terraform
+      #     systems:
+      #       - name: a system
+      #         backend: ssh
+      #         bastion_host_output: an_output
+      #
       # ====== bastion_port
       #
       # The value of the +bastion_port+ key is an integer which is used as the port number to connect to on the bastion
       # host.
       #
-      # The +bastion_port+ key must be used in combination with the +bastion_host+ key.
+      # The +bastion_port+ key must be used in combination with the +bastion_host_output+ key or the +bastion_host+ key.
       #
       # <em>Example kitchen.yml</em>
       #   verifier:
@@ -151,7 +170,7 @@ module Kitchen
       #     systems:
       #       - name: a system
       #         backend: ssh
-      #         bastion_host: bastion-host.domain
+      #         bastion_host_output: an_output
       #         bastion_port: 1234
       #
       # ====== bastion_user
@@ -159,7 +178,7 @@ module Kitchen
       # The value of the +bastion_user+ key is a scalar which is used as the username for authentication with the
       # bastion host.
       #
-      # The +bastion_user+ key must be used in combination with the +bastion_host+ key.
+      # The +bastion_user+ key must be used in combination with the +bastion_host_output+ key or the +bastion_host+ key.
       #
       # <em>Example kitchen.yml</em>
       #   verifier:
@@ -167,7 +186,7 @@ module Kitchen
       #     systems:
       #       - name: a system
       #         backend: ssh
-      #         bastion_host: bastion-host.domain
+      #         bastion_host_output: an_output
       #         bastion_user: bastion-user
       #
       # ====== controls
@@ -554,6 +573,7 @@ module Kitchen
         optional(:attrs_outputs).filled :hash?
         optional(:backend_cache).value :bool?
         optional(:bastion_host).filled :str?
+        optional(:bastion_host_output).filled :str?
         optional(:bastion_port).value :int?
         optional(:bastion_user).filled :str?
         optional(:controls).each(:filled?, :str?)

data/lib/kitchen/terraform/inspec_options_factory.rb

@@ -15,6 +15,7 @@
 # limitations under the License.
 
 require "inspec"
+require "kitchen/terraform/system_bastion_host_resolver"
 require "kitchen/terraform/system_inspec_map"
 require "rubygems"
 
@@ -40,28 +41,46 @@ module Kitchen
       #
       # @param attributes [Hash] the attributes to be added to the InSpec options.
       # @param system_configuration_attributes [Hash] the configuration attributes of a system.
+      # @raise [Kitchen::ClientError] if the system bastion host fails to be resolved.
       # @return [Hash] a mapping of InSpec options.
       def build(attributes:, system_configuration_attributes:)
-        system_configuration_attributes.lazy.select do |attribute_name, _|
-          system_inspec_map.key?(attribute_name)
-        end.each do |attribute_name, attribute_value|
-          options.store system_inspec_map.fetch(attribute_name), attribute_value
-        end
+        map_system_to_inspec system_configuration_attributes: system_configuration_attributes
+        options.store self.class.inputs_key, attributes
+        resolve_bastion_host system_configuration_attributes: system_configuration_attributes
 
-        options.merge self.class.inputs_key => attributes
+        options
       end
 
       # #initialize prepares a new instance of the class.
       #
+      # @param outputs [Hash] the Terraform output variables.
       # @return [Kitchen::Terraform::InSpecOptionsFactory]
-      def initialize
+      def initialize(outputs:)
         self.options = { "distinct_exit" => false }
+        self.system_bastion_host_resolver = ::Kitchen::Terraform::SystemBastionHostResolver.new outputs: outputs
         self.system_inspec_map = ::Kitchen::Terraform::SYSTEM_INSPEC_MAP.dup
       end
 
       private
 
-      attr_accessor :options, :system_inspec_map
+      attr_accessor :options, :system_bastion_host_resolver, :system_inspec_map
+
+      def map_system_to_inspec(system_configuration_attributes:)
+        system_configuration_attributes.lazy.select do |attribute_name, _|
+          system_inspec_map.key?(attribute_name)
+        end.each do |attribute_name, attribute_value|
+          options.store system_inspec_map.fetch(attribute_name), attribute_value
+        end
+      end
+
+      def resolve_bastion_host(system_configuration_attributes:)
+        system_bastion_host_resolver.resolve(
+          bastion_host: system_configuration_attributes.fetch(:bastion_host, ""),
+          bastion_host_output: system_configuration_attributes.fetch(:bastion_host_output, ""),
+        ) do |bastion_host:|
+          options.store :bastion_host, bastion_host
+        end
+      end
     end
   end
 end

data/lib/kitchen/terraform/inspec_runner.rb

@@ -81,7 +81,7 @@ module Kitchen
       def run
         yield exit_code: runner.run
       rescue => error
-        raise ::Kitchen::TransientFailure, "#{action} failed:\n\t#{error.message}"
+        raise ::Kitchen::TransientFailure, "#{action} failed:\n\t\t#{error.message}"
       end
     end
   end

data/lib/kitchen/terraform/provisioner/converge.rb

@@ -75,9 +75,10 @@ module Kitchen
         # @param workspace_name [String] the name of the Terraform workspace to select or to create.
         # @return [Kitchen::Terraform::Driver::Converge]
         def initialize(config:, logger:, version_requirement:, workspace_name:)
+          client = config.fetch :client
           hash_config = config.to_hash.merge workspace_name: workspace_name
           self.command_executor = ::Kitchen::Terraform::CommandExecutor.new(
-            client: config.fetch(:client),
+            client: client,
             logger: logger,
           )
           self.logger = logger
@@ -86,11 +87,9 @@ module Kitchen
           self.apply = ::Kitchen::Terraform::Command::Apply.new config: config
           self.get = ::Kitchen::Terraform::Command::Get.new
           self.output = ::Kitchen::Terraform::Command::Output.new
+          initialize_outputs_handlers client: client, logger: logger
           self.validate = ::Kitchen::Terraform::Command::Validate.new config: config
           self.workspace_select = ::Kitchen::Terraform::Command::WorkspaceSelect.new config: hash_config
-          self.outputs_manager = ::Kitchen::Terraform::OutputsManager.new
-          self.outputs_parser = ::Kitchen::Terraform::OutputsParser.new
-          self.outputs_reader = ::Kitchen::Terraform::OutputsReader.new command_executor: command_executor
           self.variables = config.fetch :variables
           self.variables_manager = ::Kitchen::Terraform::VariablesManager.new
           self.verify_version = ::Kitchen::Terraform::VerifyVersion.new(
@@ -144,6 +143,17 @@ module Kitchen
           build_infrastructure
         end
 
+        def initialize_outputs_handlers(client:, logger:)
+          self.outputs_manager = ::Kitchen::Terraform::OutputsManager.new
+          self.outputs_parser = ::Kitchen::Terraform::OutputsParser.new
+          self.outputs_reader = ::Kitchen::Terraform::OutputsReader.new(
+            command_executor: ::Kitchen::Terraform::CommandExecutor.new(
+              client: client,
+              logger: ::Kitchen::Terraform::DebugLogger.new(logger),
+            ),
+          )
+        end
+
         def parse_outputs(json_outputs:)
           logger.warn "Parsing the Terraform output variables as JSON..."
           outputs_parser.parse json_outputs: json_outputs do |parsed_outputs:|

data/lib/kitchen/terraform/raise/action_failed.rb

@@ -19,31 +19,31 @@ require "kitchen"
 module Kitchen
   module Terraform
     module Raise
-    # ActionFailed is the class of objects which handle errors resulting in failed actions.
-    class ActionFailed
-      # #call logs an error message and raises an error with the message.
-      #
-      # @param message [String] the error message.
-      # @raise [Kitchen::ActionFailed]
-      # @return [void]
-      def call(message:)
-        logger.error message
+      # ActionFailed is the class of objects which handle errors resulting in failed actions.
+      class ActionFailed
+        # #call logs an error message and raises an error with the message.
+        #
+        # @param message [String] the error message.
+        # @raise [Kitchen::ActionFailed]
+        # @return [void]
+        def call(message:)
+          logger.error message
 
-        raise ::Kitchen::ActionFailed, message
-      end
+          raise ::Kitchen::ActionFailed, message
+        end
 
-      # #initialize prepares a new instance of the class.
-      #
-      # @param logger [Kitchen::Logger] a logger to log messages.
-      # @return [Kitchen::Terraform::ActionFailed]
-      def initialize(logger:)
-        self.logger = logger
-      end
+        # #initialize prepares a new instance of the class.
+        #
+        # @param logger [Kitchen::Logger] a logger to log messages.
+        # @return [Kitchen::Terraform::ActionFailed]
+        def initialize(logger:)
+          self.logger = logger
+        end
 
-      private
+        private
 
-      attr_accessor :logger
+        attr_accessor :logger
+      end
     end
   end
 end
-end

data/lib/kitchen/terraform/system.rb

@@ -46,7 +46,6 @@ module Kitchen
         self.hosts = configuration_attributes.fetch :hosts do
           []
         end.dup
-        self.inspec_options_factory = ::Kitchen::Terraform::InSpecOptionsFactory.new
         self.logger = logger
       end
 
@@ -72,17 +71,20 @@ module Kitchen
 
       private
 
-      attr_accessor :attrs, :attrs_outputs, :configuration_attributes, :hosts, :inspec_options_factory, :logger
+      attr_accessor :attrs, :attrs_outputs, :configuration_attributes, :hosts, :logger
 
-      def execute_inspec_runner(fail_fast:)
+      def execute_inspec_runner(fail_fast:, options:)
         ::Kitchen::Terraform::InSpecFactory.new(fail_fast: fail_fast, hosts: hosts).build(
-          options: inspec_options,
+          options: options,
           profile_locations: configuration_attributes.fetch(:profile_locations),
         ).exec
       end
 
-      def inspec_options
-        inspec_options_factory.build attributes: attrs, system_configuration_attributes: configuration_attributes
+      def inspec_options(outputs:)
+        ::Kitchen::Terraform::InSpecOptionsFactory.new(outputs: outputs).build(
+          attributes: attrs,
+          system_configuration_attributes: configuration_attributes,
+        )
       end
 
       def resolve(outputs:, variables:)
@@ -102,7 +104,7 @@ module Kitchen
       def resolve_and_execute(fail_fast:, outputs:, variables:)
         logger.warn "Verifying the '#{self}' system..."
         resolve outputs: outputs, variables: variables
-        execute_inspec_runner fail_fast: fail_fast
+        execute_inspec_runner fail_fast: fail_fast, options: inspec_options(outputs: outputs)
         logger.warn "Finished verifying the '#{self}' system."
       end
     end

data/lib/kitchen/terraform/system_bastion_host_resolver.rb

@@ -0,0 +1,72 @@
+# frozen_string_literal: true
+
+# Copyright 2016-2019 New Context, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "kitchen"
+
+module Kitchen
+  module Terraform
+    # SystemBastionHostResolver is the class of objects which resolve a bastion host of a system which may be either
+    # dynamically obtained from a Terraform output variable or statically defined.
+    class SystemBastionHostResolver
+      # #initialize prepares a new instance of the class.
+      #
+      # @param outputs [Hash] a map of Terraform output variables.
+      # @return [Kitchen::Terraform::SystemBastionHostResolver]
+      def initialize(outputs:)
+        self.outputs = Hash[outputs]
+      end
+
+      # #resolve resolves a bastion host from either the specified Terraform output or the static value.
+      #
+      # @param bastion_host [String] a statically defined host.
+      # @param bastion_host_output [String] the name of the Terraform output which contains a bastion host.
+      # @yieldparam bastion_host [String] the bastion host.
+      # @raise [Kitchen::ClientError] if the specified Terraform output is not found.
+      # @return [self]
+      def resolve(bastion_host:, bastion_host_output:)
+        if !bastion_host.empty?
+          yield bastion_host: bastion_host
+        elsif !bastion_host_output.empty?
+          yield bastion_host: resolved_output(bastion_host_output: bastion_host_output).fetch(:value)
+        end
+
+        self
+      rescue ::KeyError
+        raise(
+          ::Kitchen::ClientError,
+          "Resolving the system bastion host failed due to the absence of the 'value' key from the " \
+          "'#{bastion_host_output}' Terraform output of the Kitchen instance state. This error indicates that the " \
+          "output format of `terraform output -json` is unexpected."
+        )
+      end
+
+      private
+
+      attr_accessor :outputs
+
+      def resolved_output(bastion_host_output:)
+        outputs.fetch bastion_host_output.to_sym
+      rescue ::KeyError
+        raise(
+          ::Kitchen::ClientError,
+          "Resolving the system bastion host failed due to the absence of the '#{bastion_host_output}' key from the " \
+          "Terraform outputs of the Kitchen instance state. This error indicates either that `kitchen converge` must " \
+          "be executed again to update the Terraform outputs or that the wrong key was provided."
+        )
+      end
+    end
+  end
+end

data/lib/kitchen/terraform/system_inspec_map.rb

@@ -21,7 +21,6 @@ module Kitchen
       attrs: :input_file,
       backend_cache: :backend_cache,
       backend: :backend,
-      bastion_host: :bastion_host,
       bastion_port: :bastion_port,
       bastion_user: :bastion_user,
       color: "color",

data/lib/kitchen/terraform/version.rb

@@ -71,7 +71,7 @@ module Kitchen
 
         # @api private
         def value
-          self.value = ::Gem::Version.new "5.2.0" if not @value
+          self.value = ::Gem::Version.new "5.3.0" if not @value
           @value
         end
 

data/lib/kitchen/verifier/terraform.rb

@@ -183,9 +183,9 @@ module Kitchen
       end
 
       def verify_systems
-        logger.banner "Starting verification of the systems."
+        logger.warn "Verifying the systems..."
         systems_verifier.verify outputs: outputs, variables: variables
-        logger.banner "Finished verification of the systems."
+        logger.warn "Finished verifying the systems."
       end
     end
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: kitchen-terraform
 version: !ruby/object:Gem::Version
-  version: 5.2.0
+  version: 5.3.0
 platform: ruby
 authors:
 - Aaron Lane
@@ -61,7 +61,7 @@ cert_chain:
   JH4yGDzVEYaZHaohSDcYuGLK6OQylPu7oM75S+TNLWseDIT8bWgQk6NelVjtQQ2Q
   XSbgfu863jyey/0qO01cUo3+iTqzl85cWg==
   -----END CERTIFICATE-----
-date: 2020-02-28 00:00:00.000000000 Z
+date: 2020-03-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -508,6 +508,7 @@ files:
 - lib/kitchen/terraform/system.rb
 - lib/kitchen/terraform/system_attrs_inputs_resolver.rb
 - lib/kitchen/terraform/system_attrs_outputs_resolver.rb
+- lib/kitchen/terraform/system_bastion_host_resolver.rb
 - lib/kitchen/terraform/system_hosts_resolver.rb
 - lib/kitchen/terraform/system_inspec_map.rb
 - lib/kitchen/terraform/systems_verifier.rb