sfn-serverspec 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 3b8afe3d9e73b49ff634ee667f86b20e64ee3d7b
+  data.tar.gz: d99d8bc34c182d9e732b62eb190035ca472195e7
+SHA512:
+  metadata.gz: 9beffad9fb727f1fd25a4429d52ffe04b9859f4cfbd5c0c0c68d2da706f35fe7c7b03873f1642fa8d742670538e792c19b5caeb2e4f391db26899809ed8e48a4
+  data.tar.gz: 2271aac2052a33acd71c7cf9539fec2d26f9449c25af33636a4efb69d357f575c5242a22ff39096a7453f1b5103e3ae830e11123d1e34d99174855cd2c3a8b0c

data/CHANGELOG.md

@@ -0,0 +1,2 @@
+# v0.1.0
+* Initial release

data/LICENSE

@@ -0,0 +1,13 @@
+   Copyright 2015 Heavy Water Operations LLC.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

data/README.md

@@ -0,0 +1,79 @@
+# SparkleFormation ServerSpec Callback
+
+sfn-serverspec is a [callback](http://www.sparkleformation.io/docs/sfn/callbacks.html) for [sfn](https://github.com/sparkleformation/sfn) which executes [Serverspec](http://serverspec.org) assertions against stack compute resources after successful stack creation.
+
+## Usage
+
+### Enable
+
+Callbacks are configured via the `.sfn` configuration file. First, the callback must be enabled:
+
+```ruby
+Configuration.new do
+  callbacks do
+    require ['sfn-serverspec']
+    default ['serverspec_validator']
+  end
+end
+```
+
+### Configure
+
+Some configuration of callback behavior is available via the `.sfn` file:
+
+```ruby
+Configuration.new do
+  sfn_serverspec do
+    global_spec_patterns [File.join(Dir.pwd, 'spec/base/*_spec.rb')]
+    ssh_proxy_command 'ssh ec2-user@server.example.com nc %h %p'
+    ssh_user 'ubuntu'
+  end
+end
+```
+
+All of the following settings are optional:
+
+* `global_spec_patterns` - Array of strings specifying file paths for specs, defaults to `[]`
+* `ssh_proxy_command` - String passed as the [proxy command for remote SSH connection](http://continuousimprovement.me/code/2014/12/03/serverspec-behind-jump-server.html) to the target compute resource, defaults to `nil`
+* `ssh_user` - Username for remote SSH connection, defaults to `ec2-user`
+* `ssh_port` - Port for remote SSH connection, defaults to `22`
+* `ssh_key_paths` - Array of strings describing paths to one or more ssh private keys, defaults to `[]`
+* `ssh_key_passphrase` - String used as passphrase for any encrypted ssh private keys defined in `ssh_key_paths`, defaults to `nil`
+
+Additional configuration may be provided in a SparkleFormation template at the resource level:
+
+```ruby
+resources(:my_cool_app_asg) do
+  type 'AWS::AutoScaling::AutoScalingGroup'
+  properties do
+    # ...
+  end
+  serverspec do
+    spec_patterns [File.join(Dir.pwd, '../spec/my_cool_app/*_spec.rb')]
+  end
+end
+```
+
+For each resource with a `serverspec` block defined, the resource-level value of `spec_patterns` is combined with the value of `global_spec_patterns` from the .sfn config file to yield a list of specs which will be executed against a given resource.
+
+The following configuration options specified at the resource level will override the same options specified in the .sfn config file:
+
+* `ssh_user`
+* `ssh_port`
+* `ssh_proxy_command`
+* `ssh_key_paths`
+* `ssh_key_passphrase`
+
+
+## Caveats
+
+Providing `serverspec` configuration on compute resources works in a manner similar to sfn's built-in Stack Policy callback. Specifically, the `serverspec` key and its contents are removed from the template during compile, cached by the callback and executed after completion of stack creation.
+
+As of this writing, the callback only processes Serverspec configuration on `AWS::AutoScaling::AutoScalingGroup` and `AWS::EC2::Instance` resources.
+
+Non-compute resources with `serverspec` configuration will not be processed by this callback, and will probably cause a validation error when trying to validate or create a stack from the template.
+
+## Info
+
+* Repository: [https://github.com/sparkleformation/sfn-serverspec](https://github.com/sparkleformation/sfn-serverspec)
+* IRC: Freenode @ #sparkleformation

data/lib/sfn-serverspec.rb

@@ -0,0 +1,2 @@
+require 'sfn-serverspec/version'
+require 'sfn-serverspec/validator'

data/lib/sfn-serverspec/validator.rb

@@ -0,0 +1,183 @@
+require 'json'
+require 'net/ssh'
+require 'net/ssh/proxy/command'
+require 'rspec'
+require 'rspec/core/formatters/documentation_formatter'
+require 'serverspec'
+require 'sfn'
+
+module Sfn
+  # This is an sfn callback
+  class Callback
+    # Validate stack resources against Serverspec assertions
+    class ServerspecValidator < Callback
+      # @return [Smash] cached policies
+      attr_reader :policies
+
+      # Overload to init policy cache
+      #
+      # @return [self]
+      def initialize(*args)
+        super
+        @policies = Smash.new
+      end
+
+      def after_create(*args)
+        log = Logger.new(STDOUT)
+        log.level = Logger.const_get(
+          config.fetch(:sfn_serverspec, :log_level, :info).to_s.upcase
+        )
+
+        policies.each do |resource, r_config|
+          resource_config = r_config.dump!.to_smash(:snake)
+
+          ssh_proxy_command = resource_config.fetch(
+            :ssh_proxy_command,
+            config.fetch(:sfn_serverspec, :ssh_proxy_command, nil)
+          )
+
+          ssh_key_paths = [
+            resource_config.fetch(
+              :ssh_key_paths,
+              config.fetch(:sfn_serverspec, :ssh_key_paths, nil)
+            )
+          ].flatten.compact
+
+          ssh_key_passphrase = resource_config.fetch(
+            :ssh_key_passphrase,
+            config.fetch(:sfn_serverspec, :ssh_key_passphrase, nil)
+          )
+
+          instances = expand_compute_resource(args.first[:api_stack], resource)
+
+          instances.each do |instance|
+            target_host = case ssh_proxy_command.nil?
+                          when true
+                            instance.addresses_public.first.address
+                          when false
+                            instance.addresses_private.first.address
+                          end
+
+            begin
+              rspec_config = RSpec.configuration
+              rspec_config.reset
+              rspec_config.reset_filters
+              RSpec.world.reset
+
+              rspec_formatter = RSpec::Core::Formatters::DocumentationFormatter.new(
+                rspec_config.output_stream
+              )
+
+              rspec_reporter = RSpec::Core::Reporter.new(rspec_config)
+
+              rspec_config.instance_variable_set(:@reporter, rspec_reporter)
+              rspec_loader = rspec_config.send(:formatter_loader)
+              rspec_notifications = rspec_loader.send(
+                :notifications_for,
+                RSpec::Core::Formatters::DocumentationFormatter
+              )
+              rspec_reporter.register_listener(
+                rspec_formatter,
+                *rspec_notifications
+              )
+
+              global_specs = [
+                config.fetch(:sfn_serverspec, :global_spec_patterns, [])
+              ].flatten.compact
+
+              resource_specs = [
+                resource_config.fetch(:spec_patterns, [])
+              ].flatten.compact
+
+              spec_patterns = global_specs + resource_specs
+
+              log.debug "spec loading patterns: #{spec_patterns.inspect}"
+              log.debug "using SSH proxy commmand #{ssh_proxy_command}" unless ssh_proxy_command.nil?
+              log.info "running specs against #{target_host}"
+
+              Specinfra.configuration.backend :ssh
+              Specinfra.configuration.request_pty true
+              Specinfra.configuration.host target_host
+
+              connection_options = {
+                user: resource_config.fetch(
+                  :ssh_user,
+                  config.fetch(:sfn_serverspec, :ssh_user, 'ec2-user')
+                ),
+                port: resource_config.fetch(
+                  :ssh_port,
+                  config.fetch(:sfn_serverspec, :ssh_port, 22)
+                )
+              }
+
+              unless ssh_proxy_command.nil?
+                connection_options[:proxy] = Net::SSH::Proxy::Command.new(ssh_proxy_command)
+                log.debug "using ssh proxy command: #{ssh_proxy_command}"
+              end
+
+              unless ssh_key_paths.empty?
+                connection_options[:keys] = ssh_key_paths
+                log.debug "using ssh key paths #{connection_options[:keys]} exclusively"
+              end
+
+              unless ssh_key_passphrase.nil?
+                connection_options[:passphrase] = ssh_key_passphrase
+              end
+
+              Specinfra.configuration.ssh_options connection_options
+
+              RSpec::Core::Runner.run(spec_patterns.map { |p| Dir.glob(p) })
+
+            rescue => e
+              log.error "Something unexpected happened when running rspec: #{e.inspect}"
+            end
+          end
+        end
+      end
+    end
+
+    COMPUTE_RESOURCE_TYPES = ['AWS::EC2::Instance', 'AWS::AutoScaling::AutoScalingGroup']
+
+    # Generate policy for stack, collate policies in cache
+    #
+    # @return [nil]
+    def template(info)
+      compiled_stack = info[:sparkle_stack].compile
+
+      compiled_stack.resources.keys!.each do |r|
+        r_object = compiled_stack.resources[r]
+        if COMPUTE_RESOURCE_TYPES.include?(r_object['Type']) && r_object['Serverspec']
+          @policies.set(r, r_object.delete!('Serverspec'))
+        end
+      end
+    end
+
+    private
+
+    # look up stack resource by name, return array of expanded compute instances
+    #
+    # @param stack [Miasma::Models::Orchestration::Stack]
+    # @param name [String]
+    # @return [Array<Miasma::Models::Compute::Server>]
+    def expand_compute_resource(stack, name)
+      compute_resource = stack.resources.all.detect do |resource|
+        resource.logical_id == name
+      end
+
+      if compute_resource.within?(:compute, :server)
+        [compute_resource.instance.expand]
+      else
+        compute_resource.expand.servers.map(&:expand)
+      end
+    end
+  end
+end
+
+# Override the `#set` method provided by Serverspec to ensure any
+# `spec_helper.rb` files do not clobber our configuration setup
+
+alias :serverspec_set :set
+
+def set(*args)
+  serverspec_set(args.first)
+end

data/lib/sfn-serverspec/version.rb

@@ -0,0 +1,5 @@
+# SfnServerspec internal constants
+module SfnServerspec
+  # Current version
+  VERSION = Gem::Version.new('0.1.0')
+end

data/sfn-serverspec.gemspec

@@ -0,0 +1,18 @@
+$LOAD_PATH.unshift File.expand_path(File.dirname(__FILE__)) + '/lib/'
+require 'sfn-serverspec/version'
+Gem::Specification.new do |s|
+  s.name = 'sfn-serverspec'
+  s.version = SfnServerspec::VERSION.version
+  s.summary = 'Executes Serverspec assertions against stack compute resources'
+  s.author = 'Heavy Water Operations'
+  s.email = 'support@heavywater.io'
+  s.homepage = 'http://github.com/sparkleformation/sfn-serverspec'
+  s.description = 'Executes Serverspec assertions against stack compute resources'
+  s.license = 'Apache-2.0'
+  s.require_path = 'lib'
+  s.add_runtime_dependency 'sfn', '>= 1.0.0', '< 2.0'
+  s.add_runtime_dependency 'serverspec', '~> 2.24'
+  s.add_development_dependency 'rake'
+  s.add_development_dependency 'rubocop', '~> 0.35.0'
+  s.files = Dir['{lib,bin,docs}/**/*'] + %w(sfn-serverspec.gemspec README.md CHANGELOG.md LICENSE)
+end

metadata

@@ -0,0 +1,113 @@
+--- !ruby/object:Gem::Specification
+name: sfn-serverspec
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Heavy Water Operations
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-12-30 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: sfn
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: serverspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.24'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.24'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.35.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.35.0
+description: Executes Serverspec assertions against stack compute resources
+email: support@heavywater.io
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- LICENSE
+- README.md
+- lib/sfn-serverspec.rb
+- lib/sfn-serverspec/validator.rb
+- lib/sfn-serverspec/version.rb
+- sfn-serverspec.gemspec
+homepage: http://github.com/sparkleformation/sfn-serverspec
+licenses:
+- Apache-2.0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.8
+signing_key: 
+specification_version: 4
+summary: Executes Serverspec assertions against stack compute resources
+test_files: []
+has_rdoc: