simp-beaker-helpers 1.12.1 → 1.13.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f08b36ddb74853e6b412100826f8ff3861bc9167a7fefb19846242adc0c8cb9a
-  data.tar.gz: 410c4055452b3fd33bb9f3fdc3182e7b4eff62a6c952db740957c244b40265c0
+  metadata.gz: b9229a2699ed6767059dee0f1b835dece7284420aabc219a0f195f6b9d0d0622
+  data.tar.gz: 99f9de96732cd0e07f02fc29c1af20fc6390bf67a55d22046eb93f836b8a377c
 SHA512:
-  metadata.gz: 6057883981b6554084ede31a5a718651fceedaee87a4bfc94f5c6e77c3580cbf4e5bb2f5da5ffb9831cbc5d3fe143849de6dab9ec5278e7352e27dd9148f12a6
-  data.tar.gz: c9cf815d91e0c3e750bdc4046c160ec7fb492181accf2f95230f15b29dd123b0f79eff396b8e694c9e1bc47360bd82e099da9cd72992beebebb24e6f3f6d1616
+  metadata.gz: 2289cd0e1bff87e03cad29ee5f36d0f609b2ee2d0ccdff5101a22e5df5ba26a21b44e79d9bb228607d670e51a6c55dfad57d149179844cece4edbfdfc46fcbd7
+  data.tar.gz: 84557eec4604ec94fec37c4a47415fdba716ccbc5c2c7d92f5d6f1e87f63774c9a6004006541aa58ed8f441ca3e8a86094c2892d90d3716b1a173e21bde1302f

data/.gitlab-ci.yml

@@ -1,120 +1,166 @@
 ---
-#=======================================================================
-# Global stuff
+.cache_bundler: &cache_bundler
+  cache:
+    untracked: true
+    # A broad attempt at caching between runs (ala Travis CI)
+    key: "${CI_PROJECT_NAMESPACE}__bundler"
+    paths:
+      - '.vendor'
+      - 'vendor'
+
+.setup_bundler_env: &setup_bundler_env
+  before_script:
+    - 'echo Files in cache: $(find .vendor | wc -l) || :'
+    - 'export GEM_HOME=.vendor/gem_install'
+    - 'export BUNDLE_CACHE_PATH=.vendor/bundler'
+    - 'declare GEM_BUNDLER_VER=(-v ''~> ${BUNDLER_VERSION:-1.16.0}'')'
+    - declare GEM_INSTALL=(gem install --no-document)
+    - declare BUNDLER_INSTALL=(bundle install --no-binstubs --jobs $(nproc) --path=.vendor "${FLAGS[@]}")
+    - gem list -ie "${GEM_BUNDLE_VER[@]}" --silent bundler || "${GEM_INSTALL[@]}" --local "${GEM_BUNDLE_VER[@]}" bundler || "${GEM_INSTALL[@]}" "${GEM_BUNDLE_VER[@]}" bundler
+    - 'rm -rf pkg/ || :'
+    - bundle check || rm -f Gemfile.lock && ("${BUNDLER_INSTALL[@]}" --local || "${BUNDLER_INSTALL[@]}")
+
+
+.validation_checks: &validation_checks
+  script:
+    - bundle exec rake syntax
+    - bundle exec rake check:dot_underscore
+    - bundle exec rake check:test_file
+    - bundle exec rake lint
+    # - bundle exec rake pkg:check_version
+    # - bundle exec rake pkg:compare_latest_tag
+
+.spec_tests: &spec_tests
+  script:
+    - bundle exec rake spec
+
+# To avoid running a prohibitive number of tests every commit,
+# don't set this env var in your gitlab instance
+.only_with_SIMP_FULL_MATRIX: &only_with_SIMP_FULL_MATRIX
+  only:
+    variables:
+      - $SIMP_FULL_MATRIX
+
 stages:
-  - sanity
+  - validation
   - unit
-  - lint
   - acceptance
+  - deploy
+
+# Puppet 4.10 for PE 2017.2 support (EOL:2018-02-21)
+# See: https://puppet.com/misc/puppet-enterprise-lifecycle
+# --------------------------------------
+2_1-validation:
+  stage: validation
+  tags:
+    - docker
+  image: ruby:2.1
+  <<: *cache_bundler
+  <<: *setup_bundler_env
+  <<: *validation_checks
 
-# Default versions are set only as fallbacks for jobs that don't care which
-# version they use.  Versions should be explicitly set in any job with specific
-# version requirements, even if they match these defaults.
-image: 'ruby:2.4'
+2_1-unit:
+  stage: unit
+  tags:
+    - docker
+  image: ruby:2.1
+  <<: *cache_bundler
+  <<: *setup_bundler_env
+  <<: *spec_tests
 
-cache:
-  key: '${CI_COMMIT_REF_SLUG}'
-  paths:
-    - 'vendor/ruby'
+# Puppet 4.10 for PE 2017.2 support (EOL:2018-02-21)
+# See: https://puppet.com/misc/puppet-enterprise-lifecycle
+# --------------------------------------
+2_4-validation:
+  stage: validation
+  tags:
+    - docker
+  image: ruby:2.4
+  <<: *cache_bundler
+  <<: *setup_bundler_env
+  <<: *validation_checks
+
+2_4-unit:
+  stage: unit
+  tags:
+    - docker
+  image: ruby:2.4
+  <<: *cache_bundler
+  <<: *setup_bundler_env
+  <<: *spec_tests
 
-before_script:
-  - 'ruby -v'
-  - 'apt update && apt install -y rpm'
-  - 'bundle -v || gem install bundler'
-  - 'bundle config --local path vendor'
-  - 'rm -f Gemfile.lock'
-  - 'bundle install -j $(nproc) --no-binstubs'
 
 #=======================================================================
-# Anchors
+# Acceptance tests
+default:
+  stage: acceptance
+  tags:
+    - beaker
+  <<: *cache_bundler
+  <<: *setup_bundler_env
+  variables:
+    PUPPET_VERSION: '~> 4.10.10'
+  script:
+    - bundle exec rake spec_clean
+    - bundle exec rake beaker:suites[default]
 
-.acceptance_base: &acceptance_base
-  stage: 'acceptance'
-  tags: ['beaker']
-  cache:
-    policy: 'pull'
-  dependencies: []
-  artifacts:
-    when: 'always'
-    paths:
-      - 'Gemfile.lock'
-  retry: 1
+default-puppet5:
+  stage: acceptance
+  tags:
+    - beaker
+  <<: *cache_bundler
+  <<: *setup_bundler_env
+  variables:
+    PUPPET_VERSION: '~> 5.3'
+    BEAKER_PUPPET_COLLECTION: 'puppet5'
   script:
-    - 'bundle exec rake beaker:suites'
-
-# ----------------------------------------------------------------------
-# Version Matrix
-#
-# It would be too expensive, both in time and compute resources, to test
-# against every last version combination, so we restrict it to this subset.
-# Version sets are selected based on current support policies for major platform
-# software, such as Puppet and Ruby.  Namely, we use the version combinations
-# bundled in Puppet Enterprise.
-#
-# For more information see:
-#  * https://puppet.com/docs/pe/latest/overview/component_versions_in_recent_pe_releases.html
-#  * https://puppet.com/misc/puppet-enterprise-lifecycle
-#  * https://puppet.com/docs/pe/latest/overview/getting_support_for_pe.html#standard-releases-and-long-term-support-releases
-#
-# ----------------------------------------------
-# | Release | Puppet | Ruby | End-of-Life Date |
-# ----------|--------|------|------------------|
-# PE 2017.2   4.10     2.1    2018-02
-# PE 2017.3   5.3      2.4    2018-08
-# PE 2018.1   5.5      2.4    2020-05
-#
-
-.simp_6_1: &simp_6_1
+    - bundle exec rake spec_clean
+    - bundle exec rake beaker:suites[default]
+
+default-fips:
+  stage: acceptance
+  tags:
+    - beaker
+  <<: *cache_bundler
+  <<: *setup_bundler_env
   variables:
-    PUPPET_VERSION: '~> 4.10.4'
+    BEAKER_fips: 'yes'
+  script:
+    - bundle exec rake spec_clean
+    - bundle exec rake beaker:suites[default]
 
-#=======================================================================
-# Basic Sanity Checks
-#
-# Execute simple sanity checks on the environment before proceeding to more
-# resource-intensive jobs.  Besides running checks, this condenses the initial
-# cache generation into a single job for the later stages.  The first stage,
-# in particular, would otherwise suffer a heavy cache-miss penalty as its
-# jobs kick off in parallel.
-sanity_checks:
-  stage: 'sanity'
-  tags: ['docker']
+fips_from_fixtures:
+  stage: acceptance
+  tags:
+    - beaker
+  <<: *cache_bundler
+  <<: *setup_bundler_env
+  variables:
+    PUPPET_VERSION: '~> 5.3'
+    BEAKER_PUPPET_COLLECTION: 'puppet5'
   script:
-    - 'bundle exec rake check:dot_underscore'
-    - 'bundle exec rake check:test_file'
+    - bundle exec rake spec_clean
+    - bundle exec rake beaker:suites[fips_from_fixtures]
 
-tag_check:
-  stage: 'sanity'
-  only: ['tags']
-  tags: ['docker']
-  script: '[ "$CI_COMMIT_TAG" = "$MODULE_VERSION" ] || echo "ERROR: Tag does not match metadata version" && exit 1'
+puppet_collections:
+  stage: acceptance
+  tags:
+    - beaker
+  <<: *cache_bundler
+  <<: *setup_bundler_env
+  variables:
+    PUPPET_VERSION: '~> 5.3'
+    BEAKER_PUPPET_COLLECTION: 'puppet5'
+  script:
+    - bundle exec rake spec_clean
+    - bundle exec rake beaker:suites[puppet_collections]
 
-#=======================================================================
-# Unit Tests
-#
-unit:
-  stage: 'unit'
-  image: 'ruby:2.4.4'
-  tags: ['docker']
+windows:
+  stage: acceptance
+  tags:
+    - beaker
+  <<: *cache_bundler
+  <<: *setup_bundler_env
   script:
-    - 'bundle exec rake spec'
-  cache:
-    policy: 'pull'
-  dependencies: []
-  artifacts:
-    when: 'always'
-    paths:
-      - 'Gemfile.lock'
-
-# ==============================================================================
-# acceptance tests
-#
-el-simp_6_1-default:
-  <<: *acceptance_base
-  <<: *simp_6_1
-
-el-simp_6_1-default-fips:
-  <<: *acceptance_base
-  <<: *simp_6_1
-  variables:
-    BEAKER_fips: 'yes'
+    - bundle exec rake spec_clean
+    - bundle exec rake beaker:suites[windows]

data/.travis.yml

@@ -29,7 +29,7 @@ deploy:
       condition: "($SKIP_PUBLISH != true)"
   - provider: releases
     api_key:
-      secure: "RoQepMSpEzpTLgSYP1apB8AcKNMoumqe/emNg9lIu4T55t7fCPVZFmoTL2/VCjpGpBY3SL6PijSRelY6B1bri+6SFz/hlWhCQ8t1hodrEX23ieFBwWyLI7TFvrCjVejkJwaj7N2nYUQBv8YxScbRp4daFaDhrPJMrfqKZUlBBQ2KEUvqienOn7Tdt4OQ7/ThRXlhBm8OGjZfaKyWDyJykef+yC1scJrl8HA71XRHxho/iojTRPqJJCKW1QNmomVWAwK6ZEvb2WrD27yZN60wEcygdbmzKxlAXrfp13Ho+ir2GjRXJr1VKNPecFTDe21fDFMLZ5VxZgOJ7TWnhz2UAQIPjDTLzEMuJci7DDvRCWMJ17pYurm0OGAeKPWZbtf5PLYouKvnjNsfY8vy+Ip6MqmhiXqqLSO9XN/jgEVFPHj8pOj0DDq6PtTB8dNJj7g60Ak0Uj5iole4/ef1DHv803/t9J6IVqULmYZREqeTg24KkZLfTSEbkhYMGjbCZGaSAGhAFLAAjEDTM19/k50TXnNt5smn31Mqt45PULcrHP4+t6hM+IsX9w05aOlcvfwWiBm9nPlBPeRn59wZ64+T729i5wgkhFcHmYE/2Ql1Hvz5FebyxJQziyw6eRvCVASTtFEkuT+Noy3v4u3G4fQl/S2OeCP4v6Fs0wlImzFE1lA="
+      secure: "I41p4aqjkrNDHJhZ5gWC4gzn7BVwEYRm5Q3PAxQRSIUDB/QTVgNqZx8YptkuIvSGpw8kIywyZg3NKdzGUO8aJJ0NlXapL7e9qQIigkYhdaCZjZFG5zIxdOFs4sVoz/6vnQT9JIcGWy7uS5xiNOulGvfEWU78+e+I9yPdT74RApve5VAVT/km5lV5ldRnwwehLnTx+volUlnOD8rwfizoVLqFTrfRfr4cVMF605UYyaiVxHF50hywFRZoAdVcMEhlLQnQXfz/ZsLMJLJm9eCpjQ989N0oX6theSLCcv7QtHcWMXydjWMcpuTfBZSFrwUVbC23uMOKTJVEWq5LMG3m2L6hP3//2gvUzGhOVLvoGuC+erboB7QoXdcoOgXY+dTZPMcPBxpArdDLWVQSLTvPs05QzpaUdRLVMC/kD1d1EudlEicgkNgNDBhBn3089nVmvKndbKLvj+23a5AQVVbs+8C0x+SJvTc9N2N+bmuH7jIJPrEvWK4xwcQa+g2M/EBv05jaEdSErlVa6B6UKCH0Lea9rpy1se9vn5OzpaaMCCJIpcpQqHDjo0PMAQXBSbqjKcBei6lR5fIFl5UO9gWP1v8PGPuCzGTBivQ92XlgV1TWXmdbJHwIuSbJx3Ali7Wp19RR4E4uHC+TPFssvgkh9ZLkORnWWS35wzzU1LkwWx0="
     on:
       tags: true
       rvm: 2.4.4

data/CHANGELOG.md

@@ -1,3 +1,10 @@
+### 1.13.0 / 2018-11-09
+* Make the SSG reporting consistent with the InSpec reporting
+  * Thanks to Liz Nemsick for the original result processing code
+
+### 1.12.2 / 2018-10-25
+* Skip most of fix_errata_on on windows platforms
+
 ### 1.12.1 / 2018-10-24
 * Fall back to SSH file copies automatically when rsync does not work due to
   test cases that affect ssh directly and that will cause new sessions to fail.

data/Gemfile

@@ -15,8 +15,9 @@ gem 'rake'
 group :system_tests do
   gem 'beaker'
   gem 'beaker-rspec'
+  gem 'beaker-windows'
   gem 'net-ssh'
-  gem 'puppet', ENV.fetch('PUPPET_VERSION', '~> 4.0')
+  gem 'puppet', ENV.fetch('PUPPET_VERSION', '~> 5.0')
   gem 'puppetlabs_spec_helper'
   gem 'rubocop'
   gem 'rubocop-rspec'

data/lib/simp/beaker_helpers.rb

@@ -235,7 +235,13 @@ module Simp::BeakerHelpers
     puts '== configuring FIPS mode on SUTs'
     puts '  -- (use BEAKER_fips=no to disable)'
     parallel = (ENV['BEAKER_SIMP_parallel'] == 'yes')
+
     block_on(suts, :run_in_parallel => parallel) do |sut|
+      if sut[:platform] =~ /windows/
+        puts "  -- SKIPPING #{sut} because it is windows"
+        next
+      end
+
       puts "  -- enabling FIPS on '#{sut}'"
 
       # We need to use FIPS compliant algorithms and keylengths as per the FIPS
@@ -366,73 +372,82 @@ module Simp::BeakerHelpers
     end
   end
 
-  # Apply known OS fixes we need to run Beaker on each SUT
-  def fix_errata_on( suts = hosts )
-    parallel = (ENV['BEAKER_SIMP_parallel'] == 'yes')
-    block_on(suts, :run_in_parallel => parallel) do |sut|
-      # We need to be able to flip between server and client without issue
-      on sut, 'puppet resource group puppet gid=52'
-      on sut, 'puppet resource user puppet comment="Puppet" gid="52" uid="52" home="/var/lib/puppet" managehome=true'
-
-      # This may not exist in docker so just skip the whole thing
-      if sut.file_exist?('/etc/ssh')
-        # SIMP uses a central ssh key location so we prep that spot in case we
-        # flip to the SIMP SSH module.
-        on(sut, 'mkdir -p /etc/ssh/local_keys')
-        on(sut, 'chown -R root:root /etc/ssh/local_keys')
-        on(sut, 'chmod 755 /etc/ssh/local_keys')
-
-        user_info = on(sut, 'getent passwd').stdout.lines
-
-        cmd = []
-        # Hash of user => home_dir
-        # Exclude silly directories
-        #   * /
-        #   * /dev/*
-        #   * /s?bin
-        #   * /proc
-        user_info = Hash[
-          user_info.map do |u|
-            u.strip!
-            u = u.split(':')
-            u[5] =~ %r{^(/|/dev/.*|/s?bin/?.*|/proc/?.*)$} ? [nil] : [u[0], u[5]]
-          end
-        ]
+  def linux_errata( sut )
+    # We need to be able to flip between server and client without issue
+    on sut, 'puppet resource group puppet gid=52'
+    on sut, 'puppet resource user puppet comment="Puppet" gid="52" uid="52" home="/var/lib/puppet" managehome=true'
+    
+    # This may not exist in docker so just skip the whole thing
+    if sut.file_exist?('/etc/ssh')
+      # SIMP uses a central ssh key location so we prep that spot in case we
+      # flip to the SIMP SSH module.
+      on(sut, 'mkdir -p /etc/ssh/local_keys')
+      on(sut, 'chown -R root:root /etc/ssh/local_keys')
+      on(sut, 'chmod 755 /etc/ssh/local_keys')
+
+      user_info = on(sut, 'getent passwd').stdout.lines
+
+      cmd = []
+      # Hash of user => home_dir
+      # Exclude silly directories
+      #   * /
+      #   * /dev/*
+      #   * /s?bin
+      #   * /proc
+      user_info = Hash[
+        user_info.map do |u|
+          u.strip!
+          u = u.split(':')
+          u[5] =~ %r{^(/|/dev/.*|/s?bin/?.*|/proc/?.*)$} ? [nil] : [u[0], u[5]]
+        end
+      ]
 
-        user_info.keys.each do |user|
-          src_file = "#{user_info[user]}/.ssh/authorzed_keys"
-          tgt_file = "/etc/ssh/local_keys/#{user}"
+      user_info.keys.each do |user|
+        src_file = "#{user_info[user]}/.ssh/authorized_keys"
+        tgt_file = "/etc/ssh/local_keys/#{user}"
 
-          on(sut, %{if [ -f "#{src_file}" ]; then cp -a -f "#{src_file}" "#{tgt_file}" && chmod 644 "#{tgt_file}"; fi}, :silent => true)
-        end
+        on(sut, %{if [ -f "#{src_file}" ]; then cp -a -f "#{src_file}" "#{tgt_file}" && chmod 644 "#{tgt_file}"; fi}, :silent => true)
       end
+    end
+    
+    # SIMP uses structured facts, therefore stringify_facts must be disabled
+    unless ENV['BEAKER_stringify_facts'] == 'yes'
+      on sut, 'puppet config set stringify_facts false'
+    end
 
-      # SIMP uses structured facts, therefore stringify_facts must be disabled
-      unless ENV['BEAKER_stringify_facts'] == 'yes'
-        on sut, 'puppet config set stringify_facts false'
-      end
+    # Occasionally we run across something similar to BKR-561, so to ensure we
+    # at least have the host defaults:
+    #
+    # :hieradatadir is used as a canary here; it isn't the only missing key
+    unless sut.host_hash.key? :hieradatadir
+      configure_type_defaults_on(sut)
+    end
 
-      # Occasionally we run across something similar to BKR-561, so to ensure we
-      # at least have the host defaults:
-      #
-      # :hieradatadir is used as a canary here; it isn't the only missing key
-      unless sut.host_hash.key? :hieradatadir
-        configure_type_defaults_on(sut)
-      end
+    if fact_on(sut, 'osfamily') == 'RedHat'
+      enable_yum_repos_on(sut)
 
-      if fact_on(sut, 'osfamily') == 'RedHat'
-        enable_yum_repos_on(sut)
+      # net-tools required for netstat utility being used by be_listening
+      if fact_on(sut, 'operatingsystemmajrelease') == '7'
+        pp = <<-EOS
+          package { 'net-tools': ensure => installed }
+        EOS
+        apply_manifest_on(sut, pp, :catch_failures => false)
+      end
 
-        # net-tools required for netstat utility being used by be_listening
-        if fact_on(sut, 'operatingsystemmajrelease') == '7'
-          pp = <<-EOS
-            package { 'net-tools': ensure => installed }
-          EOS
-          apply_manifest_on(sut, pp, :catch_failures => false)
-        end
+      # Clean up YUM prior to starting our test runs.
+      on(sut, 'yum clean all')
+    end
+  end
 
-        # Clean up YUM prior to starting our test runs.
-        on(sut, 'yum clean all')
+  # Apply known OS fixes we need to run Beaker on each SUT
+  def fix_errata_on( suts = hosts )
+    parallel = (ENV['BEAKER_SIMP_parallel'] == 'yes')
+    block_on(suts, :run_in_parallel => parallel) do |sut|
+      if sut[:platform] =~ /windows/
+        puts "  -- SKIPPING #{sut} because it is windows"
+        # DO NOTHING
+      else
+        linux_errata(sut)
       end
     end
 
@@ -442,7 +457,6 @@ module Simp::BeakerHelpers
     end
   end
 
-
   # Generate a fake openssl CA + certs for each host on a given SUT
   #
   # The directory structure is the same as what FakeCA drops into keydist/
@@ -597,6 +611,11 @@ done
   def activate_interfaces(hosts)
     parallel = (ENV['BEAKER_SIMP_parallel'] == 'yes')
     block_on(hosts, :run_in_parallel => parallel) do |host|
+      if host[:platform] =~ /windows/
+        puts "  -- SKIPPING #{host} because it is windows"
+        next
+      end
+
       interfaces_fact = retry_on(host,'facter interfaces', verbose: true).stdout
 
       interfaces = interfaces_fact.strip.split(',')

data/lib/simp/beaker_helpers/inspec.rb

@@ -144,6 +144,8 @@ module Simp::BeakerHelpers
           :skipped    => [],
           :overridden => []
         },
+        :score    => 0,
+        :report   => nil,
         :profiles => {}
       }
 
@@ -188,14 +190,17 @@ module Simp::BeakerHelpers
 
             if status == /^fail/
               status = :failed
+              color = 'red'
             else
               status = :passed
+              color = 'green'
             end
           else
             status = :skipped
+            color = 'yellow'
           end
 
-          stats[:global][status] << title
+          stats[:global][status] << title.to_s.color
 
           stats[:profiles][profile_name][:controls][title][:status] = status
           stats[:profiles][profile_name][:controls][title][:source] = control['source_location']['ref']
@@ -261,6 +266,7 @@ module Simp::BeakerHelpers
 
       report << "\n Score: #{score}%"
 
+      stats[:score] = score
       stats[:report] = report.join("\n")
 
       return stats

data/lib/simp/beaker_helpers/ssg.rb

@@ -61,6 +61,16 @@ module Simp::BeakerHelpers
             'datastream'     => 'ssg-centos7-ds.xml'
           }
         }
+      },
+      'OracleLinux' => {
+        '7' => {
+          'required_packages' => EL_PACKAGES,
+          'ssg' => {
+            'profile_target' => 'ol7',
+            'build_target'   => 'ol7',
+            'datastream'     => 'ssg-ol7-ds.xml'
+          }
+        }
       }
     }
 
@@ -116,7 +126,7 @@ module Simp::BeakerHelpers
         cmd += ' --remediate'
       end
 
-      cmd += %( --profile #{profile} --results #{@result_file}.xml --report #{@result_file}.html #{OS_INFO[@os][@os_rel]['ssg']['datastream']})
+      cmd += %( --fetch-remote-resources --profile #{profile} --results #{@result_file}.xml --report #{@result_file}.html #{OS_INFO[@os][@os_rel]['ssg']['datastream']})
 
       # We accept all exit codes here because there have occasionally been
       # failures in the SSG content and we're not testing that.
@@ -131,6 +141,122 @@ module Simp::BeakerHelpers
       end
     end
 
+    # Output the report
+    #
+    # @param report
+    #   The results Hash
+    #
+    def write_report(report)
+      File.open(File.join(@output_dir, @result_file) + '.report', 'w') do |fh|
+        fh.puts(report[:report].uncolor)
+      end
+    end
+
+    # Retrieve a subset of test results based on a match to
+    # filter
+    #
+    # FIXME:
+    # - This is a hack! Should be searching for rules based on a set
+    #   set of STIG ids, but don't see those ids in the oscap results xml.
+    #   Further mapping is required...
+    # - Create the same report structure as inspec
+    def process_ssg_results(filter=nil)
+      self.class.process_ssg_results(File.join(@output_dir, @result_file) + '.xml', filter)
+    end
+
+    # Process the results of an SSG run
+    #
+    # @return [Hash] A Hash of statistics and a formatted report
+    #
+    def self.process_ssg_results(result_file, filter=nil)
+      require 'highline'
+      require 'nokogiri'
+
+      HighLine.colorize_strings
+
+      fail("Could not find results XML file '#{result_file}'") unless File.exist?(result_file)
+
+      puts "Processing #{result_file}"
+      doc = Nokogiri::XML(File.open(result_file))
+
+      # because I'm lazy
+      doc.remove_namespaces!
+
+      if filter
+        # XPATH to get the pertinent test results:
+        #   Any node named 'rule-result' for which the attribute 'idref'
+        #   contains filter
+        result_nodes = doc.xpath("//rule-result[contains(@idref,'#{filter}')]")
+      else
+        result_nodes = doc.xpath('//rule-result')
+      end
+
+      stats = {
+        :failed  => [],
+        :passed  => [],
+        :skipped => [],
+        :filter  => filter.nil? ? 'No Filter' : filter,
+        :report  => nil,
+        :score   => 0
+      }
+
+      result_nodes.each do |rule_result|
+        # Results are recorded in a child node named 'result'.
+        # Within the 'result' node, the actual result string is
+        # the content of that node's (only) child node.
+
+        result = rule_result.element_children.at('result')
+        result_id = rule_result.attributes['idref'].value.to_s
+        result_value = [
+          'Title: ' + doc.xpath("//Rule[@id='#{result_id}']/title/text()").first.to_s,
+          '  ID: ' + result_id
+        ].join("\n")
+
+        if result.child.content == 'fail'
+          stats[:failed] << result_value.red
+        elsif result.child.content == 'pass'
+          stats[:passed] << result_value.green
+        else
+          stats[:skipped] << result_value.yellow
+        end
+      end
+
+      report = []
+
+      report << '== Skipped =='
+      report << stats[:skipped].join("\n")
+
+      report << '== Passed =='
+      report << stats[:passed].join("\n")
+
+      report << '== Failed =='
+      report << stats[:failed].join("\n")
+
+
+      report << 'OSCAP Statistics:'
+
+      if filter
+        report << "  * Used Filter: 'idref' ~= '#{stats[:filter]}'"
+      end
+
+      report << "  * Passed: #{stats[:passed].count.to_s.green}"
+      report << "  * Failed: #{stats[:failed].count.to_s.red}"
+      report << "  * Skipped: #{stats[:skipped].count.to_s.yellow}"
+
+      score = 0
+
+      if (stats[:passed].count + stats[:failed].count) > 0
+        score = ((stats[:passed].count.to_f/(stats[:passed].count + stats[:failed].count)) * 100.0).round(0)
+      end
+
+      report << "\n Score: #{score}%"
+
+      stats[:score]  = score
+      stats[:report] = report.join("\n")
+
+      return stats
+    end
+
     private
 
     def get_ssg_datastream

data/lib/simp/beaker_helpers/version.rb

@@ -1,5 +1,5 @@
 module Simp; end
 
 module Simp::BeakerHelpers
-  VERSION = '1.12.1'
+  VERSION = '1.13.0'
 end

data/simp-beaker-helpers.gemspec

@@ -25,6 +25,7 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency 'beaker-vagrant'              , '~> 0.5'
   s.add_runtime_dependency 'beaker-puppet_install_helper', '~> 0.9'
   s.add_runtime_dependency 'highline'                    , '~> 1.6'
+  s.add_runtime_dependency 'nokogiri'                    , '~> 1.8'
 
   # Because net-telnet dropped support for Ruby < 2.3.0
   # TODO: Update this when we no longer support Ruby 2.1.9 (should be October 2018)

data/spec/acceptance/nodesets/default.yml

@@ -1,3 +1,10 @@
+<%
+  if ENV['BEAKER_HYPERVISOR']
+    hypervisor = ENV['BEAKER_HYPERVISOR']
+  else
+    hypervisor = 'vagrant'
+  end
+-%>
 HOSTS:
   server-el7:
     roles:
@@ -5,18 +12,21 @@ HOSTS:
       - default
       - master
       - el7
-    platform:   el-7-x86_64
-    box:        centos/7
-    hypervisor: vagrant
+    platform: el-7-x86_64
+    box: centos/7
+    hypervisor: <%= hypervisor %>
 
   server-el6:
     roles:
       - el6
-    platform:   el-6-x86_64
-    box:        centos/6
-    hypervisor: vagrant
+    platform: el-6-x86_64
+    box: centos/6
+    hypervisor: <%= hypervisor %>
 
 CONFIG:
   log_level: verbose
-  type:      aio
+  type: aio
   vagrant_memsize: 256
+<% if ENV['BEAKER_PUPPET_COLLECTION'] -%>
+  puppet_collection: <%= ENV['BEAKER_PUPPET_COLLECTION'] %>
+<% end -%>

data/spec/acceptance/suites/puppet_collections/nodesets/default.yml

@@ -1,3 +1,10 @@
+<%
+  if ENV['BEAKER_HYPERVISOR']
+    hypervisor = ENV['BEAKER_HYPERVISOR']
+  else
+    hypervisor = 'vagrant'
+  end
+-%>
 HOSTS:
   server-el7:
     roles:
@@ -5,19 +12,19 @@ HOSTS:
       - default
       - master
       - el7
-    platform:   el-7-x86_64
-    box:        centos/7
-    hypervisor: vagrant
+    platform: el-7-x86_64
+    box: centos/7
+    hypervisor: <%= hypervisor %>
 
   server-el6:
     roles:
       - el6
-    platform:   el-6-x86_64
-    box:        centos/6
-    hypervisor: vagrant
+    platform: el-6-x86_64
+    box: centos/6
+    hypervisor: <%= hypervisor %>
 
 CONFIG:
   log_level: verbose
-  type:      aio
+  type: aio
   puppet_collection: puppet5
   vagrant_memsize: 256

data/spec/acceptance/suites/windows/00_default_spec.rb

@@ -0,0 +1,103 @@
+require 'tmpdir'
+require 'yaml'
+require 'openssl'
+require 'beaker-rspec'
+require 'simp/beaker_helpers'
+include Simp::BeakerHelpers
+
+require 'beaker/puppet_install_helper'
+require 'beaker-windows'
+include BeakerWindows::Path
+include BeakerWindows::Powershell
+include BeakerWindows::Registry
+include BeakerWindows::WindowsFeature
+
+unless ENV['BEAKER_provision'] == 'no'
+  hosts.each do |host|
+    # Install Puppet
+    if host.is_pe?
+      install_pe
+    else
+      install_puppet
+    end
+  end
+end
+
+hosts.each do |host|
+  # https://petersouter.co.uk/testing-windows-puppet-with-beaker/
+  case host['platform']
+  when /windows/
+    GEOTRUST_GLOBAL_CA = <<-EOM.freeze
+-----BEGIN CERTIFICATE-----
+MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
+MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
+YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
+EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
+R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
+9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
+fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
+iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
+1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
+MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
+ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
+uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
+Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
+tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
+PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
+hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
+5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
+-----END CERTIFICATE-----
+    EOM
+    install_cert_on_windows(host, 'geotrustglobal', GEOTRUST_GLOBAL_CA)
+  end
+end
+
+
+RSpec.configure do |c|
+  # ensure that environment OS is ready on each host
+  fix_errata_on(hosts)
+
+  # Readable test descriptions
+  c.formatter = :documentation
+
+  # Configure all nodes in nodeset
+  c.before :suite do
+    begin
+      nonwin = hosts.dup
+      nonwin.delete_if {|h| h[:platform] =~ /windows/ }
+      # Install modules and dependencies from spec/fixtures/modules
+      copy_fixture_modules_to( nonwin )
+      begin
+        server = only_host_with_role(nonwin, 'server')
+      rescue ArgumentError => e
+        server = only_host_with_role(nonwin, 'default')
+      end
+      # Generate and install PKI certificates on each SUT
+      Dir.mktmpdir do |cert_dir|
+        run_fake_pki_ca_on(server, nonwin, cert_dir )
+        nonwin.each{ |sut| copy_pki_to( sut, cert_dir, '/etc/pki/simp-testing' )}
+      end
+
+      # add PKI keys
+      copy_keydist_to(server)
+    rescue StandardError, ScriptError => e
+      if ENV['PRY']
+        require 'pry'; binding.pry
+      else
+        raise e
+      end
+    end
+  end
+end
+
+
+hosts.each do |host|
+  describe 'windows hosts coexising with linux hosts' do
+    context "on #{host}" do
+      it 'should have puppet installed' do
+        on(host, 'puppet --version')
+      end
+    end
+  end
+end

data/spec/acceptance/suites/windows/metadata.yml

@@ -0,0 +1,2 @@
+---
+'default_run': true

data/spec/acceptance/suites/windows/nodesets/default.yml

@@ -0,0 +1,40 @@
+<%
+  if ENV['BEAKER_HYPERVISOR']
+    hypervisor = ENV['BEAKER_HYPERVISOR']
+  else
+    hypervisor = 'vagrant'
+  end
+-%>
+HOSTS:
+  win:
+    roles:
+      - windows
+      - ad
+    platform: windows-server-amd64
+    box: opentable/win-2012r2-standard-amd64-nocm # VBOX ONLY
+    hypervisor: <%= hypervisor %>
+    vagrant_memsize: 2048
+    vagrant_cpus: 2
+    user: vagrant
+    communicator: winrm
+    is_cygwin: false
+  centos7:
+    roles:
+      - default
+      - client
+    platform: el-7-x86_64
+    box: centos/7
+    hypervisor: <%= hypervisor %>
+  centos6:
+    roles:
+      - client
+    platform: el-6-x86_64
+    box: centos/6
+    hypervisor: <%= hypervisor %>
+CONFIG:
+  log_level: verbose
+  type: aio
+  vagrant_memsize: 256
+<% if ENV['BEAKER_PUPPET_ENVIRONMENT'] -%>
+  puppet_environment: <%= ENV['BEAKER_PUPPET_ENVIRONMENT'] %>
+<% end -%>

data/spec/lib/simp/beaker_helpers_spec.rb

@@ -80,11 +80,11 @@ describe 'Simp::BeakerHelpers' do
 
       # this logic won't work properly without code changes that just aren't worth it because
       # Puppet 4 is MD soon....
-      it "maps to appropriate Puppet version when '<' operator specified in version" do
-        pending 'fails because matches 4.x table'
-        allow(@helper).to receive(:`).with('gem search -ra -e puppet').and_return(gem_search_results)
-        expect( @helper.latest_puppet_agent_version_for('< 5.5') ).to match /5.4.0/
-      end
+      # it "maps to appropriate Puppet version when '<' operator specified in version" do
+      #   pending 'fails because matches 4.x table'
+      #   allow(@helper).to receive(:`).with('gem search -ra -e puppet').and_return(gem_search_results)
+      #   expect( @helper.latest_puppet_agent_version_for('< 5.5') ).to match /5.4.0/
+      # end
 
       it "maps to appropriate Puppet version when comma-separated operators specified in version" do
         allow(@helper).to receive(:`).with('gem search -ra -e puppet').and_return(gem_search_results)

data/spec/spec_helper_acceptance.rb

@@ -22,19 +22,4 @@ RSpec.configure do |c|
 
   # Readable test descriptions
   c.formatter = :documentation
-
-  # Configure all nodes in nodeset
-  c.before :suite do
-    begin
-      # Install modules and dependencies from spec/fixtures/modules
-      copy_fixture_modules_to( hosts )
-      STDOUT.flush
-    rescue StandardError, ScriptError => e
-      if ENV['PRY']
-        require 'pry'; binding.pry
-      else
-        raise e
-      end
-    end
-  end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: simp-beaker-helpers
 version: !ruby/object:Gem::Version
-  version: 1.12.1
+  version: 1.13.0
 platform: ruby
 authors:
 - Chris Tessmer
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-10-24 00:00:00.000000000 Z
+date: 2018-11-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: beaker
@@ -109,6 +109,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.6'
+- !ruby/object:Gem::Dependency
+  name: nokogiri
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
 - !ruby/object:Gem::Dependency
   name: net-telnet
   requirement: !ruby/object:Gem::Requirement
@@ -137,8 +151,7 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 0.57.2
-description: |2
-      Beaker helper methods to help scaffold SIMP acceptance tests
+description: "    Beaker helper methods to help scaffold SIMP acceptance tests\n"
 email: simp@simp-project.org
 executables: []
 extensions: []
@@ -180,6 +193,9 @@ files:
 - spec/acceptance/suites/puppet_collections/00_default_spec.rb
 - spec/acceptance/suites/puppet_collections/metadata.yml
 - spec/acceptance/suites/puppet_collections/nodesets/default.yml
+- spec/acceptance/suites/windows/00_default_spec.rb
+- spec/acceptance/suites/windows/metadata.yml
+- spec/acceptance/suites/windows/nodesets/default.yml
 - spec/lib/simp/beaker_helpers_spec.rb
 - spec/spec_helper.rb
 - spec/spec_helper_acceptance.rb