simp-beaker-helpers 1.14.3 → 1.14.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ba93253298e41c596d16c45a60499e585a242fada303797e01d4ce6476c2b340
-  data.tar.gz: ac9c8518c54d380601c78bfa0e6916ef5cb0c368b1719ddb6bb33ed9e09f9aac
+  metadata.gz: ba5339c4600187e836c0c82d19171e7029cf0e54bb9a270782fcb386872008c4
+  data.tar.gz: fae18efeed173a2c5a6496ec56e739ab13ef1bb4160c742058800444bf3a7fe6
 SHA512:
-  metadata.gz: 5a928d8e06a885b8f22acb5ebfd31216d1b2053b1868fd97c20e58abe6ea89a6108fd43e82aefc8e5bdc48b582239d4bd1893b18bff68bc679e19fe2f5f4eeba
-  data.tar.gz: 4eb3da178ba7fd3fcc74ce0dc5346214f3133628dade8e96ad6dd93988ce40c983a26f79f5b0a25fa2d22237911eecdbfe49c44d85fa681a076ad7a20bb2dc3b
+  metadata.gz: dc4a6c9c5c7ee3f0ae60a434626af3929ff67f1bc55c7b6411b9f5d888fd975f8cd6a19ac79912562f97802c6dfba620b30511620bc11efb20e9fc23ae1b8473
+  data.tar.gz: 324893d60834b6ea71eb0804bd4c8c8a531f0a689ae1ac8283bef94f55a24e03c295c7e2c5812d12a5b55516195ba95947dab219a5641e45dac3ede37e027a5c

data/.gitlab-ci.yml

@@ -149,3 +149,15 @@ windows:
   script:
     - bundle exec rake spec_clean
     - bundle exec rake beaker:suites[windows]
+
+snapshot:
+  stage: acceptance
+  tags:
+    - beaker
+  <<: *cache_bundler
+  <<: *setup_bundler_env
+  variables:
+    BEAKER_simp_snapshot: 'yes'
+  script:
+    - bundle exec rake spec_clean
+    - bundle exec rake beaker:suites[snapshot]

data/.rspec

@@ -1,3 +1,4 @@
 --format documentation
+--fail-fast
 --color
 --order default

data/CHANGELOG.md

@@ -1,3 +1,6 @@
+### 1.14.4 / 2019-07-26
+* Bump the version of Highline to 2.0+ due to bugs in the latest 1.X series
+
 ### 1.14.3 / 2019-06-24
 * Add RPM-GPG-KEY-SIMP-6 to the SIMP dependencies repo created
   by install_simp_repo.

data/README.md

@@ -45,6 +45,14 @@ Methods to assist beaker acceptance tests for SIMP.
 * [Examples](#examples)
   * [Prep OS, Generate and copy PKI certs to each SUT](#prep-os-generate-and-copy-pki-certs-to-each-sut)
   * [Specify the version of Puppet to run in the SUTs](#specify-the-version-of-puppet-to-run-in-the-suts)
+* [Experimental Features](#experimental-features)
+  * [Snapshot Support](#snapshot-support)
+    * [Running Tests with Snapshots](#running-tests-with-snapshots)
+    * [Adding Snapshots to your Tests](#adding-snapshots-to-your-tests)
+      * [Taking a Snapshot](#taking-a-snapshot)
+      * [Base Snapshots](#base-snapshots)
+      * [Restoring a Snapshot](#restoring-a-snapshot)
+      * [Listing Snapshots](#listing-snapshots)
 * [License](#license)
 
 <!-- vim-markdown-toc -->
@@ -439,5 +447,73 @@ PUPPET_VERSION="5" bundle exec rake beaker:suites
 bundle exec rake beaker:suites
 ```
 
+## Experimental Features
+
+### Snapshot Support
+
+Rudimentary support for snapshotting VMs has been added. This currently only
+works for local `vagrant` systems and relies on the underlying `vagrant
+snapshot` command working for the underlying hypervisor. VirtualBox is highly
+recommended and `libvirt` is known to not work due to limitiations in
+`vagrant`.
+
+This was added to attempt to be able to restart tests from given checkpoints
+that encompass extremely long running test segments. This is particularly
+relevant when you are trying to set up a large support infrastructure but need
+to debug later stages of your tests over time.
+
+#### Running Tests with Snapshots
+
+To enable snapshots during your initial test runs, run your test as follows:
+
+```bash
+BEAKER_destroy=no BEAKER_simp_snapshot=yes rake beaker:suites
+```
+
+Then, on subsequent runs, run your test as follows:
+
+```bash
+BEAKER_provision=no BEAKER_destroy=no BEAKER_simp_snapshot=yes rake beaker:suites
+```
+#### Adding Snapshots to your Tests
+
+The following demonstrates the general idea behind using snapshots. Note, the
+decision to directly call the module methods was made to ensure that people
+knew explicitly when this capability was being called since it affects the
+underlying OS configuration.
+
+##### Taking a Snapshot
+
+`Simp::BeakerHelpers::Snapshot.save(sut, '<name of snapshot>')` will save a
+snapshot with the given name. If the snapshot already exists, it will be
+forceably overwritten.
+
+
+##### Base Snapshots
+
+Any time a snapshot is saved, if an initial base snapshot doesn't exist, one
+will be created. You can restore back to the base snapshot using
+`Simp::BeakerHelpers::Snapshot.restore_to_base(sut)`.
+
+These are specifically created to ensure that we don't run into issues with
+trying to remove the parent of all snapshots since some hypervisors do not
+allow this.
+
+##### Restoring a Snapshot
+
+`Simp::BeakerHelpers::Snapshot.restore(sut, '<name of snapshot>)` will restore
+to the named snapshot.
+
+Attempting to restore to a snapshot that doesn't exist is an error.
+
+##### Listing Snapshots
+
+`Simp::BeakerHelpers::Snapshot.list(sut)` will return an Array of all snapshot
+names for that system.
+
+`Simp::BeakerHelpers::Snapshot.exist?(sut, '<name of snapshot>')` will return a
+Boolean based on whether or not the snapshot with the given name is present on
+the system.
+
 ## License
 See [LICENSE](LICENSE)

data/lib/simp/beaker_helpers.rb

@@ -1,13 +1,16 @@
 require 'beaker-puppet'
+require 'bundler'
 
 module Simp; end
 
 module Simp::BeakerHelpers
   include BeakerPuppet
 
-  require 'simp/beaker_helpers/version'
+  require 'simp/beaker_helpers/constants'
   require 'simp/beaker_helpers/inspec'
+  require 'simp/beaker_helpers/snapshot'
   require 'simp/beaker_helpers/ssg'
+  require 'simp/beaker_helpers/version'
 
   # Stealing this from the Ruby 2.5 Dir::Tmpname workaround from Rails
   def self.tmpname
@@ -15,12 +18,6 @@ module Simp::BeakerHelpers
     "simp-beaker-helpers-#{t}-#{$$}-#{rand(0x100000000).to_s(36)}.tmp"
   end
 
-  # This is the *oldest* version that the latest release of SIMP supports
-  #
-  # This is done so that we know if some new thing that we're using breaks the
-  # oldest system that we support.
-  DEFAULT_PUPPET_AGENT_VERSION = '~> 5.0'
-
   # We can't cache this because it may change during a run
   def fips_enabled(sut)
     return on( sut,

data/lib/simp/beaker_helpers/constants.rb

@@ -0,0 +1,25 @@
+module Simp; end
+
+module Simp::BeakerHelpers
+  # This is the *oldest* puppet-agent version that the latest release of SIMP supports
+  #
+  # This is done so that we know if some new thing that we're using breaks the
+  # oldest system that we support
+  DEFAULT_PUPPET_AGENT_VERSION = '~> 5.0'
+
+  SSG_REPO_URL = ENV['BEAKER_ssg_repo'] || 'https://github.com/ComplianceAsCode/content.git'
+
+  if ['true','yes'].include?(ENV['BEAKER_online'])
+    ONLINE = true
+  elsif ['false','no'].include?(ENV['BEAKER_online'])
+    ONLINE = false
+  else
+    require 'open-uri'
+
+    begin
+      ONLINE = true if open('http://google.com')
+    rescue
+      ONLINE = false
+    end
+  end
+end

data/lib/simp/beaker_helpers/inspec.rb

@@ -1,4 +1,6 @@
 module Simp::BeakerHelpers
+  require 'simp/beaker_helpers/constants'
+
   # Helpers for working with Inspec
   class Inspec
 

data/lib/simp/beaker_helpers/snapshot.rb

@@ -0,0 +1,158 @@
+module Simp::BeakerHelpers
+  # Helpers for working with the SCAP Security Guide
+  class Snapshot
+    # The name of the base snapshot that is created if no snapshots currently exist
+    BASE_NAME = '_simp_beaker_base'
+
+    # Save a snapshot
+    #
+    # @param host [Beaker::Host]
+    #   The SUT to work on
+    #
+    # @param snapshot_name [String]
+    #   The string to add to the snapshot
+    #
+    def self.save(host, snapshot_name)
+      if enabled?
+        vdir = vagrant_dir(host)
+
+        if vdir
+          Dir.chdir(vdir) do
+            unless exist?(host, BASE_NAME)
+              save(host, BASE_NAME)
+            end
+
+            snap = "#{host.name}_#{snapshot_name}"
+
+            output = %x(vagrant snapshot save --force #{host.name} "#{snap}")
+
+            logger.notify(output)
+
+            retry_on(
+              host,
+              %(echo "saving snapshot '#{snap}'" > /dev/null),
+              :max_retries => 30,
+              :retry_interval => 1
+            )
+          end
+        end
+      end
+    end
+
+    # Whether or not a named snapshot exists
+    #
+    # @param host [Beaker::Host]
+    #   The SUT to work on
+    #
+    # @param snapshot_name [String]
+    #   The string to add to the snapshot
+    #
+    # @return [Boolean]
+    def self.exist?(host, name)
+      list(host).include?(name)
+    end
+
+    # List all snapshots for the given host
+    #
+    # @parma host [Beaker::Host]
+    #   The SUT to work on
+    #
+    # @return [Array[String]]
+    #   A list of snapshot names for the host
+    def self.list(host)
+      output = []
+      vdir = vagrant_dir(host)
+
+      if vdir
+        Dir.chdir(vdir) do
+          output = %x(vagrant snapshot list #{host.name}).lines
+          output.map! do |x|
+            x.split(/^#{host.name}_/).last.strip
+          end
+        end
+      end
+
+      output
+    end
+
+    # Restore a snapshot
+    #
+    # @param host [Beaker::Host]
+    #   The SUT to work on
+    #
+    # @param snapshot_name [String]
+    #   The name that was added to the snapshot
+    #
+    def self.restore(host, snapshot_name)
+      if enabled?
+        vdir = vagrant_dir(host)
+
+        if vdir
+          Dir.chdir(vdir) do
+            snap = "#{host.name}_#{snapshot_name}"
+
+            output = %x(vagrant snapshot restore #{host.name} "#{snap}" 2>&1)
+
+            if (output =~ /error/i) && (output =~ /child/)
+              raise output
+            end
+
+            if (output =~ /snapshot.*not found/)
+              raise output
+            end
+
+            logger.notify(output)
+
+            retry_on(
+              host,
+              %(echo "restoring snapshot '#{snap}'" > /dev/null),
+              :max_retries => 30,
+              :retry_interval => 1
+            )
+          end
+        end
+      end
+    end
+
+    # Restore all the way back to the base image
+    #
+    # @param host [Beaker::Host]
+    #   The SUT to work on
+    #
+    def self.restore_to_base(host)
+      if exist?(host, BASE_NAME)
+        restore(host, BASE_NAME)
+      else
+        save(host, BASE_NAME)
+      end
+    end
+
+    private
+
+    def self.enabled?
+      enabled = ENV['BEAKER_simp_snapshot'] == 'yes'
+
+      unless enabled
+        logger.warn('Snapshotting not enabled, set BEAKER_simp_snapshot=yes to enable')
+      end
+
+      return enabled
+    end
+
+    def self.vagrant_dir(host)
+      tgt_dir = nil
+
+      if host && host.options && host.options[:hosts_file]
+        vdir = File.join('.vagrant', 'beaker_vagrant_files', File.basename(host.options[:hosts_file]))
+
+        if File.directory?(vdir)
+          tgt_dir = vdir
+        else
+          logger.notify("Could not find local vagrant dir at #{vdir}")
+        end
+      end
+
+      return tgt_dir
+    end
+  end
+end

data/lib/simp/beaker_helpers/ssg.rb

@@ -1,10 +1,14 @@
 module Simp::BeakerHelpers
+  require 'simp/beaker_helpers/constants'
+
   # Helpers for working with the SCAP Security Guide
   class SSG
 
     if ENV['BEAKER_ssg_repo']
       GIT_REPO = ENV['BEAKER_ssg_repo']
     else
+      fail('You are offline: Set BEAKER_ssg_repo to point to the git repo that hosts the SSG content') unless ONLINE
+
       GIT_REPO = 'https://github.com/ComplianceAsCode/content.git'
     end
 

data/lib/simp/beaker_helpers/version.rb

@@ -1,5 +1,5 @@
 module Simp; end
 
 module Simp::BeakerHelpers
-  VERSION = '1.14.3'
+  VERSION = '1.14.4'
 end

data/simp-beaker-helpers.gemspec

@@ -24,7 +24,7 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency 'beaker-docker'               , '~> 0.3'
   s.add_runtime_dependency 'beaker-vagrant'              , '~> 0.5'
   s.add_runtime_dependency 'beaker-puppet_install_helper', '~> 0.9'
-  s.add_runtime_dependency 'highline'                    , '~> 1.6'
+  s.add_runtime_dependency 'highline'                    , '~> 2.0'
   s.add_runtime_dependency 'nokogiri'                    , '~> 1.8'
 
   # Because net-telnet dropped support for Ruby < 2.3.0

data/spec/acceptance/suites/offline/00_default_spec.rb

@@ -0,0 +1,165 @@
+require 'spec_helper_acceptance'
+
+describe 'Offline mode' do
+  hosts.each do |host|
+    context "on #{host}" do
+      let(:vagrant_version) { '2.2.5' }
+      let(:vagrant_rpm) { "https://releases.hashicorp.com/vagrant/#{vagrant_version}/vagrant_#{vagrant_version}_x86_64.rpm" }
+      let(:virtualbox_repo) { 'http://download.virtualbox.org/virtualbox/rpm/el/virtualbox.repo' }
+      let(:build_user) { 'build_user' }
+      let(:build_user_cmd) { "runuser #{build_user} -l -c" }
+
+      # Not sure if this is a QEMU thing with the image or something else
+      it 'works around a CentOS curl bug with libvirt' do
+        on(host, %(touch /etc/sysconfig/64bit_strstr_via_64bit_strstr_sse2_unaligned))
+      end
+
+      it 'adds the build user' do
+        on(host, %(useradd -b /home -G wheel -m -c "Build User" -s /bin/bash -U #{build_user}))
+
+        # Allow the build user to perform privileged operations
+        on(host, %(echo 'Defaults:build_user !requiretty' >> /etc/sudoers))
+      end
+
+      it 'installs required packages' do
+        host.install_package('epel-release')
+
+        required_packages = [
+          'augeas-devel',
+          'autoconf',
+          'automake',
+          'bison',
+          'createrepo',
+          'curl',
+          'dkms',
+          'initscripts',
+          'gcc',
+          'gcc-c++',
+          'genisoimage',
+          'git',
+          'glibc-devel',
+          'glibc-headers',
+          'gnupg2',
+          'kernel-devel',
+          'libffi-devel',
+          'libicu-devel',
+          'libtool',
+          'libvirt',
+          'libvirt-client',
+          'libvirt-devel',
+          'libxml2',
+          'libxml2-devel',
+          'libxslt',
+          'libxslt-devel',
+          'libyaml-devel',
+          'make',
+          'ntpdate',
+          'openssl',
+          'openssl-devel',
+          'qemu',
+          'readline-devel',
+          'rpm-build',
+          'rpm-sign',
+          'rpmdevtools',
+          'ruby-devel',
+          'rubygems',
+          'seabios',
+          'sqlite-devel',
+          'util-linux',
+          'which'
+        ]
+
+        on(host, %(yum -y install #{required_packages.join(' ')}))
+        on(host, %(yum -y update))
+      end
+
+      it 'removes limits from the system' do
+        # Remove system limits
+        on(host, %(rm -rf /etc/security/limits.d/*.conf))
+      end
+
+      it 'installs the latest VirtualBox' do
+        on(host, %(curl "#{virtualbox_repo}" -o /etc/yum.repos.d/virtualbox.repo))
+        on(host, 'yum -y install $(yum -y list | grep VirtualBox | sort | tail -1 | cut -f 1 -d " ")')
+      end
+
+      it 'installs the VirtualBox extension pack' do
+        on(host, 'VERSION=$(VBoxManage --version | tail -1 | cut -f 1 -d "r") && curl -Lo ${TMPDIR}/Oracle_VM_VirtualBox_Extension_Pack-${VERSION}.vbox-extpack http://download.virtualbox.org/virtualbox/${VERSION}/Oracle_VM_VirtualBox_Extension_Pack-${VERSION}.vbox-extpack && yes | VBoxManage extpack install ${TMPDIR}/Oracle_VM_VirtualBox_Extension_Pack-${VERSION}.vbox-extpack && rm -rf ${TMPDIR}/Oracle_VM_VirtualBox_Extension_Pack-${VERSION}.vbox-extpack')
+      end
+
+      it 'adds the build user to the vboxusers group' do
+        on(host, %(usermod -a -G vboxusers #{build_user}))
+      end
+
+      it 'reboots the system to finalize VirtualBox' do
+        host.reboot
+      end
+
+      it 'installs RPM for the build user' do
+        # Install RVM
+        on(host, %(#{build_user_cmd} "for i in {1..5}; do { gpg2 --keyserver hkp://pgp.mit.edu --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 || gpg2 --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 || gpg2 --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3; } && { gpg2 --keyserver hkp://pgp.mit.edu --recv-keys 7D2BAF1CF37B13E2069D6956105BD0E739499BDB || gpg2 --keyserver hkp://keys.gnupg.net --recv-keys 7D2BAF1CF37B13E2069D6956105BD0E739499BDB; } && break || sleep 1; done"))
+        on(host, %(#{build_user_cmd} "gpg2 --refresh-keys"))
+        on(host, %(#{build_user_cmd} "curl -sSL https://raw.githubusercontent.com/rvm/rvm/stable/binscripts/rvm-installer -o rvm-installer && curl -sSL https://raw.githubusercontent.com/rvm/rvm/stable/binscripts/rvm-installer.asc -o rvm-installer.asc && gpg2 --verify rvm-installer.asc rvm-installer && bash rvm-installer"))
+        on(host, %(#{build_user_cmd} "rvm install 2.4.4 --disable-binary"))
+        on(host, %(#{build_user_cmd} "rvm use --default 2.4.4"))
+        on(host, %(#{build_user_cmd} "rvm all do gem install bundler -v '~> 1.16' --no-document"))
+      end
+
+      it 'installs vagrant' do
+        on(host, %(yum -y install #{vagrant_rpm}))
+      end
+
+      it 'preps for testing by downloading boxes for tests' do
+        on(host, %(#{build_user_cmd} "vagrant box add --provider virtualbox centos/6"))
+        on(host, %(#{build_user_cmd} "vagrant box add --provider virtualbox centos/7"))
+      end
+
+      it 'runs a simple nested virt test' do
+        build_user_homedir = on(host, "readlink -f ~#{build_user}").output.strip
+        vagrant_testdir = "#{build_user_homedir}/vagrant_test"
+
+        vagrant_test_file = <<-EOM
+Vagrant.configure("2") do |c|
+  c.vm.define 'test' do |v|
+    v.vm.hostname = 'centos7.test.net'
+    v.vm.box = 'centos/7'
+    v.vm.box_check_update = 'false'
+  end
+end
+        EOM
+
+        host.mkdir_p(vagrant_testdir)
+
+        create_remote_file(host, "#{vagrant_testdir}/Vagrantfile", vagrant_test_file)
+
+        on(host, %(chown -R #{build_user} #{vagrant_testdir}))
+
+        on(host, %(#{build_user_cmd} "cd #{vagrant_testdir} && vagrant up"))
+        on(host, %(#{build_user_cmd} "cd #{vagrant_testdir} && vagrant destroy -f"))
+      end
+
+      # We're testing a real module since that has the widest set of
+      # repercussions for reaching out to the internet
+      it 'downloads a module to test' do
+        on(host, %(#{build_user_cmd} "git clone https://github.com/simp/pupmod-simp-at"))
+      end
+
+      it 'preps the module for building' do
+        on(host, %(#{build_user_cmd} "cd pupmod-simp-at; bundle update"))
+      end
+
+      it 'runs a network-connected test' do
+        on(host, %(#{build_user_cmd} "cd pupmod-simp-at; rake beaker:suites"))
+      end
+
+      it 'disables all internet network traffic via iptables' do
+        on(host, %(iptables -I OUTPUT -d `ip route | awk '/default/ {print $3}'`/16 -j ACCEPT))
+        on(host, 'iptables -A OUTPUT -j DROP')
+      end
+
+      xit 'runs a network-disconnected test' do
+        on(host, %(#{build_user_cmd} "cd pupmod-simp-at; rake beaker:suites"))
+      end
+    end
+  end
+end

data/spec/acceptance/suites/offline/README

@@ -0,0 +1,2 @@
+This, very odd, test should NEVER be run by default because it runs docker in
+privileged mode and may cause horriffic unintended side effects on your system.

data/spec/acceptance/suites/offline/nodesets/default.yml

@@ -0,0 +1,26 @@
+HOSTS:
+  el7:
+    platform: el-7-x86_64
+    box: centos/7
+    # This doesn't work with any other hypervisor
+    hypervisor: 'vagrant_libvirt'
+    vagrant_memsize: 3072
+    vagrant_cpus: 4
+    # Necessary to prevent network overlap inside the spawned test set
+    ip: '172.16.251.111'
+    netmask: '255.255.255.0'
+
+CONFIG:
+  log_level: verbose
+  type: aio
+<% if ENV['BEAKER_PUPPET_COLLECTION'] -%>
+  puppet_collection: <%= ENV['BEAKER_PUPPET_COLLECTION'] %>
+<% end -%>
+  libvirt:
+    # Ensure that we use the best option available
+    'cpu_mode': 'host-passthrough'
+    # Make sure that vagrant knows that we're rolling nested virt
+    'nested': true
+    # Necessary to prevent network overlap inside the spawned test set
+    'management_network_name': 'beaker-mgmt'
+    'management_network_address': '172.16.250.1/24'

data/spec/acceptance/suites/snapshot/00_snapshot_test_spec.rb

@@ -0,0 +1,82 @@
+require 'spec_helper_acceptance'
+
+hosts.each do |host|
+  describe 'take a snapshot' do
+    context "on #{host}" do
+      it 'creates a file that should be saved' do
+        on(host, 'echo "keep" > /root/keep')
+      end
+
+      it 'takes a snapshot' do
+        Simp::BeakerHelpers::Snapshot.save(host, 'test')
+      end
+
+      it 'creates a file that should be removed' do
+        on(host, 'echo "trash" > /root/trash')
+      end
+
+      it 'restores a snapshot' do
+        Simp::BeakerHelpers::Snapshot.restore(host, 'test')
+      end
+
+      it 'should have the keep file' do
+        expect(host.file_exist?('/root/keep')).to be true
+      end
+
+      it 'should not have the trash file' do
+        expect(host.file_exist?('/root/trash')).to be false
+      end
+
+      it 'creates a second file that should be saved' do
+        on(host, 'echo "keep2" > /root/keep2')
+      end
+
+      it 'takes a snapshot with the same name' do
+        Simp::BeakerHelpers::Snapshot.save(host, 'test')
+      end
+
+      it 'creates a file that should be removed' do
+        on(host, 'echo "trash" > /root/trash')
+      end
+
+      it 'restores a snapshot' do
+        Simp::BeakerHelpers::Snapshot.restore(host, 'test')
+      end
+
+      it 'should have all keep files' do
+        expect(host.file_exist?('/root/keep')).to be true
+        expect(host.file_exist?('/root/keep2')).to be true
+      end
+
+      it 'should not have the trash file' do
+        expect(host.file_exist?('/root/trash')).to be false
+      end
+
+      it 'takes a snapshot with a different name' do
+        Simp::BeakerHelpers::Snapshot.save(host, 'test2')
+      end
+
+      it 'can list the snapshots' do
+        expect(Simp::BeakerHelpers::Snapshot.list(host)).to eq ['test', 'test2']
+      end
+
+      it 'can query for a specific snapshot' do
+        expect(Simp::BeakerHelpers::Snapshot.exist?(host, 'test')).to eq true
+        expect(Simp::BeakerHelpers::Snapshot.exist?(host, 'test2')).to eq true
+        expect(Simp::BeakerHelpers::Snapshot.exist?(host, 'nope')).to eq false
+      end
+
+      it 'restores to the internal base' do
+         Simp::BeakerHelpers::Snapshot.restore_to_base(host)
+       end
+
+      it 'creates a file that should be saved' do
+        on(host, 'echo "keep" > /root/keep')
+      end
+
+      it 'creates a handoff snapshot for further tests' do
+        Simp::BeakerHelpers::Snapshot.save(host, 'handoff')
+      end
+    end
+  end
+end

data/spec/acceptance/suites/snapshot/10_general_usage_spec.rb

@@ -0,0 +1,56 @@
+require 'spec_helper_acceptance'
+
+hosts.each do |host|
+  describe 'snapshot workflow' do
+    context "on #{host}" do
+      shared_examples_for 'a snapshot test' do
+        let(:snapshots) { Simp::BeakerHelpers::Snapshot.list(host) }
+
+        it 'restores from the initial snapshot' do
+          if snapshots.include?(init_snapshot)
+            Simp::BeakerHelpers::Snapshot.restore(host, init_snapshot)
+          end
+        end
+
+        it 'adds the keep file if necessary' do
+          if init_snapshot == 'missing'
+            on(host, 'echo "keep" > /root/keep')
+          end
+        end
+
+        it 'adds a tracking file' do
+          on(host, 'echo "tracking" > /root/tracking')
+        end
+
+        it 'restores the snapshot' do
+          if init_snapshot == 'missing'
+            expect { Simp::BeakerHelpers::Snapshot.restore(host, init_snapshot) }.to raise_error(/not found/)
+            Simp::BeakerHelpers::Snapshot.restore_to_base(host)
+          else
+            Simp::BeakerHelpers::Snapshot.restore(host, init_snapshot)
+          end
+        end
+
+        it 'should have the keep file' do
+          expect(host.file_exist?('/root/keep')).to be true
+        end
+
+        it 'should not have the tracking file' do
+          expect(host.file_exist?('/root/tracking')).to be false
+        end
+      end
+
+      context 'existing snapshot' do
+        let(:init_snapshot) { 'handoff' }
+
+        include_examples 'a snapshot test'
+      end
+
+      context 'missing snapshot' do
+        let(:init_snapshot) { 'missing' }
+
+        include_examples 'a snapshot test'
+      end
+    end
+  end
+end

data/spec/acceptance/suites/snapshot/nodesets

@@ -0,0 +1 @@
+spec/acceptance/suites/snapshot/../../nodesets

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: simp-beaker-helpers
 version: !ruby/object:Gem::Version
-  version: 1.14.3
+  version: 1.14.4
 platform: ruby
 authors:
 - Chris Tessmer
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-06-25 00:00:00.000000000 Z
+date: 2019-07-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: beaker
@@ -101,14 +101,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement
@@ -160,7 +160,9 @@ files:
 - files/pki/template_host.cnf
 - files/puppet-agent-versions.yaml
 - lib/simp/beaker_helpers.rb
+- lib/simp/beaker_helpers/constants.rb
 - lib/simp/beaker_helpers/inspec.rb
+- lib/simp/beaker_helpers/snapshot.rb
 - lib/simp/beaker_helpers/ssg.rb
 - lib/simp/beaker_helpers/version.rb
 - lib/simp/rake/beaker.rb
@@ -177,9 +179,15 @@ files:
 - spec/acceptance/suites/fips_from_fixtures/00_default_spec.rb
 - spec/acceptance/suites/fips_from_fixtures/metadata.yml
 - spec/acceptance/suites/fips_from_fixtures/nodesets
+- spec/acceptance/suites/offline/00_default_spec.rb
+- spec/acceptance/suites/offline/README
+- spec/acceptance/suites/offline/nodesets/default.yml
 - spec/acceptance/suites/puppet_collections/00_default_spec.rb
 - spec/acceptance/suites/puppet_collections/metadata.yml
 - spec/acceptance/suites/puppet_collections/nodesets/default.yml
+- spec/acceptance/suites/snapshot/00_snapshot_test_spec.rb
+- spec/acceptance/suites/snapshot/10_general_usage_spec.rb
+- spec/acceptance/suites/snapshot/nodesets
 - spec/acceptance/suites/windows/00_default_spec.rb
 - spec/acceptance/suites/windows/metadata.yml
 - spec/acceptance/suites/windows/nodesets/default.yml