simp-beaker-helpers 1.18.3 → 1.18.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 36231d0862e7ae76a3675efc9bc5339527b2704ead1dbbf41e2df3ce962439d4
-  data.tar.gz: 83d88bae5f3822c2e13754ee79fe1cc98a34b0f04c885861b61f76a1a32219ae
+  metadata.gz: aa50a0956fc8dd2198160f50de04d9beb7550040c2bac91a9ac539a75c1cc094
+  data.tar.gz: 4de6d37c95c4484e72dbe48f3bb47e190749701e46fc48ec20e56464b31dee56
 SHA512:
-  metadata.gz: 174f5a6496239de911c55a42d5ad08ee21fa54de6fbf244c1a6c167ccbd83780d9520ae51ccb8301f86ed45ddca7f97651126453af3c2d9a80caa288e6166457
-  data.tar.gz: f059ace7f23bbd687c5af6870f7d294230009984ef02b75a1e77fcfe710b1edd23c1ef4dc24f81efea2d7ac39c02217faea0542ea754d945767a881b2edaebf8
+  metadata.gz: f98eaa266f7b9eeb508f0c6924221a98d358d0fb7da1de34ec90b61cd79eb325cc3d2f388365bafccbc0f4d6fdad13eefbd19192631ecb42ddbb3360c46114c7
+  data.tar.gz: f3b0ced49cd92655f45378c46061e20d23a6295722d31f2a9bbeef46375b74d2b931c6ca6a3af5bad0e7cd0b04a4c0848eac98b9891b1385f0267811b50def2a

data/CHANGELOG.md

@@ -1,3 +1,20 @@
+### 1.18.8 / 2020-07-14
+* Allow the beaker version to be pinned by environment variable
+
+### 1.18.7 / 2020-07-07
+* Fix host reference bug when switching to FIPS mode
+* Ensure that net-ssh 6+ can access older FIPS systems
+
+### 1.18.6 / 2020-06-24
+* Fix Vagrant snapshot issues
+
+### 1.18.5 / 2020-06-24
+* Allow Vagrant to connect to EL8+ hosts in FIPS mode
+* Add EL8 support to the SSG scans
+
+### 1.18.4 / 2020-03-31
+* Fix capturing error messages when inspec fails to generate results
+
 ### 1.18.3 / 2020-02-24
 * Fix the Windows library loading location.
   * No longer attempt to load windows libraries by default unless the system is

data/Gemfile

@@ -13,7 +13,34 @@ gem 'bundler'
 gem 'rake'
 
 group :system_tests do
-  gem 'beaker'
+  beaker_gem_options = ENV.fetch('BEAKER_GEM_OPTIONS', ['>= 4.17.0', '< 5.0.0'])
+
+  if "#{beaker_gem_options}".include?(':')
+    # Just pass in BEAKER_GEM_OPTIONS as a string that would represent the usual
+    # hash of options.
+    #
+    # Something like: BEAKER_GEM_OPTIONS=':git => "https://my.repo/beaker.git", :tag => "1.2.3"'
+    #
+    # No, this isn't robust, but it's not really an 'every day' sort of thing
+    # and safer than an `eval`
+    begin
+      gem 'beaker', Hash[
+        beaker_gem_options.split(',').map do |x| # Split passed options on k/v pairs
+          x.gsub('"', '').strip.split(/:\s|\s+=>\s+/) # Allow for either format hash keys
+        end.map do |k,v|
+          [
+            k.delete(':').to_sym, # Convert all keys to symbols
+            v.strip
+          ]
+        end
+      ] # Convert the whole thing to a valid Hash
+    rescue => e
+      raise "Invalid BEAKER_GEM_OPTIONS: '#{beaker_gem_options}' => '#{e}'"
+    end
+  else
+    gem 'beaker', beaker_gem_options
+  end
+
   gem 'beaker-rspec'
   gem 'beaker-windows'
   gem 'net-ssh'

data/lib/simp/beaker_helpers.rb

@@ -297,7 +297,7 @@ module Simp::BeakerHelpers
       # TODO Use simp-ssh Puppet module appropriately (i.e., in a fashion
       #      that doesn't break vagrant access and is appropriate for
       #      typical module tests.)
-      fips_ssh_ciphers = [ 'aes256-cbc','aes192-cbc','aes128-cbc']
+      fips_ssh_ciphers = [ 'aes256-ctr','aes192-ctr','aes128-ctr']
       on(sut, %(sed -i '/Ciphers /d' /etc/ssh/sshd_config))
       on(sut, %(echo 'Ciphers #{fips_ssh_ciphers.join(',')}' >> /etc/ssh/sshd_config))
 
@@ -327,6 +327,16 @@ module Simp::BeakerHelpers
 
       # Enable FIPS and then reboot to finish.
       on(sut, %(puppet apply --verbose #{fips_enable_modulepath} -e "class { 'fips': enabled => true }"))
+
+      # Work around Vagrant and cipher restrictions in EL8+
+      #
+      # Hopefully, Vagrant will update the used ciphers at some point but who
+      # knows when that will be
+      opensshserver_config = '/etc/crypto-policies/back-ends/opensshserver.config'
+      if file_exists_on(sut, opensshserver_config)
+        on(sut, "sed --follow-symlinks -i 's/PubkeyAcceptedKeyTypes=/PubkeyAcceptedKeyTypes=ssh-rsa,/' #{opensshserver_config}")
+      end
+
       sut.reboot
     end
   end

data/lib/simp/beaker_helpers/inspec.rb

@@ -116,7 +116,7 @@ module Simp::BeakerHelpers
         FileUtils.remove_entry_secure tmpdir
       end
 
-      unless @results
+      if @results.nil? || @results.empty?
         File.open(@result_file + '.err', 'w') do |fh|
           fh.puts(result.stderr.strip)
         end

data/lib/simp/beaker_helpers/snapshot.rb

@@ -1,5 +1,5 @@
 module Simp::BeakerHelpers
-  # Helpers for working with the SCAP Security Guide
+  # Helpers for managing Vagrant snapshots
   class Snapshot
     # The name of the base snapshot that is created if no snapshots currently exist
     BASE_NAME = '_simp_beaker_base'
@@ -18,9 +18,7 @@ module Simp::BeakerHelpers
 
         if vdir
           Dir.chdir(vdir) do
-            unless exist?(host, BASE_NAME)
-              save(host, BASE_NAME)
-            end
+            save(host, BASE_NAME) unless exist?(host, BASE_NAME)
 
             snap = "#{host.name}_#{snapshot_name}"
 
@@ -67,7 +65,7 @@ module Simp::BeakerHelpers
         Dir.chdir(vdir) do
           output = %x(vagrant snapshot list #{host.name}).lines
           output.map! do |x|
-            x.split(/^#{host.name}_/).last.strip
+            x.split(/^#{host.name}_/).last.split(':').first.delete('==>').strip
           end
         end
       end

data/lib/simp/beaker_helpers/ssg.rb

@@ -29,6 +29,17 @@ module Simp::BeakerHelpers
       'python-jinja2'
     ]
 
+    EL8_PACKAGES = [
+      'python3',
+      'python3-pyyaml',
+      'cmake',
+      'git',
+      'openscap-python3',
+      'openscap-utils',
+      'python3-lxml',
+      'python3-jinja2'
+    ]
+
     OS_INFO = {
       'RedHat' => {
         '6' => {
@@ -46,6 +57,14 @@ module Simp::BeakerHelpers
             'build_target'   => 'rhel7',
             'datastream'     => 'ssg-rhel7-ds.xml'
           }
+        },
+        '8' => {
+          'required_packages' => EL8_PACKAGES,
+          'ssg' => {
+            'profile_target' => 'rhel8',
+            'build_target'   => 'rhel8',
+            'datastream'     => 'ssg-rhel8-ds.xml'
+          }
         }
       },
       'CentOS' => {
@@ -64,6 +83,14 @@ module Simp::BeakerHelpers
             'build_target'   => 'centos7',
             'datastream'     => 'ssg-centos7-ds.xml'
           }
+        },
+        '8' => {
+          'required_packages' => EL8_PACKAGES,
+          'ssg' => {
+            'profile_target' => 'rhel8',
+            'build_target'   => 'centos8',
+            'datastream'     => 'ssg-centos8-ds.xml'
+          }
         }
       },
       'OracleLinux' => {
@@ -73,8 +100,16 @@ module Simp::BeakerHelpers
             'profile_target' => 'ol7',
             'build_target'   => 'ol7',
             'datastream'     => 'ssg-ol7-ds.xml'
+          },
+        '8' => {
+          'required_packages' => EL8_PACKAGES,
+          'ssg' => {
+            'profile_target' => 'ol8',
+            'build_target'   => 'ol8',
+            'datastream'     => 'ssg-ol8-ds.xml'
           }
         }
+        }
       }
     }
 

data/lib/simp/beaker_helpers/version.rb

@@ -1,5 +1,5 @@
 module Simp; end
 
 module Simp::BeakerHelpers
-  VERSION = '1.18.3'
+  VERSION = '1.18.8'
 end

data/spec/acceptance/suites/snapshot/00_snapshot_test_spec.rb

@@ -57,7 +57,7 @@ hosts.each do |host|
       end
 
       it 'can list the snapshots' do
-        expect(Simp::BeakerHelpers::Snapshot.list(host)).to eq ['test', 'test2']
+        expect(Simp::BeakerHelpers::Snapshot.list(host)).to eq ["#{host}", 'test', 'test2']
       end
 
       it 'can query for a specific snapshot' do

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: simp-beaker-helpers
 version: !ruby/object:Gem::Version
-  version: 1.18.3
+  version: 1.18.8
 platform: ruby
 authors:
 - Chris Tessmer
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-02-24 00:00:00.000000000 Z
+date: 2020-07-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: beaker