simp-beaker-helpers 1.18.3 → 1.18.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +17 -0
- data/Gemfile +28 -1
- data/lib/simp/beaker_helpers.rb +11 -1
- data/lib/simp/beaker_helpers/inspec.rb +1 -1
- data/lib/simp/beaker_helpers/snapshot.rb +3 -5
- data/lib/simp/beaker_helpers/ssg.rb +35 -0
- data/lib/simp/beaker_helpers/version.rb +1 -1
- data/spec/acceptance/suites/snapshot/00_snapshot_test_spec.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: aa50a0956fc8dd2198160f50de04d9beb7550040c2bac91a9ac539a75c1cc094
|
4
|
+
data.tar.gz: 4de6d37c95c4484e72dbe48f3bb47e190749701e46fc48ec20e56464b31dee56
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f98eaa266f7b9eeb508f0c6924221a98d358d0fb7da1de34ec90b61cd79eb325cc3d2f388365bafccbc0f4d6fdad13eefbd19192631ecb42ddbb3360c46114c7
|
7
|
+
data.tar.gz: f3b0ced49cd92655f45378c46061e20d23a6295722d31f2a9bbeef46375b74d2b931c6ca6a3af5bad0e7cd0b04a4c0848eac98b9891b1385f0267811b50def2a
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,20 @@
|
|
1
|
+
### 1.18.8 / 2020-07-14
|
2
|
+
* Allow the beaker version to be pinned by environment variable
|
3
|
+
|
4
|
+
### 1.18.7 / 2020-07-07
|
5
|
+
* Fix host reference bug when switching to FIPS mode
|
6
|
+
* Ensure that net-ssh 6+ can access older FIPS systems
|
7
|
+
|
8
|
+
### 1.18.6 / 2020-06-24
|
9
|
+
* Fix Vagrant snapshot issues
|
10
|
+
|
11
|
+
### 1.18.5 / 2020-06-24
|
12
|
+
* Allow Vagrant to connect to EL8+ hosts in FIPS mode
|
13
|
+
* Add EL8 support to the SSG scans
|
14
|
+
|
15
|
+
### 1.18.4 / 2020-03-31
|
16
|
+
* Fix capturing error messages when inspec fails to generate results
|
17
|
+
|
1
18
|
### 1.18.3 / 2020-02-24
|
2
19
|
* Fix the Windows library loading location.
|
3
20
|
* No longer attempt to load windows libraries by default unless the system is
|
data/Gemfile
CHANGED
@@ -13,7 +13,34 @@ gem 'bundler'
|
|
13
13
|
gem 'rake'
|
14
14
|
|
15
15
|
group :system_tests do
|
16
|
-
|
16
|
+
beaker_gem_options = ENV.fetch('BEAKER_GEM_OPTIONS', ['>= 4.17.0', '< 5.0.0'])
|
17
|
+
|
18
|
+
if "#{beaker_gem_options}".include?(':')
|
19
|
+
# Just pass in BEAKER_GEM_OPTIONS as a string that would represent the usual
|
20
|
+
# hash of options.
|
21
|
+
#
|
22
|
+
# Something like: BEAKER_GEM_OPTIONS=':git => "https://my.repo/beaker.git", :tag => "1.2.3"'
|
23
|
+
#
|
24
|
+
# No, this isn't robust, but it's not really an 'every day' sort of thing
|
25
|
+
# and safer than an `eval`
|
26
|
+
begin
|
27
|
+
gem 'beaker', Hash[
|
28
|
+
beaker_gem_options.split(',').map do |x| # Split passed options on k/v pairs
|
29
|
+
x.gsub('"', '').strip.split(/:\s|\s+=>\s+/) # Allow for either format hash keys
|
30
|
+
end.map do |k,v|
|
31
|
+
[
|
32
|
+
k.delete(':').to_sym, # Convert all keys to symbols
|
33
|
+
v.strip
|
34
|
+
]
|
35
|
+
end
|
36
|
+
] # Convert the whole thing to a valid Hash
|
37
|
+
rescue => e
|
38
|
+
raise "Invalid BEAKER_GEM_OPTIONS: '#{beaker_gem_options}' => '#{e}'"
|
39
|
+
end
|
40
|
+
else
|
41
|
+
gem 'beaker', beaker_gem_options
|
42
|
+
end
|
43
|
+
|
17
44
|
gem 'beaker-rspec'
|
18
45
|
gem 'beaker-windows'
|
19
46
|
gem 'net-ssh'
|
data/lib/simp/beaker_helpers.rb
CHANGED
@@ -297,7 +297,7 @@ module Simp::BeakerHelpers
|
|
297
297
|
# TODO Use simp-ssh Puppet module appropriately (i.e., in a fashion
|
298
298
|
# that doesn't break vagrant access and is appropriate for
|
299
299
|
# typical module tests.)
|
300
|
-
fips_ssh_ciphers = [ 'aes256-
|
300
|
+
fips_ssh_ciphers = [ 'aes256-ctr','aes192-ctr','aes128-ctr']
|
301
301
|
on(sut, %(sed -i '/Ciphers /d' /etc/ssh/sshd_config))
|
302
302
|
on(sut, %(echo 'Ciphers #{fips_ssh_ciphers.join(',')}' >> /etc/ssh/sshd_config))
|
303
303
|
|
@@ -327,6 +327,16 @@ module Simp::BeakerHelpers
|
|
327
327
|
|
328
328
|
# Enable FIPS and then reboot to finish.
|
329
329
|
on(sut, %(puppet apply --verbose #{fips_enable_modulepath} -e "class { 'fips': enabled => true }"))
|
330
|
+
|
331
|
+
# Work around Vagrant and cipher restrictions in EL8+
|
332
|
+
#
|
333
|
+
# Hopefully, Vagrant will update the used ciphers at some point but who
|
334
|
+
# knows when that will be
|
335
|
+
opensshserver_config = '/etc/crypto-policies/back-ends/opensshserver.config'
|
336
|
+
if file_exists_on(sut, opensshserver_config)
|
337
|
+
on(sut, "sed --follow-symlinks -i 's/PubkeyAcceptedKeyTypes=/PubkeyAcceptedKeyTypes=ssh-rsa,/' #{opensshserver_config}")
|
338
|
+
end
|
339
|
+
|
330
340
|
sut.reboot
|
331
341
|
end
|
332
342
|
end
|
@@ -1,5 +1,5 @@
|
|
1
1
|
module Simp::BeakerHelpers
|
2
|
-
# Helpers for
|
2
|
+
# Helpers for managing Vagrant snapshots
|
3
3
|
class Snapshot
|
4
4
|
# The name of the base snapshot that is created if no snapshots currently exist
|
5
5
|
BASE_NAME = '_simp_beaker_base'
|
@@ -18,9 +18,7 @@ module Simp::BeakerHelpers
|
|
18
18
|
|
19
19
|
if vdir
|
20
20
|
Dir.chdir(vdir) do
|
21
|
-
unless exist?(host, BASE_NAME)
|
22
|
-
save(host, BASE_NAME)
|
23
|
-
end
|
21
|
+
save(host, BASE_NAME) unless exist?(host, BASE_NAME)
|
24
22
|
|
25
23
|
snap = "#{host.name}_#{snapshot_name}"
|
26
24
|
|
@@ -67,7 +65,7 @@ module Simp::BeakerHelpers
|
|
67
65
|
Dir.chdir(vdir) do
|
68
66
|
output = %x(vagrant snapshot list #{host.name}).lines
|
69
67
|
output.map! do |x|
|
70
|
-
x.split(/^#{host.name}_/).last.strip
|
68
|
+
x.split(/^#{host.name}_/).last.split(':').first.delete('==>').strip
|
71
69
|
end
|
72
70
|
end
|
73
71
|
end
|
@@ -29,6 +29,17 @@ module Simp::BeakerHelpers
|
|
29
29
|
'python-jinja2'
|
30
30
|
]
|
31
31
|
|
32
|
+
EL8_PACKAGES = [
|
33
|
+
'python3',
|
34
|
+
'python3-pyyaml',
|
35
|
+
'cmake',
|
36
|
+
'git',
|
37
|
+
'openscap-python3',
|
38
|
+
'openscap-utils',
|
39
|
+
'python3-lxml',
|
40
|
+
'python3-jinja2'
|
41
|
+
]
|
42
|
+
|
32
43
|
OS_INFO = {
|
33
44
|
'RedHat' => {
|
34
45
|
'6' => {
|
@@ -46,6 +57,14 @@ module Simp::BeakerHelpers
|
|
46
57
|
'build_target' => 'rhel7',
|
47
58
|
'datastream' => 'ssg-rhel7-ds.xml'
|
48
59
|
}
|
60
|
+
},
|
61
|
+
'8' => {
|
62
|
+
'required_packages' => EL8_PACKAGES,
|
63
|
+
'ssg' => {
|
64
|
+
'profile_target' => 'rhel8',
|
65
|
+
'build_target' => 'rhel8',
|
66
|
+
'datastream' => 'ssg-rhel8-ds.xml'
|
67
|
+
}
|
49
68
|
}
|
50
69
|
},
|
51
70
|
'CentOS' => {
|
@@ -64,6 +83,14 @@ module Simp::BeakerHelpers
|
|
64
83
|
'build_target' => 'centos7',
|
65
84
|
'datastream' => 'ssg-centos7-ds.xml'
|
66
85
|
}
|
86
|
+
},
|
87
|
+
'8' => {
|
88
|
+
'required_packages' => EL8_PACKAGES,
|
89
|
+
'ssg' => {
|
90
|
+
'profile_target' => 'rhel8',
|
91
|
+
'build_target' => 'centos8',
|
92
|
+
'datastream' => 'ssg-centos8-ds.xml'
|
93
|
+
}
|
67
94
|
}
|
68
95
|
},
|
69
96
|
'OracleLinux' => {
|
@@ -73,8 +100,16 @@ module Simp::BeakerHelpers
|
|
73
100
|
'profile_target' => 'ol7',
|
74
101
|
'build_target' => 'ol7',
|
75
102
|
'datastream' => 'ssg-ol7-ds.xml'
|
103
|
+
},
|
104
|
+
'8' => {
|
105
|
+
'required_packages' => EL8_PACKAGES,
|
106
|
+
'ssg' => {
|
107
|
+
'profile_target' => 'ol8',
|
108
|
+
'build_target' => 'ol8',
|
109
|
+
'datastream' => 'ssg-ol8-ds.xml'
|
76
110
|
}
|
77
111
|
}
|
112
|
+
}
|
78
113
|
}
|
79
114
|
}
|
80
115
|
|
@@ -57,7 +57,7 @@ hosts.each do |host|
|
|
57
57
|
end
|
58
58
|
|
59
59
|
it 'can list the snapshots' do
|
60
|
-
expect(Simp::BeakerHelpers::Snapshot.list(host)).to eq ['test', 'test2']
|
60
|
+
expect(Simp::BeakerHelpers::Snapshot.list(host)).to eq ["#{host}", 'test', 'test2']
|
61
61
|
end
|
62
62
|
|
63
63
|
it 'can query for a specific snapshot' do
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: simp-beaker-helpers
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.18.
|
4
|
+
version: 1.18.8
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Chris Tessmer
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2020-
|
12
|
+
date: 2020-07-21 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: beaker
|