simp-beaker-helpers 1.18.4 → 1.18.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ceefebc12043c8bea9d8e93c4b70fc7280cd2cc36d00bb018d1851eb0639248a
-  data.tar.gz: 16289c99c4e61061c7a082b2ffca131169fe291a4481baab187c9ca9cef3451d
+  metadata.gz: 6af360e25b0c27681121e57724c9440c886489aab74d9bff7a96f32a2fb1805d
+  data.tar.gz: b9e0ea633c7e5a274e868abd4203fc3c02861a396f043cdc6c682ca550beacfd
 SHA512:
-  metadata.gz: 8644658439aa893965fa13120de357e5ef85bafdf4fb5cc865623588b405bec77c9215dddd360c74a03e758e89eb454d29c2d046b2bc20fbc66805fe958d26f4
-  data.tar.gz: b41a01714e053599dd0a514c8c57667688622c757601299b30a84c0ef965a257d6f77e1e324d948fc2476456bb2aabf747615e1d8df2b4db7e1292958ee452a6
+  metadata.gz: 0430e3ab6942bc368478f64dfb8243d76975e25e48d78965d52c7c22b916c80c7ad509af4b63a646dad92d87587e6e5dcdf0a4650b6495e4c3e6138daa05c387
+  data.tar.gz: e357315e04adadc555cb3ba8819e1a082c460a6c93c5842e3aa235c1d88faded4c2dea547b29c05689e5eb84de3ce76742d248c2645905f5756b9ddafd58592b

data/.fixtures.yml

@@ -1,8 +1,6 @@
 ---
 fixtures:
-  # Needed for Hiera v5 to work
-  forge_modules:
-    compliance_markup: "simp/compliance_markup"
   repositories:
-    stdlib: "https://github.com/simp/puppetlabs-stdlib"
+    stdlib: https://github.com/simp/puppetlabs-stdlib
+    compliance_markup: https://github.com/simp/pupmod-simp-compliance_markup
 

data/.gitlab-ci.yml

@@ -20,16 +20,6 @@
     - 'rm -rf pkg/ || :'
     - bundle check || rm -f Gemfile.lock && ("${BUNDLER_INSTALL[@]}" --local || "${BUNDLER_INSTALL[@]}")
 
-
-.validation_checks: &validation_checks
-  script:
-    - bundle exec rake syntax
-    - bundle exec rake check:dot_underscore
-    - bundle exec rake check:test_file
-    - bundle exec rake lint
-    # - bundle exec rake pkg:check_version
-    # - bundle exec rake pkg:compare_latest_tag
-
 .spec_tests: &spec_tests
   script:
     - bundle exec rake spec
@@ -42,43 +32,8 @@
       - $SIMP_FULL_MATRIX
 
 stages:
-  - validation
   - unit
   - acceptance
-  - deploy
-
-# Puppet 4.10 for PE 2017.2 support (EOL:2018-02-21)
-# See: https://puppet.com/misc/puppet-enterprise-lifecycle
-# --------------------------------------
-2_1-validation:
-  stage: validation
-  tags:
-    - docker
-  image: ruby:2.1
-  <<: *cache_bundler
-  <<: *setup_bundler_env
-  <<: *validation_checks
-
-2_1-unit:
-  stage: unit
-  tags:
-    - docker
-  image: ruby:2.1
-  <<: *cache_bundler
-  <<: *setup_bundler_env
-  <<: *spec_tests
-
-# Puppet 4.10 for PE 2017.2 support (EOL:2018-02-21)
-# See: https://puppet.com/misc/puppet-enterprise-lifecycle
-# --------------------------------------
-2_4-validation:
-  stage: validation
-  tags:
-    - docker
-  image: ruby:2.4
-  <<: *cache_bundler
-  <<: *setup_bundler_env
-  <<: *validation_checks
 
 2_4-unit:
   stage: unit
@@ -127,7 +82,7 @@ fips_from_fixtures:
     - bundle exec rake spec_clean
     - bundle exec rake beaker:suites[fips_from_fixtures]
 
-puppet_collections:
+puppet5_collections:
   stage: acceptance
   tags:
     - beaker
@@ -135,7 +90,18 @@ puppet_collections:
   <<: *setup_bundler_env
   variables:
     PUPPET_VERSION: '~> 5.3'
-    BEAKER_PUPPET_COLLECTION: 'puppet5'
+  script:
+    - bundle exec rake spec_clean
+    - bundle exec rake beaker:suites[puppet_collections]
+
+puppet6_collections:
+  stage: acceptance
+  tags:
+    - beaker
+  <<: *cache_bundler
+  <<: *setup_bundler_env
+  variables:
+    BEAKER_PUPPET_COLLECTION: 'puppet6'
   script:
     - bundle exec rake spec_clean
     - bundle exec rake beaker:suites[puppet_collections]
@@ -152,6 +118,8 @@ windows:
 
 snapshot:
   stage: acceptance
+  # This is prone to breakage in the underlying system
+  allow_failure: true
   tags:
     - beaker
   <<: *cache_bundler

data/CHANGELOG.md

@@ -1,4 +1,23 @@
-### 1.18.4 /2020-03-31
+### 1.18.9 / 2020-08-04
+* Change windows 2012r2 VM to work around issues where the old image had
+  duplicate ports trying to be opened
+* Increase test CA bits to 4096
+
+### 1.18.8 / 2020-07-14
+* Allow the beaker version to be pinned by environment variable
+
+### 1.18.7 / 2020-07-07
+* Fix host reference bug when switching to FIPS mode
+* Ensure that net-ssh 6+ can access older FIPS systems
+
+### 1.18.6 / 2020-06-24
+* Fix Vagrant snapshot issues
+
+### 1.18.5 / 2020-06-24
+* Allow Vagrant to connect to EL8+ hosts in FIPS mode
+* Add EL8 support to the SSG scans
+
+### 1.18.4 / 2020-03-31
 * Fix capturing error messages when inspec fails to generate results
 
 ### 1.18.3 / 2020-02-24

data/Gemfile

@@ -13,7 +13,34 @@ gem 'bundler'
 gem 'rake'
 
 group :system_tests do
-  gem 'beaker'
+  beaker_gem_options = ENV.fetch('BEAKER_GEM_OPTIONS', ['>= 4.17.0', '< 5.0.0'])
+
+  if "#{beaker_gem_options}".include?(':')
+    # Just pass in BEAKER_GEM_OPTIONS as a string that would represent the usual
+    # hash of options.
+    #
+    # Something like: BEAKER_GEM_OPTIONS=':git => "https://my.repo/beaker.git", :tag => "1.2.3"'
+    #
+    # No, this isn't robust, but it's not really an 'every day' sort of thing
+    # and safer than an `eval`
+    begin
+      gem 'beaker', Hash[
+        beaker_gem_options.split(',').map do |x| # Split passed options on k/v pairs
+          x.gsub('"', '').strip.split(/:\s|\s+=>\s+/) # Allow for either format hash keys
+        end.map do |k,v|
+          [
+            k.delete(':').to_sym, # Convert all keys to symbols
+            v.strip
+          ]
+        end
+      ] # Convert the whole thing to a valid Hash
+    rescue => e
+      raise "Invalid BEAKER_GEM_OPTIONS: '#{beaker_gem_options}' => '#{e}'"
+    end
+  else
+    gem 'beaker', beaker_gem_options
+  end
+
   gem 'beaker-rspec'
   gem 'beaker-windows'
   gem 'net-ssh'

data/files/pki/template_ca.cnf

@@ -93,7 +93,7 @@ emailAddress		= optional
 
 ####################################################################
 [ req ]
-default_bits		= 2048
+default_bits		= 4096
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes

data/files/pki/template_host.cnf

@@ -96,7 +96,7 @@ emailAddress		= optional
 
 ####################################################################
 [ req ]
-default_bits		= 2048
+default_bits		= 4096
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes

data/lib/simp/beaker_helpers.rb

@@ -297,7 +297,7 @@ module Simp::BeakerHelpers
       # TODO Use simp-ssh Puppet module appropriately (i.e., in a fashion
       #      that doesn't break vagrant access and is appropriate for
       #      typical module tests.)
-      fips_ssh_ciphers = [ 'aes256-cbc','aes192-cbc','aes128-cbc']
+      fips_ssh_ciphers = [ 'aes256-ctr','aes192-ctr','aes128-ctr']
       on(sut, %(sed -i '/Ciphers /d' /etc/ssh/sshd_config))
       on(sut, %(echo 'Ciphers #{fips_ssh_ciphers.join(',')}' >> /etc/ssh/sshd_config))
 
@@ -327,6 +327,16 @@ module Simp::BeakerHelpers
 
       # Enable FIPS and then reboot to finish.
       on(sut, %(puppet apply --verbose #{fips_enable_modulepath} -e "class { 'fips': enabled => true }"))
+
+      # Work around Vagrant and cipher restrictions in EL8+
+      #
+      # Hopefully, Vagrant will update the used ciphers at some point but who
+      # knows when that will be
+      opensshserver_config = '/etc/crypto-policies/back-ends/opensshserver.config'
+      if file_exists_on(sut, opensshserver_config)
+        on(sut, "sed --follow-symlinks -i 's/PubkeyAcceptedKeyTypes=/PubkeyAcceptedKeyTypes=ssh-rsa,/' #{opensshserver_config}")
+      end
+
       sut.reboot
     end
   end

data/lib/simp/beaker_helpers/snapshot.rb

@@ -1,5 +1,5 @@
 module Simp::BeakerHelpers
-  # Helpers for working with the SCAP Security Guide
+  # Helpers for managing Vagrant snapshots
   class Snapshot
     # The name of the base snapshot that is created if no snapshots currently exist
     BASE_NAME = '_simp_beaker_base'
@@ -18,9 +18,7 @@ module Simp::BeakerHelpers
 
         if vdir
           Dir.chdir(vdir) do
-            unless exist?(host, BASE_NAME)
-              save(host, BASE_NAME)
-            end
+            save(host, BASE_NAME) unless exist?(host, BASE_NAME)
 
             snap = "#{host.name}_#{snapshot_name}"
 
@@ -67,7 +65,7 @@ module Simp::BeakerHelpers
         Dir.chdir(vdir) do
           output = %x(vagrant snapshot list #{host.name}).lines
           output.map! do |x|
-            x.split(/^#{host.name}_/).last.strip
+            x.split(/^#{host.name}_/).last.split(':').first.delete('==>').strip
           end
         end
       end

data/lib/simp/beaker_helpers/ssg.rb

@@ -29,6 +29,17 @@ module Simp::BeakerHelpers
       'python-jinja2'
     ]
 
+    EL8_PACKAGES = [
+      'python3',
+      'python3-pyyaml',
+      'cmake',
+      'git',
+      'openscap-python3',
+      'openscap-utils',
+      'python3-lxml',
+      'python3-jinja2'
+    ]
+
     OS_INFO = {
       'RedHat' => {
         '6' => {
@@ -46,6 +57,14 @@ module Simp::BeakerHelpers
             'build_target'   => 'rhel7',
             'datastream'     => 'ssg-rhel7-ds.xml'
           }
+        },
+        '8' => {
+          'required_packages' => EL8_PACKAGES,
+          'ssg' => {
+            'profile_target' => 'rhel8',
+            'build_target'   => 'rhel8',
+            'datastream'     => 'ssg-rhel8-ds.xml'
+          }
         }
       },
       'CentOS' => {
@@ -64,6 +83,14 @@ module Simp::BeakerHelpers
             'build_target'   => 'centos7',
             'datastream'     => 'ssg-centos7-ds.xml'
           }
+        },
+        '8' => {
+          'required_packages' => EL8_PACKAGES,
+          'ssg' => {
+            'profile_target' => 'rhel8',
+            'build_target'   => 'centos8',
+            'datastream'     => 'ssg-centos8-ds.xml'
+          }
         }
       },
       'OracleLinux' => {
@@ -73,8 +100,16 @@ module Simp::BeakerHelpers
             'profile_target' => 'ol7',
             'build_target'   => 'ol7',
             'datastream'     => 'ssg-ol7-ds.xml'
+          },
+        '8' => {
+          'required_packages' => EL8_PACKAGES,
+          'ssg' => {
+            'profile_target' => 'ol8',
+            'build_target'   => 'ol8',
+            'datastream'     => 'ssg-ol8-ds.xml'
           }
         }
+        }
       }
     }
 

data/lib/simp/beaker_helpers/version.rb

@@ -1,5 +1,5 @@
 module Simp; end
 
 module Simp::BeakerHelpers
-  VERSION = '1.18.4'
+  VERSION = '1.18.9'
 end

data/spec/acceptance/nodesets/default.yml

@@ -9,8 +9,8 @@ HOSTS:
   server-el7:
     roles:
       - server
-      - default
       - master
+      - default
       - el7
     platform: el-7-x86_64
     box: centos/7
@@ -23,6 +23,13 @@ HOSTS:
     box: centos/6
     hypervisor: <%= hypervisor %>
 
+  server-el8:
+    roles:
+      - el8
+    platform: el-8-x86_64
+    box: centos/8
+    hypervisor: <%= hypervisor %>
+
 CONFIG:
   log_level: verbose
   type: aio

data/spec/acceptance/suites/default/nodesets

@@ -1 +1 @@
-spec/acceptance/suites/default/../../nodesets
+../../nodesets

data/spec/acceptance/suites/fips_from_fixtures/00_default_spec.rb

@@ -31,7 +31,10 @@ ScrubFixtures.new
 ENV['BEAKER_fips'] = 'yes'
 ENV['FIXTURES_YML'] = alt_fixtures
 
+beaker_gem_options = ENV['BEAKER_GEM_OPTIONS']
+
 Bundler.with_clean_env{
+  ENV['BEAKER_GEM_OPTIONS'] = beaker_gem_options
   ENV['FIXTURES_YML'] = alt_fixtures
 
   %x{bundle exec rake spec_prep}

data/spec/acceptance/suites/fips_from_fixtures/nodesets

@@ -1 +1 @@
-spec/acceptance/suites/fips_from_fixtures/../../nodesets
+../../nodesets

data/spec/acceptance/suites/puppet_collections/00_default_spec.rb

@@ -1,24 +1,22 @@
-# This needs to be done so that we actually bring in a collection at the start
-# of the run
-#
-# Choosing an arbitrary number in the middle of 5 so that we're not fooled by
-# edge cases
-#
-ENV['PUPPET_VERSION'] = '5.1'
-
 require 'spec_helper_acceptance'
 
-Bundler.with_clean_env{
-  %x{bundle exec rake spec_prep}
-}
+unless ENV['PUPPET_VERSION'] || ENV['BEAKER_PUPPET_COLLECTION']
+  fail('You must set either PUPPET_VERSION or BEAKER_PUPPET_COLLECTION as an environment variable')
+end
+
+if ENV['BEAKER_PUPPET_COLLECTION']
+  target_version = ENV['BEAKER_PUPPET_COLLECTION'][/(\d+)$/,1]
+elsif ENV['PUPPET_VERSION']
+  target_version = ENV['PUPPET_VERSION'].split('.').first
+end
 
 hosts.each do |host|
   describe 'make sure puppet version is valid' do
     context "on #{host}" do
       client_puppet_version = on(host, 'puppet --version').output.strip
 
-      it "should be running puppet version #{ENV['PUPPET_VERSION']}}" do
-        expect(Gem::Version.new(client_puppet_version)).to be >= Gem::Version.new(ENV['PUPPET_VERSION'])
+      it "should be running puppet version #{target_version}" do
+        expect(Gem::Version.new(client_puppet_version)).to be >= Gem::Version.new(target_version)
       end
     end
   end

data/spec/acceptance/suites/snapshot/00_snapshot_test_spec.rb

@@ -57,7 +57,7 @@ hosts.each do |host|
       end
 
       it 'can list the snapshots' do
-        expect(Simp::BeakerHelpers::Snapshot.list(host)).to eq ['test', 'test2']
+        expect(Simp::BeakerHelpers::Snapshot.list(host)).to eq ["#{host}", 'test', 'test2']
       end
 
       it 'can query for a specific snapshot' do

data/spec/acceptance/suites/snapshot/nodesets

@@ -1 +1 @@
-spec/acceptance/suites/snapshot/../../nodesets
+../../nodesets

data/spec/acceptance/suites/windows/nodesets/default.yml

@@ -10,12 +10,14 @@ HOSTS:
     roles:
       - windows
     platform: windows-server-amd64
-    box: opentable/win-2012r2-standard-amd64-nocm # VBOX ONLY
+    box: devopsgroup-io/windows_server-2012r2-standard-amd64-nocm
     hypervisor: <%= hypervisor %>
     vagrant_memsize: 2048
     vagrant_cpus: 2
     user: vagrant
     is_cygwin: false
+    ssh:
+      host_key: ssh-dss
 
   el7:
     roles:

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: simp-beaker-helpers
 version: !ruby/object:Gem::Version
-  version: 1.18.4
+  version: 1.18.9
 platform: ruby
 authors:
 - Chris Tessmer
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-04-07 00:00:00.000000000 Z
+date: 2020-08-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: beaker
@@ -203,7 +203,6 @@ files:
 - spec/acceptance/suites/offline/nodesets/default.yml
 - spec/acceptance/suites/puppet_collections/00_default_spec.rb
 - spec/acceptance/suites/puppet_collections/metadata.yml
-- spec/acceptance/suites/puppet_collections/nodesets/default.yml
 - spec/acceptance/suites/snapshot/00_snapshot_test_spec.rb
 - spec/acceptance/suites/snapshot/10_general_usage_spec.rb
 - spec/acceptance/suites/snapshot/nodesets
@@ -235,8 +234,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.7
+rubygems_version: 3.0.8
 signing_key: 
 specification_version: 4
 summary: beaker helper methods for SIMP

data/spec/acceptance/suites/puppet_collections/nodesets/default.yml

@@ -1,30 +0,0 @@
-<%
-  if ENV['BEAKER_HYPERVISOR']
-    hypervisor = ENV['BEAKER_HYPERVISOR']
-  else
-    hypervisor = 'vagrant'
-  end
--%>
-HOSTS:
-  server-el7:
-    roles:
-      - server
-      - default
-      - master
-      - el7
-    platform: el-7-x86_64
-    box: centos/7
-    hypervisor: <%= hypervisor %>
-
-  server-el6:
-    roles:
-      - el6
-    platform: el-6-x86_64
-    box: centos/6
-    hypervisor: <%= hypervisor %>
-
-CONFIG:
-  log_level: verbose
-  type: aio
-  puppet_collection: puppet5
-  vagrant_memsize: 256