simp-beaker-helpers 1.18.8

data/simp-beaker-helpers.gemspec

@@ -0,0 +1,38 @@
+# -*- encoding: utf-8 -*-
+$LOAD_PATH.unshift File.expand_path('../lib', __FILE__)
+require 'simp/beaker_helpers/version'
+require 'date'
+
+Gem::Specification.new do |s|
+  s.name        = 'simp-beaker-helpers'
+  s.date        = Date.today.to_s
+  s.summary     = 'beaker helper methods for SIMP'
+  s.description = <<-EOF
+    Beaker helper methods to help scaffold SIMP acceptance tests
+  EOF
+  s.version     = Simp::BeakerHelpers::VERSION
+  s.license     = 'Apache-2.0'
+  s.authors     = ['Chris Tessmer','Trevor Vaughan']
+  s.email       = 'simp@simp-project.org'
+  s.homepage    = 'https://github.com/simp/rubygem-simp-beaker-helpers'
+  s.metadata = {
+                 'issue_tracker' => 'https://simp-project.atlassian.net'
+               }
+  s.add_runtime_dependency 'beaker'                      , ['>= 4.17.0', '< 5.0.0']
+  s.add_runtime_dependency 'beaker-rspec'                , '~> 6.2'
+  s.add_runtime_dependency 'beaker-puppet'               , ['>= 1.18.14', '< 2.0.0']
+  s.add_runtime_dependency 'beaker-docker'               , '~> 0.3'
+  s.add_runtime_dependency 'beaker-vagrant'              , ['>= 0.6.4', '< 2.0.0']
+  s.add_runtime_dependency 'beaker-puppet_install_helper', '~> 0.9'
+  s.add_runtime_dependency 'highline'                    , '~> 2.0'
+  s.add_runtime_dependency 'nokogiri'                    , '~> 1.8'
+
+  # Because net-telnet dropped support for Ruby < 2.3.0
+  # TODO: Update this when we no longer support Ruby 2.1.9 (should be October 2018)
+  s.add_runtime_dependency 'net-telnet', '~> 0.1.1'
+
+  ### s.files = Dir['Rakefile', '{bin,lib,spec}/**/*', 'README*', 'LICENSE*'] & `git ls-files -z .`.split("\0")
+  s.files       = `git ls-files`.split("\n")
+  s.test_files  = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+end

data/spec/acceptance/nodesets/default.yml

@@ -0,0 +1,32 @@
+<%
+  if ENV['BEAKER_HYPERVISOR']
+    hypervisor = ENV['BEAKER_HYPERVISOR']
+  else
+    hypervisor = 'vagrant'
+  end
+-%>
+HOSTS:
+  server-el7:
+    roles:
+      - server
+      - default
+      - master
+      - el7
+    platform: el-7-x86_64
+    box: centos/7
+    hypervisor: <%= hypervisor %>
+
+  server-el6:
+    roles:
+      - el6
+    platform: el-6-x86_64
+    box: centos/6
+    hypervisor: <%= hypervisor %>
+
+CONFIG:
+  log_level: verbose
+  type: aio
+  vagrant_memsize: 256
+<% if ENV['BEAKER_PUPPET_COLLECTION'] -%>
+  puppet_collection: <%= ENV['BEAKER_PUPPET_COLLECTION'] %>
+<% end -%>

data/spec/acceptance/suites/default/check_puppet_version_spec.rb

@@ -0,0 +1,23 @@
+require 'spec_helper_acceptance'
+
+hosts.each do |host|
+  describe 'make sure puppet version is valid' do
+    context "on #{host}" do
+      puppet_collection = host.options[:puppet_collection]
+
+      client_puppet_version = on(host, 'puppet --version').output.strip
+
+      if puppet_collection =~ /puppet(\d+)/
+        puppet_collection_version = $1
+
+        it "should be running puppet version #{puppet_collection_version}" do
+          expect(client_puppet_version.split('.').first).to eq(puppet_collection_version)
+        end
+      else
+        it 'should not be running puppet 5' do
+          expect(client_puppet_version.split('.').first).to eq '5'
+        end
+      end
+    end
+  end
+end

data/spec/acceptance/suites/default/enable_fips_spec.rb

@@ -0,0 +1,23 @@
+require 'spec_helper_acceptance'
+
+hosts.each do |host|
+  describe 'FIPS enabled from Forge' do
+    context "on #{host}" do
+      if ENV['BEAKER_fips'] == 'yes'
+        it 'creates an alternate apply directory' do
+          on(host, 'test -d /root/.beaker_fips/modules')
+        end
+
+        it 'has fips enabled' do
+          stdout = on(host, 'cat /proc/sys/crypto/fips_enabled').stdout.strip
+          expect(stdout).to eq('1')
+        end
+      else
+        it 'has fips disabled' do
+          stdout = on(host, 'cat /proc/sys/crypto/fips_enabled').stdout.strip
+          expect(stdout).to eq('0')
+        end
+      end
+    end
+  end
+end

data/spec/acceptance/suites/default/fixture_modules_spec.rb

@@ -0,0 +1,22 @@
+require 'spec_helper_acceptance'
+
+context 'after copy_fixture_modules_to( hosts )' do
+  before(:all) do
+    # This should automatically run pluginsync_on hosts
+    copy_fixture_modules_to( hosts )
+  end
+
+  describe "fact_on(master,'root_home')" do
+    it 'should not return value of `root_home`' do
+      puts fact = fact_on(master, 'root_home')
+      expect( fact ).to eq ''
+    end
+  end
+
+  describe "pfact_on(master,'root_home')" do
+    it 'should return value of `root_home`' do
+      puts fact = pfact_on(master, 'root_home')
+      expect( fact ).to eq '/root'
+    end
+  end
+end

data/spec/acceptance/suites/default/install_simp_deps_repo_spec.rb

@@ -0,0 +1,43 @@
+require 'spec_helper_acceptance'
+
+hosts.each do |host|
+  describe '#write_hieradata_to' do
+
+    it 'should install yum utils' do
+      host.install_package('yum-utils')
+    end
+
+    context 'defailt settings' do
+      before(:all) { install_simp_repos(host) }
+
+      it 'creates the repo' do
+        on host, 'test -f /etc/yum.repos.d/simp.repo'
+        on host, 'test -f /etc/yum.repos.d/simp_deps.repo'
+      end
+
+      it 'enables the correct repos' do
+        simp6info = on(host, '/usr/bin/yum repolist -v simp | grep ^Repo-status').stdout.strip
+        expect(simp6info).to match(/.*Repo-status.*enabled.*/)
+        simp6depsinfo = on(host, 'yum repolist -v simp_deps| grep ^Repo-status').stdout.strip
+        expect(simp6depsinfo).to match(/.*Repo-status.*enabled.*/)
+      end
+    end
+
+    context 'when passed a disabled list ' do
+      before(:all) { install_simp_repos(host, ['simp'] ) }
+
+      it 'creates the repo' do
+        on host, 'test -f /etc/yum.repos.d/simp.repo'
+        on host, 'test -f /etc/yum.repos.d/simp_deps.repo'
+      end
+
+      it 'enables the correct repos' do
+        simp6info = on(host, 'yum repolist -v simp | grep ^Repo-status').stdout.strip
+        expect(simp6info).to match(/.*Repo-status.*disabled.*/)
+        simp6depsinfo = on(host, 'yum repolist -v simp_deps| grep ^Repo-status').stdout.strip
+        expect(simp6depsinfo).to match(/.*Repo-status.*enabled.*/)
+      end
+    end
+
+  end
+end

data/spec/acceptance/suites/default/nodesets

@@ -0,0 +1 @@
+spec/acceptance/suites/default/../../nodesets

data/spec/acceptance/suites/default/pki_tests_spec.rb

@@ -0,0 +1,55 @@
+require 'spec_helper_acceptance'
+require 'tmpdir'
+
+
+context 'PKI operations' do
+
+  context 'after run_fake_pki_ca_on(master,hosts)' do
+    before(:all) do
+      copy_fixture_modules_to( hosts )
+    end
+
+    shared_examples_for 'a correctly copied keydist/ tree' do |test_dir|
+      it 'correctly copies keydist/ tree' do
+        on(master, "ls -d #{test_dir}" +
+                   " #{test_dir}/cacerts" +
+                   " #{test_dir}/cacerts/cacert_*.pem"
+          )
+
+        hosts.each do |host|
+          name = host.node_name
+          on(master, "ls -d #{test_dir}/#{name}/cacerts" +
+                     " #{test_dir}/#{name}/#{name}.pem"  +
+                     " #{test_dir}/#{name}/#{name}.pub"  +
+                     " #{test_dir}/cacerts/cacert_*.pem"
+            )
+        end
+      end
+    end
+
+    describe 'a Fake CA under /root' do
+      tmp_keydist_dir = Dir.mktmpdir 'simp-beaker-helpers__pki-tests'
+      run_fake_pki_ca_on( master, hosts, tmp_keydist_dir  )
+
+      it 'should create /root/pki' do
+        on(master, 'test -d /root/pki')
+      end
+
+      it_behaves_like 'a correctly copied keydist/ tree', '/root/pki/keydist'
+
+    end
+
+    describe 'after copy_keydist_to' do
+      test_dir = '/etc/puppetlabs/code/environments/production/modules/pki/files/keydist'
+      copy_keydist_to(master)
+      it_behaves_like 'a correctly copied keydist/ tree', test_dir
+    end
+
+    describe 'after copy_keydist_to(master,"/tmp/foo")' do
+      test_dir = '/tmp/foo'
+      copy_keydist_to(master, test_dir)
+      it_behaves_like 'a correctly copied keydist/ tree', test_dir
+    end
+
+  end
+end

data/spec/acceptance/suites/default/set_hieradata_on_spec.rb

@@ -0,0 +1,33 @@
+require 'spec_helper_acceptance'
+
+hosts.each do |host|
+  describe '#set_hieradata_on' do
+    context 'when passed a YAML string' do
+      before(:all) { set_hieradata_on(host, "---\n") }
+      after(:all) { on(host, "rm -rf #{hiera_datadir(host)}") }
+
+      it 'creates the datadir' do
+        on host, "test -d #{hiera_datadir(host)}"
+      end
+
+      it 'writes the correct contents to the correct file' do
+        stdout = on(host, "cat #{hiera_datadir(host)}/common.yaml").stdout
+        expect(stdout).to eq("---\n")
+      end
+    end
+
+    context 'when passed a hash' do
+      before(:all) { set_hieradata_on(host, { 'foo' => 'bar' }) }
+      after(:all) { on(host, "rm -rf #{hiera_datadir(host)}") }
+
+      it 'creates the datadir' do
+        on host, "test -d #{hiera_datadir(host)}"
+      end
+
+      it 'writes the correct contents to the correct file' do
+        stdout = on(host, "cat #{hiera_datadir(host)}/common.yaml").stdout
+        expect(stdout).to eq("---\nfoo: bar\n")
+      end
+    end
+  end
+end

data/spec/acceptance/suites/default/write_hieradata_to_spec.rb

@@ -0,0 +1,33 @@
+require 'spec_helper_acceptance'
+
+hosts.each do |host|
+  describe '#write_hieradata_to' do
+    context 'when passed a YAML string' do
+      before(:all) { set_hieradata_on(host, "---\n") }
+      after(:all) { on(host, "rm -rf #{hiera_datadir(host)}") }
+
+      it 'creates the datadir' do
+        on host, "test -d #{hiera_datadir(host)}"
+      end
+
+      it 'writes the correct contents to the correct file' do
+        stdout = on(host, "cat #{hiera_datadir(host)}/common.yaml").stdout
+        expect(stdout).to eq("---\n")
+      end
+    end
+
+    context 'when passed a hash' do
+      before(:all) { set_hieradata_on(host, { 'foo' => 'bar' }) }
+      after(:all) { on(host, "rm -rf #{hiera_datadir(host)}") }
+
+      it 'creates the datadir' do
+        on host, "test -d #{hiera_datadir(host)}"
+      end
+
+      it 'writes the correct contents to the correct file' do
+        stdout = on(host, "cat #{hiera_datadir(host)}/common.yaml").stdout
+        expect(stdout).to eq("---\nfoo: bar\n")
+      end
+    end
+  end
+end

data/spec/acceptance/suites/fips_from_fixtures/00_default_spec.rb

@@ -0,0 +1,63 @@
+class ScrubFixtures
+  require 'simp/beaker_helpers'
+  include Simp::BeakerHelpers
+
+  def initialize
+    FileUtils.rm_rf(File.join(fixtures_path, 'modules'))
+  end
+end
+
+require 'yaml'
+require 'tempfile'
+
+alt_fixtures = File.absolute_path('.fips_fixtures.yml')
+
+new_fixtures = {
+  'fixtures' => {
+    'repositories' => {}
+  }
+}
+
+new_fixtures['fixtures']['repositories']['fips'] = 'https://github.com/simp/pupmod-simp-fips'
+new_fixtures['fixtures']['repositories']['augeasproviders_core'] = 'https://github.com/simp/augeasproviders_core'
+new_fixtures['fixtures']['repositories']['augeasproviders_grub'] = 'https://github.com/simp/augeasproviders_grub'
+new_fixtures['fixtures']['repositories']['simplib'] = 'https://github.com/simp/pupmod-simp-simplib'
+new_fixtures['fixtures']['repositories']['stdlib'] = 'https://github.com/simp/puppetlabs-stdlib'
+
+File.open(alt_fixtures, 'w'){ |fh| fh.puts(new_fixtures.to_yaml) }
+
+ScrubFixtures.new
+
+ENV['BEAKER_fips'] = 'yes'
+ENV['FIXTURES_YML'] = alt_fixtures
+
+Bundler.with_clean_env{
+  ENV['FIXTURES_YML'] = alt_fixtures
+
+  %x{bundle exec rake spec_prep}
+}
+
+require 'spec_helper_acceptance'
+
+describe 'FIPS pre-installed' do
+  after(:all) do
+    if alt_fixtures && File.exist?(alt_fixtures)
+      FileUtils.rm(alt_fixtures)
+
+      ScrubFixtures.new
+    end
+  end
+
+  hosts.each do |host|
+    context "on #{host}" do
+      it 'does not create an alternate apply directory' do
+        on(host, 'test ! -d /root/.beaker_fips/modules')
+      end
+
+      it 'has fips enabled' do
+        stdout = on(host, 'cat /proc/sys/crypto/fips_enabled').stdout.strip
+        expect(stdout).to eq('1')
+      end
+    end
+  end
+end

data/spec/acceptance/suites/fips_from_fixtures/metadata.yml

@@ -0,0 +1,2 @@
+---
+'default_run': true

data/spec/acceptance/suites/fips_from_fixtures/nodesets

@@ -0,0 +1 @@
+spec/acceptance/suites/fips_from_fixtures/../../nodesets

data/spec/acceptance/suites/offline/00_default_spec.rb

@@ -0,0 +1,165 @@
+require 'spec_helper_acceptance'
+
+describe 'Offline mode' do
+  hosts.each do |host|
+    context "on #{host}" do
+      let(:vagrant_version) { '2.2.5' }
+      let(:vagrant_rpm) { "https://releases.hashicorp.com/vagrant/#{vagrant_version}/vagrant_#{vagrant_version}_x86_64.rpm" }
+      let(:virtualbox_repo) { 'http://download.virtualbox.org/virtualbox/rpm/el/virtualbox.repo' }
+      let(:build_user) { 'build_user' }
+      let(:build_user_cmd) { "runuser #{build_user} -l -c" }
+
+      # Not sure if this is a QEMU thing with the image or something else
+      it 'works around a CentOS curl bug with libvirt' do
+        on(host, %(touch /etc/sysconfig/64bit_strstr_via_64bit_strstr_sse2_unaligned))
+      end
+
+      it 'adds the build user' do
+        on(host, %(useradd -b /home -G wheel -m -c "Build User" -s /bin/bash -U #{build_user}))
+
+        # Allow the build user to perform privileged operations
+        on(host, %(echo 'Defaults:build_user !requiretty' >> /etc/sudoers))
+      end
+
+      it 'installs required packages' do
+        host.install_package('epel-release')
+
+        required_packages = [
+          'augeas-devel',
+          'autoconf',
+          'automake',
+          'bison',
+          'createrepo',
+          'curl',
+          'dkms',
+          'initscripts',
+          'gcc',
+          'gcc-c++',
+          'genisoimage',
+          'git',
+          'glibc-devel',
+          'glibc-headers',
+          'gnupg2',
+          'kernel-devel',
+          'libffi-devel',
+          'libicu-devel',
+          'libtool',
+          'libvirt',
+          'libvirt-client',
+          'libvirt-devel',
+          'libxml2',
+          'libxml2-devel',
+          'libxslt',
+          'libxslt-devel',
+          'libyaml-devel',
+          'make',
+          'ntpdate',
+          'openssl',
+          'openssl-devel',
+          'qemu',
+          'readline-devel',
+          'rpm-build',
+          'rpm-sign',
+          'rpmdevtools',
+          'ruby-devel',
+          'rubygems',
+          'seabios',
+          'sqlite-devel',
+          'util-linux',
+          'which'
+        ]
+
+        on(host, %(yum -y install #{required_packages.join(' ')}))
+        on(host, %(yum -y update))
+      end
+
+      it 'removes limits from the system' do
+        # Remove system limits
+        on(host, %(rm -rf /etc/security/limits.d/*.conf))
+      end
+
+      it 'installs the latest VirtualBox' do
+        on(host, %(curl "#{virtualbox_repo}" -o /etc/yum.repos.d/virtualbox.repo))
+        on(host, 'yum -y install $(yum -y list | grep VirtualBox | sort | tail -1 | cut -f 1 -d " ")')
+      end
+
+      it 'installs the VirtualBox extension pack' do
+        on(host, 'VERSION=$(VBoxManage --version | tail -1 | cut -f 1 -d "r") && curl -Lo ${TMPDIR}/Oracle_VM_VirtualBox_Extension_Pack-${VERSION}.vbox-extpack http://download.virtualbox.org/virtualbox/${VERSION}/Oracle_VM_VirtualBox_Extension_Pack-${VERSION}.vbox-extpack && yes | VBoxManage extpack install ${TMPDIR}/Oracle_VM_VirtualBox_Extension_Pack-${VERSION}.vbox-extpack && rm -rf ${TMPDIR}/Oracle_VM_VirtualBox_Extension_Pack-${VERSION}.vbox-extpack')
+      end
+
+      it 'adds the build user to the vboxusers group' do
+        on(host, %(usermod -a -G vboxusers #{build_user}))
+      end
+
+      it 'reboots the system to finalize VirtualBox' do
+        host.reboot
+      end
+
+      it 'installs RPM for the build user' do
+        # Install RVM
+        on(host, %(#{build_user_cmd} "for i in {1..5}; do { gpg2 --keyserver hkp://pgp.mit.edu --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 || gpg2 --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 || gpg2 --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3; } && { gpg2 --keyserver hkp://pgp.mit.edu --recv-keys 7D2BAF1CF37B13E2069D6956105BD0E739499BDB || gpg2 --keyserver hkp://keys.gnupg.net --recv-keys 7D2BAF1CF37B13E2069D6956105BD0E739499BDB; } && break || sleep 1; done"))
+        on(host, %(#{build_user_cmd} "gpg2 --refresh-keys"))
+        on(host, %(#{build_user_cmd} "curl -sSL https://raw.githubusercontent.com/rvm/rvm/stable/binscripts/rvm-installer -o rvm-installer && curl -sSL https://raw.githubusercontent.com/rvm/rvm/stable/binscripts/rvm-installer.asc -o rvm-installer.asc && gpg2 --verify rvm-installer.asc rvm-installer && bash rvm-installer"))
+        on(host, %(#{build_user_cmd} "rvm install 2.4.4 --disable-binary"))
+        on(host, %(#{build_user_cmd} "rvm use --default 2.4.4"))
+        on(host, %(#{build_user_cmd} "rvm all do gem install bundler -v '~> 1.16' --no-document"))
+      end
+
+      it 'installs vagrant' do
+        on(host, %(yum -y install #{vagrant_rpm}))
+      end
+
+      it 'preps for testing by downloading boxes for tests' do
+        on(host, %(#{build_user_cmd} "vagrant box add --provider virtualbox centos/6"))
+        on(host, %(#{build_user_cmd} "vagrant box add --provider virtualbox centos/7"))
+      end
+
+      it 'runs a simple nested virt test' do
+        build_user_homedir = on(host, "readlink -f ~#{build_user}").output.strip
+        vagrant_testdir = "#{build_user_homedir}/vagrant_test"
+
+        vagrant_test_file = <<-EOM
+Vagrant.configure("2") do |c|
+  c.vm.define 'test' do |v|
+    v.vm.hostname = 'centos7.test.net'
+    v.vm.box = 'centos/7'
+    v.vm.box_check_update = 'false'
+  end
+end
+        EOM
+
+        host.mkdir_p(vagrant_testdir)
+
+        create_remote_file(host, "#{vagrant_testdir}/Vagrantfile", vagrant_test_file)
+
+        on(host, %(chown -R #{build_user} #{vagrant_testdir}))
+
+        on(host, %(#{build_user_cmd} "cd #{vagrant_testdir} && vagrant up"))
+        on(host, %(#{build_user_cmd} "cd #{vagrant_testdir} && vagrant destroy -f"))
+      end
+
+      # We're testing a real module since that has the widest set of
+      # repercussions for reaching out to the internet
+      it 'downloads a module to test' do
+        on(host, %(#{build_user_cmd} "git clone https://github.com/simp/pupmod-simp-at"))
+      end
+
+      it 'preps the module for building' do
+        on(host, %(#{build_user_cmd} "cd pupmod-simp-at; bundle update"))
+      end
+
+      it 'runs a network-connected test' do
+        on(host, %(#{build_user_cmd} "cd pupmod-simp-at; rake beaker:suites"))
+      end
+
+      it 'disables all internet network traffic via iptables' do
+        on(host, %(iptables -I OUTPUT -d `ip route | awk '/default/ {print $3}'`/16 -j ACCEPT))
+        on(host, 'iptables -A OUTPUT -j DROP')
+      end
+
+      xit 'runs a network-disconnected test' do
+        on(host, %(#{build_user_cmd} "cd pupmod-simp-at; rake beaker:suites"))
+      end
+    end
+  end
+end