simp-beaker-helpers 1.23.0 → 1.23.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.fixtures.yml +6 -1
- data/.github/workflows/pr_acceptance.yml +55 -0
- data/.github/workflows/pr_tests.yml +90 -0
- data/.gitlab-ci.yml +19 -0
- data/CHANGELOG.md +34 -0
- data/lib/simp/beaker_helpers.rb +10 -18
- data/lib/simp/beaker_helpers/inspec.rb +16 -12
- data/lib/simp/beaker_helpers/ssg.rb +47 -20
- data/lib/simp/beaker_helpers/version.rb +1 -1
- data/lib/simp/rake/beaker.rb +8 -2
- data/spec/acceptance/nodesets/default.yml +2 -1
- data/spec/acceptance/nodesets/docker.yml +0 -22
- data/spec/acceptance/nodesets/oel.yml +42 -0
- data/spec/acceptance/suites/default/enable_fips_spec.rb +6 -4
- data/spec/acceptance/suites/fips_from_fixtures/00_default_spec.rb +10 -3
- data/spec/acceptance/suites/inspec/00_default_spec.rb +54 -0
- data/spec/acceptance/suites/inspec/metadata.yml +2 -0
- data/spec/acceptance/suites/inspec/nodesets +1 -0
- data/spec/acceptance/suites/puppet_collections/00_default_spec.rb +1 -1
- data/spec/acceptance/suites/ssg/00_default_spec.rb +47 -0
- data/spec/acceptance/suites/ssg/metadata.yml +2 -0
- data/spec/acceptance/suites/ssg/nodesets +1 -0
- data/spec/fixtures/inspec_profiles/CentOS-7-disa_stig +1 -0
- data/spec/fixtures/inspec_profiles/CentOS-8-disa_stig +1 -0
- data/spec/fixtures/inspec_profiles/RedHat-7-disa_stig/controls/00_Control_Selector.rb +45 -0
- data/spec/fixtures/inspec_profiles/RedHat-7-disa_stig/inspec.yml +14 -0
- data/spec/fixtures/inspec_profiles/RedHat-8-disa_stig/controls/00_Control_Selector.rb +45 -0
- data/spec/fixtures/inspec_profiles/RedHat-8-disa_stig/inspec.yml +14 -0
- data/spec/lib/simp/beaker_helpers_spec.rb +1 -3
- metadata +17 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4a8f3a3f4dc773c215796e464031e1ab00ed025c9a3346fd4573d12a1a072fd9
|
4
|
+
data.tar.gz: 1d55ad88ebae56afe2e807ad1a27d3e6ee5828499ef2f3655770b71f8660d579
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 10d292eb75b4bcd9d2bfc2bc5223367ea2706db88cdc29d016b37db9864530d6a923e56339d1f37a5b4e9b9cf1edeb34c179d73d5a56361416145a363c02890e
|
7
|
+
data.tar.gz: f877ae87cf79c64786aeaf800cb1d8b839ad251c80664e128b498a7e555d9661a7034e677d1682bcbc91fb8ce00ba504f5ed22035ad6ed877df45d0c8851b241
|
data/.fixtures.yml
CHANGED
@@ -4,4 +4,9 @@ fixtures:
|
|
4
4
|
stdlib: https://github.com/simp/puppetlabs-stdlib
|
5
5
|
simplib: https://github.com/simp/pupmod-simp-simplib
|
6
6
|
compliance_markup: https://github.com/simp/pupmod-simp-compliance_markup
|
7
|
-
|
7
|
+
disa_stig-el7-baseline:
|
8
|
+
repo: https://github.com/mitre/redhat-enterprise-linux-7-stig-baseline
|
9
|
+
target: spec/fixtures/inspec_deps/inspec_profiles/profiles
|
10
|
+
disa_stig-el8-baseline:
|
11
|
+
repo: https://github.com/mitre/redhat-enterprise-linux-8-stig-baseline
|
12
|
+
target: spec/fixtures/inspec_deps/inspec_profiles/profiles
|
@@ -0,0 +1,55 @@
|
|
1
|
+
# Run all tests as GitHub Actions
|
2
|
+
name: Unit Tests
|
3
|
+
on:
|
4
|
+
push:
|
5
|
+
branches:
|
6
|
+
# A test branch for seeing if your tests will pass in your personal fork
|
7
|
+
- test_me_github
|
8
|
+
pull_request:
|
9
|
+
types: [opened, reopened, synchronize]
|
10
|
+
|
11
|
+
jobs:
|
12
|
+
acceptance:
|
13
|
+
runs-on:
|
14
|
+
- ubuntu-latest
|
15
|
+
strategy:
|
16
|
+
matrix:
|
17
|
+
ruby:
|
18
|
+
- 2.6
|
19
|
+
fail-fast: false
|
20
|
+
steps:
|
21
|
+
- name: checkout repo
|
22
|
+
uses: actions/checkout@v2
|
23
|
+
- name: setup ruby
|
24
|
+
uses: ruby/setup-ruby@v1
|
25
|
+
with:
|
26
|
+
ruby-version: ${{ matrix.ruby }}
|
27
|
+
- name: ensure entropy
|
28
|
+
run: |
|
29
|
+
sudo apt-get update -y
|
30
|
+
sudo apt-get install -y rng-tools
|
31
|
+
sudo systemctl start rng-tools
|
32
|
+
- name: install docker
|
33
|
+
run: |
|
34
|
+
set -x
|
35
|
+
sudo apt-get remove -y podman ||:
|
36
|
+
sudo apt-get install -y docker-ce docker docker-engine docker.io containerd runc ||:
|
37
|
+
sudo apt-get update
|
38
|
+
sudo apt autoremove -y
|
39
|
+
sudo systemctl start docker
|
40
|
+
- name: install bundler
|
41
|
+
run: |
|
42
|
+
gem install bundler
|
43
|
+
bundle update
|
44
|
+
- name: beaker
|
45
|
+
run: |
|
46
|
+
bundle exec rake beaker:suites[default,docker]
|
47
|
+
- name: beaker puppet_collections
|
48
|
+
run: |
|
49
|
+
bundle exec rake beaker:suites[puppet_collections,docker]
|
50
|
+
- name: beaker ssg
|
51
|
+
run: |
|
52
|
+
bundle exec rake beaker:suites[ssg,docker]
|
53
|
+
- name: beaker inspec
|
54
|
+
run: |
|
55
|
+
bundle exec rake beaker:suites[inspec,docker]
|
@@ -0,0 +1,90 @@
|
|
1
|
+
# Run Puppet checks and test matrix on Pull Requests
|
2
|
+
# ------------------------------------------------------------------------------
|
3
|
+
# NOTICE: **This file is maintained with puppetsync**
|
4
|
+
#
|
5
|
+
# This file is updated automatically as part of a puppet module baseline.
|
6
|
+
#
|
7
|
+
# The next baseline sync will overwrite any local changes to this file!
|
8
|
+
#
|
9
|
+
# ==============================================================================
|
10
|
+
#
|
11
|
+
# The testing matrix considers ruby/puppet versions supported by SIMP and PE:
|
12
|
+
# ------------------------------------------------------------------------------
|
13
|
+
# Release Puppet Ruby EOL
|
14
|
+
# SIMP 6.4 5.5 2.40 TBD
|
15
|
+
# PE 2018.1 5.5 2.40 2021-01 (LTS overlap)
|
16
|
+
# PE 2019.8 6.18 2.5 2022-12 (LTS)
|
17
|
+
#
|
18
|
+
# https://puppet.com/docs/pe/2018.1/component_versions_in_recent_pe_releases.html
|
19
|
+
# https://puppet.com/misc/puppet-enterprise-lifecycle
|
20
|
+
# https://puppet.com/docs/pe/2018.1/overview/getting_support_for_pe.html
|
21
|
+
# ==============================================================================
|
22
|
+
#
|
23
|
+
# https://docs.github.com/en/actions/reference/events-that-trigger-workflows
|
24
|
+
#
|
25
|
+
|
26
|
+
name: PR Tests
|
27
|
+
on:
|
28
|
+
push:
|
29
|
+
branches:
|
30
|
+
# A test branch for seeing if your tests will pass in your personal fork
|
31
|
+
- test_me_github
|
32
|
+
pull_request:
|
33
|
+
types: [opened, reopened, synchronize]
|
34
|
+
|
35
|
+
env:
|
36
|
+
PUPPET_VERSION: '~> 6'
|
37
|
+
|
38
|
+
jobs:
|
39
|
+
ruby-style:
|
40
|
+
if: false # TODO Modules will need: rubocop in Gemfile, .rubocop.yml
|
41
|
+
name: 'Ruby Style (experimental)'
|
42
|
+
runs-on: ubuntu-18.04
|
43
|
+
continue-on-error: true
|
44
|
+
steps:
|
45
|
+
- uses: actions/checkout@v2
|
46
|
+
- name: "Install Ruby ${{matrix.puppet.ruby_version}}"
|
47
|
+
uses: ruby/setup-ruby@v1
|
48
|
+
with:
|
49
|
+
ruby-version: 2.5
|
50
|
+
bundler-cache: true
|
51
|
+
- run: |
|
52
|
+
bundle show
|
53
|
+
bundle exec rake rubocop
|
54
|
+
|
55
|
+
spec-tests:
|
56
|
+
name: 'Spec'
|
57
|
+
runs-on: ubuntu-18.04
|
58
|
+
strategy:
|
59
|
+
matrix:
|
60
|
+
puppet:
|
61
|
+
- label: 'Puppet 6.18 [SIMP 6.5/PE 2019.8]'
|
62
|
+
puppet_version: '~> 6.18.0'
|
63
|
+
ruby_version: '2.5'
|
64
|
+
- label: 'Puppet 5.5 [SIMP 6.4/PE 2018.1]'
|
65
|
+
puppet_version: '~> 5.5.22'
|
66
|
+
ruby_version: '2.4'
|
67
|
+
- label: 'Puppet 7.x'
|
68
|
+
puppet_version: '~> 7.0'
|
69
|
+
ruby_version: '2.7'
|
70
|
+
env:
|
71
|
+
PUPPET_VERSION: '${{matrix.puppet.puppet_version}}'
|
72
|
+
steps:
|
73
|
+
- uses: actions/checkout@v2
|
74
|
+
- name: 'Install Ruby ${{matrix.puppet.ruby_version}}'
|
75
|
+
uses: ruby/setup-ruby@v1
|
76
|
+
with:
|
77
|
+
ruby-version: ${{matrix.puppet.ruby_version}}
|
78
|
+
bundler-cache: true
|
79
|
+
- run: 'command -v rpm || if command -v apt-get; then sudo apt-get update; sudo apt-get install -y rpm; fi ||:'
|
80
|
+
- run: 'bundle exec rake spec'
|
81
|
+
|
82
|
+
# dump_contexts:
|
83
|
+
# name: 'Examine Context contents'
|
84
|
+
# runs-on: ubuntu-16.04
|
85
|
+
# steps:
|
86
|
+
# - name: Dump contexts
|
87
|
+
# env:
|
88
|
+
# GITHUB_CONTEXT: ${{ toJson(github) }}
|
89
|
+
# run: echo "$GITHUB_CONTEXT"
|
90
|
+
#
|
data/.gitlab-ci.yml
CHANGED
@@ -312,6 +312,18 @@ pup7.x-pkg:
|
|
312
312
|
|
313
313
|
#=======================================================================
|
314
314
|
# Acceptance tests
|
315
|
+
|
316
|
+
# Verify a suite fails when an explicitly-specified nodeset does not exist.
|
317
|
+
# It is significantly quicker to test here (where rvm is already installed
|
318
|
+
# and the bundle is configured with this version of simp-beaker-helpers)
|
319
|
+
# than in an acceptance test with a build user.
|
320
|
+
default-bad-nodeset:
|
321
|
+
<<: *pup_6_x
|
322
|
+
<<: *acceptance_base
|
323
|
+
script:
|
324
|
+
- 'RESULT=`bundle exec rake beaker:suites[default,oops] 1>/dev/null; echo $?`; (test $RESULT == "1")'
|
325
|
+
- echo 'beaker:suites correctly failed with unknown nodeset'
|
326
|
+
|
315
327
|
default:
|
316
328
|
<<: *pup_6_x
|
317
329
|
<<: *acceptance_base
|
@@ -348,9 +360,16 @@ puppet7_collections:
|
|
348
360
|
script:
|
349
361
|
- bundle exec rake beaker:suites[puppet_collections]
|
350
362
|
|
363
|
+
oel_ssg:
|
364
|
+
<<: *pup_6_x
|
365
|
+
<<: *acceptance_base
|
366
|
+
script:
|
367
|
+
- bundle exec rake beaker:suites[ssg,oel]
|
368
|
+
|
351
369
|
windows:
|
352
370
|
<<: *pup_6_x
|
353
371
|
<<: *acceptance_base
|
372
|
+
allow_failure: true
|
354
373
|
script:
|
355
374
|
- bundle exec rake beaker:suites[windows]
|
356
375
|
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,37 @@
|
|
1
|
+
### 1.23.4 / 2021-07-07
|
2
|
+
* Fixed:
|
3
|
+
* Ensure that the openscap-scanner package is installed during SSG runs
|
4
|
+
* Added:
|
5
|
+
* A function to fetch the available SSG profiles on a target system
|
6
|
+
* Changed:
|
7
|
+
* Added OEL nodeset
|
8
|
+
|
9
|
+
### 1.23.3 / 2021-06-30
|
10
|
+
* Fixed:
|
11
|
+
* Removed the Streams kernel update for EL 8.3 since it now causes issues
|
12
|
+
* Use `pfact_on` to select the interface facts to fix Puppet 7 issues
|
13
|
+
|
14
|
+
### 1.23.2 / 2021-05-29
|
15
|
+
* Fixed:
|
16
|
+
* Fail an acceptance test when an explicitly-specified nodeset for an
|
17
|
+
acceptance test suite does not exist and the suite is configured
|
18
|
+
to fail fast (default behavior).
|
19
|
+
* The usual way of registering RHEL systems had to be changed to activate
|
20
|
+
immediately when called to function properly.
|
21
|
+
|
22
|
+
### 1.23.1 / 2021-05-19
|
23
|
+
* Fixed:
|
24
|
+
* The SSG default branch is now the latest numeric tag instead of the one
|
25
|
+
closest to the head of the default branch. The tag closest to the default
|
26
|
+
branch has drifted over time.
|
27
|
+
* Removed direct call to `docker` when copying out inspec results
|
28
|
+
* Typos in `copy_in` when running against docker
|
29
|
+
* Added:
|
30
|
+
* `Simp::BeakerHelpers::Inspec.enable_repo_on(suts)` to allow users to easily
|
31
|
+
enable the Chef repos for inspec
|
32
|
+
* Beaker tests for inspec and SSG basic functionality
|
33
|
+
* GitHub Actions for acceptance testing where possible
|
34
|
+
|
1
35
|
### 1.23.0 / 2021-03-16
|
2
36
|
* Added:
|
3
37
|
* For `podman` support:
|
data/lib/simp/beaker_helpers.rb
CHANGED
@@ -193,7 +193,7 @@ module Simp::BeakerHelpers
|
|
193
193
|
else
|
194
194
|
cmd = [
|
195
195
|
%{tar #{exclude_list.join(' ')} -hcf - -C "#{File.dirname(src)}" "#{File.basename(src)}"},
|
196
|
-
%{#{docker_cmd} exec -i "#{container_id}" tar -C "#{
|
196
|
+
%{#{docker_cmd} exec -i "#{container_id}" tar -C "#{dest}" -xf -}
|
197
197
|
].join(' | ')
|
198
198
|
end
|
199
199
|
|
@@ -248,7 +248,7 @@ module Simp::BeakerHelpers
|
|
248
248
|
rescue StandardError
|
249
249
|
# If *anything* fails, we need to fall back to `puppet facts`
|
250
250
|
|
251
|
-
facts_json =
|
251
|
+
facts_json = retry_on(sut, 'puppet facts find garbage_xxx', :silent => true, :max_retries => 4).stdout
|
252
252
|
facts = JSON.parse(facts_json)['values']
|
253
253
|
end
|
254
254
|
|
@@ -539,7 +539,7 @@ module Simp::BeakerHelpers
|
|
539
539
|
block_on(suts, :run_in_parallel => parallel) do |sut|
|
540
540
|
if sut['yum_repos']
|
541
541
|
sut['yum_repos'].each_pair do |repo, metadata|
|
542
|
-
repo_manifest = create_yum_resource(
|
542
|
+
repo_manifest = create_yum_resource(repo, metadata)
|
543
543
|
|
544
544
|
apply_manifest_on(sut, repo_manifest, :catch_failures => true)
|
545
545
|
end
|
@@ -672,6 +672,9 @@ module Simp::BeakerHelpers
|
|
672
672
|
def linux_errata( suts )
|
673
673
|
parallel = (ENV['BEAKER_SIMP_parallel'] == 'yes')
|
674
674
|
block_on(suts, :run_in_parallel => parallel) do |sut|
|
675
|
+
# Set the locale if not set
|
676
|
+
sut.set_env_var('LANG', 'en_US.UTF-8') unless sut.get_env_var('LANG')
|
677
|
+
|
675
678
|
# We need to be able to flip between server and client without issue
|
676
679
|
on sut, 'puppet resource group puppet gid=52'
|
677
680
|
on sut, 'puppet resource user puppet comment="Puppet" gid="52" uid="52" home="/var/lib/puppet" managehome=true'
|
@@ -747,11 +750,9 @@ module Simp::BeakerHelpers
|
|
747
750
|
if os_info['family'] == 'RedHat'
|
748
751
|
# OS-specific items
|
749
752
|
if os_info['name'] == 'RedHat'
|
750
|
-
|
751
|
-
c.before(:all) do
|
752
|
-
rhel_rhsm_subscribe(sut)
|
753
|
-
end
|
753
|
+
rhel_rhsm_subscribe(sut)
|
754
754
|
|
755
|
+
RSpec.configure do |c|
|
755
756
|
c.after(:all) do
|
756
757
|
rhel_rhsm_unsubscribe(sut)
|
757
758
|
end
|
@@ -770,15 +771,6 @@ module Simp::BeakerHelpers
|
|
770
771
|
apply_manifest_on(sut, pp, :catch_failures => false)
|
771
772
|
end
|
772
773
|
|
773
|
-
unless sut[:hypervisor] == 'docker'
|
774
|
-
if (os_info['name'] == 'CentOS') && (os_info['release']['major'].to_i >= 8)
|
775
|
-
if os_info['release']['minor'].to_i == 3
|
776
|
-
update_package_from_centos_stream(sut, 'kernel')
|
777
|
-
sut.reboot
|
778
|
-
end
|
779
|
-
end
|
780
|
-
end
|
781
|
-
|
782
774
|
# Clean up YUM prior to starting our test runs.
|
783
775
|
on(sut, 'yum clean all')
|
784
776
|
end
|
@@ -1095,13 +1087,13 @@ module Simp::BeakerHelpers
|
|
1095
1087
|
next
|
1096
1088
|
end
|
1097
1089
|
|
1098
|
-
interfaces_fact =
|
1090
|
+
interfaces_fact = pfact_on(host, 'interfaces')
|
1099
1091
|
|
1100
1092
|
interfaces = interfaces_fact.strip.split(',')
|
1101
1093
|
interfaces.delete_if { |x| x =~ /^lo/ }
|
1102
1094
|
|
1103
1095
|
interfaces.each do |iface|
|
1104
|
-
if
|
1096
|
+
if pfact_on(host, "ipaddress_#{iface}")
|
1105
1097
|
on(host, "ifup #{iface}", :accept_all_exit_codes => true)
|
1106
1098
|
end
|
1107
1099
|
end
|
@@ -10,6 +10,21 @@ module Simp::BeakerHelpers
|
|
10
10
|
attr_reader :profile_dir
|
11
11
|
attr_reader :deps_root
|
12
12
|
|
13
|
+
def self.enable_repo_on(suts)
|
14
|
+
parallel = (ENV['BEAKER_SIMP_parallel'] == 'yes')
|
15
|
+
block_on(suts, :run_in_parallel => parallel) do |sut|
|
16
|
+
repo_manifest = create_yum_resource(
|
17
|
+
'chef-current',
|
18
|
+
{
|
19
|
+
:baseurl => "https://packages.chef.io/repos/yum/current/el/#{fact_on(sut,'os.release.major')}/$basearch",
|
20
|
+
:gpgkeys => ['https://packages.chef.io/chef.asc']
|
21
|
+
}
|
22
|
+
)
|
23
|
+
|
24
|
+
apply_manifest_on(sut, repo_manifest, :catch_failures => true)
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
13
28
|
# Create a new Inspec helper for the specified host against the specified profile
|
14
29
|
#
|
15
30
|
# @param sut
|
@@ -81,18 +96,7 @@ module Simp::BeakerHelpers
|
|
81
96
|
tmpdir = Dir.mktmpdir
|
82
97
|
begin
|
83
98
|
Dir.chdir(tmpdir) do
|
84
|
-
|
85
|
-
# Work around for breaking changes in beaker-docker
|
86
|
-
if @sut.host_hash[:docker_container]
|
87
|
-
container_id = @sut.host_hash[:docker_container].id
|
88
|
-
else
|
89
|
-
container_id = @sut.host_hash[:docker_container_id]
|
90
|
-
end
|
91
|
-
|
92
|
-
%x(docker cp "#{container_id}:#{sut_inspec_results}" .)
|
93
|
-
else
|
94
|
-
scp_from(@sut, sut_inspec_results, '.')
|
95
|
-
end
|
99
|
+
scp_from(@sut, sut_inspec_results, '.')
|
96
100
|
|
97
101
|
local_inspec_results = File.basename(sut_inspec_results)
|
98
102
|
|
@@ -12,38 +12,42 @@ module Simp::BeakerHelpers
|
|
12
12
|
GIT_REPO = 'https://github.com/ComplianceAsCode/content.git'
|
13
13
|
end
|
14
14
|
|
15
|
-
# If this is not set, the
|
15
|
+
# If this is not set, the highest numeric tag will be used
|
16
16
|
GIT_BRANCH = nil
|
17
17
|
|
18
18
|
if ENV['BEAKER_ssg_branch']
|
19
19
|
GIT_BRANCH = ENV['BEAKER_ssg_branch']
|
20
20
|
end
|
21
21
|
|
22
|
-
|
22
|
+
EL7_PACKAGES = [
|
23
23
|
'PyYAML',
|
24
24
|
'cmake',
|
25
25
|
'git',
|
26
|
+
'openscap-scanner',
|
26
27
|
'openscap-python',
|
27
28
|
'openscap-utils',
|
28
|
-
'python-
|
29
|
-
'python-
|
29
|
+
'python-jinja2',
|
30
|
+
'python-lxml'
|
30
31
|
]
|
31
32
|
|
32
33
|
EL8_PACKAGES = [
|
33
|
-
'python3',
|
34
|
-
'python3-pyyaml',
|
35
34
|
'cmake',
|
36
35
|
'git',
|
36
|
+
'make',
|
37
37
|
'openscap-python3',
|
38
38
|
'openscap-utils',
|
39
|
+
'openscap-scanner',
|
40
|
+
'python3',
|
41
|
+
'python3-jinja2',
|
39
42
|
'python3-lxml',
|
40
|
-
'python3-
|
43
|
+
'python3-pyyaml',
|
44
|
+
'libarchive'
|
41
45
|
]
|
42
46
|
|
43
47
|
OS_INFO = {
|
44
48
|
'RedHat' => {
|
45
49
|
'6' => {
|
46
|
-
'required_packages' =>
|
50
|
+
'required_packages' => EL7_PACKAGES,
|
47
51
|
'ssg' => {
|
48
52
|
'profile_target' => 'rhel6',
|
49
53
|
'build_target' => 'rhel6',
|
@@ -51,7 +55,7 @@ module Simp::BeakerHelpers
|
|
51
55
|
}
|
52
56
|
},
|
53
57
|
'7' => {
|
54
|
-
'required_packages' =>
|
58
|
+
'required_packages' => EL7_PACKAGES,
|
55
59
|
'ssg' => {
|
56
60
|
'profile_target' => 'rhel7',
|
57
61
|
'build_target' => 'rhel7',
|
@@ -69,7 +73,7 @@ module Simp::BeakerHelpers
|
|
69
73
|
},
|
70
74
|
'CentOS' => {
|
71
75
|
'6' => {
|
72
|
-
'required_packages' =>
|
76
|
+
'required_packages' => EL7_PACKAGES,
|
73
77
|
'ssg' => {
|
74
78
|
'profile_target' => 'rhel6',
|
75
79
|
'build_target' => 'centos6',
|
@@ -77,7 +81,7 @@ module Simp::BeakerHelpers
|
|
77
81
|
}
|
78
82
|
},
|
79
83
|
'7' => {
|
80
|
-
'required_packages' =>
|
84
|
+
'required_packages' => EL7_PACKAGES,
|
81
85
|
'ssg' => {
|
82
86
|
'profile_target' => 'centos7',
|
83
87
|
'build_target' => 'centos7',
|
@@ -93,14 +97,25 @@ module Simp::BeakerHelpers
|
|
93
97
|
}
|
94
98
|
}
|
95
99
|
},
|
100
|
+
'Rocky' => {
|
101
|
+
'8' => {
|
102
|
+
'required_packages' => EL8_PACKAGES,
|
103
|
+
'ssg' => {
|
104
|
+
'profile_target' => 'centos8',
|
105
|
+
'build_target' => 'centos8',
|
106
|
+
'datastream' => 'ssg-centos8-ds.xml'
|
107
|
+
}
|
108
|
+
}
|
109
|
+
},
|
96
110
|
'OracleLinux' => {
|
97
111
|
'7' => {
|
98
|
-
'required_packages' =>
|
112
|
+
'required_packages' => EL7_PACKAGES,
|
99
113
|
'ssg' => {
|
100
114
|
'profile_target' => 'ol7',
|
101
115
|
'build_target' => 'ol7',
|
102
116
|
'datastream' => 'ssg-ol7-ds.xml'
|
103
117
|
},
|
118
|
+
},
|
104
119
|
'8' => {
|
105
120
|
'required_packages' => EL8_PACKAGES,
|
106
121
|
'ssg' => {
|
@@ -109,7 +124,6 @@ module Simp::BeakerHelpers
|
|
109
124
|
'datastream' => 'ssg-ol8-ds.xml'
|
110
125
|
}
|
111
126
|
}
|
112
|
-
}
|
113
127
|
}
|
114
128
|
}
|
115
129
|
|
@@ -123,8 +137,8 @@ module Simp::BeakerHelpers
|
|
123
137
|
def initialize(sut)
|
124
138
|
@sut = sut
|
125
139
|
|
126
|
-
@os =
|
127
|
-
@os_rel =
|
140
|
+
@os = pfact_on(@sut, 'os.name')
|
141
|
+
@os_rel = pfact_on(@sut, 'os.release.major')
|
128
142
|
|
129
143
|
sut.mkdir_p('scap_working_dir')
|
130
144
|
|
@@ -135,7 +149,7 @@ module Simp::BeakerHelpers
|
|
135
149
|
end
|
136
150
|
|
137
151
|
OS_INFO[@os][@os_rel]['required_packages'].each do |pkg|
|
138
|
-
@sut
|
152
|
+
install_latest_package_on(@sut, pkg)
|
139
153
|
end
|
140
154
|
|
141
155
|
@output_dir = File.absolute_path('sec_results/ssg')
|
@@ -146,7 +160,6 @@ module Simp::BeakerHelpers
|
|
146
160
|
|
147
161
|
@result_file = "#{@sut.hostname}-ssg-#{Time.now.to_i}"
|
148
162
|
|
149
|
-
|
150
163
|
get_ssg_datastream
|
151
164
|
end
|
152
165
|
|
@@ -154,6 +167,15 @@ module Simp::BeakerHelpers
|
|
154
167
|
OS_INFO[@os][@os_rel]['ssg']['profile_target']
|
155
168
|
end
|
156
169
|
|
170
|
+
def get_profiles
|
171
|
+
cmd = "cd #{@scap_working_dir}; oscap info --profiles"
|
172
|
+
on(@sut, "#{cmd} #{OS_INFO[@os][@os_rel]['ssg']['datastream']}")
|
173
|
+
.stdout
|
174
|
+
.strip
|
175
|
+
.lines
|
176
|
+
.map{|x| x.split(':').first}
|
177
|
+
end
|
178
|
+
|
157
179
|
def remediate(profile)
|
158
180
|
evaluate(profile, true)
|
159
181
|
end
|
@@ -165,7 +187,7 @@ module Simp::BeakerHelpers
|
|
165
187
|
cmd += ' --remediate'
|
166
188
|
end
|
167
189
|
|
168
|
-
cmd += %( --
|
190
|
+
cmd += %( --profile #{profile} --results #{@result_file}.xml --report #{@result_file}.html #{OS_INFO[@os][@os_rel]['ssg']['datastream']})
|
169
191
|
|
170
192
|
# We accept all exit codes here because there have occasionally been
|
171
193
|
# failures in the SSG content and we're not testing that.
|
@@ -265,7 +287,7 @@ module Simp::BeakerHelpers
|
|
265
287
|
"contains(@idref,'#{exl}')"
|
266
288
|
end.join(' or ')
|
267
289
|
|
268
|
-
xpath_query << ')' if exclusions.size >
|
290
|
+
xpath_query << ')' if exclusions.size > 0
|
269
291
|
end
|
270
292
|
|
271
293
|
xpath_query << ')]'
|
@@ -383,7 +405,12 @@ module Simp::BeakerHelpers
|
|
383
405
|
if GIT_BRANCH
|
384
406
|
on(@sut, %(cd scap-content; git checkout #{GIT_BRANCH}))
|
385
407
|
else
|
386
|
-
on(@sut, %(cd scap-content; git
|
408
|
+
tags = on(@sut, %(cd scap-content; git tag -l)).output
|
409
|
+
target_tag = tags.lines.map(&:strip)
|
410
|
+
.select{|x| x.start_with?(/v\d+\./)}
|
411
|
+
.sort.last
|
412
|
+
|
413
|
+
on(@sut, %(cd scap-content; git checkout #{target_tag}))
|
387
414
|
end
|
388
415
|
|
389
416
|
# Work around the issue where the profiles now strip out derivative
|
data/lib/simp/rake/beaker.rb
CHANGED
@@ -226,8 +226,14 @@ module Simp::Rake
|
|
226
226
|
|
227
227
|
nodesets.each do |nodeset_yml|
|
228
228
|
unless File.file?(nodeset_yml)
|
229
|
-
|
230
|
-
|
229
|
+
# Get here if user has specified a non-existent nodeset or the
|
230
|
+
# implied `default` nodeset does not exist.
|
231
|
+
if suite_config['fail_fast']
|
232
|
+
fail("*** Suite #{name} Nodeset '#{File.basename(nodeset_yml, '.yml')}' Not Found ***")
|
233
|
+
else
|
234
|
+
$stdout.puts("=== Suite #{name} Nodeset '#{File.basename(nodeset_yml, '.yml')}' Not Found, Skipping ===")
|
235
|
+
next
|
236
|
+
end
|
231
237
|
end
|
232
238
|
|
233
239
|
ENV['BEAKER_setfile'] = nodeset_yml
|
@@ -18,7 +18,7 @@ HOSTS:
|
|
18
18
|
roles:
|
19
19
|
- el8
|
20
20
|
platform: el-8-x86_64
|
21
|
-
box:
|
21
|
+
box: generic/centos8
|
22
22
|
hypervisor: <%= hypervisor %>
|
23
23
|
|
24
24
|
el8-0:
|
@@ -33,6 +33,7 @@ CONFIG:
|
|
33
33
|
log_level: verbose
|
34
34
|
type: aio
|
35
35
|
vagrant_memsize: 256
|
36
|
+
vagrant_cpus: 2
|
36
37
|
<% if ENV['BEAKER_PUPPET_COLLECTION'] -%>
|
37
38
|
puppet_collection: <%= ENV['BEAKER_PUPPET_COLLECTION'] %>
|
38
39
|
<% end -%>
|
@@ -21,28 +21,6 @@ CONFIG:
|
|
21
21
|
type: aio
|
22
22
|
<% if ENV['BEAKER_PUPPET_ENVIRONMENT'] -%>
|
23
23
|
puppet_environment: <%= ENV['BEAKER_PUPPET_ENVIRONMENT'] %>
|
24
|
-
<% end -%>
|
25
|
-
# This is necessary for pretty much all containers
|
26
|
-
docker_cap_add:
|
27
|
-
- AUDIT_WRITE
|
28
|
-
<%
|
29
|
-
require 'docker-api'
|
30
|
-
unless ::Docker.podman?
|
31
|
-
-%>
|
32
|
-
# All items below this point are required for systemd
|
33
|
-
mount_folders:
|
34
|
-
cgroup:
|
35
|
-
host_path: /sys/fs/cgroup
|
36
|
-
container_path: /sys/fs/cgroup
|
37
|
-
opts: 'ro'
|
38
|
-
dockeropts:
|
39
|
-
HostConfig:
|
40
|
-
Tmpfs:
|
41
|
-
'/run': 'rw,noexec,nosuid,nodev,size=65536k'
|
42
|
-
'/run/lock': 'rw,noexec,nosuid,nodev,size=65536k'
|
43
|
-
'/tmp': 'rw,exec,nosuid,nodev,size=65536k'
|
44
|
-
'/sys/fs/cgroup/systemd': 'rw,size=65536k'
|
45
|
-
'/var/log/journal': 'rw,noexec,nodev,nosuid,size=65536k'
|
46
24
|
<% end -%>
|
47
25
|
ssh:
|
48
26
|
password: root
|
@@ -0,0 +1,42 @@
|
|
1
|
+
<%
|
2
|
+
if ENV['BEAKER_HYPERVISOR']
|
3
|
+
hypervisor = ENV['BEAKER_HYPERVISOR']
|
4
|
+
else
|
5
|
+
hypervisor = 'vagrant'
|
6
|
+
end
|
7
|
+
-%>
|
8
|
+
HOSTS:
|
9
|
+
oel7:
|
10
|
+
roles:
|
11
|
+
- el7
|
12
|
+
- master
|
13
|
+
platform: el-7-x86_64
|
14
|
+
box: generic/oracle7
|
15
|
+
hypervisor: <%= hypervisor %>
|
16
|
+
|
17
|
+
oel8:
|
18
|
+
roles:
|
19
|
+
- el8
|
20
|
+
platform: el-8-x86_64
|
21
|
+
box: generic/oracle8
|
22
|
+
hypervisor: <%= hypervisor %>
|
23
|
+
|
24
|
+
CONFIG:
|
25
|
+
log_level: verbose
|
26
|
+
type: aio
|
27
|
+
vagrant_memsize: 512
|
28
|
+
vagrant_cpus: 2
|
29
|
+
<% if ENV['BEAKER_PUPPET_COLLECTION'] -%>
|
30
|
+
puppet_collection: <%= ENV['BEAKER_PUPPET_COLLECTION'] %>
|
31
|
+
<% end -%>
|
32
|
+
ssh:
|
33
|
+
keepalive: true
|
34
|
+
keepalive_interval: 10
|
35
|
+
host_key:
|
36
|
+
- <%= Net::SSH::Transport::Algorithms::ALGORITHMS[:host_key].join("\n#{' '*6}- ") %>
|
37
|
+
kex:
|
38
|
+
- <%= Net::SSH::Transport::Algorithms::ALGORITHMS[:kex].join("\n#{' '*6}- ") %>
|
39
|
+
encryption:
|
40
|
+
- <%= Net::SSH::Transport::Algorithms::ALGORITHMS[:encryption].join("\n#{' '*6}- ") %>
|
41
|
+
hmac:
|
42
|
+
- <%= Net::SSH::Transport::Algorithms::ALGORITHMS[:hmac].join("\n#{' '*6}- ") %>
|
@@ -9,13 +9,15 @@ hosts.each do |host|
|
|
9
9
|
end
|
10
10
|
|
11
11
|
it 'has fips enabled' do
|
12
|
-
|
13
|
-
|
12
|
+
if host[:hypervisor] == 'docker'
|
13
|
+
skip('Not supported on docker')
|
14
|
+
else
|
15
|
+
expect(fips_enabled(host)).to be true
|
16
|
+
end
|
14
17
|
end
|
15
18
|
else
|
16
19
|
it 'has fips disabled' do
|
17
|
-
|
18
|
-
expect(stdout).to eq('0')
|
20
|
+
expect(fips_enabled(host)).to be false
|
19
21
|
end
|
20
22
|
end
|
21
23
|
end
|
@@ -55,12 +55,19 @@ describe 'FIPS pre-installed' do
|
|
55
55
|
hosts.each do |host|
|
56
56
|
context "on #{host}" do
|
57
57
|
it 'does not create an alternate apply directory' do
|
58
|
-
|
58
|
+
if host[:hypervisor] == 'docker'
|
59
|
+
skip('Not supported on docker')
|
60
|
+
else
|
61
|
+
on(host, 'test ! -d /root/.beaker_fips/modules')
|
62
|
+
end
|
59
63
|
end
|
60
64
|
|
61
65
|
it 'has fips enabled' do
|
62
|
-
|
63
|
-
|
66
|
+
if host[:hypervisor] == 'docker'
|
67
|
+
skip('Not supported on docker')
|
68
|
+
else
|
69
|
+
expect(fips_enabled(host)).to be true
|
70
|
+
end
|
64
71
|
end
|
65
72
|
end
|
66
73
|
end
|
@@ -0,0 +1,54 @@
|
|
1
|
+
require 'spec_helper_acceptance'
|
2
|
+
require 'json'
|
3
|
+
|
4
|
+
test_name 'Inspec STIG Profile'
|
5
|
+
|
6
|
+
describe 'Inspec STIG Profile' do
|
7
|
+
|
8
|
+
profiles_to_validate = ['disa_stig']
|
9
|
+
|
10
|
+
hosts.each do |host|
|
11
|
+
profiles_to_validate.each do |profile|
|
12
|
+
context "for profile #{profile}" do
|
13
|
+
context "on #{host}" do
|
14
|
+
profile_path = File.join(
|
15
|
+
fixtures_path,
|
16
|
+
'inspec_profiles',
|
17
|
+
"#{fact_on(host, 'operatingsystem')}-#{fact_on(host, 'operatingsystemmajrelease')}-#{profile}"
|
18
|
+
)
|
19
|
+
|
20
|
+
unless File.exist?(profile_path)
|
21
|
+
it 'should run inspec' do
|
22
|
+
skip("No matching profile available at #{profile_path}")
|
23
|
+
end
|
24
|
+
else
|
25
|
+
before(:all) do
|
26
|
+
Simp::BeakerHelpers::Inspec.enable_repo_on(hosts)
|
27
|
+
@inspec = Simp::BeakerHelpers::Inspec.new(host, profile)
|
28
|
+
|
29
|
+
# If we don't do this, the variable gets reset
|
30
|
+
@inspec_report = { :data => nil }
|
31
|
+
end
|
32
|
+
|
33
|
+
it 'should run inspec' do
|
34
|
+
@inspec.run
|
35
|
+
end
|
36
|
+
|
37
|
+
it 'should have an inspec report' do
|
38
|
+
@inspec_report[:data] = @inspec.process_inspec_results
|
39
|
+
|
40
|
+
expect(@inspec_report[:data]).to_not be_nil
|
41
|
+
|
42
|
+
@inspec.write_report(@inspec_report[:data])
|
43
|
+
end
|
44
|
+
|
45
|
+
it 'should have a report' do
|
46
|
+
expect(@inspec_report[:data][:report]).to_not be_nil
|
47
|
+
puts @inspec_report[:data][:report]
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
@@ -0,0 +1 @@
|
|
1
|
+
spec/acceptance/suites/inspec/../../nodesets
|
@@ -13,7 +13,7 @@ end
|
|
13
13
|
hosts.each do |host|
|
14
14
|
describe 'make sure puppet version is valid' do
|
15
15
|
context "on #{host}" do
|
16
|
-
client_puppet_version = on(host, 'puppet --version').output.strip
|
16
|
+
client_puppet_version = on(host, 'puppet --version').output.lines.last.strip
|
17
17
|
|
18
18
|
it "should be running puppet version #{target_version}" do
|
19
19
|
expect(Gem::Version.new(client_puppet_version)).to be >= Gem::Version.new(target_version)
|
@@ -0,0 +1,47 @@
|
|
1
|
+
require 'spec_helper_acceptance'
|
2
|
+
|
3
|
+
test_name 'SSG Functionality Validation'
|
4
|
+
|
5
|
+
describe 'run the SSG against an SCAP profile' do
|
6
|
+
|
7
|
+
hosts.each do |host|
|
8
|
+
context "on #{host}" do
|
9
|
+
before(:all) do
|
10
|
+
@ssg = Simp::BeakerHelpers::SSG.new(host)
|
11
|
+
|
12
|
+
# If we don't do this, the variable gets reset
|
13
|
+
@ssg_report = { :data => nil }
|
14
|
+
end
|
15
|
+
|
16
|
+
it 'should run the SSG' do
|
17
|
+
profiles = @ssg.get_profiles
|
18
|
+
|
19
|
+
profile = profiles.find{|x| x =~ /_stig/} ||
|
20
|
+
profiles.find{|x| x =~ /_cui/} ||
|
21
|
+
profiles.find{|x| x =~ /_ospp/} ||
|
22
|
+
profiles.find{|x| x =~ /_standard/} ||
|
23
|
+
profiles.last
|
24
|
+
|
25
|
+
expect(profile).not_to be_nil
|
26
|
+
@ssg.evaluate(profile)
|
27
|
+
end
|
28
|
+
|
29
|
+
it 'should have an SSG report' do
|
30
|
+
# Validate that the filter works
|
31
|
+
filter = '_rule_audit'
|
32
|
+
host_exclusions = ['ssh_']
|
33
|
+
|
34
|
+
@ssg_report[:data] = @ssg.process_ssg_results(filter, host_exclusions)
|
35
|
+
|
36
|
+
expect(@ssg_report[:data]).to_not be_nil
|
37
|
+
|
38
|
+
@ssg.write_report(@ssg_report[:data])
|
39
|
+
end
|
40
|
+
|
41
|
+
it 'should have a report' do
|
42
|
+
expect(@ssg_report[:data][:report]).to_not be_nil
|
43
|
+
puts @ssg_report[:data][:report]
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
@@ -0,0 +1 @@
|
|
1
|
+
spec/acceptance/suites/ssg/../../nodesets
|
@@ -0,0 +1 @@
|
|
1
|
+
spec/fixtures/inspec_profiles/RedHat-7-disa_stig
|
@@ -0,0 +1 @@
|
|
1
|
+
spec/fixtures/inspec_profiles/RedHat-8-disa_stig
|
@@ -0,0 +1,45 @@
|
|
1
|
+
skips = {
|
2
|
+
'V-72209' => 'Cannot guarantee a remote syslog server during test'
|
3
|
+
}
|
4
|
+
overrides = [ 'V-72091' ]
|
5
|
+
subsystems = []
|
6
|
+
|
7
|
+
require_controls 'disa_stig-el7-baseline' do
|
8
|
+
skips.each_pair do |ctrl, reason|
|
9
|
+
control ctrl do
|
10
|
+
describe "Skip #{ctrl}" do
|
11
|
+
skip "Reason: #{skips[ctrl]}" do
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
@conf['profile'].info[:controls].each do |ctrl|
|
18
|
+
next if (overrides + skips.keys).include?(ctrl[:id])
|
19
|
+
|
20
|
+
if subsystems.empty?
|
21
|
+
control ctrl[:id]
|
22
|
+
else
|
23
|
+
tags = ctrl[:tags]
|
24
|
+
if tags && tags[:subsystems]
|
25
|
+
subsystems.each do |subsystem|
|
26
|
+
if tags[:subsystems].include?(subsystem)
|
27
|
+
control ctrl[:id]
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
## Overrides ##
|
35
|
+
|
36
|
+
# There's no email server to send anything to by default so syslog is a safer
|
37
|
+
# default for processing.
|
38
|
+
control 'V-72091' do
|
39
|
+
overrides << self.to_s
|
40
|
+
|
41
|
+
describe auditd_conf do
|
42
|
+
its('space_left_action.downcase') { should cmp 'syslog' }
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
name: EL7 STIG
|
2
|
+
title: STIG for EL 7
|
3
|
+
supports:
|
4
|
+
- os-family: redhat
|
5
|
+
maintainer: SIMP Team
|
6
|
+
copyright: Onyx Point, Inc.
|
7
|
+
copyright_email: simp@onyxpoint.com
|
8
|
+
license: Apache-2.0
|
9
|
+
summary: |
|
10
|
+
A collection of InSpec tests
|
11
|
+
version: 0.0.1
|
12
|
+
depends:
|
13
|
+
- name: disa_stig-el7-baseline
|
14
|
+
path: ../../inspec_deps/inspec_profiles/profiles/disa_stig-el7-baseline
|
@@ -0,0 +1,45 @@
|
|
1
|
+
skips = {
|
2
|
+
'V-72209' => 'Cannot guarantee a remote syslog server during test'
|
3
|
+
}
|
4
|
+
overrides = [ 'V-72091' ]
|
5
|
+
subsystems = []
|
6
|
+
|
7
|
+
require_controls 'disa_stig-el8-baseline' do
|
8
|
+
skips.each_pair do |ctrl, reason|
|
9
|
+
control ctrl do
|
10
|
+
describe "Skip #{ctrl}" do
|
11
|
+
skip "Reason: #{skips[ctrl]}" do
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
@conf['profile'].info[:controls].each do |ctrl|
|
18
|
+
next if (overrides + skips.keys).include?(ctrl[:id])
|
19
|
+
|
20
|
+
if subsystems.empty?
|
21
|
+
control ctrl[:id]
|
22
|
+
else
|
23
|
+
tags = ctrl[:tags]
|
24
|
+
if tags && tags[:subsystems]
|
25
|
+
subsystems.each do |subsystem|
|
26
|
+
if tags[:subsystems].include?(subsystem)
|
27
|
+
control ctrl[:id]
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
## Overrides ##
|
35
|
+
|
36
|
+
# There's no email server to send anything to by default so syslog is a safer
|
37
|
+
# default for processing.
|
38
|
+
control 'V-72091' do
|
39
|
+
overrides << self.to_s
|
40
|
+
|
41
|
+
describe auditd_conf do
|
42
|
+
its('space_left_action.downcase') { should cmp 'syslog' }
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
name: EL8 STIG
|
2
|
+
title: STIG for EL 8
|
3
|
+
supports:
|
4
|
+
- os-family: redhat
|
5
|
+
maintainer: SIMP Team
|
6
|
+
copyright: Onyx Point, Inc.
|
7
|
+
copyright_email: simp@onyxpoint.com
|
8
|
+
license: Apache-2.0
|
9
|
+
summary: |
|
10
|
+
A collection of InSpec tests
|
11
|
+
version: 0.0.1
|
12
|
+
depends:
|
13
|
+
- name: disa_stig-el8-baseline
|
14
|
+
path: ../../inspec_deps/inspec_profiles/profiles/disa_stig-el8-baseline
|
@@ -113,10 +113,8 @@ describe 'Simp::BeakerHelpers' do
|
|
113
113
|
end
|
114
114
|
pipe_in.close
|
115
115
|
|
116
|
-
|
117
|
-
expected_major_version = expected_version.split('.').first
|
116
|
+
expected_major_version = pipe_out.gets.split('.').first
|
118
117
|
|
119
|
-
expect( @helper.get_puppet_install_info[:puppet_install_version] ).to match(expected_version)
|
120
118
|
expect( @helper.get_puppet_install_info[:puppet_collection] ).to eq("puppet#{expected_major_version}")
|
121
119
|
expect( @helper.get_puppet_install_info[:puppet_install_type] ).to eq('agent')
|
122
120
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: simp-beaker-helpers
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.23.
|
4
|
+
version: 1.23.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Chris Tessmer
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2021-
|
12
|
+
date: 2021-07-13 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: beaker
|
@@ -190,9 +190,11 @@ files:
|
|
190
190
|
- ".fips_fixtures"
|
191
191
|
- ".fixtures.yml"
|
192
192
|
- ".github/workflows.local.json"
|
193
|
+
- ".github/workflows/pr_acceptance.yml"
|
193
194
|
- ".github/workflows/pr_glci.yml"
|
194
195
|
- ".github/workflows/pr_glci_cleanup.yml"
|
195
196
|
- ".github/workflows/pr_glci_manual.yml"
|
197
|
+
- ".github/workflows/pr_tests.yml"
|
196
198
|
- ".github/workflows/tag_deploy_rubygem.yml"
|
197
199
|
- ".gitignore"
|
198
200
|
- ".gitlab-ci.yml"
|
@@ -219,6 +221,7 @@ files:
|
|
219
221
|
- simp-beaker-helpers.gemspec
|
220
222
|
- spec/acceptance/nodesets/default.yml
|
221
223
|
- spec/acceptance/nodesets/docker.yml
|
224
|
+
- spec/acceptance/nodesets/oel.yml
|
222
225
|
- spec/acceptance/nodesets/ubuntu.yml
|
223
226
|
- spec/acceptance/suites/default/check_puppet_version_spec.rb
|
224
227
|
- spec/acceptance/suites/default/enable_fips_spec.rb
|
@@ -231,6 +234,9 @@ files:
|
|
231
234
|
- spec/acceptance/suites/fips_from_fixtures/00_default_spec.rb
|
232
235
|
- spec/acceptance/suites/fips_from_fixtures/metadata.yml
|
233
236
|
- spec/acceptance/suites/fips_from_fixtures/nodesets
|
237
|
+
- spec/acceptance/suites/inspec/00_default_spec.rb
|
238
|
+
- spec/acceptance/suites/inspec/metadata.yml
|
239
|
+
- spec/acceptance/suites/inspec/nodesets
|
234
240
|
- spec/acceptance/suites/offline/00_default_spec.rb
|
235
241
|
- spec/acceptance/suites/offline/README
|
236
242
|
- spec/acceptance/suites/offline/nodesets/default.yml
|
@@ -239,11 +245,20 @@ files:
|
|
239
245
|
- spec/acceptance/suites/snapshot/00_snapshot_test_spec.rb
|
240
246
|
- spec/acceptance/suites/snapshot/10_general_usage_spec.rb
|
241
247
|
- spec/acceptance/suites/snapshot/nodesets
|
248
|
+
- spec/acceptance/suites/ssg/00_default_spec.rb
|
249
|
+
- spec/acceptance/suites/ssg/metadata.yml
|
250
|
+
- spec/acceptance/suites/ssg/nodesets
|
242
251
|
- spec/acceptance/suites/windows/00_default_spec.rb
|
243
252
|
- spec/acceptance/suites/windows/metadata.yml
|
244
253
|
- spec/acceptance/suites/windows/nodesets/default.yml
|
245
254
|
- spec/acceptance/suites/windows/nodesets/win2016.yml
|
246
255
|
- spec/acceptance/suites/windows/nodesets/win2019.yml
|
256
|
+
- spec/fixtures/inspec_profiles/CentOS-7-disa_stig
|
257
|
+
- spec/fixtures/inspec_profiles/CentOS-8-disa_stig
|
258
|
+
- spec/fixtures/inspec_profiles/RedHat-7-disa_stig/controls/00_Control_Selector.rb
|
259
|
+
- spec/fixtures/inspec_profiles/RedHat-7-disa_stig/inspec.yml
|
260
|
+
- spec/fixtures/inspec_profiles/RedHat-8-disa_stig/controls/00_Control_Selector.rb
|
261
|
+
- spec/fixtures/inspec_profiles/RedHat-8-disa_stig/inspec.yml
|
247
262
|
- spec/lib/simp/beaker_helpers_spec.rb
|
248
263
|
- spec/spec_helper.rb
|
249
264
|
- spec/spec_helper_acceptance.rb
|