simp-beaker-helpers 1.23.4 → 1.24.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4a8f3a3f4dc773c215796e464031e1ab00ed025c9a3346fd4573d12a1a072fd9
-  data.tar.gz: 1d55ad88ebae56afe2e807ad1a27d3e6ee5828499ef2f3655770b71f8660d579
+  metadata.gz: a3ebfb21a6409e25775b605532f96982fe2bfc200dced0a88683427bf1c3818e
+  data.tar.gz: 94ecd0803ebda28858480211e6fc0d0ab0402c96dbf3101fa4f6a7f17070c11e
 SHA512:
-  metadata.gz: 10d292eb75b4bcd9d2bfc2bc5223367ea2706db88cdc29d016b37db9864530d6a923e56339d1f37a5b4e9b9cf1edeb34c179d73d5a56361416145a363c02890e
-  data.tar.gz: f877ae87cf79c64786aeaf800cb1d8b839ad251c80664e128b498a7e555d9661a7034e677d1682bcbc91fb8ce00ba504f5ed22035ad6ed877df45d0c8851b241
+  metadata.gz: 72fb511dc7fb090c5ae5f80170975af6c0e33ebf01744b090a1cae8579e052d8baa354b9d42e9b9a9b50fda12afc54e8e519e1278bc565633b8777be79827c18
+  data.tar.gz: 4629b633ec4a047d1549fa9f7ab2dbc457a72e1770cfbff8aaf9eba9a5648905a9be87b32a5191797caab501e25e47ba6cb975e70a1ebc9ca9b0bd16f34201de

data/.fixtures.yml

@@ -7,6 +7,3 @@ fixtures:
     disa_stig-el7-baseline:
       repo: https://github.com/mitre/redhat-enterprise-linux-7-stig-baseline
       target: spec/fixtures/inspec_deps/inspec_profiles/profiles
-    disa_stig-el8-baseline:
-      repo: https://github.com/mitre/redhat-enterprise-linux-8-stig-baseline
-      target: spec/fixtures/inspec_deps/inspec_profiles/profiles

data/.github/workflows/pr_acceptance.yml

@@ -1,5 +1,5 @@
 # Run all tests as GitHub Actions
-name: Unit Tests
+name: Acceptance Tests
 on:
   push:
     branches:

data/.github/workflows/pr_glci.yml

@@ -63,7 +63,7 @@ jobs:
   # we restrict ourselves to sending data elsewhere.
   glci-syntax:
     name: '.gitlab-ci.yml Syntax'
-    runs-on: ubuntu-16.04
+    runs-on: ubuntu-latest
     outputs:
       valid: ${{ steps.validate-glci-file.outputs.valid }}
     steps:
@@ -174,7 +174,7 @@ jobs:
 ###  examine_contexts:
 ###    name: 'Examine Context contents'
 ###    if: always()
-###    runs-on: ubuntu-16.04
+###    runs-on: ubuntu-latest
 ###    needs: [ glci-syntax, contributor-permissions ]
 ###    steps:
 ###      - name: Dump contexts

data/.github/workflows/pr_glci_cleanup.yml

@@ -93,7 +93,7 @@ jobs:
 ###  examine_contexts:
 ###    name: 'Examine Context contents'
 ###    if: always()
-###    runs-on: ubuntu-16.04
+###    runs-on: ubuntu-latest
 ###    steps:
 ###      - name: Dump contexts
 ###        env:

data/.github/workflows/tag_deploy_rubygem.yml

@@ -1,4 +1,4 @@
-# Build & Deploy RubyGem & GitHub release when a SemVer tag is pushed
+# When SemVer tag is pushed: create GitHub release & publish gem to rubygems.org
 #
 # This workflow's jobs are only triggered in repos under the `simp` organization
 # ------------------------------------------------------------------------------

data/.gitlab-ci.yml

@@ -273,10 +273,6 @@ variables:
 # Unit Tests
 #-----------------------------------------------------------------------
 
-pup5.x-unit:
-  <<: *pup_5_x
-  <<: *unit_tests
-
 pup6.x-unit:
   <<: *pup_6_x
   <<: *unit_tests
@@ -292,12 +288,6 @@ pup7.x-unit:
 #=======================================================================
 # Packaging test
 
-pup5.x-pkg:
-  <<: *pup_5_x
-  <<: *unit_tests
-  script:
-    'bundle exec rake pkg:gem'
-
 pup6.x-pkg:
   <<: *pup_6_x
   <<: *unit_tests

data/CHANGELOG.md

@@ -1,3 +1,28 @@
+### 1.24.2 / 2022-03-09
+* Fixed:
+  * Prevent `spec/` directory symlink recursion in `copy_fixture_modules_to`
+  * Update the derivatives workaround to insert an inert line instead of
+    commenting out the previous line to allow for logic updates
+  * Addressed a bug where passing an empty exceptions array would produce an
+    invalid xpath query
+  * Ensure that the new SIMP community RPMs are used
+
+### 1.24.1 / 2021-10-27
+* Fixed:
+  * Worked around a bug in 'puppet lookup' - PUP-11402
+  * Updated calls to the operating system fact when connecting to RHSM
+
+### 1.24.0 / 2021-10-05
+* Fixed:
+  * Pinned the version of inspec to 4.39.0 since 4.41 broke tag processing
+  * Only call `activate_interfaces` once per test run instead of at each context
+    which saves quite a bit of time during testing
+  * SSG tag selection logic
+  * Use `sed -ci` which works with docker volume mounts
+* Added:
+  * Modified the `activate_interfaces` method to use the `networking` fact if
+    available which shaves quite a bit of time off of each test run
+
 ### 1.23.4 / 2021-07-07
 * Fixed:
   * Ensure that the openscap-scanner package is installed during SSG runs

data/Gemfile

@@ -45,7 +45,7 @@ group :system_tests do
   gem 'beaker-windows'
   gem 'net-ssh'
   gem 'puppet', ENV.fetch('PUPPET_VERSION', '~> 6.0')
-  gem 'puppetlabs_spec_helper'
+  gem 'puppetlabs_spec_helper', '~> 3.0'
   gem 'rubocop'
   gem 'rubocop-rspec'
 end

data/files/pki/make.sh

@@ -73,7 +73,7 @@ for hosts in $*; do
       done
     done
 
-    sed -i "s/# subjectAltName = #ALTNAMES#/subjectAltName = ${altnames}/" "working/${hname}.cnf"
+    sed -ci "s/# subjectAltName = #ALTNAMES#/subjectAltName = ${altnames}/" "working/${hname}.cnf"
   fi
 
   echo "-- running openssl req"

data/lib/simp/beaker_helpers/ssg.rb

@@ -278,9 +278,8 @@ module Simp::BeakerHelpers
 
         xpath_query << ')' if filter.size > 1
 
-        if exclusions
-          exclusions = Array(exclusions)
-
+        exclusions = Array(exclusions)
+        unless exclusions.empty?
           xpath_query << 'and not('
 
           xpath_query << exclusions.map do |exl|
@@ -407,7 +406,7 @@ module Simp::BeakerHelpers
         else
           tags = on(@sut, %(cd scap-content; git tag -l)).output
           target_tag = tags.lines.map(&:strip)
-            .select{|x| x.start_with?(/v\d+\./)}
+            .select{|x| x.match?(/^v(\d+\.)+\d+$/)}
             .sort.last
 
           on(@sut, %(cd scap-content; git checkout #{target_tag}))
@@ -419,7 +418,7 @@ module Simp::BeakerHelpers
         #
         # This isn't 100% correct but it's "good enough" for an automated CI
         # environment to tell us if something is critically out of alignment.
-        on(@sut, %(cd scap-content/build-scripts; sed -i 's/ssg.build_derivatives.profile_handling/#ssg.build_derivatives.profile_handling/g' enable_derivatives.py))
+        on(@sut, %(cd scap-content/build-scripts; sed -ci 's/ssg.build_derivatives.profile_handling/__simp_dontcare__ = None #ssg.build_derivatives.profile_handling/g' enable_derivatives.py))
 
         on(@sut, %(cd scap-content/build; cmake ../; make -j4 #{OS_INFO[@os][@os_rel]['ssg']['build_target']}-content && cp *ds.xml #{@scap_working_dir}))
       end

data/lib/simp/beaker_helpers/version.rb

@@ -1,5 +1,5 @@
 module Simp; end
 
 module Simp::BeakerHelpers
-  VERSION = '1.23.4'
+  VERSION = '1.24.2'
 end

data/lib/simp/beaker_helpers.rb

@@ -411,7 +411,7 @@ module Simp::BeakerHelpers
               begin
                 tarfile = "#{Simp::BeakerHelpers.tmpname}.tar"
 
-                excludes = PUPPET_MODULE_INSTALL_IGNORE.map do |x|
+                excludes = (PUPPET_MODULE_INSTALL_IGNORE + ['spec']).map do |x|
                   x = "--exclude '*/#{x}'"
                 end.join(' ')
 
@@ -483,7 +483,7 @@ module Simp::BeakerHelpers
       #      that doesn't break vagrant access and is appropriate for
       #      typical module tests.)
       fips_ssh_ciphers = [ 'aes256-ctr','aes192-ctr','aes128-ctr']
-      on(sut, %(sed -i '/Ciphers /d' /etc/ssh/sshd_config))
+      on(sut, %(sed -ci '/Ciphers /d' /etc/ssh/sshd_config))
       on(sut, %(echo 'Ciphers #{fips_ssh_ciphers.join(',')}' >> /etc/ssh/sshd_config))
 
       fips_enable_modulepath = ''
@@ -688,7 +688,7 @@ module Simp::BeakerHelpers
       if current_domain.empty?
         new_fqdn = hostname + '.beaker.test'
 
-        on(sut, "sed -i 's/#{hostname}.*/#{new_fqdn} #{hostname}/' /etc/hosts")
+        on(sut, "sed -ci 's/#{hostname}.*/#{new_fqdn} #{hostname}/' /etc/hosts")
         on(sut, "echo '#{new_fqdn}' > /etc/hostname", :accept_all_exit_codes => true)
         on(sut, "hostname #{new_fqdn}", :accept_all_exit_codes => true)
 
@@ -810,8 +810,8 @@ module Simp::BeakerHelpers
         rhsm_opts.merge!(opts)
       end
 
-      os = fact_on(sut, 'operatingsystem').strip
-      os_release = fact_on(sut, 'operatingsystemmajrelease').strip
+      os = fact_on(sut, 'os.name').strip
+      os_release = fact_on(sut, 'os.release.major').strip
 
       if os == 'RedHat'
         unless rhsm_opts[:username] && rhsm_opts[:password]
@@ -953,21 +953,31 @@ module Simp::BeakerHelpers
       host_entry[fqdn] << host.name if (host[:hypervisor] == 'docker')
 
       # Ensure that all interfaces are active prior to collecting data
-      activate_interfaces(host) unless ENV['BEAKER_no_fix_interfaces']
+      activate_interfaces(host)
 
-      # Gather the IP Addresses for the host to embed in the cert
-      interfaces = fact_on(host, 'interfaces').strip.split(',')
-      interfaces.each do |interface|
-        ipaddress = fact_on(host, "ipaddress_#{interface}")
+      networking_fact = pfact_on(host, 'networking')
+      if networking_fact && networking_fact['interfaces']
+        networking_fact['interfaces'].each do |iface, data|
+          next unless data['ip']
+          next if data['ip'].start_with?('127.')
 
-        next if ipaddress.nil? || ipaddress.empty? || ipaddress.start_with?('127.')
+          host_entry[fqdn] << data['ip'].strip
+        end
+      else
+        # Gather the IP Addresses for the host to embed in the cert
+        interfaces = fact_on(host, 'interfaces').strip.split(',')
+        interfaces.each do |interface|
+          ipaddress = fact_on(host, "ipaddress_#{interface}")
 
-        host_entry[fqdn] << ipaddress.strip
+          next if ipaddress.nil? || ipaddress.empty? || ipaddress.start_with?('127.')
 
-        unless host_entry[fqdn].empty?
-          suts_network_info[fqdn] = host_entry[fqdn].sort.uniq
+          host_entry[fqdn] << ipaddress.strip
         end
       end
+
+      unless host_entry[fqdn].empty?
+        suts_network_info[fqdn] = host_entry[fqdn].sort.uniq
+      end
     end
 
     # Get all of the repeated SUT IP addresses:
@@ -1072,7 +1082,6 @@ module Simp::BeakerHelpers
     on ca_sut, "chgrp -R puppet #{host_keydist_dir}"
   end
 
-
   # Activate all network interfaces on the target system
   #
   # This is generally needed if the upstream vendor does not activate all
@@ -1080,6 +1089,8 @@ module Simp::BeakerHelpers
   #
   # Can be passed any number of hosts either singly or as an Array
   def activate_interfaces(hosts)
+    return if ENV['BEAKER_no_fix_interfaces']
+
     parallel = (ENV['BEAKER_SIMP_parallel'] == 'yes')
     block_on(hosts, :run_in_parallel => parallel) do |host|
       if host[:platform] =~ /windows/
@@ -1087,14 +1098,22 @@ module Simp::BeakerHelpers
         next
       end
 
-      interfaces_fact = pfact_on(host, 'interfaces')
+      networking_fact = pfact_on(host, 'networking')
+      if networking_fact && networking_fact['interfaces']
+        networking_fact['interfaces'].each do |iface, data|
+          next if ( ( data['ip'] && !data['ip'].empty? ) || ( data['ip6'] && !data['ip6'].empty? ) )
+          on(host, "ifup #{iface}", :accept_all_exit_codes => true)
+        end
+      else
+        interfaces_fact = pfact_on(host, 'interfaces')
 
-      interfaces = interfaces_fact.strip.split(',')
-      interfaces.delete_if { |x| x =~ /^lo/ }
+        interfaces = interfaces_fact.strip.split(',')
+        interfaces.delete_if { |x| x =~ /^lo/ }
 
-      interfaces.each do |iface|
-        if pfact_on(host, "ipaddress_#{iface}")
-          on(host, "ifup #{iface}", :accept_all_exit_codes => true)
+        interfaces.each do |iface|
+          if pfact_on(host, "ipaddress_#{iface}")
+            on(host, "ifup #{iface}", :accept_all_exit_codes => true)
+          end
         end
       end
     end
@@ -1111,12 +1130,9 @@ module Simp::BeakerHelpers
   RSpec.configure do |c|
     c.before(:all) do
       @temp_hieradata_dirs = @temp_hieradata_dirs || []
-    end
 
-    # We can't guarantee that the upstream vendor isn't disabling interfaces so
-    # we need to turn them on at each context run
-    c.before(:context) do
-      activate_interfaces(hosts) unless ENV['BEAKER_no_fix_interfaces']
+      # We can't guarantee that the upstream vendor isn't disabling interfaces
+      activate_interfaces(hosts)
     end
 
     c.after(:all) do
@@ -1228,8 +1244,11 @@ module Simp::BeakerHelpers
   #
   # @returns [String] Path to the Hieradata directory on the target system
   def hiera_datadir(sut)
+    # A workaround for PUP-11042
+    sut_environment = sut.puppet_configprint['environment']
+
     # This output lets us know where Hiera is configured to look on the system
-    puppet_lookup_info = on(sut, 'puppet lookup --explain test__simp__test', :silent => true).output.strip.lines
+    puppet_lookup_info = on(sut, "puppet lookup --explain --environment #{sut_environment} test__simp__test", :silent => true).output.strip.lines
 
     if sut.puppet_configprint['manifest'].nil? || sut.puppet_configprint['manifest'].empty?
       fail("No output returned from `puppet config print manifest` on #{sut}")
@@ -1479,10 +1498,12 @@ module Simp::BeakerHelpers
     block_on(suts, :run_in_parallel => parallel) do |sut|
       install_package_unless_present_on(sut, 'yum-utils')
 
+      release = fact_on(sut, 'os.release.major')
+
       install_package_unless_present_on(
         sut,
         'simp-release-community',
-        "https://download.simp-project.com/simp-release-community.rpm",
+        "https://download.simp-project.com/simp-release-community.el#{release}.rpm"
       )
 
       to_disable = disable.dup

data/spec/acceptance/nodesets/default.yml

@@ -32,7 +32,7 @@ HOSTS:
 CONFIG:
   log_level: verbose
   type: aio
-  vagrant_memsize: 256
+  vagrant_memsize: 512
   vagrant_cpus: 2
 <% if ENV['BEAKER_PUPPET_COLLECTION'] -%>
   puppet_collection: <%= ENV['BEAKER_PUPPET_COLLECTION'] %>

data/spec/acceptance/nodesets/oel.yml

@@ -24,7 +24,7 @@ HOSTS:
 CONFIG:
   log_level: verbose
   type: aio
-  vagrant_memsize: 512
+  vagrant_memsize: 1024
   vagrant_cpus: 2
 <% if ENV['BEAKER_PUPPET_COLLECTION'] -%>
   puppet_collection: <%= ENV['BEAKER_PUPPET_COLLECTION'] %>

data/spec/acceptance/nodesets/ubuntu.yml

@@ -14,7 +14,7 @@ HOSTS:
 CONFIG:
   log_level: verbose
   type: aio
-  vagrant_memsize: 256
+  vagrant_memsize: 512
 <% if ENV['BEAKER_PUPPET_COLLECTION'] -%>
   puppet_collection: <%= ENV['BEAKER_PUPPET_COLLECTION'] %>
 <% end -%>

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: simp-beaker-helpers
 version: !ruby/object:Gem::Version
-  version: 1.23.4
+  version: 1.24.2
 platform: ruby
 authors:
 - Chris Tessmer
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-07-13 00:00:00.000000000 Z
+date: 2022-03-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: beaker
@@ -254,11 +254,8 @@ files:
 - spec/acceptance/suites/windows/nodesets/win2016.yml
 - spec/acceptance/suites/windows/nodesets/win2019.yml
 - spec/fixtures/inspec_profiles/CentOS-7-disa_stig
-- spec/fixtures/inspec_profiles/CentOS-8-disa_stig
 - spec/fixtures/inspec_profiles/RedHat-7-disa_stig/controls/00_Control_Selector.rb
 - spec/fixtures/inspec_profiles/RedHat-7-disa_stig/inspec.yml
-- spec/fixtures/inspec_profiles/RedHat-8-disa_stig/controls/00_Control_Selector.rb
-- spec/fixtures/inspec_profiles/RedHat-8-disa_stig/inspec.yml
 - spec/lib/simp/beaker_helpers_spec.rb
 - spec/spec_helper.rb
 - spec/spec_helper_acceptance.rb

data/spec/fixtures/inspec_profiles/CentOS-8-disa_stig

@@ -1 +0,0 @@
-spec/fixtures/inspec_profiles/RedHat-8-disa_stig

data/spec/fixtures/inspec_profiles/RedHat-8-disa_stig/controls/00_Control_Selector.rb

@@ -1,45 +0,0 @@
-skips = {
-  'V-72209' => 'Cannot guarantee a remote syslog server during test'
-}
-overrides = [ 'V-72091' ]
-subsystems = []
-
-require_controls 'disa_stig-el8-baseline' do
-  skips.each_pair do |ctrl, reason|
-    control ctrl do
-      describe "Skip #{ctrl}" do
-        skip "Reason: #{skips[ctrl]}" do
-        end
-      end
-    end
-  end
-
-  @conf['profile'].info[:controls].each do |ctrl|
-    next if (overrides + skips.keys).include?(ctrl[:id])
-
-    if subsystems.empty?
-      control ctrl[:id]
-    else
-      tags = ctrl[:tags]
-      if tags && tags[:subsystems]
-        subsystems.each do |subsystem|
-          if tags[:subsystems].include?(subsystem)
-            control ctrl[:id]
-          end
-        end
-      end
-    end
-  end
-
-  ## Overrides ##
-
-  # There's no email server to send anything to by default so syslog is a safer
-  # default for processing.
-  control 'V-72091' do
-    overrides << self.to_s
-
-    describe auditd_conf do
-      its('space_left_action.downcase') { should cmp 'syslog' }
-    end
-  end
-end

data/spec/fixtures/inspec_profiles/RedHat-8-disa_stig/inspec.yml

@@ -1,14 +0,0 @@
-name: EL8 STIG
-title: STIG for EL 8
-supports:
-  - os-family: redhat
-maintainer: SIMP Team
-copyright: Onyx Point, Inc.
-copyright_email: simp@onyxpoint.com
-license: Apache-2.0
-summary: |
-  A collection of InSpec tests
-version: 0.0.1
-depends:
-  - name: disa_stig-el8-baseline
-    path: ../../inspec_deps/inspec_profiles/profiles/disa_stig-el8-baseline