simp-beaker-helpers 1.24.0 → 1.24.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4403e18b35abbd1622d13e0fac49c4c22a20bf6b80b142b9db9fb5743a96bdf0
-  data.tar.gz: a490a356a2e18cda7611213d53e0202a3790377e722cd23d56228766d93351a5
+  metadata.gz: f276688200465dbee32f6af8cf2e31a665004ab297b5b0d664d94289d198c0db
+  data.tar.gz: 64c8554ce99bb2bd90b77cfdf08347e484c50ed5729fdb1920c19d9b268115bc
 SHA512:
-  metadata.gz: 9d9ab525dd5345fac7fb7c66fb8aab2c8449b6fce2e5812518a4341d8bdbd5a208e5a31c5b12fc912e664f1f4dbb11fb41419576eddd1fe09844f4aaa8af4cf2
-  data.tar.gz: 26a688025f283009ba338823369e26a2d65db16db212592ab9fe3432f3c1892b251ec176c1c0faa6a5f7abab727c4d2d25994c8af316a199027279a4ffec02d1
+  metadata.gz: a47fe8210f0b72074befb37c61f09bec2ac90e3e967e677c7fcbee20f1f72c2b66216553b0caaaaee6ecf593e39fba7ce82ec260dca0f0d9d3a3499d41e7cc54
+  data.tar.gz: bbe694671ca0ce55f70075bb40260ca114b10937294558318b164bd94e60f3c1bbc9fc84e64fb877731e1f9c031da431ac9f0c33381257527a89ee803cda5915

data/.fixtures.yml

@@ -7,6 +7,3 @@ fixtures:
     disa_stig-el7-baseline:
       repo: https://github.com/mitre/redhat-enterprise-linux-7-stig-baseline
       target: spec/fixtures/inspec_deps/inspec_profiles/profiles
-    disa_stig-el8-baseline:
-      repo: https://github.com/mitre/redhat-enterprise-linux-8-stig-baseline
-      target: spec/fixtures/inspec_deps/inspec_profiles/profiles

data/.github/workflows/pr_acceptance.yml

@@ -1,5 +1,5 @@
 # Run all tests as GitHub Actions
-name: Unit Tests
+name: Acceptance Tests
 on:
   push:
     branches:

data/.github/workflows/tag_deploy_rubygem.yml

@@ -21,7 +21,7 @@
 #
 # NOTES:
 #
-# * The CHANGLOG text is altered to remove RPM-style date headers, which don't
+# * The CHANGELOG text is altered to remove RPM-style date headers, which don't
 #   render well as markdown on the GitHub release pages
 #
 # * By default, the gem is built and released using the standard rake tasks
@@ -37,12 +37,15 @@
 #   All keys are optional.
 #
 ---
-name: 'Tag: Release to GitHub & rubygems.org'
+name: 'Tag: Release to GitHub + rubygems.org (no RPMS)'
 
 on:
   push:
     tags:
+      # NOTE: These filter patterns aren't actually regexes:
+      #   https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet
       - '[0-9]+\.[0-9]+\.[0-9]+'
+      - '[0-9]+\.[0-9]+\.[0-9]+\-[a-z]+[0-9]+'
 
 env:
   PUPPET_VERSION: '~> 6'
@@ -52,11 +55,7 @@ jobs:
   releng-checks:
     name: "RELENG checks"
     if: github.repository_owner == 'simp'
-    runs-on: ubuntu-18.04
-    outputs:
-      build_command: ${{ steps.commands.outputs.build_command }}
-      release_command: ${{ steps.commands.outputs.release_command }}
-      pkg_dir: ${{ steps.commands.outputs.pkg_dir }}
+    runs-on: ubuntu-latest
     steps:
       - name: "Assert '${{ github.ref }}' is a tag"
         run: '[[ "$GITHUB_REF" =~ ^refs/tags/ ]] || { echo "::error ::GITHUB_REF is not a tag: ${GITHUB_REF}"; exit 1 ; }'
@@ -64,7 +63,7 @@ jobs:
         with:
           ref: ${{ github.ref }}
           clean: true
-      - name: Determing build and release commands
+      - name: Determine build and release commands
         id: commands
         run: |
           # By default, these are the standard tasks from "bundler/gem_tasks"
@@ -92,9 +91,7 @@ jobs:
           ruby-version: 2.5
           bundler-cache: true
       - name: Test build the package
-        env:
-          GEM_BUILD_COMMAND: ${{ steps.commands.outputs.build_command }}
-        run: "$GEM_BUILD_COMMAND"
+        run: "${{ steps.commands.outputs.build_command }}"
       - name: "Assert '${{ github.ref }}' matches the package version"
         run: |
           tag="${GITHUB_REF/refs\/tags\//}"
@@ -109,7 +106,9 @@ jobs:
     name: Deploy GitHub Release
     needs: [ releng-checks ]
     if: github.repository_owner == 'simp'
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
+    outputs:
+      prerelease: ${{ steps.tag-check.outputs.prerelease }}
     steps:
       - name: Checkout code
         uses: actions/checkout@v2
@@ -117,6 +116,7 @@ jobs:
           ref: ${{ github.ref }}
           clean: true
           fetch-depth: 0
+
       - name: Get tag & annotation info (${{github.ref}})
         id: tag-check
         run: |
@@ -124,7 +124,19 @@ jobs:
           annotation="$(git for-each-ref "$GITHUB_REF" --format='%(contents)' --count=1)"
           annotation_title="$(echo "$annotation" | head -1)"
 
+
+          if [[ "$tag" =~ ^(simp-|v)?[0-9]+\.[0-9]+\.[0-9]+(-(rc|alpha|beta|pre|post)?([0-9]+)?)?$ ]]; then
+            if [ -n "${BASH_REMATCH[2]}" ]; then
+              prerelease=yes
+              annotation_title="Pre-release of ${tag}"
+            fi
+          else
+            printf '::error ::Release Tag format is not SemVer, X.Y.Z-R, X.Y.Z-<prerelease>: "%s"\n' "$RELEASE_TAG"
+            exit 88
+          fi
+
           echo "::set-output name=tag::${tag}"
+          echo "::set-output name=prerelease::${prerelease}"
           echo "::set-output name=annotation_title::${annotation_title}"
 
           # Prepare annotation body as a file for the next step
@@ -146,14 +158,14 @@ jobs:
           tag_name: ${{ github.ref }}
           release_name: ${{ steps.tag-check.outputs.annotation_title }}
           body_path: /tmp/annotation.body
+          prerelease: ${{ steps.tag-check.outputs.prerelease  == 'yes'}}
           draft: false
-          prerelease: false
 
   deploy-rubygem:
     name: Deploy RubyGem Release
-    needs: [ releng-checks ]
-    if: github.repository_owner == 'simp'
-    runs-on: ubuntu-18.04
+    needs: [ releng-checks, create-github-release ]
+    if: (github.repository_owner == 'simp') && (needs.create-github-release.outputs.prerelease != 'yes')
+    runs-on: ubuntu-latest
     env:
       RUBYGEMS_API_KEY: ${{ secrets.RUBYGEMS_API_KEY }}
       BUILD_COMMAND: ${{ needs.releng-checks.outputs.build_command }}

data/CHANGELOG.md

@@ -1,3 +1,21 @@
+### 1.24.3 / 2022-04-10
+* Fixed:
+  * Added python-setuptools to the list of required packages
+
+### 1.24.2 / 2022-03-09
+* Fixed:
+  * Prevent `spec/` directory symlink recursion in `copy_fixture_modules_to`
+  * Update the derivatives workaround to insert an inert line instead of
+    commenting out the previous line to allow for logic updates
+  * Addressed a bug where passing an empty exceptions array would produce an
+    invalid xpath query
+  * Ensure that the new SIMP community RPMs are used
+
+### 1.24.1 / 2021-10-27
+* Fixed:
+  * Worked around a bug in 'puppet lookup' - PUP-11402
+  * Updated calls to the operating system fact when connecting to RHSM
+
 ### 1.24.0 / 2021-10-05
 * Fixed:
   * Pinned the version of inspec to 4.39.0 since 4.41 broke tag processing

data/lib/simp/beaker_helpers/inspec.rb

@@ -34,9 +34,7 @@ module Simp::BeakerHelpers
     #   The name of the profile against which to run
     #
     def initialize(sut, profile)
-      # The 4.41 release is currently broken
-      # @inspec_version = ENV['BEAKER_inspec_version'] || 'latest'
-      @inspec_version = ENV['BEAKER_inspec_version'] || '4.39.0'
+      @inspec_version = ENV['BEAKER_inspec_version'] || 'latest'
 
       @sut = sut
 

data/lib/simp/beaker_helpers/ssg.rb

@@ -23,11 +23,12 @@ module Simp::BeakerHelpers
       'PyYAML',
       'cmake',
       'git',
-      'openscap-scanner',
       'openscap-python',
+      'openscap-scanner',
       'openscap-utils',
       'python-jinja2',
-      'python-lxml'
+      'python-lxml',
+      'python-setuptools'
     ]
 
     EL8_PACKAGES = [
@@ -41,6 +42,7 @@ module Simp::BeakerHelpers
       'python3-jinja2',
       'python3-lxml',
       'python3-pyyaml',
+      'python3-setuptools',
       'libarchive'
     ]
 
@@ -278,9 +280,8 @@ module Simp::BeakerHelpers
 
         xpath_query << ')' if filter.size > 1
 
-        if exclusions
-          exclusions = Array(exclusions)
-
+        exclusions = Array(exclusions)
+        unless exclusions.empty?
           xpath_query << 'and not('
 
           xpath_query << exclusions.map do |exl|
@@ -419,7 +420,7 @@ module Simp::BeakerHelpers
         #
         # This isn't 100% correct but it's "good enough" for an automated CI
         # environment to tell us if something is critically out of alignment.
-        on(@sut, %(cd scap-content/build-scripts; sed -ci 's/ssg.build_derivatives.profile_handling/#ssg.build_derivatives.profile_handling/g' enable_derivatives.py))
+        on(@sut, %(cd scap-content/build-scripts; sed -ci 's/ssg.build_derivatives.profile_handling/__simp_dontcare__ = None #ssg.build_derivatives.profile_handling/g' enable_derivatives.py))
 
         on(@sut, %(cd scap-content/build; cmake ../; make -j4 #{OS_INFO[@os][@os_rel]['ssg']['build_target']}-content && cp *ds.xml #{@scap_working_dir}))
       end

data/lib/simp/beaker_helpers/version.rb

@@ -1,5 +1,5 @@
 module Simp; end
 
 module Simp::BeakerHelpers
-  VERSION = '1.24.0'
+  VERSION = '1.24.3'
 end

data/lib/simp/beaker_helpers.rb

@@ -411,7 +411,7 @@ module Simp::BeakerHelpers
               begin
                 tarfile = "#{Simp::BeakerHelpers.tmpname}.tar"
 
-                excludes = PUPPET_MODULE_INSTALL_IGNORE.map do |x|
+                excludes = (PUPPET_MODULE_INSTALL_IGNORE + ['spec']).map do |x|
                   x = "--exclude '*/#{x}'"
                 end.join(' ')
 
@@ -810,8 +810,8 @@ module Simp::BeakerHelpers
         rhsm_opts.merge!(opts)
       end
 
-      os = fact_on(sut, 'operatingsystem').strip
-      os_release = fact_on(sut, 'operatingsystemmajrelease').strip
+      os = fact_on(sut, 'os.name').strip
+      os_release = fact_on(sut, 'os.release.major').strip
 
       if os == 'RedHat'
         unless rhsm_opts[:username] && rhsm_opts[:password]
@@ -1244,8 +1244,11 @@ module Simp::BeakerHelpers
   #
   # @returns [String] Path to the Hieradata directory on the target system
   def hiera_datadir(sut)
+    # A workaround for PUP-11042
+    sut_environment = sut.puppet_configprint['environment']
+
     # This output lets us know where Hiera is configured to look on the system
-    puppet_lookup_info = on(sut, 'puppet lookup --explain test__simp__test', :silent => true).output.strip.lines
+    puppet_lookup_info = on(sut, "puppet lookup --explain --environment #{sut_environment} test__simp__test", :silent => true).output.strip.lines
 
     if sut.puppet_configprint['manifest'].nil? || sut.puppet_configprint['manifest'].empty?
       fail("No output returned from `puppet config print manifest` on #{sut}")
@@ -1495,10 +1498,12 @@ module Simp::BeakerHelpers
     block_on(suts, :run_in_parallel => parallel) do |sut|
       install_package_unless_present_on(sut, 'yum-utils')
 
+      release = fact_on(sut, 'os.release.major')
+
       install_package_unless_present_on(
         sut,
         'simp-release-community',
-        "https://download.simp-project.com/simp-release-community.rpm",
+        "https://download.simp-project.com/simp-release-community.el#{release}.rpm"
       )
 
       to_disable = disable.dup

data/spec/acceptance/nodesets/default.yml

@@ -21,14 +21,6 @@ HOSTS:
     box: generic/centos8
     hypervisor: <%= hypervisor %>
 
-  el8-0:
-    roles:
-      - el8
-    platform: el-8-x86_64
-    box: centos/8
-    box_version: "1905.1"
-    hypervisor: <%= hypervisor %>
-
 CONFIG:
   log_level: verbose
   type: aio

data/spec/acceptance/suites/default/nodesets

@@ -1 +1 @@
-spec/acceptance/suites/default/../../nodesets
+../../nodesets

data/spec/acceptance/suites/fips_from_fixtures/nodesets

@@ -1 +1 @@
-spec/acceptance/suites/fips_from_fixtures/../../nodesets
+../../nodesets

data/spec/acceptance/suites/inspec/nodesets

@@ -1 +1 @@
-spec/acceptance/suites/inspec/../../nodesets
+../../nodesets

data/spec/acceptance/suites/snapshot/nodesets

@@ -1 +1 @@
-spec/acceptance/suites/snapshot/../../nodesets
+../../nodesets

data/spec/acceptance/suites/ssg/nodesets

@@ -1 +1 @@
-spec/acceptance/suites/ssg/../../nodesets
+../../nodesets

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: simp-beaker-helpers
 version: !ruby/object:Gem::Version
-  version: 1.24.0
+  version: 1.24.3
 platform: ruby
 authors:
 - Chris Tessmer
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-10-26 00:00:00.000000000 Z
+date: 2022-04-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: beaker
@@ -254,11 +254,8 @@ files:
 - spec/acceptance/suites/windows/nodesets/win2016.yml
 - spec/acceptance/suites/windows/nodesets/win2019.yml
 - spec/fixtures/inspec_profiles/CentOS-7-disa_stig
-- spec/fixtures/inspec_profiles/CentOS-8-disa_stig
 - spec/fixtures/inspec_profiles/RedHat-7-disa_stig/controls/00_Control_Selector.rb
 - spec/fixtures/inspec_profiles/RedHat-7-disa_stig/inspec.yml
-- spec/fixtures/inspec_profiles/RedHat-8-disa_stig/controls/00_Control_Selector.rb
-- spec/fixtures/inspec_profiles/RedHat-8-disa_stig/inspec.yml
 - spec/lib/simp/beaker_helpers_spec.rb
 - spec/spec_helper.rb
 - spec/spec_helper_acceptance.rb
@@ -282,9 +279,48 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6.3
+rubygems_version: 3.0.9
 signing_key: 
 specification_version: 4
 summary: beaker helper methods for SIMP
-test_files: []
+test_files:
+- spec/acceptance/nodesets/default.yml
+- spec/acceptance/nodesets/docker.yml
+- spec/acceptance/nodesets/oel.yml
+- spec/acceptance/nodesets/ubuntu.yml
+- spec/acceptance/suites/default/check_puppet_version_spec.rb
+- spec/acceptance/suites/default/enable_fips_spec.rb
+- spec/acceptance/suites/default/fixture_modules_spec.rb
+- spec/acceptance/suites/default/install_simp_deps_repo_spec.rb
+- spec/acceptance/suites/default/nodesets
+- spec/acceptance/suites/default/pki_tests_spec.rb
+- spec/acceptance/suites/default/set_hieradata_on_spec.rb
+- spec/acceptance/suites/default/write_hieradata_to_spec.rb
+- spec/acceptance/suites/fips_from_fixtures/00_default_spec.rb
+- spec/acceptance/suites/fips_from_fixtures/metadata.yml
+- spec/acceptance/suites/fips_from_fixtures/nodesets
+- spec/acceptance/suites/inspec/00_default_spec.rb
+- spec/acceptance/suites/inspec/metadata.yml
+- spec/acceptance/suites/inspec/nodesets
+- spec/acceptance/suites/offline/00_default_spec.rb
+- spec/acceptance/suites/offline/README
+- spec/acceptance/suites/offline/nodesets/default.yml
+- spec/acceptance/suites/puppet_collections/00_default_spec.rb
+- spec/acceptance/suites/puppet_collections/metadata.yml
+- spec/acceptance/suites/snapshot/00_snapshot_test_spec.rb
+- spec/acceptance/suites/snapshot/10_general_usage_spec.rb
+- spec/acceptance/suites/snapshot/nodesets
+- spec/acceptance/suites/ssg/00_default_spec.rb
+- spec/acceptance/suites/ssg/metadata.yml
+- spec/acceptance/suites/ssg/nodesets
+- spec/acceptance/suites/windows/00_default_spec.rb
+- spec/acceptance/suites/windows/metadata.yml
+- spec/acceptance/suites/windows/nodesets/default.yml
+- spec/acceptance/suites/windows/nodesets/win2016.yml
+- spec/acceptance/suites/windows/nodesets/win2019.yml
+- spec/fixtures/inspec_profiles/CentOS-7-disa_stig
+- spec/fixtures/inspec_profiles/RedHat-7-disa_stig/controls/00_Control_Selector.rb
+- spec/fixtures/inspec_profiles/RedHat-7-disa_stig/inspec.yml
+- spec/lib/simp/beaker_helpers_spec.rb
+- spec/spec_helper.rb
+- spec/spec_helper_acceptance.rb

data/spec/fixtures/inspec_profiles/CentOS-8-disa_stig

@@ -1 +0,0 @@
-spec/fixtures/inspec_profiles/RedHat-8-disa_stig

data/spec/fixtures/inspec_profiles/RedHat-8-disa_stig/controls/00_Control_Selector.rb

@@ -1,45 +0,0 @@
-skips = {
-  'V-72209' => 'Cannot guarantee a remote syslog server during test'
-}
-overrides = [ 'V-72091' ]
-subsystems = []
-
-require_controls 'disa_stig-el8-baseline' do
-  skips.each_pair do |ctrl, reason|
-    control ctrl do
-      describe "Skip #{ctrl}" do
-        skip "Reason: #{skips[ctrl]}" do
-        end
-      end
-    end
-  end
-
-  @conf['profile'].info[:controls].each do |ctrl|
-    next if (overrides + skips.keys).include?(ctrl[:id])
-
-    if subsystems.empty?
-      control ctrl[:id]
-    else
-      tags = ctrl[:tags]
-      if tags && tags[:subsystems]
-        subsystems.each do |subsystem|
-          if tags[:subsystems].include?(subsystem)
-            control ctrl[:id]
-          end
-        end
-      end
-    end
-  end
-
-  ## Overrides ##
-
-  # There's no email server to send anything to by default so syslog is a safer
-  # default for processing.
-  control 'V-72091' do
-    overrides << self.to_s
-
-    describe auditd_conf do
-      its('space_left_action.downcase') { should cmp 'syslog' }
-    end
-  end
-end

data/spec/fixtures/inspec_profiles/RedHat-8-disa_stig/inspec.yml

@@ -1,14 +0,0 @@
-name: EL8 STIG
-title: STIG for EL 8
-supports:
-  - os-family: redhat
-maintainer: SIMP Team
-copyright: Onyx Point, Inc.
-copyright_email: simp@onyxpoint.com
-license: Apache-2.0
-summary: |
-  A collection of InSpec tests
-version: 0.0.1
-depends:
-  - name: disa_stig-el8-baseline
-    path: ../../inspec_deps/inspec_profiles/profiles/disa_stig-el8-baseline