simp-beaker-helpers 1.24.1 → 1.24.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bf9271df59bd88be59e1555cd5536c0906f7d09dcb2d1096df801302b1ebbd0d
-  data.tar.gz: 967fb58eb7e5561c35b32899beb972d4b0f70a423239d05e5e12aad20b207658
+  metadata.gz: ea59f88fb5dfa33fe812b52e53dfb71ff10e104f9eb720cd4f233974478ba6dc
+  data.tar.gz: 39ef7ef09f672407964dfb2e06302131583864a50ed9fd89ec71238ff1f86ee6
 SHA512:
-  metadata.gz: 9dfd8dcd9bb759cd995aad0f33f072064537dccd5d96cd9b19e5193b069a8c62b5df860802c8a99f0478bbb596fa882cbd8f482d1d581ff9c72218049c3051f2
-  data.tar.gz: bd0af0b10d2b743c2f8995821d00c64c4d3bf9d387ebefd3c6af81e4bb738b88ded50671214baf7c74e174fa5e4eb8f884722c5d34c4a06f831e4d79fd098b10
+  metadata.gz: bc4ab204f1df2a4a141951d87df4677f449830394d315015079b324c028a7eafe8b32f12a03384b1bc9c01effb8bb5a4cc8e9998349c0bc3f4f9a80c50283d9a
+  data.tar.gz: e6a63e7e5175abf091cdb7694be5dd889263a3e2fbfd908657d24367199a79c31faa44a5d9b1eb3964534ffe7a64f50f366dc151cdd250548aec7ebc67c2590a

data/.fixtures.yml

@@ -7,6 +7,3 @@ fixtures:
     disa_stig-el7-baseline:
       repo: https://github.com/mitre/redhat-enterprise-linux-7-stig-baseline
       target: spec/fixtures/inspec_deps/inspec_profiles/profiles
-    disa_stig-el8-baseline:
-      repo: https://github.com/mitre/redhat-enterprise-linux-8-stig-baseline
-      target: spec/fixtures/inspec_deps/inspec_profiles/profiles

data/.github/workflows/pr_acceptance.yml

@@ -1,5 +1,5 @@
 # Run all tests as GitHub Actions
-name: Unit Tests
+name: Acceptance Tests
 on:
   push:
     branches:

data/.github/workflows/tag_deploy_rubygem.yml

@@ -21,7 +21,7 @@
 #
 # NOTES:
 #
-# * The CHANGLOG text is altered to remove RPM-style date headers, which don't
+# * The CHANGELOG text is altered to remove RPM-style date headers, which don't
 #   render well as markdown on the GitHub release pages
 #
 # * By default, the gem is built and released using the standard rake tasks
@@ -37,12 +37,15 @@
 #   All keys are optional.
 #
 ---
-name: 'Tag: Release to GitHub & rubygems.org'
+name: 'Tag: Release to GitHub + rubygems.org (no RPMS)'
 
 on:
   push:
     tags:
+      # NOTE: These filter patterns aren't actually regexes:
+      #   https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet
       - '[0-9]+\.[0-9]+\.[0-9]+'
+      - '[0-9]+\.[0-9]+\.[0-9]+\-[a-z]+[0-9]+'
 
 env:
   PUPPET_VERSION: '~> 6'
@@ -52,11 +55,7 @@ jobs:
   releng-checks:
     name: "RELENG checks"
     if: github.repository_owner == 'simp'
-    runs-on: ubuntu-18.04
-    outputs:
-      build_command: ${{ steps.commands.outputs.build_command }}
-      release_command: ${{ steps.commands.outputs.release_command }}
-      pkg_dir: ${{ steps.commands.outputs.pkg_dir }}
+    runs-on: ubuntu-latest
     steps:
       - name: "Assert '${{ github.ref }}' is a tag"
         run: '[[ "$GITHUB_REF" =~ ^refs/tags/ ]] || { echo "::error ::GITHUB_REF is not a tag: ${GITHUB_REF}"; exit 1 ; }'
@@ -64,7 +63,7 @@ jobs:
         with:
           ref: ${{ github.ref }}
           clean: true
-      - name: Determing build and release commands
+      - name: Determine build and release commands
         id: commands
         run: |
           # By default, these are the standard tasks from "bundler/gem_tasks"
@@ -92,9 +91,7 @@ jobs:
           ruby-version: 2.5
           bundler-cache: true
       - name: Test build the package
-        env:
-          GEM_BUILD_COMMAND: ${{ steps.commands.outputs.build_command }}
-        run: "$GEM_BUILD_COMMAND"
+        run: "${{ steps.commands.outputs.build_command }}"
       - name: "Assert '${{ github.ref }}' matches the package version"
         run: |
           tag="${GITHUB_REF/refs\/tags\//}"
@@ -109,7 +106,9 @@ jobs:
     name: Deploy GitHub Release
     needs: [ releng-checks ]
     if: github.repository_owner == 'simp'
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
+    outputs:
+      prerelease: ${{ steps.tag-check.outputs.prerelease }}
     steps:
       - name: Checkout code
         uses: actions/checkout@v2
@@ -117,6 +116,7 @@ jobs:
           ref: ${{ github.ref }}
           clean: true
           fetch-depth: 0
+
       - name: Get tag & annotation info (${{github.ref}})
         id: tag-check
         run: |
@@ -124,7 +124,19 @@ jobs:
           annotation="$(git for-each-ref "$GITHUB_REF" --format='%(contents)' --count=1)"
           annotation_title="$(echo "$annotation" | head -1)"
 
+
+          if [[ "$tag" =~ ^(simp-|v)?[0-9]+\.[0-9]+\.[0-9]+(-(rc|alpha|beta|pre|post)?([0-9]+)?)?$ ]]; then
+            if [ -n "${BASH_REMATCH[2]}" ]; then
+              prerelease=yes
+              annotation_title="Pre-release of ${tag}"
+            fi
+          else
+            printf '::error ::Release Tag format is not SemVer, X.Y.Z-R, X.Y.Z-<prerelease>: "%s"\n' "$RELEASE_TAG"
+            exit 88
+          fi
+
           echo "::set-output name=tag::${tag}"
+          echo "::set-output name=prerelease::${prerelease}"
           echo "::set-output name=annotation_title::${annotation_title}"
 
           # Prepare annotation body as a file for the next step
@@ -146,14 +158,14 @@ jobs:
           tag_name: ${{ github.ref }}
           release_name: ${{ steps.tag-check.outputs.annotation_title }}
           body_path: /tmp/annotation.body
+          prerelease: ${{ steps.tag-check.outputs.prerelease  == 'yes'}}
           draft: false
-          prerelease: false
 
   deploy-rubygem:
     name: Deploy RubyGem Release
-    needs: [ releng-checks ]
-    if: github.repository_owner == 'simp'
-    runs-on: ubuntu-18.04
+    needs: [ releng-checks, create-github-release ]
+    if: (github.repository_owner == 'simp') && (needs.create-github-release.outputs.prerelease != 'yes')
+    runs-on: ubuntu-latest
     env:
       RUBYGEMS_API_KEY: ${{ secrets.RUBYGEMS_API_KEY }}
       BUILD_COMMAND: ${{ needs.releng-checks.outputs.build_command }}

data/.gitlab-ci.yml

@@ -209,13 +209,6 @@ variables:
 # Puppet Versions
 #-----------------------------------------------------------------------
 
-.pup_5_x: &pup_5_x
-  image: 'ruby:2.4'
-  variables:
-    PUPPET_VERSION: '~> 5.0'
-    BEAKER_PUPPET_COLLECTION: 'puppet5'
-    MATRIX_RUBY_VERSION: '2.4'
-
 .pup_6_x: &pup_6_x
   image: 'ruby:2.5'
   variables:
@@ -332,12 +325,6 @@ fips_from_fixtures:
   script:
     - bundle exec rake beaker:suites[fips_from_fixtures]
 
-puppet5_collections:
-  <<: *pup_5_x
-  <<: *acceptance_base
-  script:
-    - bundle exec rake beaker:suites[puppet_collections]
-
 puppet6_collections:
   <<: *pup_6_x
   <<: *acceptance_base

data/CHANGELOG.md

@@ -1,3 +1,24 @@
+### 1.24.4 / 2022-04-28
+* Fixed:
+  * Workaround for [MODULES-11315] in `puppet-agent-versions.yaml`
+* Removed:
+  * Dropped acceptance tests for Puppet 5.5
+
+[MODULES-11315]: https://tickets.puppetlabs.com/browse/MODULES-11315
+
+### 1.24.3 / 2022-04-10
+* Fixed:
+  * Added python-setuptools to the list of required packages
+
+### 1.24.2 / 2022-03-09
+* Fixed:
+  * Prevent `spec/` directory symlink recursion in `copy_fixture_modules_to`
+  * Update the derivatives workaround to insert an inert line instead of
+    commenting out the previous line to allow for logic updates
+  * Addressed a bug where passing an empty exceptions array would produce an
+    invalid xpath query
+  * Ensure that the new SIMP community RPMs are used
+
 ### 1.24.1 / 2021-10-27
 * Fixed:
   * Worked around a bug in 'puppet lookup' - PUP-11402

data/files/puppet-agent-versions.yaml

@@ -44,3 +44,4 @@ version_mappings:
   '4.2.0':  '1.2.1'
   '4.1.0':  '1.1.1'
   '4.0.0':  '1.0.1'
+  '6.27.0':  '6.27.1' # latest gem is 6.7.0, only RPM is 6.7.1

data/lib/simp/beaker_helpers/inspec.rb

@@ -34,9 +34,7 @@ module Simp::BeakerHelpers
     #   The name of the profile against which to run
     #
     def initialize(sut, profile)
-      # The 4.41 release is currently broken
-      # @inspec_version = ENV['BEAKER_inspec_version'] || 'latest'
-      @inspec_version = ENV['BEAKER_inspec_version'] || '4.39.0'
+      @inspec_version = ENV['BEAKER_inspec_version'] || 'latest'
 
       @sut = sut
 

data/lib/simp/beaker_helpers/ssg.rb

@@ -23,11 +23,12 @@ module Simp::BeakerHelpers
       'PyYAML',
       'cmake',
       'git',
-      'openscap-scanner',
       'openscap-python',
+      'openscap-scanner',
       'openscap-utils',
       'python-jinja2',
-      'python-lxml'
+      'python-lxml',
+      'python-setuptools'
     ]
 
     EL8_PACKAGES = [
@@ -41,6 +42,7 @@ module Simp::BeakerHelpers
       'python3-jinja2',
       'python3-lxml',
       'python3-pyyaml',
+      'python3-setuptools',
       'libarchive'
     ]
 
@@ -278,9 +280,8 @@ module Simp::BeakerHelpers
 
         xpath_query << ')' if filter.size > 1
 
-        if exclusions
-          exclusions = Array(exclusions)
-
+        exclusions = Array(exclusions)
+        unless exclusions.empty?
           xpath_query << 'and not('
 
           xpath_query << exclusions.map do |exl|
@@ -419,7 +420,7 @@ module Simp::BeakerHelpers
         #
         # This isn't 100% correct but it's "good enough" for an automated CI
         # environment to tell us if something is critically out of alignment.
-        on(@sut, %(cd scap-content/build-scripts; sed -ci 's/ssg.build_derivatives.profile_handling/#ssg.build_derivatives.profile_handling/g' enable_derivatives.py))
+        on(@sut, %(cd scap-content/build-scripts; sed -ci 's/ssg.build_derivatives.profile_handling/__simp_dontcare__ = None #ssg.build_derivatives.profile_handling/g' enable_derivatives.py))
 
         on(@sut, %(cd scap-content/build; cmake ../; make -j4 #{OS_INFO[@os][@os_rel]['ssg']['build_target']}-content && cp *ds.xml #{@scap_working_dir}))
       end

data/lib/simp/beaker_helpers/version.rb

@@ -1,5 +1,5 @@
 module Simp; end
 
 module Simp::BeakerHelpers
-  VERSION = '1.24.1'
+  VERSION = '1.24.4'
 end

data/lib/simp/beaker_helpers.rb

@@ -411,7 +411,7 @@ module Simp::BeakerHelpers
               begin
                 tarfile = "#{Simp::BeakerHelpers.tmpname}.tar"
 
-                excludes = PUPPET_MODULE_INSTALL_IGNORE.map do |x|
+                excludes = (PUPPET_MODULE_INSTALL_IGNORE + ['spec']).map do |x|
                   x = "--exclude '*/#{x}'"
                 end.join(' ')
 
@@ -1498,10 +1498,12 @@ module Simp::BeakerHelpers
     block_on(suts, :run_in_parallel => parallel) do |sut|
       install_package_unless_present_on(sut, 'yum-utils')
 
+      release = fact_on(sut, 'os.release.major')
+
       install_package_unless_present_on(
         sut,
         'simp-release-community',
-        "https://download.simp-project.com/simp-release-community.rpm",
+        "https://download.simp-project.com/simp-release-community.el#{release}.rpm"
       )
 
       to_disable = disable.dup

data/spec/acceptance/nodesets/default.yml

@@ -21,14 +21,6 @@ HOSTS:
     box: generic/centos8
     hypervisor: <%= hypervisor %>
 
-  el8-0:
-    roles:
-      - el8
-    platform: el-8-x86_64
-    box: centos/8
-    box_version: "1905.1"
-    hypervisor: <%= hypervisor %>
-
 CONFIG:
   log_level: verbose
   type: aio

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: simp-beaker-helpers
 version: !ruby/object:Gem::Version
-  version: 1.24.1
+  version: 1.24.4
 platform: ruby
 authors:
 - Chris Tessmer
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-01-11 00:00:00.000000000 Z
+date: 2022-04-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: beaker
@@ -254,11 +254,8 @@ files:
 - spec/acceptance/suites/windows/nodesets/win2016.yml
 - spec/acceptance/suites/windows/nodesets/win2019.yml
 - spec/fixtures/inspec_profiles/CentOS-7-disa_stig
-- spec/fixtures/inspec_profiles/CentOS-8-disa_stig
 - spec/fixtures/inspec_profiles/RedHat-7-disa_stig/controls/00_Control_Selector.rb
 - spec/fixtures/inspec_profiles/RedHat-7-disa_stig/inspec.yml
-- spec/fixtures/inspec_profiles/RedHat-8-disa_stig/controls/00_Control_Selector.rb
-- spec/fixtures/inspec_profiles/RedHat-8-disa_stig/inspec.yml
 - spec/lib/simp/beaker_helpers_spec.rb
 - spec/spec_helper.rb
 - spec/spec_helper_acceptance.rb

data/spec/fixtures/inspec_profiles/CentOS-8-disa_stig

@@ -1 +0,0 @@
-spec/fixtures/inspec_profiles/RedHat-8-disa_stig

data/spec/fixtures/inspec_profiles/RedHat-8-disa_stig/controls/00_Control_Selector.rb

@@ -1,45 +0,0 @@
-skips = {
-  'V-72209' => 'Cannot guarantee a remote syslog server during test'
-}
-overrides = [ 'V-72091' ]
-subsystems = []
-
-require_controls 'disa_stig-el8-baseline' do
-  skips.each_pair do |ctrl, reason|
-    control ctrl do
-      describe "Skip #{ctrl}" do
-        skip "Reason: #{skips[ctrl]}" do
-        end
-      end
-    end
-  end
-
-  @conf['profile'].info[:controls].each do |ctrl|
-    next if (overrides + skips.keys).include?(ctrl[:id])
-
-    if subsystems.empty?
-      control ctrl[:id]
-    else
-      tags = ctrl[:tags]
-      if tags && tags[:subsystems]
-        subsystems.each do |subsystem|
-          if tags[:subsystems].include?(subsystem)
-            control ctrl[:id]
-          end
-        end
-      end
-    end
-  end
-
-  ## Overrides ##
-
-  # There's no email server to send anything to by default so syslog is a safer
-  # default for processing.
-  control 'V-72091' do
-    overrides << self.to_s
-
-    describe auditd_conf do
-      its('space_left_action.downcase') { should cmp 'syslog' }
-    end
-  end
-end

data/spec/fixtures/inspec_profiles/RedHat-8-disa_stig/inspec.yml

@@ -1,14 +0,0 @@
-name: EL8 STIG
-title: STIG for EL 8
-supports:
-  - os-family: redhat
-maintainer: SIMP Team
-copyright: Onyx Point, Inc.
-copyright_email: simp@onyxpoint.com
-license: Apache-2.0
-summary: |
-  A collection of InSpec tests
-version: 0.0.1
-depends:
-  - name: disa_stig-el8-baseline
-    path: ../../inspec_deps/inspec_profiles/profiles/disa_stig-el8-baseline