simp-beaker-helpers 1.7.3 → 1.7.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c7de1dfcac5f44c9466b55ae675bfe3191ecf512
-  data.tar.gz: fd4d1615265b83861e702fad89e3250051444e85
+  metadata.gz: 6a1a9c3f3df01d3c9a497cb8eb9d0172405fdc6c
+  data.tar.gz: b9466a65c5077ccacc5777c6ae45779450496fa2
 SHA512:
-  metadata.gz: e22ef74e3d2fdaa17a893441fa8efd24d26c7e5b00e402c7d2905d2cd2a69e6c555d94d76bb1e3423228b672ff2c0244e33215646d796299f4f464e1fa6a2460
-  data.tar.gz: 249acf36822fe694fd6468c03136ea221448c06b3739cb4ae7d189ee6bfbdabdeb18d4f63dc2f33d64b5231b64a8d3ffbc0f98e636f05ab83caa5587928b5656
+  metadata.gz: 3c860415c95d94cc9cade8a86d4c44bedd99c8290f048cba7abb398ee3ab07aae9d7aec03b161ad9bfb509e322cbeee721533abdb8e8658fb75f026201adcfed
+  data.tar.gz: 0a4253533c535ac4959ba68a317e8695a165a116d72f2a3c1c33abc42d4cd4d322408b76c261d983ea4c8a46b943d3e62d0aab1160abed36baa16f3b5be1555b

data/.travis.yml

@@ -1,15 +1,39 @@
 ---
 language: ruby
 cache: bundler
-
+sudo: false
+before_install:
+  - rm Gemfile.lock || true
+bundler_args: "--without development --path .vendor"
+notifications:
+  email: false
 rvm:
   - 2.1.9
-
+  - 2.3.3
 env:
   - SIMP_SKIP_NON_SIMPOS_TESTS=1
-
-
 script:
-  - 'bundle exec rake spec'
-
-
+  - bundle exec rake spec
+matrix:
+  fast_finish: true
+before_deploy:
+  - bundle exec rake clobber
+  - "export GEM_VERSION=`ruby -r ./lib/simp/beaker_helpers/version.rb -e 'puts Simp::BeakerHelpers::VERSION'`"
+  - '[[ $TRAVIS_TAG =~ ^${GEM_VERSION}$ ]]'
+deploy:
+  - provider: rubygems
+    gemspec: simp-beaker-helpers.gemspec
+    gem: simp-beaker-helpers
+    api_key:
+      secure: "AlnBx0dBSxn+S97n0h14ltKUOA+6v0bc7QZPIcwGJV9nnf1hKH3pf9La1TVknEx7XgpAcM9jusQJ7hBlqvSq8z8SFF0bZk1EgSRIKc1cuYPLiGyUM2O7+AFHyCy3iCnPvKeoQmE/BJb5O1dGnbmSbf4A0fqLxA7jiHG1j7z+cnmJB1i67wovDfl13TsOXyBfbespWBMMc0BKAw56FPs9XggAk2cNusS3hd5tqW1AZPT2/xwt+d8ngkmO96u8QcichYRFQ+w+XW4H0w935wNg/dWiskJlt7TIYVAh4Ko5s2DZKf52Tne8TugALSn0LhRatpp7sw1FTTpteCW8UqK8uwGC2hM4pZViAOv4P1YObz2IPOZPriBl+cCayJdMKnotkUJliAMnw5TLiSWKLou+S0Pdj2h3fJZWdOEwRPMzIVoJtsOHG3GdNcPL6f7iU0vP/wr6FeR3uWa+fA7NHRi2Du955O8JpogjdrW08ahcAEwhtI3A4mrA08wN09axsrwr093uDRm/5h4FHyAhExJ0YiA/6kcPpUvILcLStyHe0RQDICQMdsQo2DSbnL65w3QjFa2fML2Shf9cRwX06+ia2BxozWzFD/6p3RiRtPxphnbFiUdjYSGWcwCcUgbJx9SW04lSSxOhpyItuXgxZqiybkzstXd6riu5zwg1R8TWk34="
+    on:
+      tags: true
+      rvm: 2.1.9
+      condition: "($SKIP_PUBLISH != true)"
+  - provider: releases
+    api_key:
+      secure: "RoQepMSpEzpTLgSYP1apB8AcKNMoumqe/emNg9lIu4T55t7fCPVZFmoTL2/VCjpGpBY3SL6PijSRelY6B1bri+6SFz/hlWhCQ8t1hodrEX23ieFBwWyLI7TFvrCjVejkJwaj7N2nYUQBv8YxScbRp4daFaDhrPJMrfqKZUlBBQ2KEUvqienOn7Tdt4OQ7/ThRXlhBm8OGjZfaKyWDyJykef+yC1scJrl8HA71XRHxho/iojTRPqJJCKW1QNmomVWAwK6ZEvb2WrD27yZN60wEcygdbmzKxlAXrfp13Ho+ir2GjRXJr1VKNPecFTDe21fDFMLZ5VxZgOJ7TWnhz2UAQIPjDTLzEMuJci7DDvRCWMJ17pYurm0OGAeKPWZbtf5PLYouKvnjNsfY8vy+Ip6MqmhiXqqLSO9XN/jgEVFPHj8pOj0DDq6PtTB8dNJj7g60Ak0Uj5iole4/ef1DHv803/t9J6IVqULmYZREqeTg24KkZLfTSEbkhYMGjbCZGaSAGhAFLAAjEDTM19/k50TXnNt5smn31Mqt45PULcrHP4+t6hM+IsX9w05aOlcvfwWiBm9nPlBPeRn59wZ64+T729i5wgkhFcHmYE/2Ql1Hvz5FebyxJQziyw6eRvCVASTtFEkuT+Noy3v4u3G4fQl/S2OeCP4v6Fs0wlImzFE1lA="
+    on:
+      tags: true
+      rvm: 2.1.9
+      condition: "($SKIP_PUBLISH != true)"

data/files/puppet-agent-versions.yaml

@@ -4,6 +4,11 @@
 #   - https://docs.puppet.com/puppet/latest/about_agent.html
 #
 version_mappings:
+  '5.0.0': '5.0.0'
+  '4.10.4': '1.10.4'
+  '4.10.3': '1.10.3'
+  '4.10.2': '1.10.2'
+  '4.10.1': '1.10.1'
   '4.10.0': '1.10.0'
   '4.9.4':  '1.9.3'
   '4.9.3':  '1.9.2'

data/lib/simp/beaker_helpers.rb

@@ -2,7 +2,14 @@ module Simp; end
 
 module Simp::BeakerHelpers
   require 'simp/beaker_helpers/version'
-  DEFAULT_PUPPET_AGENT_VERSION = '1.8.3'
+  require 'simp/beaker_helpers/inspec'
+  require 'simp/beaker_helpers/ssg'
+
+  # This is the *oldest* version that the latest release of SIMP supports
+  #
+  # This is done so that we know if some new thing that we're using breaks the
+  # oldest system that we support.
+  DEFAULT_PUPPET_AGENT_VERSION = '1.7.1'
 
   # use the `puppet fact` face to look up facts on an SUT
   def pfact_on(sut, fact_name)
@@ -596,5 +603,4 @@ done
     require 'beaker/puppet_install_helper'
     run_puppet_install_helper(puppet_install_type,  puppet_agent_version)
   end
-
 end

data/lib/simp/beaker_helpers/inspec.rb

@@ -0,0 +1,169 @@
+module Simp::BeakerHelpers
+
+  # Helpers for working with Inspec
+  class Inspec
+    # Create a new Inspec helper for the specified host against the specified profile
+    #
+    # @param sut
+    #   The SUT against which to run
+    #
+    # @param profile
+    #   The name of the profile against which to run
+    #
+    def initialize(sut, profile)
+      @sut = sut
+
+      @sut.install_package('inspec')
+
+      @sut_profile_dir = '/tmp/inspec_tests'
+
+      output_dir = File.absolute_path('sec_results/inspec')
+
+      unless File.directory?(output_dir)
+        FileUtils.mkdir_p(output_dir)
+      end
+
+      inspec_fixtures = File.join(fixtures_path, 'inspec_profiles')
+      os = fact_on(@sut, 'operatingsystem')
+      os_rel = fact_on(@sut, 'operatingsystemmajrelease')
+
+      @inspec_result_file = File.join(output_dir, "#{@sut.hostname}-inspec-#{Time.now.to_i}")
+
+      scp_to(@sut, File.join(inspec_fixtures, "#{os}-#{os_rel}-#{profile}"), @sut_profile_dir)
+
+      # The results of the inspec scan in Hash form
+      @inspec_results = {}
+    end
+
+    # Run the inspec tests and record the results
+    def run
+      sut_inspec_results = '/tmp/inspec_results.json'
+
+      inspec_cmd = "inspec exec --format json #{@sut_profile_dir} > #{sut_inspec_results}"
+      result = on(@sut, inspec_cmd, :accept_all_exit_codes => true)
+
+      tmpdir = Dir.mktmpdir
+      begin
+        Dir.chdir(tmpdir) do
+          scp_from(@sut, sut_inspec_results, '.')
+
+          local_inspec_results = File.basename(sut_inspec_results)
+
+          if File.exist?(local_inspec_results)
+            begin
+              @inspec_results = JSON.load(File.read(local_inspec_results))
+            rescue JSON::ParserError, JSON::GeneratorError
+              @inspec_results = nil
+            end
+          end
+        end
+      ensure
+        FileUtils.remove_entry_secure tmpdir
+      end
+
+      unless @inspec_results
+        File.open(@inspec_result_file + '.err', 'w') do |fh|
+          fh.puts(result.stderr.strip)
+        end
+
+        err_msg = ["Error running inspec command #{inspec_cmd}"]
+        err_msg << "Error captured in #{@inspec_result_file}" + '.err'
+
+        fail(err_msg.join("\n"))
+      end
+    end
+
+    # Output the report
+    #
+    # @param report
+    #   The inspec results Hash
+    #
+    def write_report(report)
+      File.open(@inspec_result_file + '.json', 'w') do |fh|
+        fh.puts(JSON.pretty_generate(@inspec_results))
+      end
+
+      File.open(@inspec_result_file + '.report', 'w') do |fh|
+        fh.puts(report[:report].uncolor)
+      end
+    end
+
+    # Process the results of an InSpec run
+    #
+    # @return [Hash] A Hash of statistics and a formatted report
+    #
+    def process_inspec_results
+      require 'highline'
+      
+      HighLine.colorize_strings
+
+      stats = {
+        :passed  => 0,
+        :failed  => 0,
+        :skipped => 0,
+        :report  => []
+      }
+
+      profiles = @inspec_results['profiles']
+
+      profiles.each do |profile|
+        stats[:report] << "Name: #{profile['name']}"
+
+        profile['controls'].each do |control|
+          title = control['title']
+
+          if title.length > 72
+            title = title[0..71] + '(...)'
+          end
+
+          title_chunks = control['title'].scan(/.{1,72}\W|.{1,72}/).map(&:strip)
+
+          stats[:report] << "\n  Control: #{title_chunks.shift}"
+          unless title_chunks.empty?
+            title_chunks.map!{|x| x = "           #{x}"}
+            stats[:report] << title_chunks.join("\n")
+          end
+
+          if control['results']
+            status = control['results'].first['status']
+          else
+            status = 'skipped'
+          end
+
+          status_str = "    Status: "
+          if status == 'skipped'
+            stats[:skipped] += 1
+
+            stats[:report] << status_str + status.yellow
+            stats[:report] << "    File: #{control['source_location']['ref']}"
+          elsif status =~ /^fail/
+            stats[:failed] += 1
+
+            stats[:report] << status_str + status.red
+            stats[:report] << "    File: #{control['source_location']['ref']}"
+          else
+            stats[:passed] += 1
+
+            stats[:report] << status_str + status.green
+          end
+        end
+
+        stats[:report] << "\n  Statistics:"
+        stats[:report] << "    * Passed: #{stats[:passed].to_s.green}"
+        stats[:report] << "    * Failed: #{stats[:failed].to_s.red}"
+        stats[:report] << "    * Skipped: #{stats[:skipped].to_s.yellow}"
+
+        score = 0
+        if (stats[:passed] + stats[:failed]) > 0
+          score = ((stats[:passed].to_f/(stats[:passed] + stats[:failed])) * 100.0).round(0)
+        end
+
+        stats[:report] << "    * Score:  #{score}%"
+      end
+
+      stats[:report] = stats[:report].join("\n")
+
+      return stats
+    end
+  end
+end

data/lib/simp/beaker_helpers/ssg.rb

@@ -0,0 +1,133 @@
+module Simp::BeakerHelpers
+  # Helpers for working with the SCAP Security Guide
+  class SSG
+
+    if ENV['BEAKER_ssg_repo']
+      GIT_REPO = ENV['BEAKER_ssg_repo']
+    else
+      GIT_REPO = 'https://github.com/OpenSCAP/scap-security-guide.git'
+    end
+
+    EL_PACKAGES = [
+      'git',
+      'cmake',
+      'openscap-utils',
+      'openscap-python',
+      'python-lxml'
+    ]
+
+    OS_INFO = {
+      'RedHat' => {
+        '6' => {
+          'required_packages' => EL_PACKAGES,
+          'ssg' => {
+            'target'     => 'rhel6',
+            'datastream' => 'ssg-rhel6-ds.xml'
+          }
+        },
+        '7' => {
+          'required_packages' => EL_PACKAGES,
+          'ssg' => {
+            'target'     => 'rhel7',
+            'datastream' => 'ssg-rhel7-ds.xml'
+          }
+        }
+      },
+      'CentOS' => {
+        '6' => {
+          'required_packages' => EL_PACKAGES,
+          'ssg' => {
+            'target'     => 'rhel6',
+            'datastream' => 'ssg-rhel6-ds.xml'
+          }
+        },
+        '7' => {
+          'required_packages' => EL_PACKAGES,
+          'ssg' => {
+            'target'     => 'centos7',
+            'datastream' => 'ssg-centos7-ds.xml'
+          }
+        }
+      }
+    }
+
+    # Create a new SSG helper for the specified host
+    #
+    # @param sut
+    #   The SUT against which to run
+    #
+    def initialize(sut)
+      @sut = sut
+
+      @os = fact_on(@sut, 'operatingsystem')
+      @os_rel = fact_on(@sut, 'operatingsystemmajrelease')
+
+      unless OS_INFO[@os]
+        fail("Error: The '#{@os}' Operating System is not supported")
+      end
+
+      OS_INFO[@os][@os_rel]['required_packages'].each do |pkg|
+        @sut.install_package(pkg)
+      end
+
+      @output_dir = File.absolute_path('sec_results/ssg')
+
+      unless File.directory?(@output_dir)
+        FileUtils.mkdir_p(@output_dir)
+      end
+
+      @result_file = "#{@sut.hostname}-ssg-#{Time.now.to_i}"
+
+      get_ssg_datastream
+    end
+
+    def target
+      OS_INFO[@os][@os_rel]['ssg']['target']
+    end
+
+    def remediate(profile)
+      evaluate(profile, true)
+    end
+
+    def evaluate(profile, remediate=false)
+      cmd = 'cd scap-security-guide && oscap xccdf eval'
+
+      if remediate
+        cmd += ' --remediate'
+      end
+
+      cmd += %( --profile #{profile} --results #{@result_file}.xml --report #{@result_file}.html #{OS_INFO[@os][@os_rel]['ssg']['datastream']})
+
+      # We accept all exit codes here because there have occasionally been
+      # failures in the SSG content and we're not testing that.
+
+      on(@sut, cmd, :accept_all_exit_codes => true)
+
+      ['xml', 'html'].each do |ext|
+        path = "scap-security-guide/#{@result_file}.#{ext}"
+        scp_from(@sut, path, @output_dir)
+
+        fail("Could not retrieve #{path} from #{@sut}") unless File.exist?(File.join(@output_dir, "#{@result_file}.#{ext}"))
+      end
+    end
+
+    private
+
+    def get_ssg_datastream
+      # Allow users to point at a specific SSG release 'tar.bz2' file
+      ssg_release = ENV['BEAKER_ssg_release']
+
+      # Grab the latest SSG release in fixtures if it exists
+      ssg_release ||= Dir.glob('spec/fixtures/ssg_releases/*.bz2').last
+
+      if ssg_release
+        scp_to(@sut, ssg_release)
+
+        on(@sut, %(mkdir -p scap-security-guide && tar -xj -C scap-security-guide --strip-components 1 -f #{ssg_release} && cp scap-security-guide/*ds.xml ~))
+      else
+        on(@sut, %(git clone #{GIT_REPO}))
+        on(@sut, %(cd scap-security-guide/build; cmake ../; make -j4 #{OS_INFO[@os][@os_rel]['ssg']['target']}-content && cp *ds.xml ~))
+      end
+    end
+  end
+end

data/lib/simp/beaker_helpers/version.rb

@@ -1,5 +1,5 @@
 module Simp; end
 
 module Simp::BeakerHelpers
-  VERSION = '1.7.3'
+  VERSION = '1.7.4'
 end

data/lib/simp/rake/beaker.rb

@@ -14,6 +14,7 @@ module Simp::Rake
 
       ::CLEAN.include( %{#{@base_dir}/log} )
       ::CLEAN.include( %{#{@base_dir}/junit} )
+      ::CLEAN.include( %{#{@base_dir}/sec_results} )
 
       yield self if block_given?
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: simp-beaker-helpers
 version: !ruby/object:Gem::Version
-  version: 1.7.3
+  version: 1.7.4
 platform: ruby
 authors:
 - Chris Tessmer
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-06-16 00:00:00.000000000 Z
+date: 2017-07-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: beaker
@@ -60,6 +60,8 @@ files:
 - files/pki/template_host.cnf
 - files/puppet-agent-versions.yaml
 - lib/simp/beaker_helpers.rb
+- lib/simp/beaker_helpers/inspec.rb
+- lib/simp/beaker_helpers/ssg.rb
 - lib/simp/beaker_helpers/version.rb
 - lib/simp/rake/beaker.rb
 - simp-beaker-helpers.gemspec
@@ -91,15 +93,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.8
+rubygems_version: 2.4.5
 signing_key: 
 specification_version: 4
 summary: beaker helper methods for SIMP
-test_files:
-- spec/acceptance/enable_fips_spec.rb
-- spec/acceptance/fixture_modules_spec.rb
-- spec/acceptance/nodesets/default.yml
-- spec/acceptance/pki_tests_spec.rb
-- spec/acceptance/set_hieradata_on_spec.rb
-- spec/acceptance/write_hieradata_to_spec.rb
-- spec/spec_helper_acceptance.rb
+test_files: []