Integration Testing (#21)

* Fixed issue with correct version being set when using version install option

* Added plaftform support for rhel9 based distro

* Fixes issue when deleting configurations and not including CID.

* Fix package version ohai fact

* Integration tests added

* Support new integration changes and inline with pr-target

* Fix linting issues

* Fix issue with location of chef executable

* Support issue with suse, add lint dep

* Added the rest of the suites

* Removed opensuse from CI workflow

Co-authored-by: ffalor <[email protected]>

.github/workflows/ci.yml

@@ -1,10 +1,19 @@
 ---
-name: ci
-
-"on":
+name: "Integration Tests"
+on:
   push:
-    branches:
-      - nonna
+    paths:
+      - 'libraries/**'
+      - 'resources/**'
+      - 'test/**'
+      - 'ohai/**'
+  pull_request_target:
+    types: [labeled]
+    paths:
+      - 'libraries/**'
+      - 'resources/**'
+      - 'test/**'
+      - 'ohai/**'
 
 jobs:
   lint-unit:
@@ -17,7 +26,12 @@ jobs:
       issues: write
 
   integration:
-    #needs: lint-unit
+    needs: lint-unit
+    if: |
+      github.event_name == 'push' ||
+      github.event_name == 'schedule' ||
+      (github.event_name == 'pull_request_target' &&
+      github.event.label.name == 'ok-to-test')
     runs-on: ubuntu-latest
     strategy:
       matrix:
@@ -27,31 +41,51 @@ jobs:
           - centos-7
           - debian-10
           - debian-11
-          - opensuse-leap-15
-          - rockylinux-8
+          # - opensuse-leap-15
+          - rockylinux-9
           - ubuntu-1804
           - ubuntu-2004
         suite:
           - default
+          - install-api-version
+          - install-api-policy
+          - install-api-decrement
+          - install-cleanup-installer
+          - config-set
+          - config-delete
       fail-fast: false
 
     steps:
       - name: Check out code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
+        if: github.event_name != 'pull_request_target'
+
+      - name: Check out code
+        uses: actions/checkout@v3
+        with:
+          ref: ${{github.event.pull_request.head.sha}}
+        if: github.event_name == 'pull_request_target'
+
       - name: Install Chef
         uses: actionshub/chef-install@main
-      - name: Dokken
-        uses: actionshub/test-kitchen@main
+
+      - name: Run role tests
+        uses: nick-fields/retry@v2
         env:
           CHEF_LICENSE: accept-no-persist
           KITCHEN_LOCAL_YAML: kitchen.yml
           FALCON_CLIENT_ID: ${{ secrets.FALCON_CLIENT_ID }}
           FALCON_CLIENT_SECRET: ${{ secrets.FALCON_CLIENT_SECRET }}
           FALCON_CID: ${{ secrets.FALCON_CID }}
           FALCON_CLOUD: ${{ secrets.FALCON_CLOUD }}
+          FALCON_VERSION: '6.44.14108'
         with:
-          suite: ${{ matrix.suite }}
-          os: ${{ matrix.os }}
+          timeout_minutes: 6
+          max_attempts: 3
+          retry_on: error
+          command: >-
+            chef exec kitchen test ${{ matrix.suite }}-${{ matrix.os }}
+
       - name: Print debug output on failure
         if: failure()
         run: |

.mdlrc

@@ -0,0 +1 @@
+rules '~MD013'

README.md

@@ -1,4 +1,5 @@
 # Falcon Cookbook
+
 [![Cookbook Version](https://img.shields.io/cookbook/v/falcon)](https://supermarket.chef.io/cookbooks/falcon)
 
 This cookbook provides resources for installing and configuring the CrowdStrike Falcon sensor.
@@ -16,8 +17,8 @@ API clients are granted one or more API scopes. Scopes allow access to specific
 Ensure the following API scopes are enabled (**_if applicable_**) for this role:
 
 - When `install_method` is set to **api** (default)
-  - **Sensor Download** [read]
-  - **Sensor update policies** [read]
+   - **Sensor Download** [read]
+   - **Sensor update policies** [read]
 
 ## Platform Support
 

TESTING.md

@@ -19,19 +19,23 @@ export FALCON_CID=<Your Falcon CID>
 ```
 
 ### Using Dokken
+
 > Refer to the [kitchen.yml](kitchen.yml) for more details
 
 Run the following command to do a full test of all platforms:
+
 ```bash
 kitchen test # optionally pass -c for parallel runs
 ```
 
 To run only against Ubuntu and CentOS:
+
 ```bash
 kitchen test ubuntu|centos
 ```
 
 ### Using Vagrant (coming soon)
+
 > Refer to the [kitchen.vagrant.yml](kitchen.vagrant.yml) for more details.
 
 :exclamation: Until we figure out a clean way to pass ENV variables, this will be

documentation/falcon_config.md

@@ -10,7 +10,6 @@ The Default action is `:set`
 | **`:set`** | Set options for the Falcon sensor |
 | `:delete` | Delete options for the Falcon sensor |
 
-
 ## Properties
 
 | Name | Type | Default | Description |
@@ -23,7 +22,6 @@ The Default action is `:set`
 | provisioning_token | String |  | The provisioning token to use to register the agent
 | tag_membership | ["minimum", "inclusive"] | `minimum` | Whether specified tags should be treated as a complete list `inclusive` or as a list of tags to add to the existing list `minimum`
 
-
 ## Example
 
 ```ruby

documentation/falcon_install.md

@@ -25,7 +25,6 @@ The Default action is `:install`
 | install_method | ['api'] | `api` | The method to use to install the Falcon sensor
 | sensor_tmp_dir | String | `/tmp` | The directory to stage the Falcon package in
 
-
 ## Example
 
 ```ruby

documentation/falcon_service.md

@@ -20,7 +20,6 @@ The Default action is `:start`
 | :--- | :--- | :------ | :---------- |
 | service_name | String | `falcon-sensor` | The name of the falcon service
 
-
 ## Example
 
 ```ruby

kitchen.vagrant.yml

@@ -1,31 +1,40 @@
 ---
 driver:
   name: vagrant
-
-## The forwarded_port port feature lets you connect to ports on the VM guest
-## via localhost on the host.
-## see also: https://www.vagrantup.com/docs/networking/forwarded_ports
-
-#  network:
-#    - ["forwarded_port", {guest: 80, host: 8080}]
+  chef_version: <%= ENV['CHEF_VERSION'] || 'current' %>
+  chef_license: accept-no-persist
+  provision: true
+  provider: parallels
 
 provisioner:
   name: chef_zero
 
-  ## product_name and product_version specifies a specific Chef product and version to install.
-  ## see the Chef documentation for more details: https://docs.chef.io/workstation/config_yml_kitchen/
-  #  product_name: chef
-  #  product_version: 17
-
 verifier:
   name: inspec
 
+# NOTE: Right now, only RHEL based distros support ENV variables being passed
+# in by the lifecycle hooks. Also, RHEL 9 based distros have an issue with the
+# test kitchen SSH connection. So, we are skipping RHEL 9 for now.
 platforms:
-  - name: ubuntu-20.04
-  - name: centos-8
+  - name: almalinux-8
+  - name: centos-7
+
 
 suites:
   - name: default
+    run_list:
+      - recipe[test::default]
     verifier:
       inspec_tests:
         - test/integration/default
+
+lifecycle:
+  post_create:
+    - remote: |
+        sudo tee "/etc/profile.d/vars.sh" > "/dev/null" <<EOF
+        export FALCON_CLIENT_ID=<%= ENV['FALCON_CLIENT_ID'] %>
+        export FALCON_CLIENT_SECRET=<%= ENV['FALCON_CLIENT_SECRET'] %>
+        export FALCON_CLOUD=<%= ENV['FALCON_CLOUD'] %>
+        export FALCON_CID=<%= ENV['FALCON_CID'] %>
+        export FALCON_VERSION=<%= ENV['FALCON_VERSION'] || '6.44.14108' %>
+        EOF

kitchen.yml

@@ -3,15 +3,16 @@ driver:
   name: dokken
   privileged: true  # allows systemd services to start
   chef_version: <%= ENV['CHEF_VERSION'] || 'current' %>
-  chef_license: accept-no-persist
   env:
     - FALCON_CLIENT_ID=<%= ENV['FALCON_CLIENT_ID'] %>
     - FALCON_CLIENT_SECRET=<%= ENV['FALCON_CLIENT_SECRET'] %>
     - FALCON_CLOUD=<%= ENV['FALCON_CLOUD'] %>
     - FALCON_CID=<%= ENV['FALCON_CID'] %>
+    - FALCON_VERSION=<%= ENV['FALCON_VERSION'] || '6.44.14108' %>
 
 provisioner:
   name: dokken
+  chef_license: accept-no-persist
   deprecations_as_errors: true
   multiple_converge: 2
   enforce_idempotency: true
@@ -58,20 +59,38 @@ platforms:
       image: dokken/ubuntu-20.04
       pid_one_command: /bin/systemd
 
-  - name: opensuse-leap-15
-    driver:
-      image: dokken/opensuse-leap-15
-      pid_one_command: /usr/lib/systemd/systemd
+  # - name: opensuse-leap-15
+  #   driver:
+  #     image: dokken/opensuse-leap-15
+  #     pid_one_command: /usr/lib/systemd/systemd
 
-  - name: rockylinux-8
+  - name: rockylinux-9
     driver:
-      image: dokken/rockylinux-8
+      image: dokken/rockylinux-9
       pid_one_command: /usr/lib/systemd/systemd
 
 suites:
   - name: default
     run_list:
       - recipe[test::default]
-    verifier:
-      inspec_tests:
-        - test/integration/default
+  - name: install_api_version
+    run_list:
+      - recipe[test::install_api_version]
+  - name: install_api_policy
+    run_list:
+      - recipe[test::install_api_policy]
+  - name: install_api_decrement
+    run_list:
+      - recipe[test::install_api_decrement]
+  - name: install_cleanup_installer
+    run_list:
+      - recipe[test::install_cleanup_installer]
+  - name: config_set
+    run_list:
+      - recipe[test::config_set]
+  - name: config_delete
+    run_list:
+      - recipe[test::config_set]
+      - recipe[test::config_delete]
+    provisioner:
+      enforce_idempotency: false

libraries/helpers.rb

@@ -55,6 +55,10 @@ def os_name
 
       # Return *RHEL* for RHEL Family
       return '*RHEL*' if rhel?
+
+      # Return *SUSE* for SUSE Family
+      return '*SLES*' if suse?
+
       node['platform'].capitalize
     end
 
@@ -87,12 +91,11 @@ def sensor_download_info(client_id, client_secret, options)
         end
 
         installer = installers[version_decrement]
-        version = installer['version']
       end
 
       file_path = File.join(options[:sensor_tmp_dir], installer['name'])
 
-      version = version.gsub(/(\d+\.\d+)\.(\d+)/, '\1.0.\2') if platform_name.casecmp('Linux').zero?
+      version = installer['version'].gsub(/(\d+\.\d+)\.(\d+)/, '\1.0-\2') if platform_name.casecmp('Linux').zero?
       version += ".el#{os_version}".delete('*') if os_name.casecmp('*RHEL*').zero?
       version += ".amzn#{os_version}".delete('*')  if os_name.casecmp('Amazon Linux').zero?
 

ohai/falcon.rb

@@ -71,7 +71,7 @@ def get_billing
 
   collect_data(:default) do
     falcon Mash.new
-    falcon[:version] = [packages['falcon-sensor']['version'], packages['falcon-sensor']['release']].join('.') if packages['falcon-sensor']
+    falcon[:version] = [packages['falcon-sensor']['version'], packages['falcon-sensor']['release']].join('-') if packages['falcon-sensor']
     falcon[:aid] = get_aid
     falcon[:cid] = get_cid
     falcon[:tags] = get_tags

resources/config.rb

@@ -31,9 +31,10 @@ def define_resource_requirements
 end
 
 load_current_value do |new_resource|
-  desired_cid = new_resource.cid.split('-')[0]
-  if desired_cid.casecmp?(node.dig('falcon', 'cid'))
-    cid new_resource.cid
+  if !new_resource.cid.nil?
+    if new_resource.cid.split('-')[0].casecmp?(node.dig('falcon', 'cid'))
+      cid new_resource.cid
+    end
   else
     cid node.dig('falcon', 'cid')
   end
@@ -102,7 +103,7 @@ def delete_option(option)
 
 action :delete do
   if property_is_set?(:cid) && node.dig('falcon', 'cid')
-    converge_by "Deleting CID #{new_resource.cid}" do
+    converge_by 'Deleting CID' do
       delete_option('cid')
     end
   end

test/cookbooks/test/recipes/common.rb

@@ -0,0 +1,10 @@
+# Common recipes for most instllations
+falcon_config 'falcon' do
+  cid ENV['FALCON_CID']
+  notifies :restart, 'falcon_service[falcon]', :delayed
+  action :set
+end
+
+falcon_service 'falcon' do
+  action [:start, :enable]
+end

test/cookbooks/test/recipes/config_delete.rb

@@ -0,0 +1,9 @@
+falcon_config 'falcon' do
+  # cid ENV['FALCON_CID']
+  proxy_host 'http://proxy.example.com'
+  proxy_port 8080
+  proxy_enabled true
+  tags %w(tag1 tag2)
+  notifies :restart, 'falcon_service[falcon]', :delayed
+  action :delete
+end

test/cookbooks/test/recipes/config_set.rb

@@ -0,0 +1,20 @@
+falcon_install 'falcon' do
+  client_id ENV['FALCON_CLIENT_ID']
+  client_secret ENV['FALCON_CLIENT_SECRET']
+  falcon_cloud ENV['FALCON_CLOUD']
+  action :install
+end
+
+falcon_config 'falcon' do
+  cid ENV['FALCON_CID']
+  proxy_host 'http://proxy.example.com'
+  proxy_port 8080
+  proxy_enabled true
+  tags %w(tag1 tag2)
+  notifies :restart, 'falcon_service[falcon]', :delayed
+  action :set
+end
+
+falcon_service 'falcon' do
+  action [:start, :enable]
+end