Merge pull request #114 from atomic111/master

Use new InSpec integration tests

.kitchen.vagrant.yml

@@ -0,0 +1,60 @@
+---
+driver:
+  name: vagrant
+
+provisioner:
+  name: chef_solo
+
+platforms:
+- name: ubuntu-12.04
+  driver_config:
+    box: ubuntu/precise64
+    box_url: https://atlas.hashicorp.com/ubuntu/boxes/precise64/versions/20150730.1.0/providers/virtualbox.box
+- name: ubuntu-14.04
+  driver_config:
+    box: ubuntu/trusty64
+    box_url: https://atlas.hashicorp.com/ubuntu/boxes/trusty64/versions/20150609.0.10/providers/virtualbox.box
+- name: centos-6.4
+  driver_config:
+    box: opscode-centos-6.4
+    box_url: https://opscode-vm.s3.amazonaws.com/vagrant/opscode_centos-6.4_provisionerless.box
+- name: centos-6.5
+  driver_config:
+    box: opscode-centos-6.5
+    box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_centos-6.5_chef-provisionerless.box
+- name: centos-7.1
+  driver_config:
+    box: opscode-centos-7.1
+    box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_centos-7.1_chef-provisionerless.box
+- name: oracle-6.4
+  driver_config:
+    box: oracle-6.4
+    box_url: https://storage.us2.oraclecloud.com/v1/istoilis-istoilis/vagrant/oel64-64.box
+- name: oracle-6.5
+  driver_config:
+    box: oracle-6.5
+    box_url: https://storage.us2.oraclecloud.com/v1/istoilis-istoilis/vagrant/oel65-64.box
+- name: debian-6
+  driver_config:
+    box: ffuenf/debian-6.0.10-amd64
+    box_url: https://atlas.hashicorp.com/ffuenf/boxes/debian-6.0.10-amd64/versions/1.0.11/providers/virtualbox.box
+- name: debian-7
+  driver_config:
+    box: debian/wheezy64
+    box_url: https://atlas.hashicorp.com/debian/boxes/wheezy64/versions/7.8.5/providers/virtualbox.box
+- name: debian-8
+  driver_config:
+    box: debian/jessie64
+    box_url: https://atlas.hashicorp.com/debian/boxes/jessie64/versions/8.1.0/providers/virtualbox.box
+
+verifier:
+  name: inspec
+  sudo: true
+
+suites:
+- name: default
+  run_list:
+  - recipe[ssh-hardening]
+  verifier:
+    inspec_tests:
+      - https://github.com/dev-sec/tests-ssh-hardening

.kitchen.yml

@@ -1,53 +1,78 @@
 ---
 driver:
-  name: vagrant
+  name: dokken
+  chef_version: 12.5.1
+  privileged: true # because Docker and SystemD/Upstart
+
+transport:
+  name: dokken
+
 provisioner:
-  name: chef_solo
-  test_repo_uri: https://github.com/TelekomLabs/tests-ssh-hardening.git
+  name: dokken
+
+verifier:
+  name: inspec
+  sudo: true
+
 platforms:
 - name: ubuntu-12.04
-  driver_config:
-    box: ubuntu/precise64
-    box_url: https://atlas.hashicorp.com/ubuntu/boxes/precise64/versions/20150730.1.0/providers/virtualbox.box
+  driver:
+    image: ubuntu:12.04
 - name: ubuntu-14.04
-  driver_config:
-    box: ubuntu/trusty64
-    box_url: https://atlas.hashicorp.com/ubuntu/boxes/trusty64/versions/20150609.0.10/providers/virtualbox.box
-- name: centos-6.4
-  driver_config:
-    box: opscode-centos-6.4
-    box_url: https://opscode-vm.s3.amazonaws.com/vagrant/opscode_centos-6.4_provisionerless.box
-- name: centos-6.5
-  driver_config:
-    box: opscode-centos-6.5
-    box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_centos-6.5_chef-provisionerless.box
-- name: centos-7.1
-  driver_config:
-    box: opscode-centos-7.1
-    box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_centos-7.1_chef-provisionerless.box
-- name: oracle-6.4
-  driver_config:
-    box: oracle-6.4
-    box_url: https://storage.us2.oraclecloud.com/v1/istoilis-istoilis/vagrant/oel64-64.box
-- name: oracle-6.5
-  driver_config:
-    box: oracle-6.5
-    box_url: https://storage.us2.oraclecloud.com/v1/istoilis-istoilis/vagrant/oel65-64.box
-- name: debian-6
-  driver_config:
-    box: ffuenf/debian-6.0.10-amd64
-    box_url: https://atlas.hashicorp.com/ffuenf/boxes/debian-6.0.10-amd64/versions/1.0.11/providers/virtualbox.box
+  driver:
+    image: ubuntu:14.04
+- name: ubuntu-15.10
+  driver:
+    image: ubuntu:15.10
+    pid_one_command: /bin/systemd
+- name: ubuntu-16.04
+  driver:
+    image: ubuntu:16.04
+    intermediate_instructions:
+    - RUN /usr/bin/apt-get update
+    pid_one_command: /bin/systemd
+- name: centos-6.6
+  driver:
+    image: centos:6.6
+- name: centos-6.7
+  driver:
+    image: centos:6.7
+    intermediate_instructions:
+      - RUN yum install -y initscripts
+- name: centos-7
+  driver:
+    image: centos:7
+    pid_one_command: /usr/lib/systemd/systemd
+- name: oracle-6.6
+  driver:
+    image: oraclelinux:6.6
+- name: oracle-6.7
+  driver:
+    image: oraclelinux:6.7
+- name: oracle-7.1
+  driver:
+    image: oraclelinux:7.1
+    pid_one_command: /usr/lib/systemd/systemd
 - name: debian-7
-  driver_config:
-    box: debian/wheezy64
-    box_url: https://atlas.hashicorp.com/debian/boxes/wheezy64/versions/7.8.5/providers/virtualbox.box
+  driver:
+    image: debian:7
+    intermediate_instructions:
+    - RUN /usr/bin/apt-get update
+    - RUN /usr/bin/apt-get install -y procps
 - name: debian-8
-  driver_config:
-    box: debian/jessie64
-    box_url: https://atlas.hashicorp.com/debian/boxes/jessie64/versions/8.1.0/providers/virtualbox.box
-verifier:
-  name: inspec
+  driver:
+    image: debian:8
+    intermediate_instructions:
+    - RUN /usr/bin/apt-get update
+    - RUN /usr/bin/apt-get install -y procps
+    pid_one_command: /bin/systemd
+
 suites:
 - name: default
   run_list:
-  - - role[ssh]
+  - recipe[apt]
+  - recipe[yum]
+  - recipe[ssh-hardening::default]
+  verifier:
+    inspec_tests:
+      - https://github.com/dev-sec/tests-ssh-hardening

.rubocop.yml

@@ -5,6 +5,7 @@ AllCops:
   - test/**/*
   - metadata.rb
   - Berksfile
+  - Guardfile
 Documentation:
   Enabled: false
 AlignParameters:

.travis.yml

@@ -1,9 +1,28 @@
 ---
-rvm:
-- 2.0.0
-- 2.1.3
-gemfile:
-- Gemfile
-- gemfile.chef-11
+sudo: required
 language: ruby
-bundler_args: "--without development integration openstack"
+cache: bundler
+dist: trusty
+
+services:
+- docker
+
+before_install:
+- gem --version
+- bundle version
+
+matrix:
+  include:
+  # verify lint and unit
+  - rvm: 2.3.1
+    gemfile: Gemfile
+    bundler_args: "--without integration guard tools"
+  # integration tests
+  - rvm: 2.3.1
+    bundler_args: "--without guard tools"
+    script: bundle exec rake test:integration OS='centos oracle'
+    gemfile: Gemfile
+  - rvm: 2.3.1
+    bundler_args: "--without guard tools"
+    script: bundle exec rake test:integration OS='ubuntu debian'
+    gemfile: Gemfile

Berksfile

@@ -2,4 +2,6 @@ source "https://supermarket.getchef.com"
 
 metadata
 
-cookbook "chef-solo-search", :git => "https://github.com/edelight/chef-solo-search"
+cookbook "chef-solo-search", :git => "https://github.com/edelight/chef-solo-search"
+cookbook "apt"
+cookbook "yum"

Gemfile

@@ -4,16 +4,20 @@ source 'https://rubygems.org'
 
 gem 'berkshelf',  '~> 4.0'
 gem 'chef',       '>= 12.0'
-gem 'inspec', '~> 0.9'
+
+# pin dependency for Ruby 1.9.3 since bundler is not
+# detecting that net-ssh 3 does not work with 1.9.3
+if Gem::Version.new(RUBY_VERSION) <= Gem::Version.new('1.9.3')
+  gem 'net-ssh', '~> 2.9'
+end
 
 group :test do
   gem 'rake'
   gem 'chefspec',   '~> 4.2.0'
   gem 'foodcritic', '~> 4.0'
   gem 'thor-foodcritic'
-  gem 'rubocop',    '~> 0.28.0'
+  gem 'rubocop',    '~> 0.31.0'
   gem 'coveralls',  require: false
-  gem 'bundler', '~> 1.5'
   gem 'minitest', '~> 5.5'
   gem 'simplecov', '~> 0.10'
 end
@@ -29,15 +33,12 @@ end
 group :integration do
   gem 'test-kitchen', '~> 1.0'
   gem 'kitchen-vagrant'
-  gem 'kitchen-inspec', '~> 0.9'
+  gem 'kitchen-inspec'
   gem 'kitchen-sharedtests', '~> 0.2.0'
   gem 'concurrent-ruby', '~> 0.9'
-end
-
-group :openstack do
-  gem 'kitchen-openstack'
+  gem 'kitchen-dokken'
 end
 
 group :tools do
-  gem 'github_changelog_generator', '~> 1'
+  gem 'github_changelog_generator', '~> 1.12.0'
 end

Rakefile

@@ -9,16 +9,11 @@ require 'rubocop/rake_task'
 
 # Rubocop before rspec so we don't lint vendored cookbooks
 desc 'Run all tests except Kitchen (default task)'
-task integration: %w(rubocop foodcritic spec)
-task default: [:integration]
-
-# Lint the cookbook
-desc 'Run linters'
-task lint: [:rubocop, :foodcritic]
+task default: [:lint, :spec]
 
 # Lint the cookbook
 desc 'Run all linters: rubocop and foodcritic'
-task run_all_linters: [:rubocop, :foodcritic]
+task lint: [:rubocop, :foodcritic]
 
 # Run the whole shebang
 desc 'Run all tests'
@@ -51,17 +46,6 @@ task :rubocop do
   RuboCop::RakeTask.new
 end
 
-begin
-  require 'kitchen/rake_tasks'
-  Kitchen::RakeTasks.new
-
-  desc 'Alias for kitchen:all'
-  task acceptance: 'kitchen:all'
-
-rescue LoadError
-  puts '>>>>> Kitchen gem not loaded, omitting tasks' unless ENV['CI']
-end
-
 # Automatically generate a changelog for this project. Only loaded if
 # the necessary gem is installed.
 begin
@@ -70,3 +54,11 @@ begin
 rescue LoadError
   puts '>>>>> GitHub Changelog Generator not loaded, omitting tasks'
 end
+
+namespace :test do
+  task :integration do
+    concurrency = ENV['CONCURRENCY'] || 1
+    os = ENV['OS'] || ''
+    sh('sh', '-c', "bundle exec kitchen test -c #{concurrency} #{os}")
+  end
+end

gemfile.chef-11

@@ -2,9 +2,14 @@
 
 source 'https://rubygems.org'
 
-gem 'berkshelf',  '~> 4.0'
 gem 'chef',       '~> 11.18'
 
+# pin dependency for Ruby 1.9.3 since bundler is not
+# detecting that net-ssh 3 does not work with 1.9.3
+if Gem::Version.new(RUBY_VERSION) <= Gem::Version.new('1.9.3')
+  gem 'net-ssh', '~> 2.9'
+end
+
 group :test do
   gem 'rake'
   gem 'chefspec',   '~> 4.1.1'
@@ -25,9 +30,7 @@ end
 group :integration do
   gem 'test-kitchen', '~> 1.0'
   gem 'kitchen-vagrant'
+  gem 'kitchen-inspec'
+  gem 'kitchen-dokken'
   gem 'kitchen-sharedtests', '~> 0.2.0'
 end
-
-group :openstack do
-  gem 'kitchen-openstack'
-end

spec/recipes/server_spec.rb

@@ -366,12 +366,12 @@
     cached(:chef_run) do
       ChefSpec::ServerRunner.new do |_node, server|
         server.create_data_bag(
-        'users',
-        'user1' => { id: 'user1', ssh_rootkey: 'key-user1' },
-        'user2' => { id: 'user2', ssh_rootkey: 'key-user2' },
-        'user3' => { id: 'user3', ssh_rootkeys: %w(key1-user3 key2-user3) },
-        'user4' => { id: 'user4', ssh_rootkeys: %w(key1-user4) }
-      )
+          'users',
+          'user1' => { id: 'user1', ssh_rootkey: 'key-user1' },
+          'user2' => { id: 'user2', ssh_rootkey: 'key-user2' },
+          'user3' => { id: 'user3', ssh_rootkeys: %w(key1-user3 key2-user3) },
+          'user4' => { id: 'user4', ssh_rootkeys: %w(key1-user4) }
+        )
       end.converge(described_recipe)
     end