Add verifier.groups.x.backend; document attrs

This attribute allows a group to specify an InSpec backend.
newcontext-oss · Jul 25, 2018 · 21c0caf · 21c0caf
1 parent b51390c
commit 21c0caf
Show file tree

Hide file tree

Showing 24 changed files with 175 additions and 488 deletions.
diff --git a/Rakefile b/Rakefile
@@ -300,7 +300,7 @@ namespace :tests do
 
       execute_kitchen_terraform(
         grep_pattern:
-          "Test Summary: 1 successful, 0 failures, 0 skipped.*Test Summary: 1 successful, 0 failures, 0 skipped",
+          "Test Summary: 1 successful, 0 failures, 0 skipped.*Test Summary: 3 successful, 0 failures, 0 skipped",
         terraform_path:
           current_task
             .prerequisites

diff --git a/integration/Shell Words/.kitchen.yml → integration/Shell Words/kitchen.yml b/integration/Shell Words/.kitchen.yml → integration/Shell Words/kitchen.yml
@@ -19,12 +19,17 @@ verifier:
   name: terraform
   groups:
     - name: container
+      backend: docker
       controls:
         - operating_system
-      port: 2222
       hostnames: hostnames
     - name: localhost
+      attrs:
+        - test/integration/example/first attrs.yml
+        - test/integration/example/second attrs.yml
+      backend: local
       controls:
+        - attrs
         - state_files
 
 platforms:

diff --git a/integration/Shell Words/main.tf b/integration/Shell Words/main.tf
@@ -27,9 +27,4 @@ resource "docker_container" "ubuntu" {
   image    = "${docker_image.ubuntu.name}"
   must_run = true
   name     = "${var.docker_container_name}"
-
-  ports {
-    external = 2222
-    internal = 22
-  }
 }
diff --git a/integration/Shell Words/outputs.tf b/integration/Shell Words/outputs.tf
@@ -5,5 +5,5 @@ output "backend_state" {
 
 output "hostnames" {
   description = "The hostnames to test"
-  value       = ["localhost"]
+  value       = ["${docker_container.ubuntu.name}"]
 }
diff --git a/integration/Shell Words/test/integration/example/controls/attrs.rb b/integration/Shell Words/test/integration/example/controls/attrs.rb
@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+first_attribute = attribute "first",
+                  default: "first attrs.yml was not loaded",
+                  description: "This value should be loaded from test/integration/example/first attrs.yml."
+
+second_attribute = attribute "second",
+                   default: "second attrs.yml was not loaded",
+                   description: "This value should be loaded from test/integration/example/second attrs.yml."
+
+control "attrs" do
+  desc "This control validates that the elements of the verifier.groups.x.attrs attribute are successfully passed to " \
+         "InSpec as attrs."
+
+  describe first_attribute do
+    it do
+      should eq "first attrs.yml was loaded"
+    end
+  end
+
+  describe second_attribute do
+    it do
+      should eq "second attrs.yml was loaded"
+    end
+  end
+end
diff --git a/integration/Shell Words/test/integration/example/controls/operating_system.rb b/integration/Shell Words/test/integration/example/controls/operating_system.rb
@@ -1,9 +1,11 @@
 # frozen_string_literal: true
 
 control "operating_system" do
-  describe "the operating system" do
-    subject do command("lsb_release -a").stdout end
+  desc "This control validates the platform family of the operating system."
 
-    it "is Ubuntu" do is_expected.to match /Ubuntu/ end
+  describe os.family do
+    it do
+      should eq "debian"
+    end
   end
 end
diff --git a/integration/Shell Words/test/integration/example/first attrs.yml b/integration/Shell Words/test/integration/example/first attrs.yml
@@ -0,0 +1 @@
+first: first attrs.yml was loaded
diff --git a/integration/Shell Words/test/integration/example/second attrs.yml b/integration/Shell Words/test/integration/example/second attrs.yml
@@ -0,0 +1 @@
+second: second attrs.yml was loaded
diff --git a/integration/basic/kitchen.yml b/integration/basic/kitchen.yml
@@ -13,14 +13,15 @@ verifier:
   name: terraform
   groups:
     - name: container
+      backend: docker
       controls:
         - operating_system
-      port: 2222
       hostnames: hostnames
     - name: localhost
       attrs:
         - test/integration/example/first_attrs.yml
         - test/integration/example/second_attrs.yml
+      backend: local
       controls:
         - attrs
         - state_files

diff --git a/integration/basic/main.tf b/integration/basic/main.tf
@@ -27,9 +27,4 @@ resource "docker_container" "ubuntu" {
   image    = "${docker_image.ubuntu.name}"
   must_run = true
   name     = "ubuntu_container"
-
-  ports {
-    external = 2222
-    internal = 22
-  }
 }
diff --git a/integration/basic/outputs.tf b/integration/basic/outputs.tf
@@ -5,5 +5,5 @@ output "backend_state" {
 
 output "hostnames" {
   description = "The hostnames to test"
-  value       = ["localhost"]
+  value       = ["${docker_container.ubuntu.name}"]
 }
diff --git a/integration/basic/test/integration/example/controls/operating_system.rb b/integration/basic/test/integration/example/controls/operating_system.rb
@@ -1,9 +1,11 @@
 # frozen_string_literal: true
 
 control "operating_system" do
-  describe "the operating system" do
-    subject do command("lsb_release -a").stdout end
+  desc "This control validates the platform family of the operating system."
 
-    it "is Ubuntu" do is_expected.to match /Ubuntu/ end
+  describe os.family do
+    it do
+      should eq "debian"
+    end
   end
 end
diff --git a/integration/no_outputs_defined/.kitchen.yml → integration/no_outputs_defined/kitchen.yml b/integration/no_outputs_defined/.kitchen.yml → integration/no_outputs_defined/kitchen.yml
@@ -9,6 +9,7 @@ verifier:
   name: terraform
   groups:
     - name: no_outputs_defined
+      backend: local
 
 platforms:
   - name: localhost

diff --git a/integration/rake_tasks/.kitchen.yml → integration/rake_tasks/kitchen.yml b/integration/rake_tasks/.kitchen.yml → integration/rake_tasks/kitchen.yml
@@ -13,11 +13,12 @@ verifier:
   name: terraform
   groups:
     - name: container
+      backend: docker
       controls:
         - operating_system
-      port: 2222
       hostnames: hostnames
     - name: localhost
+      backend: local
       controls:
         - state_files
 

diff --git a/integration/rake_tasks/main.tf b/integration/rake_tasks/main.tf
@@ -27,19 +27,4 @@ resource "docker_container" "ubuntu" {
   image    = "${docker_image.ubuntu.name}"
   must_run = true
   name     = "ubuntu_container"
-
-  ports {
-    external = 2222
-    internal = 22
-  }
-}
-
-output "backend_state" {
-  description = "The path to the backend state file"
-  value       = "${path.module}/terraform.tfstate.d/${terraform.workspace}/terraform.tfstate"
-}
-
-output "hostnames" {
-  description = "The hostnames to test"
-  value       = ["localhost"]
 }
diff --git a/integration/rake_tasks/outputs.tf b/integration/rake_tasks/outputs.tf
@@ -0,0 +1,9 @@
+output "backend_state" {
+  description = "The path to the backend state file"
+  value       = "${path.module}/terraform.tfstate.d/${terraform.workspace}/terraform.tfstate"
+}
+
+output "hostnames" {
+  description = "The hostnames to test"
+  value       = ["${docker_container.ubuntu.name}"]
+}
diff --git a/integration/rake_tasks/test/integration/example/controls/operating_system.rb b/integration/rake_tasks/test/integration/example/controls/operating_system.rb
@@ -1,9 +1,11 @@
 # frozen_string_literal: true
 
 control "operating_system" do
-  describe "the operating system" do
-    subject do command("lsb_release -a").stdout end
+  desc "This control validates the platform family of the operating system."
 
-    it "is Ubuntu" do is_expected.to match /Ubuntu/ end
+  describe os.family do
+    it do
+      should eq "debian"
+    end
   end
 end
diff --git a/lib/kitchen/terraform/config_attribute/groups.rb b/lib/kitchen/terraform/config_attribute/groups.rb
@@ -32,8 +32,8 @@
 # Example::
 #   _
 #     groups:
-#       -
-#         name: a_group
+#       - name: a_group
+#         backend: local
 #
 # ===== attributes
 #
@@ -51,9 +51,39 @@
 #         name: a_group_with_overridden_attributes
 #         attributes:
 #           an_attribute: an_output
+#         backend: local
 # Caveat:: As all Terraform outputs are associated with equivalently named InSpec profile attributes by default, this
 #          key is only necessary to provide alternative attribute names.
 #
+# ===== attrs
+#
+# This key comprises the paths to
+# {https://www.inspec.io/docs/reference/profiles/#profile-attributes InSpec profile attributes} files.
+#
+# Type:: {http://www.yaml.org/spec/1.2/spec.html#id2760118 Sequince of scalars}
+# Required:: False
+# Example::
+#   _
+#     groups:
+#       -
+#         name: a_group_with_profile_attributes
+#         attrs:
+#           - /path/to/first_attributes.yml
+#           - /path/to/second_attributes.yml
+#         backend: local
+#
+# ===== backend
+#
+# This key contains the type of InSpec backend to be used for making a connection to hosts.
+#
+# Type:: {http://www.yaml.org/spec/1.2/spec.html#id2760844 Scalar}
+# Required:: True
+# Example::
+#   _
+#     groups:
+#       - name: a_group_with_a_backend
+#         backend: docker
+#
 # ===== controls
 #
 # This key comprises the names of {https://www.inspec.io/docs/reference/dsl_inspec/ InSpec controls} to exclusively

diff --git a/lib/kitchen/terraform/config_schemas/groups.rb b/lib/kitchen/terraform/config_schemas/groups.rb
@@ -32,13 +32,9 @@
         .each do
           schema do
             required(:name).filled :str?
+            required(:backend).filled :str?
             optional(:attributes).value :hash_of_symbols_and_strings?
-
-            optional(:attrs)
-              .each(
-                :str?,
-                :filled?
-              )
+            optional(:attrs).each(:str?, :filled?)
 
             optional(:controls)
               .each(

diff --git a/lib/kitchen/verifier/terraform.rb b/lib/kitchen/verifier/terraform.rb
@@ -39,8 +39,8 @@ module ::Kitchen::Verifier
 # manner similar to the following command-line command.
 #
 #   inspec exec \
-#     [--attrs=<terraform_outputs>] \
-#     --backend=<ssh|local> \
+#     [--attrs=<group.attrs>] \
+#     --backend=<group.backend> \
 #     [--no-color] \
 #     [--controls=<group.controls>] \
 #     --host=<group.hostnames.current|localhost> \
@@ -179,11 +179,7 @@ def configure_inspec_connection_options(transport_connection_options:)
 
   # @api private
   def configure_inspec_group_connection_options(group:, hostname:)
-    ::Kitchen::Verifier::Terraform::ConfigureInspecRunnerBackend
-      .call(
-        hostname: hostname,
-        options: inspec_options
-      )
+    inspec_options.store :backend, group.fetch(:backend)
 
     ::Kitchen::Verifier::Terraform::ConfigureInspecRunnerHost
       .call(
@@ -212,8 +208,7 @@ def configure_inspec_group_connection_options(group:, hostname:)
 
   # @api private
   def configure_inspec_profile_options(group:)
-    inspec_options.store(
-      :attrs, group.fetch(:attrs) do
+    inspec_options.store(:attrs, group.fetch(:attrs) do
         []
       end
     )
@@ -236,7 +231,6 @@ def configure_inspec_profile_options(group:)
   def configure_inspec_miscellaneous_options
     inspec_options
       .merge!(
-        "backend" => "ssh",
         "color" => config_color,
         "logger" => logger,
         "sudo" => false,
@@ -311,7 +305,6 @@ def verify(group:, hostname:)
 end
 
 require "kitchen/verifier/terraform/configure_inspec_runner_attributes"
-require "kitchen/verifier/terraform/configure_inspec_runner_backend"
 require "kitchen/verifier/terraform/configure_inspec_runner_controls"
 require "kitchen/verifier/terraform/configure_inspec_runner_host"
 require "kitchen/verifier/terraform/configure_inspec_runner_port"

diff --git a/lib/kitchen/verifier/terraform/configure_inspec_runner_backend.rb b/lib/kitchen/verifier/terraform/configure_inspec_runner_backend.rb