newcontext-oss · KevinBuchs · Aug 7, 2019 · Sep 5, 2018
diff --git a/.kitchen.yml b/.kitchen.yml
@@ -2,19 +2,24 @@
 driver:
   name: terraform
   root_module_directory: test/fixtures/tf_module
+  variables:
+    gcloud_project: <%= ENV['GCLOUD_PROJECT'] %>
 
 provisioner:
   name: terraform
 
 verifier:
   name: terraform
-  groups:
-    - name: default
+  systems:
+    -
+      name: default
+      backend: gcp
       controls:
         - instance
 
-suites:
-  - name: kt_suite
-
 platforms:
-  - name: terraform
+  - name: gcp
+
+suites:
+  -
+    name: kt_suite
diff --git a/Gemfile b/Gemfile
@@ -1,3 +1,5 @@
 source 'https://rubygems.org/' do
-  gem 'kitchen-terraform'
-end
+  gem 'inspec', '~> 2.2.35'
+  gem 'kitchen-google', '~> 1.5'
+  gem 'kitchen-terraform', '~> 4.0.0'
+end
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -3,19 +3,23 @@ GEM
   specs:
     addressable (2.5.2)
       public_suffix (>= 2.0.2, < 4.0)
-    aws-sdk (2.11.46)
-      aws-sdk-resources (= 2.11.46)
-    aws-sdk-core (2.11.46)
+    aws-sdk (2.11.123)
+      aws-sdk-resources (= 2.11.123)
+    aws-sdk-core (2.11.123)
       aws-sigv4 (~> 1.0)
       jmespath (~> 1.0)
-    aws-sdk-resources (2.11.46)
-      aws-sdk-core (= 2.11.46)
-    aws-sigv4 (1.0.2)
-    azure_mgmt_resources (0.16.0)
-      ms_rest_azure (~> 0.10.0)
+    aws-sdk-resources (2.11.123)
+      aws-sdk-core (= 2.11.123)
+    aws-sigv4 (1.0.3)
+    azure_graph_rbac (0.17.0)
+      ms_rest_azure (~> 0.11.0)
+    azure_mgmt_resources (0.17.0)
+      ms_rest_azure (~> 0.11.0)
     builder (3.2.3)
     coderay (1.1.2)
     concurrent-ruby (1.0.5)
+    declarative (0.0.10)
+    declarative-option (0.1.0)
     diff-lcs (1.3)
     docker-api (1.34.2)
       excon (>= 0.47.0)
@@ -27,50 +31,68 @@ GEM
     dry-container (0.6.0)
       concurrent-ruby (~> 1.0)
       dry-configurable (~> 0.1, >= 0.1.3)
-    dry-core (0.4.5)
+    dry-core (0.4.7)
       concurrent-ruby (~> 1.0)
     dry-equalizer (0.2.1)
+    dry-inflector (0.1.2)
     dry-logic (0.4.2)
       dry-container (~> 0.2, >= 0.2.6)
       dry-core (~> 0.2)
       dry-equalizer (~> 0.2)
-    dry-types (0.12.2)
+    dry-types (0.13.2)
       concurrent-ruby (~> 1.0)
-      dry-configurable (~> 0.1)
       dry-container (~> 0.3)
-      dry-core (~> 0.2, >= 0.2.1)
+      dry-core (~> 0.4, >= 0.4.4)
       dry-equalizer (~> 0.2)
+      dry-inflector (~> 0.1, >= 0.1.2)
       dry-logic (~> 0.4, >= 0.4.2)
-      inflecto (~> 0.0.0, >= 0.0.2)
-    dry-validation (0.11.1)
+    dry-validation (0.12.2)
       concurrent-ruby (~> 1.0)
       dry-configurable (~> 0.1, >= 0.1.3)
       dry-core (~> 0.2, >= 0.2.1)
       dry-equalizer (~> 0.2)
       dry-logic (~> 0.4, >= 0.4.0)
-      dry-types (~> 0.12.0)
+      dry-types (~> 0.13.1)
     erubis (2.7.0)
     excon (0.62.0)
-    faraday (0.15.0)
+    faraday (0.15.2)
       multipart-post (>= 1.2, < 3)
     faraday-cookie_jar (0.0.6)
       faraday (>= 0.7.4)
       http-cookie (~> 1.0.0)
-    ffi (1.9.23)
+    faraday_middleware (0.12.2)
+      faraday (>= 0.7.4, < 1.0)
+    ffi (1.9.25)
+    gcewinpass (1.1.0)
+      google-api-client (~> 0.13)
+    google-api-client (0.19.8)
+      addressable (~> 2.5, >= 2.5.1)
+      googleauth (>= 0.5, < 0.7.0)
+      httpclient (>= 2.8.1, < 3.0)
+      mime-types (~> 3.0)
+      representable (~> 3.0)
+      retriable (>= 2.0, < 4.0)
+    googleauth (0.6.6)
+      faraday (~> 0.12)
+      jwt (>= 1.4, < 3.0)
+      memoist (~> 0.12)
+      multi_json (~> 1.11)
+      os (>= 0.9, < 2.0)
+      signet (~> 0.7)
     gssapi (1.2.0)
       ffi (>= 1.0.1)
     gyoku (1.3.1)
       builder (>= 2.1.2)
-    hashie (3.5.7)
+    hashie (3.6.0)
     htmlentities (4.3.4)
     http-cookie (1.0.3)
       domain_name (~> 0.5)
     httpclient (2.8.3)
-    inflecto (0.0.2)
     inifile (3.0.0)
-    inspec (2.1.68)
+    inspec (2.2.78)
       addressable (~> 2.4)
       faraday (>= 0.9.0)
+      faraday_middleware (~> 0.12.2)
       hashie (~> 3.4)
       htmlentities
       json (>= 1.8, < 3.0)
@@ -86,36 +108,41 @@ GEM
       sslshake (~> 1.2)
       thor (~> 0.20)
       tomlrb (~> 1.2)
-      train (~> 1.4)
+      train (~> 1.4, >= 1.4.35)
     jmespath (1.4.0)
     json (2.1.0)
-    kitchen-inspec (0.23.1)
-      hashie (~> 3.4)
-      inspec (>= 0.34.0, < 3.0.0)
-      test-kitchen (~> 1.6)
-    kitchen-terraform (3.3.1)
+    jwt (2.1.0)
+    kitchen-google (1.5.0)
+      gcewinpass (~> 1.1)
+      google-api-client (~> 0.19)
+      test-kitchen
+    kitchen-terraform (4.0.0)
       dry-types (~> 0.9)
       dry-validation (~> 0.10)
-      kitchen-inspec (~> 0.18)
+      inspec (>= 2.2.34, < 3)
       mixlib-shellout (~> 2.2)
-      test-kitchen (~> 1.16)
+      test-kitchen (~> 1.23)
     little-plugger (1.1.4)
     logging (2.2.2)
       little-plugger (~> 1.1)
       multi_json (~> 1.10)
+    memoist (0.16.0)
     method_source (0.9.0)
-    mixlib-install (3.9.3)
+    mime-types (3.2.2)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2018.0812)
+    mixlib-install (3.11.5)
       mixlib-shellout
       mixlib-versioning
       thor
     mixlib-log (2.0.4)
-    mixlib-shellout (2.3.2)
+    mixlib-shellout (2.4.0)
     mixlib-versioning (1.2.2)
     ms_rest (0.7.2)
       concurrent-ruby (~> 1.0)
       faraday (~> 0.9)
       timeliness (~> 0.3)
-    ms_rest_azure (0.10.6)
+    ms_rest_azure (0.11.0)
       concurrent-ruby (~> 1.0)
       faraday (~> 0.9)
       faraday-cookie_jar (~> 0.0.6)
@@ -128,33 +155,44 @@ GEM
     net-ssh-gateway (1.3.0)
       net-ssh (>= 2.6.5)
     nori (2.6.0)
+    os (1.0.0)
     parallel (1.12.1)
     parslet (1.8.2)
     pry (0.11.3)
       coderay (~> 1.1.0)
       method_source (~> 0.9.0)
-    public_suffix (3.0.2)
-    rspec (3.7.0)
-      rspec-core (~> 3.7.0)
-      rspec-expectations (~> 3.7.0)
-      rspec-mocks (~> 3.7.0)
-    rspec-core (3.7.1)
-      rspec-support (~> 3.7.0)
-    rspec-expectations (3.7.0)
+    public_suffix (3.0.3)
+    representable (3.0.4)
+      declarative (< 0.1.0)
+      declarative-option (< 0.2.0)
+      uber (< 0.2.0)
+    retriable (3.1.2)
+    rspec (3.8.0)
+      rspec-core (~> 3.8.0)
+      rspec-expectations (~> 3.8.0)
+      rspec-mocks (~> 3.8.0)
+    rspec-core (3.8.0)
+      rspec-support (~> 3.8.0)
+    rspec-expectations (3.8.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.7.0)
+      rspec-support (~> 3.8.0)
     rspec-its (1.2.0)
       rspec-core (>= 3.0.0)
       rspec-expectations (>= 3.0.0)
-    rspec-mocks (3.7.0)
+    rspec-mocks (3.8.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.7.0)
-    rspec-support (3.7.1)
+      rspec-support (~> 3.8.0)
+    rspec-support (3.8.0)
     rubyntlm (0.6.2)
-    rubyzip (1.2.1)
+    rubyzip (1.2.2)
     semverse (2.0.0)
+    signet (0.9.1)
+      addressable (~> 2.3)
+      faraday (~> 0.9)
+      jwt (>= 1.5, < 3.0)
+      multi_json (~> 1.10)
     sslshake (1.2.0)
-    test-kitchen (1.21.2)
+    test-kitchen (1.23.2)
       mixlib-install (~> 3.6)
       mixlib-shellout (>= 1.2, < 3.0)
       net-scp (~> 1.1)
@@ -166,18 +204,22 @@ GEM
       winrm-fs (~> 1.1)
     thor (0.20.0)
     timeliness (0.3.8)
-    tomlrb (1.2.6)
-    train (1.4.4)
+    tomlrb (1.2.7)
+    train (1.4.35)
       aws-sdk (~> 2)
+      azure_graph_rbac (~> 0.16)
       azure_mgmt_resources (~> 0.15)
       docker-api (~> 1.26)
+      google-api-client (~> 0.19.8)
+      googleauth (~> 0.6.2)
       inifile
       json (>= 1.8, < 3.0)
       mixlib-shellout (~> 2.0)
       net-scp (~> 1.2)
-      net-ssh (>= 2.9, < 5.0)
+      net-ssh (>= 2.9, < 6.0)
       winrm (~> 2.0)
       winrm-fs (~> 1.0)
+    uber (0.1.0)
     unf (0.1.4)
       unf_ext
     unf_ext (0.0.7.5)
@@ -193,7 +235,7 @@ GEM
     winrm-elevated (1.1.0)
       winrm (~> 2.0)
       winrm-fs (~> 1.0)
-    winrm-fs (1.2.0)
+    winrm-fs (1.3.0)
       erubis (~> 2.7)
       logging (>= 1.6.1, < 3.0)
       rubyzip (~> 1.1)
@@ -203,7 +245,9 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
-  kitchen-terraform!
+  inspec (~> 2.2.35)!
+  kitchen-google (~> 1.5)!
+  kitchen-terraform (~> 4.0.0)!
 
 BUNDLED WITH
-   1.16.1
+   1.16.2
diff --git a/bin/kitchen.sh b/bin/kitchen.sh
@@ -1,11 +1,13 @@
 #!/usr/bin/env bash
 
 # Decrypt sensitive files
+#XXX even encrypted, this is risky IF PRs are allowed to kick off builds
 openssl aes-256-cbc -K $encrypted_cfdeb2eb7efd_key -iv $encrypted_cfdeb2eb7efd_iv -in ci.tar.gz.enc -out ci.tar.gz -d
 
 # Decompress sensitive files
 tar -zxf ci.tar.gz
 rm ci.tar.gz
+export GCLOUD_PROJECT=$(jq -r '.project_id' credentials.json)
 
 # Add binaries to bin directory
 mkdir -p vendor/bin
@@ -19,7 +21,7 @@ rm google-cloud-sdk-*-linux-x86_64.tar.gz
 
 # Authenticate using the credentials.json
 gcloud auth activate-service-account --key-file credentials.json
-gcloud config set project $(jq -r '.project_id' credentials.json)
+gcloud config set project ${GCLOUD_PROJECT}
 gcloud config set compute/zone us-west1-a
 
 yes | ssh-keygen -f ubuntu -N '' >/dev/null
@@ -31,4 +33,4 @@ KITCHEN_EXIT_CODE=$?
 # cleanup
 rm -Rf credentials.json .env ubuntu*
 
-exit $KITCHEN_EXIT_CODE
+exit $KITCHEN_EXIT_CODE
diff --git a/test/fixtures/tf_module/main.tf b/test/fixtures/tf_module/main.tf
@@ -1,3 +1,13 @@
+variable "gcloud_project" {
+  description = "The name of the GCP project to deploy against."
+}
+
 module "terraform-google-instance" {
-  source = "../../.."
+  source                  = "../../.."
+  ssh_public_key_filepath = "${path.module}/../../../ubuntu.pub"
+}
+
+output "gcloud_project" {
+  description = "The name of the GCP project to deploy against. We need this output to pass the value to tests."
+  value       = "${var.gcloud_project}"
 }
diff --git a/test/integration/kt_suite/controls/default.rb b/test/integration/kt_suite/controls/default.rb
@@ -1,7 +1,13 @@
+# frozen_string_literal: true
+
+gcloud_project = attribute('gcloud_project', description="The name of the project where resources are deployed. This should be passed to tk via environment vars.")
+
 control "instance" do
-  describe command('gcloud compute instances describe database') do
-    its('stdout') { should match (/name: database/) }
-    its('stdout') { should match (/- key: sshKeys/) }
-    its('stdout') { should match (/status: RUNNING/) }
+  describe google_compute_instance(project: "#{gcloud_project}",  zone: 'us-west1-a', name: 'database') do
+    its('tag_count'){should eq 2}
+    its('status') { should eq "RUNNING" }
+    its('machine_type') { should match "n1-standard-2" }
+    its('first_network_interface_name'){ should eq "external-nat" }
+    its('disk_count'){should eq 2}
   end
-end
+end
diff --git a/test/integration/kt_suite/inspec.yml b/test/integration/kt_suite/inspec.yml
@@ -1,2 +1,5 @@
 ---
-name: default
+name: default
+depends:
+  - name: inspec-gcp
+    url: https://github.com/inspec/inspec-gcp/archive/master.tar.gz
diff --git a/variables.tf b/variables.tf
@@ -1,6 +1,5 @@
 variable "ssh_public_key_filepath" {
   description = "Filepath for the ssh public key"
   type        = "string"
-
-  default = "ubuntu.pub"
+  default     = "ubuntu.pub"
 }
diff --git a/version b/version
@@ -1 +1 @@
-v0.1.0
+v0.2.0