feat(test/share): use share suite across all formulas

myii · Mar 14, 2021 · ac8ca71 · ac8ca71
1 parent a18b268
commit ac8ca71
Show file tree

Hide file tree

Showing 8 changed files with 128 additions and 264 deletions.
diff --git a/pillar.example b/pillar.example
@@ -184,9 +184,11 @@ ssf:
       - formula/libsaltcli.jinja
       - formula/libtofs.jinja
       - inspec/controls/_mapdata.rb
-      - inspec/libraries/system.rb
       - inspec/inspec.yml
       - inspec/README.md
+      - test/integration/share/inspec.yml
+      - test/integration/share/README.md
+      - test/integration/share/libraries/system.rb
       - .gitignore
       - .cirrus.yml
       - .gitlab-ci.yml

diff --git a/ssf/config/formulas.sls b/ssf/config/formulas.sls
@@ -84,12 +84,7 @@ prepare-git-branch-for-{{ formula }}:
 {%-           set dest_file = dest_file.replace('inspec/', '') %}
 {#-           Do not manage the file in the following situations: #}
 {#-           - If a matching test suite isn't found #}
-{#-           - Or if `libraries/system.rb` and is not the `share` suite #}
-{#-           - Or if `controls/_mapdata.rb` and is the `share` suite #}
-{%-           if (not matching_test_suite.found) or
-                 (dest_file == 'libraries/system.rb' and suite.name != 'share') or
-                 (dest_file == 'controls/_mapdata.rb' and suite.name == 'share')
-%}
+{%-           if not matching_test_suite.found %}
 {%-             set dest_file = '' %}
 {%-           else %}
 {%-             set dest_file = '{0}/{1}/{2}'.format(inspec_tests_path_prefix, suite.name, dest_file) %}

diff --git a/ssf/defaults.yaml b/ssf/defaults.yaml
@@ -62,8 +62,8 @@ ssf_node_anchors:
             #       An alternative method could be to use:
             #       `git describe --abbrev=0 --tags`
             # yamllint disable rule:line-length rule:quoted-strings
-            title: "ci(kitchen+ci): use latest pre-salted images (after CVE) [skip ci]"
-            body: '* Automated using https://github.com/myii/ssf-formula/pull/299'
+            title: "test(share): use '`'share'`' suite across all formulas [skip ci]"
+            body: '* Automated using https://github.com/myii/ssf-formula/pull/302'
             # yamllint enable rule:line-length rule:quoted-strings
           github:
             owner: 'saltstack-formulas'
@@ -97,7 +97,9 @@ ssf_node_anchors:
             excludes: []
             includes: []
             inspec_yml:
-              depends: []
+              depends:
+                - name: 'share'
+                  path: 'test/integration/share'
               summary: >-
                 Verify that the formula is setup and configured correctly
               supports:
@@ -642,15 +644,7 @@ ssf:
           0:
             <<: *isk_suite_default
             name: 'ubuntu'
-    dhcpd:
-      <<: *formula_default
-      context:
-        <<: *context_default
-        inspec_suites_kitchen:
-          <<: *isk_default
-          1:
-            <<: *isk_suite_default
-            name: 'share'
+    dhcpd: *formula_default
     django: *formula_default
     docker:
       <<: *formula_default
@@ -688,15 +682,7 @@ ssf:
     epel: *formula_default
     exim: *formula_default
     fail2ban: *formula_default
-    firewalld:
-      <<: *formula_default
-      context:
-        <<: *context_default
-        inspec_suites_kitchen:
-          <<: *isk_default
-          1:
-            <<: *isk_suite_default
-            name: 'share'
+    firewalld: *formula_default
     golang:
       <<: *formula_default
       context:
@@ -748,24 +734,21 @@ ssf:
             <<: *isk_suite_default
             name: 'adopt'
           1:
-            <<: *isk_suite_default
-            name: 'share'
-          2:
             <<: *isk_suite_default
             name: 'amazon'
-          3:
+          2:
             <<: *isk_suite_default
             name: 'graalvm'
-          4:
+          3:
             <<: *isk_suite_default
             name: 'haikuvm'
-          5:
+          4:
             <<: *isk_suite_default
             name: 'intellij'
-          6:
+          5:
             <<: *isk_suite_default
             name: 'oracle'
-          7:
+          6:
             <<: *isk_suite_default
             name: 'zulu'
     jetbrains-appcode: *formula_default
@@ -874,9 +857,6 @@ ssf:
         inspec_suites_kitchen:
           <<: *isk_default
           1:
-            <<: *isk_suite_default
-            name: 'share'
-          2:
             <<: *isk_suite_default
             name: 'clean'
     locale:
@@ -908,12 +888,9 @@ ssf:
         inspec_suites_kitchen:
           <<: *isk_default
           1:
-            <<: *isk_suite_default
-            name: 'share'
-          2:
             <<: *isk_suite_default
             name: 'repo'
-          3:
+          2:
             <<: *isk_suite_default
             name: ''
     maven:
@@ -959,67 +936,40 @@ ssf:
             <<: *isk_suite_default
             name: ''
     openldap: *formula_default
-    openntpd:
-      <<: *formula_default
-      context:
-        <<: *context_default
-        inspec_suites_kitchen:
-          <<: *isk_default
-          1:
-            <<: *isk_suite_default
-            name: 'share'
-    openssh:
-      <<: *formula_default
-      context:
-        <<: *context_default
-        inspec_suites_kitchen:
-          <<: *isk_default
-          1:
-            <<: *isk_suite_default
-            name: 'share'
-    openvpn:
-      <<: *formula_default
-      context:
-        <<: *context_default
-        inspec_suites_kitchen:
-          <<: *isk_default
-          1:
-            <<: *isk_suite_default
-            name: 'share'
+    openntpd: *formula_default
+    openssh: *formula_default
+    openvpn: *formula_default
     packages:
       <<: *formula_default
       context:
         <<: *context_default
         inspec_suites_kitchen:
           <<: *isk_default
           1:
-            <<: *isk_suite_default
-            name: 'share'
-          2:
             <<: *isk_suite_default
             name: 'debian'
-          3:
+          2:
             <<: *isk_suite_default
             name: 'ubuntu'
-          4:
+          3:
             <<: *isk_suite_default
             name: 'fedora'
-          5:
+          4:
             <<: *isk_suite_default
             name: 'redhat8'
-          6:
+          5:
             <<: *isk_suite_default
             name: 'centos'
-          7:
+          6:
             <<: *isk_suite_default
             name: 'amazon'
-          8:
+          7:
             <<: *isk_suite_default
             name: 'suse'
-          9:
+          8:
             <<: *isk_suite_default
             name: 'arch'
-          10:
+          9:
             <<: *isk_suite_default
             name: 'gentoo'
     php:
@@ -1029,31 +979,20 @@ ssf:
         inspec_suites_kitchen:
           <<: *isk_default
           1:
-            <<: *isk_suite_default
-            name: 'share'
-          2:
             <<: *isk_suite_default
             name: 'debian'
-          3:
+          2:
             <<: *isk_suite_default
             name: 'ubuntu'
-          4:
+          3:
             <<: *isk_suite_default
             name: 'redhat'
-          5:
+          4:
             <<: *isk_suite_default
             name: 'suse'
     postfix: *formula_default
     postgres: *formula_default
-    powerdns:
-      <<: *formula_default
-      context:
-        <<: *context_default
-        inspec_suites_kitchen:
-          <<: *isk_default
-          1:
-            <<: *isk_suite_default
-            name: 'share'
+    powerdns: *formula_default
     proftpd:
       <<: *formula_default
       context:
@@ -1094,9 +1033,6 @@ ssf:
         inspec_suites_kitchen:
           <<: *isk_default
           1:
-            <<: *isk_suite_default
-            name: 'share'
-          2:
             <<: *isk_suite_default
             name: 'latest'
     redis: *formula_default
@@ -1115,15 +1051,7 @@ ssf:
           3:
             <<: *isk_suite_default
             name: 'suse'
-    rng-tools:
-      <<: *formula_default
-      context:
-        <<: *context_default
-        inspec_suites_kitchen:
-          <<: *isk_default
-          1:
-            <<: *isk_suite_default
-            name: 'share'
+    rng-tools: *formula_default
     rspamd: *formula_default
     salt:
       <<: *formula_default
@@ -1132,34 +1060,23 @@ ssf:
         inspec_suites_kitchen:
           <<: *isk_default
           0:
-            <<: *isk_suite_default
-            name: 'share'
-          1:
             <<: *isk_suite_default
             name: 'v3002-py3'
-          2:
+          1:
             <<: *isk_suite_default
             name: 'v3001-py3'
-          3:
+          2:
             <<: *isk_suite_default
             name: 'v3000-py3'
-          4:
+          3:
             <<: *isk_suite_default
             name: 'v3000-py2'
     sqldeveloper: *formula_default
     sqlplus: *formula_default
     ssf: *formula_default
     strongswan: *formula_default
     stunnel: *formula_default
-    sudoers:
-      <<: *formula_default
-      context:
-        <<: *context_default
-        inspec_suites_kitchen:
-          <<: *isk_default
-          1:
-            <<: *isk_suite_default
-            name: 'share'
+    sudoers: *formula_default
     suricata: *formula_default
     sysctl: *formula_default
     syslog-ng: *formula_default
@@ -1173,21 +1090,10 @@ ssf:
         inspec_suites_kitchen:
           <<: *isk_default
           1:
-            <<: *isk_suite_default
-            name: 'share'
-          2:
             <<: *isk_suite_default
             name: 'gentoo'
     timezone: *formula_default
-    tomcat:
-      <<: *formula_default
-      context:
-        <<: *context_default
-        inspec_suites_kitchen:
-          <<: *isk_default
-          1:
-            <<: *isk_suite_default
-            name: 'share'
+    tomcat: *formula_default
     ufw:
       <<: *formula_default
       context:

diff --git a/ssf/files/default/inspec/README.md b/ssf/files/default/inspec/README.md
@@ -1,27 +1,6 @@
 # InSpec Profile: `{{ suite.name }}`
 
 This shows the implementation of the `{{ suite.name }}` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md).
-{%- if suite.name == 'share' %}
-
-Its goal is to share the libraries between all profiles.
-
-## Libraries
-
-### `system`
-
-The `system` library provides easy access to system dependent information:
-
-- `system.platform`: based on `inspec.platform`, modify to values that are more consistent from a SaltStack perspective
-  - `system.platform[:family]` provide a family name for Arch and Gentoo
-  - `system.platform[:name]` append `linux` to both `amazon` and `oracle`; ensure Windows platforms are resolved as simply `windows`
-  - `system.platform[:release]` tweak Arch, Amazon Linux, Gentoo, openSUSE and Windows:
-    - `Arch` is always `base-latest`
-    - `Amazon Linux` release `2018` is resolved as `1`
-    - `Gentoo` release is trimmed to its major version number and then the init system is appended (i.e. `sysv` or `sysd`)
-    - `openSUSE` is resolved as `tumbleweed` if the `platform[:release]` is in date format
-    - `Windows` uses the widely-used release number (e.g. `8.1` or `2019-server`) in place of the actual system release version
-  - `system.platform[:finger]` is the concatenation of the name and the major release number (except for Ubuntu, which gives `ubuntu-20.04` for example)
-{%- else %}
 
 ## Verify a profile
 
@@ -69,4 +48,3 @@ Finished in 0.0025 seconds (files took 0.12449 seconds to load)
 ```
 
 See an [example control here](https://github.com/inspec/inspec/blob/master/examples/profile/controls/example.rb).
-{%- endif %}
diff --git a/ssf/files/default/test/integration/share/README.md b/ssf/files/default/test/integration/share/README.md
@@ -0,0 +1,22 @@
+# InSpec Profile: `share`
+
+This shows the implementation of the `share` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md).
+
+Its goal is to share the libraries between all profiles.
+
+## Libraries
+
+### `system`
+
+The `system` library provides easy access to system dependent information:
+
+- `system.platform`: based on `inspec.platform`, modify to values that are more consistent from a SaltStack perspective
+  - `system.platform[:family]` provide a family name for Arch and Gentoo
+  - `system.platform[:name]` append `linux` to both `amazon` and `oracle`; ensure Windows platforms are resolved as simply `windows`
+  - `system.platform[:release]` tweak Arch, Amazon Linux, Gentoo, openSUSE and Windows:
+    - `Arch` is always `base-latest`
+    - `Amazon Linux` release `2018` is resolved as `1`
+    - `Gentoo` release is trimmed to its major version number and then the init system is appended (i.e. `sysv` or `sysd`)
+    - `openSUSE` is resolved as `tumbleweed` if the `platform[:release]` is in date format
+    - `Windows` uses the widely-used release number (e.g. `8.1` or `2019-server`) in place of the actual system release version
+  - `system.platform[:finger]` is the concatenation of the name and the major release number (except for Ubuntu, which gives `ubuntu-20.04` for example)