Merge pull request #50 from daks/kitchen-tests

feat: implementing kitchen tests and activate them on travis

.gitignore

@@ -0,0 +1,113 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+env/
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# PyInstaller
+#  Usually these files are written by a python script from a packager
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+.hypothesis/
+.kitchen
+.kitchen.local.yml
+kitchen.local.yml
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# pyenv
+.python-version
+
+# celery beat schedule file
+celerybeat-schedule
+
+# SageMath parsed files
+*.sage.py
+
+# dotenv
+.env
+
+# virtualenv
+.venv
+venv/
+ENV/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+
+# Bundler
+Gemfile.lock
+
+# copied `.md` files used for conversion to `.rst` using `m2r`
+docs/*.md
+
+# Vim
+*.sw?

.travis.yml

@@ -0,0 +1,48 @@
+stages:
+  - test
+
+#sudo: required
+cache: bundler
+language: ruby
+
+services:
+  - docker
+
+# Make sure the instances listed below match up with
+# the `platforms` defined in `kitchen.yml`
+# NOTE: Please try to select up to six instances that add some meaningful
+#       testing of the formula's behaviour. If possible, try to refrain from
+#       the classical "chosing all the instances because I want to test on
+#       another/all distro/s" trap: it will just add time to the testing (see
+#       the discussion on #121).  As an example, the set chosen below covers
+#       the most used distros families, systemd and non-systemd and the latest
+#       three supported Saltstack versions with python2 and 3."
+#       As for `kitchen.yml`, that should still contain all of the platforms,
+#       to allow for comprehensive local testing
+#       Ref: https://github.com/saltstack-formulas/template-formula/issues/118
+#       Ref: https://github.com/saltstack-formulas/template-formula/issues/121
+env:
+  matrix:
+    - INSTANCE: default-debian-9-2019-2-py3
+    # - INSTANCE: default-ubuntu-1804-2019-2-py3
+    - INSTANCE: default-centos-7-2019-2-py3
+    # - INSTANCE: default-fedora-29-2019-2-py3
+    - INSTANCE: default-opensuse-leap-15-2019-2-py3
+    # - INSTANCE: default-debian-9-2018-3-py2
+    - INSTANCE: default-ubuntu-1604-2018-3-py2
+    # - INSTANCE: default-centos-7-2018-3-py2
+    - INSTANCE: default-fedora-29-2018-3-py2
+    # TODO: Use this when fixed instead of `opensuse-leap-42`
+    # Ref: https://github.com/netmanagers/salt-image-builder/issues/2
+    # - INSTANCE: default-opensuse-leap-15-2018-3-py2
+    # - INSTANCE: default-opensuse-leap-42-2018-3-py2
+    # - INSTANCE: default-debian-8-2017-7-py2
+    # - INSTANCE: default-ubuntu-1604-2017-7-py2
+    # TODO: Enable after improving the formula to work with other than `systemd`
+    - INSTANCE: default-centos-6-2017-7-py2
+    # - INSTANCE: default-fedora-28-2017-7-py2
+    # - INSTANCE: default-opensuse-leap-42-2017-7-py2
+
+script:
+  - bundle exec kitchen verify ${INSTANCE}
+

Gemfile

@@ -0,0 +1,6 @@
+source "https://rubygems.org"
+
+gem 'kitchen-docker', '>= 2.9'
+gem 'kitchen-salt', '>= 0.6.0'
+gem 'kitchen-inspec', '>= 1.1'
+

kitchen.yml

@@ -0,0 +1,110 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+# For help on this file's format, see https://kitchen.ci/
+driver:
+  name: docker
+  use_sudo: false
+  privileged: true
+  run_command: /lib/systemd/systemd
+
+# Make sure the platforms listed below match up with
+# the `env.matrix` instances defined in `.travis.yml`
+platforms:
+  ## SALT 2019.2
+  - name: debian-9-2019-2-py3
+    driver:
+      image: netmanagers/salt-2019.2-py3:debian-9
+  - name: ubuntu-1804-2019-2-py3
+    driver:
+      image: netmanagers/salt-2019.2-py3:ubuntu-18.04
+  - name: centos-7-2019-2-py3
+    driver:
+      image: netmanagers/salt-2019.2-py3:centos-7
+  - name: fedora-29-2019-2-py3
+    driver:
+      image: netmanagers/salt-2019.2-py3:fedora-29
+  - name: opensuse-leap-15-2019-2-py3
+    driver:
+      image: netmanagers/salt-2019.2-py3:opensuse-leap-15
+      run_command: /usr/lib/systemd/systemd
+
+  ## SALT 2018.3
+  - name: debian-9-2018-3-py2
+    driver:
+      image: netmanagers/salt-2018.3-py2:debian-9
+  - name: ubuntu-1604-2018-3-py2
+    driver:
+      image: netmanagers/salt-2018.3-py2:ubuntu-16.04
+  - name: centos-7-2018-3-py2
+    driver:
+      image: netmanagers/salt-2018.3-py2:centos-7
+  - name: fedora-29-2018-3-py2
+    driver:
+      image: netmanagers/salt-2018.3-py2:fedora-29
+  # TODO: Use this when fixed instead of `opensuse-leap-42`
+  # Ref: https://github.com/netmanagers/salt-image-builder/issues/2
+  # - name: opensuse-leap-15-2018-3-py2
+  #   driver:
+  #     image: netmanagers/salt-2018.3-py2:opensuse-leap-15
+  #     run_command: /usr/lib/systemd/systemd
+  - name: opensuse-leap-42-2018-3-py2
+    driver:
+      image: netmanagers/salt-2018.3-py2:opensuse-leap-42
+      run_command: /usr/lib/systemd/systemd
+
+  ## SALT 2017.7
+  - name: debian-8-2017-7-py2
+    driver:
+      image: netmanagers/salt-2017.7-py2:debian-8
+  - name: ubuntu-1604-2017-7-py2
+    driver:
+      image: netmanagers/salt-2017.7-py2:ubuntu-16.04
+  # TODO: Modify the formula to work for non-`systemd` platforms
+  - name: centos-6-2017-7-py2
+    driver:
+      image: netmanagers/salt-2017.7-py2:centos-6
+      run_command: /sbin/init
+  - name: fedora-28-2017-7-py2
+    driver:
+      image: netmanagers/salt-2017.7-py2:fedora-28
+  - name: opensuse-leap-42-2017-7-py2
+    driver:
+      image: netmanagers/salt-2017.7-py2:opensuse-leap-42
+      run_command: /usr/lib/systemd/systemd
+
+provisioner:
+  name: salt_solo
+  log_level: info
+  salt_install: none
+  require_chef: false
+  formula: sudoers
+  salt_copy_filter:
+    - .kitchen
+    - .git
+  state_top:
+    base:
+      '*':
+        - sudoers
+  pillars:
+    top.sls:
+      base:
+        '*':
+          - kitchen
+          - sudoers
+  pillars_from_files:
+    kitchen.sls: test/salt/pillar/kitchen.sls
+    sudoers.sls: test/salt/pillar/default.sls
+
+verifier:
+  # https://www.inspec.io/
+  name: inspec
+  sudo: true
+  # cli, documentation, html, progress, json, json-min, json-rspec, junit
+  reporter:
+    - cli
+  inspec_tests:
+    - path: test/integration/default
+
+suites:
+  - name: default

test/integration/default/controls/package.rb

@@ -0,0 +1,8 @@
+
+control 'Sudo package' do
+  title 'should be installed'
+
+  describe package('sudo') do
+    it { should be_installed }
+  end
+end

test/integration/default/inspec.yml

@@ -0,0 +1,12 @@
+name: sudoers
+title: Sudoers Formula
+maintainer: Saltstack-formulas
+license: Apache-2.0
+summary: Verify that the sudoers formula is setup and configured correctly
+supports:
+  - os-name: debian
+  - os-name: ubuntu
+  - os-name: centos
+  - os-name: fedora
+  - os-name: opensuse
+  - os-name: suse

test/salt/pillar/default.sls

@@ -0,0 +1,60 @@
+sudoers:
+  # By default the main sudoers file is managed by this formula (False to skip)
+  manage_main_config: True
+  users:
+    johndoe:
+      - 'ALL=(ALL) ALL'
+      - 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
+  groups:
+    sudo:
+      - 'ALL=(ALL) ALL'
+      - 'ALL=(nodejs) NOPASSWD: ALL'
+  netgroups:
+    sysadmins:
+      - 'ALL=(ALL) ALL'
+  defaults:
+    generic:
+      - env_reset
+      - mail_badpass
+      - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+    user_list:
+      johndoe: '!requiretty'
+      ADMINS: '!lecture'
+    host_list:
+      www1: 'log_year, logfile=/var/log/sudo.log'
+    command_list:
+      PROCESSES: 'noexec'
+    runas_list:
+      root: '!set_logname'
+  aliases:
+    hosts:
+      WEBSERVERS:
+        - www1
+        - www2
+        - www3
+    users:
+      ADMINS:
+        - millert
+        - dowdy
+        - mikef
+    commands:
+      PROCESSES:
+        - /usr/bin/nice
+        - /bin/kill
+        - /usr/bin/renice
+        - /usr/bin/pkill
+        - /usr/bin/top
+  includedir: /etc/sudoers.d
+  included_files:
+    /etc/sudoers.d/extra-file:
+      users:
+        foo:
+          - 'ALL=(ALL) ALL'
+    extra-file-2:
+      groups:
+        bargroup:
+          - 'ALL=(ALL) NOPASSWD: ALL'
+    extra-file-3:
+      netgroups:
+        other_netgroup:
+          - 'ALL=(ALL) ALL'

test/salt/pillar/kitchen.sls

@@ -0,0 +1,7 @@
+# Pillar needed to run Inspec inside Docker image using sudo to authenticate
+# Must be added to pillar of all test suites
+sudoers:
+  users:
+    kitchen:
+      - 'ALL=(root) NOPASSWD: ALL'
+