Merge pull request #37 from myii/ci/add-verifier

chore: use `semantic-release` cross-formula standard structure

.gitignore

@@ -48,6 +48,7 @@ coverage.xml
 .kitchen
 .kitchen.local.yml
 kitchen.local.yml
+junit-*.xml
 
 # Translations
 *.mo
@@ -108,3 +109,14 @@ Gemfile.lock
 
 # copied `.md` files used for conversion to `.rst` using `m2r`
 docs/*.md
+
+# Vim
+*.sw?
+
+## Collected when centralising formulas (check and sort)
+# `collectd-formula`
+.pytest_cache/
+/.idea/
+Dockerfile.*_*
+ignore/
+tmp/

.travis.yml

@@ -1,3 +1,6 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
 stages:
   - test
   - commitlint
@@ -30,19 +33,15 @@ env:
     # - INSTANCE: ubuntu-1604-2018-3-py2
     # - INSTANCE: centos-7-2018-3-py2
     - INSTANCE: fedora-29-2018-3-py2
-    # TODO: Use this when fixed instead of `opensuse-leap-42`
-    # Ref: https://github.com/netmanagers/salt-image-builder/issues/2
-    # - INSTANCE: opensuse-leap-15-2018-3-py2
     - INSTANCE: opensuse-leap-42-2018-3-py2
     - INSTANCE: debian-8-2017-7-py2
     # - INSTANCE: ubuntu-1604-2017-7-py2
-    # TODO: Enable after improving the formula to work with other than `systemd`
     # - INSTANCE: centos-6-2017-7-py2
     # - INSTANCE: fedora-29-2017-7-py2
     # - INSTANCE: opensuse-leap-15-2017-7-py2
 
 script:
-  - bundle exec kitchen test ${INSTANCE}
+  - bin/kitchen test ${INSTANCE}
 
 jobs:
   include:

Gemfile

@@ -3,3 +3,4 @@ source "https://rubygems.org"
 gem 'kitchen-docker', '>= 2.9'
 gem 'kitchen-salt', '>= 0.6.0'
 gem 'kitchen-inspec', '>= 1.1'
+

bin/kitchen

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'kitchen' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require "pathname"
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile",
+  Pathname.new(__FILE__).realpath)
+
+bundle_binstub = File.expand_path("../bundle", __FILE__)
+
+if File.file?(bundle_binstub)
+  if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/
+    load(bundle_binstub)
+  else
+    abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
+Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
+  end
+end
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("test-kitchen", "kitchen")

docs/CONTRIBUTING.rst

@@ -156,3 +156,4 @@ An example of that:
    BREAKING CHANGE: With the removal of all of the `.sls` files under
    `template package`, this formula no longer supports the installation of
    packages.
+

kitchen.yml

@@ -52,7 +52,7 @@ platforms:
         - sh bootstrap-salt.sh -XdPbfrq -x python3 git develop
       run_command: /usr/lib/systemd/systemd
 
-  ## SALT 2019.2
+  ## SALT `2019.2`
   - name: debian-9-2019-2-py3
     driver:
       image: netmanagers/salt-2019.2-py3:debian-9
@@ -70,7 +70,7 @@ platforms:
       image: netmanagers/salt-2019.2-py3:opensuse-leap-15
       run_command: /usr/lib/systemd/systemd
 
-  ## SALT 2018.3
+  ## SALT `2018.3`
   - name: debian-9-2018-3-py2
     driver:
       image: netmanagers/salt-2018.3-py2:debian-9
@@ -83,25 +83,18 @@ platforms:
   - name: fedora-29-2018-3-py2
     driver:
       image: netmanagers/salt-2018.3-py2:fedora-29
-  # TODO: Use this when fixed instead of `opensuse-leap-42`
-  # Ref: https://github.com/netmanagers/salt-image-builder/issues/2
-  # - name: opensuse-leap-15-2018-3-py2
-  #   driver:
-  #     image: netmanagers/salt-2018.3-py2:opensuse-leap-15
-  #     run_command: /usr/lib/systemd/systemd
   - name: opensuse-leap-42-2018-3-py2
     driver:
       image: netmanagers/salt-2018.3-py2:opensuse-leap-42
       run_command: /usr/lib/systemd/systemd
 
-  ## SALT 2017.7
+  ## SALT `2017.7`
   - name: debian-8-2017-7-py2
     driver:
       image: netmanagers/salt-2017.7-py2:debian-8
   - name: ubuntu-1604-2017-7-py2
     driver:
       image: netmanagers/salt-2017.7-py2:ubuntu-16.04
-  # TODO: Modify the formula to work for non-`systemd` platforms
   - name: centos-6-2017-7-py2
     driver:
       image: netmanagers/salt-2017.7-py2:centos-6
@@ -146,6 +139,9 @@ suites:
               - vault
       pillars_from_files:
         vault.sls: test/salt/pillar/install_binary.sls
+    verifier:
+      inspec_tests:
+        - path: test/integration/install_binary
   - name: dev_server
     provisioner:
       state_top:
@@ -159,6 +155,9 @@ suites:
               - vault
       pillars_from_files:
         vault.sls: test/salt/pillar/dev_server.sls
+    verifier:
+      inspec_tests:
+        - path: test/integration/dev_server
   - name: prod_server
     provisioner:
       state_top:
@@ -172,3 +171,6 @@ suites:
               - vault
       pillars_from_files:
         vault.sls: test/salt/pillar/prod_server.sls
+    verifier:
+      inspec_tests:
+        - path: test/integration/prod_server

test/integration/dev_server/README.md

@@ -0,0 +1,50 @@
+# InSpec Profile: `dev_server`
+
+This shows the implementation of the `dev_server` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md).
+
+## Verify a profile
+
+InSpec ships with built-in features to verify a profile structure.
+
+```bash
+$ inspec check dev_server
+Summary
+-------
+Location: dev_server
+Profile: profile
+Controls: 4
+Timestamp: 2019-06-24T23:09:01+00:00
+Valid: true
+
+Errors
+------
+
+Warnings
+--------
+```
+
+## Execute a profile
+
+To run all **supported** controls on a local machine use `inspec exec /path/to/profile`.
+
+```bash
+$ inspec exec dev_server
+..
+
+Finished in 0.0025 seconds (files took 0.12449 seconds to load)
+8 examples, 0 failures
+```
+
+## Execute a specific control from a profile
+
+To run one control from the profile use `inspec exec /path/to/profile --controls name`.
+
+```bash
+$ inspec exec dev_server --controls package
+.
+
+Finished in 0.0025 seconds (files took 0.12449 seconds to load)
+1 examples, 0 failures
+```
+
+See an [example control here](https://github.com/inspec/inspec/blob/master/examples/profile/controls/example.rb).

test/integration/dev_server/inspec.yml

@@ -0,0 +1,14 @@
+name: dev_server
+title: vault formula
+maintainer: SaltStack Formulas
+license: Apache-2.0
+summary: Verify that the vault development server is setup and configured correctly
+supports:
+  - platform-name: debian
+  - platform-name: ubuntu
+  - platform-name: centos
+  - platform-name: fedora
+  - platform-name: opensuse
+  - platform-name: suse
+  - platform-name: freebsd
+  - platform-name: amazon

test/integration/install_binary/README.md

@@ -0,0 +1,50 @@
+# InSpec Profile: `install_binary`
+
+This shows the implementation of the `install_binary` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md).
+
+## Verify a profile
+
+InSpec ships with built-in features to verify a profile structure.
+
+```bash
+$ inspec check install_binary
+Summary
+-------
+Location: install_binary
+Profile: profile
+Controls: 4
+Timestamp: 2019-06-24T23:09:01+00:00
+Valid: true
+
+Errors
+------
+
+Warnings
+--------
+```
+
+## Execute a profile
+
+To run all **supported** controls on a local machine use `inspec exec /path/to/profile`.
+
+```bash
+$ inspec exec install_binary
+..
+
+Finished in 0.0025 seconds (files took 0.12449 seconds to load)
+8 examples, 0 failures
+```
+
+## Execute a specific control from a profile
+
+To run one control from the profile use `inspec exec /path/to/profile --controls name`.
+
+```bash
+$ inspec exec install_binary --controls package
+.
+
+Finished in 0.0025 seconds (files took 0.12449 seconds to load)
+1 examples, 0 failures
+```
+
+See an [example control here](https://github.com/inspec/inspec/blob/master/examples/profile/controls/example.rb).

test/integration/install_binary/inspec.yml

@@ -0,0 +1,14 @@
+name: install_binary
+title: vault formula
+maintainer: SaltStack Formulas
+license: Apache-2.0
+summary: Verify that the vault binary is installed correctly
+supports:
+  - platform-name: debian
+  - platform-name: ubuntu
+  - platform-name: centos
+  - platform-name: fedora
+  - platform-name: opensuse
+  - platform-name: suse
+  - platform-name: freebsd
+  - platform-name: amazon

test/integration/prod_server/README.md

@@ -0,0 +1,50 @@
+# InSpec Profile: `prod_server`
+
+This shows the implementation of the `prod_server` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md).
+
+## Verify a profile
+
+InSpec ships with built-in features to verify a profile structure.
+
+```bash
+$ inspec check prod_server
+Summary
+-------
+Location: prod_server
+Profile: profile
+Controls: 4
+Timestamp: 2019-06-24T23:09:01+00:00
+Valid: true
+
+Errors
+------
+
+Warnings
+--------
+```
+
+## Execute a profile
+
+To run all **supported** controls on a local machine use `inspec exec /path/to/profile`.
+
+```bash
+$ inspec exec prod_server
+..
+
+Finished in 0.0025 seconds (files took 0.12449 seconds to load)
+8 examples, 0 failures
+```
+
+## Execute a specific control from a profile
+
+To run one control from the profile use `inspec exec /path/to/profile --controls name`.
+
+```bash
+$ inspec exec prod_server --controls package
+.
+
+Finished in 0.0025 seconds (files took 0.12449 seconds to load)
+1 examples, 0 failures
+```
+
+See an [example control here](https://github.com/inspec/inspec/blob/master/examples/profile/controls/example.rb).

test/integration/prod_server/inspec.yml

@@ -0,0 +1,14 @@
+name: prod_server
+title: vault formula
+maintainer: SaltStack Formulas
+license: Apache-2.0
+summary: Verify that the vault production server is setup and configured correctly
+supports:
+  - platform-name: debian
+  - platform-name: ubuntu
+  - platform-name: centos
+  - platform-name: fedora
+  - platform-name: opensuse
+  - platform-name: suse
+  - platform-name: freebsd
+  - platform-name: amazon