v4.7.0: profile_locations in systems (#332)

* Add profile_locations to systems * Use alternative profile_location in backend-ssh * Log queued error messages * Update Changelog * Update version to 4.7.0 * Fix workspace tests * Update release date * Fix Changelog entry spacing * Clarify profile_locations correspondence
newcontext-oss · Apr 13, 2019 · 673d373 · 673d373
1 parent 0a36bad
commit 673d373
Show file tree

Hide file tree

Showing 24 changed files with 145 additions and 100 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,20 @@ adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased][unreleased]
 
+## [4.7.0] - 2019-04-13
+
+### Added
+
+- The verifier systems gained a `profile_locations` attribute which
+  enables overriding the default InSpec profile location of
+  `test/integration/<KITCHEN SUITE NAME>`; refer to the updated
+  [Terraform Verifier documentation][terraform-verifier] for more
+  details.
+
+### Changed
+
+- Errors are logged when they are queued while `fail_fast` is disabled.
+
 ## [4.6.0] - 2019-04-11
 
 ### Added
@@ -626,7 +640,8 @@ Gandalf the Free-As-In-Beer
 
 - Initial release
 
-[unreleased]: https://github.com/newcontext/kitchen-terraform/compare/v4.6.0...HEAD
+[unreleased]: https://github.com/newcontext/kitchen-terraform/compare/v4.7.0...HEAD
+[4.7.0]: https://github.com/newcontext/kitchen-terraform/compare/v4.6.0...v4.7.0
 [4.6.0]: https://github.com/newcontext/kitchen-terraform/compare/v4.5.0...v4.6.0
 [4.5.0]: https://github.com/newcontext/kitchen-terraform/compare/v4.4.0...v4.5.0
 [4.4.0]: https://github.com/newcontext/kitchen-terraform/compare/v4.3.0...v4.4.0

diff --git a/kitchen.yml b/kitchen.yml
@@ -53,7 +53,7 @@ suites:
       root_module_directory: test/terraform/backend-ssh
     verifier:
       systems:
-        - name: bastion, hosts, key files
+        - name: bastion, hosts, key files, profile locations
           backend: ssh
           bastion_host: localhost
           bastion_port: 2223
@@ -63,6 +63,8 @@ suites:
           key_files:
             - test/terraform/backend-ssh/id_ed25519
           port: 22
+          profile_locations:
+            - https://github.com/brentm5/chef-compliance-profile-test.git
           user: root
         - name: hosts output, password, proxy command, shell
           backend: ssh
@@ -110,8 +112,6 @@ suites:
       systems:
         - name: one
           backend: local
-          controls:
-            - workspace one
   - name: workspace-two
     driver:
       root_module_directory: test/terraform/workspace
@@ -121,5 +121,3 @@ suites:
       systems:
         - name: two
           backend: local
-          controls:
-            - workspace two
diff --git a/lib/kitchen/terraform/config_schemas/system.rb b/lib/kitchen/terraform/config_schemas/system.rb
@@ -24,14 +24,15 @@ module ConfigSchemas
       # against a system in the Terraform state.
       #
       # All systems within the same {https://kitchen.ci/docs/getting-started/adding-suite Kitchen suite} are tested
-      # using the same {https://www.inspec.io/docs/reference/profiles/ InSpec profile}. The profile must be implemented
-      # in the directory located at `<Kitchen root>/test/integration/<suite name>`.
+      # using the same {https://www.inspec.io/docs/reference/profiles/ InSpec profile} by default. The profile must be
+      # implemented in the directory located at `<Kitchen root>/test/integration/<suite name>`. This behaviour can be
+      # overridden with the <code>profile_locations</code> key.
       #
       # The values of all {https://www.terraform.io/docs/configuration/outputs.html Terraform outputs} are associated
       # with equivalently named
       # {https://www.inspec.io/docs/reference/profiles/#profile-attributes InSpec profile attributes}.
       #
-      # The keys of a system mapping correlate to the options of the
+      # The keys of a system mapping correlate to the arguments and the options of the
       # {https://www.inspec.io/docs/reference/cli/#exec +inspec exec+} command-line interface subcomamand.
       #
       # ===== Required Keys
@@ -66,7 +67,7 @@ module ConfigSchemas
       # ===== Optional Keys
       #
       # The following keys may be included by any system to alter the behaviour of InSpec. Any key which is omitted
-      # will be associated with a default value as defined by InSpec.
+      # will be associated with a default value as defined by InSpec except where otherwise noted.
       #
       # ====== attrs
       #
@@ -297,6 +298,27 @@ module ConfigSchemas
       #         backend: ssh
       #         port: 1234
       #
+      # ====== profile_locations
+      #
+      # The value of the <code>profile_locations</code> key is a sequence of scalars which is used to locate
+      # {https://www.inspec.io/docs/reference/profiles/ InSpec profiles} containing the controls to be executed against
+      # the system. This key corresponds to the LOCATIONS argument of <code>inspec exec</code>.
+      #
+      # The default value contains a single scalar which assumes that a profile exists locally for the associated
+      # {https://kitchen.ci/docs/getting-started/adding-suite Kitchen suite} at
+      # <code><KITCHEN ROOT>/test/integration/<KITCHEN SUITE NAME></code>.
+      #
+      # <em>Example kitchen.yml</em>
+      #   verifier:
+      #     name: terraform
+      #     systems:
+      #       - name: a system
+      #         backend: local
+      #         profile_locations:
+      #           - supermarket://username/linux-baseline
+      #           - /path/to/profile
+      #           - /path/to/a_test.rb
+      #
       # ====== proxy_command
       #
       # The value of the +proxy_command+ key is a scalar which is used as a proxy command when connecting to a host via
@@ -535,6 +557,7 @@ module ConfigSchemas
         optional(:password).filled :str?
         optional(:path).filled :str?
         optional(:port).value :int?
+        optional(:profile_locations).each :filled?, :str?
         optional(:proxy_command).filled :str?
         optional(:reporter).each(:filled?, :str?)
         optional(:self_signed).value :bool?

diff --git a/lib/kitchen/terraform/inspec.rb b/lib/kitchen/terraform/inspec.rb
@@ -66,9 +66,11 @@ def info(message:)
 
       private
 
-      def initialize(options:, profile_path:)
+      def initialize(options:, profile_locations:)
         @runner = ::Inspec::Runner.new options.merge logger: ::Inspec::Log.logger
-        @runner.add_target path: profile_path
+        profile_locations.each do |profile_location|
+          @runner.add_target profile_location
+        end
       end
     end
   end

diff --git a/lib/kitchen/terraform/inspec_with_hosts.rb b/lib/kitchen/terraform/inspec_with_hosts.rb
@@ -29,20 +29,21 @@ class InSpecWithHosts
       def exec(system:)
         system.each_host do |host:|
           ::Kitchen::Terraform::InSpec
-            .new(options: options.merge(host: host), profile_path: profile_path)
-            .info(message: "Verifying host #{host} of #{system}").exec
+            .new(options: options.merge(host: host), profile_locations: profile_locations)
+            .info(message: "#{system}: Verifying host #{host}").exec
         end
       end
 
       private
 
-      attr_accessor :options, :profile_path
+      attr_accessor :options, :profile_locations
 
       # @param options [::Hash] options for execution.
-      # @param profile_path [::String] the path to the InSpec profile which contains the controls to be executed.
-      def initialize(options:, profile_path:)
+      # @param profile_locations [::Array<::String>] the locations of the InSpec profiles which contain the controls to
+      #   be executed.
+      def initialize(options:, profile_locations:)
         self.options = options
-        self.profile_path = profile_path
+        self.profile_locations = profile_locations
       end
     end
   end

diff --git a/lib/kitchen/terraform/inspec_without_hosts.rb b/lib/kitchen/terraform/inspec_without_hosts.rb
@@ -26,18 +26,19 @@ class InSpecWithoutHosts
       # @return [void]
       def exec(system:)
         ::Kitchen::Terraform::InSpec
-          .new(options: options, profile_path: profile_path).info(message: "Verifying #{system}").exec
+          .new(options: options, profile_locations: profile_locations).info(message: "#{system}: Verifying").exec
       end
 
       private
 
-      attr_accessor :options, :profile_path
+      attr_accessor :options, :profile_locations
 
       # @param options [::Hash] options for execution.
-      # @param profile_path [::String] the path to the InSpec profile which contains the controls to be executed.
-      def initialize(options:, profile_path:)
+      # @param profile_locations [::Array<::String>] the locations of the InSpec profiles which contain the controls to
+      #   be executed.
+      def initialize(options:, profile_locations:)
         self.options = options
-        self.profile_path = profile_path
+        self.profile_locations = profile_locations
       end
     end
   end

diff --git a/lib/kitchen/terraform/system.rb b/lib/kitchen/terraform/system.rb
@@ -66,11 +66,10 @@ def to_s
       # #verify verifies the system by executing InSpec.
       #
       # @param inspec_options [::Hash] the options to be passed to InSpec.
-      # @param inspec_profile_path [::String] the path to the profile which InSpec will execute.
       # @return [self]
-      def verify(inspec_options:, inspec_profile_path:, outputs:)
+      def verify(inspec_options:, outputs:)
         resolve outputs: outputs
-        execute_inspec options: inspec_options, profile_path: inspec_profile_path
+        execute_inspec options: inspec_options
 
         self
       rescue => error
@@ -79,10 +78,11 @@ def verify(inspec_options:, inspec_profile_path:, outputs:)
 
       private
 
-      def execute_inspec(options:, profile_path:)
-        inspec.new(options: options_with_attributes(options: options), profile_path: profile_path).exec(
-          system: self
-        )
+      def execute_inspec(options:)
+        inspec.new(
+          options: options_with_attributes(options: options),
+          profile_locations: @mapping.fetch(:profile_locations)
+        ).exec(system: self)
       end
 
       def initialize(mapping:)

diff --git a/lib/kitchen/terraform/version.rb b/lib/kitchen/terraform/version.rb
@@ -72,7 +72,7 @@ def temporarily_override(version:)
 
     # @api private
     def value
-      self.value = ::Gem::Version.new "4.6.0" if not @value
+      self.value = ::Gem::Version.new "4.7.0" if not @value
       @value
     end
 

diff --git a/lib/kitchen/verifier/terraform.rb b/lib/kitchen/verifier/terraform.rb
@@ -122,6 +122,7 @@ def handle_error(message:)
         if config_fail_fast
           raise ::Kitchen::Terraform::Error, message
         else
+          logger.error message
           @error_messages.push message
         end
       end
@@ -139,9 +140,6 @@ def initialize(configuration = {})
         @outputs = {}
       end
 
-      def inspec_profile_path
-        @inspec_profile_path ||= ::File.join config.fetch(:test_base_path), instance.suite.name
-      end
 
       # load_needed_dependencies! loads the InSpec libraries required to verify a Terraform state.
       #
@@ -160,11 +158,9 @@ def system_inspec_options(system:)
       end
 
       def verify(system:)
-        ::Kitchen::Terraform::System.new(mapping: system).verify(
-          inspec_options: system_inspec_options(system: system),
-          inspec_profile_path: inspec_profile_path,
-          outputs: @outputs
-        )
+        ::Kitchen::Terraform::System.new(
+          mapping: {profile_locations: [::File.join(config.fetch(:test_base_path), instance.suite.name)]}.merge(system)
+        ).verify(inspec_options: system_inspec_options(system: system), outputs: @outputs)
       rescue => error
         handle_error message: error.message
       end

diff --git a/ruby-2.3/Gemfile.lock b/ruby-2.3/Gemfile.lock
@@ -14,7 +14,7 @@ GIT
 PATH
   remote: ..
   specs:
-    kitchen-terraform (4.6.0)
+    kitchen-terraform (4.7.0)
       dry-types (~> 0.14.0)
       dry-validation (= 0.13.0)
       inspec (~> 3.0)

diff --git a/ruby-2.4/Gemfile.lock b/ruby-2.4/Gemfile.lock
@@ -14,7 +14,7 @@ GIT
 PATH
   remote: ..
   specs:
-    kitchen-terraform (4.6.0)
+    kitchen-terraform (4.7.0)
       dry-types (~> 0.14.0)
       dry-validation (= 0.13.0)
       inspec (~> 3.0)

diff --git a/ruby-2.5/Gemfile.lock b/ruby-2.5/Gemfile.lock
@@ -14,7 +14,7 @@ GIT
 PATH
   remote: ..
   specs:
-    kitchen-terraform (4.6.0)
+    kitchen-terraform (4.7.0)
       dry-types (~> 0.14.0)
       dry-validation (= 0.13.0)
       inspec (~> 3.0)

diff --git a/ruby-2.6/Gemfile.lock b/ruby-2.6/Gemfile.lock
@@ -14,7 +14,7 @@ GIT
 PATH
   remote: ..
   specs:
-    kitchen-terraform (4.6.0)
+    kitchen-terraform (4.7.0)
       dry-types (~> 0.14.0)
       dry-validation (= 0.13.0)
       inspec (~> 3.0)

diff --git a/spec/lib/kitchen/terraform/config_schemas/system_spec.rb b/spec/lib/kitchen/terraform/config_schemas/system_spec.rb
@@ -190,6 +190,14 @@
       it_behaves_like "an optional array of strings"
     end
 
+    describe ":profile_locations" do
+      let :attribute do
+        :profile_locations
+      end
+
+      it_behaves_like "an optional array of strings"
+    end
+
     describe ":password" do
       let :attribute do
         :password

diff --git a/spec/lib/kitchen/terraform/version_spec.rb b/spec/lib/kitchen/terraform/version_spec.rb
@@ -24,7 +24,7 @@
   end
 
   let :version do
-    ::Gem::Version.new "4.6.0"
+    ::Gem::Version.new "4.7.0"
   end
 
   describe ".assign_plugin_version" do

diff --git a/spec/lib/kitchen/verifier/terraform_spec.rb b/spec/lib/kitchen/verifier/terraform_spec.rb
@@ -64,6 +64,7 @@
         {
           name: "a-system-without-hosts",
           backend: "backend",
+          profile_locations: ["remote://profile"]
         },
       ],
       test_base_path: "/test/base/path",
@@ -166,30 +167,13 @@
       end
     end
 
-    shared_context "Inspec::Profile" do
-      let :profile do
-        instance_double ::Inspec::Profile
-      end
-
-      before do
-        allow(profile).to receive(:name).and_return "profile-name"
-      end
-    end
-
-    shared_context "Inspec::Runner instance" do
-      include_context "Inspec::Profile"
-
+    context "when the Terraform outputs do include the configured :hosts_output key" do
       let :runner do
-        instance_double ::Inspec::Runner
-      end
-
-      before do
-        allow(runner).to receive(:add_target).with(path: "/test/base/path/test-suite").and_return([profile])
+        instance_double(::Inspec::Runner).tap do |runner|
+          allow(runner).to receive(:add_target).with "/test/base/path/test-suite"
+          allow(runner).to receive(:add_target).with "remote://profile"
+        end
       end
-    end
-
-    shared_context "Inspec::Runner" do
-      include_context "Inspec::Runner instance"
 
       let :runner_options_with_hosts do
         {
@@ -240,13 +224,6 @@
       before do
         allow(::Inspec::Runner).to receive(:new).with(runner_options_with_hosts).and_return(runner)
         allow(::Inspec::Runner).to receive(:new).with(runner_options_without_hosts).and_return(runner)
-      end
-    end
-
-    context "when the Terraform outputs do include the configured :hosts_output key" do
-      include_context "Inspec::Runner"
-
-      before do
         allow(driver).to receive(:retrieve_outputs).and_yield(
           outputs: { "output_name" => { "value" => "output_value" }, "hosts" => { "value" => "host" } },
         )

diff --git a/spec/support/kitchen/terraform/configurable_examples.rb b/spec/support/kitchen/terraform/configurable_examples.rb
@@ -34,7 +34,7 @@
     end
 
     it "equals the gem version" do
-      expect(subject.instance_variable_get(:@plugin_version)).to eq "4.6.0"
+      expect(subject.instance_variable_get(:@plugin_version)).to eq "4.7.0"
     end
   end
-Original file line number
+Diff line change
@@ Expand Up / @@ -34,7 +34,7 @@ @@
         end
         it "equals the gem version" do
-          expect(subject.instance_variable_get(:@plugin_version)).to eq "4.6.0"
+          expect(subject.instance_variable_get(:@plugin_version)).to eq "4.7.0"
         end
       end
@@ Expand Down @@