feat(ng): improve ng.clean state and ci

saltstack-formulas · Aug 25, 2021 · 7517599 · 7517599
1 parent 4a9579f
commit 7517599
Show file tree

Hide file tree

Showing 14 changed files with 378 additions and 19 deletions.
diff --git a/.github/workflows/kitchen.yml b/.github/workflows/kitchen.yml
@@ -38,7 +38,7 @@ jobs:
           # - package-debian-10-master-py3
           # - repo-debian-10-master-py3
           # - clean-debian-10-master-py3
-          - debian-10-master-py3
+          - dockeronly-debian-10-master-py3
           # - archive-debian-9-master-py3
           # - package-debian-9-master-py3
           # - repo-debian-9-master-py3
@@ -53,7 +53,7 @@ jobs:
           # - package-ubuntu-1804-master-py3
           # - repo-ubuntu-1804-master-py3
           # - clean-ubuntu-1804-master-py3
-          - ubuntu-1804-master-py3
+          - composeclean-ubuntu-1804-master-py3
           # - archive-centos-8-master-py3
           # - package-centos-8-master-py3
           # - repo-centos-8-master-py3
@@ -73,7 +73,7 @@ jobs:
           # - package-fedora-33-master-py3
           # - repo-fedora-33-master-py3
           # - clean-fedora-33-master-py3
-          - fedora-33-master-py3
+          - dockeronly-fedora-33-master-py3
           # - archive-opensuse-leap-153-master-py3
           # - package-opensuse-leap-153-master-py3
           # - repo-opensuse-leap-153-master-py3

diff --git a/docker/clean.sls b/docker/clean.sls
@@ -3,5 +3,5 @@
 
 include:
   # .containers.clean
-  - .compose.clean
+  # .compose.clean
   - .software.clean
diff --git a/docker/compose/clean.sls b/docker/compose/clean.sls
@@ -1,5 +1,26 @@
 # -*- coding: utf-8 -*-
 # vim: ft=sls
+{%- set tplroot = tpldir.split('/')[0] %}
+{%- from tplroot ~ "/map.jinja" import data as d with context %}
 
+{%- set sls_docker_software_clean = tplroot ~ '.software.clean' %}
+{%- set sls_compose_software_clean = tplroot ~ '.compose.software.clean' %}
 include:
-  - .software.clean
+  - {{ sls_compose_software_clean }}
+
+    {%- for name, container in d.compose.ng.items() %}
+
+docker-compose-ng-{{ container.container_name|d(name) }}-stopped:
+  docker_container.stopped:
+    - name: {{ container.container_name|d(name) }}
+    - onlyif: docker container inspect {{ container.container_name|d(name) }}
+    - require_in:
+      - sls: {{ sls_compose_software_clean }}
+
+docker-compose-ng-{{ container.image }}-{{ range(1,100) |random }}-absent:
+  docker_image.absent:
+    - name: {{ container.image }}
+    - require_in:
+      - sls: {{ sls_compose_software_clean }}
+
+     {% endfor %}
diff --git a/docker/compose/software/binary/clean.sls b/docker/compose/software/binary/clean.sls
@@ -15,11 +15,13 @@ include:
   file.absent:
     - names:
       - {{ d.dir.tmp }}/docker-compose
+           {%- if 'path' in d.pkg.compose %}
       - {{ d.pkg.compose.path }}
-        {%- if d.linux.altpriority|int == 0 or grains.os_family in ('Arch', 'MacOS') %}
-            {%- for cmd in d.pkg.compose.commands|unique %}
+           {%- endif %}
+           {%- if d.linux.altpriority|int == 0 or grains.os_family in ('Arch', 'MacOS') %}
+               {%- for cmd in d.pkg.compose.commands|unique %}
       - /usr/local/bin/{{ cmd }}
-            {%- endfor %}
-        {%- endif %}
+               {%- endfor %}
+           {%- endif %}
 
     {%- endif %}
diff --git a/docker/compose/software/binary/install.sls b/docker/compose/software/binary/install.sls
@@ -7,7 +7,8 @@
 
     {%- if grains.kernel|lower in ('linux',) %}
         {%- from tplroot ~ "/files/macros.jinja" import format_kwargs with context %}
-        {%- if d.pkg.compose.use_upstream == 'binary' and 'binary' in d.pkg.compose %}
+        {%- set composer = d.pkg.compose %}
+        {%- if composer.use_upstream == 'binary' and 'binary' in composer and 'path' in composer %}
 
 {{ formula }}-compose-software-binary-install:
         {%- if 'deps' in d.pkg and d.pkg.deps %}
@@ -27,12 +28,12 @@
       - file: {{ formula }}-compose-software-binary-install
         {%- endif %}
   file.managed:
-    - unless: test -x {{ d.pkg.compose.path }}/docker-compose
-    - name: {{ d.pkg.compose.path }}/docker-compose
-    - source: {{ d.pkg.compose.binary.source }}
+    - unless: test -x {{ composer.path }}/docker-compose
+    - name: {{ composer.path }}/docker-compose
+    - source: {{ composer.binary.source }}
     - clean: {{ d.misc.clean }}
-        {%- if 'source_hash' in d.pkg.compose.binary and d.pkg.compose.binary.source_hash %}
-    - source_hash: {{ d.pkg.compose.binary.source_hash }}
+        {%- if 'source_hash' in composer.binary and composer.binary.source_hash %}
+    - source_hash: {{ composer.binary.source_hash }}
         {%- else %}
     - skip_verify: True
         {%- endif %}
@@ -47,12 +48,12 @@
         - mode
 
             {%- if d.linux.altpriority|int == 0 or grains.os_family in ('Arch', 'MacOS') %}
-                {%- for cmd in d.pkg.compose.commands|unique %}
+                {%- for cmd in composer.commands|unique %}
 
 {{ formula }}-compose-software-binary-install-symlink-{{ cmd }}:
   file.symlink:
     - name: /usr/local/bin/{{ cmd }}
-    - target: {{ d.pkg.compose.path }}/{{ cmd }}
+    - target: {{ composer.path }}/{{ cmd }}
     - force: True
     - onchanges:
       - file: {{ formula }}-compose-software-binary-install

diff --git a/kitchen.yml b/kitchen.yml
@@ -741,3 +741,38 @@ suites:
     verifier:
       inspec_tests:
         - path: test/integration/clean
+  - name: composeclean
+    provisioner:
+      state_top:
+        base:
+          '*':
+            - docker._mapdata
+            - docker
+            - docker.compose.clean
+      pillars:
+        top.sls:
+          base:
+            '*':
+              - docker
+      pillars_from_files:
+        docker.sls: test/salt/pillar/dockeronly.sls
+    verifier:
+      inspec_tests:
+        - path: test/integration/dockeronly
+  - name: dockeronly
+    provisioner:
+      state_top:
+        base:
+          '*':
+            - docker._mapdata
+            - docker
+      pillars:
+        top.sls:
+          base:
+            '*':
+              - docker
+      pillars_from_files:
+        docker.sls: test/salt/pillar/dockeronly.sls
+    verifier:
+      inspec_tests:
+        - path: test/integration/dockeronly
diff --git a/pillar.example b/pillar.example
@@ -17,7 +17,8 @@ docker:
         # yamllint enable-line rule:line-length
         - DOCKER_OPTS="-s btrfs --dns 8.8.8.8"
         - export http_proxy="http://172.17.42.1:3128"
-      daemon_config: {}
+      daemon_config:
+        insecure-registries: []
 
   networks:
     - nginxnet

diff --git a/test/integration/archive/controls/config.rb b/test/integration/archive/controls/config.rb
@@ -12,6 +12,10 @@
     its('content') { should include 'export http_proxy="http://172.17.42.1:3128"' }
   end
   describe file('/etc/docker/daemon.json') do
-    it { should_not exist }
+    it { should be_file }
+    its('owner') { should eq 'root' }
+    its('group') { should eq 'root' }
+    its('mode')  { should cmp '0640' }
+    its('content') { should include '"insecure-registries": []' }
   end
 end
diff --git a/test/integration/dockeronly/README.md b/test/integration/dockeronly/README.md
@@ -0,0 +1,50 @@
+# InSpec Profile: `dockeronly`
+
+This shows the implementation of the `dockeronly` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md).
+
+## Verify a profile
+
+InSpec ships with built-in features to verify a profile structure.
+
+```bash
+$ inspec check dockeronly
+Summary
+-------
+Location: dockeronly
+Profile: profile
+Controls: 4
+Timestamp: 2019-06-24T23:09:01+00:00
+Valid: true
+
+Errors
+------
+
+Warnings
+--------
+```
+
+## Execute a profile
+
+To run all **supported** controls on a local machine use `inspec exec /path/to/profile`.
+
+```bash
+$ inspec exec dockeronly
+..
+
+Finished in 0.0025 seconds (files took 0.12449 seconds to load)
+8 examples, 0 failures
+```
+
+## Execute a specific control from a profile
+
+To run one control from the profile use `inspec exec /path/to/profile --controls name`.
+
+```bash
+$ inspec exec dockeronly --controls dockeronly
+.
+
+Finished in 0.0025 seconds (files took 0.12449 seconds to load)
+1 examples, 0 failures
+```
+
+See an [example control here](https://github.com/inspec/inspec/blob/master/examples/profile/controls/example.rb).
diff --git a/test/integration/dockeronly/controls/archive_spec.rb b/test/integration/dockeronly/controls/archive_spec.rb
@@ -0,0 +1,86 @@
+# frozen_string_literal: true
+
+title 'docker archives profile'
+
+control 'docker archive' do
+  impact 1.0
+  title 'should be installed'
+
+  describe file('/usr/local/docker-19.03.9/bin') do
+    it { should exist }
+    it { should be_directory }
+    its('type') { should eq :directory }
+  end
+  describe file('/usr/local/docker-19.03.9/bin/docker') do
+    it { should exist }
+    its('mode') { should cmp '0755' }
+  end
+  describe file('/usr/local/docker-19.03.9/bin/runc') do
+    it { should exist }
+    its('mode') { should cmp '0755' }
+  end
+  describe file('/usr/local/docker-19.03.9/bin/docker-proxy') do
+    it { should exist }
+    its('mode') { should cmp '0755' }
+  end
+  describe file('/usr/local/docker-19.03.9/bin/containerd') do
+    it { should exist }
+    its('mode') { should cmp '0755' }
+  end
+  describe file('/usr/local/docker-19.03.9/bin/ctr') do
+    it { should exist }
+    its('mode') { should cmp '0755' }
+  end
+  describe file('/usr/local/docker-19.03.9/bin/dockerd') do
+    it { should exist }
+    its('mode') { should cmp '0755' }
+  end
+  describe file('/usr/local/docker-19.03.9/bin/containerd-shim') do
+    it { should exist }
+    its('mode') { should cmp '0755' }
+  end
+  describe file('/usr/local/bin/docker') do
+    it { should be_symlink }
+    it { should be_file }
+    it { should_not be_directory }
+  end
+  describe file('/usr/local/bin/runc') do
+    it { should be_symlink }
+    it { should be_file }
+    it { should_not be_directory }
+  end
+  describe file('/usr/local/bin/docker-proxy') do
+    it { should be_symlink }
+    it { should be_file }
+    it { should_not be_directory }
+  end
+  describe file('/usr/local/bin/containerd') do
+    it { should be_symlink }
+    it { should be_file }
+    it { should_not be_directory }
+  end
+  describe file('/usr/local/bin/ctr') do
+    it { should be_symlink }
+    it { should be_file }
+    it { should_not be_directory }
+  end
+  describe file('/usr/local/bin/dockerd') do
+    it { should be_symlink }
+    it { should be_file }
+    it { should_not be_directory }
+  end
+  describe file('/usr/local/bin/containerd-shim') do
+    it { should be_symlink }
+    it { should be_file }
+    it { should_not be_directory }
+  end
+  describe file('/usr/local/docker-compose-latest/bin') do
+    it { should_not be_directory }
+  end
+  describe file('/usr/local/docker-compose-latest/bin/docker-compose') do
+    it { should_not be_file }
+  end
+  describe file('/usr/local/bin/docker-compose') do
+    it { should_not be_file }
+  end
+end
diff --git a/test/integration/dockeronly/controls/config.rb b/test/integration/dockeronly/controls/config.rb
@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+control 'Docker configuration' do
+  title 'should match desired lines'
+
+  describe file('/etc/default/docker') do
+    it { should be_file }
+    its('owner') { should eq 'root' }
+    its('group') { should eq 'root' }
+    its('mode')  { should cmp '0640' }
+    its('content') { should include 'DOCKER_OPTS="-s btrfs --dns 8.8.8.8"' }
+    its('content') { should include 'export http_proxy="http://172.17.42.1:3128"' }
+  end
+  describe file('/etc/docker/daemon.json') do
+    it { should be_file }
+    its('owner') { should eq 'root' }
+    its('group') { should eq 'root' }
+    its('mode')  { should cmp '0640' }
+    its('content') { should include '"insecure-registries": []' }
+  end
+end
diff --git a/test/integration/dockeronly/controls/service.rb b/test/integration/dockeronly/controls/service.rb
@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+control 'Docker service' do
+  title 'should be running and enabled'
+
+  describe service('docker') do
+    it { should be_installed }
+    it { should be_enabled }
+    it { should be_running } unless %w[fedora suse].include? platform[:family]
+  end
+end
diff --git a/test/integration/dockeronly/inspec.yml b/test/integration/dockeronly/inspec.yml
@@ -0,0 +1,27 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+name: dockeronly
+title: docker formula
+maintainer: SaltStack Formulas
+license: Apache-2.0
+summary: Verify that the docker formula is setup and configured correctly
+depends:
+  - name: share
+    path: test/integration/share
+supports:
+  - platform-name: debian
+  - platform-name: ubuntu
+  - platform-name: centos
+  - platform-name: fedora
+  - platform-name: opensuse
+  - platform-name: suse
+  - platform-name: freebsd
+  - platform-name: openbsd
+  - platform-name: amazon
+  - platform-name: oracle
+  - platform-name: arch
+  - platform-name: gentoo
+  - platform-name: almalinux
+  - platform-name: rocky
+  - platform: windows