ci(kitchen+inspec): provide platform specific pillars

saltstack-formulas · May 15, 2019 · 2f5c0a5 · 2f5c0a5
1 parent d53239b
commit 2f5c0a5
Show file tree

Hide file tree

Showing 5 changed files with 74 additions and 12 deletions.
diff --git a/kitchen.yml b/kitchen.yml
@@ -15,33 +15,60 @@ platforms:
   - name: debian-9-2019-2-py3
     driver:
       image: netmanagers/salt-2019.2-py3:debian-9
+    provisioner:
+      pillars_from_files:
+        rkhunter.sls: test/salt/pillar/debian.sls
   - name: ubuntu-1804-2019-2-py3
     driver:
       image: netmanagers/salt-2019.2-py3:ubuntu-18.04
+    provisioner:
+      pillars_from_files:
+        rkhunter.sls: test/salt/pillar/debian.sls
   - name: centos-7-2019-2-py3
     driver:
       image: netmanagers/salt-2019.2-py3:centos-7
+    provisioner:
+      pillars_from_files:
+        rkhunter.sls: test/salt/pillar/redhat.sls
   - name: fedora-29-2019-2-py3
     driver:
       image: netmanagers/salt-2019.2-py3:fedora-29
+    provisioner:
+      pillars_from_files:
+        rkhunter.sls: test/salt/pillar/redhat.sls
   - name: opensuse-leap-15-2019-2-py3
     driver:
       image: netmanagers/salt-2019.2-py3:opensuse-leap-15
       run_command: /usr/lib/systemd/systemd
+    provisioner:
+      pillars_from_files:
+        rkhunter.sls: test/salt/pillar/suse.sls
 
   ## SALT 2018.3
   - name: debian-9-2018-3-py2
     driver:
       image: netmanagers/salt-2018.3-py2:debian-9
+    provisioner:
+      pillars_from_files:
+        rkhunter.sls: test/salt/pillar/debian.sls
   - name: ubuntu-1604-2018-3-py2
     driver:
       image: netmanagers/salt-2018.3-py2:ubuntu-16.04
+    provisioner:
+      pillars_from_files:
+        rkhunter.sls: test/salt/pillar/debian.sls
   - name: centos-7-2018-3-py2
     driver:
       image: netmanagers/salt-2018.3-py2:centos-7
+    provisioner:
+      pillars_from_files:
+        rkhunter.sls: test/salt/pillar/redhat.sls
   - name: fedora-29-2018-3-py2
     driver:
       image: netmanagers/salt-2018.3-py2:fedora-29
+    provisioner:
+      pillars_from_files:
+        rkhunter.sls: test/salt/pillar/redhat.sls
   # TODO: Use this when fixed instead of `opensuse-leap-42`
   # Ref: https://github.com/netmanagers/salt-image-builder/issues/2
   # - name: opensuse-leap-15-2018-3-py2
@@ -52,25 +79,43 @@ platforms:
     driver:
       image: netmanagers/salt-2018.3-py2:opensuse-leap-42
       run_command: /usr/lib/systemd/systemd
+    provisioner:
+      pillars_from_files:
+        rkhunter.sls: test/salt/pillar/suse.sls
 
   ## SALT 2017.7
   - name: debian-8-2017-7-py2
     driver:
       image: netmanagers/salt-2017.7-py2:debian-8
+    provisioner:
+      pillars_from_files:
+        rkhunter.sls: test/salt/pillar/debian.sls
   - name: ubuntu-1604-2017-7-py2
     driver:
       image: netmanagers/salt-2017.7-py2:ubuntu-16.04
+    provisioner:
+      pillars_from_files:
+        rkhunter.sls: test/salt/pillar/debian.sls
   - name: centos-6-2017-7-py2
     driver:
       image: netmanagers/salt-2017.7-py2:centos-6
       run_command: /sbin/init
+    provisioner:
+      pillars_from_files:
+        rkhunter.sls: test/salt/pillar/redhat.sls
   - name: fedora-28-2017-7-py2
     driver:
       image: netmanagers/salt-2017.7-py2:fedora-28
+    provisioner:
+      pillars_from_files:
+        rkhunter.sls: test/salt/pillar/redhat.sls
   - name: opensuse-leap-42-2017-7-py2
     driver:
       image: netmanagers/salt-2017.7-py2:opensuse-leap-42
       run_command: /usr/lib/systemd/systemd
+    provisioner:
+      pillars_from_files:
+        rkhunter.sls: test/salt/pillar/suse.sls
 
 provisioner:
   name: salt_solo
@@ -90,14 +135,6 @@ provisioner:
       base:
         '*':
           - rkhunter
-    rkhunter.sls:
-      rkhunter:
-        config:
-          allow_ssh_root_user: 'yes'
-        default:
-          run_check_on_battery: true
-  # pillars_from_files:
-  #   rkhunter.sls: pillar.example
 
 verifier:
   # https://www.inspec.io/

diff --git a/test/integration/default/controls/config_spec.rb b/test/integration/default/controls/config_spec.rb
@@ -10,7 +10,7 @@ def check_debian
       its('content') { should include 'CRON_DB_UPDATE="true"' }
       its('content') { should include 'CRON_DAILY_RUN="true"' }
 
-      # Custom config from pillar
+      # Custom config from pillar (default: false)
       its('content') { should include 'RUN_CHECK_ON_BATTERY="true"' }
     end
 
@@ -32,16 +32,18 @@ def check_debian
       its('content') { should include 'SCRIPTDIR=/usr/share/rkhunter/scripts' }
       its('content') { should include "DISABLE_TESTS='apps deleted_files hidden_procs packet_cap_apps suspscan'" }
 
-      # Custom config from pillar
+      # Custom config from pillar (default: without-password)
       its('content') { should include 'ALLOW_SSH_ROOT_USER=yes' }
     end
   end
 
   def check_redhat
     describe file('/etc/sysconfig/rkhunter') do
       # Default config
-      its('content') { should include 'MAILTO=root@localhost' }
       its('content') { should include 'DIAG_SCAN=no' }
+
+      # Custom config from pillar (default: root@localhost)
+      its('content') { should include 'MAILTO=foo@localhost' }
     end
 
     describe file('/etc/rkhunter.conf') do
@@ -53,6 +55,9 @@ def check_redhat
       its('content') { should include 'TMPDIR=/var/lib/rkhunter' }
       its('content') { should include 'SCRIPTDIR=/usr/share/rkhunter/scripts' }
       its('content') { should include "DISABLE_TESTS='apps deleted_files hidden_procs ipc_shared_mem packet_cap_apps suspscan'" }
+
+      # Custom config from pillar (default: unset)
+      its('content') { should include 'ALLOW_SSH_ROOT_USER=yes' }
     end
   end
 
@@ -61,12 +66,14 @@ def check_suse
       # Default config
       its('content') { should include "START_RKHUNTER=yes" }
       its('content') { should include "RUN_SUSECONFIG=yes" }
-      its('content') { should include "CRON_DB_UPDATE=no" }
       its('content') { should include "PRO_UPDATE=no" }
       its('content') { should include "NICE=0" }
       its('content') { should include "LOGFILE=/var/log/rkhunter.log" }
       its('content') { should include "REPORT_EMAIL=root" }
       its('content') { should include 'OPTIONS="--no-mail-on-warning --cronjob --report-warnings-only --append-log --pkgmgr RPM"' }
+
+      # Custom config from pillar (default: no)
+      its('content') { should include "CRON_DB_UPDATE=yes" }
     end
 
     describe file('/etc/rkhunter.conf') do
@@ -78,6 +85,9 @@ def check_suse
       its('content') { should include 'TMPDIR=/var/lib/rkhunter' }
       its('content') { should include 'SCRIPTDIR=/usr/lib/rkhunter/scripts' }
       its('content') { should include "DISABLE_TESTS='apps deleted_files hidden_ports hidden_procs packet_cap_apps suspscan'" }
+
+      # Custom config from pillar (default: not set)
+      its('content') { should include 'ALLOW_SSH_ROOT_USER=yes' }
     end
   end
 

diff --git a/test/salt/pillar/debian.sls b/test/salt/pillar/debian.sls
@@ -0,0 +1,5 @@
+rkhunter:
+  default:
+    run_check_on_battery: true
+  config:
+    allow_ssh_root_user: 'yes'
diff --git a/test/salt/pillar/redhat.sls b/test/salt/pillar/redhat.sls
@@ -0,0 +1,5 @@
+rkhunter:
+  default:
+    mailto: foo@localhost
+  config:
+    allow_ssh_root_user: 'yes'
diff --git a/test/salt/pillar/suse.sls b/test/salt/pillar/suse.sls
@@ -0,0 +1,5 @@
+rkhunter:
+  default:
+    cron_db_update: 'yes'
+  config:
+    allow_ssh_root_user: 'yes'