From 2f5c0a5311cdf0c3e49ea87112fdb2323c78a7fa Mon Sep 17 00:00:00 2001 From: Nicolas Rodriguez Date: Thu, 16 May 2019 00:26:46 +0200 Subject: [PATCH] ci(kitchen+inspec): provide platform specific pillars --- kitchen.yml | 53 ++++++++++++++++--- .../default/controls/config_spec.rb | 18 +++++-- test/salt/pillar/debian.sls | 5 ++ test/salt/pillar/redhat.sls | 5 ++ test/salt/pillar/suse.sls | 5 ++ 5 files changed, 74 insertions(+), 12 deletions(-) create mode 100644 test/salt/pillar/debian.sls create mode 100644 test/salt/pillar/redhat.sls create mode 100644 test/salt/pillar/suse.sls diff --git a/kitchen.yml b/kitchen.yml index 5b69eba..6a4fd0c 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -15,33 +15,60 @@ platforms: - name: debian-9-2019-2-py3 driver: image: netmanagers/salt-2019.2-py3:debian-9 + provisioner: + pillars_from_files: + rkhunter.sls: test/salt/pillar/debian.sls - name: ubuntu-1804-2019-2-py3 driver: image: netmanagers/salt-2019.2-py3:ubuntu-18.04 + provisioner: + pillars_from_files: + rkhunter.sls: test/salt/pillar/debian.sls - name: centos-7-2019-2-py3 driver: image: netmanagers/salt-2019.2-py3:centos-7 + provisioner: + pillars_from_files: + rkhunter.sls: test/salt/pillar/redhat.sls - name: fedora-29-2019-2-py3 driver: image: netmanagers/salt-2019.2-py3:fedora-29 + provisioner: + pillars_from_files: + rkhunter.sls: test/salt/pillar/redhat.sls - name: opensuse-leap-15-2019-2-py3 driver: image: netmanagers/salt-2019.2-py3:opensuse-leap-15 run_command: /usr/lib/systemd/systemd + provisioner: + pillars_from_files: + rkhunter.sls: test/salt/pillar/suse.sls ## SALT 2018.3 - name: debian-9-2018-3-py2 driver: image: netmanagers/salt-2018.3-py2:debian-9 + provisioner: + pillars_from_files: + rkhunter.sls: test/salt/pillar/debian.sls - name: ubuntu-1604-2018-3-py2 driver: image: netmanagers/salt-2018.3-py2:ubuntu-16.04 + provisioner: + pillars_from_files: + rkhunter.sls: test/salt/pillar/debian.sls - name: centos-7-2018-3-py2 driver: image: netmanagers/salt-2018.3-py2:centos-7 + provisioner: + pillars_from_files: + rkhunter.sls: test/salt/pillar/redhat.sls - name: fedora-29-2018-3-py2 driver: image: netmanagers/salt-2018.3-py2:fedora-29 + provisioner: + pillars_from_files: + rkhunter.sls: test/salt/pillar/redhat.sls # TODO: Use this when fixed instead of `opensuse-leap-42` # Ref: https://github.com/netmanagers/salt-image-builder/issues/2 # - name: opensuse-leap-15-2018-3-py2 @@ -52,25 +79,43 @@ platforms: driver: image: netmanagers/salt-2018.3-py2:opensuse-leap-42 run_command: /usr/lib/systemd/systemd + provisioner: + pillars_from_files: + rkhunter.sls: test/salt/pillar/suse.sls ## SALT 2017.7 - name: debian-8-2017-7-py2 driver: image: netmanagers/salt-2017.7-py2:debian-8 + provisioner: + pillars_from_files: + rkhunter.sls: test/salt/pillar/debian.sls - name: ubuntu-1604-2017-7-py2 driver: image: netmanagers/salt-2017.7-py2:ubuntu-16.04 + provisioner: + pillars_from_files: + rkhunter.sls: test/salt/pillar/debian.sls - name: centos-6-2017-7-py2 driver: image: netmanagers/salt-2017.7-py2:centos-6 run_command: /sbin/init + provisioner: + pillars_from_files: + rkhunter.sls: test/salt/pillar/redhat.sls - name: fedora-28-2017-7-py2 driver: image: netmanagers/salt-2017.7-py2:fedora-28 + provisioner: + pillars_from_files: + rkhunter.sls: test/salt/pillar/redhat.sls - name: opensuse-leap-42-2017-7-py2 driver: image: netmanagers/salt-2017.7-py2:opensuse-leap-42 run_command: /usr/lib/systemd/systemd + provisioner: + pillars_from_files: + rkhunter.sls: test/salt/pillar/suse.sls provisioner: name: salt_solo @@ -90,14 +135,6 @@ provisioner: base: '*': - rkhunter - rkhunter.sls: - rkhunter: - config: - allow_ssh_root_user: 'yes' - default: - run_check_on_battery: true - # pillars_from_files: - # rkhunter.sls: pillar.example verifier: # https://www.inspec.io/ diff --git a/test/integration/default/controls/config_spec.rb b/test/integration/default/controls/config_spec.rb index 64674df..2f62937 100644 --- a/test/integration/default/controls/config_spec.rb +++ b/test/integration/default/controls/config_spec.rb @@ -10,7 +10,7 @@ def check_debian its('content') { should include 'CRON_DB_UPDATE="true"' } its('content') { should include 'CRON_DAILY_RUN="true"' } - # Custom config from pillar + # Custom config from pillar (default: false) its('content') { should include 'RUN_CHECK_ON_BATTERY="true"' } end @@ -32,7 +32,7 @@ def check_debian its('content') { should include 'SCRIPTDIR=/usr/share/rkhunter/scripts' } its('content') { should include "DISABLE_TESTS='apps deleted_files hidden_procs packet_cap_apps suspscan'" } - # Custom config from pillar + # Custom config from pillar (default: without-password) its('content') { should include 'ALLOW_SSH_ROOT_USER=yes' } end end @@ -40,8 +40,10 @@ def check_debian def check_redhat describe file('/etc/sysconfig/rkhunter') do # Default config - its('content') { should include 'MAILTO=root@localhost' } its('content') { should include 'DIAG_SCAN=no' } + + # Custom config from pillar (default: root@localhost) + its('content') { should include 'MAILTO=foo@localhost' } end describe file('/etc/rkhunter.conf') do @@ -53,6 +55,9 @@ def check_redhat its('content') { should include 'TMPDIR=/var/lib/rkhunter' } its('content') { should include 'SCRIPTDIR=/usr/share/rkhunter/scripts' } its('content') { should include "DISABLE_TESTS='apps deleted_files hidden_procs ipc_shared_mem packet_cap_apps suspscan'" } + + # Custom config from pillar (default: unset) + its('content') { should include 'ALLOW_SSH_ROOT_USER=yes' } end end @@ -61,12 +66,14 @@ def check_suse # Default config its('content') { should include "START_RKHUNTER=yes" } its('content') { should include "RUN_SUSECONFIG=yes" } - its('content') { should include "CRON_DB_UPDATE=no" } its('content') { should include "PRO_UPDATE=no" } its('content') { should include "NICE=0" } its('content') { should include "LOGFILE=/var/log/rkhunter.log" } its('content') { should include "REPORT_EMAIL=root" } its('content') { should include 'OPTIONS="--no-mail-on-warning --cronjob --report-warnings-only --append-log --pkgmgr RPM"' } + + # Custom config from pillar (default: no) + its('content') { should include "CRON_DB_UPDATE=yes" } end describe file('/etc/rkhunter.conf') do @@ -78,6 +85,9 @@ def check_suse its('content') { should include 'TMPDIR=/var/lib/rkhunter' } its('content') { should include 'SCRIPTDIR=/usr/lib/rkhunter/scripts' } its('content') { should include "DISABLE_TESTS='apps deleted_files hidden_ports hidden_procs packet_cap_apps suspscan'" } + + # Custom config from pillar (default: not set) + its('content') { should include 'ALLOW_SSH_ROOT_USER=yes' } end end diff --git a/test/salt/pillar/debian.sls b/test/salt/pillar/debian.sls new file mode 100644 index 0000000..05f9666 --- /dev/null +++ b/test/salt/pillar/debian.sls @@ -0,0 +1,5 @@ +rkhunter: + default: + run_check_on_battery: true + config: + allow_ssh_root_user: 'yes' diff --git a/test/salt/pillar/redhat.sls b/test/salt/pillar/redhat.sls new file mode 100644 index 0000000..c702607 --- /dev/null +++ b/test/salt/pillar/redhat.sls @@ -0,0 +1,5 @@ +rkhunter: + default: + mailto: foo@localhost + config: + allow_ssh_root_user: 'yes' diff --git a/test/salt/pillar/suse.sls b/test/salt/pillar/suse.sls new file mode 100644 index 0000000..a79d3f9 --- /dev/null +++ b/test/salt/pillar/suse.sls @@ -0,0 +1,5 @@ +rkhunter: + default: + cron_db_update: 'yes' + config: + allow_ssh_root_user: 'yes'