From e3cd1ed19797410bf13fc2c27d9a1d9083bffbd8 Mon Sep 17 00:00:00 2001 From: Brandon O'Connor Date: Wed, 5 Sep 2018 01:18:57 -0700 Subject: [PATCH 01/15] [#1] - Add migrate to GCP inspec resources in tests --- .kitchen.yml | 17 +- Gemfile | 6 +- Gemfile.lock | 146 ++++++++++++------ bin/kitchen.sh | 6 +- test/fixtures/tf_module/main.tf | 12 +- test/integration/kt_suite/controls/default.rb | 16 +- test/integration/kt_suite/inspec.yml | 5 +- variables.tf | 3 +- version | 2 +- 9 files changed, 142 insertions(+), 71 deletions(-) diff --git a/.kitchen.yml b/.kitchen.yml index fd87047..7e19ad8 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -2,19 +2,24 @@ driver: name: terraform root_module_directory: test/fixtures/tf_module + variables: + gcloud_project: <%= ENV['GCLOUD_PROJECT'] %> provisioner: name: terraform verifier: name: terraform - groups: - - name: default + systems: + - + name: default + backend: gcp controls: - instance -suites: - - name: kt_suite - platforms: - - name: terraform \ No newline at end of file + - name: gcp + +suites: + - + name: kt_suite diff --git a/Gemfile b/Gemfile index 07cee20..7cea391 100644 --- a/Gemfile +++ b/Gemfile @@ -1,3 +1,5 @@ source 'https://rubygems.org/' do - gem 'kitchen-terraform' -end \ No newline at end of file + gem 'inspec', '~> 2.2.35' + gem 'kitchen-google', '~> 1.5' + gem 'kitchen-terraform', '~> 4.0.0' +end diff --git a/Gemfile.lock b/Gemfile.lock index d83271e..2882467 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -3,19 +3,23 @@ GEM specs: addressable (2.5.2) public_suffix (>= 2.0.2, < 4.0) - aws-sdk (2.11.46) - aws-sdk-resources (= 2.11.46) - aws-sdk-core (2.11.46) + aws-sdk (2.11.123) + aws-sdk-resources (= 2.11.123) + aws-sdk-core (2.11.123) aws-sigv4 (~> 1.0) jmespath (~> 1.0) - aws-sdk-resources (2.11.46) - aws-sdk-core (= 2.11.46) - aws-sigv4 (1.0.2) - azure_mgmt_resources (0.16.0) - ms_rest_azure (~> 0.10.0) + aws-sdk-resources (2.11.123) + aws-sdk-core (= 2.11.123) + aws-sigv4 (1.0.3) + azure_graph_rbac (0.17.0) + ms_rest_azure (~> 0.11.0) + azure_mgmt_resources (0.17.0) + ms_rest_azure (~> 0.11.0) builder (3.2.3) coderay (1.1.2) concurrent-ruby (1.0.5) + declarative (0.0.10) + declarative-option (0.1.0) diff-lcs (1.3) docker-api (1.34.2) excon (>= 0.47.0) @@ -27,50 +31,68 @@ GEM dry-container (0.6.0) concurrent-ruby (~> 1.0) dry-configurable (~> 0.1, >= 0.1.3) - dry-core (0.4.5) + dry-core (0.4.7) concurrent-ruby (~> 1.0) dry-equalizer (0.2.1) + dry-inflector (0.1.2) dry-logic (0.4.2) dry-container (~> 0.2, >= 0.2.6) dry-core (~> 0.2) dry-equalizer (~> 0.2) - dry-types (0.12.2) + dry-types (0.13.2) concurrent-ruby (~> 1.0) - dry-configurable (~> 0.1) dry-container (~> 0.3) - dry-core (~> 0.2, >= 0.2.1) + dry-core (~> 0.4, >= 0.4.4) dry-equalizer (~> 0.2) + dry-inflector (~> 0.1, >= 0.1.2) dry-logic (~> 0.4, >= 0.4.2) - inflecto (~> 0.0.0, >= 0.0.2) - dry-validation (0.11.1) + dry-validation (0.12.2) concurrent-ruby (~> 1.0) dry-configurable (~> 0.1, >= 0.1.3) dry-core (~> 0.2, >= 0.2.1) dry-equalizer (~> 0.2) dry-logic (~> 0.4, >= 0.4.0) - dry-types (~> 0.12.0) + dry-types (~> 0.13.1) erubis (2.7.0) excon (0.62.0) - faraday (0.15.0) + faraday (0.15.2) multipart-post (>= 1.2, < 3) faraday-cookie_jar (0.0.6) faraday (>= 0.7.4) http-cookie (~> 1.0.0) - ffi (1.9.23) + faraday_middleware (0.12.2) + faraday (>= 0.7.4, < 1.0) + ffi (1.9.25) + gcewinpass (1.1.0) + google-api-client (~> 0.13) + google-api-client (0.19.8) + addressable (~> 2.5, >= 2.5.1) + googleauth (>= 0.5, < 0.7.0) + httpclient (>= 2.8.1, < 3.0) + mime-types (~> 3.0) + representable (~> 3.0) + retriable (>= 2.0, < 4.0) + googleauth (0.6.6) + faraday (~> 0.12) + jwt (>= 1.4, < 3.0) + memoist (~> 0.12) + multi_json (~> 1.11) + os (>= 0.9, < 2.0) + signet (~> 0.7) gssapi (1.2.0) ffi (>= 1.0.1) gyoku (1.3.1) builder (>= 2.1.2) - hashie (3.5.7) + hashie (3.6.0) htmlentities (4.3.4) http-cookie (1.0.3) domain_name (~> 0.5) httpclient (2.8.3) - inflecto (0.0.2) inifile (3.0.0) - inspec (2.1.68) + inspec (2.2.78) addressable (~> 2.4) faraday (>= 0.9.0) + faraday_middleware (~> 0.12.2) hashie (~> 3.4) htmlentities json (>= 1.8, < 3.0) @@ -86,36 +108,41 @@ GEM sslshake (~> 1.2) thor (~> 0.20) tomlrb (~> 1.2) - train (~> 1.4) + train (~> 1.4, >= 1.4.35) jmespath (1.4.0) json (2.1.0) - kitchen-inspec (0.23.1) - hashie (~> 3.4) - inspec (>= 0.34.0, < 3.0.0) - test-kitchen (~> 1.6) - kitchen-terraform (3.3.1) + jwt (2.1.0) + kitchen-google (1.5.0) + gcewinpass (~> 1.1) + google-api-client (~> 0.19) + test-kitchen + kitchen-terraform (4.0.0) dry-types (~> 0.9) dry-validation (~> 0.10) - kitchen-inspec (~> 0.18) + inspec (>= 2.2.34, < 3) mixlib-shellout (~> 2.2) - test-kitchen (~> 1.16) + test-kitchen (~> 1.23) little-plugger (1.1.4) logging (2.2.2) little-plugger (~> 1.1) multi_json (~> 1.10) + memoist (0.16.0) method_source (0.9.0) - mixlib-install (3.9.3) + mime-types (3.2.2) + mime-types-data (~> 3.2015) + mime-types-data (3.2018.0812) + mixlib-install (3.11.5) mixlib-shellout mixlib-versioning thor mixlib-log (2.0.4) - mixlib-shellout (2.3.2) + mixlib-shellout (2.4.0) mixlib-versioning (1.2.2) ms_rest (0.7.2) concurrent-ruby (~> 1.0) faraday (~> 0.9) timeliness (~> 0.3) - ms_rest_azure (0.10.6) + ms_rest_azure (0.11.0) concurrent-ruby (~> 1.0) faraday (~> 0.9) faraday-cookie_jar (~> 0.0.6) @@ -128,33 +155,44 @@ GEM net-ssh-gateway (1.3.0) net-ssh (>= 2.6.5) nori (2.6.0) + os (1.0.0) parallel (1.12.1) parslet (1.8.2) pry (0.11.3) coderay (~> 1.1.0) method_source (~> 0.9.0) - public_suffix (3.0.2) - rspec (3.7.0) - rspec-core (~> 3.7.0) - rspec-expectations (~> 3.7.0) - rspec-mocks (~> 3.7.0) - rspec-core (3.7.1) - rspec-support (~> 3.7.0) - rspec-expectations (3.7.0) + public_suffix (3.0.3) + representable (3.0.4) + declarative (< 0.1.0) + declarative-option (< 0.2.0) + uber (< 0.2.0) + retriable (3.1.2) + rspec (3.8.0) + rspec-core (~> 3.8.0) + rspec-expectations (~> 3.8.0) + rspec-mocks (~> 3.8.0) + rspec-core (3.8.0) + rspec-support (~> 3.8.0) + rspec-expectations (3.8.1) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.7.0) + rspec-support (~> 3.8.0) rspec-its (1.2.0) rspec-core (>= 3.0.0) rspec-expectations (>= 3.0.0) - rspec-mocks (3.7.0) + rspec-mocks (3.8.0) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.7.0) - rspec-support (3.7.1) + rspec-support (~> 3.8.0) + rspec-support (3.8.0) rubyntlm (0.6.2) - rubyzip (1.2.1) + rubyzip (1.2.2) semverse (2.0.0) + signet (0.9.1) + addressable (~> 2.3) + faraday (~> 0.9) + jwt (>= 1.5, < 3.0) + multi_json (~> 1.10) sslshake (1.2.0) - test-kitchen (1.21.2) + test-kitchen (1.23.2) mixlib-install (~> 3.6) mixlib-shellout (>= 1.2, < 3.0) net-scp (~> 1.1) @@ -166,18 +204,22 @@ GEM winrm-fs (~> 1.1) thor (0.20.0) timeliness (0.3.8) - tomlrb (1.2.6) - train (1.4.4) + tomlrb (1.2.7) + train (1.4.35) aws-sdk (~> 2) + azure_graph_rbac (~> 0.16) azure_mgmt_resources (~> 0.15) docker-api (~> 1.26) + google-api-client (~> 0.19.8) + googleauth (~> 0.6.2) inifile json (>= 1.8, < 3.0) mixlib-shellout (~> 2.0) net-scp (~> 1.2) - net-ssh (>= 2.9, < 5.0) + net-ssh (>= 2.9, < 6.0) winrm (~> 2.0) winrm-fs (~> 1.0) + uber (0.1.0) unf (0.1.4) unf_ext unf_ext (0.0.7.5) @@ -193,7 +235,7 @@ GEM winrm-elevated (1.1.0) winrm (~> 2.0) winrm-fs (~> 1.0) - winrm-fs (1.2.0) + winrm-fs (1.3.0) erubis (~> 2.7) logging (>= 1.6.1, < 3.0) rubyzip (~> 1.1) @@ -203,7 +245,9 @@ PLATFORMS ruby DEPENDENCIES - kitchen-terraform! + inspec (~> 2.2.35)! + kitchen-google (~> 1.5)! + kitchen-terraform (~> 4.0.0)! BUNDLED WITH - 1.16.1 + 1.16.2 diff --git a/bin/kitchen.sh b/bin/kitchen.sh index acaebff..779e226 100755 --- a/bin/kitchen.sh +++ b/bin/kitchen.sh @@ -1,11 +1,13 @@ #!/usr/bin/env bash # Decrypt sensitive files +#XXX even encrypted, this is risky IF PRs are allowed to kick off builds openssl aes-256-cbc -K $encrypted_cfdeb2eb7efd_key -iv $encrypted_cfdeb2eb7efd_iv -in ci.tar.gz.enc -out ci.tar.gz -d # Decompress sensitive files tar -zxf ci.tar.gz rm ci.tar.gz +export GCLOUD_PROJECT=$(jq -r '.project_id' credentials.json) # Add binaries to bin directory mkdir -p vendor/bin @@ -19,7 +21,7 @@ rm google-cloud-sdk-*-linux-x86_64.tar.gz # Authenticate using the credentials.json gcloud auth activate-service-account --key-file credentials.json -gcloud config set project $(jq -r '.project_id' credentials.json) +gcloud config set project ${GCLOUD_PROJECT} gcloud config set compute/zone us-west1-a yes | ssh-keygen -f ubuntu -N '' >/dev/null @@ -31,4 +33,4 @@ KITCHEN_EXIT_CODE=$? # cleanup rm -Rf credentials.json .env ubuntu* -exit $KITCHEN_EXIT_CODE \ No newline at end of file +exit $KITCHEN_EXIT_CODE diff --git a/test/fixtures/tf_module/main.tf b/test/fixtures/tf_module/main.tf index 5d21c4f..5a17857 100644 --- a/test/fixtures/tf_module/main.tf +++ b/test/fixtures/tf_module/main.tf @@ -1,3 +1,13 @@ +variable "gcloud_project" { + description = "The name of the GCP project to deploy against." +} + module "terraform-google-instance" { - source = "../../.." + source = "../../.." + ssh_public_key_filepath = "${path.module}/../../../ubuntu.pub" +} + +output "gcloud_project" { + description = "The name of the GCP project to deploy against. We need this output to pass the value to tests." + value = "${var.gcloud_project}" } diff --git a/test/integration/kt_suite/controls/default.rb b/test/integration/kt_suite/controls/default.rb index 3f20e40..52d0c7b 100644 --- a/test/integration/kt_suite/controls/default.rb +++ b/test/integration/kt_suite/controls/default.rb @@ -1,7 +1,13 @@ +# frozen_string_literal: true + +gcloud_project = attribute('gcloud_project', description="The name of the project where resources are deployed. This should be passed to tk via environment vars.") + control "instance" do - describe command('gcloud compute instances describe database') do - its('stdout') { should match (/name: database/) } - its('stdout') { should match (/- key: sshKeys/) } - its('stdout') { should match (/status: RUNNING/) } + describe google_compute_instance(project: "#{gcloud_project}", zone: 'us-west1-a', name: 'database') do + its('tag_count'){should eq 2} + its('status') { should eq "RUNNING" } + its('machine_type') { should match "n1-standard-2" } + its('first_network_interface_name'){ should eq "external-nat" } + its('disk_count'){should eq 2} end -end \ No newline at end of file +end diff --git a/test/integration/kt_suite/inspec.yml b/test/integration/kt_suite/inspec.yml index ca249e2..0a09296 100644 --- a/test/integration/kt_suite/inspec.yml +++ b/test/integration/kt_suite/inspec.yml @@ -1,2 +1,5 @@ --- -name: default \ No newline at end of file +name: default +depends: + - name: inspec-gcp + url: https://github.com/inspec/inspec-gcp/archive/master.tar.gz diff --git a/variables.tf b/variables.tf index 51b6752..e25b8df 100644 --- a/variables.tf +++ b/variables.tf @@ -1,6 +1,5 @@ variable "ssh_public_key_filepath" { description = "Filepath for the ssh public key" type = "string" - - default = "ubuntu.pub" + default = "ubuntu.pub" } diff --git a/version b/version index 9ff151c..1474d00 100644 --- a/version +++ b/version @@ -1 +1 @@ -v0.1.0 \ No newline at end of file +v0.2.0 From 86c33487e0a583785165ab91c5cc33a9ddd6d95a Mon Sep 17 00:00:00 2001 From: nictrix Date: Wed, 5 Sep 2018 22:20:57 -0700 Subject: [PATCH 02/15] use environment variables for gcloud project --- bin/kitchen.sh | 1 + .kitchen.yml => kitchen.yml | 9 +++------ 2 files changed, 4 insertions(+), 6 deletions(-) rename .kitchen.yml => kitchen.yml (68%) diff --git a/bin/kitchen.sh b/bin/kitchen.sh index 779e226..8910ceb 100755 --- a/bin/kitchen.sh +++ b/bin/kitchen.sh @@ -8,6 +8,7 @@ openssl aes-256-cbc -K $encrypted_cfdeb2eb7efd_key -iv $encrypted_cfdeb2eb7efd_i tar -zxf ci.tar.gz rm ci.tar.gz export GCLOUD_PROJECT=$(jq -r '.project_id' credentials.json) +export TF_VAR_gcloud_project=$GCLOUD_PROJECT # Add binaries to bin directory mkdir -p vendor/bin diff --git a/.kitchen.yml b/kitchen.yml similarity index 68% rename from .kitchen.yml rename to kitchen.yml index 7e19ad8..678c4ce 100644 --- a/.kitchen.yml +++ b/kitchen.yml @@ -2,17 +2,15 @@ driver: name: terraform root_module_directory: test/fixtures/tf_module - variables: - gcloud_project: <%= ENV['GCLOUD_PROJECT'] %> provisioner: name: terraform verifier: name: terraform + format: documentation systems: - - - name: default + - name: default backend: gcp controls: - instance @@ -21,5 +19,4 @@ platforms: - name: gcp suites: - - - name: kt_suite + - name: kt_suite From 82f56f2a81baf87493298fd765b7eb4c5a6783ca Mon Sep 17 00:00:00 2001 From: Kevin Buchs Date: Mon, 5 Aug 2019 10:20:35 -0500 Subject: [PATCH 03/15] partial updates to fix problems with this branch --- .gitignore | 2 + Gemfile.lock | 193 +++++++++++------- README.md | 9 +- bin/example-setup-ubuntu.sh | 94 +++++++++ bin/kitchen.sh | 7 +- test/fixtures/tf_module/main.tf | 2 +- test/integration/kt_suite/controls/default.rb | 4 +- 7 files changed, 229 insertions(+), 82 deletions(-) create mode 100644 bin/example-setup-ubuntu.sh diff --git a/.gitignore b/.gitignore index a6aa5ce..e6631a7 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,5 @@ credentials.json ubuntu* .vscode ci.tar.gz +vendor +.bundle diff --git a/Gemfile.lock b/Gemfile.lock index 2882467..81760a6 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,85 +1,92 @@ GEM remote: https://rubygems.org/ specs: - addressable (2.5.2) + addressable (2.6.0) public_suffix (>= 2.0.2, < 4.0) - aws-sdk (2.11.123) - aws-sdk-resources (= 2.11.123) - aws-sdk-core (2.11.123) + aws-eventstream (1.0.3) + aws-sdk (2.11.324) + aws-sdk-resources (= 2.11.324) + aws-sdk-core (2.11.324) aws-sigv4 (~> 1.0) jmespath (~> 1.0) - aws-sdk-resources (2.11.123) - aws-sdk-core (= 2.11.123) - aws-sigv4 (1.0.3) - azure_graph_rbac (0.17.0) + aws-sdk-resources (2.11.324) + aws-sdk-core (= 2.11.324) + aws-sigv4 (1.1.0) + aws-eventstream (~> 1.0, >= 1.0.2) + azure_graph_rbac (0.17.1) ms_rest_azure (~> 0.11.0) - azure_mgmt_resources (0.17.0) + azure_mgmt_key_vault (0.17.4) ms_rest_azure (~> 0.11.0) + azure_mgmt_resources (0.17.6) + ms_rest_azure (~> 0.11.1) builder (3.2.3) coderay (1.1.2) - concurrent-ruby (1.0.5) + concurrent-ruby (1.1.5) declarative (0.0.10) declarative-option (0.1.0) diff-lcs (1.3) docker-api (1.34.2) excon (>= 0.47.0) multi_json - domain_name (0.5.20180417) + domain_name (0.5.20190701) unf (>= 0.0.5, < 1.0.0) - dry-configurable (0.7.0) + dry-configurable (0.8.3) concurrent-ruby (~> 1.0) - dry-container (0.6.0) + dry-core (~> 0.4, >= 0.4.7) + dry-container (0.7.2) concurrent-ruby (~> 1.0) dry-configurable (~> 0.1, >= 0.1.3) - dry-core (0.4.7) + dry-core (0.4.8) concurrent-ruby (~> 1.0) - dry-equalizer (0.2.1) + dry-equalizer (0.2.2) dry-inflector (0.1.2) - dry-logic (0.4.2) - dry-container (~> 0.2, >= 0.2.6) + dry-logic (0.6.1) + concurrent-ruby (~> 1.0) dry-core (~> 0.2) dry-equalizer (~> 0.2) - dry-types (0.13.2) + dry-types (0.14.1) concurrent-ruby (~> 1.0) dry-container (~> 0.3) dry-core (~> 0.4, >= 0.4.4) dry-equalizer (~> 0.2) dry-inflector (~> 0.1, >= 0.1.2) - dry-logic (~> 0.4, >= 0.4.2) - dry-validation (0.12.2) + dry-logic (~> 0.5, >= 0.5) + dry-validation (0.13.3) concurrent-ruby (~> 1.0) dry-configurable (~> 0.1, >= 0.1.3) dry-core (~> 0.2, >= 0.2.1) dry-equalizer (~> 0.2) - dry-logic (~> 0.4, >= 0.4.0) - dry-types (~> 0.13.1) + dry-logic (~> 0.5, >= 0.5.0) + dry-types (~> 0.14.0) + equatable (0.6.1) erubis (2.7.0) - excon (0.62.0) - faraday (0.15.2) + excon (0.65.0) + faraday (0.15.4) multipart-post (>= 1.2, < 3) faraday-cookie_jar (0.0.6) faraday (>= 0.7.4) http-cookie (~> 1.0.0) faraday_middleware (0.12.2) faraday (>= 0.7.4, < 1.0) - ffi (1.9.25) + ffi (1.11.1) gcewinpass (1.1.0) google-api-client (~> 0.13) - google-api-client (0.19.8) + google-api-client (0.23.9) addressable (~> 2.5, >= 2.5.1) googleauth (>= 0.5, < 0.7.0) httpclient (>= 2.8.1, < 3.0) mime-types (~> 3.0) representable (~> 3.0) retriable (>= 2.0, < 4.0) - googleauth (0.6.6) + signet (~> 0.9) + googleauth (0.6.7) faraday (~> 0.12) jwt (>= 1.4, < 3.0) - memoist (~> 0.12) + memoist (~> 0.16) multi_json (~> 1.11) os (>= 0.9, < 2.0) signet (~> 0.7) - gssapi (1.2.0) + gssapi (1.3.0) ffi (>= 1.0.1) gyoku (1.3.1) builder (>= 2.1.2) @@ -89,7 +96,7 @@ GEM domain_name (~> 0.5) httpclient (2.8.3) inifile (3.0.0) - inspec (2.2.78) + inspec (2.2.112) addressable (~> 2.4) faraday (>= 0.9.0) faraday_middleware (~> 0.12.2) @@ -98,20 +105,21 @@ GEM json (>= 1.8, < 3.0) method_source (~> 0.8) mixlib-log + multipart-post parallel (~> 1.9) parslet (~> 1.5) pry (~> 0) rspec (~> 3) rspec-its (~> 1.2) - rubyzip (~> 1.1) + rubyzip (~> 1.2, >= 1.2.2) semverse sslshake (~> 1.2) thor (~> 0.20) tomlrb (~> 1.2) - train (~> 1.4, >= 1.4.35) + train (~> 1.4, >= 1.4.37) jmespath (1.4.0) - json (2.1.0) - jwt (2.1.0) + json (2.2.0) + jwt (2.2.1) kitchen-google (1.5.0) gcewinpass (~> 1.1) google-api-client (~> 0.19) @@ -122,46 +130,56 @@ GEM inspec (>= 2.2.34, < 3) mixlib-shellout (~> 2.2) test-kitchen (~> 1.23) + license-acceptance (1.0.13) + pastel (~> 0.7) + tomlrb (~> 1.2) + tty-box (~> 0.3) + tty-prompt (~> 0.18) little-plugger (1.1.4) logging (2.2.2) little-plugger (~> 1.1) multi_json (~> 1.10) memoist (0.16.0) - method_source (0.9.0) + method_source (0.9.2) mime-types (3.2.2) mime-types-data (~> 3.2015) - mime-types-data (3.2018.0812) - mixlib-install (3.11.5) + mime-types-data (3.2019.0331) + mixlib-install (3.11.18) mixlib-shellout mixlib-versioning thor - mixlib-log (2.0.4) - mixlib-shellout (2.4.0) - mixlib-versioning (1.2.2) - ms_rest (0.7.2) + mixlib-log (3.0.1) + mixlib-shellout (2.4.4) + mixlib-versioning (1.2.7) + ms_rest (0.7.4) concurrent-ruby (~> 1.0) faraday (~> 0.9) - timeliness (~> 0.3) - ms_rest_azure (0.11.0) + timeliness (~> 0.3.10) + ms_rest_azure (0.11.1) concurrent-ruby (~> 1.0) faraday (~> 0.9) faraday-cookie_jar (~> 0.0.6) - ms_rest (~> 0.7.2) + ms_rest (~> 0.7.4) + unf_ext (= 0.0.7.2) multi_json (1.13.1) - multipart-post (2.0.0) + multipart-post (2.1.1) + necromancer (0.5.0) net-scp (1.2.1) net-ssh (>= 2.6.5) net-ssh (4.2.0) - net-ssh-gateway (1.3.0) - net-ssh (>= 2.6.5) + net-ssh-gateway (2.0.0) + net-ssh (>= 4.0.0) nori (2.6.0) - os (1.0.0) - parallel (1.12.1) + os (1.0.1) + parallel (1.17.0) parslet (1.8.2) - pry (0.11.3) + pastel (0.7.3) + equatable (~> 0.6) + tty-color (~> 0.5) + pry (0.12.2) coderay (~> 1.1.0) method_source (~> 0.9.0) - public_suffix (3.0.3) + public_suffix (3.1.1) representable (3.0.4) declarative (< 0.1.0) declarative-option (< 0.2.0) @@ -171,59 +189,83 @@ GEM rspec-core (~> 3.8.0) rspec-expectations (~> 3.8.0) rspec-mocks (~> 3.8.0) - rspec-core (3.8.0) + rspec-core (3.8.2) rspec-support (~> 3.8.0) - rspec-expectations (3.8.1) + rspec-expectations (3.8.4) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.8.0) - rspec-its (1.2.0) + rspec-its (1.3.0) rspec-core (>= 3.0.0) rspec-expectations (>= 3.0.0) - rspec-mocks (3.8.0) + rspec-mocks (3.8.1) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.8.0) - rspec-support (3.8.0) + rspec-support (3.8.2) rubyntlm (0.6.2) - rubyzip (1.2.2) - semverse (2.0.0) - signet (0.9.1) + rubyzip (1.2.3) + semverse (3.0.0) + signet (0.11.0) addressable (~> 2.3) faraday (~> 0.9) jwt (>= 1.5, < 3.0) multi_json (~> 1.10) - sslshake (1.2.0) - test-kitchen (1.23.2) + sslshake (1.3.0) + strings (0.1.5) + strings-ansi (~> 0.1) + unicode-display_width (~> 1.5) + unicode_utils (~> 1.4) + strings-ansi (0.1.0) + test-kitchen (1.25.0) + license-acceptance (~> 1.0, >= 1.0.11) mixlib-install (~> 3.6) mixlib-shellout (>= 1.2, < 3.0) - net-scp (~> 1.1) + net-scp (>= 1.1, < 3.0) net-ssh (>= 2.9, < 5.0) - net-ssh-gateway (~> 1.2) + net-ssh-gateway (>= 1.2, < 3.0) thor (~> 0.19) winrm (~> 2.0) winrm-elevated (~> 1.0) winrm-fs (~> 1.1) - thor (0.20.0) - timeliness (0.3.8) - tomlrb (1.2.7) - train (1.4.35) + thor (0.20.3) + timeliness (0.3.10) + tomlrb (1.2.8) + train (1.7.6) aws-sdk (~> 2) azure_graph_rbac (~> 0.16) + azure_mgmt_key_vault (~> 0.17) azure_mgmt_resources (~> 0.15) docker-api (~> 1.26) - google-api-client (~> 0.19.8) - googleauth (~> 0.6.2) + google-api-client (~> 0.23.9) + googleauth (~> 0.6.6) inifile json (>= 1.8, < 3.0) - mixlib-shellout (~> 2.0) + mixlib-shellout (>= 2.0) net-scp (~> 1.2) net-ssh (>= 2.9, < 6.0) winrm (~> 2.0) winrm-fs (~> 1.0) + tty-box (0.4.0) + pastel (~> 0.7.2) + strings (~> 0.1.5) + tty-cursor (~> 0.7) + tty-color (0.5.0) + tty-cursor (0.7.0) + tty-prompt (0.19.0) + necromancer (~> 0.5.0) + pastel (~> 0.7.0) + tty-reader (~> 0.6.0) + tty-reader (0.6.0) + tty-cursor (~> 0.7) + tty-screen (~> 0.7) + wisper (~> 2.0.0) + tty-screen (0.7.0) uber (0.1.0) unf (0.1.4) unf_ext - unf_ext (0.0.7.5) - winrm (2.2.3) + unf_ext (0.0.7.2) + unicode-display_width (1.6.0) + unicode_utils (1.4.0) + winrm (2.3.2) builder (>= 2.1.2) erubis (~> 2.7) gssapi (~> 1.2) @@ -232,14 +274,15 @@ GEM logging (>= 1.6.1, < 3.0) nori (~> 2.0) rubyntlm (~> 0.6.0, >= 0.6.1) - winrm-elevated (1.1.0) + winrm-elevated (1.1.1) winrm (~> 2.0) winrm-fs (~> 1.0) - winrm-fs (1.3.0) + winrm-fs (1.3.2) erubis (~> 2.7) logging (>= 1.6.1, < 3.0) rubyzip (~> 1.1) winrm (~> 2.0) + wisper (2.0.0) PLATFORMS ruby @@ -250,4 +293,4 @@ DEPENDENCIES kitchen-terraform (~> 4.0.0)! BUNDLED WITH - 1.16.2 + 1.17.3 diff --git a/README.md b/README.md index d534227..406a5bf 100644 --- a/README.md +++ b/README.md @@ -73,10 +73,15 @@ Create a file in the repository directory called: `.env` It will have environment variables that Terraform uses to run. ```sh -export TF_VAR_engineer_cidrs="[\"$(dig +short myip.opendns.com @resolver1.opendns.com)/32\"]" -export GOOGLE_APPLICATION_CREDENTIALS="credentials.json" +cat > .env < tf.zip +unzip tf.zip +sudo mv terraform "$TF_BIN_LOCATION" +rm tf.zip + +# chefdk only available for LTS releases of Ubuntu. +# If we don't have an exact match, then match the major version +CHEF_UBUN_VERSIONS=$(curl -s https://downloads.chef.io/chefdk | \ + awk '{gsub("><", ">\n<"); print}' | \ + grep -E 'Ubuntu [0-9]+\.[0-9]+'| \ + sed 's/^.*Ubuntu \([0-9][0-9]*\.[0-9][0-9]*\).*$/\1/') +echo $CHEF_UBUN_VERSIONS|grep -q "${UBUN_VERSION}" +if [ $? -eq 1 ]; then # no exact match, try major version + CHEF_VERSION=$(echo "$CHEF_UBUN_VERSIONS" | \ + tr ' ' '\n'|grep "$UBUN_MAJOR_VERSION") + if [ -z "$CHEF_VERSION" ]; then + echo "Error, unable to find a ChefDK version matching" + echo "the Ubuntu version $UBUN_VERSION or even major" + echo "version $UBUN_MAJOR_VERSION" + exit 1 + fi +else + CHEF_VERSION="$UBUN_VERSION" +fi +CHEF_URL=$(curl -s https://downloads.chef.io/chefdk | \ + awk '{gsub("><", ">\n<"); gsub("/","/"); print}' | \ + grep "download.*$ss"|sed 's/^.*href="//;s/">Down.*//;') +FILE_NAME=$(basename "$CHEF_URL") +curl "$CHEF_URL" -o "$FILE_NAME" +sudo dpkg -i "$FILE_NAME" + + +cd terraform-google-instance +echo "Now go to the Google IAM Console and retrieve the credentials" +echo "of a service account which can create Google cloud instances." +echo "Save the credentials (as JSON) in:" +echo " $(pwd)/credentials.json" + +initial=1 +seconds=0 +while [ ! -f credentials.json ];do + if [ $initial -eq 1 ]; then + initial=0 + else + echo -en "\rwaiting for credentials $seconds seconds" + sleep 10 + (( seconds += 10 )) +done + +gcloud auth activate-service-account --key-file credentials.json +gcloud config set project $(jq -r '.project_id' credentials.json) +gcloud config set compute/zone $GCLOUD_ZONE + +cat > .env </dev/null +ln ubuntu.pub test/fixtures/tf_module/ +bundle install --path gems # install all dependencies + +echo "All set to run some interactive commands. First run:" +echo " . .env" +echo "Next, execute the configuration to create a Google cloud" +echo "instance with this command:" +echo " bundle exec kitchen converge" +echo "And then you can run the InSpec tests with this command:" +echo " bundle exec kitchen verify" +echo "You can clean things up via this command:" +echo " bundle exec kitchen destroy" diff --git a/bin/kitchen.sh b/bin/kitchen.sh index 8910ceb..dc22b60 100755 --- a/bin/kitchen.sh +++ b/bin/kitchen.sh @@ -1,5 +1,7 @@ #!/usr/bin/env bash +source .env + # Decrypt sensitive files #XXX even encrypted, this is risky IF PRs are allowed to kick off builds openssl aes-256-cbc -K $encrypted_cfdeb2eb7efd_key -iv $encrypted_cfdeb2eb7efd_iv -in ci.tar.gz.enc -out ci.tar.gz -d @@ -7,8 +9,8 @@ openssl aes-256-cbc -K $encrypted_cfdeb2eb7efd_key -iv $encrypted_cfdeb2eb7efd_i # Decompress sensitive files tar -zxf ci.tar.gz rm ci.tar.gz -export GCLOUD_PROJECT=$(jq -r '.project_id' credentials.json) -export TF_VAR_gcloud_project=$GCLOUD_PROJECT +#export GCLOUD_PROJECT=$(jq -r '.project_id' credentials.json) +#export TF_VAR_gcloud_project=$GCLOUD_PROJECT # Add binaries to bin directory mkdir -p vendor/bin @@ -27,7 +29,6 @@ gcloud config set compute/zone us-west1-a yes | ssh-keygen -f ubuntu -N '' >/dev/null -source .env bundle exec kitchen test --destroy always KITCHEN_EXIT_CODE=$? diff --git a/test/fixtures/tf_module/main.tf b/test/fixtures/tf_module/main.tf index 5a17857..0d89918 100644 --- a/test/fixtures/tf_module/main.tf +++ b/test/fixtures/tf_module/main.tf @@ -1,5 +1,5 @@ variable "gcloud_project" { - description = "The name of the GCP project to deploy against." + description = "The name of the GCP project to deploy against. Set this using TF_VARS_gcloud_project environment variable" } module "terraform-google-instance" { diff --git a/test/integration/kt_suite/controls/default.rb b/test/integration/kt_suite/controls/default.rb index 52d0c7b..a1eb7c1 100644 --- a/test/integration/kt_suite/controls/default.rb +++ b/test/integration/kt_suite/controls/default.rb @@ -1,6 +1,8 @@ # frozen_string_literal: true -gcloud_project = attribute('gcloud_project', description="The name of the project where resources are deployed. This should be passed to tk via environment vars.") +gcloud_project = attribute('gcloud_project', + description="The name of the project where resources are deployed. " + + "This should be passed to Terraform via environment variable") control "instance" do describe google_compute_instance(project: "#{gcloud_project}", zone: 'us-west1-a', name: 'database') do From 2fa855a5bacd412faf9f02d0d620762fd0587f8d Mon Sep 17 00:00:00 2001 From: Kevin Buchs Date: Mon, 5 Aug 2019 16:22:44 -0500 Subject: [PATCH 04/15] finishing up changes to get the tests running properly for this profile. --- README.md | 12 +++++++---- bin/example-setup-ubuntu.sh | 20 +++++++++++-------- test/fixtures/tf_module/main.tf | 11 ++++++++-- test/integration/kt_suite/controls/default.rb | 3 +-- 4 files changed, 30 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 406a5bf..32a1453 100644 --- a/README.md +++ b/README.md @@ -60,7 +60,7 @@ gcloud config set project $(jq -r '.project_id' credentials.json) gcloud config set compute/zone us-west1-a ``` -### Install Kitchen-Terraform +### Install Kitchen-Terraform and many other required Ruby Gems. ```sh gem install bundler --no-rdoc --no-ri @@ -80,17 +80,23 @@ export GCLOUD_REGION="us-west1" export TF_VAR_gcloud_project=$GCLOUD_PROJECT my_public_ip=\$(dig +short myip.opendns.com @resolver1.opendns.com) export TF_VAR_engineer_cidrs="[\"\$my_public_ip/32\"]" +export TF_VAR_ssh_key="$(pwd)/ubuntu.pub" HEREDOC ``` ### Run Terraform and Tests -To run Terraform via Test-Kitchen: +Common setup to be run once before any number of the rest of the following: ```sh source .env yes | ssh-keygen -f ubuntu -N '' >/dev/null +``` + +To run Terraform via Test-Kitchen: + +```sh bundle exec kitchen converge ``` @@ -100,7 +106,6 @@ Test-Kitchen will run the module code that is called via this file: To run InSpec via Test-Kitchen: ```sh -source .env bundle exec kitchen verify ``` @@ -110,7 +115,6 @@ Test-Kitchen will run the InSpec controls via this file: To destroy everything via Test-Kitchen: ```sh -source .env bundle exec kitchen destroy ``` diff --git a/bin/example-setup-ubuntu.sh b/bin/example-setup-ubuntu.sh index 0c761a3..0d9a036 100644 --- a/bin/example-setup-ubuntu.sh +++ b/bin/example-setup-ubuntu.sh @@ -6,8 +6,9 @@ # Modify these to your liking TF_BIN_LOCATION=/usr/local/bin -GCLOUD_REGION="us-central1" +GCLOUD_REGION="us-west1" GCLOUD_ZONE="${GCLOUD_REGION}a" +GOOGLE_CREDS="$(pwd)/credentials.json" UBUN_VERSION=$(grep '^VERSION=' /etc/os-release| \ sed -E 's/VERSION="([0-9][0-9]*\.[0-9][0-9]*).*".*$/\1/') @@ -53,11 +54,11 @@ cd terraform-google-instance echo "Now go to the Google IAM Console and retrieve the credentials" echo "of a service account which can create Google cloud instances." echo "Save the credentials (as JSON) in:" -echo " $(pwd)/credentials.json" +echo " $GOOGLE_CREDS" initial=1 seconds=0 -while [ ! -f credentials.json ];do +while [ ! -f "$GOOGLE_CREDS" ];do if [ $initial -eq 1 ]; then initial=0 else @@ -66,17 +67,20 @@ while [ ! -f credentials.json ];do (( seconds += 10 )) done -gcloud auth activate-service-account --key-file credentials.json -gcloud config set project $(jq -r '.project_id' credentials.json) + +gcloud_project=$(jq -r '.project_id' $GOOGLE_CREDS) +gcloud auth activate-service-account --key-file $GOOGLE_CREDS +gcloud config set project $gcloud_project gcloud config set compute/zone $GCLOUD_ZONE cat > .env </dev/null diff --git a/test/fixtures/tf_module/main.tf b/test/fixtures/tf_module/main.tf index 0d89918..d224fed 100644 --- a/test/fixtures/tf_module/main.tf +++ b/test/fixtures/tf_module/main.tf @@ -1,10 +1,17 @@ + variable "gcloud_project" { - description = "The name of the GCP project to deploy against. Set this using TF_VARS_gcloud_project environment variable" + type = "string" + description = "The name of the GCP project to deploy against. Set this using TF_VAR_gcloud_project environment variable" +} + +variable "ssh_key" { + type = "string" + description = "The path to the public key to use to access the Google instance. Set this using TF_VAR_ssh_key environment variable." } module "terraform-google-instance" { source = "../../.." - ssh_public_key_filepath = "${path.module}/../../../ubuntu.pub" + ssh_public_key_filepath = "${var.ssh_key}" } output "gcloud_project" { diff --git a/test/integration/kt_suite/controls/default.rb b/test/integration/kt_suite/controls/default.rb index a1eb7c1..b047f23 100644 --- a/test/integration/kt_suite/controls/default.rb +++ b/test/integration/kt_suite/controls/default.rb @@ -1,8 +1,7 @@ # frozen_string_literal: true gcloud_project = attribute('gcloud_project', - description="The name of the project where resources are deployed. " + - "This should be passed to Terraform via environment variable") + { description: "The name of the project where resources are deployed. This should be passed to Terraform via environment variable" }) control "instance" do describe google_compute_instance(project: "#{gcloud_project}", zone: 'us-west1-a', name: 'database') do From 18c5393e777df600abbf47367cae4474de25f2e3 Mon Sep 17 00:00:00 2001 From: Kevin Buchs Date: Tue, 6 Aug 2019 10:53:59 -0500 Subject: [PATCH 05/15] trying to update the version of Ruby bundler used by Travis CI - to see if it can find missing packages --- Gemfile.lock | 10 +++++----- bin/kitchen.sh | 2 ++ test/fixtures/tf_module/main.tf | 5 ++--- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 81760a6..2a142a9 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -4,13 +4,13 @@ GEM addressable (2.6.0) public_suffix (>= 2.0.2, < 4.0) aws-eventstream (1.0.3) - aws-sdk (2.11.324) - aws-sdk-resources (= 2.11.324) - aws-sdk-core (2.11.324) + aws-sdk (2.11.326) + aws-sdk-resources (= 2.11.326) + aws-sdk-core (2.11.326) aws-sigv4 (~> 1.0) jmespath (~> 1.0) - aws-sdk-resources (2.11.324) - aws-sdk-core (= 2.11.324) + aws-sdk-resources (2.11.326) + aws-sdk-core (= 2.11.326) aws-sigv4 (1.1.0) aws-eventstream (~> 1.0, >= 1.0.2) azure_graph_rbac (0.17.1) diff --git a/bin/kitchen.sh b/bin/kitchen.sh index dc22b60..aabeb17 100755 --- a/bin/kitchen.sh +++ b/bin/kitchen.sh @@ -29,6 +29,8 @@ gcloud config set compute/zone us-west1-a yes | ssh-keygen -f ubuntu -N '' >/dev/null +apt-get install --reinstall -y ruby-bundler + bundle exec kitchen test --destroy always KITCHEN_EXIT_CODE=$? diff --git a/test/fixtures/tf_module/main.tf b/test/fixtures/tf_module/main.tf index d224fed..128f74e 100644 --- a/test/fixtures/tf_module/main.tf +++ b/test/fixtures/tf_module/main.tf @@ -1,11 +1,10 @@ - variable "gcloud_project" { - type = "string" + # type = "string" description = "The name of the GCP project to deploy against. Set this using TF_VAR_gcloud_project environment variable" } variable "ssh_key" { - type = "string" + # type = "string" description = "The path to the public key to use to access the Google instance. Set this using TF_VAR_ssh_key environment variable." } From 0c637242e62eb84122a4cd7a5dceec091f2c58aa Mon Sep 17 00:00:00 2001 From: Kevin Buchs Date: Tue, 6 Aug 2019 12:04:39 -0500 Subject: [PATCH 06/15] use gem to update bundler --- bin/kitchen.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bin/kitchen.sh b/bin/kitchen.sh index aabeb17..d42f37c 100755 --- a/bin/kitchen.sh +++ b/bin/kitchen.sh @@ -29,7 +29,8 @@ gcloud config set compute/zone us-west1-a yes | ssh-keygen -f ubuntu -N '' >/dev/null -apt-get install --reinstall -y ruby-bundler +# apt-get install --reinstall -y ruby-bundler +gem install bundler bundle exec kitchen test --destroy always KITCHEN_EXIT_CODE=$? From 3b1b4a653d899652ed2d0b100615d2981deb01bb Mon Sep 17 00:00:00 2001 From: Kevin Buchs Date: Tue, 6 Aug 2019 13:10:23 -0500 Subject: [PATCH 07/15] trying to find updated bundler --- bin/kitchen.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/bin/kitchen.sh b/bin/kitchen.sh index d42f37c..7734812 100755 --- a/bin/kitchen.sh +++ b/bin/kitchen.sh @@ -30,8 +30,10 @@ gcloud config set compute/zone us-west1-a yes | ssh-keygen -f ubuntu -N '' >/dev/null # apt-get install --reinstall -y ruby-bundler +ls -l /usr/bin/bun* gem install bundler - +type bundle +ls -l /usr/bin/bun* bundle exec kitchen test --destroy always KITCHEN_EXIT_CODE=$? From 3b2af9548f74fcd696be8a69c8b9e3a6f77c6a73 Mon Sep 17 00:00:00 2001 From: Kevin Buchs Date: Tue, 6 Aug 2019 14:12:29 -0500 Subject: [PATCH 08/15] trying to update bundler via before_install gem actions --- .travis.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index a630f3a..81b7119 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,10 +1,15 @@ language: ruby +rvm: + - 2.5 cache: directories: - vendor/bundle - vendor/cache - vendor/bin - vendor/google-cloud-sdk +before_install: + - gem update --system + - gem install bundler jobs: stages: - name: prepare cache @@ -31,4 +36,4 @@ jobs: file: "**/*" on: repo: newcontext-oss/terraform-google-instance - branch: master \ No newline at end of file + branch: master From eb5625236aa0ac2d72c1597ae7ceffa62136f27b Mon Sep 17 00:00:00 2001 From: Kevin Buchs Date: Tue, 6 Aug 2019 14:32:45 -0500 Subject: [PATCH 09/15] trying to find the right bundler path --- bin/kitchen.sh | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/bin/kitchen.sh b/bin/kitchen.sh index 7734812..582265e 100755 --- a/bin/kitchen.sh +++ b/bin/kitchen.sh @@ -29,11 +29,15 @@ gcloud config set compute/zone us-west1-a yes | ssh-keygen -f ubuntu -N '' >/dev/null -# apt-get install --reinstall -y ruby-bundler -ls -l /usr/bin/bun* -gem install bundler -type bundle -ls -l /usr/bin/bun* +function findcommandall () { + for dir in $(echo $PATH|tr ':' ' '); do + [ -f "$dir/$1" ] && echo "$dir/$1" + done +} +findcommandall bundle +findcommandall bundler +ls -l /home/travis/.rvm/rubies/ruby-2.5.5/bin/bundle + bundle exec kitchen test --destroy always KITCHEN_EXIT_CODE=$? From a21b38081deff95c1147e638357f92a10444d8d4 Mon Sep 17 00:00:00 2001 From: Kevin Buchs Date: Tue, 6 Aug 2019 14:54:46 -0500 Subject: [PATCH 10/15] trying to resolve bundle failure to find package --- .travis.yml | 1 + Gemfile.lock | 2 -- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 81b7119..bef044e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -10,6 +10,7 @@ cache: before_install: - gem update --system - gem install bundler + - bundle --full-index jobs: stages: - name: prepare cache diff --git a/Gemfile.lock b/Gemfile.lock index 2a142a9..4dd6412 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -2,7 +2,6 @@ GEM remote: https://rubygems.org/ specs: addressable (2.6.0) - public_suffix (>= 2.0.2, < 4.0) aws-eventstream (1.0.3) aws-sdk (2.11.326) aws-sdk-resources (= 2.11.326) @@ -179,7 +178,6 @@ GEM pry (0.12.2) coderay (~> 1.1.0) method_source (~> 0.9.0) - public_suffix (3.1.1) representable (3.0.4) declarative (< 0.1.0) declarative-option (< 0.2.0) From 119c05b03b31952e44e07ee2d5bdcab7ec015ff1 Mon Sep 17 00:00:00 2001 From: Kevin Buchs Date: Tue, 6 Aug 2019 15:05:37 -0500 Subject: [PATCH 11/15] trying to resolve bundle failure to find package --- Gemfile.lock | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Gemfile.lock b/Gemfile.lock index 4dd6412..2a142a9 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -2,6 +2,7 @@ GEM remote: https://rubygems.org/ specs: addressable (2.6.0) + public_suffix (>= 2.0.2, < 4.0) aws-eventstream (1.0.3) aws-sdk (2.11.326) aws-sdk-resources (= 2.11.326) @@ -178,6 +179,7 @@ GEM pry (0.12.2) coderay (~> 1.1.0) method_source (~> 0.9.0) + public_suffix (3.1.1) representable (3.0.4) declarative (< 0.1.0) declarative-option (< 0.2.0) From e1f7665e912dbb6038ebd92ad452811360d2b400 Mon Sep 17 00:00:00 2001 From: Kevin Buchs Date: Tue, 6 Aug 2019 16:05:54 -0500 Subject: [PATCH 12/15] making kitchen.sh function in the Travis CI environment --- bin/kitchen.sh | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/bin/kitchen.sh b/bin/kitchen.sh index 582265e..0c6607b 100755 --- a/bin/kitchen.sh +++ b/bin/kitchen.sh @@ -1,7 +1,5 @@ #!/usr/bin/env bash -source .env - # Decrypt sensitive files #XXX even encrypted, this is risky IF PRs are allowed to kick off builds openssl aes-256-cbc -K $encrypted_cfdeb2eb7efd_key -iv $encrypted_cfdeb2eb7efd_iv -in ci.tar.gz.enc -out ci.tar.gz -d @@ -23,20 +21,20 @@ rm google-cloud-sdk-*-linux-x86_64.tar.gz ./vendor/google-cloud-sdk/install.sh -q # Authenticate using the credentials.json -gcloud auth activate-service-account --key-file credentials.json -gcloud config set project ${GCLOUD_PROJECT} +export GOOGLE_APPLICATION_CREDENTIALS="$PWD/credentials.json" +gcloud auth activate-service-account --key-file "$GOOGLE_APPLICATION_CREDENTIALS" +gcloud config set project "$GCLOUD_PROJECT" gcloud config set compute/zone us-west1-a +source .env + yes | ssh-keygen -f ubuntu -N '' >/dev/null -function findcommandall () { - for dir in $(echo $PATH|tr ':' ' '); do - [ -f "$dir/$1" ] && echo "$dir/$1" - done -} -findcommandall bundle -findcommandall bundler -ls -l /home/travis/.rvm/rubies/ruby-2.5.5/bin/bundle +my_public_ip=\$(dig +short myip.opendns.com @resolver1.opendns.com) +export TF_VAR_engineer_cidrs="[\"$my_public_ip/32\"]" +export TF_VAR_gcloud_project="$GCLOUD_PROJECT" +export TF_VAR_ssh_key="$(pwd)/ubuntu.pub" + bundle exec kitchen test --destroy always KITCHEN_EXIT_CODE=$? From 8a043bcab2a9292326905b07316c7630f6c1d2ec Mon Sep 17 00:00:00 2001 From: Kevin Buchs Date: Tue, 6 Aug 2019 16:17:14 -0500 Subject: [PATCH 13/15] making kitchen.sh function in the Travis CI environment - syntax error --- bin/kitchen.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/kitchen.sh b/bin/kitchen.sh index 0c6607b..5572a73 100755 --- a/bin/kitchen.sh +++ b/bin/kitchen.sh @@ -30,7 +30,7 @@ source .env yes | ssh-keygen -f ubuntu -N '' >/dev/null -my_public_ip=\$(dig +short myip.opendns.com @resolver1.opendns.com) +my_public_ip=$(dig +short myip.opendns.com @resolver1.opendns.com) export TF_VAR_engineer_cidrs="[\"$my_public_ip/32\"]" export TF_VAR_gcloud_project="$GCLOUD_PROJECT" export TF_VAR_ssh_key="$(pwd)/ubuntu.pub" From b4f42936567d5ba7a1fcd6c97013ff173c8040b2 Mon Sep 17 00:00:00 2001 From: Kevin Buchs Date: Wed, 7 Aug 2019 13:30:33 -0500 Subject: [PATCH 14/15] added notes/comments about Terraform 0.12 migration. --- .gitignore | 4 ++-- Gemfile | 4 ++-- Gemfile.lock | 12 ++++++------ README.md | 32 ++++++++++++++++++++++++-------- ci.tar.gz.enc | Bin 1968 -> 0 bytes main.tf | 6 +++++- 6 files changed, 39 insertions(+), 19 deletions(-) delete mode 100644 ci.tar.gz.enc diff --git a/.gitignore b/.gitignore index e6631a7..bfad89b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ -.terraform +.terraform/ .kitchen/ terraform.tfstate.d/ terraform.tfstate* @@ -7,5 +7,5 @@ credentials.json ubuntu* .vscode ci.tar.gz -vendor +vendor/ .bundle diff --git a/Gemfile b/Gemfile index 7cea391..20736fb 100644 --- a/Gemfile +++ b/Gemfile @@ -1,5 +1,5 @@ source 'https://rubygems.org/' do - gem 'inspec', '~> 2.2.35' + gem 'inspec', '~> 2.2.35' # for Terraform 0.12+, make: ~> 4.0.0 gem 'kitchen-google', '~> 1.5' - gem 'kitchen-terraform', '~> 4.0.0' + gem 'kitchen-terraform', '~> 4.0.0' # for Terraform 0.12+, make: >= 4.0.0 end diff --git a/Gemfile.lock b/Gemfile.lock index 2a142a9..3ff571a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -4,13 +4,13 @@ GEM addressable (2.6.0) public_suffix (>= 2.0.2, < 4.0) aws-eventstream (1.0.3) - aws-sdk (2.11.326) - aws-sdk-resources (= 2.11.326) - aws-sdk-core (2.11.326) + aws-sdk (2.11.327) + aws-sdk-resources (= 2.11.327) + aws-sdk-core (2.11.327) aws-sigv4 (~> 1.0) jmespath (~> 1.0) - aws-sdk-resources (2.11.326) - aws-sdk-core (= 2.11.326) + aws-sdk-resources (2.11.327) + aws-sdk-core (= 2.11.327) aws-sigv4 (1.1.0) aws-eventstream (~> 1.0, >= 1.0.2) azure_graph_rbac (0.17.1) @@ -60,7 +60,7 @@ GEM dry-types (~> 0.14.0) equatable (0.6.1) erubis (2.7.0) - excon (0.65.0) + excon (0.66.0) faraday (0.15.4) multipart-post (>= 1.2, < 3) faraday-cookie_jar (0.0.6) diff --git a/README.md b/README.md index 32a1453..6542b50 100644 --- a/README.md +++ b/README.md @@ -18,37 +18,44 @@ module "terraform-google-instance" { } ``` +## Requirements + +Terraform version must be less than 0.12. (See below for tips on migrating to 0.12) + ## Development Feel free to submit pull requests to make changes to the module. To begin developing on this module please have a Google Compute Project. -### Install Terraform (options below) +### Required Setup +- See the script bin/example-setup-ubuntu.sh for the complete setup. However, the steps are listed below. + +#### Install Terraform (options below) - [https://github.com/kamatama41/tfenv](https://github.com/kamatama41/tfenv) - brew install terraform - [https://www.terraform.io/downloads.html](https://www.terraform.io/downloads.html) -### Install Ruby (options below) +#### Install Ruby (options below) - [https://github.com/rbenv/rbenv](https://github.com/rbenv/rbenv) - brew install ruby # or other package managers - [http://ruby-lang.org/](http://ruby-lang.org/) -### Install JQ +#### Install JQ - brew install jq # or other package managers - [https://stedolan.github.io/jq/](https://stedolan.github.io/jq/) -### Google IAM Console +#### Google IAM Console Download a credentials JSON file from a user with proper permissions. [https://console.cloud.google.com/iam-admin/iam](https://console.cloud.google.com/iam-admin/iam) Save the file to the root of the repository directory called: `credentials.json` -### Install gcloud CLI +#### Install gcloud CLI - [https://cloud.google.com/sdk/gcloud/](https://cloud.google.com/sdk/gcloud/) @@ -60,14 +67,14 @@ gcloud config set project $(jq -r '.project_id' credentials.json) gcloud config set compute/zone us-west1-a ``` -### Install Kitchen-Terraform and many other required Ruby Gems. +#### Install Kitchen-Terraform and many other required Ruby Gems. ```sh gem install bundler --no-rdoc --no-ri bundle install ``` -### Create an environment variables file +#### Create an environment variables file Create a file in the repository directory called: `.env` It will have environment variables that Terraform uses to run. @@ -85,7 +92,7 @@ HEREDOC ``` -### Run Terraform and Tests +#### Run Terraform and Tests Common setup to be run once before any number of the rest of the following: @@ -118,6 +125,15 @@ To destroy everything via Test-Kitchen: bundle exec kitchen destroy ``` +## Migration to Terraform 0.12+ + +This repository does not support Terraform 0.12+ out of the box. +Here are **some** of the things necessary to migrate. +1. Edit Gemfile to change version requirements to be this: + - gem 'inspec', '~> 4.0' + - gem 'kitchen-terraform', '>= 4.0.0' +1. Edit main.tf to change syntax of metadata, at the bottom. See the comment. + ## Authors Module managed by [Nick Willever](https://github.com/nictrix). diff --git a/ci.tar.gz.enc b/ci.tar.gz.enc deleted file mode 100644 index b537238623d57d383511d2ba0fd91787fbe822ff..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1968 zcmV;h2T%B1Q;Xi@!A3N6=lZ!Wj)E*zply~iS5))|Ht~c2L)Tqraz)`^NRga(5MDbv zOjU>{8t5TN=1^n~W?Z#S1&8yFw}0Nv;#Kj|EhhwuzbxXTl;IvDJjv#YtHI2l%$a+RWZY&-{0CPnOMamL?w&DAIc! z+`Tf_O>Hh}PHT4(1<;dn61~+37J>afcT=aoqn?~r*t_XS8q(yQqX=ox#1Ibj3zF{B;}Vn$pqPsF!7mz6Ks=A1 z`3)--4~VEwpYYXQYz+#m5u3Ej7Fn-Wuind746Nf!S&`GK$iHwu>G^Ojl#iD0_MLdO z-5+ufV34Yla^fm_*QAHxseMIkcVwIfm4Dys-F1)QXFQNl861|--x;1NNurECvN=S* zX@qW=uWW;FpEwnaS>#*J>J<4-M0XX4jjwao4V&aUa%G-DyHd$k1Q*?g- zzSkf>bnUZFA_1w=EqLoZeAguVA@+D3q6*G0A}b#oZ2|53Tl@@imwOFvKC}c<)0T~= z4c5CYgz)UYbZhuz`P9N;|H2uZkJoHOt>95Essv_pwcr>~4t2b}S&^m|^fn!}xobIK zLftong;GcmFvsd%s^(}igz}e|g~f7zp2@V@`*8e~jYRePKE{FMS&3d)UmK?|jfztr zt?rZxs+{u(U~*)8AI#Os&R0=mDl4~RNiQ;HH~5FFAc{;xZ_Z-*(ygOgqMXUQ;4pz4 zTftd0ZGalNrr^Jv3t^#V;>GH`zoF?a4f#jY_4&7}7OF}UzCnHxTt-v+r+ncN$nC~W zze=AP5m>7seBl$gQ-lwwb8nHywHnf1{15OxWStGbxFS=leV{yHEcjF}(Jf0^$+?;} z8UZ0tr3xb;49pPhyLoE7fF^Zq>5d7tC4g84z#TVmh?r7fFCajPyuRXe<>Nb!>#Tz; z43cmTWiV@Xz2KESWyUmVhf*$ryhbvkbD&2?PUnoBB=es)GR{F;#aTa5AK02x`1Ihu zE`gaG&J*QZLAZ-V`*5C_9EvF`iGJRqC6La5F3vyI1f#BPv|}^K6pF7>okH(inITvK zj(z=(IPxAa62Kk($p3Kou#xXs!1t?wf-SCI%1rvd;_UKJ$p?_?e;nQ(z>dp2O7vMP zqj3M2UBhuGk^{%l7e4ZjS52b`O&{$P<7h&r*m9q@91-h)?_{l-PsU?mb)9_YIL=i4 z<24cr&N)3vI`1dsrL%SftpAX8bnp-}8h48q*PaBCtwCry3QehoBkcAuL2ht}9K257 zx2zp4_F3(T<*lfhPlEx`Dg^EXAGHs7t1vpCOVm=^s$>Cvxa)JJ>9*@Z@>}fAV z3E(Y!(x14fQ$*>>cRWBmaLu!UiGU+|nUtlhMiQaBwJ5CPAw>KrmnEKI^rYn#>|BG0gxV?3A{FbrG2e$b97XH48GV z2#OgCB2|QKHxCU4th9VyzzSUe{X_(IxXOMdVJag}L6{Tyn2^}mhs<<9uqTq?LTSpQ zI78|jyH3T!4-iVakq8_Ij8Yn?d|M#qIvV+-69J+XJm@#s7!Q~hw-0d9+Yp=*79wS* zz+@p%AD}rqQE@4r^d(}v7>%Z5HC1%K$OKDQB%&(Qq9(XWAmfubar>Mbn?#IXM6IWE zhUE;q%pN2%qdTQ@PK;Sy>9rp!1L{91agy?y|2Dsm;B-$OkN|<-_~EEj%>T~f11bi2 zXq2i!bT>jU{yIq&N!8W8#R=9`ong!91a|zH;`2XGQd5~x(S^VGJSJ0>7TQO3`R(ao zc^rxodpoAamPL>Ez4@wU zEh`V_LhPHL+I&pos+U#09lUB_GGy-bx8p$s@bx1DLIgOGQ_(QM$;bB^s3bJ@Ew!ly zc;q!iNkCb1(>-8}GemX!1d*r{FfP5~<`UsV=h}1eYUPrCPzk~xWa=KD<0JdcotO|& zTW54h6;r!yc`nt@Yjs=D0$e8`J&ag6h^K@-d*ibd1H^U@>xDDC`XROMQJ%eR{-eH> zPrF#UGssy!VhE(JygV;SywDekyyYc+-~am2ri-)00$MSb*SF5saZmNR9`4*rt C4a;%> diff --git a/main.tf b/main.tf index 7a1299a..d6c754d 100644 --- a/main.tf +++ b/main.tf @@ -22,7 +22,11 @@ resource "google_compute_instance" "database" { } } - metadata { + + # uncomment this next code line and comment the following to enable Terraform 0.12+ functionality + metadata = { + # metadata { sshKeys = "ubuntu:${file(var.ssh_public_key_filepath)}" } + } From 62fd59ff60f574e2600b3f859a5fae449d318447 Mon Sep 17 00:00:00 2001 From: Kevin Buchs Date: Wed, 7 Aug 2019 13:36:08 -0500 Subject: [PATCH 15/15] added notes/comments about Terraform 0.12 migration. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 6542b50..1233e3b 100644 --- a/README.md +++ b/README.md @@ -133,6 +133,7 @@ Here are **some** of the things necessary to migrate. - gem 'inspec', '~> 4.0' - gem 'kitchen-terraform', '>= 4.0.0' 1. Edit main.tf to change syntax of metadata, at the bottom. See the comment. +1. Testing (verify stage) does not pass - there seem to be problems with the inspec plugins. ## Authors