From f27ec2e2621efff1ec12a9fb8ec2ef42952ca712 Mon Sep 17 00:00:00 2001
From: Nicolas Rodriguez <nicoladmin@free.fr>
Date: Tue, 14 May 2019 01:45:39 +0200
Subject: [PATCH] ci(kitchen+travis): test with pre-salted Docker images

---
 .travis.yml                                   |  25 +++-
 kitchen.yml                                   | 123 +++++++++++++-----
 .../{ufw => default}/controls/config_spec.rb  |   0
 .../{ufw => default}/controls/package_spec.rb |   0
 test/integration/default/inspec.yml           |  12 ++
 test/integration/ufw/inspec.yml               |  10 --
 ufw/config/applications.sls                   |   4 +-
 ufw/config/services.sls                       |   4 +-
 8 files changed, 133 insertions(+), 45 deletions(-)
 rename test/integration/{ufw => default}/controls/config_spec.rb (100%)
 rename test/integration/{ufw => default}/controls/package_spec.rb (100%)
 create mode 100644 test/integration/default/inspec.yml
 delete mode 100644 test/integration/ufw/inspec.yml

diff --git a/.travis.yml b/.travis.yml
index 64143ce..2a45064 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -11,14 +11,31 @@ language: ruby
 services:
   - docker
 
+# Make sure the instances listed below match up with
+# the `platforms` defined in `kitchen.yml`
 env:
   matrix:
-    - DISTRIB=debian:stretch/9
-    - DISTRIB=ubuntu:xenial/16.04
-    - DISTRIB=ubuntu:bionic/18.04
+    - INSTANCE: default-debian-9-2019-2-py3
+    - INSTANCE: default-ubuntu-1804-2019-2-py3
+    - INSTANCE: default-centos-7-2019-2-py3
+    - INSTANCE: default-fedora-29-2019-2-py3
+    - INSTANCE: default-opensuse-leap-15-2019-2-py3
+    # - INSTANCE: default-debian-9-2018-3-py2
+    # - INSTANCE: default-ubuntu-1604-2018-3-py2
+    # - INSTANCE: default-centos-7-2018-3-py2
+    # - INSTANCE: default-fedora-29-2018-3-py2
+    # TODO: Use this when fixed instead of `opensuse-leap-42`
+    # Ref: https://github.com/netmanagers/salt-image-builder/issues/2
+    # - INSTANCE: default-opensuse-leap-15-2018-3-py2
+    # - INSTANCE: default-opensuse-leap-42-2018-3-py2
+    # - INSTANCE: default-debian-8-2017-7-py2
+    # - INSTANCE: default-ubuntu-1604-2017-7-py2
+    # - INSTANCE: default-centos-6-2017-7-py2
+    # - INSTANCE: default-fedora-28-2017-7-py2
+    # - INSTANCE: default-opensuse-leap-42-2017-7-py2
 
 script:
-  - bundle exec kitchen test
+  - bundle exec kitchen verify ${INSTANCE}
 
 jobs:
   include:
diff --git a/kitchen.yml b/kitchen.yml
index 9cf7046..514caf1 100644
--- a/kitchen.yml
+++ b/kitchen.yml
@@ -1,32 +1,103 @@
-<%
-distrib, infos    = ENV.fetch('DISTRIB', 'debian:stretch/9').split(':')
-codename, version = infos.split('/')
-%>
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
 ---
+# For help on this file's format, see https://kitchen.ci/
 driver:
   name: docker
   use_sudo: false
   privileged: true
+  run_command: /lib/systemd/systemd
 
-provisioner:
-  name: salt_solo
-  formula: ufw
+# Make sure the platforms listed below match up with
+# the `env.matrix` instances defined in `.travis.yml`
+platforms:
+  ## SALT 2019.2
+  - name: debian-9-2019-2-py3
+    driver:
+      image: netmanagers/salt-2019.2-py3:debian-9
+      provision_command:
+        - apt-get update && apt-get install -y locales
+        - echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
+        - locale-gen en_US.UTF-8
+  - name: ubuntu-1804-2019-2-py3
+    driver:
+      image: netmanagers/salt-2019.2-py3:ubuntu-18.04
+  - name: centos-7-2019-2-py3
+    driver:
+      image: netmanagers/salt-2019.2-py3:centos-7
+  - name: fedora-29-2019-2-py3
+    driver:
+      image: netmanagers/salt-2019.2-py3:fedora-29
+  - name: opensuse-leap-15-2019-2-py3
+    driver:
+      image: netmanagers/salt-2019.2-py3:opensuse-leap-15
+      run_command: /usr/lib/systemd/systemd
 
-  # Install Salt from official repositories
-  salt_install: apt
-  salt_version: latest
-  salt_apt_repo: https://repo.saltstack.com/apt/<%= distrib %>/<%= version %>/amd64
-  salt_apt_repo_key: https://repo.saltstack.com/apt/<%= distrib %>/<%= version %>/amd64/latest/SALTSTACK-GPG-KEY.pub
+  ## SALT 2018.3
+  - name: debian-9-2018-3-py2
+    driver:
+      image: netmanagers/salt-2018.3-py2:debian-9
+      provision_command:
+        - apt-get update && apt-get install -y locales
+        - echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
+        - locale-gen en_US.UTF-8
+  - name: ubuntu-1604-2018-3-py2
+    driver:
+      image: netmanagers/salt-2018.3-py2:ubuntu-16.04
+  - name: centos-7-2018-3-py2
+    driver:
+      image: netmanagers/salt-2018.3-py2:centos-7
+  - name: fedora-29-2018-3-py2
+    driver:
+      image: netmanagers/salt-2018.3-py2:fedora-29
+  # TODO: Use this when fixed instead of `opensuse-leap-42`
+  # Ref: https://github.com/netmanagers/salt-image-builder/issues/2
+  # - name: opensuse-leap-15-2018-3-py2
+  #   driver:
+  #     image: netmanagers/salt-2018.3-py2:opensuse-leap-15
+  #     run_command: /usr/lib/systemd/systemd
+  - name: opensuse-leap-42-2018-3-py2
+    driver:
+      image: netmanagers/salt-2018.3-py2:opensuse-leap-42
+      run_command: /usr/lib/systemd/systemd
 
-  # Don't install Chef
-  require_chef: false
+  ## SALT 2017.7
+  - name: debian-8-2017-7-py2
+    driver:
+      image: netmanagers/salt-2017.7-py2:debian-8
+      provision_command:
+        - apt-get update && apt-get install -y locales
+        - echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
+        - locale-gen en_US.UTF-8
+  - name: ubuntu-1604-2017-7-py2
+    driver:
+      image: netmanagers/salt-2017.7-py2:ubuntu-16.04
+  - name: centos-6-2017-7-py2
+    driver:
+      image: netmanagers/salt-2017.7-py2:centos-6
+      run_command: /sbin/init
+      run_options: -v /lib/modules:/lib/modules:ro
+  - name: fedora-28-2017-7-py2
+    driver:
+      image: netmanagers/salt-2017.7-py2:fedora-28
+  - name: opensuse-leap-42-2017-7-py2
+    driver:
+      image: netmanagers/salt-2017.7-py2:opensuse-leap-42
+      run_command: /usr/lib/systemd/systemd
 
-  # Configure Salt
+provisioner:
+  name: salt_solo
+  log_level: info
+  salt_install: none
+  require_chef: false
+  formula: ufw
+  salt_copy_filter:
+    - .kitchen
+    - .git
   state_top:
     base:
       '*':
         - ufw
-
   pillars:
     top.sls:
       base:
@@ -67,21 +138,15 @@ provisioner:
             protocol: tcp
             comment: Allow HTTPS
 
-platforms:
-  - name: <%= distrib %>-<%= codename %>
-    driver_config:
-      image: "<%= distrib %>:<%= codename %>"
-      platform: <%= distrib %>
-      provision_command:
-        - apt-get update && apt-get install -y locales
-        - echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
-        - locale-gen en_US.UTF-8
-      run_command: /lib/systemd/systemd
-
 verifier:
+  # https://www.inspec.io/
   name: inspec
+  sudo: true
+  # cli, documentation, html, progress, json, json-min, json-rspec, junit
   reporter:
-    - progress
+    - cli
+  inspec_tests:
+    - path: test/integration/default
 
 suites:
-  - name: ufw
+  - name: default
diff --git a/test/integration/ufw/controls/config_spec.rb b/test/integration/default/controls/config_spec.rb
similarity index 100%
rename from test/integration/ufw/controls/config_spec.rb
rename to test/integration/default/controls/config_spec.rb
diff --git a/test/integration/ufw/controls/package_spec.rb b/test/integration/default/controls/package_spec.rb
similarity index 100%
rename from test/integration/ufw/controls/package_spec.rb
rename to test/integration/default/controls/package_spec.rb
diff --git a/test/integration/default/inspec.yml b/test/integration/default/inspec.yml
new file mode 100644
index 0000000..2e2f52e
--- /dev/null
+++ b/test/integration/default/inspec.yml
@@ -0,0 +1,12 @@
+name: ufw
+title: UFW Formula
+maintainer: Alexandre Anriot
+license: Apache-2.0
+summary: Verify that the ufw formula is setup and configured correctly
+supports:
+  - os-name: debian
+  - os-name: ubuntu
+  - os-name: centos
+  - os-name: fedora
+  - os-name: opensuse
+  - os-name: suse
diff --git a/test/integration/ufw/inspec.yml b/test/integration/ufw/inspec.yml
deleted file mode 100644
index b07b4fa..0000000
--- a/test/integration/ufw/inspec.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-name: ufw
-title: Ufw Profile
-maintainer: Alexandre Anriot
-copyright: Alexandre Anriot
-copyright_email: alexandre@atlantilde.com
-license: MIT
-summary: Ufw Compliance Profile
-version: 0.1.0
-supports:
-  - os-family: linux
diff --git a/ufw/config/applications.sls b/ufw/config/applications.sls
index d78f02b..b39254f 100644
--- a/ufw/config/applications.sls
+++ b/ufw/config/applications.sls
@@ -39,7 +39,9 @@ ufw-app-{{method}}-{{app_name}}:
     {%- if to_addr is not none %}
     - to_addr: {{to_addr}}
     {%- endif %}
-    {%- if comment is not none %}
+    # Debian Jessie doesn't implement the **comment** directive
+    # CentOS-6 throws an UTF-8 error
+    {%- if comment is not none and salt['grains.get']('osfinger') != 'Debian-8' and salt['grains.get']('osfinger') != 'CentOS-6' %}
     - comment: '"{{comment}}"'
     {%- endif %}
     - listen_in:
diff --git a/ufw/config/services.sls b/ufw/config/services.sls
index dd549d9..7f64142 100644
--- a/ufw/config/services.sls
+++ b/ufw/config/services.sls
@@ -43,7 +43,9 @@ ufw-svc-{{method}}-{{service_name}}-{{from_addr}}:
     {%- if to_addr is not none %}
     - to_addr: {{to_addr}}
     {%- endif %}
-    {%- if comment is not none %}
+    # Debian Jessie doesn't implement the **comment** directive
+    # CentOS-6 throws an UTF-8 error
+    {%- if comment is not none and salt['grains.get']('osfinger') != 'Debian-8' and salt['grains.get']('osfinger') != 'CentOS-6' %}
     - comment: '"{{comment}}"'
     {%- endif %}
     - to_port: "{{to_port}}"