Merge pull request #281 from myii/feat/manage-map.jinja-verification-files

feat(_mapdata): manage `map.jinja` verification

Author: myii

pillar.example

@@ -178,8 +178,12 @@ ssf:
       - bin/kitchen
       - docs/CONTRIBUTING.rst
       - docs/TOFS_pattern.rst
+      - formula/_mapdata/_mapdata.jinja
+      - formula/_mapdata/init.sls
       - formula/libsaltcli.jinja
       - formula/libtofs.jinja
+      - inspec/controls/_mapdata_spec.rb
+      - inspec/libraries/system.rb
       - inspec/inspec.yml
       - inspec/README.md
       - .gitignore

ssf/config/formulas.sls

@@ -79,10 +79,19 @@ prepare-git-branch-for-{{ formula }}:
 {%-             do matching_test_suite.update({'found': True}) %}
 {%-           endfor %}
 {#-           Now use that to set the `dest_file` accordingly #}
-{%-           if not matching_test_suite.found %}
+{#-           Start by stripping out the `inspec/` prefix from the path #}
+{%-           set dest_file = dest_file.replace('inspec/', '') %}
+{#-           Do not manage the file in the following situations: #}
+{#-           - If a matching test suite isn't found #}
+{#-           - Or if `libraries/system.rb` and is not the `share` suite #}
+{#-           - Or if `controls/_mapdata_spec.rb` and is the `share` suite #}
+{%-           if (not matching_test_suite.found) or
+                 (dest_file == 'libraries/system.rb' and suite.name != 'share') or
+                 (dest_file == 'controls/_mapdata_spec.rb' and suite.name == 'share')
+%}
 {%-             set dest_file = '' %}
 {%-           else %}
-{%-             set dest_file = '{0}/{1}/{2}'.format(inspec_tests_path_prefix, suite.name, dest_file.split('/')[-1]) %}
+{%-             set dest_file = '{0}/{1}/{2}'.format(inspec_tests_path_prefix, suite.name, dest_file) %}
 {%-           endif %}
 {%-         endif %}
 {%-         set dest = '{0}/{1}/{2}'.format(ssf.formulas_path, formula, dest_file) %}
@@ -140,6 +149,7 @@ prepare-git-branch-for-{{ formula }}:
         inspec_suites_kitchen: {{ inspec_suites_kitchen | yaml }}
         inspec_suites_matrix: {{ context.inspec_suites_matrix | yaml }}
         kitchen: {{ context.kitchen | yaml }}
+        map_jinja: {{ context.map_jinja | yaml }}
         platforms: {{ context.platforms | yaml }}
         platforms_matrix: {{ context.platforms_matrix | yaml }}
         platforms_matrix_commented_includes: {{ context.platforms_matrix_commented_includes | yaml }}

ssf/defaults.yaml

@@ -22,8 +22,11 @@ ssf_node_anchors:
               - '/docs/AUTHORS.rst': '@saltstack-formulas/ssf'
               - '/docs/CHANGELOG.rst': '@saltstack-formulas/ssf'
               - '/docs/TOFS_pattern.rst': '@saltstack-formulas/ssf'
+              - '/*/_mapdata/': '@saltstack-formulas/ssf'
               - '/*/libsaltcli.jinja': '@saltstack-formulas/ssf'
               - '/*/libtofs.jinja': '@saltstack-formulas/ssf'
+              - '/test/integration/**/_mapdata_spec.rb': '@saltstack-formulas/ssf'
+              - '/test/integration/**/libraries/system.rb': '@saltstack-formulas/ssf'
               - '/test/integration/**/inspec.yml': '@saltstack-formulas/ssf'
               - '/test/integration/**/README.md': '@saltstack-formulas/ssf'
               - '/.gitignore': '@saltstack-formulas/ssf'
@@ -59,8 +62,8 @@ ssf_node_anchors:
             #       An alternative method could be to use:
             #       `git describe --abbrev=0 --tags`
             # yamllint disable rule:line-length rule:quoted-strings
-            title: "ci(kitchen+gitlab): adjust matrix to add '`'3002'`'"
-            body: '* Semi-automated using https://github.com/myii/ssf-formula/pull/280'
+            title: "test(map): standardise '`'map.jinja'`' verification"
+            body: '* Automated using https://github.com/myii/ssf-formula/pull/281'
             # yamllint enable rule:line-length rule:quoted-strings
           github:
             owner: 'saltstack-formulas'
@@ -128,6 +131,8 @@ ssf_node_anchors:
         kitchen:
           driver:
             run_options: {}
+        map_jinja:
+          verification: {}
         platforms:
           # Could use `opensuse-leap` throughout since `/` never used at this end
           # Would have to modify the `if` in the `kitchen.yml` template(s), though

ssf/files/default/formula/_mapdata/_mapdata.jinja

@@ -0,0 +1,13 @@
+# yamllint disable rule:indentation rule:line-length
+# {{ grains.get('osfinger', grains.os) }}
+---
+{#- use salt.slsutil.serialize to avoid encoding errors on some platforms #}
+{{ salt['slsutil.serialize'](
+     'yaml',
+     map,
+     default_flow_style=False,
+     allow_unicode=True,
+   )
+   | regex_replace("^\s+'$", "'", multiline=True)
+   | trim
+}}

ssf/files/default/formula/_mapdata/init.sls

@@ -0,0 +1,21 @@
+${ '# -*- coding: utf-8 -*-' }
+${ '# vim: ft=sls' }
+---
+{#- Get the `tplroot` from `tpldir` #}
+{%- set tplroot = tpldir.split('/')[0] %}
+<% import_var = map_jinja['verification']['import'] %>\
+<% import_var_as = '' if import_var == 'mapdata' else ' as mapdata' %>\
+{%- from tplroot ~ "/map.jinja" import ${ import_var }${ import_var_as } with context %}
+
+{%- do salt['log.debug']('### MAP.JINJA DUMP ###\n' ~ mapdata | yaml(False)) %}
+
+{%- set output_dir = '/temp' if grains.os_family == 'Windows' else '/tmp' %}
+{%- set output_file = output_dir ~ '/salt_mapdata_dump.yaml' %}
+
+{{ tplroot }}-mapdata-dump:
+  file.managed:
+    - name: {{ output_file }}
+    - source: salt://{{ tplroot }}/_mapdata/_mapdata.jinja
+    - template: jinja
+    - context:
+        map: {{ mapdata | yaml }}

ssf/files/default/inspec/README.md

@@ -12,11 +12,13 @@ Its goal is to share the libraries between all profiles.
 The `system` library provides easy access to system dependent information:
 
 - `system.platform`: based on `inspec.platform`, modify to values that are more consistent from a SaltStack perspective
-  - `system.platform[:family]` provide a family name for Arch
-  - `system.platform[:name]` modify `amazon` to `amazonlinux`
-  - `system.platform[:release]` tweak Arch and Amazon Linux:
+  - `system.platform[:family]` provide a family name for Arch and Gentoo
+  - `system.platform[:name]` append `linux` to both `amazon` and `oracle`; ensure Windows platforms are resolved as simply `windows`
+  - `system.platform[:release]` tweak Arch, Amazon Linux, Gentoo and Windows:
     - `Arch` is always `base-latest`
     - `Amazon Linux` release `2018` is resolved as `1`
+    - `Gentoo` release is trimmed to its major version number and then the init system is appended (i.e. `sysv` or `sysd`)
+    - `Windows` uses the widely-used release number (e.g. `8.1` or `2019-server`) in place of the actual system release version
   - `system.platform[:finger]` is the concatenation of the name and the major release number (except for Ubuntu, which gives `ubuntu-20.04` for example)
 {%- else %}
 

ssf/files/default/inspec/controls/_mapdata_spec.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require 'yaml'
+
+control '`map.jinja` YAML dump' do
+  title 'should match the comparison file'
+
+  # Strip the `platform[:finger]` version number down to the "OS major release"
+  mapdata_file = "_mapdata/#{system.platform[:finger].split('.').first}.yaml"
+
+  # Load the mapdata from profile https://docs.chef.io/inspec/profiles/#profile-files
+  mapdata_dump = YAML.safe_load(inspec.profile.file(mapdata_file))
+
+  # Derive the location of the dumped mapdata
+  output_dir = platform[:family] == 'windows' ? '/temp' : '/tmp'
+  output_file = "#{output_dir}/salt_mapdata_dump.yaml"
+
+  describe 'File content' do
+    it 'should match profile map data exactly' do
+      expect(yaml(output_file).params).to eq(mapdata_dump)
+    end
+  end
+end

ssf/files/default/inspec/libraries/system.rb

@@ -0,0 +1,89 @@
+# frozen_string_literal: true
+
+# system.rb -- InSpec resources for system values
+# Author: Daniel Dehennin <[email protected]>
+# Copyright (C) 2020 Daniel Dehennin <[email protected]>
+
+class SystemResource < Inspec.resource(1)
+  name 'system'
+
+  attr_reader :platform
+
+  def initialize
+    super
+    @platform = build_platform
+  end
+
+  private
+
+  def build_platform
+    {
+      family: build_platform_family,
+      name: build_platform_name,
+      release: build_platform_release,
+      finger: build_platform_finger
+    }
+  end
+
+  def build_platform_family
+    case inspec.platform[:name]
+    when 'arch', 'gentoo'
+      inspec.platform[:name]
+    else
+      inspec.platform[:family]
+    end
+  end
+
+  def build_platform_name
+    case inspec.platform[:name]
+    when 'amazon', 'oracle'
+      "#{inspec.platform[:name]}linux"
+    when 'windows_8.1_pro', 'windows_server_2019_datacenter'
+      'windows'
+    else
+      inspec.platform[:name]
+    end
+  end
+
+  # rubocop:disable Metrics/MethodLength
+  def build_platform_release
+    case inspec.platform[:name]
+    when 'amazon'
+      # `2018` relase is named `1` in kitchen.yaml
+      inspec.platform[:release].gsub(/2018.*/, '1')
+    when 'arch'
+      'base-latest'
+    when 'gentoo'
+      "#{inspec.platform[:release].split('.')[0]}-#{derive_gentoo_init_system}"
+    when 'windows_8.1_pro'
+      '8.1'
+    when 'windows_server_2019_datacenter'
+      '2019-server'
+    else
+      inspec.platform[:release]
+    end
+  end
+  # rubocop:enable Metrics/MethodLength
+
+  def derive_gentoo_init_system
+    case inspec.command('systemctl').exist?
+    when true
+      'sysd'
+    else
+      'sysv'
+    end
+  end
+
+  def build_platform_finger
+    "#{build_platform_name}-#{build_finger_release}"
+  end
+
+  def build_finger_release
+    case inspec.platform[:name]
+    when 'ubuntu'
+      build_platform_release.split('.').slice(0, 2).join('.')
+    else
+      build_platform_release.split('.')[0]
+    end
+  end
+end