myii
diff --git a/‎sudoers/_mapdata/_mapdata.jinja‎
Lines changed: 3 additions & 3 deletions b/‎sudoers/_mapdata/_mapdata.jinja‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎sudoers/_mapdata/init.sls‎
Lines changed: 11 additions & 6 deletions b/‎sudoers/_mapdata/init.sls‎
Lines changed: 11 additions & 6 deletions
diff --git a/‎test/integration/default/controls/_mapdata_spec.rb‎
Lines changed: 31 additions & 7 deletions b/‎test/integration/default/controls/_mapdata_spec.rb‎
Lines changed: 31 additions & 7 deletions
diff --git a/‎test/integration/default/files/_mapdata/amazonlinux-1.yaml‎
Lines changed: 65 additions & 63 deletions b/‎test/integration/default/files/_mapdata/amazonlinux-1.yaml‎
Lines changed: 65 additions & 63 deletions
diff --git a/‎test/integration/default/files/_mapdata/amazonlinux-2.yaml‎
Lines changed: 65 additions & 63 deletions b/‎test/integration/default/files/_mapdata/amazonlinux-2.yaml‎
Lines changed: 65 additions & 63 deletions
@@ -1,9 +1,9 @@
 # yamllint disable rule:indentation rule:line-length
-# {{ grains.get('osfinger', grains.os) }}
+# {{ grains.get("osfinger", grains.os) }}
 ---
 {#- use salt.slsutil.serialize to avoid encoding errors on some platforms #}
-{{ salt['slsutil.serialize'](
-     'yaml',
+{{ salt["slsutil.serialize"](
+     "yaml",
      map,
      default_flow_style=False,
      allow_unicode=True,
 
@@ -2,18 +2,23 @@
 # vim: ft=sls
 ---
 {#- Get the `tplroot` from `tpldir` #}
-{%- set tplroot = tpldir.split('/')[0] %}
-{%- from tplroot ~ "/map.jinja" import sudoers as mapdata with context %}
+{%- set tplroot = tpldir.split("/")[0] %}
+{%- from tplroot ~ "/map.jinja" import sudoers with context %}
 
-{%- do salt['log.debug']('### MAP.JINJA DUMP ###\n' ~ mapdata | yaml(False)) %}
+{%- set _mapdata = {
+      "values": {
+        "sudoers": sudoers,
+      }
+    } %}
+{%- do salt["log.debug"]("### MAP.JINJA DUMP ###\n" ~ _mapdata | yaml(False)) %}
 
-{%- set output_dir = '/temp' if grains.os_family == 'Windows' else '/tmp' %}
-{%- set output_file = output_dir ~ '/salt_mapdata_dump.yaml' %}
+{%- set output_dir = "/temp" if grains.os_family == "Windows" else "/tmp" %}
+{%- set output_file = output_dir ~ "/salt_mapdata_dump.yaml" %}
 
 {{ tplroot }}-mapdata-dump:
   file.managed:
     - name: {{ output_file }}
     - source: salt://{{ tplroot }}/_mapdata/_mapdata.jinja
     - template: jinja
     - context:
-        map: {{ mapdata | yaml }}
+        map: {{ _mapdata | yaml }}
@@ -5,19 +5,43 @@
 control '`map.jinja` YAML dump' do
   title 'should match the comparison file'
 
-  # Strip the `platform[:finger]` version number down to the "OS major release"
-  mapdata_file = "_mapdata/#{system.platform[:finger].split('.').first}.yaml"
+  ### Method
+  # The steps below for each file appear convoluted but they are both required
+  # and similar in nature:
+  # 1. The earliest method was to simply compare the files textually but this often
+  #    led to false positives due to inconsistencies (e.g. spacing, ordering)
+  # 2. The next method was to load the files back into YAML structures and then
+  #    compare but InSpec provided block diffs this way, unusable by end users
+  # 3. The final step was to dump the YAML structures back into a string to use
+  #    for the comparison; this both worked and provided human-friendly diffs
 
-  # Load the mapdata from profile https://docs.chef.io/inspec/profiles/#profile-files
-  mapdata_dump = YAML.safe_load(inspec.profile.file(mapdata_file))
+  ### Comparison file for the specific platform
+  ### Static, adjusted as part of code contributions, as map data is changed
+  # Strip the `platform[:finger]` version number down to the "OS major release"
+  platform_finger = system.platform[:finger].split('.').first.to_s
+  # Use that to set the path to the file (relative to the InSpec suite directory)
+  mapdata_file_path = "_mapdata/#{platform_finger}.yaml"
+  # Load the mapdata from profile, into a YAML structure
+  # https://docs.chef.io/inspec/profiles/#profile-files
+  mapdata_file_yaml = YAML.safe_load(inspec.profile.file(mapdata_file_path))
+  # Dump the YAML back into a string for comparison
+  mapdata_file_dump = YAML.dump(mapdata_file_yaml)
 
-  # Derive the location of the dumped mapdata
+  ### Output file produced by running the `_mapdata` state
+  ### Dynamic, generated during Kitchen's `converge` phase
+  # Derive the location of the dumped mapdata (differs for Windows)
   output_dir = platform[:family] == 'windows' ? '/temp' : '/tmp'
-  output_file = "#{output_dir}/salt_mapdata_dump.yaml"
+  # Use that to set the path to the file (absolute path, i.e. within the container)
+  output_file_path = "#{output_dir}/salt_mapdata_dump.yaml"
+  # Load the output into a YAML structure using InSpec's `yaml` resource
+  # https://github.com/inspec/inspec/blob/49b7d10/lib/inspec/resources/yaml.rb#L29
+  output_file_yaml = yaml(output_file_path).params
+  # Dump the YAML back into a string for comparison
+  output_file_dump = YAML.dump(output_file_yaml)
 
   describe 'File content' do
     it 'should match profile map data exactly' do
-      expect(yaml(output_file).params).to eq(mapdata_dump)
+      expect(output_file_dump).to eq(mapdata_file_dump)
     end
   end
 end
@@ -1,69 +1,71 @@
 # yamllint disable rule:indentation rule:line-length
 # Amazon Linux AMI-2018
 ---
-aliases:
-  commands:
-    PROCESSES:
-    - /usr/bin/nice
-    - /bin/kill
-    - /usr/bin/renice
-    - /usr/bin/pkill
-    - /usr/bin/top
-  hosts:
-    WEBSERVERS:
-    - www1
-    - www2
-    - www3
-  users:
-    ADMINS:
-    - millert
-    - dowdy
-    - mikef
-arch: amd64
-configpath: /etc
-defaults:
-  command_list:
-    PROCESSES: noexec
-  generic:
-  - env_reset
-  - mail_badpass
-  - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
-  host_list:
-    www1: log_year, logfile=/var/log/sudo.log
-  runas_list:
-    root: '!set_logname'
-  user_list:
-    ADMINS: '!lecture'
-    johndoe: '!requiretty'
-execprefix: /usr/sbin
-group: root
-groups:
-  sudo:
-  - ALL=(ALL) ALL
-  - 'ALL=(nodejs) NOPASSWD: ALL'
-included_files:
-  /etc/sudoers.d/extra-file:
-    users:
-      foo:
-      - ALL=(ALL) ALL
-  extra-file-2:
+values:
+  sudoers:
+    aliases:
+      commands:
+        PROCESSES:
+        - /usr/bin/nice
+        - /bin/kill
+        - /usr/bin/renice
+        - /usr/bin/pkill
+        - /usr/bin/top
+      hosts:
+        WEBSERVERS:
+        - www1
+        - www2
+        - www3
+      users:
+        ADMINS:
+        - millert
+        - dowdy
+        - mikef
+    arch: amd64
+    configpath: /etc
+    defaults:
+      command_list:
+        PROCESSES: noexec
+      generic:
+      - env_reset
+      - mail_badpass
+      - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+      host_list:
+        www1: log_year, logfile=/var/log/sudo.log
+      runas_list:
+        root: '!set_logname'
+      user_list:
+        ADMINS: '!lecture'
+        johndoe: '!requiretty'
+    execprefix: /usr/sbin
+    group: root
     groups:
-      bargroup:
-      - 'ALL=(ALL) NOPASSWD: ALL'
-  extra-file-3:
+      sudo:
+      - ALL=(ALL) ALL
+      - 'ALL=(nodejs) NOPASSWD: ALL'
+    included_files:
+      /etc/sudoers.d/extra-file:
+        users:
+          foo:
+          - ALL=(ALL) ALL
+      extra-file-2:
+        groups:
+          bargroup:
+          - 'ALL=(ALL) NOPASSWD: ALL'
+      extra-file-3:
+        netgroups:
+          other_netgroup:
+          - ALL=(ALL) ALL
+    includedir: /etc/sudoers.d
+    manage_main_config: true
     netgroups:
-      other_netgroup:
+      sysadmins:
+      - ALL=(ALL) ALL
+    pkg: sudo
+    purge_includedir: false
+    users:
+      johndoe:
       - ALL=(ALL) ALL
-includedir: /etc/sudoers.d
-manage_main_config: true
-netgroups:
-  sysadmins:
-  - ALL=(ALL) ALL
-pkg: sudo
-purge_includedir: false
-users:
-  johndoe:
-  - ALL=(ALL) ALL
-  - 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
-  kitchen:
-  - 'ALL=(root) NOPASSWD: ALL'
+      - 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
+      kitchen:
+      - 'ALL=(root) NOPASSWD: ALL'
@@ -1,69 +1,71 @@
 # yamllint disable rule:indentation rule:line-length
 # Amazon Linux-2
 ---
-aliases:
-  commands:
-    PROCESSES:
-    - /usr/bin/nice
-    - /bin/kill
-    - /usr/bin/renice
-    - /usr/bin/pkill
-    - /usr/bin/top
-  hosts:
-    WEBSERVERS:
-    - www1
-    - www2
-    - www3
-  users:
-    ADMINS:
-    - millert
-    - dowdy
-    - mikef
-arch: amd64
-configpath: /etc
-defaults:
-  command_list:
-    PROCESSES: noexec
-  generic:
-  - env_reset
-  - mail_badpass
-  - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
-  host_list:
-    www1: log_year, logfile=/var/log/sudo.log
-  runas_list:
-    root: '!set_logname'
-  user_list:
-    ADMINS: '!lecture'
-    johndoe: '!requiretty'
-execprefix: /usr/sbin
-group: root
-groups:
-  sudo:
-  - ALL=(ALL) ALL
-  - 'ALL=(nodejs) NOPASSWD: ALL'
-included_files:
-  /etc/sudoers.d/extra-file:
-    users:
-      foo:
-      - ALL=(ALL) ALL
-  extra-file-2:
+values:
+  sudoers:
+    aliases:
+      commands:
+        PROCESSES:
+        - /usr/bin/nice
+        - /bin/kill
+        - /usr/bin/renice
+        - /usr/bin/pkill
+        - /usr/bin/top
+      hosts:
+        WEBSERVERS:
+        - www1
+        - www2
+        - www3
+      users:
+        ADMINS:
+        - millert
+        - dowdy
+        - mikef
+    arch: amd64
+    configpath: /etc
+    defaults:
+      command_list:
+        PROCESSES: noexec
+      generic:
+      - env_reset
+      - mail_badpass
+      - secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+      host_list:
+        www1: log_year, logfile=/var/log/sudo.log
+      runas_list:
+        root: '!set_logname'
+      user_list:
+        ADMINS: '!lecture'
+        johndoe: '!requiretty'
+    execprefix: /usr/sbin
+    group: root
     groups:
-      bargroup:
-      - 'ALL=(ALL) NOPASSWD: ALL'
-  extra-file-3:
+      sudo:
+      - ALL=(ALL) ALL
+      - 'ALL=(nodejs) NOPASSWD: ALL'
+    included_files:
+      /etc/sudoers.d/extra-file:
+        users:
+          foo:
+          - ALL=(ALL) ALL
+      extra-file-2:
+        groups:
+          bargroup:
+          - 'ALL=(ALL) NOPASSWD: ALL'
+      extra-file-3:
+        netgroups:
+          other_netgroup:
+          - ALL=(ALL) ALL
+    includedir: /etc/sudoers.d
+    manage_main_config: true
     netgroups:
-      other_netgroup:
+      sysadmins:
+      - ALL=(ALL) ALL
+    pkg: sudo
+    purge_includedir: false
+    users:
+      johndoe:
       - ALL=(ALL) ALL
-includedir: /etc/sudoers.d
-manage_main_config: true
-netgroups:
-  sysadmins:
-  - ALL=(ALL) ALL
-pkg: sudo
-purge_includedir: false
-users:
-  johndoe:
-  - ALL=(ALL) ALL
-  - 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
-  kitchen:
-  - 'ALL=(root) NOPASSWD: ALL'
+      - 'ALL=(root) NOPASSWD: /etc/init.d/httpd'
+      kitchen:
+      - 'ALL=(root) NOPASSWD: ALL'