test(windows): initial commit of Windows testing using kitchen-vagrant

Author: dafyddj

Gemfile

@@ -3,4 +3,5 @@ source "https://rubygems.org"
 gem 'kitchen-docker', '>= 2.9'
 gem 'kitchen-salt', '>= 0.6.0'
 gem 'kitchen-inspec', '>= 1.1'
+gem "rspec-retry"
 

kitchen.windows.yml

@@ -0,0 +1,61 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+# For help on this file's format, see https://kitchen.ci/
+driver:
+  name: vagrant
+  linked_clone: true
+
+# Make sure the platforms listed below match up with
+# the `env.matrix` instances defined in `.travis.yml`
+platforms:
+  - name: windows
+    driver:
+      box: mwrock/Windows2012R2
+      network:
+        private_network:
+          ip: 192.168.10.20
+      provision: true
+      vagrantfiles:
+        - test/vagrant/Vagrantfile.rb
+  - name: ubuntu
+    driver:
+      box: ubuntu/bionic64
+      network:
+        private_network:
+          ip: 192.168.10.10
+
+provisioner:
+  name: salt_solo
+  log_level: info
+  require_chef: false
+  formula: openvpn
+  salt_copy_filter:
+    - .kitchen
+    - .git
+
+verifier:
+  # https://www.inspec.io/
+  name: inspec
+  sudo: true
+  # cli, documentation, html, progress, json, json-min, json-rspec, junit
+  reporter:
+    - cli
+
+suites:
+  - name: default
+    provisioner:
+      state_top:
+        base:
+          '*':
+            - openvpn.config
+      pillars:
+        top.sls:
+          base:
+            '*':
+              - openvpn
+      pillars_from_files:
+        openvpn.sls: test/salt/pillar/windows.sls
+    verifier:
+      inspec_tests:
+        - path: test/integration/windows

test/integration/windows/README.md

@@ -0,0 +1,50 @@
+# InSpec Profile: `windows`
+
+This shows the implementation of the `windows` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md).
+
+## Verify a profile
+
+InSpec ships with built-in features to verify a profile structure.
+
+```bash
+$ inspec check windows
+Summary
+-------
+Location: windows
+Profile: profile
+Controls: 4
+Timestamp: 2019-06-24T23:09:01+00:00
+Valid: true
+
+Errors
+------
+
+Warnings
+--------
+```
+
+## Execute a profile
+
+To run all **supported** controls on a local machine use `inspec exec /path/to/profile`.
+
+```bash
+$ inspec exec windows
+..
+
+Finished in 0.0025 seconds (files took 0.12449 seconds to load)
+8 examples, 0 failures
+```
+
+## Execute a specific control from a profile
+
+To run one control from the profile use `inspec exec /path/to/profile --controls name`.
+
+```bash
+$ inspec exec windows --controls package
+.
+
+Finished in 0.0025 seconds (files took 0.12449 seconds to load)
+1 examples, 0 failures
+```
+
+See an [example control here](https://github.com/inspec/inspec/blob/master/examples/profile/controls/example.rb).

test/integration/windows/controls/config_spec.rb

@@ -0,0 +1,11 @@
+control 'OpenVPN client configuration' do
+  title 'should match desired lines'
+
+  cfgfile = 'C:\Program Files\OpenVPN\config\myclient1.ovpn'
+
+  describe file(cfgfile) do
+    it { should be_file }
+    its('content') { should include '# OpenVPN client configuration' }
+    its('content') { should include '# Managed by Salt' }
+  end
+end

test/integration/windows/controls/packages_spec.rb

@@ -0,0 +1,11 @@
+control 'OpenVPN packages' do
+  title 'should be installed'
+
+  describe package('OpenVPN') do
+    it { should be_installed }
+  end
+
+  describe package('TAP-Windows') do
+    it { should be_installed }
+  end
+end

test/integration/windows/controls/services_spec.rb

@@ -0,0 +1,23 @@
+control 'OpenVPN service' do
+  impact 0.5
+  title 'should be running and enabled'
+
+  require 'rspec/retry'
+
+  describe service("OpenVPNService") do
+    it { should be_enabled }
+    it { should be_running }
+  end
+
+  logfile = 'C:\ProgramData\OpenVPN\log\myclient1.log'
+
+  describe file(logfile) do
+    it { should be_file }
+  end
+
+  describe 'Initialization' do
+    it 'should be completed', retry: 60, retry_wait: 1 do
+      expect(file(logfile).content).to include 'Initialization Sequence Completed'
+    end
+  end
+end

test/integration/windows/inspec.yml

@@ -0,0 +1,10 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+name: openvpn-windows
+title: OpenVPN Formula
+maintainer: SaltStack Formulas
+license: Apache-2.0
+summary: Verify that the openvpn formula is setup and configured correctly
+supports:
+  - platform: windows

test/salt/pillar/windows.sls

@@ -0,0 +1,82 @@
+openvpn:
+{% if salt['grains.get']('os_family') != 'Windows' %}
+  lookup:
+    user: openvpn
+    group: openvpn
+    manage_user: True
+    manage_group: True
+    external_repo_enabled: True
+    dh_files: ['512']
+  server:
+    myserver1:
+      port: 2000
+      proto: udp
+      topology: p2p
+      dev: tun
+      comp_lzo: "yes"
+      ifconfig: 169.254.0.1 169.254.0.2
+      log_append: /var/log/openvpn/myserver1.log
+      secret: /etc/openvpn/myserver1_secret.key
+      # /usr/sbin/openvpn --genkey --secret /dev/stdout
+      secret_content: |
+        #
+        # 2048 bit OpenVPN static key
+        #
+        -----BEGIN OpenVPN Static key V1-----
+        6b3e7b098232e9c885f8deed5c069b02
+        47a966595178cc30ebcd4e1042e019ef
+        fdfbed752e26ef7b0877e0e0a6e4e38b
+        ffed3fd9da205ff6cd39825d0f8a99ec
+        324848682062676868b57e4474791042
+        4dc4ad7f3ff7ba8815e31f950c7443c8
+        b52441384936cbf50d2f4d051d0c889a
+        f118dec5c749398cdce859fced60a4eb
+        4e78abb9939f8dbe1cbdbbcaa914b539
+        6258235dce1a8ef044a29f8ce018f183
+        4b83f17a42b788c583cf006cccb5050f
+        a1c53b22688d98a2092fcd23b160b01a
+        064d84f1355c605287b30b140c3c5fa7
+        b5e2a0a8def6eb46b3ab4a11b5cb4c96
+        4c099bf8e74b8bf4e6509de69b7a79ad
+        7391b6cf3f4ae296ecf8b552144a2947
+        -----END OpenVPN Static key V1-----
+{% else %}
+  lookup:
+    service: OpenVPNService
+  client:
+    myclient1:
+      proto: udp
+      dev: tun
+      comp_lzo: "yes"
+      pull: false
+      tls_client: false
+      nobind: false
+      ifconfig: 169.254.0.2 169.254.0.1
+      remote:
+        - 192.168.10.10 2000
+      log_append: '"C:\\ProgramData\\OpenVPN\\log\\myclient1.log"'
+      secret: '"C:\\ProgramData\\OpenVPN\\config\\myclient1_secret.key"'
+      # /usr/sbin/openvpn --genkey --secret /dev/stdout
+      secret_content: |
+        #
+        # 2048 bit OpenVPN static key
+        #
+        -----BEGIN OpenVPN Static key V1-----
+        6b3e7b098232e9c885f8deed5c069b02
+        47a966595178cc30ebcd4e1042e019ef
+        fdfbed752e26ef7b0877e0e0a6e4e38b
+        ffed3fd9da205ff6cd39825d0f8a99ec
+        324848682062676868b57e4474791042
+        4dc4ad7f3ff7ba8815e31f950c7443c8
+        b52441384936cbf50d2f4d051d0c889a
+        f118dec5c749398cdce859fced60a4eb
+        4e78abb9939f8dbe1cbdbbcaa914b539
+        6258235dce1a8ef044a29f8ce018f183
+        4b83f17a42b788c583cf006cccb5050f
+        a1c53b22688d98a2092fcd23b160b01a
+        064d84f1355c605287b30b140c3c5fa7
+        b5e2a0a8def6eb46b3ab4a11b5cb4c96
+        4c099bf8e74b8bf4e6509de69b7a79ad
+        7391b6cf3f4ae296ecf8b552144a2947
+        -----END OpenVPN Static key V1-----
+{% endif %}

test/vagrant/Vagrantfile.rb

@@ -0,0 +1,10 @@
+$script = <<-SCRIPT
+# Workaround for error "The request was aborted: Could not create SSL/TLS secure channel."
+[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12
+mkdir $env:TEMP\\kitchen\\srv\\salt\\win\\repo-ng
+wget https://github.com/saltstack/salt-winrepo-ng/raw/master/openvpn.sls -OutFile $env:TEMP\\kitchen\\srv\\salt\\win\\repo-ng\\openvpn.sls
+SCRIPT
+
+Vagrant.configure("2") do |config|
+  config.vm.provision "shell", inline: $script
+end