Added serverspec tests to validate formula. CentOS 7 and Debian 8 are still not functioning.

Michael Chmielewski · Michael Chmielewski · commit fa1dac881777 · 2020-12-11T15:47:09.000-05:00
diff --git a/.kitchen.yml b/.kitchen.yml
@@ -8,27 +8,25 @@ provisioner:
   is_file_root: true
   # Use this section (and comment out the `threatstack.sls` definition in the `pillars` section)
   # to grab pillar data from the `pillar.example` file
-  pillars_from_files:
-    threatstack.sls: pillar.example
+  # pillars_from_files:
+  #   threatstack.sls: pillar.example
   pillars:
     top.sls:
       base:
         '*':
           - threatstack
     # Use this section (and comment out the `pillars_from_files` section)
     # to grab pillar data from environment variables
-    # threatstack.sls:
-    #   deploy_key: <%= ENV['TS_DEPLOY_KEY'] != nil ? ENV['TS_DEPLOY_KEY'] : 'ts_deploy_key' %>
-    #   ts_agent_version: <%= ENV['TS_PACKAGE_VERSION'] %>
-    #   <% if ENV['TS_CONFIG_ARGS'] %>
-    #   ts_agent_config_args: <%= ENV['TS_CONFIG_ARGS'] %>
-    #   <% end %>
-    #   ts_agent_version: <%= ENV['TS_PACKAGE_VERSION'] %>
-    # ts_configure_agent: <%= ENV['TS_CONFIGURE_AGENT'] %>
-    # ts_agent_latest: <%= ENV['TS_AGENT_LATEST'] %>
-    #   <% if ENV['TS_SETUP_ARGS'] %>
-    #   ts_agent_extra_args: <%= ENV['TS_SETUP_ARGS'] %>
-    #   <% end %>
+    threatstack.sls:
+      deploy_key: <%= ENV['TS_DEPLOY_KEY'] != nil ? ENV['TS_DEPLOY_KEY'] : 'ts_deploy_key' %>
+      ts_agent_version: <%= ENV['TS_PACKAGE_VERSION'] %>
+      ts_configure_agent: <%= ENV['TS_CONFIGURE_AGENT'] %>
+      <% if ENV['TS_SETUP_ARGS'] %>
+      ts_agent_extra_args: <%= ENV['TS_SETUP_ARGS'] %>
+      <% end %>
+      <% if ENV['TS_CONFIG_ARGS'] %>
+      ts_agent_config_args: <%= ENV['TS_CONFIG_ARGS'] %>
+      <% end %>
   state_top:
     base:
       '*':
@@ -45,6 +43,8 @@ platforms:
       volume:
         - /sys/fs/cgroup:/sys/fs/cgroup
       provision_command:
+        - yum install -y ruby24
+        - alternatives --set ruby /usr/bin/ruby2.4
         - yum install -y audit initscripts
         - sed -i 's/local_events = yes/local_events = no/g' /etc/audit/auditd.conf
         - chkconfig auditd on
@@ -58,6 +58,10 @@ platforms:
       volume:
         - /sys/fs/cgroup:/sys/fs/cgroup
       provision_command:
+        - amazon-linux-extras install ruby2.6
+        - yum install -y ruby-devel gcc make
+        - gem install io-console --install-dir=/tmp/verifier/gems
+        - chown -R kitchen:kitchen /tmp/verifier
         - yum install -y audit initscripts
         - sed -i 's/local_events = yes/local_events = no/g' /etc/audit/auditd.conf
         - systemctl enable auditd.service
@@ -72,9 +76,20 @@ platforms:
       volume:
         - /sys/fs/cgroup:/sys/fs/cgroup
       provision_command:
+        - yum install -y ruby ruby-devel git
+        - yum install -y centos-release-scl-rh
+        - yum install -y rh-ruby24
+        # - source /opt/rh/rh-ruby24/enable
+        - |
+          printf "\n\
+          \n\
+          source /opt/rh/rh-ruby24/enable \n\
+          export X_SCLS=\"`scl enable rh-ruby24 'echo $X_SCLS'`\"\n"\
+          >> /etc/bashrc
         - yum install -y audit initscripts
         - sed -i 's/local_events = yes/local_events = no/g' /etc/audit/auditd.conf
         - systemctl enable auditd.service
+        - scl enable rh-ruby24 bash
   - name: centos-8
     image: centos:8
     driver_config:
@@ -166,7 +181,11 @@ platforms:
       provision_command:
         - sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
         - systemctl enable ssh.service
-  # - name: amazonlinux-2
 
 suites:
   - name: default
+  - name: custom
+    provisioner:
+      pillars:
+        threatstack.sls:
+          ts_agent_config_args: "--set log.maxSize 22"
diff --git a/Gemfile b/Gemfile
@@ -4,7 +4,8 @@ group :development, :unit_tests do
   gem 'rake',           :require => false
 end
 group :system_tests do
-  gem 'serverspec',      :require => false
+  gem 'busser-serverspec',     :require => false
+  gem 'serverspec',     :require => false
   gem 'test-kitchen',    :require => false
   gem 'kitchen-salt',  :require => false
   gem 'kitchen-docker', :require => false
diff --git a/pillar.example b/pillar.example
@@ -1,5 +1,5 @@
 deploy_key: "xxxx-xxxx-your-secret-key-xxxx"
-ts_configure_agent: True
 ts_agent_version: 2.3.0*
-ts_agent_config_args: '--set log.level info'
+ts_configure_agent: True
 ts_agent_extra_args: ''
+ts_agent_config_args: ''
diff --git a/test/integration/.DS_Store b/test/integration/.DS_Store
diff --git a/test/integration/custom/serverspec/default_spec.rb b/test/integration/custom/serverspec/default_spec.rb
@@ -0,0 +1,16 @@
+require 'serverspec'
+
+set :backend, :exec
+
+describe package('threatstack-agent') do
+  it { should be_installed }
+end
+
+describe service('threatstack') do
+  it { should be_running }
+  it { should be_enabled }
+end
+
+describe command('tsagent config --list') do
+  its(:stdout) { should match /log.maxSize=22/ } # rubocop: disable Lint/AmbiguousRegexpLiteral
+end
diff --git a/test/integration/default/serverspec/default_spec.rb b/test/integration/default/serverspec/default_spec.rb
@@ -0,0 +1,17 @@
+require 'serverspec'
+
+set :backend, :exec
+
+describe package('threatstack-agent') do
+  it { should be_installed }
+end
+
+describe service('threatstack') do
+  it { should be_running }
+  it { should be_enabled }
+end
+
+describe command('tsagent status') do
+  # Sometimes due to other services, like auditd, the install would be successful, but then this service would get killed
+  its(:stdout) { should match /UP Threat Stack Audit Collection/ } # rubocop: disable Lint/AmbiguousRegexpLiteral
+end
