kitchen.yml

---
provisioner:
  name: chef_infra
  always_update_cookbooks: true
  kitchen_root: <%= ::Dir.pwd %>
  data_bags_path: <%= ::File.join(ENV['HOME'], '.chef/databags') %>
  log_level: auto

verifier:
  name: inspec
  title: InSpec Profile for Deploy-Context
  maintainer: Jimmy Provencher
  copyright: JimboDragon
  copyright_email: jimmy.provencher@hotmail.ca
  license: Apache-2.0
  summary: An InSpec Compliance Profile for Deploy-Context
  version: 0.1.0
  depends:
  - name: supermarket-profile
    supermarket: dev-sec/linux-baseline

platforms:
  - name: vb-deploy-context
    provisioner:
      product_name: chef-workstation
      channel: stable
      install_strategy: once
      chef_license: accept
      product_version: latest
    transport: # Dealing with 22.04 deprecating ssh-rsa prior to tooling being ready for it
      name: ssh
      username: vagrant
      password: vagrant
    driver:
      name: vagrant
      box: bento/ubuntu-22.04
      cache_directory: <%= File.expand_path("#{::Dir.pwd}/omnibus/cache") %>
      kitchen_cache_directory: <%= File.expand_path("#{::Dir.pwd}/.kitchen/cache") %>
      domain: <%= ENV['AWS_SSH_DEPLOYCONTEXT_DOMAIN_NAME'] %>
      vm_hostname: <%= ENV['AWS_SSH_DEPLOYCONTEXT_DOMAIN_NAME'] %>
      network:
      - ["forwarded_port", {guest: 22, host: 2220}]
      - ["forwarded_port", {guest: 80, host: 8880}]
      - ["forwarded_port", {guest: 443, host: 4430}]
      customize:
        memory: 8196
        cpus: 2
        firmware: bios
        hwvirtex: "on"
        vtxvpid: "on"
        vtxux: "on"
        nested-hw-virt: "on"
        cpuhotplug: "on"
        vrde: "on"
        vrdeport: 3390
        autostart-enabled: "on"
      pre_create_command: "ssh-keygen -f \"<%= ENV['HOME'] %>/.ssh/known_hosts\" -R \"[127.0.0.1]:2220\"; ssh-keygen -f \"<%= ENV['HOME'] %>/.ssh/known_hosts\" -R \"[<%= ENV['AWS_SSH_DEPLOYCONTEXT_DOMAIN_NAME'] %>]:2220\";"
  - name: vb-workstation-context
    provisioner:
      product_name: chef-workstation
      channel: stable
      install_strategy: once
      chef_license: accept
      product_version: latest
    transport: # Dealing with 22.04 deprecating ssh-rsa prior to tooling being ready for it
      name: ssh
      username: vagrant
      password: vagrant
    driver:
      name: vagrant
      box: bento/ubuntu-22.04
      cache_directory: <%= File.expand_path("#{::Dir.pwd}/omnibus/cache") %>
      kitchen_cache_directory: <%= File.expand_path("#{::Dir.pwd}/.kitchen/cache") %>
      domain: <%= ENV['AWS_SSH_DEPLOYCONTEXT_DOMAIN_NAME'] %>
      vm_hostname: <%= ENV['AWS_SSH_DEPLOYCONTEXT_DOMAIN_NAME'] %>
      network:
      - ["forwarded_port", {guest: 22, host: 2223}]
      - ["forwarded_port", {guest: 443, host: 4433}]
      customize:
        memory: 8196
        cpus: 2
        firmware: bios
        hwvirtex: "on"
        vtxvpid: "on"
        vtxux: "on"
        nested-hw-virt: "on"
        cpuhotplug: "on"
        vrde: "on"
        vrdeport: 3390
        autostart-enabled: "on"
      pre_create_command: "ssh-keygen -f \"<%= ENV['HOME'] %>/.ssh/known_hosts\" -R \"[127.0.0.1]:2223\"; ssh-keygen -f \"<%= ENV['HOME'] %>/.ssh/known_hosts\" -R \"[<%= ENV['AWS_SSH_DEPLOYCONTEXT_DOMAIN_NAME'] %>]:2223\";"
  
  - name: dock-deploy-context
    driver:
      name: dokken
      image: habitat/default-studio-x86_64-linux
      socket: tcp://127.0.0.1:2375
    provisioner:
      name: dokken
      product_name: chef-workstation
      channel: stable
      install_strategy: once
      chef_license: accept
      product_version: latest
      pull_chef_image: true
    transport:
      name: dokken
    intermediate_instructions:
      - RUN /usr/bin/apt-get update
      - RUN /usr/bin/apt-get install lsb_release
      - RUN mkdir -p /opt/kitchen
      - COPY . /opt/kitchen
      - WORKDIR /opt/kitchen
    ports:
    - container_port:
      - host_ip: 127.0.0.1
      - host_port: 4431
  - name: aws-deploy-context
    driver:
      name: ec2
      aws_ssh_key_id: <%= ENV['AWS_SSH_DEPLOYCONTEXT_KITCHEN_KEY'] %>
      security_group_ids: ["<%= ENV['AWS_SSH_DEPLOYCONTEXT_KITCHEN_KEY'] %>"]
      region: us-east-1
      subnet_id: <%= ENV['AWS_SSH_DEPLOYCONTEXT_SUBNET_ID'] %>
      iam_profile_name: deploy-context-kitchen-role
      instance_type: t2.micro
      associate_public_ip: true
      interface: dns
      image_id: ami-067d1e60475437da2
    provisioner:
      product_name: chef-workstation
  - name: aws-deploy-context-chefserver
    driver:
      name: ec2
      aws_ssh_key_id: <%= ENV['AWS_SSH_DEPLOYCONTEXT_KITCHEN_KEY'] %>
      security_group_ids: ["<%= ENV['AWS_SSH_DEPLOYCONTEXT_KITCHEN_KEY'] %>"]
      region: us-east-1
      subnet_id: <%= ENV['AWS_SSH_DEPLOYCONTEXT_SUBNET_ID'] %>
      iam_profile_name: deploy-context-kitchen-role
      instance_type: t2.micro
      associate_public_ip: true
      interface: dns
      image_id: ami-067d1e60475437da2

suites:
  - name: default
    includes:
        - vb-deploy-context
        - dock-deploy-context
        - aws-deploy-context
    attributes:
      infra_chef:
        project_name: exemple
  - name: workstation
    named_run_list: kitchen_user
    verifier:
      name: inspec
      inspec_tests:
        - test/integration/default/workstation_test.rb
        - test/integration/default/kitchen_user_test.rb
        - test/integration/default/deploy-context_test.rb
    attributes:
      audit:
        compliance_phase: true
      os-hardening:
        components:
          auditd: true
      deploy-context:
        context_databag: default_context
        secret_key: "<%= ::File.read(::File.join(ENV['HOME'], '.chef/secret')) %>"
        chef_repo_name: <%= ENV['CHEF_REPO_NAME'] %>
        chef_repo_git: <%= ENV['CHEF_REPO_GIT'] %>
        organisation_name: <%= ENV['CHEF_ORGANISATION_NAME'] %>
        application_name: <%= ENV['APPLICATION_NAME'] %>
        suite_kitchen: docker
        chef_accept:
          chef_infra_client: "<%= ::File.read('/etc/chef/accepted_licenses/chef_infra_client').split("\n").join('\n') %>"
          chef_infra_server: "<%= ::File.read('/etc/chef/accepted_licenses/chef_infra_server').split("\n").join('\n') %>"
          chef_workstation: "<%= ::File.read('/etc/chef/accepted_licenses/chef_workstation').split("\n").join('\n') %>"
          inspec: "<%= ::File.read('/etc/chef/accepted_licenses/inspec').split("\n").join('\n') %>"
        plans:
        - spec/habitat
        - habitat
        user:
          deploy:
          - git
          - ssh
          - chef
          - gem
        system:
          deploy:
          - git
          - ssh
          - chef
          - cucumber
          - habitat
          - gem
          - docker
          - aws
          - circleci
    includes:
        - <%= ENV['KITCHEN_WORKSTATION'] %>