initial

.gitignore

@@ -0,0 +1,7 @@
+.DS_Store
+*.swp
+*.retry
+**/*.download
+releases/*
+clusters/*
+profiles/kubicorn*

CONTRIBUTING.md

@@ -0,0 +1,90 @@
+# Contributing
+
+When contributing to this repository, please first discuss the change you wish to make via issue,
+email, or any other method with the owners of this repository before making a change. 
+
+Please note we have a code of conduct, please follow it in all your interactions with the project.
+
+## Pull Request Process
+
+1. Ensure any install or build dependencies are removed before the end of the layer when doing a 
+   build.
+2. Update the README.md with details of changes to the interface, this includes new environment 
+   variables, exposed ports, useful file locations and container parameters.
+3. Increase the version numbers in any examples files and the README.md to the new version that this
+   Pull Request would represent. The versioning scheme we use is [SemVer](http://semver.org/).
+
+## Code of Conduct
+
+### Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+### Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+### Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+### Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+### Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at @bradgeesaman. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+### Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

LICENSE.md

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) [2017-] [Brad Geesaman]
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,121 @@
+# KubeATF
+
+## Description
+The Kubernetes *A*nsible *T*esting *F*ramework is a tool meant to spin up, test, save results, and spin down Kubernetes clusters using the various installation tools/kits/templates readily available in a human and CI/CD friendly way.
+
+In order to reduce conflicts of tools/versions as well as negate the need for having to install specific tools onto your system, ```KubeATF``` builds all the tools needed into a Docker container.  This is to allow for easy customization by you, the end user, to bake in whatever tools and scripts you may want to inject and make easy to deploy inside a CI/CD system that can run docker containers as build steps.
+
+## Use Cases
+1. **Kubernetes Installation Tool Testing** - If you are a maintainer of a Kubernetes installation tool, this provides a mechanism to create a repeatable process for creating test clusters to improve consistency and reduce time spent during development.
+
+2. **Kubernetes Release Testing** - If you are running the e2e (end to end) testing suite on various releases/configurations, this tool may help you.
+
+3. **Kubernetes Application Testing** - If you are deploying an application or a helm chart inside Kubernetes and you are concerned with ensuring compatibility across clouds and versions of Kubernetes, this tool may help you.
+
+4. **Kubernetes Security Testing** - If you are assessing multiple installation tools for their security posture using things like CIS Benchmarking checks, this tool can help automate the testing process.
+
+
+## Getting Started
+
+These instructions will get you a copy of the project up and running on your local machine.
+
+#### Prerequisites
+
+In order to run this tool, you will need the following installed on your Linux/OSX system (which you probably already have):
+
+* ```bash 3.x``` or newer
+* ```git 2.x``` or newer
+* ```docker 1.12``` or newer
+
+#### Downloading KubeATF
+
+1. In order to install the tool, simply clone this repository:
+
+  ```sh
+  $ git clone https://github.com/bgeesaman/kubeatf
+  $ cd kubeatf
+  ```
+
+2. Ensure you have your SSH key (<name>.pem) in ```~/.ssh/```
+
+  ```sh
+  $ ls ~/.ssh/kube.pem
+  kube.pem
+  ```
+
+3. Ensure you have your AWS credentials in ```~/.aws```
+
+  ```sh
+  $ ls ~/.aws/
+  config      credentials
+  ```
+
+4. Build the docker image locally:
+
+  ```sh
+  $ ./kubeatf docker build
+  ```
+
+#### Listing available releases
+
+```sh
+$ ./kubeatf get releases <toolname>
+```
+
+e.g.
+
+```sh
+$ ./kubeatf get releases kops
+```
+
+#### Obtaining a release
+
+```sh
+$ ./kubeatf get <toolname> <release>
+```
+e.g. 
+
+```sh
+$ ./kubeatf get kops 1.7.0
+```
+
+#### Configuring an Environment
+
+1. ```TODO```
+2. sa
+
+#### Running a test
+
+1. ```TODO```
+2. sa
+
+#### Viewing the results
+
+1. ```TODO```
+2. sa
+
+#### Troubleshooting
+
+Run ```./kubeatf``` for basic usage or ```./kubeatf help <command>``` to access detailed usage instructions.
+
+## Contributing
+
+Please read [CONTRIBUTING.md](CONTRIBUTING.md) for details on our code of conduct, and the process for submitting pull requests to us.
+
+## Versioning
+
+We use [SemVer](http://semver.org/) for versioning. For the versions available, see the [tags on this repository](https://github.com/bgeesaman/kubeatf/tags). 
+
+## Contributors
+
+* **Brad Geesaman** - Author - [bgeesaman](https://github.com/bgeesaman)
+
+## License
+
+This project is licensed under the MIT License - see the [LICENSE.md](LICENSE.md) file for details
+
+## Acknowledgments
+
+* Docker
+* Ansible
+* Kubernetes and the Kubernetes Community

VERSION

@@ -0,0 +1 @@
+0.0.1

ansible.cfg

@@ -0,0 +1,6 @@
+[defaults]
+lookup_plugins = plugins
+host_key_checking = false
+forks = 50
+callback_whitelist = default,minimal,skippy
+stdout_callback = default

bin/audit-cluster.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+###
+# Runs a special testing role that performs various tests
+# against the cluster.  e2e, cis, security, etc 
+###
+
+# TODO
+_audit-cluster_usage() {
+  echo "Usage: ${0} audit <cluster_id>"
+  echo ""
+  exit
+}
+
+# TODO
+audit-cluster() {
+  # Validate argument passed or show _docker_usage
+  if [ -z "${1-}" ]; then _audit-cluster_usage; fi
+
+  cluster_id="${1-}"
+  if [[ -d "${CLUSTERS_DIR}/${cluster_id}" ]]; then
+    echo "Run audit cluster ${cluster_id}"
+    ansible-playbook playbooks/audit.yml -i "localhost," --extra-vars "cluster_id=${cluster_id}"
+  else
+    echo "Invalid cluster_id: ${cluster_id} passed. Must be one of:"
+    ${0} list-clusters
+    exit 1
+  fi
+}

bin/create-cluster.sh

@@ -0,0 +1,28 @@
+#!/bin/bash
+
+###
+# Calls the role's "create" action to build a uniquely named cluster
+# and store the metadata in the local clusters folder
+###
+
+# TODO
+_create-cluster_usage() {
+  echo "Usage: ${0} create-cluster <profile_name>"
+  echo ""
+  exit
+}
+
+# TODO
+create-cluster() {
+  # Validate argument passed or show _docker_usage
+  if [ -z "${1-}" ]; then _create-cluster_usage; fi
+
+  profile_name="${1-}"
+  if [[ -f "${PROJECT_PATH}/${PROFILES_DIR}/${profile_name}.yml" ]]; then
+    echo "Run create cluster using profile ${profile_name}"
+    ansible-playbook playbooks/create.yml -i "localhost," --extra-vars "full_profile_path=${PROJECT_PATH}/${PROFILES_DIR}/${profile_name}.yml"
+  else
+    echo "Invalid profile passed.  Could not find ${PROJECT_PATH}/${PROFILES_DIR}/${profile_name}.yml"
+    exit 1
+  fi
+}

bin/destroy-cluster.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+###
+# Destroys a cluster by calling the 'destroy' action in the role.
+# Requires a cluster instance id
+###
+
+# TODO
+_destroy-cluster_usage() {
+  echo "Usage: ${0} destroy <cluster_id>"
+  echo ""
+  exit
+}
+
+# TODO
+destroy-cluster() {
+  # Validate argument passed or show _docker_usage
+  if [ -z "${1-}" ]; then _destroy-cluster_usage; fi
+
+  cluster_id="${1-}"
+  if [[ -f "${CLUSTERS_DIR}/${cluster_id}/profile.yml" ]]; then
+    echo "Run destroy cluster ${cluster_id}"
+    ansible-playbook playbooks/destroy.yml -i "localhost," --extra-vars "cluster_id=${cluster_id}"
+  else
+    echo "Invalid cluster_id. Must be one of:"
+    ${0} list-clusters
+    exit 1
+  fi
+}

bin/docker-build.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+###
+# Builds the tool locally using docker
+###
+
+# TODO
+_docker-build_usage() {
+  echo "Usage: ${0} docker-build"
+  echo ""
+  echo "${0} docker-build - Builds the MaaS container (MaaS)"
+  echo ""
+  exit
+}
+
+# TODO
+docker-build() {
+  msg "Run docker build for the container locally..."
+  ${DOCKER_CLIENT} build -t "${IMAGE_NAME}/${IMAGE_VERSION}" "${DOCKERFILE_DIR}"
+  msg "Running the new container..."
+  ${DOCKER_CLIENT} run --rm "${IMAGE_NAME}/${IMAGE_VERSION}"
+  msg "done."
+}

bin/get.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+###
+# Downloads the role if needed for the tool, and the tool by version
+# installed into the releases folder
+###
+
+# TODO
+_get_usage() {
+  echo "Usage: ${0} get <cmd>"
+  echo ""
+  echo "${0} get releases <toolname> - List of available releases for that tool"
+  echo "${0} get <toolname> <version> - Download a release version for a tool"
+  echo ""
+  exit
+}
+
+# TODO
+get() {
+  # Validate argument passed or show _docker_usage
+  if [ -z "${1-}" ]; then _get_usage; fi
+  if [ -z "${2-}" ]; then _get_usage; fi
+
+  if [[ " ${1-} " == " releases " ]]; then
+    # Run the role's "get_versions" action
+    ansible-playbook playbooks/get.yml -i "localhost," --extra-vars "role_name=${2} role_action=get_versions release_version=''"
+  else
+    # Run the role's "get" action
+    ansible-playbook playbooks/get.yml -i "localhost," --extra-vars "role_name=${1} role_action=get release_version=${2}"
+  fi
+}