test(map): verify map.jinja dump using _mapdata state

* Semi-automated using myii/ssf-formula#286
saltstack-formulas · Dec 26, 2020 · 22869e0 · 22869e0
1 parent a615af1
commit 22869e0
Show file tree

Hide file tree

Showing 12 changed files with 222 additions and 190 deletions.
diff --git a/CODEOWNERS b/CODEOWNERS
@@ -10,7 +10,6 @@
 
 # SECTION: Owner(s) for specific directories
 # FILE PATTERN                              OWNER(S)
-/test/                                      @myii
 
 # SECTION: Owner(s) for files/directories related to `semantic-release`
 # FILE PATTERN                              OWNER(S)
@@ -20,8 +19,11 @@
 /docs/AUTHORS.rst                           @saltstack-formulas/ssf
 /docs/CHANGELOG.rst                         @saltstack-formulas/ssf
 /docs/TOFS_pattern.rst                      @saltstack-formulas/ssf
+/*/_mapdata/                                @saltstack-formulas/ssf
 /*/libsaltcli.jinja                         @saltstack-formulas/ssf
 /*/libtofs.jinja                            @saltstack-formulas/ssf
+/test/integration/**/_mapdata_spec.rb       @saltstack-formulas/ssf
+/test/integration/**/libraries/system.rb    @saltstack-formulas/ssf
 /test/integration/**/inspec.yml             @saltstack-formulas/ssf
 /test/integration/**/README.md              @saltstack-formulas/ssf
 /.gitignore                                 @saltstack-formulas/ssf

diff --git a/firewalld/_mapdata/_mapdata.jinja b/firewalld/_mapdata/_mapdata.jinja
@@ -0,0 +1,13 @@
+# yamllint disable rule:indentation rule:line-length
+# {{ grains.get("osfinger", grains.os) }}
+---
+{#- use salt.slsutil.serialize to avoid encoding errors on some platforms #}
+{{ salt["slsutil.serialize"](
+     "yaml",
+     map,
+     default_flow_style=False,
+     allow_unicode=True,
+   )
+   | regex_replace("^\s+'$", "'", multiline=True)
+   | trim
+}}
diff --git a/firewalld/_mapdata/init.sls b/firewalld/_mapdata/init.sls
@@ -0,0 +1,24 @@
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+---
+{#- Get the `tplroot` from `tpldir` #}
+{%- set tplroot = tpldir.split("/")[0] %}
+{%- from tplroot ~ "/map.jinja" import firewalld with context %}
+
+{%- set _mapdata = {
+      "values": {
+        "firewalld": firewalld,
+      }
+    } %}
+{%- do salt["log.debug"]("### MAP.JINJA DUMP ###\n" ~ _mapdata | yaml(False)) %}
+
+{%- set output_dir = "/temp" if grains.os_family == "Windows" else "/tmp" %}
+{%- set output_file = output_dir ~ "/salt_mapdata_dump.yaml" %}
+
+{{ tplroot }}-mapdata-dump:
+  file.managed:
+    - name: {{ output_file }}
+    - source: salt://{{ tplroot }}/_mapdata/_mapdata.jinja
+    - template: jinja
+    - context:
+        map: {{ _mapdata | yaml }}
diff --git a/firewalld/yaml_dump/init.sls b/firewalld/yaml_dump/init.sls
diff --git a/firewalld/yaml_dump/yaml_dump.jinja b/firewalld/yaml_dump/yaml_dump.jinja
diff --git a/kitchen.yml b/kitchen.yml
@@ -156,7 +156,7 @@ suites:
       state_top:
         base:
           '*':
-            - firewalld.yaml_dump
+            - firewalld._mapdata
             - firewalld
       pillars:
         top.sls:

diff --git a/test/integration/default/controls/_mapdata_spec.rb b/test/integration/default/controls/_mapdata_spec.rb
@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+require 'yaml'
+
+control '`map.jinja` YAML dump' do
+  title 'should match the comparison file'
+
+  ### Method
+  # The steps below for each file appear convoluted but they are both required
+  # and similar in nature:
+  # 1. The earliest method was to simply compare the files textually but this often
+  #    led to false positives due to inconsistencies (e.g. spacing, ordering)
+  # 2. The next method was to load the files back into YAML structures and then
+  #    compare but InSpec provided block diffs this way, unusable by end users
+  # 3. The final step was to dump the YAML structures back into a string to use
+  #    for the comparison; this both worked and provided human-friendly diffs
+
+  ### Comparison file for the specific platform
+  ### Static, adjusted as part of code contributions, as map data is changed
+  # Strip the `platform[:finger]` version number down to the "OS major release"
+  platform_finger = system.platform[:finger].split('.').first.to_s
+  # Use that to set the path to the file (relative to the InSpec suite directory)
+  mapdata_file_path = "_mapdata/#{platform_finger}.yaml"
+  # Load the mapdata from profile, into a YAML structure
+  # https://docs.chef.io/inspec/profiles/#profile-files
+  mapdata_file_yaml = YAML.safe_load(inspec.profile.file(mapdata_file_path))
+  # Dump the YAML back into a string for comparison
+  mapdata_file_dump = YAML.dump(mapdata_file_yaml)
+
+  ### Output file produced by running the `_mapdata` state
+  ### Dynamic, generated during Kitchen's `converge` phase
+  # Derive the location of the dumped mapdata (differs for Windows)
+  output_dir = platform[:family] == 'windows' ? '/temp' : '/tmp'
+  # Use that to set the path to the file (absolute path, i.e. within the container)
+  output_file_path = "#{output_dir}/salt_mapdata_dump.yaml"
+  # Load the output into a YAML structure using InSpec's `yaml` resource
+  # https://github.com/inspec/inspec/blob/49b7d10/lib/inspec/resources/yaml.rb#L29
+  output_file_yaml = yaml(output_file_path).params
+  # Dump the YAML back into a string for comparison
+  output_file_dump = YAML.dump(output_file_yaml)
+
+  describe 'File content' do
+    it 'should match profile map data exactly' do
+      expect(output_file_dump).to eq(mapdata_file_dump)
+    end
+  end
+end
diff --git a/test/integration/default/controls/yaml_dump_spec.rb b/test/integration/default/controls/yaml_dump_spec.rb
diff --git a/test/integration/default/inspec.yml b/test/integration/default/inspec.yml
@@ -6,6 +6,9 @@ title: firewalld formula
 maintainer: SaltStack Formulas
 license: Apache-2.0
 summary: Verify that the firewalld formula is setup and configured correctly
+depends:
+  - name: share
+    path: test/integration/share
 supports:
   - platform-name: debian
   - platform-name: ubuntu

diff --git a/test/integration/share/README.md b/test/integration/share/README.md
@@ -0,0 +1,21 @@
+# InSpec Profile: `share`
+
+This shows the implementation of the `share` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md).
+
+Its goal is to share the libraries between all profiles.
+
+## Libraries
+
+### `system`
+
+The `system` library provides easy access to system dependent information:
+
+- `system.platform`: based on `inspec.platform`, modify to values that are more consistent from a SaltStack perspective
+  - `system.platform[:family]` provide a family name for Arch and Gentoo
+  - `system.platform[:name]` append `linux` to both `amazon` and `oracle`; ensure Windows platforms are resolved as simply `windows`
+  - `system.platform[:release]` tweak Arch, Amazon Linux, Gentoo and Windows:
+    - `Arch` is always `base-latest`
+    - `Amazon Linux` release `2018` is resolved as `1`
+    - `Gentoo` release is trimmed to its major version number and then the init system is appended (i.e. `sysv` or `sysd`)
+    - `Windows` uses the widely-used release number (e.g. `8.1` or `2019-server`) in place of the actual system release version
+  - `system.platform[:finger]` is the concatenation of the name and the major release number (except for Ubuntu, which gives `ubuntu-20.04` for example)
diff --git a/test/integration/share/inspec.yml b/test/integration/share/inspec.yml
@@ -0,0 +1,21 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+name: share
+title: InSpec shared resources
+maintainer: SaltStack Formulas
+license: Apache-2.0
+summary: shared resources
+supports:
+  - platform-name: debian
+  - platform-name: ubuntu
+  - platform-name: centos
+  - platform-name: fedora
+  - platform-name: opensuse
+  - platform-name: suse
+  - platform-name: freebsd
+  - platform-name: amazon
+  - platform-name: oracle
+  - platform-name: arch
+  - platform-name: gentoo
+  - platform: windows