-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathRakefile
executable file
·119 lines (98 loc) · 3.74 KB
/
Rakefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
#!/usr/bin/env rake
require 'rake/testtask'
require 'rubocop/rake_task'
# Rubocop
desc 'Run Rubocop lint checks'
task :rubocop do
RuboCop::RakeTask.new
end
# lint the project
desc 'Run robocop linter'
task lint: [:rubocop]
# run tests
desc 'default resource pack checks'
task default: [:lint, 'test:check']
namespace :test do # rubocop:disable Metrics/BlockLength
# Specify the directory for the integration tests
integration_dir = 'test/integration'
# Specify the terraform plan name
plan_name = 'inspec-digitalocean.plan'
# The below file allows to inject parameters as profile attributes to inspec
profile_attributes = 'attributes.yml'
# run inspec check to verify that the profile is properly configured
task :check do
dir = File.join(File.dirname(__FILE__))
sh("bundle exec inspec check #{dir}")
# run inspec check on the sample profile to ensure all resources are loaded okay
sh("bundle exec inspec check #{integration_dir}/verify")
end
task :init_workspace do
# Initialize terraform workspace
cmd = format('cd %s/build/ && terraform init', integration_dir)
sh(cmd)
# create private key
cmd = format("cd %s/build/ && ssh-keygen -t rsa -b 4096 -C 'digitalocean' -N '' -f ./id_rsa", integration_dir)
sh(cmd)
# create certificate for load balancer
cmd = format("cd %s/build/ && openssl req -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr -subj '/C=DE/ST=Berlin/L=Berlin/O=InSpec Security/OU=IT Department/CN=example.com'", integration_dir)
sh(cmd)
cmd = format("cd %s/build/ && openssl req -key domain.key -new -x509 -days 365 -out domain.crt -subj '/C=DE/ST=Berlin/L=Berlin/O=InSpec Security/OU=IT Department/CN=example.com'", integration_dir)
sh(cmd)
end
task :plan_integration_tests do
puts '----> Setup'
# Create the plan that can be applied
cmd = format('cd %s/build/ && terraform plan -out %s', integration_dir, plan_name)
sh(cmd)
end
task :setup_integration_tests do
cmd = format('cd %s/build/ && terraform apply %s', integration_dir, plan_name)
sh(cmd)
end
task :run_integration_tests do
puts '----> Run'
cmd = format('inspec exec %s/verify --distinct_exit --attrs %s/%s -t digitalocean://', integration_dir, integration_dir, profile_attributes)
sh(cmd)
end
task :cleanup_integration_tests do
puts '----> Cleanup'
cmd = format('cd %s/build/ && terraform destroy -force || true', integration_dir)
sh(cmd)
end
desc 'converts tfstate to attributes'
task :tfstate do
require 'json'
state = JSON.parse(File.read("#{integration_dir}/build/terraform.tfstate"))
iattributes = {}
state['modules'][0]['resources'].each { |k, v|
iattributes[k] = v['primary']['attributes']
}
# write inspec attributes
require 'yaml'
File.open("#{integration_dir}/#{profile_attributes}", 'w') { |file| file.write(iattributes.to_yaml) }
end
desc 'Perform Integration Tests'
task :integration do
Rake::Task['test:init_workspace'].execute
if File.exist?(File.join(integration_dir, 'build'))
Rake::Task['test:cleanup_integration_tests'].execute
end
Rake::Task['test:plan_integration_tests'].execute
Rake::Task['test:setup_integration_tests'].execute
Rake::Task['test:tfstate'].execute
Rake::Task['test:run_integration_tests'].execute
Rake::Task['test:cleanup_integration_tests'].execute
end
end
# Automatically generate a changelog for this project. Only loaded if
# the necessary gem is installed.
# use `rake changelog to=1.2.0`
begin
v = ENV['to']
require 'github_changelog_generator/task'
GitHubChangelogGenerator::RakeTask.new :changelog do |config|
config.future_release = v
end
rescue LoadError
puts '>>>>> GitHub Changelog Generator not loaded, omitting tasks'
end