test(inspec): verify mapdata dump against reference files

test/integration/default/controls/_mapdata.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+require 'yaml'
+
+control 'cert._mapdata' do
+  title '`map.jinja` should match the reference file'
+
+  ### Method
+  # The steps below for each file appear convoluted but they are both required
+  # and similar in nature:
+  # 1. The earliest method was to simply compare the files textually but this often
+  #    led to false positives due to inconsistencies (e.g. spacing, ordering)
+  # 2. The next method was to load the files back into YAML structures and then
+  #    compare but InSpec provided block diffs this way, unusable by end users
+  # 3. The final step was to dump the YAML structures back into a string to use
+  #    for the comparison; this both worked and provided human-friendly diffs
+
+  ### Comparison file for the specific platform
+  ### Static, adjusted as part of code contributions, as map data is changed
+  # Strip the `platform[:finger]` version number down to the "OS major release"
+  platform_finger = system.platform[:finger].split('.').first.to_s
+  # Use that to set the path to the file (relative to the InSpec suite directory)
+  mapdata_file_path = "_mapdata/#{platform_finger}.yaml"
+  # Load the mapdata from profile, into a YAML structure
+  # https://docs.chef.io/inspec/profiles/#profile-files
+  mapdata_file_yaml = YAML.load(inspec.profile.file(mapdata_file_path))
+  # Dump the YAML back into a string for comparison
+  mapdata_file_dump = YAML.dump(mapdata_file_yaml)
+
+  ### Output file produced by running the `_mapdata` state
+  ### Dynamic, generated during Kitchen's `converge` phase
+  # Derive the location of the dumped mapdata (differs for Windows)
+  output_dir = platform[:family] == 'windows' ? '/temp' : '/tmp'
+  # Use that to set the path to the file (absolute path, i.e. within the container)
+  output_file_path = "#{output_dir}/salt_mapdata_dump.yaml"
+  # Load the output into a YAML structure using InSpec's `yaml` resource
+  # https://github.com/inspec/inspec/blob/49b7d10/lib/inspec/resources/yaml.rb#L29
+  output_file_yaml = yaml(output_file_path).params
+  # Dump the YAML back into a string for comparison
+  output_file_dump = YAML.dump(output_file_yaml)
+
+  describe 'File content' do
+    it 'should match profile map data exactly' do
+      expect(output_file_dump).to eq(mapdata_file_dump)
+    end
+  end
+end

test/integration/default/files/_mapdata/amazonlinux-2.yaml

@@ -0,0 +1,19 @@
+# yamllint disable rule:indentation rule:line-length
+# Amazon Linux-2
+---
+values:
+  cert_dir: /etc/pki/tls/certs
+  cert_ext: .crt
+  cert_group: root
+  cert_mode: 644
+  cert_source_dir: /tmp/kitchen/srv/salt/files/
+  cert_tmp_dir: /tmp/certs/
+  cert_user: root
+  key_dir: /etc/pki/tls/private
+  key_ext: .key
+  key_group: root
+  key_mode: 600
+  key_user: root
+  pkgs:
+  - ca-certificates
+  remove: false

test/integration/default/files/_mapdata/arch-base-latest.yaml

@@ -0,0 +1,21 @@
+# yamllint disable rule:indentation rule:line-length
+# Arch
+---
+values:
+  cert_dir: /etc/ssl/certs
+  cert_ext: .crt
+  cert_group: root
+  cert_mode: 644
+  cert_source_dir: /tmp/kitchen/srv/salt/files/
+  cert_tmp_dir: /tmp/certs/
+  cert_user: root
+  key_dir: /etc/ssl/private
+  key_ext: .key
+  key_group: root
+  key_mode: 600
+  key_user: root
+  pkgs:
+  - ca-certificates
+  - ca-certificates-mozilla
+  - ca-certificates-utils
+  remove: false

test/integration/default/files/_mapdata/centos-7.yaml

@@ -0,0 +1,19 @@
+# yamllint disable rule:indentation rule:line-length
+# CentOS Linux-7
+---
+values:
+  cert_dir: /etc/pki/tls/certs
+  cert_ext: .crt
+  cert_group: root
+  cert_mode: 644
+  cert_source_dir: /tmp/kitchen/srv/salt/files/
+  cert_tmp_dir: /tmp/certs/
+  cert_user: root
+  key_dir: /etc/pki/tls/private
+  key_ext: .key
+  key_group: root
+  key_mode: 600
+  key_user: root
+  pkgs:
+  - ca-certificates
+  remove: false

test/integration/default/files/_mapdata/centos-8.yaml

@@ -0,0 +1,19 @@
+# yamllint disable rule:indentation rule:line-length
+# CentOS Linux-8
+---
+values:
+  cert_dir: /etc/pki/tls/certs
+  cert_ext: .crt
+  cert_group: root
+  cert_mode: 644
+  cert_source_dir: /tmp/kitchen/srv/salt/files/
+  cert_tmp_dir: /tmp/certs/
+  cert_user: root
+  key_dir: /etc/pki/tls/private
+  key_ext: .key
+  key_group: root
+  key_mode: 600
+  key_user: root
+  pkgs:
+  - ca-certificates
+  remove: false

test/integration/default/files/_mapdata/debian-10.yaml

@@ -0,0 +1,20 @@
+# yamllint disable rule:indentation rule:line-length
+# Debian-10
+---
+values:
+  cert_dir: /usr/local/share/ca-certificates
+  cert_ext: .crt
+  cert_group: root
+  cert_mode: 644
+  cert_source_dir: /tmp/kitchen/srv/salt/files/
+  cert_tmp_dir: /tmp/certs/
+  cert_user: root
+  key_dir: /etc/ssl/private
+  key_ext: .key
+  key_group: ssl-cert
+  key_mode: 640
+  key_user: root
+  pkgs:
+  - ca-certificates
+  - ssl-cert
+  remove: false

test/integration/default/files/_mapdata/debian-9.yaml

@@ -0,0 +1,20 @@
+# yamllint disable rule:indentation rule:line-length
+# Debian-9
+---
+values:
+  cert_dir: /usr/local/share/ca-certificates
+  cert_ext: .crt
+  cert_group: root
+  cert_mode: 644
+  cert_source_dir: /tmp/kitchen/srv/salt/files/
+  cert_tmp_dir: /tmp/certs/
+  cert_user: root
+  key_dir: /etc/ssl/private
+  key_ext: .key
+  key_group: ssl-cert
+  key_mode: 640
+  key_user: root
+  pkgs:
+  - ca-certificates
+  - ssl-cert
+  remove: false

test/integration/default/files/_mapdata/fedora-32.yaml

@@ -0,0 +1,19 @@
+# yamllint disable rule:indentation rule:line-length
+# Fedora-32
+---
+values:
+  cert_dir: /etc/pki/tls/certs
+  cert_ext: .crt
+  cert_group: root
+  cert_mode: 644
+  cert_source_dir: /tmp/kitchen/srv/salt/files/
+  cert_tmp_dir: /tmp/certs/
+  cert_user: root
+  key_dir: /etc/pki/tls/private
+  key_ext: .key
+  key_group: root
+  key_mode: 600
+  key_user: root
+  pkgs:
+  - ca-certificates
+  remove: false

test/integration/default/files/_mapdata/fedora-33.yaml

@@ -0,0 +1,19 @@
+# yamllint disable rule:indentation rule:line-length
+# Fedora-33
+---
+values:
+  cert_dir: /etc/pki/tls/certs
+  cert_ext: .crt
+  cert_group: root
+  cert_mode: 644
+  cert_source_dir: /tmp/kitchen/srv/salt/files/
+  cert_tmp_dir: /tmp/certs/
+  cert_user: root
+  key_dir: /etc/pki/tls/private
+  key_ext: .key
+  key_group: root
+  key_mode: 600
+  key_user: root
+  pkgs:
+  - ca-certificates
+  remove: false

test/integration/default/files/_mapdata/gentoo-2-sysd.yaml

@@ -0,0 +1,17 @@
+# yamllint disable rule:indentation rule:line-length
+# Gentoo-2
+---
+values:
+  cert_dir: /etc/ssl/certs
+  cert_ext: .crt
+  cert_group: root
+  cert_mode: 644
+  cert_source_dir: /tmp/kitchen/srv/salt/files/
+  cert_tmp_dir: /tmp/certs/
+  cert_user: root
+  key_dir: /etc/ssl/private
+  key_ext: .key
+  key_group: root
+  key_mode: 600
+  key_user: root
+  remove: false

test/integration/default/files/_mapdata/gentoo-2-sysv.yaml

@@ -0,0 +1,17 @@
+# yamllint disable rule:indentation rule:line-length
+# Gentoo-2
+---
+values:
+  cert_dir: /etc/ssl/certs
+  cert_ext: .crt
+  cert_group: root
+  cert_mode: 644
+  cert_source_dir: /tmp/kitchen/srv/salt/files/
+  cert_tmp_dir: /tmp/certs/
+  cert_user: root
+  key_dir: /etc/ssl/private
+  key_ext: .key
+  key_group: root
+  key_mode: 600
+  key_user: root
+  remove: false

test/integration/default/files/_mapdata/opensuse-15.yaml

@@ -0,0 +1,20 @@
+# yamllint disable rule:indentation rule:line-length
+# Leap-15
+---
+values:
+  cert_dir: /etc/ssl/certs
+  cert_ext: .crt
+  cert_group: root
+  cert_mode: '444'
+  cert_source_dir: /tmp/kitchen/srv/salt/files/
+  cert_tmp_dir: /tmp/certs/
+  cert_user: root
+  key_dir: /etc/ssl/private
+  key_ext: .key
+  key_group: root
+  key_mode: 600
+  key_user: root
+  pkgs:
+  - ca-certificates
+  - ca-certificates-mozilla
+  remove: false

test/integration/default/files/_mapdata/opensuse-tumbleweed.yaml

@@ -0,0 +1,20 @@
+# yamllint disable rule:indentation rule:line-length
+# openSUSE Tumbleweed-20210307
+---
+values:
+  cert_dir: /etc/ssl/certs
+  cert_ext: .crt
+  cert_group: root
+  cert_mode: '444'
+  cert_source_dir: /tmp/kitchen/srv/salt/files/
+  cert_tmp_dir: /tmp/certs/
+  cert_user: root
+  key_dir: /etc/ssl/private
+  key_ext: .key
+  key_group: root
+  key_mode: 600
+  key_user: root
+  pkgs:
+  - ca-certificates
+  - ca-certificates-mozilla
+  remove: false

test/integration/default/files/_mapdata/oraclelinux-7.yaml

@@ -0,0 +1,19 @@
+# yamllint disable rule:indentation rule:line-length
+# Oracle Linux Server-7
+---
+values:
+  cert_dir: /etc/pki/tls/certs
+  cert_ext: .crt
+  cert_group: root
+  cert_mode: 644
+  cert_source_dir: /tmp/kitchen/srv/salt/files/
+  cert_tmp_dir: /tmp/certs/
+  cert_user: root
+  key_dir: /etc/pki/tls/private
+  key_ext: .key
+  key_group: root
+  key_mode: 600
+  key_user: root
+  pkgs:
+  - ca-certificates
+  remove: false

test/integration/default/files/_mapdata/oraclelinux-8.yaml

@@ -0,0 +1,19 @@
+# yamllint disable rule:indentation rule:line-length
+# Oracle Linux Server-8
+---
+values:
+  cert_dir: /etc/pki/tls/certs
+  cert_ext: .crt
+  cert_group: root
+  cert_mode: 644
+  cert_source_dir: /tmp/kitchen/srv/salt/files/
+  cert_tmp_dir: /tmp/certs/
+  cert_user: root
+  key_dir: /etc/pki/tls/private
+  key_ext: .key
+  key_group: root
+  key_mode: 600
+  key_user: root
+  pkgs:
+  - ca-certificates
+  remove: false

test/integration/default/files/_mapdata/ubuntu-16.yaml

@@ -0,0 +1,20 @@
+# yamllint disable rule:indentation rule:line-length
+# Ubuntu-16.04
+---
+values:
+  cert_dir: /usr/local/share/ca-certificates
+  cert_ext: .crt
+  cert_group: root
+  cert_mode: 644
+  cert_source_dir: /tmp/kitchen/srv/salt/files/
+  cert_tmp_dir: /tmp/certs/
+  cert_user: root
+  key_dir: /etc/ssl/private
+  key_ext: .key
+  key_group: ssl-cert
+  key_mode: 640
+  key_user: root
+  pkgs:
+  - ca-certificates
+  - ssl-cert
+  remove: false

test/integration/default/files/_mapdata/ubuntu-18.yaml

@@ -0,0 +1,20 @@
+# yamllint disable rule:indentation rule:line-length
+# Ubuntu-18.04
+---
+values:
+  cert_dir: /usr/local/share/ca-certificates
+  cert_ext: .crt
+  cert_group: root
+  cert_mode: 644
+  cert_source_dir: /tmp/kitchen/srv/salt/files/
+  cert_tmp_dir: /tmp/certs/
+  cert_user: root
+  key_dir: /etc/ssl/private
+  key_ext: .key
+  key_group: ssl-cert
+  key_mode: 640
+  key_user: root
+  pkgs:
+  - ca-certificates
+  - ssl-cert
+  remove: false

test/integration/default/files/_mapdata/ubuntu-20.yaml

@@ -0,0 +1,20 @@
+# yamllint disable rule:indentation rule:line-length
+# Ubuntu-20.04
+---
+values:
+  cert_dir: /usr/local/share/ca-certificates
+  cert_ext: .crt
+  cert_group: root
+  cert_mode: 644
+  cert_source_dir: /tmp/kitchen/srv/salt/files/
+  cert_tmp_dir: /tmp/certs/
+  cert_user: root
+  key_dir: /etc/ssl/private
+  key_ext: .key
+  key_group: ssl-cert
+  key_mode: 640
+  key_user: root
+  pkgs:
+  - ca-certificates
+  - ssl-cert
+  remove: false