From 42f299f64acdfa498cb2d6f7457776ad762c96dc Mon Sep 17 00:00:00 2001
From: Daniel Dehennin <daniel.dehennin@ac-dijon.fr>
Date: Wed, 17 Mar 2021 09:21:03 +0100
Subject: [PATCH] test(inspec): verify `mapdata` dump against reference files

---
 test/integration/default/controls/_mapdata.rb | 47 +++++++++++++++++++
 .../default/files/_mapdata/amazonlinux-2.yaml | 19 ++++++++
 .../files/_mapdata/arch-base-latest.yaml      | 21 +++++++++
 .../default/files/_mapdata/centos-7.yaml      | 19 ++++++++
 .../default/files/_mapdata/centos-8.yaml      | 19 ++++++++
 .../default/files/_mapdata/debian-10.yaml     | 20 ++++++++
 .../default/files/_mapdata/debian-9.yaml      | 20 ++++++++
 .../default/files/_mapdata/fedora-32.yaml     | 19 ++++++++
 .../default/files/_mapdata/fedora-33.yaml     | 19 ++++++++
 .../default/files/_mapdata/gentoo-2-sysd.yaml | 17 +++++++
 .../default/files/_mapdata/gentoo-2-sysv.yaml | 17 +++++++
 .../default/files/_mapdata/opensuse-15.yaml   | 20 ++++++++
 .../files/_mapdata/opensuse-tumbleweed.yaml   | 20 ++++++++
 .../default/files/_mapdata/oraclelinux-7.yaml | 19 ++++++++
 .../default/files/_mapdata/oraclelinux-8.yaml | 19 ++++++++
 .../default/files/_mapdata/ubuntu-16.yaml     | 20 ++++++++
 .../default/files/_mapdata/ubuntu-18.yaml     | 20 ++++++++
 .../default/files/_mapdata/ubuntu-20.yaml     | 20 ++++++++
 18 files changed, 375 insertions(+)
 create mode 100644 test/integration/default/controls/_mapdata.rb
 create mode 100644 test/integration/default/files/_mapdata/amazonlinux-2.yaml
 create mode 100644 test/integration/default/files/_mapdata/arch-base-latest.yaml
 create mode 100644 test/integration/default/files/_mapdata/centos-7.yaml
 create mode 100644 test/integration/default/files/_mapdata/centos-8.yaml
 create mode 100644 test/integration/default/files/_mapdata/debian-10.yaml
 create mode 100644 test/integration/default/files/_mapdata/debian-9.yaml
 create mode 100644 test/integration/default/files/_mapdata/fedora-32.yaml
 create mode 100644 test/integration/default/files/_mapdata/fedora-33.yaml
 create mode 100644 test/integration/default/files/_mapdata/gentoo-2-sysd.yaml
 create mode 100644 test/integration/default/files/_mapdata/gentoo-2-sysv.yaml
 create mode 100644 test/integration/default/files/_mapdata/opensuse-15.yaml
 create mode 100644 test/integration/default/files/_mapdata/opensuse-tumbleweed.yaml
 create mode 100644 test/integration/default/files/_mapdata/oraclelinux-7.yaml
 create mode 100644 test/integration/default/files/_mapdata/oraclelinux-8.yaml
 create mode 100644 test/integration/default/files/_mapdata/ubuntu-16.yaml
 create mode 100644 test/integration/default/files/_mapdata/ubuntu-18.yaml
 create mode 100644 test/integration/default/files/_mapdata/ubuntu-20.yaml

diff --git a/test/integration/default/controls/_mapdata.rb b/test/integration/default/controls/_mapdata.rb
new file mode 100644
index 0000000..e5d45bd
--- /dev/null
+++ b/test/integration/default/controls/_mapdata.rb
@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+require 'yaml'
+
+control 'cert._mapdata' do
+  title '`map.jinja` should match the reference file'
+
+  ### Method
+  # The steps below for each file appear convoluted but they are both required
+  # and similar in nature:
+  # 1. The earliest method was to simply compare the files textually but this often
+  #    led to false positives due to inconsistencies (e.g. spacing, ordering)
+  # 2. The next method was to load the files back into YAML structures and then
+  #    compare but InSpec provided block diffs this way, unusable by end users
+  # 3. The final step was to dump the YAML structures back into a string to use
+  #    for the comparison; this both worked and provided human-friendly diffs
+
+  ### Comparison file for the specific platform
+  ### Static, adjusted as part of code contributions, as map data is changed
+  # Strip the `platform[:finger]` version number down to the "OS major release"
+  platform_finger = system.platform[:finger].split('.').first.to_s
+  # Use that to set the path to the file (relative to the InSpec suite directory)
+  mapdata_file_path = "_mapdata/#{platform_finger}.yaml"
+  # Load the mapdata from profile, into a YAML structure
+  # https://docs.chef.io/inspec/profiles/#profile-files
+  mapdata_file_yaml = YAML.load(inspec.profile.file(mapdata_file_path))
+  # Dump the YAML back into a string for comparison
+  mapdata_file_dump = YAML.dump(mapdata_file_yaml)
+
+  ### Output file produced by running the `_mapdata` state
+  ### Dynamic, generated during Kitchen's `converge` phase
+  # Derive the location of the dumped mapdata (differs for Windows)
+  output_dir = platform[:family] == 'windows' ? '/temp' : '/tmp'
+  # Use that to set the path to the file (absolute path, i.e. within the container)
+  output_file_path = "#{output_dir}/salt_mapdata_dump.yaml"
+  # Load the output into a YAML structure using InSpec's `yaml` resource
+  # https://github.com/inspec/inspec/blob/49b7d10/lib/inspec/resources/yaml.rb#L29
+  output_file_yaml = yaml(output_file_path).params
+  # Dump the YAML back into a string for comparison
+  output_file_dump = YAML.dump(output_file_yaml)
+
+  describe 'File content' do
+    it 'should match profile map data exactly' do
+      expect(output_file_dump).to eq(mapdata_file_dump)
+    end
+  end
+end
diff --git a/test/integration/default/files/_mapdata/amazonlinux-2.yaml b/test/integration/default/files/_mapdata/amazonlinux-2.yaml
new file mode 100644
index 0000000..b63716d
--- /dev/null
+++ b/test/integration/default/files/_mapdata/amazonlinux-2.yaml
@@ -0,0 +1,19 @@
+# yamllint disable rule:indentation rule:line-length
+# Amazon Linux-2
+---
+values:
+  cert_dir: /etc/pki/tls/certs
+  cert_ext: .crt
+  cert_group: root
+  cert_mode: 644
+  cert_source_dir: /tmp/kitchen/srv/salt/files/
+  cert_tmp_dir: /tmp/certs/
+  cert_user: root
+  key_dir: /etc/pki/tls/private
+  key_ext: .key
+  key_group: root
+  key_mode: 600
+  key_user: root
+  pkgs:
+  - ca-certificates
+  remove: false
diff --git a/test/integration/default/files/_mapdata/arch-base-latest.yaml b/test/integration/default/files/_mapdata/arch-base-latest.yaml
new file mode 100644
index 0000000..96d487d
--- /dev/null
+++ b/test/integration/default/files/_mapdata/arch-base-latest.yaml
@@ -0,0 +1,21 @@
+# yamllint disable rule:indentation rule:line-length
+# Arch
+---
+values:
+  cert_dir: /etc/ssl/certs
+  cert_ext: .crt
+  cert_group: root
+  cert_mode: 644
+  cert_source_dir: /tmp/kitchen/srv/salt/files/
+  cert_tmp_dir: /tmp/certs/
+  cert_user: root
+  key_dir: /etc/ssl/private
+  key_ext: .key
+  key_group: root
+  key_mode: 600
+  key_user: root
+  pkgs:
+  - ca-certificates
+  - ca-certificates-mozilla
+  - ca-certificates-utils
+  remove: false
diff --git a/test/integration/default/files/_mapdata/centos-7.yaml b/test/integration/default/files/_mapdata/centos-7.yaml
new file mode 100644
index 0000000..265a900
--- /dev/null
+++ b/test/integration/default/files/_mapdata/centos-7.yaml
@@ -0,0 +1,19 @@
+# yamllint disable rule:indentation rule:line-length
+# CentOS Linux-7
+---
+values:
+  cert_dir: /etc/pki/tls/certs
+  cert_ext: .crt
+  cert_group: root
+  cert_mode: 644
+  cert_source_dir: /tmp/kitchen/srv/salt/files/
+  cert_tmp_dir: /tmp/certs/
+  cert_user: root
+  key_dir: /etc/pki/tls/private
+  key_ext: .key
+  key_group: root
+  key_mode: 600
+  key_user: root
+  pkgs:
+  - ca-certificates
+  remove: false
diff --git a/test/integration/default/files/_mapdata/centos-8.yaml b/test/integration/default/files/_mapdata/centos-8.yaml
new file mode 100644
index 0000000..191d67c
--- /dev/null
+++ b/test/integration/default/files/_mapdata/centos-8.yaml
@@ -0,0 +1,19 @@
+# yamllint disable rule:indentation rule:line-length
+# CentOS Linux-8
+---
+values:
+  cert_dir: /etc/pki/tls/certs
+  cert_ext: .crt
+  cert_group: root
+  cert_mode: 644
+  cert_source_dir: /tmp/kitchen/srv/salt/files/
+  cert_tmp_dir: /tmp/certs/
+  cert_user: root
+  key_dir: /etc/pki/tls/private
+  key_ext: .key
+  key_group: root
+  key_mode: 600
+  key_user: root
+  pkgs:
+  - ca-certificates
+  remove: false
diff --git a/test/integration/default/files/_mapdata/debian-10.yaml b/test/integration/default/files/_mapdata/debian-10.yaml
new file mode 100644
index 0000000..6ed53f2
--- /dev/null
+++ b/test/integration/default/files/_mapdata/debian-10.yaml
@@ -0,0 +1,20 @@
+# yamllint disable rule:indentation rule:line-length
+# Debian-10
+---
+values:
+  cert_dir: /usr/local/share/ca-certificates
+  cert_ext: .crt
+  cert_group: root
+  cert_mode: 644
+  cert_source_dir: /tmp/kitchen/srv/salt/files/
+  cert_tmp_dir: /tmp/certs/
+  cert_user: root
+  key_dir: /etc/ssl/private
+  key_ext: .key
+  key_group: ssl-cert
+  key_mode: 640
+  key_user: root
+  pkgs:
+  - ca-certificates
+  - ssl-cert
+  remove: false
diff --git a/test/integration/default/files/_mapdata/debian-9.yaml b/test/integration/default/files/_mapdata/debian-9.yaml
new file mode 100644
index 0000000..8848a42
--- /dev/null
+++ b/test/integration/default/files/_mapdata/debian-9.yaml
@@ -0,0 +1,20 @@
+# yamllint disable rule:indentation rule:line-length
+# Debian-9
+---
+values:
+  cert_dir: /usr/local/share/ca-certificates
+  cert_ext: .crt
+  cert_group: root
+  cert_mode: 644
+  cert_source_dir: /tmp/kitchen/srv/salt/files/
+  cert_tmp_dir: /tmp/certs/
+  cert_user: root
+  key_dir: /etc/ssl/private
+  key_ext: .key
+  key_group: ssl-cert
+  key_mode: 640
+  key_user: root
+  pkgs:
+  - ca-certificates
+  - ssl-cert
+  remove: false
diff --git a/test/integration/default/files/_mapdata/fedora-32.yaml b/test/integration/default/files/_mapdata/fedora-32.yaml
new file mode 100644
index 0000000..520735a
--- /dev/null
+++ b/test/integration/default/files/_mapdata/fedora-32.yaml
@@ -0,0 +1,19 @@
+# yamllint disable rule:indentation rule:line-length
+# Fedora-32
+---
+values:
+  cert_dir: /etc/pki/tls/certs
+  cert_ext: .crt
+  cert_group: root
+  cert_mode: 644
+  cert_source_dir: /tmp/kitchen/srv/salt/files/
+  cert_tmp_dir: /tmp/certs/
+  cert_user: root
+  key_dir: /etc/pki/tls/private
+  key_ext: .key
+  key_group: root
+  key_mode: 600
+  key_user: root
+  pkgs:
+  - ca-certificates
+  remove: false
diff --git a/test/integration/default/files/_mapdata/fedora-33.yaml b/test/integration/default/files/_mapdata/fedora-33.yaml
new file mode 100644
index 0000000..ede9eb8
--- /dev/null
+++ b/test/integration/default/files/_mapdata/fedora-33.yaml
@@ -0,0 +1,19 @@
+# yamllint disable rule:indentation rule:line-length
+# Fedora-33
+---
+values:
+  cert_dir: /etc/pki/tls/certs
+  cert_ext: .crt
+  cert_group: root
+  cert_mode: 644
+  cert_source_dir: /tmp/kitchen/srv/salt/files/
+  cert_tmp_dir: /tmp/certs/
+  cert_user: root
+  key_dir: /etc/pki/tls/private
+  key_ext: .key
+  key_group: root
+  key_mode: 600
+  key_user: root
+  pkgs:
+  - ca-certificates
+  remove: false
diff --git a/test/integration/default/files/_mapdata/gentoo-2-sysd.yaml b/test/integration/default/files/_mapdata/gentoo-2-sysd.yaml
new file mode 100644
index 0000000..b20ebc9
--- /dev/null
+++ b/test/integration/default/files/_mapdata/gentoo-2-sysd.yaml
@@ -0,0 +1,17 @@
+# yamllint disable rule:indentation rule:line-length
+# Gentoo-2
+---
+values:
+  cert_dir: /etc/ssl/certs
+  cert_ext: .crt
+  cert_group: root
+  cert_mode: 644
+  cert_source_dir: /tmp/kitchen/srv/salt/files/
+  cert_tmp_dir: /tmp/certs/
+  cert_user: root
+  key_dir: /etc/ssl/private
+  key_ext: .key
+  key_group: root
+  key_mode: 600
+  key_user: root
+  remove: false
diff --git a/test/integration/default/files/_mapdata/gentoo-2-sysv.yaml b/test/integration/default/files/_mapdata/gentoo-2-sysv.yaml
new file mode 100644
index 0000000..b20ebc9
--- /dev/null
+++ b/test/integration/default/files/_mapdata/gentoo-2-sysv.yaml
@@ -0,0 +1,17 @@
+# yamllint disable rule:indentation rule:line-length
+# Gentoo-2
+---
+values:
+  cert_dir: /etc/ssl/certs
+  cert_ext: .crt
+  cert_group: root
+  cert_mode: 644
+  cert_source_dir: /tmp/kitchen/srv/salt/files/
+  cert_tmp_dir: /tmp/certs/
+  cert_user: root
+  key_dir: /etc/ssl/private
+  key_ext: .key
+  key_group: root
+  key_mode: 600
+  key_user: root
+  remove: false
diff --git a/test/integration/default/files/_mapdata/opensuse-15.yaml b/test/integration/default/files/_mapdata/opensuse-15.yaml
new file mode 100644
index 0000000..c4813d2
--- /dev/null
+++ b/test/integration/default/files/_mapdata/opensuse-15.yaml
@@ -0,0 +1,20 @@
+# yamllint disable rule:indentation rule:line-length
+# Leap-15
+---
+values:
+  cert_dir: /etc/ssl/certs
+  cert_ext: .crt
+  cert_group: root
+  cert_mode: '444'
+  cert_source_dir: /tmp/kitchen/srv/salt/files/
+  cert_tmp_dir: /tmp/certs/
+  cert_user: root
+  key_dir: /etc/ssl/private
+  key_ext: .key
+  key_group: root
+  key_mode: 600
+  key_user: root
+  pkgs:
+  - ca-certificates
+  - ca-certificates-mozilla
+  remove: false
diff --git a/test/integration/default/files/_mapdata/opensuse-tumbleweed.yaml b/test/integration/default/files/_mapdata/opensuse-tumbleweed.yaml
new file mode 100644
index 0000000..67d11d1
--- /dev/null
+++ b/test/integration/default/files/_mapdata/opensuse-tumbleweed.yaml
@@ -0,0 +1,20 @@
+# yamllint disable rule:indentation rule:line-length
+# openSUSE Tumbleweed-20210307
+---
+values:
+  cert_dir: /etc/ssl/certs
+  cert_ext: .crt
+  cert_group: root
+  cert_mode: '444'
+  cert_source_dir: /tmp/kitchen/srv/salt/files/
+  cert_tmp_dir: /tmp/certs/
+  cert_user: root
+  key_dir: /etc/ssl/private
+  key_ext: .key
+  key_group: root
+  key_mode: 600
+  key_user: root
+  pkgs:
+  - ca-certificates
+  - ca-certificates-mozilla
+  remove: false
diff --git a/test/integration/default/files/_mapdata/oraclelinux-7.yaml b/test/integration/default/files/_mapdata/oraclelinux-7.yaml
new file mode 100644
index 0000000..ea4a069
--- /dev/null
+++ b/test/integration/default/files/_mapdata/oraclelinux-7.yaml
@@ -0,0 +1,19 @@
+# yamllint disable rule:indentation rule:line-length
+# Oracle Linux Server-7
+---
+values:
+  cert_dir: /etc/pki/tls/certs
+  cert_ext: .crt
+  cert_group: root
+  cert_mode: 644
+  cert_source_dir: /tmp/kitchen/srv/salt/files/
+  cert_tmp_dir: /tmp/certs/
+  cert_user: root
+  key_dir: /etc/pki/tls/private
+  key_ext: .key
+  key_group: root
+  key_mode: 600
+  key_user: root
+  pkgs:
+  - ca-certificates
+  remove: false
diff --git a/test/integration/default/files/_mapdata/oraclelinux-8.yaml b/test/integration/default/files/_mapdata/oraclelinux-8.yaml
new file mode 100644
index 0000000..3bb1be8
--- /dev/null
+++ b/test/integration/default/files/_mapdata/oraclelinux-8.yaml
@@ -0,0 +1,19 @@
+# yamllint disable rule:indentation rule:line-length
+# Oracle Linux Server-8
+---
+values:
+  cert_dir: /etc/pki/tls/certs
+  cert_ext: .crt
+  cert_group: root
+  cert_mode: 644
+  cert_source_dir: /tmp/kitchen/srv/salt/files/
+  cert_tmp_dir: /tmp/certs/
+  cert_user: root
+  key_dir: /etc/pki/tls/private
+  key_ext: .key
+  key_group: root
+  key_mode: 600
+  key_user: root
+  pkgs:
+  - ca-certificates
+  remove: false
diff --git a/test/integration/default/files/_mapdata/ubuntu-16.yaml b/test/integration/default/files/_mapdata/ubuntu-16.yaml
new file mode 100644
index 0000000..96bd664
--- /dev/null
+++ b/test/integration/default/files/_mapdata/ubuntu-16.yaml
@@ -0,0 +1,20 @@
+# yamllint disable rule:indentation rule:line-length
+# Ubuntu-16.04
+---
+values:
+  cert_dir: /usr/local/share/ca-certificates
+  cert_ext: .crt
+  cert_group: root
+  cert_mode: 644
+  cert_source_dir: /tmp/kitchen/srv/salt/files/
+  cert_tmp_dir: /tmp/certs/
+  cert_user: root
+  key_dir: /etc/ssl/private
+  key_ext: .key
+  key_group: ssl-cert
+  key_mode: 640
+  key_user: root
+  pkgs:
+  - ca-certificates
+  - ssl-cert
+  remove: false
diff --git a/test/integration/default/files/_mapdata/ubuntu-18.yaml b/test/integration/default/files/_mapdata/ubuntu-18.yaml
new file mode 100644
index 0000000..71f02cf
--- /dev/null
+++ b/test/integration/default/files/_mapdata/ubuntu-18.yaml
@@ -0,0 +1,20 @@
+# yamllint disable rule:indentation rule:line-length
+# Ubuntu-18.04
+---
+values:
+  cert_dir: /usr/local/share/ca-certificates
+  cert_ext: .crt
+  cert_group: root
+  cert_mode: 644
+  cert_source_dir: /tmp/kitchen/srv/salt/files/
+  cert_tmp_dir: /tmp/certs/
+  cert_user: root
+  key_dir: /etc/ssl/private
+  key_ext: .key
+  key_group: ssl-cert
+  key_mode: 640
+  key_user: root
+  pkgs:
+  - ca-certificates
+  - ssl-cert
+  remove: false
diff --git a/test/integration/default/files/_mapdata/ubuntu-20.yaml b/test/integration/default/files/_mapdata/ubuntu-20.yaml
new file mode 100644
index 0000000..2bba0a0
--- /dev/null
+++ b/test/integration/default/files/_mapdata/ubuntu-20.yaml
@@ -0,0 +1,20 @@
+# yamllint disable rule:indentation rule:line-length
+# Ubuntu-20.04
+---
+values:
+  cert_dir: /usr/local/share/ca-certificates
+  cert_ext: .crt
+  cert_group: root
+  cert_mode: 644
+  cert_source_dir: /tmp/kitchen/srv/salt/files/
+  cert_tmp_dir: /tmp/certs/
+  cert_user: root
+  key_dir: /etc/ssl/private
+  key_ext: .key
+  key_group: ssl-cert
+  key_mode: 640
+  key_user: root
+  pkgs:
+  - ca-certificates
+  - ssl-cert
+  remove: false