Merge pull request #139 from wazuh/3.9.3_7.2.0_kitchen_tests

Kitchen testing for Wazuh deployment with Puppet

.gitignore

@@ -25,3 +25,17 @@
 .project
 .envrc
 /inventory.yaml
+./kitchen/modules/.kitchen/logs/
+*.lock
+kitchen/.tmp/
+kitchen/.kitchen/
+kitchen/venv
+kitchen/*.xml
+kitchen/test/Dockerfile
+*.log
+*.pyc
+kitchen/.tmp/
+kitchen/.librarian/
+kitchen/.pytest_cache/
+kitchen/.*
+kitchen/modules/

kitchen/Gemfile

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+source "https://rubygems.org"
+
+# gem "rails"
+gem "test-kitchen"
+gem "kitchen-puppet"
+gem "kitchen-vagrant"
+gem 'kitchen-docker', '~> 2.3'
+gem "puppet"
+gem "librarian-puppet"

kitchen/Puppetfile

@@ -0,0 +1,26 @@
+#!/usr/bin/env ruby
+#^syntax detection
+
+forge "https://forgeapi.puppetlabs.com"
+
+# use dependencies defined in metadata.json
+#metadata
+
+mod "wazuh/wazuh"
+# use dependencies defined in Modulefile
+# modulefile
+
+# A module from the Puppet Forge
+# mod 'puppetlabs-stdlib'
+
+# A module from git
+# mod 'puppetlabs-ntp',
+#   :git => 'git://github.com/puppetlabs/puppetlabs-ntp.git'
+
+# A module from a git branch/tag
+# mod 'puppetlabs-apt',
+#   :git => 'https://github.com/puppetlabs/puppetlabs-apt.git',
+#   :ref => '1.4.x'
+
+# A module from Github pre-packaged tarball
+# mod 'puppetlabs-apache', '0.6.0', :github_tarball => 'puppetlabs/puppetlabs-apache'

kitchen/README.md

@@ -0,0 +1,227 @@
+**KITCHEN-PUPPET TESTING**
+
+
+**1.Building Kitchen Directory Structure**
+```
+├── chefignore
+├── Gemfile
+├── hieradata
+├── kitchen.yml
+├── manifests
+├── modules `should contain wazuh-puppet module`
+├── Puppetfile
+├── run.sh
+├── test
+```
+
+Find more details in the [official documentation](https://kitchen.ci/)
+
+**2. Required Gems**
+
+Kitchen basically works with `Ruby` gems and so, all required packages are available as gems. In our case, we would need the following gems to be installed. Found in the file `Gemfile` :
+
+```
+vagrant@master:~/wazuh-puppet/kitchen$ cat Gemfile
+# frozen_string_literal: true
+source "https://rubygems.org"
+
+# gem "rails"
+gem "test-kitchen"
+gem "kitchen-puppet"
+gem "kitchen-vagrant"
+gem 'kitchen-docker', '~> 2.3'
+gem "puppet"
+gem "librarian-puppet"
+```
+
+As we can see, we have gems for docker, vagrant, puppet, and kitchen itself.
+
+Once we have our list of gems prepared, we install them running the following command:
+
+```
+bundle install
+```
+
+**3. Adding Dependencies**
+
+A step which is already applied here is the creation of `Puppetfile` using `puppet-librerian` by running the command:
+
+```
+± librarian-puppet init
+      create  Puppetfile
+```
+
+As you can see the, `Puppetfile` already exist with the following content:
+
+```
+#!/usr/bin/env ruby
+#^syntax detection
+
+forge "https://forgeapi.puppetlabs.com"
+
+# use dependencies defined in metadata.json
+#metadata
+
+mod "wazuh/wazuh"
+# use dependencies defined in Modulefile
+# modulefile
+
+# A module from the Puppet Forge
+# mod 'puppetlabs-stdlib'
+
+# A module from git
+# mod 'puppetlabs-ntp',
+#   :git => 'git://github.com/puppetlabs/puppetlabs-ntp.git'
+
+# A module from a git branch/tag
+# mod 'puppetlabs-apt',
+#   :git => 'https://github.com/puppetlabs/puppetlabs-apt.git',
+#   :ref => '1.4.x'
+
+# A module from Github pre-packaged tarball
+# mod 'puppetlabs-apache', '0.6.0', :github_tarball => 'puppetlabs/puppetlabs-apache'
+```
+
+Once `Puppetfile` is prepared, then we run need to get the requested module, by running:
+
+ ```
+ librarian-puppet install
+ ```
+
+
+**4. Kitchen Environment Configuration**
+
+In the file `kitchen.yml` we have to configure the machines were our tests will be running. This configuration includes information, such as : 
+* The virtualization tool `vagrant` or `docker`, 
+* The operating system image, 
+* Testing suites `testinfra` for example, etc ...
+
+- An initial example of `kitchen.yml` would be:
+
+```
+vagrant@master:~/wazuh-puppet/kitchen$ cat kitchen.yml
+---
+driver:
+  name: docker
+
+provisioner:
+  name: puppet_apply
+  manifests_path: manifests
+  modules_path: modules
+  hiera_data_path: hieradata
+
+platforms:
+  - name: ubuntu-manager_00
+    run_options: --ip 10.1.0.19
+    driver_config:
+      image: ubuntu:14.04
+      platform: ubuntu
+      hostname: manager00_ubuntu
+
+  - name: ubuntu-agent
+    driver_config:
+      image: ubuntu:14.04
+      platform: ubuntu
+      hostname: agent00_ubuntu
+
+suites:
+  - name: default
+    manifest: site.pp
+    verifier:
+      name: shell
+      command: py.test -v test/base
+```
+
+**5. Put Kitchen in action** 
+
+Once we have `kitchen.yml` prepared, then we can create the environment by running:
+
+```
+kitchen create
+```
+
+This way we will only have our machines created without installing the desired components to be tested. These components are represented by Wazuh stack components such as `wazuh-manager`, `wazuh-agent`, etc ...
+
+**5. Install the required components to be tested then**
+
+In `Puppet` case, to specify the `manifests` to be installed, we should configure the file 'manifests/site.pp', which by now it looks like:
+
+```
+node 'manager00_ubuntu' {
+  class { "wazuh::manager":
+        configure_wodle_openscap => false
+  }
+}
+node 'agent00_ubuntu' {
+  class { "wazuh::agent":
+        ossec_ip => "manager_ip",
+        configure_wodle_openscap => false
+  }
+}
+```
+
+As you can see, we only want to install `wazuh-manager` and `wazuh-agent`.
+
+
+**6. Kitchen Converging: Installing the packages to be tested**
+
+Once `site.pp` is prepared, we run:
+```
+kitchen converge
+```
+
+**7. Testing**
+
+`Kitchen` offers a large variety of testing types, such as:
+* Bats tests.
+* Serverspec tests.
+* Testinfra tests.
+* <Maybe there are more ' to be discovered later' >
+
+In our case, we think that `testinfra` is the best choice based on old experience. so and in order to implemente `testinfra` tests, we should indicate the testing suite command in `kitchen.yml` as indicated before:
+```
+suites:
+  - name: default
+    manifest: site.pp
+    verifier:
+      name: shell
+      command: py.test -v test/base
+```
+
+In the folder test/base, we put our tests. By now we implemented 2 tests, one for `wazuh-manager` and another one for `wazuh-agent`. Please check both here: 
+* [manager](https://github.com/wazuh/wazuh-puppet/blob/3.9.3_7.2.0_kitchen_tests/kitchen/test/base/test_wazuh_manager.py)
+* [agent](https://github.com/wazuh/wazuh-puppet/blob/3.9.3_7.2.0_kitchen_tests/kitchen/test/base/test_wazuh_agent.py)
+
+Once we have our suite prepared, then we run:
+
+```
+kitchen verify
+```
+
+And in a successful testing attempt we can get something like:
+
+```
+-----> Starting Kitchen (v2.2.5)
+-----> Verifying <default-ubuntu-manager-00>...
+       [Shell] Verify on instance default-ubuntu-manager-00  ...
+
+============================= test session starts ==============================
+platform linux -- Python 3.4.3, pytest-4.6.4, py-1.8.0, pluggy-0.12.0 -- /usr/bin/python3.4
+cachedir: .pytest_cache
+rootdir: /home/vagrant/wazuh-puppet/kitchen
+plugins: testinfra-3.0.5
+collecting ... collected 8 items
+
+test/base/test_wazuh_agent.py::test_wazuh_agent_package SKIPPED          [ 12%]
+test/base/test_wazuh_agent.py::test_wazuh_processes_running[ossec-agentd-ossec] SKIPPED [ 25%]
+test/base/test_wazuh_agent.py::test_wazuh_processes_running[ossec-execd-root] SKIPPED [ 37%]
+test/base/test_wazuh_agent.py::test_wazuh_processes_running[ossec-syscheckd-root] SKIPPED [ 50%]
+test/base/test_wazuh_agent.py::test_wazuh_processes_running[wazuh-modulesd-root] SKIPPED [ 62%]
+test/base/test_wazuh_manager.py::test_wazuh_agent_package PASSED         [ 75%]
+test/base/test_wazuh_manager.py::test_wazuh_packages_are_installed PASSED [ 87%]
+test/base/test_wazuh_manager.py::test_wazuh_services_are_running PASSED  [100%]
+
+===================== 3 passed, 5 skipped in 1.18 seconds ======================
+       Finished verifying <default-ubuntu-manager-00> (0m2.16s).
+-----> Kitchen is finished. (0m4.51s)
+```

kitchen/chefignore

@@ -0,0 +1 @@
+.kitchen

kitchen/clean.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+echo "Deleting Old logs, old instances files, etc ..."
+rm -rf .kitchen/logs/* # removing old logs
+rm -rf .kitchen/def* # removing old .yml files associated for old kitchen instances
+rm -rf ./manifests/se* # removing all temporal manifests files.
+
+echo "Kitchen is destroying old instances ..."
+kitchen destroy all # destroying all existing kitchen instances
+
+echo "Docker is stopping and deleting old containers of they do exist"
+docker ps --filter name=kitchen -aq | xargs docker stop | xargs docker rm

kitchen/kitchen.yml

@@ -0,0 +1,52 @@
+---
+driver:
+  name: docker
+  privileged: true
+  use_sudo: false
+
+provisioner:
+  name: puppet_apply
+  manifests_path: manifests
+  modules_path: modules
+  hiera_data_path: hieradata
+
+platforms:
+  - name: ubuntu-manager_00_kitchen
+    driver_config:
+      image: ubuntu:14.04
+      platform: ubuntu
+      hostname: manager00_ubuntu
+
+  - name: ubuntu-agent-kitchen
+    driver_config:
+      image: ubuntu:14.04
+      platform: ubuntu
+      hostname: agent00_ubuntu
+
+  - name: centos-manager_00_kitchen
+    driver_config:
+      image: centos:7
+      platform: centos
+      hostname: manager00_centos
+      run_command: /usr/sbin/init
+      dockerfile: test/Dockerfile
+      build_options:
+        rm: true
+
+  - name: centos-agent_kitchen
+    driver_config:
+      image: centos:7
+      platform: centos
+      hostname: agent00_centos
+      run_command: /usr/sbin/init
+      run_command: /usr/lib/systemd/systemd
+      dockerfile: test/Dockerfile
+      build_options:
+        rm: true
+
+suites:
+  - name: default
+    manifest: site.pp
+    verifier:
+      name: shell
+      command: py.test -v test/base

kitchen/manifests/site.pp

@@ -0,0 +1,24 @@
+node 'manager00_ubuntu' {
+  class { "wazuh::manager":
+        configure_wodle_openscap => false
+  }
+}
+node 'agent00_ubuntu' {
+  class { "wazuh::agent":
+        wazuh_register_endpoint => "10.1.0.9",
+        wazuh_reporting_endpoint => "10.1.0.9",
+        configure_wodle_openscap => false
+  }
+}
+node 'manager00_centos' {
+  class { "wazuh::manager":
+        configure_wodle_openscap => true
+  }
+}
+node 'agent00_centos' {
+  class { "wazuh::agent":
+        wazuh_register_endpoint => "10.1.0.11",
+        wazuh_reporting_endpoint => "10.1.0.11",
+        configure_wodle_openscap => true
+  }
+}