chore: add vagrant

stephrobert · Nov 27, 2022 · dab706a · dab706a
1 parent 4508583
commit dab706a
Show file tree

Hide file tree

Showing 4 changed files with 118 additions and 0 deletions.
diff --git a/molecule/vagrant/converge.yml b/molecule/vagrant/converge.yml
@@ -0,0 +1,10 @@
+---
+- name: Converge
+  hosts: all
+  tasks:
+    - name: Include role
+      ansible.builtin.include_role:
+        name: ansible-role-openscap
+      vars:
+        - install_content: true
+        - scan: true
diff --git a/molecule/vagrant/molecule.yml b/molecule/vagrant/molecule.yml
@@ -0,0 +1,30 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: vagrant
+  provider:
+    name: libvirt
+  provision: true
+  cachier: machine
+  parallel: false
+
+platforms:
+  - name: hardening-debian
+    box: debian/bullseye64
+    # box: generic/ubuntu2204
+    memory: 1024
+    cpus: 2
+    interfaces:
+      # `network_name` is the required identifier, all other keys map to
+      # arguments.
+      - auto_config: true
+        network_name: private_network
+        type: dhcp
+      - network_name: forwarded_port
+        guest: 22
+        host: 2222
+provisioner:
+  name: ansible
+verifier:
+  name: ansible
diff --git a/molecule/vagrant/tests/test_default.yml b/molecule/vagrant/tests/test_default.yml
@@ -0,0 +1,8 @@
+# Molecule managed
+
+---
+file:
+  /etc/hosts:
+    exists: true
+    owner: root
+    group: root
diff --git a/molecule/vagrant/verify.yml b/molecule/vagrant/verify.yml
@@ -0,0 +1,70 @@
+---
+- name: Verify
+  hosts: all
+  become: true
+  vars:
+    goss_version: v0.3.13
+    goss_arch: amd64
+    goss_bin: /usr/local/bin/goss
+    goss_sha256sum: eb3522ff9682736ff61e2ad114de227de98debcf8a03ca66fcda3917577313e0.
+    goss_test_directory: /tmp/molecule/goss
+    goss_format: documentation
+  tasks:
+    - name: Download and install Goss
+      ansible.builtin.get_url:
+        url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}"
+        dest: "{{ goss_bin }}"
+        sha256sum: "{{ goss_sha256sum }}"
+        mode: 0755
+
+    - name: Create Molecule directory for test files  # noqa 208
+      ansible.builtin.file:
+        path: "{{ goss_test_directory }}"
+        state: directory
+
+    - name: Find Goss tests on localhost
+      ansible.builtin.find:
+        paths: "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}"
+        patterns:
+          - "test[-.\\w]*.yml"
+          - "test_host_{{ ansible_hostname }}[-.\\w]*.yml"
+        excludes:
+          - "test_host_(?!{{ ansible_hostname }})[-.\\w]*.yml"
+        use_regex: true
+      delegate_to: localhost
+      register: test_files
+      changed_when: false
+      become: false
+
+    - name: Debug
+      ansible.builtin.debug:
+        msg: "{{ test_files.files }}"
+        verbosity: 3
+
+    - name: Copy Goss tests to remote  # noqa 208
+      ansible.builtin.copy:
+        src: "{{ item.path }}"
+        dest: "{{ goss_test_directory }}/{{ item.path | basename }}"
+      with_items:
+        - "{{ test_files.files }}"
+
+    - name: Register test files
+      ansible.builtin.shell: "ls {{ goss_test_directory }}/test_*.yml"  # noqa 301
+      register: test_files
+
+    - name: Execute Goss tests
+      ansible.builtin.command: "{{ goss_bin }} -g {{ item }} validate --format {{ goss_format }}"  # noqa 301
+      register: test_results
+      with_items: "{{ test_files.stdout_lines }}"
+      failed_when: false
+
+    - name: Display details about the Goss results
+      ansible.builtin.debug:
+        msg: "{{ item.stdout_lines }}"
+      with_items: "{{ test_results.results }}"
+
+    - name: Fail when tests fail
+      ansible.builtin.fail:
+        msg: "Goss failed to validate"
+      when: item.rc != 0
+      with_items: "{{ test_results.results }}"