forked from osuosl-cookbooks/yum-cron
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Rakefile
130 lines (107 loc) · 2.94 KB
/
Rakefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
# Rake tasks
require 'rake'
require 'fileutils'
require 'base64'
require 'chef/encrypted_data_bag_item'
require 'json'
require 'openssl'
snakeoil_file_path = 'test/integration/data_bags/certificates/snakeoil.json'
encrypted_data_bag_secret_path = 'test/integration/encrypted_data_bag_secret'
##
# Run command wrapper
def run_command(command)
if File.exist?('Gemfile.lock')
sh %(bundle exec #{command})
else
sh %(chef exec #{command})
end
end
##
# Create a self-signed SSL certificate
#
def gen_ssl_cert
name = OpenSSL::X509::Name.new [
['C', 'US'],
['ST', 'Oregon'],
['CN', 'OSU Open Source Lab'],
['DC', 'example']
]
key = OpenSSL::PKey::RSA.new 2048
cert = OpenSSL::X509::Certificate.new
cert.version = 2
cert.serial = 2
cert.subject = name
cert.public_key = key.public_key
cert.not_before = Time.now
cert.not_after = cert.not_before + 1 * 365 * 24 * 60 * 60 # 1 years validity
# Self-sign the Certificate
cert.issuer = name
cert.sign(key, OpenSSL::Digest::SHA1.new)
return cert, key
end
##
# Create a data bag item (with the id of snakeoil) containing a self-signed SSL
# certificate
#
def ssl_data_bag_item
cert, key = gen_ssl_cert
Chef::DataBagItem.from_hash(
'id' => 'snakeoil',
'cert' => cert.to_pem,
'key' => key.to_pem
)
end
##
# Create the integration tests directory if it doesn't exist
#
directory 'test/integration'
##
# Generates a 512 byte random sequence and write it to
# 'test/integration/encrypted_data_bag_secret'
#
file encrypted_data_bag_secret_path => 'test/integration' do
encrypted_data_bag_secret = OpenSSL::Random.random_bytes(512)
open encrypted_data_bag_secret_path, 'w' do |io|
io.write Base64.encode64(encrypted_data_bag_secret)
end
end
##
# Create the certificates data bag if it doesn't exist
#
directory 'test/integration/data_bags/certificates' => 'test/integration'
##
# Create the encrypted snakeoil certificate under
# test/integration/data_bags/certificates
#
file snakeoil_file_path => [
'test/integration/data_bags/certificates',
'test/integration/encrypted_data_bag_secret'
] do
encrypted_data_bag_secret = Chef::EncryptedDataBagItem.load_secret(
encrypted_data_bag_secret_path
)
encrypted_snakeoil_cert = Chef::EncryptedDataBagItem.encrypt_data_bag_item(
ssl_data_bag_item, encrypted_data_bag_secret
)
open snakeoil_file_path, 'w' do |io|
io.write JSON.pretty_generate(encrypted_snakeoil_cert)
end
end
desc 'Create an Encrypted Databag Snakeoil SSL Certificate'
task snakeoil: snakeoil_file_path
desc 'Create an Encrypted Databag Secret'
task secret_file: encrypted_data_bag_secret_path
require 'rubocop/rake_task'
desc 'Run RuboCop (style) tests'
RuboCop::RakeTask.new(:style)
desc 'Run FoodCritic (lint) tests'
task :lint do
run_command('foodcritic --epic-fail any .')
end
desc 'Run RSpec (unit) tests'
task :unit do
run_command('rspec')
end
desc 'Run all tests'
task test: [:style, :lint, :unit]
task default: :test