From 2f70a7b414bb7cac53790c7b97963f1e5340a24c Mon Sep 17 00:00:00 2001 From: canihavethisone Date: Sat, 1 Jun 2024 12:43:23 +1000 Subject: [PATCH] Added random sampling in acceptance tests. Minor refactoring --- manifests/cis.pp | 10 +++++----- manifests/init.pp | 6 +++--- metadata.json | 2 +- .../cis_security_hardening_windows_spec.rb | 6 +++--- spec/acceptance/shared_examples/windows_tests.rb | 12 ++++++++++-- spec/spec_helper_acceptance.rb | 1 + 6 files changed, 23 insertions(+), 14 deletions(-) diff --git a/manifests/cis.pp b/manifests/cis.pp index 638f18b..fed6169 100644 --- a/manifests/cis.pp +++ b/manifests/cis.pp @@ -45,7 +45,7 @@ recurse => true, source => 'puppet:///modules/cis_security_hardening_windows/user_grouppolicy/', replace => false, - notify => [Exec['grouppolicy dir attributes']], + notify => Exec['grouppolicy dir attributes'], } # Ensure that the GroupPolicy directory is hidden as per default exec { 'grouppolicy dir attributes': @@ -85,17 +85,17 @@ } # Create final enforced_rules by removing any excluded rules using description only - $enforced_rules = $total_rules.filter |$rule, $value| { + $enforced_rules = $total_rules.filter | String $rule, Hash $value| { !($rule in $cis_exclude_rules_real) } # Remove the rule title from the hashes so the registry resource can apply them $enforced_rules.each | String $title, Hash $rule = {} | { $rule.each |String $key, Hash $value = {} | { - $regpath = regsubst($key, /\\[^\\]+$/,'') - if (!defined(Registry_key[$regpath]) and ($value['ensure'] !=absent)) { + $regpath = regsubst($key, /\\[^\\]+$/, '') + if !defined(Registry_key[$regpath]) and $value['ensure'] != 'absent' { registry_key { $regpath: - ensure => $value['ensure'], + ensure => 'present', } } registry_value { diff --git a/manifests/init.pp b/manifests/init.pp index 89e9913..e43955d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -93,10 +93,10 @@ # Apply any misc registry hash values $misc_registry.each | String $key, Hash $value = {} | { - $regpath = regsubst($key, /\\[^\\]+$/,'') - if (!defined(Registry_key[$regpath]) and ($value['ensure'] !=absent)) { + $regpath = regsubst($key, /\\[^\\]+$/, '') + if !defined(Registry_key[$regpath]) and $value['ensure'] != 'absent' { registry_key { $regpath: - ensure => $value['ensure'], + ensure => 'present', } } registry_value { $key: diff --git a/metadata.json b/metadata.json index 8152c7f..57ee2b0 100644 --- a/metadata.json +++ b/metadata.json @@ -58,4 +58,4 @@ "pdk-version": "3.0.1", "template-url": "pdk-default#3.0.0", "template-ref": "tags/3.0.0-0-g5bfc1c0" -} +} \ No newline at end of file diff --git a/spec/acceptance/cis_security_hardening_windows_spec.rb b/spec/acceptance/cis_security_hardening_windows_spec.rb index 0cf9525..1ce95fe 100644 --- a/spec/acceptance/cis_security_hardening_windows_spec.rb +++ b/spec/acceptance/cis_security_hardening_windows_spec.rb @@ -13,7 +13,7 @@ describe 'cis_security_hardening_windows acceptance testing' do context 'Configure the master and run puppet on agents' do - puts "\e[0;32m \nAdding agents and class to nodeset on Master \e[0m\n" + print_stage('Adding agents and class to nodeset on Master') agents.each do |agent| pp = <<-SITE_PP node '#{agent.node_name}' { @@ -31,7 +31,7 @@ # Copy environment specific overrides for acceptance testing if File.file?("#{PROJECT_ROOT}/spec/acceptance/overrides.yaml") - puts "\e[0;32m \nCopying environment specific hiera overrides from spec/acceptance/overrides.yaml to master\e[0m\n" + print_stage('Copying environment specific hiera overrides from spec/acceptance/overrides.yaml to master') scp_to(master, "#{PROJECT_ROOT}/spec/acceptance/overrides.yaml", "/etc/puppetlabs/code/environments/#{ENVIRONMENT}/data/overrides.yaml") end @@ -40,7 +40,7 @@ on(master, "chmod -R g+rX,o-rwX #{env_path}") # Run puppet on agents - puts "\e[0;32m \nRunning Puppet on agents \e[0m\n" + print_stage('Running Puppet on agents') include_examples 'run idempotently' end diff --git a/spec/acceptance/shared_examples/windows_tests.rb b/spec/acceptance/shared_examples/windows_tests.rb index 5047947..6314f07 100644 --- a/spec/acceptance/shared_examples/windows_tests.rb +++ b/spec/acceptance/shared_examples/windows_tests.rb @@ -1,4 +1,7 @@ shared_examples 'windows tests' do |agent:, _agent_ip:| + # Number of combined registry entries to select + reg_entries_to_test = 50 + # Users tests describe user('user') do it { is_expected.to exist } @@ -43,8 +46,13 @@ %r{Remote Desktop Services UserMode Port Redirector}, ] - # Iterate over combined data - registry_combined_data.each do |title, hash| + # Convert registry_combined_data to an array and randomly select 50 entries + random_registry_entries = registry_combined_data.to_a.sample(reg_entries_to_test) + + print_stage("Verifying registry with a random sample of #{reg_entries_to_test} entries") + + # Iterate over the randomly selected entries + random_registry_entries.each do |title, hash| # Skip the iteration if the title matches any pattern in the exclusion list due to remote requirements for testing and complex data values next if exclusion_patterns.any? { |pattern| title.match?(pattern) } diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index 6c2d7dc..0706fa4 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -72,6 +72,7 @@ def print_stage(h) puts "\e[0;32m---------------------------------------------------------------------------------\e[0m" puts "\e[0;36m#{h}\e[0m" puts "\e[0;32m---------------------------------------------------------------------------------\e[0m" + puts "\n" end # As each dependency is installed from fixtures, add the latest version to an array (uses the 5th line of output so that only primary dependencies are written to metadata.json