This profile requires the InSpec HPE Oneview plugin to be installed and configured. Test this is working via:
inspec-hpe-oneview spaterson$ bundle exec inspec detect -t oneview://
== Platform Details
Name: oneview
Families: iaas, api
Release: oneview-v5.5.0
Configuration information is specified in a default file ~/.oneview/inspec
or it can be overridden using the environment variable INSPEC_ONEVIEW_SETTINGS
.
To to run the profile now it is as simple as running:
inspec exec inspec-oneview -t oneview://
Alternatively, using the environment variable INSPEC_ONEVIEW_SETTINGS
:
INSPEC_ONEVIEW_SETTINGS="/path/to/another/file" inspec exec inspec-oneview -t oneview://
Since this is an InSpec resource pack, it only defines InSpec resources. It includes example tests only. To easily use the Oneview resources in your tests do the following:
inspec init profile my-profile
name: my-profile
title: My own Oneview profile
version: 0.1.0
depends:
- name: oneview
url: https://github.com/chef-partners/inspec-oneview/archive/master.tar.gz
Sine your profile depends on the InSpec resource pack, you can use the resources here in your own profile. In this example an ethernet network from Oneview is being tested.
control 'oneview-1' do
impact 1.0
title 'Checks that a specific network has been configured correctly'
describe oneview_ethernet_network(name: 'InSpec-Ethernet-Network') do
its('type') { should cmp 'ethernet-networkV300' }
its('ethernet_network_type') { should cmp 'Tagged' }
its('vlan_id') { should eq 1 } end
end
There are a few different ways in which tests can be written, which mean that arrays can be tested. A lot of the different ways and techniques are shown and documented in the integrations tests which are highly recommended reading.
The following resources are available in the InSpec Oneview Profile
The below resources are available pending resolution of some issues, see notes here:
Oneview Server Profile Connections
All of the documention is based on version 300
of the OneView API.
Our integration tests spin up resources in Oneview using a cookbook in local mode and the results are verified by InSpec. The test/integration/verify/controls
directory contains all of the tests that are run during the integration tests. These can be used as examples of how to use this resource pack.
In order to run the integration tests both Berkshelf and chef-client are required. These will both be installed if you have ChefDK installed.
The cookbooks runs locally on your machine and remotes into the specified OneView environment using connection settings that are passed in as attributes.
As a minimum the attributes file that is passed to the test must have the following
{
"infrastructure": {
"connection": {
"url": "https://192.168.1.1",
"username": "my_user",
"password": "my_password",
"api_version": 300,
"ssl_enabled": false
}
}
}
Thor tasks have been configured to allow the easy execution of the integration tests:
thor lint:rubocop # Run the robocop linter
thor test:integration --attributes local\infrastructure.json # Run Rubocop lint checks
The test:integration
task will run all of the following in order, however these can be called manually in order if required.
thor test:vendor_cookbooks
thor test:cleanup
thor test:setup_integration --attributes local\infrastructure.json
thor test:execute
thor test:cleanup --attributes local\infrastructure.json
When Berkshelf is used to vendor the cookbooks they are placed into the test/integration/build/vendor/cookbooks
directory.
NOTE: chef-client
expects to be run with admin privileges. So if running on MacOS or Linux please use sudo
or if on Windows ensure the process is being run in an elevated PowerShell or Command Prompt. No changes will be made to your local system.
This resource pack has been tested against ChefDK version 2.5.3. This version is recommended for now to avoid dependency conflicts.
After live testing the following issues were discovered:
These issues make it impossible to automatically create the infrastructure required for all the controls. As such the affected tests have been disabled pending the resolution of these issues.
In the meantime, the following sample JSON is currently recommended to run the integration tests:
{
"infrastructure": {
"connection": {
"url": "https://192.168.1.1",
"username": "my_user",
"password": "my_password",
"api_version": 300,
"ssl_enabled": false
},
"network" : {
"fc": {
"associated_san":""
}
},
"server_profile_template": {
"server_hardware_type":"SY 480 Gen10 1"
}
}
}
Please update the server_hardware_type field corresponding to your setup. A test flag inspec_oneview_disable_affected_tests has been added such that InSpec will skip the tests known to fail due to the above. This flag is disabled by default.
The following screen cast shows some of the integration tests being run against the HPE OneView Simulator. NOTE Some of the OneView resources have been modified using the WebUI so that enhanced testing of them can be performed. It is likely that this will display different output to what you would see if you run these tests now.
Documentation can be generated for the profile using yardoc
. A Thor task has been created which will run the Yard generator and create the documentation in docs/profile
.
thor docs:create
Once the documentation has been generated view it by going to file://docs/profile/index.html.
ERROR -- : SSL verification failed for request
As suggested by the resulting output, run the following to import the certificates locally:
$ bundle exec oneview-sdk-ruby cert import https://192.168.1.1
Importing certificate for 'https://10.0.0.123' into '/Users/spaterson/.oneview-sdk-ruby/trusted_certs.cer'...
Cert added to '/Users/spaterson/.oneview-sdk-ruby/trusted_certs.cer'. Cert Info:
OneView at https://192.168.1.1
=============================
-----BEGIN CERTIFICATE-----
MIIEDjCCSDKLJSDafgICJiowDQYJKoZIhvcNAQELBQAwdzELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCkNhbGlmb3JuaWExEjasdfasdfafdVBhbG8gQWx0bzEjMCEGA1UE
...
-----END CERTIFICATE-----
To contribute to the resource, please clone the repo make your changes and create a PR.
To aid in creating new resources, a Thor task has been created. The syntax of this command is:
thor generate:resource NAME DESCRIPTION TYPE [--multiple]
Name | Description | Required? | Default Value | Example |
---|---|---|---|---|
NAME | Name of the resource | Y | oneview_server_profile |
|
DESCRIPTION | A descriptionof the resource that will be displayed in InSpec output | Y | ||
TYPE | The type of resource in the OneView API | Y | server-profiles |
|
multiple | State if multiple objects are to be returned and a FilterTable should be created | N | false |
This will create a new resource with the specified name in /libraries
.
Author: | Russell Seymour (russell@chef.io) |
Copyright: | Copyright (c) 2018 Chef Software Inc. |
License: | Apache License, Version 2.0 |
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.