diff --git a/.vib/fluentd/goss/fluentd.yaml b/.vib/fluentd/goss/fluentd.yaml new file mode 100644 index 000000000000..cf08e3158b02 --- /dev/null +++ b/.vib/fluentd/goss/fluentd.yaml @@ -0,0 +1,15 @@ +command: + check-no-pem-files: + exec: find /opt/bitnami/fluentd -name "*.pem" | grep . + exit-status: 1 + check-fluent-plugin-detect-exceptions: + # Ensure that all files have the correct permissions + exec: ls -l /opt/bitnami/fluentd/gems/fluent-plugin-detect-exceptions-*/lib/fluent/plugin/*.rb 2>/dev/null | grep -v ".*-rwxrwxr-x" + exit-status: 1 + check-plugins: + exec: gem list --local + exit-status: 0 + stdout: + {{ range $gem := .Vars.modules.gems }} + - "{{ $gem }}" + {{ end }} diff --git a/.vib/fluentd/goss/goss.yaml b/.vib/fluentd/goss/goss.yaml new file mode 100644 index 000000000000..5a286df78d16 --- /dev/null +++ b/.vib/fluentd/goss/goss.yaml @@ -0,0 +1,12 @@ +gossfile: + # Goss tests exclusive to the current container + ../../fluentd/goss/fluentd.yaml: {} + # Load scripts from .vib/common/goss/templates + ../../common/goss/templates/check-app-version.yaml: {} + ../../common/goss/templates/check-binaries.yaml: {} + ../../common/goss/templates/check-broken-symlinks.yaml: {} + ../../common/goss/templates/check-ca-certs.yaml: {} + ../../common/goss/templates/check-directories.yaml: {} + ../../common/goss/templates/check-linked-libraries.yaml: {} + ../../common/goss/templates/check-sed-in-place.yaml: {} + ../../common/goss/templates/check-spdx.yaml: {} diff --git a/.vib/fluentd/goss/vars.yaml b/.vib/fluentd/goss/vars.yaml new file mode 100644 index 000000000000..e7a17c75bc92 --- /dev/null +++ b/.vib/fluentd/goss/vars.yaml @@ -0,0 +1,36 @@ +binaries: + - fluentd + - ruby +directories: + - mode: "0775" + paths: + - /opt/bitnami/fluentd/gems + - /opt/bitnami/fluentd/specifications + - /opt/bitnami/fluentd/cache + - /opt/bitnami/fluentd/doc + - /opt/bitnami/fluentd/conf + - /opt/bitnami/fluentd/logs + - /opt/bitnami/fluentd/plugins +modules: + gems: + - fluent-plugin-concat + - fluent-plugin-detect-exceptions + - fluent-plugin-elasticsearch + - fluent-plugin-grafana-loki + - fluent-plugin-kafka + - fluent-plugin-kubernetes_metadata_filter + - fluent-plugin-multi-format-parser + - fluent-plugin-prometheus + - fluent-plugin-rewrite-tag-filter + - fluent-plugin-s3 + - fluent-plugin-systemd + - fluent-plugin-record-modifier + - oj + - json + - fluentd + - activesupport + - elasticsearch-xpack +version: + bin_name: fluentd + flag: --version +root_dir: /opt/bitnami diff --git a/.vib/fluentd/vib-publish.json b/.vib/fluentd/vib-publish.json index 8b6fe8eab4e6..c145d6548e53 100644 --- a/.vib/fluentd/vib-publish.json +++ b/.vib/fluentd/vib-publish.json @@ -3,7 +3,8 @@ "resources": { "url": "{VIB_ENV_CONTAINER_URL}", "path": "{VIB_ENV_PATH}" - } + }, + "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" }, "phases": { "package": { @@ -33,6 +34,21 @@ }, "verify": { "actions": [ + { + "action_id": "goss", + "params": { + "resources": { + "path": "/.vib" + }, + "tests_file": "fluentd/goss/goss.yaml", + "vars_file": "fluentd/goss/vars.yaml", + "remote": { + "pod": { + "workload": "deploy-fluentd" + } + } + } + }, { "action_id": "trivy", "params": { diff --git a/.vib/fluentd/vib-verify.json b/.vib/fluentd/vib-verify.json index a34e8aee9161..739f49881abe 100644 --- a/.vib/fluentd/vib-verify.json +++ b/.vib/fluentd/vib-verify.json @@ -3,7 +3,8 @@ "resources": { "url": "{SHA_ARCHIVE}", "path": "{VIB_ENV_PATH}" - } + }, + "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" }, "phases": { "package": { @@ -29,6 +30,21 @@ }, "verify": { "actions": [ + { + "action_id": "goss", + "params": { + "resources": { + "path": "/.vib" + }, + "tests_file": "fluentd/goss/goss.yaml", + "vars_file": "fluentd/goss/vars.yaml", + "remote": { + "pod": { + "workload": "deploy-fluentd" + } + } + } + }, { "action_id": "trivy", "params": {