Add kitchen tests

.gitignore

@@ -0,0 +1,2 @@
+.kitchen/
+Gemfile.lock

.kitchen.yml

@@ -0,0 +1,62 @@
+<%
+distrib, infos    = ENV.fetch('DISTRIB', 'debian:stretch/9').split(':')
+codename, version = infos.split('/')
+%>
+---
+driver:
+  name: docker
+  use_sudo: false
+  privileged: true
+
+provisioner:
+  name: salt_solo
+  formula: ufw
+
+  # Install Salt from official repositories
+  salt_install: apt
+  salt_version: latest
+  salt_apt_repo: https://repo.saltstack.com/apt/<%= distrib %>/<%= version %>/amd64
+  salt_apt_repo_key: https://repo.saltstack.com/apt/<%= distrib %>/<%= version %>/amd64/latest/SALTSTACK-GPG-KEY.pub
+
+  # Don't install Chef
+  require_chef: false
+
+  # Configure Salt
+  state_top:
+    base:
+      '*':
+        - ufw
+
+  pillars:
+    top.sls:
+      base:
+        '*':
+          - ufw
+    ufw.sls:
+      ufw:
+        enabled: True
+        settings:
+          loglevel: 'low'
+        services:
+          '22':
+            protocol: tcp
+            comment: Allow SSH
+
+platforms:
+  - name: <%= distrib %>-<%= codename %>
+    driver_config:
+      image: "<%= distrib %>:<%= codename %>"
+      platform: <%= distrib %>
+      provision_command:
+        - apt-get update && apt-get install -y locales
+        - echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
+        - locale-gen en_US.UTF-8
+      run_command: /lib/systemd/systemd
+
+verifier:
+  name: inspec
+  reporter: progress
+
+suites:
+  - name: ufw
+

Gemfile

@@ -0,0 +1,7 @@
+source 'https://rubygems.org'
+ruby '2.3.5'
+
+gem 'test-kitchen'
+gem 'kitchen-docker'
+gem 'kitchen-salt'
+gem 'kitchen-inspec'

README.md

@@ -1,12 +1,10 @@
-ufw-formula
-===========
+# Ufw Salt Formula
 
 This module manages your firewall using ufw with pillar configured rules.
 
 See the full [Salt Formulas installation and usage instructions](http://docs.saltstack.com/topics/development/conventions/formulas.html).
 
-Usage
------
+## Usage
 
 All the configuration for the firewall is done via pillar (pillar.example).
 
@@ -77,8 +75,16 @@ ufw:
     - OpenSSH
 ```
 
-Authors
--------
+## Run tests
+
+This formula is tested with [Kitchen](https://kitchen.ci/) and [Inspec](https://www.inspec.io/) in a Docker container.
+
+To run tests you need to
+
+* install Ruby dependencies : `bundle install`
+* run Kitchen : `kitchen test`
+
+## Authors
 
 Original state and module based on the work from [Yigal Duppen](https://github.com/publysher/infra-example-nginx/tree/develop).
 

test/integration/ufw/controls/ufw.rb

@@ -0,0 +1,31 @@
+# encoding: utf-8
+
+title 'Test Ufw installation'
+
+describe package('ufw') do
+  it { should be_installed }
+end
+
+describe directory('/etc/ufw') do
+  it { should exist }
+end
+
+describe file('/etc/ufw/ufw.conf') do
+  its('content') { should include 'ENABLED=' }
+  its('content') { should include 'LOGLEVEL=' }
+end
+
+describe command('ufw status verbose | grep Status') do
+  its('exit_status') { should eq 0 }
+  its('stdout') { should match /active/ }
+end
+
+describe command('ufw status verbose | grep Logging') do
+  its('exit_status') { should eq 0 }
+  its('stdout') { should match /low/ }
+end
+
+describe command('ufw status | grep 22/tcp') do
+  its('exit_status') { should eq 0 }
+  its('stdout') { should match /ALLOW/ }
+end

test/integration/ufw/inspec.yml

@@ -0,0 +1,10 @@
+name: ufw
+title: Ufw Profile
+maintainer: Alexandre Anriot
+copyright: Alexandre Anriot
+copyright_email: alexandre@atlantilde.com
+license: MIT
+summary: Ufw Compliance Profile
+version: 0.1.0
+supports:
+  - os-family: linux