diff --git a/.rubocop.yml b/.rubocop.yml new file mode 100644 index 0000000..bdae9aa --- /dev/null +++ b/.rubocop.yml @@ -0,0 +1,10 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +# General overrides used across formulas in the org +Metrics/LineLength: + # Increase from default of `80` + # Based on https://github.com/PyCQA/flake8-bugbear#opinionated-warnings (`B950`) + Max: 88 + +# Any offenses that should be fixed, e.g. collected via. `rubocop --auto-gen-config` diff --git a/.salt-lint b/.salt-lint new file mode 100644 index 0000000..a539954 --- /dev/null +++ b/.salt-lint @@ -0,0 +1,13 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +exclude_paths: [] +skip_list: + # Using `salt-lint` for linting other files as well, such as Jinja macros/templates + - 205 # Use ".sls" as a Salt State file extension + # Skipping `207` and `208` because `210` is sufficient, at least for the time-being + # I.e. Allows 3-digit unquoted codes to still be used, such as `644` and `755` + - 207 # File modes should always be encapsulated in quotation marks + - 208 # File modes should always contain a leading zero +tags: [] +verbosity: 1 diff --git a/.travis.yml b/.travis.yml index 16f9923..50c3a70 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,64 +1,43 @@ # -*- coding: utf-8 -*- # vim: ft=yaml --- +## Machine config dist: bionic -stages: - - test - - lint - - name: release - if: branch = master AND type != pull_request - sudo: required -cache: bundler -language: ruby - services: - docker -# Make sure the instances listed below match up with -# the `platforms` defined in `kitchen.yml` -env: - matrix: - - INSTANCE: debian-10-develop-py3 - # - INSTANCE: ubuntu-1804-develop-py3 - # - INSTANCE: centos-7-develop-py3 - # - INSTANCE: fedora-30-develop-py3 - # - INSTANCE: opensuse-leap-15-develop-py3 - # - INSTANCE: amazonlinux-2-develop-py2 - # - INSTANCE: arch-base-latest-develop-py2 - # - INSTANCE: debian-9-2019-2-py3 - - INSTANCE: prod-server-ubuntu-1804-2019-2-py3 - # - INSTANCE: centos-7-2019-2-py3 - - INSTANCE: prod-server-fedora-30-2019-2-py3 - # - INSTANCE: opensuse-leap-15-2019-2-py3 - - INSTANCE: prod-server-amazonlinux-2-2019-2-py2 - # - INSTANCE: arch-base-latest-2019-2-py2 - # - INSTANCE: debian-9-2018-3-py2 - # - INSTANCE: ubuntu-1604-2018-3-py2 - - INSTANCE: prod-server-centos-7-2018-3-py2 - # - INSTANCE: fedora-29-2018-3-py2 - - INSTANCE: prod-server-opensuse-leap-15-2018-3-py2 - # - INSTANCE: amazonlinux-2-2018-3-py2 - # - INSTANCE: arch-base-latest-2018-3-py2 - # - INSTANCE: debian-8-2017-7-py2 - # - INSTANCE: ubuntu-1604-2017-7-py2 - # - INSTANCE: centos-6-2017-7-py2 - # - INSTANCE: fedora-29-2017-7-py2 - # - INSTANCE: opensuse-leap-15-2017-7-py2 - # - INSTANCE: amazonlinux-2-2017-7-py2 - - INSTANCE: prod-server-arch-base-latest-2017-7-py2 +## Language and cache config +language: ruby +cache: bundler +## Script to run for the test stage script: - - bin/kitchen verify ${INSTANCE} + - bin/kitchen verify "${INSTANCE}" +## Stages and jobs matrix +stages: + - test + - name: release + if: branch = master AND type != pull_request jobs: + allow_failures: + - env: Lint_rubocop + fast_finish: true include: - # Define the `lint` stage (runs `yamllint` and `commitlint`) - - stage: lint - language: node_js + ## Define the test stage that runs the linters (and testing matrix, if applicable) + + # Run all of the linters in a single job (except `rubocop`) + - language: node_js node_js: lts/* + env: Lint + name: 'Lint: salt-lint, yamllint & commitlint' before_install: skip script: + # Install and run `salt-lint` + - pip install --user salt-lint + - git ls-files | grep '\.sls$\|\.jinja$\|\.j2$\|\.tmpl$' + | xargs -I {} salt-lint {} # Install and run `yamllint` # Need at least `v1.17.0` for the `yaml-files` setting - pip install --user yamllint>=1.17.0 @@ -67,10 +46,56 @@ jobs: - npm install @commitlint/config-conventional -D - npm install @commitlint/travis-cli -D - commitlint-travis - # Define the release stage that runs `semantic-release` + # Run the `rubocop` linter in a separate job that is allowed to fail + # Once these lint errors are fixed, this can be merged into a single job + - language: node_js + node_js: lts/* + env: Lint_rubocop + name: 'Lint: rubocop' + before_install: skip + script: + # Install and run `rubocop` + - gem install rubocop + - rubocop -d + + ## Define the rest of the matrix based on Kitchen testing + # Make sure the instances listed below match up with + # the `platforms` defined in `kitchen.yml` + - env: INSTANCE=debian-10-develop-py3 + # - env: INSTANCE=ubuntu-1804-develop-py3 + # - env: INSTANCE=centos-7-develop-py3 + # - env: INSTANCE=fedora-30-develop-py3 + # - env: INSTANCE=opensuse-leap-15-develop-py3 + # - env: INSTANCE=amazonlinux-2-develop-py2 + # - env: INSTANCE=arch-base-latest-develop-py2 + # - env: INSTANCE=debian-9-2019-2-py3 + - env: INSTANCE=prod-server-ubuntu-1804-2019-2-py3 + # - env: INSTANCE=centos-7-2019-2-py3 + - env: INSTANCE=prod-server-fedora-30-2019-2-py3 + # - env: INSTANCE=opensuse-leap-15-2019-2-py3 + - env: INSTANCE=prod-server-amazonlinux-2-2019-2-py2 + # - env: INSTANCE=arch-base-latest-2019-2-py2 + # - env: INSTANCE=debian-9-2018-3-py2 + # - env: INSTANCE=ubuntu-1604-2018-3-py2 + - env: INSTANCE=prod-server-centos-7-2018-3-py2 + # - env: INSTANCE=fedora-29-2018-3-py2 + - env: INSTANCE=prod-server-opensuse-leap-15-2018-3-py2 + # - env: INSTANCE=amazonlinux-2-2018-3-py2 + # - env: INSTANCE=arch-base-latest-2018-3-py2 + # - env: INSTANCE=debian-8-2017-7-py2 + # - env: INSTANCE=ubuntu-1604-2017-7-py2 + # - env: INSTANCE=centos-6-2017-7-py2 + # - env: INSTANCE=fedora-29-2017-7-py2 + # - env: INSTANCE=opensuse-leap-15-2017-7-py2 + # - env: INSTANCE=amazonlinux-2-2017-7-py2 + - env: INSTANCE=prod-server-arch-base-latest-2017-7-py2 + + ## Define the release stage that runs `semantic-release` - stage: release language: node_js node_js: lts/* + env: Release + name: 'Run semantic-release inc. file updates to AUTHORS, CHANGELOG & FORMULA' before_install: skip script: # Update `AUTHORS.md` diff --git a/.yamllint b/.yamllint index c16f39b..740beca 100644 --- a/.yamllint +++ b/.yamllint @@ -17,6 +17,7 @@ yaml-files: # Default settings - '*.yaml' - '*.yml' + - .salt-lint - .yamllint # SaltStack Formulas additional settings - '*.example' diff --git a/Gemfile b/Gemfile index 2c33118..f2c41f6 100644 --- a/Gemfile +++ b/Gemfile @@ -1,7 +1,8 @@ -source "https://rubygems.org" +# frozen_string_literal: true +source 'https://rubygems.org' + +gem 'inspec', '~> 4.16.0' gem 'kitchen-docker', '>= 2.9' -gem 'kitchen-salt', '>= 0.6.0' gem 'kitchen-inspec', '>= 1.1' -gem 'inspec', '~> 4.16.0' - +gem 'kitchen-salt', '>= 0.6.0' diff --git a/bin/kitchen b/bin/kitchen index 1cd44f3..dcfdb4c 100755 --- a/bin/kitchen +++ b/bin/kitchen @@ -8,22 +8,25 @@ # this file is here to facilitate running it. # -require "pathname" -ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile", - Pathname.new(__FILE__).realpath) +require 'pathname' +ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', + Pathname.new(__FILE__).realpath) -bundle_binstub = File.expand_path("../bundle", __FILE__) +bundle_binstub = File.expand_path('bundle', __dir__) if File.file?(bundle_binstub) if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/ load(bundle_binstub) else - abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. -Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") + abort( + 'Your `bin/bundle` was not generated by Bundler, '\ + 'so this binstub cannot run. Replace `bin/bundle` by running '\ + '`bundle binstubs bundler --force`, then run this command again.' + ) end end -require "rubygems" -require "bundler/setup" +require 'rubygems' +require 'bundler/setup' -load Gem.bin_path("test-kitchen", "kitchen") +load Gem.bin_path('test-kitchen', 'kitchen') diff --git a/vault/files/cert-gen.sh.j2 b/vault/files/cert-gen.sh.j2 index bf4644e..d21d541 100644 --- a/vault/files/cert-gen.sh.j2 +++ b/vault/files/cert-gen.sh.j2 @@ -1,4 +1,5 @@ {% from "vault/map.jinja" import vault with context -%} +{% set vssc = vault.self_signed_cert -%} #!/usr/bin/env bash ### @@ -31,7 +32,7 @@ pw="$child" root_key="$root.key" root_pem="$root.pem" root_key_nopass="$root-nopass.key" -root_subj="/C={{ vault.self_signed_cert.country }}/ST={{ vault.self_signed_cert.state }}/L={{ vault.self_signed_cert.city }}/O={{ vault.self_signed_cert.org }}/OU={{ vault.self_signed_cert.org_unit }}/CN=$root\_ca" +root_subj="/C={{ vssc.country }}/ST={{ vssc.state }}/L={{ vssc.city }}/O={{ vssc.org }}/OU={{ vssc.org_unit }}/CN=$root\_ca" root_p12="$root.p12" ### @@ -72,7 +73,7 @@ child_name="${root}_${child}" child_key="$child_name.key" child_pem="$child_name.pem" child_csr="$child_name.csr" -child_subj="/C={{ vault.self_signed_cert.country }}/ST={{ vault.self_signed_cert.state }}/L={{ vault.self_signed_cert.city }}/O={{ vault.self_signed_cert.org }}/OU={{ vault.self_signed_cert.org_unit }}/CN=$child_name" +child_subj="/C={{ vssc.country }}/ST={{ vssc.state }}/L={{ vssc.city }}/O={{ vssc.org }}/OU={{ vssc.org_unit }}/CN=$child_name" child_p12="$child_name.p12" child_jks="$child_name.jks"