From 051444241beba01dcb18d4930f5259825fe05c8b Mon Sep 17 00:00:00 2001 From: Luke Kreczko Date: Mon, 27 Jul 2020 10:35:06 +0100 Subject: [PATCH 1/9] migration to PDK build --- .fixtures.yml | 6 ++ .gitattributes | 5 ++ .gitignore | 29 +++++++- .pdkignore | 42 ++++++++++++ .puppet-lint.rc | 1 + .rspec | 2 + .rubocop.yml | 137 ++++++++++++++++++++++++++++++++++++++ .travis.yml | 49 ++++++++++++++ .yardopts | 1 + CHANGELOG => CHANGELOG.md | 4 ++ Gemfile | 72 ++++++++++++++++++++ Modulefile | 2 +- README => README.md | 0 Rakefile | 87 ++++++++++++++++++++++++ appveyor.yml | 56 ++++++++++++++++ data/common.yaml | 1 + metadata.json | 103 ++++++++++++++++++++++++---- spec/default_facts.yml | 8 +++ spec/spec_helper.rb | 64 ++++++++++++++---- 19 files changed, 642 insertions(+), 27 deletions(-) create mode 100644 .fixtures.yml create mode 100644 .gitattributes create mode 100644 .pdkignore create mode 100644 .puppet-lint.rc create mode 100644 .rspec create mode 100644 .rubocop.yml create mode 100644 .travis.yml create mode 100644 .yardopts rename CHANGELOG => CHANGELOG.md (71%) create mode 100644 Gemfile rename README => README.md (100%) create mode 100644 Rakefile create mode 100644 appveyor.yml create mode 100644 data/common.yaml create mode 100644 spec/default_facts.yml diff --git a/.fixtures.yml b/.fixtures.yml new file mode 100644 index 0000000..2296adb --- /dev/null +++ b/.fixtures.yml @@ -0,0 +1,6 @@ +# This file can be used to install module dependencies for unit testing +# See https://github.com/puppetlabs/puppetlabs_spec_helper#using-fixtures for details +--- +fixtures: + forge_modules: +# stdlib: "puppetlabs/stdlib" diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9032a01 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,5 @@ +*.rb eol=lf +*.erb eol=lf +*.pp eol=lf +*.sh eol=lf +*.epp eol=lf diff --git a/.gitignore b/.gitignore index 5fff1d9..1bacca8 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,28 @@ -pkg +.git/ +.*.sw[op] +.metadata +.yardoc +.yardwarns +*.iml +/.bundle/ +/.idea/ +/.vagrant/ +/coverage/ +/bin/ +/doc/ +/Gemfile.local +/Gemfile.lock +/junit/ +/log/ +/pkg/ +/spec/fixtures/manifests/ +/spec/fixtures/modules/ +/tmp/ +/vendor/ +/convert_report.txt +/update_report.txt +.DS_Store +.project +.envrc +/inventory.yaml +.vscode diff --git a/.pdkignore b/.pdkignore new file mode 100644 index 0000000..e6215cd --- /dev/null +++ b/.pdkignore @@ -0,0 +1,42 @@ +.git/ +.*.sw[op] +.metadata +.yardoc +.yardwarns +*.iml +/.bundle/ +/.idea/ +/.vagrant/ +/coverage/ +/bin/ +/doc/ +/Gemfile.local +/Gemfile.lock +/junit/ +/log/ +/pkg/ +/spec/fixtures/manifests/ +/spec/fixtures/modules/ +/tmp/ +/vendor/ +/convert_report.txt +/update_report.txt +.DS_Store +.project +.envrc +/inventory.yaml +/appveyor.yml +/.fixtures.yml +/Gemfile +/.gitattributes +/.gitignore +/.gitlab-ci.yml +/.pdkignore +/Rakefile +/rakelib/ +/.rspec +/.rubocop.yml +/.travis.yml +/.yardopts +/spec/ +/.vscode/ diff --git a/.puppet-lint.rc b/.puppet-lint.rc new file mode 100644 index 0000000..cc96ece --- /dev/null +++ b/.puppet-lint.rc @@ -0,0 +1 @@ +--relative diff --git a/.rspec b/.rspec new file mode 100644 index 0000000..16f9cdb --- /dev/null +++ b/.rspec @@ -0,0 +1,2 @@ +--color +--format documentation diff --git a/.rubocop.yml b/.rubocop.yml new file mode 100644 index 0000000..5307849 --- /dev/null +++ b/.rubocop.yml @@ -0,0 +1,137 @@ +--- +require: +- rubocop-rspec +- rubocop-i18n +AllCops: + DisplayCopNames: true + TargetRubyVersion: '2.1' + Include: + - "./**/*.rb" + Exclude: + - bin/* + - ".vendor/**/*" + - "**/Gemfile" + - "**/Rakefile" + - pkg/**/* + - spec/fixtures/**/* + - vendor/**/* + - "**/Puppetfile" + - "**/Vagrantfile" + - "**/Guardfile" +Metrics/LineLength: + Description: People have wide screens, use them. + Max: 200 +GetText: + Enabled: false +GetText/DecorateString: + Description: We don't want to decorate test output. + Exclude: + - spec/**/* + Enabled: false +RSpec/BeforeAfterAll: + Description: Beware of using after(:all) as it may cause state to leak between tests. + A necessary evil in acceptance testing. + Exclude: + - spec/acceptance/**/*.rb +RSpec/HookArgument: + Description: Prefer explicit :each argument, matching existing module's style + EnforcedStyle: each +Style/BlockDelimiters: + Description: Prefer braces for chaining. Mostly an aesthetical choice. Better to + be consistent then. + EnforcedStyle: braces_for_chaining +Style/BracesAroundHashParameters: + Description: Braces are required by Ruby 2.7. Cop removed from RuboCop v0.80.0. + See https://github.com/rubocop-hq/rubocop/pull/7643 + Enabled: true +Style/ClassAndModuleChildren: + Description: Compact style reduces the required amount of indentation. + EnforcedStyle: compact +Style/EmptyElse: + Description: Enforce against empty else clauses, but allow `nil` for clarity. + EnforcedStyle: empty +Style/FormatString: + Description: Following the main puppet project's style, prefer the % format format. + EnforcedStyle: percent +Style/FormatStringToken: + Description: Following the main puppet project's style, prefer the simpler template + tokens over annotated ones. + EnforcedStyle: template +Style/Lambda: + Description: Prefer the keyword for easier discoverability. + EnforcedStyle: literal +Style/RegexpLiteral: + Description: Community preference. See https://github.com/voxpupuli/modulesync_config/issues/168 + EnforcedStyle: percent_r +Style/TernaryParentheses: + Description: Checks for use of parentheses around ternary conditions. Enforce parentheses + on complex expressions for better readability, but seriously consider breaking + it up. + EnforcedStyle: require_parentheses_when_complex +Style/TrailingCommaInArguments: + Description: Prefer always trailing comma on multiline argument lists. This makes + diffs, and re-ordering nicer. + EnforcedStyleForMultiline: comma +Style/TrailingCommaInLiteral: + Description: Prefer always trailing comma on multiline literals. This makes diffs, + and re-ordering nicer. + EnforcedStyleForMultiline: comma +Style/SymbolArray: + Description: Using percent style obscures symbolic intent of array's contents. + EnforcedStyle: brackets +RSpec/MessageSpies: + EnforcedStyle: receive +Style/Documentation: + Exclude: + - lib/puppet/parser/functions/**/* + - spec/**/* +Style/WordArray: + EnforcedStyle: brackets +Style/CollectionMethods: + Enabled: true +Style/MethodCalledOnDoEndBlock: + Enabled: true +Style/StringMethods: + Enabled: true +GetText/DecorateFunctionMessage: + Enabled: false +GetText/DecorateStringFormattingUsingInterpolation: + Enabled: false +GetText/DecorateStringFormattingUsingPercent: + Enabled: false +Layout/EndOfLine: + Enabled: false +Layout/IndentHeredoc: + Enabled: false +Metrics/AbcSize: + Enabled: false +Metrics/BlockLength: + Enabled: false +Metrics/ClassLength: + Enabled: false +Metrics/CyclomaticComplexity: + Enabled: false +Metrics/MethodLength: + Enabled: false +Metrics/ModuleLength: + Enabled: false +Metrics/ParameterLists: + Enabled: false +Metrics/PerceivedComplexity: + Enabled: false +RSpec/DescribeClass: + Enabled: false +RSpec/ExampleLength: + Enabled: false +RSpec/MessageExpectation: + Enabled: false +RSpec/MultipleExpectations: + Enabled: false +RSpec/NestedGroups: + Enabled: false +Style/AsciiComments: + Enabled: false +Style/IfUnlessModifier: + Enabled: false +Style/SymbolProc: + Enabled: false diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..68d3e96 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,49 @@ +--- +os: linux +dist: xenial +language: ruby +cache: bundler +before_install: + - bundle -v + - rm -f Gemfile.lock + - "# Update system gems if requested. This is useful to temporarily workaround troubles in the test runner" + - "# See https://github.com/puppetlabs/pdk-templates/commit/705154d5c437796b821691b707156e1b056d244f for an example of how this was used" + - "# Ignore exit code of SIGPIPE'd yes to not fail with shell's pipefail set" + - '[ -z "$RUBYGEMS_VERSION" ] || (yes || true) | gem update --system $RUBYGEMS_VERSION' + - gem --version + - bundle -v +script: + - 'bundle exec rake $CHECK' +bundler_args: --without system_tests +rvm: + - 2.5.7 +stages: + - static + - spec + - acceptance + - + if: tag =~ ^v\d + name: deploy +jobs: + fast_finish: true + include: + - + env: CHECK="check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop syntax lint metadata_lint" + stage: static + - + env: PUPPET_GEM_VERSION="~> 5.0" CHECK=parallel_spec + rvm: 2.4.5 + stage: spec + - + env: PUPPET_GEM_VERSION="~> 6.0" CHECK=parallel_spec + rvm: 2.5.7 + stage: spec + - + env: DEPLOY_TO_FORGE=yes + stage: deploy +branches: + only: + - master + - /^v\d/ +notifications: + email: false diff --git a/.yardopts b/.yardopts new file mode 100644 index 0000000..29c933b --- /dev/null +++ b/.yardopts @@ -0,0 +1 @@ +--markup markdown diff --git a/CHANGELOG b/CHANGELOG.md similarity index 71% rename from CHANGELOG rename to CHANGELOG.md index bd8c6db..4d95c6e 100644 --- a/CHANGELOG +++ b/CHANGELOG.md @@ -1,3 +1,7 @@ +2020-07 + * Puppet 6 compatibility + * migration to PDK build + 2017-01 Frederic Schaer * huge cleanup. argus 1.7 compliance. Almost a rewrite. diff --git a/Gemfile b/Gemfile new file mode 100644 index 0000000..8007ad0 --- /dev/null +++ b/Gemfile @@ -0,0 +1,72 @@ +source ENV['GEM_SOURCE'] || 'https://rubygems.org' + +def location_for(place_or_version, fake_version = nil) + git_url_regex = %r{\A(?(https?|git)[:@][^#]*)(#(?.*))?} + file_url_regex = %r{\Afile:\/\/(?.*)} + + if place_or_version && (git_url = place_or_version.match(git_url_regex)) + [fake_version, { git: git_url[:url], branch: git_url[:branch], require: false }].compact + elsif place_or_version && (file_url = place_or_version.match(file_url_regex)) + ['>= 0', { path: File.expand_path(file_url[:path]), require: false }] + else + [place_or_version, { require: false }] + end +end + +ruby_version_segments = Gem::Version.new(RUBY_VERSION.dup).segments +minor_version = ruby_version_segments[0..1].join('.') + +group :development do + gem "fast_gettext", '1.1.0', require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.1.0') + gem "fast_gettext", require: false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.1.0') + gem "json_pure", '<= 2.0.1', require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0') + gem "json", '= 1.8.1', require: false if Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.1.9') + gem "json", '= 2.0.4', require: false if Gem::Requirement.create('~> 2.4.2').satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "rb-readline", '= 0.5.5', require: false, platforms: [:mswin, :mingw, :x64_mingw] + gem "puppet-module-posix-default-r#{minor_version}", '~> 0.4', require: false, platforms: [:ruby] + gem "puppet-module-posix-dev-r#{minor_version}", '~> 0.4', require: false, platforms: [:ruby] + gem "puppet-module-win-default-r#{minor_version}", '~> 0.4', require: false, platforms: [:mswin, :mingw, :x64_mingw] + gem "puppet-module-win-dev-r#{minor_version}", '~> 0.4', require: false, platforms: [:mswin, :mingw, :x64_mingw] +end + +puppet_version = ENV['PUPPET_GEM_VERSION'] +facter_version = ENV['FACTER_GEM_VERSION'] +hiera_version = ENV['HIERA_GEM_VERSION'] + +gems = {} + +gems['puppet'] = location_for(puppet_version) + +# If facter or hiera versions have been specified via the environment +# variables + +gems['facter'] = location_for(facter_version) if facter_version +gems['hiera'] = location_for(hiera_version) if hiera_version + +if Gem.win_platform? && puppet_version =~ %r{^(file:///|git://)} + # If we're using a Puppet gem on Windows which handles its own win32-xxx gem + # dependencies (>= 3.5.0), set the maximum versions (see PUP-6445). + gems['win32-dir'] = ['<= 0.4.9', require: false] + gems['win32-eventlog'] = ['<= 0.6.5', require: false] + gems['win32-process'] = ['<= 0.7.5', require: false] + gems['win32-security'] = ['<= 0.2.5', require: false] + gems['win32-service'] = ['0.8.8', require: false] +end + +gems.each do |gem_name, gem_params| + gem gem_name, *gem_params +end + +# Evaluate Gemfile.local and ~/.gemfile if they exist +extra_gemfiles = [ + "#{__FILE__}.local", + File.join(Dir.home, '.gemfile'), +] + +extra_gemfiles.each do |gemfile| + if File.file?(gemfile) && File.readable?(gemfile) + eval(File.read(gemfile), binding) + end +end +# vim: syntax=ruby diff --git a/Modulefile b/Modulefile index 00e53f9..fc1e67d 100644 --- a/Modulefile +++ b/Modulefile @@ -1,5 +1,5 @@ name 'heppuppet-argus' -version '0.0.1' +version '1.0.0' author 'schwicke' license 'Apache License, Version 2.0 (the "License")' diff --git a/README b/README.md similarity index 100% rename from README rename to README.md diff --git a/Rakefile b/Rakefile new file mode 100644 index 0000000..0a5093b --- /dev/null +++ b/Rakefile @@ -0,0 +1,87 @@ +# frozen_string_literal: true + +require 'puppet_litmus/rake_tasks' if Bundler.rubygems.find_name('puppet_litmus').any? +require 'puppetlabs_spec_helper/rake_tasks' +require 'puppet-syntax/tasks/puppet-syntax' +require 'puppet_blacksmith/rake_tasks' if Bundler.rubygems.find_name('puppet-blacksmith').any? +require 'github_changelog_generator/task' if Bundler.rubygems.find_name('github_changelog_generator').any? +require 'puppet-strings/tasks' if Bundler.rubygems.find_name('puppet-strings').any? + +def changelog_user + return unless Rake.application.top_level_tasks.include? "changelog" + returnVal = nil || JSON.load(File.read('metadata.json'))['author'] + raise "unable to find the changelog_user in .sync.yml, or the author in metadata.json" if returnVal.nil? + puts "GitHubChangelogGenerator user:#{returnVal}" + returnVal +end + +def changelog_project + return unless Rake.application.top_level_tasks.include? "changelog" + + returnVal = nil + returnVal ||= begin + metadata_source = JSON.load(File.read('metadata.json'))['source'] + metadata_source_match = metadata_source && metadata_source.match(%r{.*\/([^\/]*?)(?:\.git)?\Z}) + + metadata_source_match && metadata_source_match[1] + end + + raise "unable to find the changelog_project in .sync.yml or calculate it from the source in metadata.json" if returnVal.nil? + + puts "GitHubChangelogGenerator project:#{returnVal}" + returnVal +end + +def changelog_future_release + return unless Rake.application.top_level_tasks.include? "changelog" + returnVal = "v%s" % JSON.load(File.read('metadata.json'))['version'] + raise "unable to find the future_release (version) in metadata.json" if returnVal.nil? + puts "GitHubChangelogGenerator future_release:#{returnVal}" + returnVal +end + +PuppetLint.configuration.send('disable_relative') + +if Bundler.rubygems.find_name('github_changelog_generator').any? + GitHubChangelogGenerator::RakeTask.new :changelog do |config| + raise "Set CHANGELOG_GITHUB_TOKEN environment variable eg 'export CHANGELOG_GITHUB_TOKEN=valid_token_here'" if Rake.application.top_level_tasks.include? "changelog" and ENV['CHANGELOG_GITHUB_TOKEN'].nil? + config.user = "#{changelog_user}" + config.project = "#{changelog_project}" + config.future_release = "#{changelog_future_release}" + config.exclude_labels = ['maintenance'] + config.header = "# Change log\n\nAll notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org)." + config.add_pr_wo_labels = true + config.issues = false + config.merge_prefix = "### UNCATEGORIZED PRS; LABEL THEM ON GITHUB" + config.configure_sections = { + "Changed" => { + "prefix" => "### Changed", + "labels" => ["backwards-incompatible"], + }, + "Added" => { + "prefix" => "### Added", + "labels" => ["enhancement", "feature"], + }, + "Fixed" => { + "prefix" => "### Fixed", + "labels" => ["bug", "documentation", "bugfix"], + }, + } + end +else + desc 'Generate a Changelog from GitHub' + task :changelog do + raise < 1.15' + condition: "Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.3.0')" +EOM + end +end + diff --git a/appveyor.yml b/appveyor.yml new file mode 100644 index 0000000..ec38949 --- /dev/null +++ b/appveyor.yml @@ -0,0 +1,56 @@ +--- +version: 1.1.x.{build} +branches: + only: + - master + - release +skip_commits: + message: /^\(?doc\)?.*/ +clone_depth: 10 +init: + - SET + - 'mkdir C:\ProgramData\PuppetLabs\code && exit 0' + - 'mkdir C:\ProgramData\PuppetLabs\facter && exit 0' + - 'mkdir C:\ProgramData\PuppetLabs\hiera && exit 0' + - 'mkdir C:\ProgramData\PuppetLabs\puppet\var && exit 0' +environment: + matrix: + - + RUBY_VERSION: 24-x64 + CHECK: syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop + - + PUPPET_GEM_VERSION: ~> 5.0 + RUBY_VERSION: 24 + CHECK: parallel_spec + - + PUPPET_GEM_VERSION: ~> 5.0 + RUBY_VERSION: 24-x64 + CHECK: parallel_spec + - + PUPPET_GEM_VERSION: ~> 6.0 + RUBY_VERSION: 25 + CHECK: parallel_spec + - + PUPPET_GEM_VERSION: ~> 6.0 + RUBY_VERSION: 25-x64 + CHECK: parallel_spec +matrix: + fast_finish: true +install: + - set PATH=C:\Ruby%RUBY_VERSION%\bin;%PATH% + - bundle install --jobs 4 --retry 2 --without system_tests + - type Gemfile.lock +build: off +test_script: + - bundle exec puppet -V + - ruby -v + - gem -v + - bundle -v + - bundle exec rake %CHECK% +notifications: + - provider: Email + to: + - nobody@nowhere.com + on_build_success: false + on_build_failure: false + on_build_status_changed: false diff --git a/data/common.yaml b/data/common.yaml new file mode 100644 index 0000000..2fbf0ff --- /dev/null +++ b/data/common.yaml @@ -0,0 +1 @@ +--- {} diff --git a/metadata.json b/metadata.json index 35eb9e4..a29c89a 100644 --- a/metadata.json +++ b/metadata.json @@ -1,17 +1,94 @@ -{"name": "heppuppet-argus", +{ + "name": "heppuppet-argus", + "version": "1.0.0", "author": "schwicke", - "description": "This modules provides classes and definitions required to setup an Argus server instance.", + "summary": "EMI Argus service", "license": "Apache License, Version 2.0 (the \"License\")", - "project_page": "http://www.eu-emi.eu/", "source": "", - "summary": "EMI Argus service", "version": "0.0.1", + "project_page": "http://www.eu-emi.eu/", "dependencies": [ - {"name": "puppetlabs/stdlib", "version_requirement": ">=4.1.0"}, - {"name": "puppetlabs/concat", "version_requirement": ">=1.2.5"}, - {"name": "puppetlabs/firewall", "version_requirement": ">=0.3.1"}, - {"name": "CERNOps/vosupport", "version_requirement": ">=0.0.1"}, - {"name": "pdxcat/autofs", "version_requirement": ">=0.0.2"}, - {"name":"puppet/fetchcrl", "version_requirement":">= 1.1.1"}, - {"name":"stahnma-epel", "version_requirement":">= 1.2.2"} - ] -} \ No newline at end of file + { + "name": "puppetlabs/stdlib", + "version_requirement": ">=4.1.0" + }, + { + "name": "puppetlabs/concat", + "version_requirement": ">=1.2.5" + }, + { + "name": "puppetlabs/firewall", + "version_requirement": ">=0.3.1" + }, + { + "name": "CERNOps/vosupport", + "version_requirement": ">=0.0.1" + }, + { + "name": "pdxcat/autofs", + "version_requirement": ">=0.0.2" + }, + { + "name": "puppet/fetchcrl", + "version_requirement": ">= 1.1.1" + }, + { + "name": "stahnma-epel", + "version_requirement": ">= 1.2.2" + } + ], + "operatingsystem_support": [ + { + "operatingsystem": "CentOS", + "operatingsystemrelease": [ + "7" + ] + }, + { + "operatingsystem": "OracleLinux", + "operatingsystemrelease": [ + "7" + ] + }, + { + "operatingsystem": "RedHat", + "operatingsystemrelease": [ + "8" + ] + }, + { + "operatingsystem": "Scientific", + "operatingsystemrelease": [ + "7" + ] + }, + { + "operatingsystem": "Debian", + "operatingsystemrelease": [ + "9" + ] + }, + { + "operatingsystem": "Ubuntu", + "operatingsystemrelease": [ + "18.04" + ] + }, + { + "operatingsystem": "windows", + "operatingsystemrelease": [ + "2019", + "10" + ] + } + ], + "requirements": [ + { + "name": "puppet", + "version_requirement": ">= 4.10.0 < 7.0.0" + } + ], + "description": "This modules provides classes and definitions required to setup an Argus server instance.", + "pdk-version": "1.18.1", + "template-url": "pdk-default#1.18.1", + "template-ref": "tags/1.18.1-0-g3d2e75c" +} diff --git a/spec/default_facts.yml b/spec/default_facts.yml new file mode 100644 index 0000000..f777abf --- /dev/null +++ b/spec/default_facts.yml @@ -0,0 +1,8 @@ +# Use default_module_facts.yml for module specific facts. +# +# Facts specified here will override the values provided by rspec-puppet-facts. +--- +ipaddress: "172.16.254.254" +ipaddress6: "FE80:0000:0000:0000:AAAA:AAAA:AAAA" +is_pe: false +macaddress: "AA:AA:AA:AA:AA:AA" diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 5fda588..d3778ca 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,17 +1,57 @@ -dir = File.expand_path(File.dirname(__FILE__)) -$LOAD_PATH.unshift File.join(dir, 'lib') +# frozen_string_literal: true -require 'mocha' -require 'puppet' -require 'rspec' -require 'spec/autorun' +require 'puppetlabs_spec_helper/module_spec_helper' +require 'rspec-puppet-facts' -Spec::Runner.configure do |config| - config.mock_with :mocha +require 'spec_helper_local' if File.file?(File.join(File.dirname(__FILE__), 'spec_helper_local.rb')) + +include RspecPuppetFacts + +default_facts = { + puppetversion: Puppet.version, + facterversion: Facter.version, +} + +default_fact_files = [ + File.expand_path(File.join(File.dirname(__FILE__), 'default_facts.yml')), + File.expand_path(File.join(File.dirname(__FILE__), 'default_module_facts.yml')), +] + +default_fact_files.each do |f| + next unless File.exist?(f) && File.readable?(f) && File.size?(f) + + begin + default_facts.merge!(YAML.safe_load(File.read(f), [], [], true)) + rescue => e + RSpec.configuration.reporter.message "WARNING: Unable to load #{f}: #{e}" + end end -# We need this because the RAL uses 'should' as a method. This -# allows us the same behaviour but with a different method name. -class Object - alias :must :should +# read default_facts and merge them over what is provided by facterdb +default_facts.each do |fact, value| + add_custom_fact fact, value end + +RSpec.configure do |c| + c.default_facts = default_facts + c.before :each do + # set to strictest setting for testing + # by default Puppet runs at warning level + Puppet.settings[:strict] = :warning + Puppet.settings[:strict_variables] = true + end + c.filter_run_excluding(bolt: true) unless ENV['GEM_BOLT'] + c.after(:suite) do + end +end + +# Ensures that a module is defined +# @param module_name Name of the module +def ensure_module_defined(module_name) + module_name.split('::').reduce(Object) do |last_module, next_module| + last_module.const_set(next_module, Module.new) unless last_module.const_defined?(next_module, false) + last_module.const_get(next_module, false) + end +end + +# 'spec_overrides' from sync.yml will appear below this line From 10b47f324e721980b0d91faf6690146549d99751 Mon Sep 17 00:00:00 2001 From: Luke Kreczko Date: Mon, 27 Jul 2020 10:38:19 +0100 Subject: [PATCH 2/9] added source and issue URLs to metadata --- metadata.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/metadata.json b/metadata.json index a29c89a..4fd5cca 100644 --- a/metadata.json +++ b/metadata.json @@ -4,8 +4,9 @@ "author": "schwicke", "summary": "EMI Argus service", "license": "Apache License, Version 2.0 (the \"License\")", - "source": "", + "source": "https://github.com/HEP-Puppet/puppet-argus", "project_page": "http://www.eu-emi.eu/", + "issues_url": "https://github.com/HEP-Puppet/puppet-argus/issues", "dependencies": [ { "name": "puppetlabs/stdlib", From 19430a1bafdff6dfa7af136fbb30b3f370bd945d Mon Sep 17 00:00:00 2001 From: Luke Kreczko Date: Mon, 27 Jul 2020 10:44:54 +0100 Subject: [PATCH 3/9] added Puppet lint workflow --- .github/workflows/puppet-lint.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 .github/workflows/puppet-lint.yml diff --git a/.github/workflows/puppet-lint.yml b/.github/workflows/puppet-lint.yml new file mode 100644 index 0000000..456468c --- /dev/null +++ b/.github/workflows/puppet-lint.yml @@ -0,0 +1,11 @@ +name: Puppet Lint on: [push] jobs: + puppet-lint: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: puppet-lint + uses: scottbrenner/puppet-lint-action@master + with: + args: ./ + From 092c2dc174b42ba4b9de819b22d9ffd266ed2146 Mon Sep 17 00:00:00 2001 From: Luke Kreczko Date: Mon, 27 Jul 2020 10:55:36 +0100 Subject: [PATCH 4/9] removed Eclipse project file --- .project | 25 ------------------------- 1 file changed, 25 deletions(-) delete mode 100644 .project diff --git a/.project b/.project deleted file mode 100644 index 5ba70cb..0000000 --- a/.project +++ /dev/null @@ -1,25 +0,0 @@ - - - argus - - - puppet-concat - puppetlabs-stdlib - - - - org.cloudsmith.geppetto.pp.dsl.ui.modulefileBuilder - - - - - org.eclipse.xtext.ui.shared.xtextBuilder - - - - - - org.cloudsmith.geppetto.pp.dsl.ui.puppetNature - org.eclipse.xtext.ui.shared.xtextNature - - From a943d57899c886857173c0fd47ed279e932be1c6 Mon Sep 17 00:00:00 2001 From: Luke Kreczko Date: Mon, 27 Jul 2020 11:00:37 +0100 Subject: [PATCH 5/9] puppet-lint: formatting --- manifests/bdii.pp | 54 ++++++++++----------- manifests/centralbanning.pp | 36 +++++++------- manifests/config.pp | 97 ++++++++++++++++++++----------------- manifests/firewall.pp | 6 +-- manifests/init.pp | 49 +++++++++---------- manifests/install.pp | 2 +- manifests/lemon.pp | 2 +- manifests/nfs.pp | 14 +++--- manifests/params.pp | 56 ++++++++++----------- manifests/policies.pp | 60 +++++++++++------------ manifests/rules_banning.pp | 48 +++++++++--------- manifests/service.pp | 32 ++++++------ manifests/servicecert.pp | 14 +++--- manifests/voms.pp | 4 +- 14 files changed, 239 insertions(+), 235 deletions(-) diff --git a/manifests/bdii.pp b/manifests/bdii.pp index cb84ba6..9488841 100644 --- a/manifests/bdii.pp +++ b/manifests/bdii.pp @@ -4,40 +4,40 @@ # include ::bdii - file {"/var/lib/bdii/gip/provider/glite-info-glue2-provider-service-argus": - ensure => file, - owner => "ldap", - group => "ldap", - mode => '0755', - content => template("argus/glite-info-glue2-provider-service-argus.erb"), + file {'/var/lib/bdii/gip/provider/glite-info-glue2-provider-service-argus': + ensure => file, + owner => 'ldap', + group => 'ldap', + mode => '0755', + content => template('argus/glite-info-glue2-provider-service-argus.erb'), require => Package['bdii'], } - file {"/etc/argus/info-glue2/glite-info-glue2-argus-pep.conf": - ensure => file, - owner => "root", - group => "root", - mode => '0644', - force => true, - content => template("argus/glite-info-glue2-argus-pep.conf.erb"), + file {'/etc/argus/info-glue2/glite-info-glue2-argus-pep.conf': + ensure => file, + owner => 'root', + group => 'root', + mode => '0644', + force => true, + content => template('argus/glite-info-glue2-argus-pep.conf.erb'), } - file {"/etc/argus/info-glue2/glite-info-glue2-argus-pdp.conf": - ensure => file, - owner => "root", - group => "root", - mode => '0644', - force => true, - content => template("argus/glite-info-glue2-argus-pdp.conf.erb"), + file {'/etc/argus/info-glue2/glite-info-glue2-argus-pdp.conf': + ensure => file, + owner => 'root', + group => 'root', + mode => '0644', + force => true, + content => template('argus/glite-info-glue2-argus-pdp.conf.erb'), } - file {"/etc/argus/info-glue2/glite-info-glue2-argus-pap.conf": - ensure => file, - owner => "root", - group => "root", - mode => '0644', - force => true, - content => template("argus/glite-info-glue2-argus-pap.conf.erb"), + file {'/etc/argus/info-glue2/glite-info-glue2-argus-pap.conf': + ensure => file, + owner => 'root', + group => 'root', + mode => '0644', + force => true, + content => template('argus/glite-info-glue2-argus-pap.conf.erb'), } diff --git a/manifests/centralbanning.pp b/manifests/centralbanning.pp index 5381fff..12d9704 100644 --- a/manifests/centralbanning.pp +++ b/manifests/centralbanning.pp @@ -1,30 +1,30 @@ class argus::centralbanning { - if $::argus::centralbanning_hostname != "" { - concat::fragment{"pap_configuration.centralbanning.ini": - target => "/usr/share/argus/pap/conf/pap_configuration.ini", - order => "1", - content => template("argus/pap_configuration.ini.centralbanning.erb"), + if $::argus::centralbanning_hostname != '' { + concat::fragment{'pap_configuration.centralbanning.ini': + target => '/usr/share/argus/pap/conf/pap_configuration.ini', + order => '1', + content => template('argus/pap_configuration.ini.centralbanning.erb'), } - file {"/etc/cron.d/centralbanning": - ensure => present, - owner => "root", - group => "root", - mode => '0644', - content => template("argus/centralbanning.erb"), + file {'/etc/cron.d/centralbanning': + ensure => present, + owner => 'root', + group => 'root', + mode => '0644', + content => template('argus/centralbanning.erb'), } - ~> - exec {"/usr/bin/pap-admin --host $::fqdn enable-pap centralbanning && /usr/bin/pap-admin --host $::fqdn set-paps-order centralbanning default && /usr/bin/pap-admin --host $::fqdn refresh-cache centralbanning": + + ~> exec {"/usr/bin/pap-admin --host ${::fqdn} enable-pap centralbanning && /usr/bin/pap-admin --host ${::fqdn} set-paps-order centralbanning default && /usr/bin/pap-admin --host ${::fqdn} refresh-cache centralbanning": refreshonly => true, - require => Service['argus-pap'] + require => Service['argus-pap'] } } else { - concat::fragment{"pap_configuration.centralbanning.ini": - target => "/usr/share/argus/pap/conf/pap_configuration.ini", - order => "1", - content => template("argus/pap_configuration.ini.default.erb"), + concat::fragment{'pap_configuration.centralbanning.ini': + target => '/usr/share/argus/pap/conf/pap_configuration.ini', + order => '1', + content => template('argus/pap_configuration.ini.default.erb'), } } } diff --git a/manifests/config.pp b/manifests/config.pp index 6e41a17..b984e6a 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -3,12 +3,12 @@ # VOMS #we need the VOMS mappings, use vosupport module class {'vosupport': - supported_vos => $argus::supported_vos , + supported_vos => $argus::supported_vos , enable_mappings_for_service => 'ALL', - enable_poolaccounts => false, - enable_environment => false, - enable_voms => false, - enable_gridmapdir_for_group => "root", + enable_poolaccounts => false, + enable_environment => false, + enable_voms => false, + enable_gridmapdir_for_group => 'root', } #include voms servers information @@ -21,65 +21,65 @@ # file {['/etc/argus', '/etc/argus/info-glue2' ]: - ensure => directory, - owner => 0, - group => 0, - mode => '0755', + ensure => directory, + owner => 0, + group => 0, + mode => '0755', } - concat{"/usr/share/argus/pap/conf/pap_configuration.ini": - owner => 'root', - group => 'root', - mode => '0640', + concat{'/usr/share/argus/pap/conf/pap_configuration.ini': + owner => 'root', + group => 'root', + mode => '0640', require => Package[$argus::pkg_meta], notify => Service['argus-pap'], } - concat::fragment{"pap_configuration.ini": - target => "/usr/share/argus/pap/conf/pap_configuration.ini", - order => "9", - content => template("argus/pap_configuration.ini.erb"), + concat::fragment{'pap_configuration.ini': + target => '/usr/share/argus/pap/conf/pap_configuration.ini', + order => '9', + content => template('argus/pap_configuration.ini.erb'), } - file {"/usr/share/argus/pap/conf/pap_authorization.ini": - ensure => present, - owner => "root", - group => "root", - mode => '0640', - content => template("argus/pap_authorization.ini.erb"), + file {'/usr/share/argus/pap/conf/pap_authorization.ini': + ensure => present, + owner => 'root', + group => 'root', + mode => '0640', + content => template('argus/pap_authorization.ini.erb'), require => Package[$argus::pkg_meta], notify => Service['argus-pap'], } - file {"/usr/share/argus/pap/conf/pap-admin.properties": - ensure => present, - owner => "root", - group => "root", - mode => '0644', - content => template("argus/pap-admin.properties.erb"), + file {'/usr/share/argus/pap/conf/pap-admin.properties': + ensure => present, + owner => 'root', + group => 'root', + mode => '0644', + content => template('argus/pap-admin.properties.erb'), require => Package[$argus::pkg_meta], notify => Service['argus-pap'], } - file {"/etc/argus/pdp/pdp.ini": - ensure => present, - owner => "root", - group => "root", - mode => '0640', - content => template("argus/pdp.ini.erb"), + file {'/etc/argus/pdp/pdp.ini': + ensure => present, + owner => 'root', + group => 'root', + mode => '0640', + content => template('argus/pdp.ini.erb'), require => Package[$argus::pkg_meta], notify => Service['argus-pdp'], } - file {"/usr/share/argus/pepd/conf/pepd.ini": - ensure => present, - owner => "root", - group => "root", - mode => '0640', - content => template("argus/pepd.ini.erb"), + file {'/usr/share/argus/pepd/conf/pepd.ini': + ensure => present, + owner => 'root', + group => 'root', + mode => '0640', + content => template('argus/pepd.ini.erb'), require => Package[$argus::pkg_meta], notify => Service['argus-pepd'], } @@ -90,8 +90,17 @@ #pepd service must be restarted when the gridmap files change - File['/etc/grid-security/grid-mapfile','/etc/grid-security/voms-grid-mapfile','/etc/grid-security/groupmapfile']~>Service['argus-pepd'] - - File['/usr/share/argus/pap/conf/pap_authorization.ini','/usr/share/argus/pap/conf/pap-admin.properties','/etc/argus/pdp/pdp.ini','/usr/share/argus/pepd/conf/pepd.ini'] -> Class['vosupport'] -> Class['argus::bdii'] + File[ + '/etc/grid-security/grid-mapfile', + '/etc/grid-security/voms-grid-mapfile', + '/etc/grid-security/groupmapfile' + ]~>Service['argus-pepd'] + + File[ + '/usr/share/argus/pap/conf/pap_authorization.ini', + '/usr/share/argus/pap/conf/pap-admin.properties', + '/etc/argus/pdp/pdp.ini', + '/usr/share/argus/pepd/conf/pepd.ini' + ] -> Class['vosupport'] -> Class['argus::bdii'] } diff --git a/manifests/firewall.pp b/manifests/firewall.pp index 06ffe4c..1d1382d 100644 --- a/manifests/firewall.pp +++ b/manifests/firewall.pp @@ -2,17 +2,17 @@ firewall { '101 allow argus pap': proto => 'tcp', - dport => "$argus::pap_port", + dport => $argus::pap_port, action => 'accept', } firewall { '101 allow argus pdp': proto => 'tcp', - dport => "$argus::pdp_port", + dport => $argus::pdp_port, action => 'accept', } firewall { '101 allow argus pepd': proto => 'tcp', - dport => "$argus::pepd_port", + dport => $argus::pepd_port, action => 'accept', } include bdii::firewall diff --git a/manifests/init.pp b/manifests/init.pp index 5c02da0..5cc49bc 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,24 +1,21 @@ -/** - * Requirements : - * - a certificate MUST be installed using puppet in /etc/grid-security/hostcert.pem (hostkey.pem) - * - the UMD4 repositories MUST be present - * - * The PAP rules are specified in a hash this way : - * -argus::pap_rules: - action: - attribute: - list of DNs - -for instance (the included quotes are required for the policy to be correctly added ) : - deny: - subject-issuer: - - "'CN=bad guys'" - -will create a rule : -rule deny { subject-issuer = 'CN=bad guys' } - - */ +# Requirements : +# - a certificate MUST be installed using puppet in /etc/grid-security/hostcert.pem (hostkey.pem) +# - the UMD4 repositories MUST be present +# +# The PAP rules are specified in a hash this way : +# +# argus::pap_rules: +# action: +# attribute: +# list of DNs +# +# for instance (the included quotes are required for the policy to be correctly added ) : +# deny: +# subject-issuer: +# - "'CN=bad guys'" +# +# will create a rule : +# rule deny { subject-issuer = 'CN=bad guys' } class argus ( $open_firewall = false, @@ -73,12 +70,12 @@ #following must be changed. $pap_admin_dn = undef , #this must be an *ARRAY* as there can be many admins. - $site_base_dn = "/O=GRID/C=FR_EN_UK/O=my CA/CN" , #a = will be apended to this when needed. + $site_base_dn = '/O=GRID/C=FR_EN_UK/O=my CA/CN' , #a = will be apended to this when needed. - $nfspath = "" , - $nfsmountoptions = "" , - $mountpoint = "" , + $nfspath = '' , + $nfsmountoptions = '' , + $mountpoint = '' , # additional rules for pap authorization. Used for creating a NGI or central pap. # example : @@ -118,7 +115,7 @@ ) { $pap_service_dn = "${site_base_dn}=${service_name}" - $pap_host_dn = "${site_base_dn}=$::fqdn" + $pap_host_dn = "${site_base_dn}=${::fqdn}" case $::osfamily { 'RedHat' : { diff --git a/manifests/install.pp b/manifests/install.pp index c7d0aed..3aaea6e 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -1,6 +1,6 @@ class argus::install { package { $::argus::pkg_meta : ensure => $::argus::pkg_ensure, - tag => 'argus', + tag => 'argus', } } diff --git a/manifests/lemon.pp b/manifests/lemon.pp index 3124b7e..baa02ca 100644 --- a/manifests/lemon.pp +++ b/manifests/lemon.pp @@ -9,5 +9,5 @@ lemon::metric{'33309':} lemon::metric{'33310':} lemon::metric{'33311':} - + } diff --git a/manifests/nfs.pp b/manifests/nfs.pp index 7dcd864..0d7a5e6 100644 --- a/manifests/nfs.pp +++ b/manifests/nfs.pp @@ -11,10 +11,10 @@ #make sure the rpcbind and nfslock services are started prior to mounting the NFS share! #NB: this is for SLC6, on SLC5 we would need portmap instead of rpcbind. See cvmfs for an example. service { ['rpcbind','nfslock']: - ensure => 'running', - enable => true, + ensure => 'running', + enable => true, hasrestart => true, - hasstatus => true, + hasstatus => true, } #Use autofs so that the NFS share is correctly mounted on startup and argus directly uses it @@ -25,10 +25,10 @@ #the automount maps are not managed by the autofs module (only master map and included master maps are) file { '/etc/auto.gridmapdir': - ensure => present, - owner => 'root', - group => 'root', - mode => '0644', + ensure => present, + owner => 'root', + group => 'root', + mode => '0644', content => "${mountpoint} ${nfsmountoptions} ${nfspath}", } diff --git a/manifests/params.pp b/manifests/params.pp index 407352f..22cd074 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -1,44 +1,44 @@ class argus::params { # site name - $sitename = hiera("SITENAME","SOME.WHERE") + $sitename = hiera('SITENAME','SOME.WHERE') # pep params - $pepd_port = hiera("PEPD_DEFAULT_PORT", "8154") - $pepd_admin_port = hiera("PEPD_DEFAULT_ADMIN_PORT", "8155") - $pepd_pass = hiera("PEPD_DEFAULT_PASS", randompass() ) + $pepd_port = hiera('PEPD_DEFAULT_PORT', '8154') + $pepd_admin_port = hiera('PEPD_DEFAULT_ADMIN_PORT', '8155') + $pepd_pass = hiera('PEPD_DEFAULT_PASS', randompass() ) # pdp params - $pdps_port = hiera("PDPS_PORT", "8152") - $pdp_port = hiera("PDP_DEFAULT_PORT", "8152") - $pdp_admin_port = hiera("PDP_DEFAULT_ADMIN_PORT", "8153") - $pdp_pass = hiera("PDP_DEFAULT_PASS", randompass() ) + $pdps_port = hiera('PDPS_PORT', '8152') + $pdp_port = hiera('PDP_DEFAULT_PORT', '8152') + $pdp_admin_port = hiera('PDP_DEFAULT_ADMIN_PORT', '8153') + $pdp_pass = hiera('PDP_DEFAULT_PASS', randompass() ) # pap parameters - $pap_port = hiera("PAP_DEFAULT_PORT", "8150") - $pap_shutdown_port = hiera("PAP_DEFAULT_SHUTDOWN_PORT", "8151") - $pap_shutdown_command = hiera("PAP_DEFAULT_SHUTDOWN_COMMAND", randompass() ) - + $pap_port = hiera('PAP_DEFAULT_PORT', '8150') + $pap_shutdown_port = hiera('PAP_DEFAULT_SHUTDOWN_PORT', '8151') + $pap_shutdown_command = hiera('PAP_DEFAULT_SHUTDOWN_COMMAND', randompass() ) + # central banning setup - $centralbanning_enabled = hiera("CENTRALBANNING_ENABLED","false") - $centralbanning_dn = hiera("CENTRALBANNING_DN", "") - $centralbanning_hostname = hiera("CENTRALBANNING_HOSTNAME", "") - $centralbanning_port = hiera("CENTRALBANNING_PORT", 8150) - $poll_interval = hiera("POLL_INTERVAL", 14400) - - $service_name = hiera("SERVICE_NAME", $::fqdn) - $pap_admin_dn = hiera("PAP_ADMIN_DN", "") - $site_base_dn = hiera("SITE_BASE_DN", "") - $pap_service_dn = hiera("PAP_SERVICE_DN", "${site_base_dn}=${service_name}") - $pap_host_dn = hiera("PAP_HOST_DN", "${site_base_dn}=$::fqdn") - $nfspath = hiera("NFSPATH", "") - $nfsmountoptions = hiera("NFSMOUNTOPTIONS", "") - $mountpoint = hiera("MOUNTPOINT", "") + $centralbanning_enabled = hiera('CENTRALBANNING_ENABLED','false') + $centralbanning_dn = hiera('CENTRALBANNING_DN', '') + $centralbanning_hostname = hiera('CENTRALBANNING_HOSTNAME', '') + $centralbanning_port = hiera('CENTRALBANNING_PORT', 8150) + $poll_interval = hiera('POLL_INTERVAL', 14400) + + $service_name = hiera('SERVICE_NAME', $::fqdn) + $pap_admin_dn = hiera('PAP_ADMIN_DN', '') + $site_base_dn = hiera('SITE_BASE_DN', '') + $pap_service_dn = hiera('PAP_SERVICE_DN', "${site_base_dn}=${service_name}") + $pap_host_dn = hiera('PAP_HOST_DN', "${site_base_dn}=${::fqdn}") + $nfspath = hiera('NFSPATH', '') + $nfsmountoptions = hiera('NFSMOUNTOPTIONS', '') + $mountpoint = hiera('MOUNTPOINT', '') # additional rules for pap - $pap_auth = hiera("PAP_AUTH","") + $pap_auth = hiera('PAP_AUTH','') # banning rules - $pap_ban = hiera("PAP_BAN","") + $pap_ban = hiera('PAP_BAN','') } diff --git a/manifests/policies.pp b/manifests/policies.pp index 234ba3a..8f1bd61 100644 --- a/manifests/policies.pp +++ b/manifests/policies.pp @@ -1,57 +1,57 @@ class argus::policies { - file {"/var/cache/argus": - ensure => directory, - owner => root, - group => root, - mode => '0700', - purge => true, + file {'/var/cache/argus': + ensure => directory, + owner => root, + group => root, + mode => '0700', + purge => true, recurse => true, } - file {"/var/cache/argus/policies.spl": - ensure => present, - owner => "root", - group => "root", - mode => '0644', - content => template("argus/policies.erb"), - require => File["/var/cache/argus"], - notify => Exec["update_argus_policies"], + file {'/var/cache/argus/policies.spl': + ensure => present, + owner => 'root', + group => 'root', + mode => '0644', + content => template('argus/policies.erb'), + require => File['/var/cache/argus'], + notify => Exec['update_argus_policies'], } - exec {"delete_argus_policies": - command => "/usr/bin/pap-admin --host $::fqdn remove-all-policies", - onlyif => "/usr/bin/test ! -s /var/cache/argus/policies.spl", - notify => Exec['update_pdp_rules'] + exec {'delete_argus_policies': + command => "/usr/bin/pap-admin --host ${::fqdn} remove-all-policies", + onlyif => '/usr/bin/test ! -s /var/cache/argus/policies.spl', + notify => Exec['update_pdp_rules'] } - $pap_update_cmd = "/bin/cat /var/cache/argus/*.spl > /tmp/update$$.spl && /usr/bin/pap-admin --host $::fqdn remove-all-policies && /usr/bin/pap-admin --host $::fqdn add-policies-from-file /tmp/update$$.spl && rm /tmp/update$$.spl" + $pap_update_cmd = "/bin/cat /var/cache/argus/*.spl > /tmp/update$$.spl && /usr/bin/pap-admin --host ${::fqdn} remove-all-policies && /usr/bin/pap-admin --host ${::fqdn} add-policies-from-file /tmp/update$$.spl && rm /tmp/update$$.spl" - exec {"update_argus_policies": - command => "$pap_update_cmd || { rm -f /var/cache/argus/policies.spl ; pkill -f 'java.*argus/pap' ;}", + exec {'update_argus_policies': + command => "${pap_update_cmd} || { rm -f /var/cache/argus/policies.spl ; pkill -f 'java.*argus/pap' ;}", refreshonly => true, - onlyif => "/usr/bin/test -s /var/cache/argus/policies.spl", - notify => Exec['update_pdp_rules'], - require => Service['argus-pap'] + onlyif => '/usr/bin/test -s /var/cache/argus/policies.spl', + notify => Exec['update_pdp_rules'], + require => Service['argus-pap'] } #a new exec whose only goal is to try to reload policies if none is found in argus AND the policies.spl file is not empty. Meaning the policies are not there but should ! # this can happen on reinstall, and this can then cause Undetermined decisions in pdp/pep, causing sites breakdown #remove policies.spl on failure, to trigger a new argus pap config on next run #kill argus pap on failure too as a "pdp reloadpolicy" just doesn't complain if policies are empty ! - exec {"update_argus_policies_on_previous_failure": - command => "$pap_update_cmd || { rm -f /var/cache/argus/policies.spl ; pkill -f 'java.*argus/pap' ;}", - onlyif => "/bin/bash -c '(pap-admin lp | grep -q \"No policies\") && /usr/bin/test -s /var/cache/argus/policies.spl'", - notify => Exec['update_pdp_rules'], + exec {'update_argus_policies_on_previous_failure': + command => "${pap_update_cmd} || { rm -f /var/cache/argus/policies.spl ; pkill -f 'java.*argus/pap' ;}", + onlyif => "/bin/bash -c '(pap-admin lp | grep -q \"No policies\") && /usr/bin/test -s /var/cache/argus/policies.spl'", + notify => Exec['update_pdp_rules'], require => Service['argus-pap'] } #this does not even complain if pap is dead :'( exec {'update_pdp_rules': - command => '/usr/sbin/pdpctl reloadPolicy', + command => '/usr/sbin/pdpctl reloadPolicy', refreshonly => true, - require => Service['argus-pdp'] + require => Service['argus-pdp'] } File['/var/cache/argus'] -> File['/var/cache/argus/policies.spl'] -> Exec['delete_argus_policies'] -> Exec['update_argus_policies'] diff --git a/manifests/rules_banning.pp b/manifests/rules_banning.pp index c1d68ce..dc23734 100644 --- a/manifests/rules_banning.pp +++ b/manifests/rules_banning.pp @@ -1,37 +1,37 @@ class argus::rules_banning inherits argus::params { - file {"/var/cache/argus": - ensure => directory, - owner => root, - group => root, - mode => 0700, - purge => true, + file {'/var/cache/argus': + ensure => directory, + owner => root, + group => root, + mode => '0700', + purge => true, recurse => true, } - file {"/var/cache/argus/policies_centralbanning.spl": - ensure => present, - owner => "root", - group => "root", - mode => 0644, - content => template("argus/policies_centralbanning.erb"), - require => File["/var/cache/argus"], - notify => Exec["update_argus_policies"], + file {'/var/cache/argus/policies_centralbanning.spl': + ensure => present, + owner => 'root', + group => 'root', + mode => '0644', + content => template('argus/policies_centralbanning.erb'), + require => File['/var/cache/argus'], + notify => Exec['update_argus_policies'], } - exec {"delete_argus_policies": - command => "/usr/bin/pap-admin --host $::fqdn remove-all-policies", - onlyif => "/usr/bin/test ! -s /var/cache/argus/policies_centralbanning.spl", - notify => Service["argus-pdp"] #restart the PDP service to take the new policies into account + exec {'delete_argus_policies': + command => "/usr/bin/pap-admin --host ${::fqdn} remove-all-policies", + onlyif => '/usr/bin/test ! -s /var/cache/argus/policies_centralbanning.spl', + notify => Service['argus-pdp'] #restart the PDP service to take the new policies into account } - - exec {"update_argus_policies": - command => "/bin/cat /var/cache/argus/*.spl > /tmp/update$$.spl && /usr/bin/pap-admin --host $::fqdn remove-all-policies && /usr/bin/pap-admin --host $::fqdn add-policies-from-file /tmp/update$$.spl && rm /tmp/update$$.spl", + + exec {'update_argus_policies': + command => "/bin/cat /var/cache/argus/*.spl > /tmp/update$$.spl && /usr/bin/pap-admin --host ${::fqdn} remove-all-policies && /usr/bin/pap-admin --host ${::fqdn} add-policies-from-file /tmp/update$$.spl && rm /tmp/update$$.spl", refreshonly => true, - onlyif => "/usr/bin/test -s /var/cache/argus/policies_centralbanning.spl", - notify => Service["argus-pdp"] #restart the PDP service to take the new policies into account + onlyif => '/usr/bin/test -s /var/cache/argus/policies_centralbanning.spl', + notify => Service['argus-pdp'] #restart the PDP service to take the new policies into account } File['/var/cache/argus'] -> File['/var/cache/argus/policies_centralbanning.spl'] -> Exec['delete_argus_policies'] -> Exec['update_argus_policies'] - + } diff --git a/manifests/service.pp b/manifests/service.pp index eabd9ce..bafb597 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -1,25 +1,25 @@ class argus::service { service{'argus-pap': - ensure => running, - hasstatus => true, + ensure => running, + hasstatus => true, hasrestart => true, - enable => true, - tag => 'argus', + enable => true, + tag => 'argus', } - -> - service{'argus-pdp': - ensure => running, - hasstatus => true, + + -> service{'argus-pdp': + ensure => running, + hasstatus => true, hasrestart => true, - enable => true, - tag => 'argus', + enable => true, + tag => 'argus', } - -> - service{'argus-pepd': - ensure => running, - hasstatus => true, + + -> service{'argus-pepd': + ensure => running, + hasstatus => true, hasrestart => true, - enable => true, - tag => 'argus', + enable => true, + tag => 'argus', } } diff --git a/manifests/servicecert.pp b/manifests/servicecert.pp index eab402d..fa16082 100644 --- a/manifests/servicecert.pp +++ b/manifests/servicecert.pp @@ -1,18 +1,18 @@ class argus::servicecert inherits argus::params { if $service_name == $::fqnd { # we can use the puppet autogenerated certificate - class {'hostcertificate::gridcertificate':} + class {'hostcertificate::gridcertificate':} } else { - if !defined(File["/etc/grid-security"]) { - file {"/etc/grid-security": + if !defined(File['/etc/grid-security']) { + file {'/etc/grid-security': ensure => directory, - owner => "root", - group => "root", - mode => 0700, + owner => 'root', + group => 'root', + mode => '0700', } } } } - + diff --git a/manifests/voms.pp b/manifests/voms.pp index bdf8dd3..d569ec6 100644 --- a/manifests/voms.pp +++ b/manifests/voms.pp @@ -1,6 +1,4 @@ -/* - * puppet helper that will include the voms module related classes for individual VOs - */ +# puppet helper that will include the voms module related classes for individual VOs define argus::voms { include "::voms::${title}" } From 30ddd75a4802b59b29651de85b95a377e49ee3fd Mon Sep 17 00:00:00 2001 From: Luke Kreczko Date: Mon, 27 Jul 2020 11:23:23 +0100 Subject: [PATCH 6/9] fixed Rubocop issues --- lib/puppet/parser/functions/randompass.rb | 25 ++++++++++++----------- 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/lib/puppet/parser/functions/randompass.rb b/lib/puppet/parser/functions/randompass.rb index e3d2a3e..59f6580 100644 --- a/lib/puppet/parser/functions/randompass.rb +++ b/lib/puppet/parser/functions/randompass.rb @@ -1,14 +1,15 @@ -module Puppet::Parser::Functions - newfunction(:randompass, :type => :rvalue, :doc =><<-EOS -This function returns a random password -EOS - ) do |args| - $length = 10 - $allowed = [] - ('!'..'Z').each { |c| $allowed << c} - ('a'..'z').each { |c| $allowed << c} - value = "" - $length.times{value << $allowed[rand($allowed.length)]} - return value +# Creates random password +Puppet::Parser::Functions.create_function(:randompass) do + # @return [String] random password + # @example + # randompass() => '!@#sfsdf' + def randompass + length = 10 + allowed = [] + ('!'..'Z').each { |c| allowed << c } + ('a'..'z').each { |c| allowed << c } + value = '' + length.times { value << allowed[rand(allowed.length)] } + value end end From 2ca4d493a255875121212bdd4be1e3452e937a78 Mon Sep 17 00:00:00 2001 From: Luke Kreczko Date: Mon, 27 Jul 2020 11:28:36 +0100 Subject: [PATCH 7/9] fixed dependency restrictions in metadata.json --- metadata.json | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/metadata.json b/metadata.json index 4fd5cca..cf44a14 100644 --- a/metadata.json +++ b/metadata.json @@ -2,39 +2,39 @@ "name": "heppuppet-argus", "version": "1.0.0", "author": "schwicke", - "summary": "EMI Argus service", - "license": "Apache License, Version 2.0 (the \"License\")", + "summary": "This modules provides classes and definitions required to setup an Argus server instance.", + "license": "Apache-2.0", "source": "https://github.com/HEP-Puppet/puppet-argus", "project_page": "http://www.eu-emi.eu/", "issues_url": "https://github.com/HEP-Puppet/puppet-argus/issues", "dependencies": [ { "name": "puppetlabs/stdlib", - "version_requirement": ">=4.1.0" + "version_requirement": ">= 4.1.0 < 7.0.0" }, { "name": "puppetlabs/concat", - "version_requirement": ">=1.2.5" + "version_requirement": ">=1.2.5 < 7.0.0" }, { "name": "puppetlabs/firewall", - "version_requirement": ">=0.3.1" + "version_requirement": ">= 0.3.1 < 3" }, { "name": "CERNOps/vosupport", - "version_requirement": ">=0.0.1" + "version_requirement": ">=0.0.1 < 10" }, { "name": "pdxcat/autofs", - "version_requirement": ">=0.0.2" + "version_requirement": ">=0.0.2 < 10" }, { "name": "puppet/fetchcrl", - "version_requirement": ">= 1.1.1" + "version_requirement": ">= 1.1.1 < 5" }, { "name": "stahnma-epel", - "version_requirement": ">= 1.2.2" + "version_requirement": ">= 1.2.2 < 10" } ], "operatingsystem_support": [ @@ -88,7 +88,6 @@ "version_requirement": ">= 4.10.0 < 7.0.0" } ], - "description": "This modules provides classes and definitions required to setup an Argus server instance.", "pdk-version": "1.18.1", "template-url": "pdk-default#1.18.1", "template-ref": "tags/1.18.1-0-g3d2e75c" From bb551df8f6720f7bb2a5341ec9920306990deb94 Mon Sep 17 00:00:00 2001 From: Luke Kreczko Date: Mon, 27 Jul 2020 11:40:11 +0100 Subject: [PATCH 8/9] fixed most important puppet lint issues --- manifests/init.pp | 27 ++++++++++++--------------- manifests/servicecert.pp | 1 + 2 files changed, 13 insertions(+), 15 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 5cc49bc..68ce465 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -17,8 +17,6 @@ # will create a rule : # rule deny { subject-issuer = 'CN=bad guys' } class argus ( - $open_firewall = false, - #the argus pap server used by pdp $pap_server, #the argus pdp server used by pep @@ -31,8 +29,6 @@ #this will setup the voms related things : $supported_vos, - #this will create argus "permit" rules for those VOs if true - $supported_vos_allowed = true, # site name is required $sitename, @@ -43,20 +39,16 @@ # pep params $pepd_port, $pepd_admin_port, - $pepd_pass = randompass(), # pdp params $pdps_port, $pdp_port, $pdp_admin_port, - $pdp_pass = randompass(), $pdp_retention_interval, # pap parameters $pap_port, $pap_shutdown_port, - $pap_shutdown_command = randompass(), - # central banning setup $centralbanning_dn, @@ -64,6 +56,18 @@ $centralbanning_port, $centralbanning_public, $poll_interval, + #files + $grid_mapfile, + $grid_mapdir, + $group_mapfile, + + $open_firewall = false, + #this will create argus "permit" rules for those VOs if true + $supported_vos_allowed = true, + + $pepd_pass = randompass(), + $pdp_pass = randompass(), + $pap_shutdown_command = randompass(), $service_name = $::fqdn , @@ -105,13 +109,6 @@ # ... $pap_rules = {}, - - #files - $grid_mapfile, - $grid_mapdir, - $group_mapfile, - - ) { $pap_service_dn = "${site_base_dn}=${service_name}" diff --git a/manifests/servicecert.pp b/manifests/servicecert.pp index fa16082..9c841f9 100644 --- a/manifests/servicecert.pp +++ b/manifests/servicecert.pp @@ -1,4 +1,5 @@ class argus::servicecert inherits argus::params { + $service_name = $::argus::service_name if $service_name == $::fqnd { # we can use the puppet autogenerated certificate class {'hostcertificate::gridcertificate':} From 8fd23cd7f25cb3d03cc488997faf3d8b6833925e Mon Sep 17 00:00:00 2001 From: Luke Kreczko Date: Mon, 27 Jul 2020 16:08:51 +0100 Subject: [PATCH 9/9] removed params and hard-coded gridmapfiles --- manifests/config.pp | 10 ++++----- manifests/params.pp | 44 ---------------------------------------- manifests/servicecert.pp | 2 +- 3 files changed, 6 insertions(+), 50 deletions(-) delete mode 100644 manifests/params.pp diff --git a/manifests/config.pp b/manifests/config.pp index b984e6a..bd00af0 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -86,14 +86,14 @@ include 'argus::centralbanning' - - - #pepd service must be restarted when the gridmap files change + $grid_mapfile = $::argus::grid_mapfile + $group_mapfile = $::argus::group_mapfile + File[ - '/etc/grid-security/grid-mapfile', + $grid_mapfile, '/etc/grid-security/voms-grid-mapfile', - '/etc/grid-security/groupmapfile' + $group_mapfile ]~>Service['argus-pepd'] File[ diff --git a/manifests/params.pp b/manifests/params.pp deleted file mode 100644 index 22cd074..0000000 --- a/manifests/params.pp +++ /dev/null @@ -1,44 +0,0 @@ -class argus::params { - # site name - $sitename = hiera('SITENAME','SOME.WHERE') - - # pep params - $pepd_port = hiera('PEPD_DEFAULT_PORT', '8154') - $pepd_admin_port = hiera('PEPD_DEFAULT_ADMIN_PORT', '8155') - $pepd_pass = hiera('PEPD_DEFAULT_PASS', randompass() ) - - # pdp params - $pdps_port = hiera('PDPS_PORT', '8152') - $pdp_port = hiera('PDP_DEFAULT_PORT', '8152') - $pdp_admin_port = hiera('PDP_DEFAULT_ADMIN_PORT', '8153') - $pdp_pass = hiera('PDP_DEFAULT_PASS', randompass() ) - - # pap parameters - $pap_port = hiera('PAP_DEFAULT_PORT', '8150') - $pap_shutdown_port = hiera('PAP_DEFAULT_SHUTDOWN_PORT', '8151') - $pap_shutdown_command = hiera('PAP_DEFAULT_SHUTDOWN_COMMAND', randompass() ) - - - # central banning setup - $centralbanning_enabled = hiera('CENTRALBANNING_ENABLED','false') - $centralbanning_dn = hiera('CENTRALBANNING_DN', '') - $centralbanning_hostname = hiera('CENTRALBANNING_HOSTNAME', '') - $centralbanning_port = hiera('CENTRALBANNING_PORT', 8150) - $poll_interval = hiera('POLL_INTERVAL', 14400) - - $service_name = hiera('SERVICE_NAME', $::fqdn) - $pap_admin_dn = hiera('PAP_ADMIN_DN', '') - $site_base_dn = hiera('SITE_BASE_DN', '') - $pap_service_dn = hiera('PAP_SERVICE_DN', "${site_base_dn}=${service_name}") - $pap_host_dn = hiera('PAP_HOST_DN', "${site_base_dn}=${::fqdn}") - $nfspath = hiera('NFSPATH', '') - $nfsmountoptions = hiera('NFSMOUNTOPTIONS', '') - $mountpoint = hiera('MOUNTPOINT', '') - - # additional rules for pap - $pap_auth = hiera('PAP_AUTH','') - - # banning rules - $pap_ban = hiera('PAP_BAN','') - -} diff --git a/manifests/servicecert.pp b/manifests/servicecert.pp index 9c841f9..a513243 100644 --- a/manifests/servicecert.pp +++ b/manifests/servicecert.pp @@ -1,4 +1,4 @@ -class argus::servicecert inherits argus::params { +class argus::servicecert { $service_name = $::argus::service_name if $service_name == $::fqnd { # we can use the puppet autogenerated certificate