RubyGems - onceover - Versions diffs - 3.20.0 → 3.22.0 - Mend

onceover 3.20.0 → 3.22.0

Files changed (150) hide show

data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/files/polar_clock/index.html ADDED Viewed

@@ -0,0 +1,198 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<style>
+    body {
+        background: #222;
+        margin: auto;
+        width: 960px;
+    }
+    .field-track,
+    .field-arm {
+        fill: none;
+        stroke: #000;
+        stroke-width: 1.5px;
+    }
+    .field-tick {
+        transition: opacity 750ms linear;
+    }
+    .field-tick:not(.field-tick--active) circle,
+    .field-tick:not(.field-tick--active):first-of-type text {
+        fill: #222 !important;
+    }
+    .field-tick:not(.field-tick--active):first-of-type circle {
+        fill: #000 !important;
+    }
+    .field-tick--disabled {
+        opacity: 0;
+    }
+    .field-tick circle,
+    .field-tick text {
+        transition: fill 250ms linear;
+        transition-delay: 400ms;
+    }
+    .field-tick text {
+        font: 700 14px "Helvetica Neue";
+        text-anchor: middle;
+    }
+</style>
+<svg width="960" height="960"></svg>
+<script src="//d3js.org/d3.v4.0.0-alpha.28.min.js"></script>
+<script>
+    var svg = d3.select("svg"),
+        width = +svg.attr("width"),
+        height = +svg.attr("height"),
+        radius = Math.min(width, height) / 1.9,
+        armRadius = radius / 22,
+        dotRadius = armRadius - 6;
+    var duration = 750,
+        now = new Date(Date.now() + 2 * duration);
+    var pi = Math.PI,
+        tau = pi * 2;
+    var fields = [{
+        radius: 0.2 * radius,
+        interval: d3.timeYear,
+        subinterval: d3.timeMonth,
+        format: d3.timeFormat("%b")
+    }, {
+        radius: 0.3 * radius,
+        interval: d3.timeMonth,
+        subinterval: d3.timeDay,
+        format: d3.timeFormat("%d")
+    }, {
+        radius: 0.4 * radius,
+        interval: d3.timeWeek,
+        subinterval: d3.timeDay,
+        format: d3.timeFormat("%a")
+    }, {
+        radius: 0.6 * radius,
+        interval: d3.timeDay,
+        subinterval: d3.timeHour,
+        format: d3.timeFormat("%H")
+    }, {
+        radius: 0.7 * radius,
+        interval: d3.timeHour,
+        subinterval: d3.timeMinute,
+        format: d3.timeFormat("%M")
+    }, {
+        radius: 0.8 * radius,
+        interval: d3.timeMinute,
+        subinterval: d3.timeSecond,
+        format: d3.timeFormat("%S")
+    }];
+    var color = d3.scaleRainbow()
+        .domain([0, tau]);
+    var arcArm = d3.arc()
+        .startAngle(function(d) {
+            return armRadius / d.radius;
+        })
+        .endAngle(function(d) {
+            return -pi - armRadius / d.radius;
+        })
+        .innerRadius(function(d) {
+            return d.radius - armRadius;
+        })
+        .outerRadius(function(d) {
+            return d.radius + armRadius;
+        })
+        .cornerRadius(armRadius);
+    var field = svg.append("g")
+        .attr("transform", "translate(" + width / 2 + "," + height / 2 + ")")
+        .selectAll(".field")
+        .data(fields)
+        .enter().append("g")
+        .attr("class", "field");
+    field.append("circle")
+        .attr("class", "field-track")
+        .attr("r", function(d) {
+            return d.radius;
+        });
+    var fieldTick = field.selectAll(".field-tick")
+        .data(function(d) {
+            var date = d.interval(new Date(2000, 0, 1));
+            d.range = d.subinterval.range(date, d.interval.offset(date, 1));
+            return d.range.map(function(t) {
+                return {
+                    time: t,
+                    field: d
+                };
+            });
+        })
+        .enter().append("g")
+        .attr("class", "field-tick")
+        .attr("transform", function(d, i) {
+            var angle = i / d.field.range.length * tau - pi / 2;
+            return "translate(" + Math.cos(angle) * d.field.radius + "," + Math.sin(angle) * d.field.radius + ")";
+        });
+    fieldTick.append("circle")
+        .attr("r", dotRadius - 3)
+        .style("fill", function(d, i) {
+            return color(i / d.field.range.length * tau);
+        });
+    fieldTick.append("text")
+        .attr("dy", "0.35em")
+        .text(function(d) {
+            return d.field.format(d.time).slice(0, 2);
+        });
+    var fieldArm = field.append("path")
+        .attr("class", "field-arm")
+        .attr("transform", "rotate(0)")
+        .attr("d", function(d) {
+            return arcArm(d) +
+                "M0," + (dotRadius - d.radius) +
+                "a" + dotRadius + "," + dotRadius + " 0 0,1 0," + -dotRadius * 2 +
+                "a" + dotRadius + "," + dotRadius + " 0 0,1 0," + dotRadius * 2;
+        });
+    (function tick() {
+        var now = new Date,
+            then = new Date(+now + duration),
+            next = d3.timeSecond.offset(d3.timeSecond(then), 1),
+            delay = next - duration - now;
+        // Skip ahead a second if there’s not time for this transition.
+        if (delay < duration) delay += 1000, then = next;
+        fieldArm.transition()
+            .duration(duration)
+            .each(function(d) {
+                var start = d.interval(then);
+                d.activeLength = d.subinterval.count(start, d.interval.offset(start, 1));
+                d.activeIndex = d.subinterval.count(start, then);
+                d.angle = d.activeIndex / d.range.length * tau;
+            })
+            .attr("transform", function(d) {
+                return "rotate(" + d.angle / pi * 180 + ")";
+            })
+            .style("fill", function(d) {
+                return color(d.angle);
+            });
+        fieldTick
+            .classed("field-tick--disabled", function(d, i) {
+                return i >= d.field.activeLength;
+            })
+            .classed("field-tick--active", function(d, i) {
+                return i === d.field.activeIndex;
+            });
+        setTimeout(tick, delay);
+    })();
+</script>

data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/apt.pp ADDED Viewed

@@ -0,0 +1,9 @@
+class profile::apt {
+  class { 'apt':
+    update => {
+      frequency => 'daily',
+    },
+  }
+  Class['apt'] -> Package <| |>
+}

data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/aws_nodes.pp ADDED Viewed

@@ -0,0 +1,54 @@
+#
+class profile::aws_nodes {
+  ec2_instance { 'agent-1':
+    ensure            => 'running',
+    availability_zone => 'ap-southeast-2a',
+    block_devices     => [
+      {
+        'delete_on_termination' => true,
+        'device_name'           => '/dev/sda1',
+        'volume_size'           => 10,
+      }
+    ],
+    ebs_optimized     => false,
+    image_id          => 'ami-e0c19f83',
+    instance_type     => 't2.micro',
+    key_name          => 'personal_aws',
+    monitoring        => false,
+    region            => 'ap-southeast-2',
+    security_groups   => ['default'],
+    subnet            => 'default-a',
+    user_data         => epp('profile/userdata.epp',{
+      'master_ip'   => $::ec2_metadata['public-ipv4'],
+      'master_fqdn' => $::networking['fqdn'],
+      'signing_key' => gen_autosign_token('/.*\.compute\.internal/', 300),
+      'role'        => 'role::dbserver'
+      }),
+  }
+  ec2_instance { 'agent-2':
+    ensure            => 'running',
+    availability_zone => 'ap-southeast-2c',
+    block_devices     => [
+      {
+        'delete_on_termination' => true,
+        'device_name'           => '/dev/sda1',
+        'volume_size'           => 10,
+      }
+    ],
+    ebs_optimized     => false,
+    image_id          => 'ami-e0c19f83',
+    instance_type     => 't2.micro',
+    key_name          => 'personal_aws',
+    monitoring        => false,
+    region            => 'ap-southeast-2',
+    security_groups   => ['default'],
+    subnet            => 'default-c',
+    user_data         => epp('profile/userdata.epp',{
+      'master_ip'   => $::ec2_metadata['public-ipv4'],
+      'master_fqdn' => $::networking['fqdn'],
+      'signing_key' => gen_autosign_token('/.*\.compute\.internal/', 300),
+      'role'        => 'role::dbserver'
+      }),
+  }
+}

data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/base/aws.pp ADDED Viewed

@@ -0,0 +1,9 @@
+class profile::base::aws {
+  if $::os['family'] == 'RedHat' {
+    yumrepo { 'rhui-REGION-rhel-server-optional':
+      ensure  => 'present',
+      enabled => '1',
+      before  => Package['ruby-devel'],
+    }
+  }
+}

data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/base/rhel.pp ADDED Viewed

@@ -0,0 +1,50 @@
+# == Class: profile::base::rhel
+#
+# Installs RedHat specific base config. This includes config from the STIG
+# standard for RHEL 7
+class profile::base::rhel {
+  # Default DNS to the Puppet master
+  class { 'resolv_conf':
+    nameservers => [$serverip, '8.8.8.8'],
+  }
+  package { 'ypserv':
+    ensure => absent,
+    tag    => [
+      'stig_red_hat_enterprise_linux_7',
+      'V-71969',
+    ],
+  }
+  package { 'tftp-server':
+    ensure => absent,
+    tag    => [
+      'stig_red_hat_enterprise_linux_7',
+      'V-72301',
+    ],
+  }
+  package { 'rsh-server':
+    ensure => absent,
+    tag    => [
+      'stig_red_hat_enterprise_linux_7',
+      'V-71967',
+    ],
+  }
+  package { 'vsftpd':
+    ensure => absent,
+    tag    => [
+      'stig_red_hat_enterprise_linux_7',
+      'V-72299',
+    ],
+  }
+  package { 'telnet-server':
+    ensure => absent,
+    tag    => [
+      'stig_red_hat_enterprise_linux_7',
+      'V-72077',
+    ],
+  }
+}

data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/base/windows/hardening.pp ADDED Viewed

@@ -0,0 +1,57 @@
+# == Class: profile::base::windows::hardening
+#
+class profile::base::windows::hardening (
+  Boolean $enable_noop = false,
+) {
+  noop($enable_noop)
+  # CIS Benchmark section 18.3.1
+  registry_value { 'AutoAdminLogon':
+    path => 'HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon',
+    data => '0',
+  }
+  # CIS Benchmark section 18.3.9
+  registry_value { 'ScreenSaverGracePeriod':
+    path => 'HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScreenSaverGracePeriod',
+    data => '5',
+  }
+  # CIS Benchmark section 18.3.8
+  registry_value { 'SafeDllSearchMode':
+    path => 'HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode',
+    data => '1',
+  }
+  # CIS Benchmark section 18.3.12
+  registry_value { 'WarningLevel':
+    path => 'HKLM\System\CurrentControlSet\Services\Eventlog\Security\WarningLevel',
+    data => '90',
+  }
+  # Set detailed permissions on the app directory
+  acl { 'C:\app':
+    group                      => 'Administrators',
+    inherit_parent_permissions => false,
+    purge                      => true,
+    owner                      => 'Administrator',
+    permissions                => [
+      {
+        'affects'  => 'self_only',
+        'identity' => 'NT AUTHORITY\SYSTEM',
+        'rights'   => ['full']
+      },
+      {
+        'affects'  => 'self_only',
+        'identity' => 'BUILTIN\Administrators',
+        'rights'   => ['full']
+      },
+      {
+        'affects'  => 'self_only',
+        'identity' => 'BUILTIN\Users',
+        'rights'   => ['read', 'execute']
+      }
+    ],
+    require                    => File['C:\app'],
+  }
+}

data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/base/windows.pp ADDED Viewed

@@ -0,0 +1,52 @@
+#
+class profile::base::windows (
+  Boolean $enable_noop = false,
+) {
+  noop($enable_noop)
+  include ::profile::base::windows::hardening
+  stage { 'pre-run':
+    before => Stage['main'],
+  }
+  class { '::chocolatey':
+    stage => 'pre-run',
+  }
+  service { 'wuauserv':
+    ensure => 'running',
+    enable => true,
+  }
+  file { 'C:\app':
+    ensure => 'directory',
+  }
+  $packages = [
+    'atom',
+    '7zip.install',
+    'carbon',
+  ]
+  package { $packages:
+    ensure   => 'latest',
+  }
+  package { 'putty.install':
+    ensure          => present,
+    install_options => '--allow-empty-checksums',
+  }
+  package { 'powershell':
+    ensure          => present,
+    install_options => '--ignore-package-exit-codes',
+    require         => Service['wuauserv'],
+    notify          => Reboot['immediately'],
+  }
+  reboot { 'immediately':
+    apply   => 'immediately',
+    timeout => '0',
+  }
+}

data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/base.pp ADDED Viewed

@@ -0,0 +1,79 @@
+#
+class profile::base {
+  if $::os['family'] == 'RedHat' {
+    stage { 'repos':
+      before => Stage['main'],
+    }
+    class { '::epel':
+      stage => 'repos',
+    }
+    include ::systemd
+    include ::profile::base::rhel
+  }
+  include ::gcc
+  profile::dns::host_record { $facts['fqdn']:
+    record => $facts['fqdn'],
+    ip     => $facts['networking']['ip'],
+  }
+  $packages = [
+    'tree',
+    'vim',
+    'git',
+    'htop',
+    'zlib',
+    'zlib-devel',
+    'jq',
+    'ruby',
+    'ruby-devel',
+    'multitail',
+    'haveged',
+    'cmake',
+    'tmux',
+    'unzip',
+  ]
+  package { $packages:
+    ensure => latest,
+  }
+  class { '::selinux':
+    mode   => 'disabled',
+    type   => 'minimum',
+    notify => Reboot['after_run'],
+  }
+  reboot { 'after_run':
+    apply  => finished,
+  }
+  # Use haveged for entropy generation
+  service { 'haveged':
+    ensure  => running,
+    enable  => true,
+    require => Package['haveged'],
+  }
+  # Make sure that we install git before we try to use it
+  Package['git'] -> Vcsrepo <| provider == 'git' |>
+  file { '/etc/puppetlabs/puppet/csr_attributes.yaml':
+    ensure => absent,
+  }
+  file { '/etc/motd':
+    ensure => file,
+    owner  => 'root',
+    group  => 'root',
+    mode   => '0644',
+    source => 'puppet:///modules/profile/motd',
+    tag    => [
+      'cis_red_hat_enterprise_linux_7',
+      '1.7.1.1',
+    ],
+  }
+}

data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/cd4pe/artifactory.pp ADDED Viewed

@@ -0,0 +1,64 @@
+class profile::cd4pe::artifactory (
+  String $artifactory_version = 'latest',
+  String $network_name        = 'cd4pe-network',
+  String $bootstrap_dir       = '/etc/artifactory_bootstrap',
+) {
+  Docker::Run {
+    health_check_interval => 30,
+  }
+  # Create the volume and insert bootstrap data
+  docker_volume { 'data_s3':
+    ensure => present,
+  }
+  file { $bootstrap_dir:
+    ensure => directory
+  }
+  file { "${bootstrap_dir}/artifactory.config.import.xml":
+    ensure => file,
+    owner  => 'root',
+    group  => 'root',
+    mode   => '0600',
+    source => 'puppet:///modules/profile/artifactory/config_descriptor.xml',
+  }
+  # Start a quick alpine container to copt files around
+  $docker_command_prefix = "docker run --rm -v ${bootstrap_dir}:/source -v data_s3:/dest -w /source alpine"
+  exec { 'create /etc inside data_s3':
+    command     => "${docker_command_prefix} mkdir -p /dest/etc",
+    path        => $facts['path'],
+    refreshonly => true,
+    require     => Docker_volume['data_s3'],
+    subscribe   => File["${bootstrap_dir}/artifactory.config.import.xml"],
+  }
+  exec { 'move artifactory.config.import.xml into data_s3':
+    command     => "${docker_command_prefix} cp /source/artifactory.config.import.xml /dest/etc/artifactory.config.import.xml",
+    path        => $facts['path'],
+    refreshonly => true,
+    require     => Exec['create /etc inside data_s3'],
+    subscribe   => File["${bootstrap_dir}/artifactory.config.import.xml"],
+  }
+  exec { 'set permissions':
+    command     => "${docker_command_prefix} chown -R 1030:1030 /dest",
+    path        => $facts['path'],
+    refreshonly => true,
+    subscribe   => File["${bootstrap_dir}/artifactory.config.import.xml"],
+  }
+  docker::image { 'docker.bintray.io/jfrog/artifactory-oss':
+    image_tag => $artifactory_version,
+  }
+  docker::run { 'cd4pe-artifactory':
+    image   => "docker.bintray.io/jfrog/artifactory-oss:${artifactory_version}",
+    net     => $network_name,
+    ports   => ['8081:8081'],
+    volumes => ['data_s3:/var/opt/jfrog/artifactory'],
+  }
+}

data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/cd4pe/connection.pp ADDED Viewed

@@ -0,0 +1,95 @@
+# # CD4PE Connection Settings
+#
+# Manages the connection between CD4PE and Artifactory
+#
+# @param license The license file, in raw format
+# @param artifactory_user Username for artifactory
+# @param artifactory_password Default password for artifactory
+# @param artifactory_endpoint URL for Artifactory, including port
+# @param cd4pe_endpoint URL for CD4PE, including port
+# @param cd4pe_root_login Email to use for the root login
+# @param cd4pe_root_pw Root password
+# @param cd4pe_dump Dump URL
+# @param cd4pe_backend Backend URL
+class profile::cd4pe::connection (
+  Variant[String,Sensitive[String]] $license,
+  String                            $artifactory_user     = 'admin',
+  Sensitive[String]                 $artifactory_password = Sensitive('password'),
+  String                            $artifactory_endpoint = "${facts['fqdn']}:8081",
+  String                            $cd4pe_endpoint       = "${facts['fqdn']}:8080",
+  String                            $cd4pe_root_login     = 'noreply@puppet.com',
+  Sensitive[String]                 $cd4pe_root_pw        = Sensitive('puppetlabs'),
+  String                            $cd4pe_dump           = "${facts['fqdn']}:7000",
+  String                            $cd4pe_backend        = "${facts['fqdn']}:8000",
+) {
+  # Create a folder for these files
+  file { '/etc/cd4pe':
+    ensure => 'directory',
+    owner  => 'root',
+    group  => 'root',
+    mode   => '0700',
+  }
+  # Drop the license file
+  file { '/etc/cd4pe/license.json':
+    ensure  => 'file',
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0400',
+    content => $license,
+  }
+  file { '/etc/cd4pe/connection_script.sh':
+    ensure  => 'file',
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0700',
+    content => epp('profile/cd4pe/connection_script.sh.epp', {
+      'artifactory_user'     => $artifactory_user,
+      'artifactory_password' => $artifactory_password.unwrap,
+      'artifactory_endpoint' => $artifactory_endpoint,
+      'cd4pe_endpoint'       => $cd4pe_endpoint,
+      'cd4pe_root_login'     => $cd4pe_root_login,
+      'cd4pe_root_pw'        => $cd4pe_root_pw.unwrap,
+      'cd4pe_dump'           => $cd4pe_dump,
+      'cd4pe_backend'        => $cd4pe_backend,
+    }),
+    require => File['/etc/cd4pe/license.json'],
+  }
+  # Add a wait until artifactory is ready
+  exec { 'artifactory_running':
+    command     => "curl ${artifactory_endpoint}/artifactory/api/system/ping | grep OK",
+    path        => $facts['path'],
+    tries       => 10,
+    try_sleep   => 5,
+    refreshonly => true,
+    subscribe   => File['/etc/cd4pe/connection_script.sh'],
+    require     => Docker::Run['cd4pe-artifactory'],
+  }
+  exec { 'cd4pe_running':
+    command     => "curl -vvv ${cd4pe_endpoint}/root 2>&1 | grep \"302 Found\" && sleep 10",
+    path        => $facts['path'],
+    tries       => 10,
+    try_sleep   => 5,
+    refreshonly => true,
+    subscribe   => File['/etc/cd4pe/connection_script.sh'],
+    require     => Docker::Run['cd4pe'],
+  }
+  exec { 'connect_instances':
+    command     => 'bash -x /etc/cd4pe/connection_script.sh',
+    cwd         => '/etc/cd4pe',
+    refreshonly => true,
+    logoutput   => true,
+    path        => $facts['path'],
+    subscribe   => File['/etc/cd4pe/connection_script.sh'],
+    require     => [
+      Docker::Run['cd4pe-artifactory'],
+      Docker::Run['cd4pe'],
+      Exec['artifactory_running'],
+      Exec['cd4pe_running'],
+    ],
+  }
+}