onceover 3.21.0 → 3.22.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (139) hide show
  1. checksums.yaml +4 -4
  2. data/.devcontainer/devcontainer.json +4 -6
  3. data/.github/workflows/release.yaml +24 -0
  4. data/Gemfile +3 -0
  5. data/README.md +45 -1
  6. data/Rakefile +1 -0
  7. data/cucumber.yml +1 -0
  8. data/features/step_definitions/run.rb +4 -0
  9. data/features/zzz_run.feature +1 -8
  10. data/lib/onceover/beaker/spec_helper.rb +8 -8
  11. data/lib/onceover/controlrepo.rb +3 -3
  12. data/lib/onceover/deploy.rb +1 -1
  13. data/lib/onceover/rspec/formatters.rb +2 -4
  14. data/lib/onceover/runner.rb +1 -1
  15. data/lib/onceover/test.rb +1 -1
  16. data/onceover.gemspec +6 -13
  17. data/spec/fixtures/controlrepos/puppet_controlrepo/.atom-build.json +9 -0
  18. data/spec/fixtures/controlrepos/puppet_controlrepo/.gitignore +5 -0
  19. data/spec/fixtures/controlrepos/puppet_controlrepo/.ruby-version +1 -0
  20. data/spec/fixtures/controlrepos/puppet_controlrepo/.travis.yml +13 -0
  21. data/spec/fixtures/controlrepos/puppet_controlrepo/Gemfile +22 -0
  22. data/spec/fixtures/controlrepos/puppet_controlrepo/Jenkinsfile +50 -0
  23. data/spec/fixtures/controlrepos/puppet_controlrepo/Puppetfile +102 -0
  24. data/spec/fixtures/controlrepos/puppet_controlrepo/README.md +4 -0
  25. data/spec/fixtures/controlrepos/puppet_controlrepo/Rakefile +6 -0
  26. data/spec/fixtures/controlrepos/puppet_controlrepo/data/common.yaml +558 -0
  27. data/spec/fixtures/controlrepos/puppet_controlrepo/data/datacenter/melbourne.yaml +12 -0
  28. data/spec/fixtures/controlrepos/puppet_controlrepo/data/datacenter/singapore.yaml +12 -0
  29. data/spec/fixtures/controlrepos/puppet_controlrepo/data/environments/development.yaml +3 -0
  30. data/spec/fixtures/controlrepos/puppet_controlrepo/data/environments/production.yaml +3 -0
  31. data/spec/fixtures/controlrepos/puppet_controlrepo/data/size/vol.large.yaml +27 -0
  32. data/spec/fixtures/controlrepos/puppet_controlrepo/environment.conf +3 -0
  33. data/spec/fixtures/controlrepos/puppet_controlrepo/hiera.yaml +25 -0
  34. data/spec/fixtures/controlrepos/puppet_controlrepo/manifests/site.pp +11 -0
  35. data/spec/fixtures/controlrepos/puppet_controlrepo/scripts/code_manager_config_version.rb +19 -0
  36. data/spec/fixtures/controlrepos/puppet_controlrepo/scripts/config_version.rb +25 -0
  37. data/spec/fixtures/controlrepos/puppet_controlrepo/scripts/config_version.sh +12 -0
  38. data/spec/fixtures/controlrepos/puppet_controlrepo/scripts/count_changed_classes.rb +26 -0
  39. data/spec/fixtures/controlrepos/puppet_controlrepo/scripts/get_changed_classes.rb +26 -0
  40. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/console/functions/user/token.pp +10 -0
  41. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/console/manifests/init.pp +14 -0
  42. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/console/manifests/user.pp +35 -0
  43. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/deployments/lib/puppet/functions/deployments/generate.rb +15 -0
  44. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/deployments/plans/signed_deployment.pp +126 -0
  45. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/facts.d/test.sh +2 -0
  46. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/files/artifactory/config_descriptor.xml +265 -0
  47. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/files/autosign.sh +23 -0
  48. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/files/hudson.tasks.Shell.xml +4 -0
  49. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/files/motd +4 -0
  50. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/files/polar_clock/index.html +198 -0
  51. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/apt.pp +9 -0
  52. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/aws_nodes.pp +54 -0
  53. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/base/aws.pp +9 -0
  54. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/base/rhel.pp +50 -0
  55. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/base/windows/hardening.pp +57 -0
  56. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/base/windows.pp +52 -0
  57. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/base.pp +79 -0
  58. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/cd4pe/artifactory.pp +64 -0
  59. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/cd4pe/connection.pp +95 -0
  60. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/cd4pe/haproxy.pp +65 -0
  61. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/cd4pe/replicated.pp +53 -0
  62. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/compile/balancer.pp +28 -0
  63. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/compile/master.pp +19 -0
  64. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/dns/host_record.pp +16 -0
  65. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/dns/server.pp +66 -0
  66. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/docker.pp +5 -0
  67. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/eyeunify/base.pp +43 -0
  68. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/eyeunify/core/database_connection.pp +42 -0
  69. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/eyeunify/core.pp +72 -0
  70. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/eyeunify/ctrl.pp +57 -0
  71. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/eyeunify/database.pp +32 -0
  72. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/eyeunify/exec.pp +11 -0
  73. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/file_sync/client.pp +165 -0
  74. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/file_sync/master_patch.pp +37 -0
  75. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/grafana/dashboard.pp +17 -0
  76. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/haproxy.pp +43 -0
  77. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/init.pp +3 -0
  78. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/jenkins/plugins.pp +87 -0
  79. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/jenkins.pp +65 -0
  80. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/jira/aio.pp +39 -0
  81. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/jira/app.pp +27 -0
  82. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/jira/db.pp +25 -0
  83. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/metrics/collectd/compile.pp +82 -0
  84. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/metrics/collectd.pp +28 -0
  85. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/metrics/dashboard.pp +28 -0
  86. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/mysql_server.pp +7 -0
  87. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/nginx.pp +24 -0
  88. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/polar_clock.pp +55 -0
  89. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/puppetmaster/api_auth.pp +82 -0
  90. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/puppetmaster/autosign.pp +33 -0
  91. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/puppetmaster/aws.pp +58 -0
  92. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/puppetmaster/tuning.pp +139 -0
  93. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/puppetmaster.pp +139 -0
  94. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/rvm.pp +13 -0
  95. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/sumologic.pp +11 -0
  96. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/sunburst/windows.pp +104 -0
  97. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/vagrant.pp +25 -0
  98. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/manifests/windows/webserver.pp +27 -0
  99. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/templates/cd4pe/connection_script.sh.epp +110 -0
  100. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/templates/controlrepo_deploy_jenkins_job.xml.epp +51 -0
  101. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/templates/dashboard.json.epp +403 -0
  102. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/templates/jenkins_secret_text.json.epp +1 -0
  103. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/templates/onceover_jenkins_job.xml.epp +51 -0
  104. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/templates/userdata.epp +17 -0
  105. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/cd4pe.pp +29 -0
  106. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/clock.pp +16 -0
  107. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/compile/balancer.pp +5 -0
  108. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/compile/master.pp +5 -0
  109. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/eyeunify/aio.pp +10 -0
  110. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/eyeunify/controller.pp +10 -0
  111. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/eyeunify/database.pp +7 -0
  112. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/eyeunify/exec.pp +6 -0
  113. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/init.pp +3 -0
  114. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/lb.pp +14 -0
  115. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/metrics.pp +5 -0
  116. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/mysql.pp +13 -0
  117. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/windows/base.pp +5 -0
  118. data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/role/manifests/windows/webserver.pp +6 -0
  119. data/spec/fixtures/controlrepos/puppet_controlrepo/spec/.gitignore +5 -0
  120. data/spec/fixtures/controlrepos/puppet_controlrepo/spec/acceptance/nodesets/onceover-nodes.yml +94 -0
  121. data/spec/fixtures/controlrepos/puppet_controlrepo/spec/classes/test_spec.rb +8 -0
  122. data/spec/fixtures/controlrepos/puppet_controlrepo/spec/factsets/CentOS-7.0-64-master-2017.3.2.json +531 -0
  123. data/spec/fixtures/controlrepos/puppet_controlrepo/spec/factsets/CentOS-7.0-64-master.json +429 -0
  124. data/spec/fixtures/controlrepos/puppet_controlrepo/spec/factsets/CentOS-7.0-64.json +353 -0
  125. data/spec/fixtures/controlrepos/puppet_controlrepo/spec/factsets/Windows_Server-2008r2-64.json +184 -0
  126. data/spec/fixtures/controlrepos/puppet_controlrepo/spec/factsets/Windows_Server-2012r2-64.json +165 -0
  127. data/spec/fixtures/controlrepos/puppet_controlrepo/spec/hiera.yaml +18 -0
  128. data/spec/fixtures/controlrepos/puppet_controlrepo/spec/matchers/file_matchers.rb +16 -0
  129. data/spec/fixtures/controlrepos/puppet_controlrepo/spec/onceover.yaml +54 -0
  130. data/spec/fixtures/controlrepos/puppet_controlrepo/spec/pre_conditions/site.pp +150 -0
  131. data/spec/fixtures/controlrepos/puppet_controlrepo/spec/r10k.yaml +2 -0
  132. data/spec/fixtures/controlrepos/puppet_controlrepo/spec/shared_examples/helper.rb +91 -0
  133. data/spec/fixtures/controlrepos/puppet_controlrepo/spec/unit/00_parse_spec.rb +76 -0
  134. data/spec/fixtures/controlrepos/puppet_controlrepo/spec/unit/01_linting_spec_example.rb +69 -0
  135. data/spec/fixtures/controlrepos/puppet_controlrepo/spec/unit/03_puppetfile_spec_example.rb +35 -0
  136. data/templates/spec_helper.rb.erb +0 -2
  137. data/templates/test_spec.rb.erb +3 -0
  138. metadata +137 -79
  139. data/.gitmodules +0 -4
@@ -0,0 +1,11 @@
1
+ if $::kernel == 'windows' {
2
+ Package {
3
+ provider => 'chocolatey',
4
+ }
5
+ }
6
+
7
+ node default {
8
+ if $facts['role'] {
9
+ include $facts['role']
10
+ }
11
+ }
@@ -0,0 +1,19 @@
1
+ #!/opt/puppetlabs/puppet/bin/ruby
2
+ require 'json'
3
+ require 'socket'
4
+
5
+ environmentpath = ARGV[0]
6
+ environment = ARGV[1]
7
+
8
+ # Get the hostname of the Puppet master compiling the catalog.
9
+ # Sometimes the hostname is the fqdn, so we'll take the first segment.
10
+ compiling_master = Socket.gethostname.split('.').first
11
+
12
+ # Get the path to the Code Manager deployment info file.
13
+ r10k_deploy_file_path = File.join(environmentpath, environment, '.r10k-deploy.json')
14
+
15
+ # Get the first 12 characters of the commit ID out of the deployment file.
16
+ commit_id = JSON.parse(File.read(r10k_deploy_file_path))['signature'][0...11]
17
+
18
+ # Show the compiling master, environment name, and commit ID.
19
+ puts "#{compiling_master}-#{environment}-#{commit_id}"
@@ -0,0 +1,25 @@
1
+ #!/opt/puppetlabs/puppet/bin/ruby
2
+ begin
3
+ require 'rugged'
4
+ require 'socket'
5
+ rescue LoadError
6
+ t = Time.new
7
+ puts t.to_i
8
+ else
9
+ environmentpath = ARGV[0]
10
+ environment = ARGV[1]
11
+
12
+ # Get the hostname of the Puppet master compiling the catalog.
13
+ # Sometimes the hostname is the fqdn, so we'll take the first segment.
14
+ compiling_master = Socket.gethostname.split('.').first
15
+
16
+ # Get the path to the environment being compiled.
17
+ repo = Rugged::Repository.discover(File.join(environmentpath, environment))
18
+ head = repo.head
19
+
20
+ # First 12 characters of the sha1 hash of the newest commit.
21
+ commit_id = head.target_id[0...11]
22
+
23
+ # Show the compiling master, environment name, and commit ID.
24
+ puts "#{compiling_master}-#{environment}-#{commit_id}"
25
+ end
@@ -0,0 +1,12 @@
1
+ #!/bin/bash
2
+ if [ -e $1/$2/.r10k-deploy.json ]
3
+ then
4
+ /opt/puppetlabs/puppet/bin/ruby $1/$2/scripts/code_manager_config_version.rb $1 $2
5
+ elif [ -e /opt/puppetlabs/server/pe_version ]
6
+ then
7
+ /opt/puppetlabs/puppet/bin/ruby $1/$2/scripts/config_version.rb $1 $2
8
+ else
9
+ /usr/bin/git --version > /dev/null 2>&1 &&
10
+ /usr/bin/git --git-dir $1/$2/.git rev-parse HEAD ||
11
+ date +%s
12
+ fi
@@ -0,0 +1,26 @@
1
+ #! /bin/env ruby
2
+
3
+ files = `git --no-pager diff --name-only HEAD HEAD~1`.split("\n")
4
+ classes = []
5
+
6
+ files.each do |file|
7
+ # if the changed file is a manifest
8
+ if file =~ /\.pp$/
9
+ segments = file.split('/')
10
+ # Capitalize the segments so that they work as a reference
11
+ segments = segments.map { |seg| seg.capitalize }
12
+ # Get the name of the module
13
+ mod = segments[segments.index('Manifests') - 1]
14
+ # Delete everything up to & including manifests
15
+ segments = segments - segments[0..segments.index('Manifests')]
16
+ # Get the final section
17
+ final = segments.last.chomp('.pp')
18
+ # Delete it
19
+ segments.delete(segments.last)
20
+ # Get anything taht is left
21
+ intermediary = segments
22
+ classes << [mod,intermediary,final].flatten.join('::')
23
+ end
24
+ end
25
+
26
+ puts classes.length
@@ -0,0 +1,26 @@
1
+ #! /bin/env ruby
2
+
3
+ files = `git --no-pager diff --name-only HEAD HEAD~1`.split("\n")
4
+ classes = []
5
+
6
+ files.each do |file|
7
+ # if the changed file is a manifest
8
+ if file =~ /\.pp$/
9
+ segments = file.split('/')
10
+ # Capitalize the segments so that they work as a reference
11
+ segments = segments.map { |seg| seg.capitalize }
12
+ # Get the name of the module
13
+ mod = segments[segments.index('Manifests') - 1]
14
+ # Delete everything up to & including manifests
15
+ segments = segments - segments[0..segments.index('Manifests')]
16
+ # Get the final section
17
+ final = segments.last.chomp('.pp')
18
+ # Delete it
19
+ segments.delete(segments.last)
20
+ # Get anything taht is left
21
+ intermediary = segments
22
+ classes << [mod,intermediary,final].flatten.join('::')
23
+ end
24
+ end
25
+
26
+ puts classes if classes.length > 0
@@ -0,0 +1,10 @@
1
+ function console::user::token (
2
+ String $name,
3
+ ) {
4
+ include ::console
5
+ if find_file("${::console::token_dir}/${name}") {
6
+ regsubst(file("${::console::token_dir}/${name}"),/\n$/,'')
7
+ } else {
8
+ undef
9
+ }
10
+ }
@@ -0,0 +1,14 @@
1
+ # == Class: console
2
+ #
3
+ class console (
4
+ $token_dir = '/etc/puppetlabs/puppet/user_tokens',
5
+ ) {
6
+ if $::pe_build {
7
+ file { $token_dir:
8
+ ensure => directory,
9
+ owner => 'pe-puppet',
10
+ group => 'pe-puppet',
11
+ mode => '0700',
12
+ }
13
+ }
14
+ }
@@ -0,0 +1,35 @@
1
+ # Creates a user in the console and generates a token for them
2
+ # You can still pass name into this, it will work.
3
+ #
4
+ define console::user (
5
+ String $password,
6
+ String $ensure = 'present',
7
+ String $display_name = $name,
8
+ String $email = 'foo@puppet.com',
9
+ Array[String] $roles = [ 'Operators' ],
10
+ ) {
11
+ include ::console
12
+ rbac_user { $title:
13
+ ensure => $ensure,
14
+ name => $name,
15
+ display_name => $display_name,
16
+ email => $email,
17
+ password => $password,
18
+ roles => $roles,
19
+ }
20
+
21
+ exec { "create_${title}_token":
22
+ command => "echo \"${password}\" | puppet access login --username ${name} --lifetime 0 --print | tail -n1 > ${::console::token_dir}/${name}",
23
+ creates => "${::console::token_dir}/${name}",
24
+ path => $::path,
25
+ require => Rbac_user[$title],
26
+ }
27
+
28
+ file { "${::console::token_dir}/${name}":
29
+ ensure => file,
30
+ owner => 'pe-puppet',
31
+ group => 'pe-puppet',
32
+ mode => '0600',
33
+ require => Exec["create_${title}_token"],
34
+ }
35
+ }
@@ -0,0 +1,15 @@
1
+ Puppet::Functions.create_function(:'deployments::generate') do
2
+ dispatch :generate do
3
+ param 'Hash', :data
4
+ param 'String[1]', :secret
5
+ end
6
+
7
+ def generate(data, secret)
8
+ require 'jwt'
9
+
10
+ # Remove quotes to work around CDPE-3903
11
+ actual_secret = secret.gsub(/"/, '')
12
+
13
+ JWT.encode(data, actual_secret)
14
+ end
15
+ end
@@ -0,0 +1,126 @@
1
+ # This deployment policy will perform a Puppet code deploy of the commit
2
+ # associated with a Pipeline run. Puppet nodes that are scheduled to run regularly will then pick up the
3
+ # change until all nodes in the target environment are running against the new
4
+ # code.
5
+ #
6
+ # @summary This deployment policy will perform a Puppet code deploy of the commit
7
+ # associated with a Pipeline run.
8
+ #
9
+ # @param deployment_server The fqdn of the primary Puppet server that code should be deployed to
10
+ # @param signing_secret Sensitve valie of a signining secret. This can be any string and needs to be the same as what was set on the
11
+ # target server
12
+ plan deployments::signed_deployment (
13
+ String $deployment_server,
14
+ Sensitive[String] $signing_secret = Sensitive('puppetlabs'),
15
+ ) {
16
+ # Gather all the data that we possibly can
17
+ $deployment_info = {
18
+ 'cd4pe_pipeline_id' => system::env('CD4PE_PIPELINE_ID'),
19
+ 'module_name' => system::env('MODULE_NAME'),
20
+ 'control_repo_name' => system::env('CONTROL_REPO_NAME'),
21
+ 'branch' => system::env('BRANCH'),
22
+ 'commit' => system::env('COMMIT'),
23
+ 'node_group_id' => system::env('NODE_GROUP_ID'),
24
+ 'node_group_environment' => system::env('NODE_GROUP_ENVIRONMENT'),
25
+ 'repo_target_branch' => system::env('REPO_TARGET_BRANCH'),
26
+ 'environment_prefix' => system::env('ENVIRONMENT_PREFIX'),
27
+ 'repo_type' => system::env('REPO_TYPE'),
28
+ 'deployment_domain' => system::env('DEPLOYMENT_DOMAIN'),
29
+ 'deployment_id' => system::env('DEPLOYMENT_ID'),
30
+ 'deployment_token' => system::env('DEPLOYMENT_TOKEN'),
31
+ 'deployment_owner' => system::env('DEPLOYMENT_OWNER'),
32
+ }
33
+
34
+ # Wait for approval if the environment is protected
35
+ $approval_info = cd4pe_deployments::wait_for_approval($deployment_info['node_group_environment']) |String $url| { }
36
+
37
+ $update_git_ref_result = cd4pe_deployments::update_git_branch_ref(
38
+ $deployment_info['repo_type'],
39
+ $deployment_info['repo_target_branch'],
40
+ $deployment_info['commit']
41
+ )
42
+
43
+ $signature_data = $deployment_info + {
44
+ 'approval' => $approval_info,
45
+ 'git_ref_update' => $update_git_ref_result,
46
+ }
47
+
48
+ # Create the signature
49
+ $signature = deployments::generate(
50
+ $signature_data,
51
+ $signing_secret.unwrap,
52
+ )
53
+
54
+ # Register the signature
55
+ run_task(
56
+ 'deployment_signature::register',
57
+ $deployment_server,
58
+ {
59
+ 'commit_hash' => $deployment_info['commit'],
60
+ 'environment' => $deployment_info['node_group_environment'],
61
+ 'data' => $signature,
62
+ }
63
+ )
64
+
65
+ # Execute all code deployment tasks in a catch block so that we can do
66
+ # cleanup if we need to
67
+ $outcome = catch_errors() || {
68
+ # Deploy code
69
+ run_task(
70
+ 'deployment_signature::r10k_deploy',
71
+ $deployment_server,
72
+ {
73
+ 'environment' => $deployment_info['node_group_environment'],
74
+ }
75
+ )
76
+
77
+ # Write signature
78
+ run_task(
79
+ 'deployment_signature::write',
80
+ $deployment_server,
81
+ {
82
+ 'environment' => $deployment_info['node_group_environment'],
83
+ }
84
+ )
85
+
86
+ # Validate
87
+ run_task(
88
+ 'deployment_signature::validate',
89
+ $deployment_server,
90
+ {
91
+ 'environment' => $deployment_info['node_group_environment'],
92
+ }
93
+ )
94
+
95
+ # Commit
96
+ run_task(
97
+ 'deployment_signature::file_sync_commit',
98
+ $deployment_server,
99
+ {
100
+ 'message' => "Deployed with a valid signature and approval dated: ${signature_data.dig('approval', 'result', 'approvalDecisionDate')}",
101
+ 'name' => "${signature_data.dig('approval', 'result', 'approverUsername')}",
102
+ 'email' => 'NA',
103
+ 'submodule_id' => $deployment_info['node_group_environment'],
104
+ }
105
+ )
106
+ }
107
+
108
+ if $outcome =~ Error {
109
+ # Clean Up
110
+ run_task(
111
+ 'deployment_signature::cleanup',
112
+ $deployment_server,
113
+ {
114
+ 'environment' => $deployment_info['node_group_environment'],
115
+ 'commit_hash' => $deployment_info['commit'],
116
+ }
117
+ )
118
+
119
+ fail_plan($outcome)
120
+ } else {
121
+ # End nicely
122
+ return({
123
+ 'state' => 'success',
124
+ })
125
+ }
126
+ }
@@ -0,0 +1,2 @@
1
+ #! /bin/bash
2
+ echo "fact=test"
@@ -0,0 +1,265 @@
1
+ <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
2
+ <config xmlns="http://artifactory.jfrog.org/xsd/2.1.8" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jfrog.org/xsd/artifactory-v2_1_8.xsd">
3
+ <offlineMode>false</offlineMode>
4
+ <helpLinksEnabled>true</helpLinksEnabled>
5
+ <fileUploadMaxSizeMb>100</fileUploadMaxSizeMb>
6
+ <revision>1</revision>
7
+ <dateFormat>dd-MM-yy HH:mm:ss z</dateFormat>
8
+ <security>
9
+ <anonAccessEnabled>true</anonAccessEnabled>
10
+ <hideUnauthorizedResources>false</hideUnauthorizedResources>
11
+ <passwordSettings>
12
+ <encryptionPolicy>supported</encryptionPolicy>
13
+ <expirationPolicy>
14
+ <enabled>false</enabled>
15
+ <passwordMaxAge>60</passwordMaxAge>
16
+ <notifyByEmail>true</notifyByEmail>
17
+ </expirationPolicy>
18
+ <resetPolicy>
19
+ <enabled>true</enabled>
20
+ <maxAttemptsPerAddress>3</maxAttemptsPerAddress>
21
+ <timeToBlockInMinutes>60</timeToBlockInMinutes>
22
+ </resetPolicy>
23
+ </passwordSettings>
24
+ <ldapSettings/>
25
+ <ldapGroupSettings/>
26
+ <userLockPolicy>
27
+ <enabled>false</enabled>
28
+ <loginAttempts>5</loginAttempts>
29
+ </userLockPolicy>
30
+ <accessClientSettings/>
31
+ <buildGlobalBasicReadAllowed>false</buildGlobalBasicReadAllowed>
32
+ <buildGlobalBasicReadForAnonymous>false</buildGlobalBasicReadForAnonymous>
33
+ </security>
34
+ <backups>
35
+ <backup>
36
+ <key>backup-daily</key>
37
+ <enabled>true</enabled>
38
+ <cronExp>0 0 2 ? * MON-FRI</cronExp>
39
+ <retentionPeriodHours>0</retentionPeriodHours>
40
+ <createArchive>false</createArchive>
41
+ <excludedRepositories/>
42
+ <sendMailOnError>true</sendMailOnError>
43
+ <excludeNewRepositories>false</excludeNewRepositories>
44
+ <precalculate>false</precalculate>
45
+ </backup>
46
+ <backup>
47
+ <key>backup-weekly</key>
48
+ <enabled>false</enabled>
49
+ <cronExp>0 0 2 ? * SAT</cronExp>
50
+ <retentionPeriodHours>336</retentionPeriodHours>
51
+ <createArchive>false</createArchive>
52
+ <excludedRepositories/>
53
+ <sendMailOnError>true</sendMailOnError>
54
+ <excludeNewRepositories>false</excludeNewRepositories>
55
+ <precalculate>false</precalculate>
56
+ </backup>
57
+ </backups>
58
+ <indexer>
59
+ <enabled>false</enabled>
60
+ <cronExp>0 23 5 * * ?</cronExp>
61
+ </indexer>
62
+ <localRepositories>
63
+ <localRepository>
64
+ <key>artifactory-build-info</key>
65
+ <type>buildinfo</type>
66
+ <description>Build Info repository</description>
67
+ <includesPattern>**/*</includesPattern>
68
+ <repoLayoutRef>simple-default</repoLayoutRef>
69
+ <dockerApiVersion>V2</dockerApiVersion>
70
+ <forceNugetAuthentication>false</forceNugetAuthentication>
71
+ <blackedOut>false</blackedOut>
72
+ <handleReleases>true</handleReleases>
73
+ <handleSnapshots>true</handleSnapshots>
74
+ <maxUniqueSnapshots>0</maxUniqueSnapshots>
75
+ <maxUniqueTags>0</maxUniqueTags>
76
+ <suppressPomConsistencyChecks>true</suppressPomConsistencyChecks>
77
+ <propertySets/>
78
+ <archiveBrowsingEnabled>false</archiveBrowsingEnabled>
79
+ <snapshotVersionBehavior>unique</snapshotVersionBehavior>
80
+ <localRepoChecksumPolicyType>client-checksums</localRepoChecksumPolicyType>
81
+ <calculateYumMetadata>false</calculateYumMetadata>
82
+ <yumRootDepth>0</yumRootDepth>
83
+ <debianTrivialLayout>false</debianTrivialLayout>
84
+ <enableFileListsIndexing>false</enableFileListsIndexing>
85
+ </localRepository>
86
+ <localRepository>
87
+ <key>generic-local</key>
88
+ <type>generic</type>
89
+ <includesPattern>**/*</includesPattern>
90
+ <repoLayoutRef>simple-default</repoLayoutRef>
91
+ <dockerApiVersion>V2</dockerApiVersion>
92
+ <forceNugetAuthentication>false</forceNugetAuthentication>
93
+ <blackedOut>false</blackedOut>
94
+ <handleReleases>true</handleReleases>
95
+ <handleSnapshots>true</handleSnapshots>
96
+ <maxUniqueSnapshots>0</maxUniqueSnapshots>
97
+ <maxUniqueTags>0</maxUniqueTags>
98
+ <suppressPomConsistencyChecks>true</suppressPomConsistencyChecks>
99
+ <propertySets/>
100
+ <archiveBrowsingEnabled>false</archiveBrowsingEnabled>
101
+ <snapshotVersionBehavior>unique</snapshotVersionBehavior>
102
+ <localRepoChecksumPolicyType>client-checksums</localRepoChecksumPolicyType>
103
+ <calculateYumMetadata>false</calculateYumMetadata>
104
+ <yumRootDepth>0</yumRootDepth>
105
+ <debianTrivialLayout>false</debianTrivialLayout>
106
+ <enableFileListsIndexing>false</enableFileListsIndexing>
107
+ </localRepository>
108
+ </localRepositories>
109
+ <remoteRepositories/>
110
+ <virtualRepositories/>
111
+ <distributionRepositories/>
112
+ <releaseBundlesRepositories/>
113
+ <proxies/>
114
+ <reverseProxies/>
115
+ <propertySets/>
116
+ <repoLayouts>
117
+ <repoLayout>
118
+ <name>maven-2-default</name>
119
+ <artifactPathPattern>[orgPath]/[module]/[baseRev](-[folderItegRev])/[module]-[baseRev](-[fileItegRev])(-[classifier]).[ext]</artifactPathPattern>
120
+ <distinctiveDescriptorPathPattern>true</distinctiveDescriptorPathPattern>
121
+ <descriptorPathPattern>[orgPath]/[module]/[baseRev](-[folderItegRev])/[module]-[baseRev](-[fileItegRev])(-[classifier]).pom</descriptorPathPattern>
122
+ <folderIntegrationRevisionRegExp>SNAPSHOT</folderIntegrationRevisionRegExp>
123
+ <fileIntegrationRevisionRegExp>SNAPSHOT|(?:(?:[0-9]{8}.[0-9]{6})-(?:[0-9]+))</fileIntegrationRevisionRegExp>
124
+ </repoLayout>
125
+ <repoLayout>
126
+ <name>ivy-default</name>
127
+ <artifactPathPattern>[org]/[module]/[baseRev](-[folderItegRev])/[type]s/[module](-[classifier])-[baseRev](-[fileItegRev]).[ext]</artifactPathPattern>
128
+ <distinctiveDescriptorPathPattern>true</distinctiveDescriptorPathPattern>
129
+ <descriptorPathPattern>[org]/[module]/[baseRev](-[folderItegRev])/[type]s/ivy-[baseRev](-[fileItegRev]).xml</descriptorPathPattern>
130
+ <folderIntegrationRevisionRegExp>\d{14}</folderIntegrationRevisionRegExp>
131
+ <fileIntegrationRevisionRegExp>\d{14}</fileIntegrationRevisionRegExp>
132
+ </repoLayout>
133
+ <repoLayout>
134
+ <name>gradle-default</name>
135
+ <artifactPathPattern>[org]/[module]/[baseRev](-[folderItegRev])/[module]-[baseRev](-[fileItegRev])(-[classifier]).[ext]</artifactPathPattern>
136
+ <distinctiveDescriptorPathPattern>true</distinctiveDescriptorPathPattern>
137
+ <descriptorPathPattern>[org]/[module]/ivy-[baseRev](-[fileItegRev]).xml</descriptorPathPattern>
138
+ <folderIntegrationRevisionRegExp>\d{14}</folderIntegrationRevisionRegExp>
139
+ <fileIntegrationRevisionRegExp>\d{14}</fileIntegrationRevisionRegExp>
140
+ </repoLayout>
141
+ <repoLayout>
142
+ <name>maven-1-default</name>
143
+ <artifactPathPattern>[org]/[type]s/[module]-[baseRev](-[fileItegRev])(-[classifier]).[ext]</artifactPathPattern>
144
+ <distinctiveDescriptorPathPattern>true</distinctiveDescriptorPathPattern>
145
+ <descriptorPathPattern>[org]/[type]s/[module]-[baseRev](-[fileItegRev]).pom</descriptorPathPattern>
146
+ <folderIntegrationRevisionRegExp>.+</folderIntegrationRevisionRegExp>
147
+ <fileIntegrationRevisionRegExp>.+</fileIntegrationRevisionRegExp>
148
+ </repoLayout>
149
+ <repoLayout>
150
+ <name>nuget-default</name>
151
+ <artifactPathPattern>[orgPath]/[module]/[module].[baseRev](-[fileItegRev]).nupkg</artifactPathPattern>
152
+ <distinctiveDescriptorPathPattern>false</distinctiveDescriptorPathPattern>
153
+ <folderIntegrationRevisionRegExp>.*</folderIntegrationRevisionRegExp>
154
+ <fileIntegrationRevisionRegExp>.*</fileIntegrationRevisionRegExp>
155
+ </repoLayout>
156
+ <repoLayout>
157
+ <name>npm-default</name>
158
+ <artifactPathPattern>[orgPath]/[module]/[module]-[baseRev](-[fileItegRev]).tgz</artifactPathPattern>
159
+ <distinctiveDescriptorPathPattern>false</distinctiveDescriptorPathPattern>
160
+ <folderIntegrationRevisionRegExp>.*</folderIntegrationRevisionRegExp>
161
+ <fileIntegrationRevisionRegExp>.*</fileIntegrationRevisionRegExp>
162
+ </repoLayout>
163
+ <repoLayout>
164
+ <name>bower-default</name>
165
+ <artifactPathPattern>[orgPath]/[module]/[module]-[baseRev](-[fileItegRev]).[ext]</artifactPathPattern>
166
+ <distinctiveDescriptorPathPattern>false</distinctiveDescriptorPathPattern>
167
+ <folderIntegrationRevisionRegExp>.*</folderIntegrationRevisionRegExp>
168
+ <fileIntegrationRevisionRegExp>.*</fileIntegrationRevisionRegExp>
169
+ </repoLayout>
170
+ <repoLayout>
171
+ <name>vcs-default</name>
172
+ <artifactPathPattern>[orgPath]/[module]/[refs&lt;tags|branches&gt;]/[baseRev]/[module]-[baseRev](-[fileItegRev])(-[classifier]).[ext]</artifactPathPattern>
173
+ <distinctiveDescriptorPathPattern>false</distinctiveDescriptorPathPattern>
174
+ <folderIntegrationRevisionRegExp>.*</folderIntegrationRevisionRegExp>
175
+ <fileIntegrationRevisionRegExp>[a-zA-Z0-9]{40}</fileIntegrationRevisionRegExp>
176
+ </repoLayout>
177
+ <repoLayout>
178
+ <name>sbt-default</name>
179
+ <artifactPathPattern>[org]/[module]/(scala_[scalaVersion&lt;.+&gt;])/(sbt_[sbtVersion&lt;.+&gt;])/[baseRev]/[type]s/[module](-[classifier]).[ext]</artifactPathPattern>
180
+ <distinctiveDescriptorPathPattern>true</distinctiveDescriptorPathPattern>
181
+ <descriptorPathPattern>[org]/[module]/(scala_[scalaVersion&lt;.+&gt;])/(sbt_[sbtVersion&lt;.+&gt;])/[baseRev]/[type]s/ivy.xml</descriptorPathPattern>
182
+ <folderIntegrationRevisionRegExp>\d{14}</folderIntegrationRevisionRegExp>
183
+ <fileIntegrationRevisionRegExp>\d{14}</fileIntegrationRevisionRegExp>
184
+ </repoLayout>
185
+ <repoLayout>
186
+ <name>simple-default</name>
187
+ <artifactPathPattern>[orgPath]/[module]/[module]-[baseRev].[ext]</artifactPathPattern>
188
+ <distinctiveDescriptorPathPattern>false</distinctiveDescriptorPathPattern>
189
+ <folderIntegrationRevisionRegExp>.*</folderIntegrationRevisionRegExp>
190
+ <fileIntegrationRevisionRegExp>.*</fileIntegrationRevisionRegExp>
191
+ </repoLayout>
192
+ <repoLayout>
193
+ <name>composer-default</name>
194
+ <artifactPathPattern>[orgPath]/[module]/[module]-[baseRev](-[fileItegRev]).[ext]</artifactPathPattern>
195
+ <distinctiveDescriptorPathPattern>false</distinctiveDescriptorPathPattern>
196
+ <folderIntegrationRevisionRegExp>.*</folderIntegrationRevisionRegExp>
197
+ <fileIntegrationRevisionRegExp>.*</fileIntegrationRevisionRegExp>
198
+ </repoLayout>
199
+ <repoLayout>
200
+ <name>conan-default</name>
201
+ <artifactPathPattern>[org]/[module]/[baseRev]/[channel&lt;[^/]+&gt;][remainder&lt;(?:.*)&gt;].[ext]</artifactPathPattern>
202
+ <distinctiveDescriptorPathPattern>false</distinctiveDescriptorPathPattern>
203
+ <folderIntegrationRevisionRegExp>.*</folderIntegrationRevisionRegExp>
204
+ <fileIntegrationRevisionRegExp>.*</fileIntegrationRevisionRegExp>
205
+ </repoLayout>
206
+ <repoLayout>
207
+ <name>puppet-default</name>
208
+ <artifactPathPattern>[orgPath]/[module]/[orgPath]-[module]-[baseRev].tar.gz</artifactPathPattern>
209
+ <distinctiveDescriptorPathPattern>false</distinctiveDescriptorPathPattern>
210
+ <folderIntegrationRevisionRegExp>.*</folderIntegrationRevisionRegExp>
211
+ <fileIntegrationRevisionRegExp>.*</fileIntegrationRevisionRegExp>
212
+ </repoLayout>
213
+ <repoLayout>
214
+ <name>go-default</name>
215
+ <artifactPathPattern>[orgPath]/[module]/@v/v[refs].zip</artifactPathPattern>
216
+ <distinctiveDescriptorPathPattern>false</distinctiveDescriptorPathPattern>
217
+ <folderIntegrationRevisionRegExp>.*</folderIntegrationRevisionRegExp>
218
+ <fileIntegrationRevisionRegExp>.*</fileIntegrationRevisionRegExp>
219
+ </repoLayout>
220
+ <repoLayout>
221
+ <name>build-default</name>
222
+ <artifactPathPattern>[orgPath]/[module](-[fileItegRev]).[ext]</artifactPathPattern>
223
+ <distinctiveDescriptorPathPattern>false</distinctiveDescriptorPathPattern>
224
+ <folderIntegrationRevisionRegExp>.*</folderIntegrationRevisionRegExp>
225
+ <fileIntegrationRevisionRegExp>.*</fileIntegrationRevisionRegExp>
226
+ </repoLayout>
227
+ </repoLayouts>
228
+ <remoteReplications/>
229
+ <localReplications/>
230
+ <gcConfig>
231
+ <cronExp>0 0 /4 * * ?</cronExp>
232
+ </gcConfig>
233
+ <cleanupConfig>
234
+ <cronExp>0 12 5 * * ?</cronExp>
235
+ </cleanupConfig>
236
+ <virtualCacheCleanupConfig>
237
+ <cronExp>0 12 0 * * ?</cronExp>
238
+ </virtualCacheCleanupConfig>
239
+ <folderDownloadConfig>
240
+ <enabled>false</enabled>
241
+ <enabledForAnonymous>false</enabledForAnonymous>
242
+ <maxDownloadSizeMb>1024</maxDownloadSizeMb>
243
+ <maxFiles>5000</maxFiles>
244
+ <maxConcurrentRequests>10</maxConcurrentRequests>
245
+ </folderDownloadConfig>
246
+ <trashcanConfig>
247
+ <enabled>true</enabled>
248
+ <allowPermDeletes>false</allowPermDeletes>
249
+ <retentionPeriodDays>14</retentionPeriodDays>
250
+ </trashcanConfig>
251
+ <replicationsConfig>
252
+ <blockPushReplications>false</blockPushReplications>
253
+ <blockPullReplications>false</blockPullReplications>
254
+ </replicationsConfig>
255
+ <bintrayApplications/>
256
+ <sumoLogicConfig>
257
+ <enabled>false</enabled>
258
+ </sumoLogicConfig>
259
+ <releaseBundlesConfig>
260
+ <incompleteCleanupPeriodHours>720</incompleteCleanupPeriodHours>
261
+ </releaseBundlesConfig>
262
+ <downloadRedirectConfig>
263
+ <fileMinimumSize>5</fileMinimumSize>
264
+ </downloadRedirectConfig>
265
+ </config>
@@ -0,0 +1,23 @@
1
+ #! /bin/bash
2
+
3
+ csr=`cat`
4
+
5
+ csr_text=$(echo "$csr" | openssl req -noout -text)
6
+ certname=$1
7
+
8
+ # The challenge password for each node should be:
9
+ # the sha512sum of the hostname with a salt of
10
+ # "securityishard" appended to the end.
11
+
12
+ salt=`date +"%Y%m%d%H%M"`
13
+
14
+ # Calculate the expected sha512sum
15
+ # This is complex because we have to cut some trailing whitespace off
16
+ expected_sum=$(echo "$certname$salt" | sha512sum | rev | cut -c 4- | rev)
17
+
18
+ if [[ $csr_text == *"$expected_sum"* ]]
19
+ then
20
+ exit 0
21
+ fi
22
+
23
+ exit 1
@@ -0,0 +1,4 @@
1
+ <?xml version='1.0' encoding='UTF-8'?>
2
+ <hudson.tasks.Shell_-DescriptorImpl>
3
+ <shell>/bin/bash</shell>
4
+ </hudson.tasks.Shell_-DescriptorImpl>
@@ -0,0 +1,4 @@
1
+ 🍺 UNAUTHORIZED ACCESS IS PROHIBITED 🍺
2
+
3
+ Lorem ipsum dolor sit amet, legal jargon consectetur adipiscing elit. Ut gravida
4
+ turpis in ligula 💩 dignissim, non feugiat turpis ultricies!