onceover 3.21.0 → 3.22.0

data/spec/fixtures/controlrepos/puppet_controlrepo/manifests/site.pp

@@ -0,0 +1,11 @@
+if $::kernel == 'windows' {
+  Package {
+    provider => 'chocolatey',
+  }
+}
+
+node default {
+  if $facts['role'] {
+    include $facts['role']
+  }
+}

data/spec/fixtures/controlrepos/puppet_controlrepo/scripts/code_manager_config_version.rb

@@ -0,0 +1,19 @@
+#!/opt/puppetlabs/puppet/bin/ruby
+require 'json'
+require 'socket'
+
+environmentpath = ARGV[0]
+environment     = ARGV[1]
+
+# Get the hostname of the Puppet master compiling the catalog.
+# Sometimes the hostname is the fqdn, so we'll take the first segment.
+compiling_master = Socket.gethostname.split('.').first
+
+# Get the path to the Code Manager deployment info file.
+r10k_deploy_file_path = File.join(environmentpath, environment, '.r10k-deploy.json')
+
+# Get the first 12 characters of the commit ID out of the deployment file.
+commit_id = JSON.parse(File.read(r10k_deploy_file_path))['signature'][0...11]
+
+# Show the compiling master, environment name, and commit ID.
+puts "#{compiling_master}-#{environment}-#{commit_id}"

data/spec/fixtures/controlrepos/puppet_controlrepo/scripts/config_version.rb

@@ -0,0 +1,25 @@
+#!/opt/puppetlabs/puppet/bin/ruby
+begin
+  require 'rugged'
+  require 'socket'
+rescue LoadError
+  t = Time.new
+  puts t.to_i
+else
+  environmentpath = ARGV[0]
+  environment     = ARGV[1]
+
+  # Get the hostname of the Puppet master compiling the catalog.
+  # Sometimes the hostname is the fqdn, so we'll take the first segment.
+  compiling_master = Socket.gethostname.split('.').first
+
+  # Get the path to the environment being compiled.
+  repo = Rugged::Repository.discover(File.join(environmentpath, environment))
+  head = repo.head
+
+  # First 12 characters of the sha1 hash of the newest commit.
+  commit_id = head.target_id[0...11]
+
+  # Show the compiling master, environment name, and commit ID.
+  puts "#{compiling_master}-#{environment}-#{commit_id}"
+end

data/spec/fixtures/controlrepos/puppet_controlrepo/scripts/config_version.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+if [ -e $1/$2/.r10k-deploy.json ]
+then
+  /opt/puppetlabs/puppet/bin/ruby $1/$2/scripts/code_manager_config_version.rb $1 $2
+elif [ -e /opt/puppetlabs/server/pe_version ]
+then
+  /opt/puppetlabs/puppet/bin/ruby $1/$2/scripts/config_version.rb $1 $2
+else
+  /usr/bin/git --version > /dev/null 2>&1 &&
+  /usr/bin/git --git-dir $1/$2/.git rev-parse HEAD ||
+  date +%s
+fi

data/spec/fixtures/controlrepos/puppet_controlrepo/scripts/count_changed_classes.rb

@@ -0,0 +1,26 @@
+#! /bin/env ruby
+
+files = `git --no-pager diff --name-only HEAD HEAD~1`.split("\n")
+classes = []
+
+files.each do |file|
+  # if the changed file is a manifest
+  if file =~ /\.pp$/
+    segments = file.split('/')
+    # Capitalize the segments so that they work as a reference
+    segments = segments.map { |seg| seg.capitalize }
+    # Get the name of the module
+    mod = segments[segments.index('Manifests') - 1]
+    # Delete everything up to & including manifests
+    segments = segments - segments[0..segments.index('Manifests')]
+    # Get the final section
+    final = segments.last.chomp('.pp')
+    # Delete it
+    segments.delete(segments.last)
+    # Get anything taht is left
+    intermediary = segments
+    classes << [mod,intermediary,final].flatten.join('::')
+  end
+end
+
+puts classes.length

data/spec/fixtures/controlrepos/puppet_controlrepo/scripts/get_changed_classes.rb

@@ -0,0 +1,26 @@
+#! /bin/env ruby
+
+files = `git --no-pager diff --name-only HEAD HEAD~1`.split("\n")
+classes = []
+
+files.each do |file|
+  # if the changed file is a manifest
+  if file =~ /\.pp$/
+    segments = file.split('/')
+    # Capitalize the segments so that they work as a reference
+    segments = segments.map { |seg| seg.capitalize }
+    # Get the name of the module
+    mod = segments[segments.index('Manifests') - 1]
+    # Delete everything up to & including manifests
+    segments = segments - segments[0..segments.index('Manifests')]
+    # Get the final section
+    final = segments.last.chomp('.pp')
+    # Delete it
+    segments.delete(segments.last)
+    # Get anything taht is left
+    intermediary = segments
+    classes << [mod,intermediary,final].flatten.join('::')
+  end
+end
+
+puts classes if classes.length > 0

data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/console/functions/user/token.pp

@@ -0,0 +1,10 @@
+function console::user::token (
+  String $name,
+) {
+  include ::console
+  if find_file("${::console::token_dir}/${name}") {
+    regsubst(file("${::console::token_dir}/${name}"),/\n$/,'')
+  } else {
+    undef
+  }
+}

data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/console/manifests/init.pp

@@ -0,0 +1,14 @@
+# == Class: console
+#
+class console (
+  $token_dir = '/etc/puppetlabs/puppet/user_tokens',
+) {
+  if $::pe_build {
+    file { $token_dir:
+      ensure => directory,
+      owner  => 'pe-puppet',
+      group  => 'pe-puppet',
+      mode   => '0700',
+    }
+  }
+}

data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/console/manifests/user.pp

@@ -0,0 +1,35 @@
+# Creates a user in the console and generates a token for them
+# You can still pass name into this, it will work.
+#
+define console::user (
+  String        $password,
+  String        $ensure       = 'present',
+  String        $display_name = $name,
+  String        $email        = 'foo@puppet.com',
+  Array[String] $roles        = [ 'Operators' ],
+) {
+  include ::console
+  rbac_user { $title:
+    ensure       => $ensure,
+    name         => $name,
+    display_name => $display_name,
+    email        => $email,
+    password     => $password,
+    roles        => $roles,
+  }
+
+  exec { "create_${title}_token":
+    command => "echo \"${password}\" | puppet access login --username ${name} --lifetime 0 --print | tail -n1 > ${::console::token_dir}/${name}",
+    creates => "${::console::token_dir}/${name}",
+    path    => $::path,
+    require => Rbac_user[$title],
+  }
+
+  file { "${::console::token_dir}/${name}":
+    ensure  => file,
+    owner   => 'pe-puppet',
+    group   => 'pe-puppet',
+    mode    => '0600',
+    require => Exec["create_${title}_token"],
+  }
+}

data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/deployments/lib/puppet/functions/deployments/generate.rb

@@ -0,0 +1,15 @@
+Puppet::Functions.create_function(:'deployments::generate') do
+  dispatch :generate do
+    param 'Hash', :data
+    param 'String[1]', :secret
+  end
+
+  def generate(data, secret)
+    require 'jwt'
+
+    # Remove quotes to work around CDPE-3903
+    actual_secret = secret.gsub(/"/, '')
+
+    JWT.encode(data, actual_secret)
+  end
+end

data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/deployments/plans/signed_deployment.pp

@@ -0,0 +1,126 @@
+# This deployment policy will perform a Puppet code deploy of the commit
+# associated with a Pipeline run. Puppet nodes that are scheduled to run regularly will then pick up the
+# change until all nodes in the target environment are running against the new
+# code.
+#
+# @summary This deployment policy will perform a Puppet code deploy of the commit
+#          associated with a Pipeline run. 
+#
+# @param deployment_server The fqdn of the primary Puppet server that code should be deployed to
+# @param signing_secret Sensitve valie of a signining secret. This can be any string and needs to be the same as what was set on the
+#   target server
+plan deployments::signed_deployment (
+  String            $deployment_server,
+  Sensitive[String] $signing_secret = Sensitive('puppetlabs'),
+) {
+  # Gather all the data that we possibly can
+  $deployment_info = {
+    'cd4pe_pipeline_id'      => system::env('CD4PE_PIPELINE_ID'),
+    'module_name'            => system::env('MODULE_NAME'),
+    'control_repo_name'      => system::env('CONTROL_REPO_NAME'),
+    'branch'                 => system::env('BRANCH'),
+    'commit'                 => system::env('COMMIT'),
+    'node_group_id'          => system::env('NODE_GROUP_ID'),
+    'node_group_environment' => system::env('NODE_GROUP_ENVIRONMENT'),
+    'repo_target_branch'     => system::env('REPO_TARGET_BRANCH'),
+    'environment_prefix'     => system::env('ENVIRONMENT_PREFIX'),
+    'repo_type'              => system::env('REPO_TYPE'),
+    'deployment_domain'      => system::env('DEPLOYMENT_DOMAIN'),
+    'deployment_id'          => system::env('DEPLOYMENT_ID'),
+    'deployment_token'       => system::env('DEPLOYMENT_TOKEN'),
+    'deployment_owner'       => system::env('DEPLOYMENT_OWNER'),
+  }
+
+  # Wait for approval if the environment is protected
+  $approval_info = cd4pe_deployments::wait_for_approval($deployment_info['node_group_environment']) |String $url| { }
+
+  $update_git_ref_result = cd4pe_deployments::update_git_branch_ref(
+    $deployment_info['repo_type'],
+    $deployment_info['repo_target_branch'],
+    $deployment_info['commit']
+  )
+
+  $signature_data = $deployment_info + {
+    'approval'       => $approval_info,
+    'git_ref_update' => $update_git_ref_result,
+  }
+
+  # Create the signature
+  $signature = deployments::generate(
+    $signature_data,
+    $signing_secret.unwrap,
+  )
+
+  # Register the signature
+  run_task(
+    'deployment_signature::register',
+    $deployment_server,
+    {
+      'commit_hash'   => $deployment_info['commit'],
+      'environment'   => $deployment_info['node_group_environment'],
+      'data'          => $signature,
+    }
+  )
+
+  # Execute all code deployment tasks in a catch block so that we can do
+  # cleanup if we need to
+  $outcome = catch_errors() || {
+    # Deploy code
+    run_task(
+      'deployment_signature::r10k_deploy',
+      $deployment_server,
+      {
+        'environment' => $deployment_info['node_group_environment'],
+      }
+    )
+
+    # Write signature
+    run_task(
+      'deployment_signature::write',
+      $deployment_server,
+      {
+        'environment' => $deployment_info['node_group_environment'],
+      }
+    )
+
+    # Validate
+    run_task(
+      'deployment_signature::validate',
+      $deployment_server,
+      {
+        'environment' => $deployment_info['node_group_environment'],
+      }
+    )
+
+    # Commit
+    run_task(
+      'deployment_signature::file_sync_commit',
+      $deployment_server,
+      {
+        'message'      => "Deployed with a valid signature and approval dated: ${signature_data.dig('approval', 'result', 'approvalDecisionDate')}",
+        'name'         => "${signature_data.dig('approval', 'result', 'approverUsername')}",
+        'email'        => 'NA',
+        'submodule_id' => $deployment_info['node_group_environment'],
+      }
+    )
+  }
+
+  if $outcome =~ Error {
+    # Clean Up
+    run_task(
+      'deployment_signature::cleanup',
+      $deployment_server,
+      {
+        'environment' => $deployment_info['node_group_environment'],
+        'commit_hash' => $deployment_info['commit'],
+      }
+    )
+
+    fail_plan($outcome)
+  } else {
+    # End nicely
+    return({
+      'state' => 'success',
+    })
+  }
+}

data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/facts.d/test.sh

@@ -0,0 +1,2 @@
+#! /bin/bash
+echo "fact=test"

data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/files/artifactory/config_descriptor.xml

@@ -0,0 +1,265 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<config xmlns="http://artifactory.jfrog.org/xsd/2.1.8" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jfrog.org/xsd/artifactory-v2_1_8.xsd">
+    <offlineMode>false</offlineMode>
+    <helpLinksEnabled>true</helpLinksEnabled>
+    <fileUploadMaxSizeMb>100</fileUploadMaxSizeMb>
+    <revision>1</revision>
+    <dateFormat>dd-MM-yy HH:mm:ss z</dateFormat>
+    <security>
+        <anonAccessEnabled>true</anonAccessEnabled>
+        <hideUnauthorizedResources>false</hideUnauthorizedResources>
+        <passwordSettings>
+            <encryptionPolicy>supported</encryptionPolicy>
+            <expirationPolicy>
+                <enabled>false</enabled>
+                <passwordMaxAge>60</passwordMaxAge>
+                <notifyByEmail>true</notifyByEmail>
+            </expirationPolicy>
+            <resetPolicy>
+                <enabled>true</enabled>
+                <maxAttemptsPerAddress>3</maxAttemptsPerAddress>
+                <timeToBlockInMinutes>60</timeToBlockInMinutes>
+            </resetPolicy>
+        </passwordSettings>
+        <ldapSettings/>
+        <ldapGroupSettings/>
+        <userLockPolicy>
+            <enabled>false</enabled>
+            <loginAttempts>5</loginAttempts>
+        </userLockPolicy>
+        <accessClientSettings/>
+        <buildGlobalBasicReadAllowed>false</buildGlobalBasicReadAllowed>
+        <buildGlobalBasicReadForAnonymous>false</buildGlobalBasicReadForAnonymous>
+    </security>
+    <backups>
+        <backup>
+            <key>backup-daily</key>
+            <enabled>true</enabled>
+            <cronExp>0 0 2 ? * MON-FRI</cronExp>
+            <retentionPeriodHours>0</retentionPeriodHours>
+            <createArchive>false</createArchive>
+            <excludedRepositories/>
+            <sendMailOnError>true</sendMailOnError>
+            <excludeNewRepositories>false</excludeNewRepositories>
+            <precalculate>false</precalculate>
+        </backup>
+        <backup>
+            <key>backup-weekly</key>
+            <enabled>false</enabled>
+            <cronExp>0 0 2 ? * SAT</cronExp>
+            <retentionPeriodHours>336</retentionPeriodHours>
+            <createArchive>false</createArchive>
+            <excludedRepositories/>
+            <sendMailOnError>true</sendMailOnError>
+            <excludeNewRepositories>false</excludeNewRepositories>
+            <precalculate>false</precalculate>
+        </backup>
+    </backups>
+    <indexer>
+        <enabled>false</enabled>
+        <cronExp>0 23 5 * * ?</cronExp>
+    </indexer>
+    <localRepositories>
+        <localRepository>
+            <key>artifactory-build-info</key>
+            <type>buildinfo</type>
+            <description>Build Info repository</description>
+            <includesPattern>**/*</includesPattern>
+            <repoLayoutRef>simple-default</repoLayoutRef>
+            <dockerApiVersion>V2</dockerApiVersion>
+            <forceNugetAuthentication>false</forceNugetAuthentication>
+            <blackedOut>false</blackedOut>
+            <handleReleases>true</handleReleases>
+            <handleSnapshots>true</handleSnapshots>
+            <maxUniqueSnapshots>0</maxUniqueSnapshots>
+            <maxUniqueTags>0</maxUniqueTags>
+            <suppressPomConsistencyChecks>true</suppressPomConsistencyChecks>
+            <propertySets/>
+            <archiveBrowsingEnabled>false</archiveBrowsingEnabled>
+            <snapshotVersionBehavior>unique</snapshotVersionBehavior>
+            <localRepoChecksumPolicyType>client-checksums</localRepoChecksumPolicyType>
+            <calculateYumMetadata>false</calculateYumMetadata>
+            <yumRootDepth>0</yumRootDepth>
+            <debianTrivialLayout>false</debianTrivialLayout>
+            <enableFileListsIndexing>false</enableFileListsIndexing>
+        </localRepository>
+        <localRepository>
+            <key>generic-local</key>
+            <type>generic</type>
+            <includesPattern>**/*</includesPattern>
+            <repoLayoutRef>simple-default</repoLayoutRef>
+            <dockerApiVersion>V2</dockerApiVersion>
+            <forceNugetAuthentication>false</forceNugetAuthentication>
+            <blackedOut>false</blackedOut>
+            <handleReleases>true</handleReleases>
+            <handleSnapshots>true</handleSnapshots>
+            <maxUniqueSnapshots>0</maxUniqueSnapshots>
+            <maxUniqueTags>0</maxUniqueTags>
+            <suppressPomConsistencyChecks>true</suppressPomConsistencyChecks>
+            <propertySets/>
+            <archiveBrowsingEnabled>false</archiveBrowsingEnabled>
+            <snapshotVersionBehavior>unique</snapshotVersionBehavior>
+            <localRepoChecksumPolicyType>client-checksums</localRepoChecksumPolicyType>
+            <calculateYumMetadata>false</calculateYumMetadata>
+            <yumRootDepth>0</yumRootDepth>
+            <debianTrivialLayout>false</debianTrivialLayout>
+            <enableFileListsIndexing>false</enableFileListsIndexing>
+        </localRepository>
+    </localRepositories>
+    <remoteRepositories/>
+    <virtualRepositories/>
+    <distributionRepositories/>
+    <releaseBundlesRepositories/>
+    <proxies/>
+    <reverseProxies/>
+    <propertySets/>
+    <repoLayouts>
+        <repoLayout>
+            <name>maven-2-default</name>
+            <artifactPathPattern>[orgPath]/[module]/[baseRev](-[folderItegRev])/[module]-[baseRev](-[fileItegRev])(-[classifier]).[ext]</artifactPathPattern>
+            <distinctiveDescriptorPathPattern>true</distinctiveDescriptorPathPattern>
+            <descriptorPathPattern>[orgPath]/[module]/[baseRev](-[folderItegRev])/[module]-[baseRev](-[fileItegRev])(-[classifier]).pom</descriptorPathPattern>
+            <folderIntegrationRevisionRegExp>SNAPSHOT</folderIntegrationRevisionRegExp>
+            <fileIntegrationRevisionRegExp>SNAPSHOT|(?:(?:[0-9]{8}.[0-9]{6})-(?:[0-9]+))</fileIntegrationRevisionRegExp>
+        </repoLayout>
+        <repoLayout>
+            <name>ivy-default</name>
+            <artifactPathPattern>[org]/[module]/[baseRev](-[folderItegRev])/[type]s/[module](-[classifier])-[baseRev](-[fileItegRev]).[ext]</artifactPathPattern>
+            <distinctiveDescriptorPathPattern>true</distinctiveDescriptorPathPattern>
+            <descriptorPathPattern>[org]/[module]/[baseRev](-[folderItegRev])/[type]s/ivy-[baseRev](-[fileItegRev]).xml</descriptorPathPattern>
+            <folderIntegrationRevisionRegExp>\d{14}</folderIntegrationRevisionRegExp>
+            <fileIntegrationRevisionRegExp>\d{14}</fileIntegrationRevisionRegExp>
+        </repoLayout>
+        <repoLayout>
+            <name>gradle-default</name>
+            <artifactPathPattern>[org]/[module]/[baseRev](-[folderItegRev])/[module]-[baseRev](-[fileItegRev])(-[classifier]).[ext]</artifactPathPattern>
+            <distinctiveDescriptorPathPattern>true</distinctiveDescriptorPathPattern>
+            <descriptorPathPattern>[org]/[module]/ivy-[baseRev](-[fileItegRev]).xml</descriptorPathPattern>
+            <folderIntegrationRevisionRegExp>\d{14}</folderIntegrationRevisionRegExp>
+            <fileIntegrationRevisionRegExp>\d{14}</fileIntegrationRevisionRegExp>
+        </repoLayout>
+        <repoLayout>
+            <name>maven-1-default</name>
+            <artifactPathPattern>[org]/[type]s/[module]-[baseRev](-[fileItegRev])(-[classifier]).[ext]</artifactPathPattern>
+            <distinctiveDescriptorPathPattern>true</distinctiveDescriptorPathPattern>
+            <descriptorPathPattern>[org]/[type]s/[module]-[baseRev](-[fileItegRev]).pom</descriptorPathPattern>
+            <folderIntegrationRevisionRegExp>.+</folderIntegrationRevisionRegExp>
+            <fileIntegrationRevisionRegExp>.+</fileIntegrationRevisionRegExp>
+        </repoLayout>
+        <repoLayout>
+            <name>nuget-default</name>
+            <artifactPathPattern>[orgPath]/[module]/[module].[baseRev](-[fileItegRev]).nupkg</artifactPathPattern>
+            <distinctiveDescriptorPathPattern>false</distinctiveDescriptorPathPattern>
+            <folderIntegrationRevisionRegExp>.*</folderIntegrationRevisionRegExp>
+            <fileIntegrationRevisionRegExp>.*</fileIntegrationRevisionRegExp>
+        </repoLayout>
+        <repoLayout>
+            <name>npm-default</name>
+            <artifactPathPattern>[orgPath]/[module]/[module]-[baseRev](-[fileItegRev]).tgz</artifactPathPattern>
+            <distinctiveDescriptorPathPattern>false</distinctiveDescriptorPathPattern>
+            <folderIntegrationRevisionRegExp>.*</folderIntegrationRevisionRegExp>
+            <fileIntegrationRevisionRegExp>.*</fileIntegrationRevisionRegExp>
+        </repoLayout>
+        <repoLayout>
+            <name>bower-default</name>
+            <artifactPathPattern>[orgPath]/[module]/[module]-[baseRev](-[fileItegRev]).[ext]</artifactPathPattern>
+            <distinctiveDescriptorPathPattern>false</distinctiveDescriptorPathPattern>
+            <folderIntegrationRevisionRegExp>.*</folderIntegrationRevisionRegExp>
+            <fileIntegrationRevisionRegExp>.*</fileIntegrationRevisionRegExp>
+        </repoLayout>
+        <repoLayout>
+            <name>vcs-default</name>
+            <artifactPathPattern>[orgPath]/[module]/[refs&lt;tags|branches&gt;]/[baseRev]/[module]-[baseRev](-[fileItegRev])(-[classifier]).[ext]</artifactPathPattern>
+            <distinctiveDescriptorPathPattern>false</distinctiveDescriptorPathPattern>
+            <folderIntegrationRevisionRegExp>.*</folderIntegrationRevisionRegExp>
+            <fileIntegrationRevisionRegExp>[a-zA-Z0-9]{40}</fileIntegrationRevisionRegExp>
+        </repoLayout>
+        <repoLayout>
+            <name>sbt-default</name>
+            <artifactPathPattern>[org]/[module]/(scala_[scalaVersion&lt;.+&gt;])/(sbt_[sbtVersion&lt;.+&gt;])/[baseRev]/[type]s/[module](-[classifier]).[ext]</artifactPathPattern>
+            <distinctiveDescriptorPathPattern>true</distinctiveDescriptorPathPattern>
+            <descriptorPathPattern>[org]/[module]/(scala_[scalaVersion&lt;.+&gt;])/(sbt_[sbtVersion&lt;.+&gt;])/[baseRev]/[type]s/ivy.xml</descriptorPathPattern>
+            <folderIntegrationRevisionRegExp>\d{14}</folderIntegrationRevisionRegExp>
+            <fileIntegrationRevisionRegExp>\d{14}</fileIntegrationRevisionRegExp>
+        </repoLayout>
+        <repoLayout>
+            <name>simple-default</name>
+            <artifactPathPattern>[orgPath]/[module]/[module]-[baseRev].[ext]</artifactPathPattern>
+            <distinctiveDescriptorPathPattern>false</distinctiveDescriptorPathPattern>
+            <folderIntegrationRevisionRegExp>.*</folderIntegrationRevisionRegExp>
+            <fileIntegrationRevisionRegExp>.*</fileIntegrationRevisionRegExp>
+        </repoLayout>
+        <repoLayout>
+            <name>composer-default</name>
+            <artifactPathPattern>[orgPath]/[module]/[module]-[baseRev](-[fileItegRev]).[ext]</artifactPathPattern>
+            <distinctiveDescriptorPathPattern>false</distinctiveDescriptorPathPattern>
+            <folderIntegrationRevisionRegExp>.*</folderIntegrationRevisionRegExp>
+            <fileIntegrationRevisionRegExp>.*</fileIntegrationRevisionRegExp>
+        </repoLayout>
+        <repoLayout>
+            <name>conan-default</name>
+            <artifactPathPattern>[org]/[module]/[baseRev]/[channel&lt;[^/]+&gt;][remainder&lt;(?:.*)&gt;].[ext]</artifactPathPattern>
+            <distinctiveDescriptorPathPattern>false</distinctiveDescriptorPathPattern>
+            <folderIntegrationRevisionRegExp>.*</folderIntegrationRevisionRegExp>
+            <fileIntegrationRevisionRegExp>.*</fileIntegrationRevisionRegExp>
+        </repoLayout>
+        <repoLayout>
+            <name>puppet-default</name>
+            <artifactPathPattern>[orgPath]/[module]/[orgPath]-[module]-[baseRev].tar.gz</artifactPathPattern>
+            <distinctiveDescriptorPathPattern>false</distinctiveDescriptorPathPattern>
+            <folderIntegrationRevisionRegExp>.*</folderIntegrationRevisionRegExp>
+            <fileIntegrationRevisionRegExp>.*</fileIntegrationRevisionRegExp>
+        </repoLayout>
+        <repoLayout>
+            <name>go-default</name>
+            <artifactPathPattern>[orgPath]/[module]/@v/v[refs].zip</artifactPathPattern>
+            <distinctiveDescriptorPathPattern>false</distinctiveDescriptorPathPattern>
+            <folderIntegrationRevisionRegExp>.*</folderIntegrationRevisionRegExp>
+            <fileIntegrationRevisionRegExp>.*</fileIntegrationRevisionRegExp>
+        </repoLayout>
+        <repoLayout>
+            <name>build-default</name>
+            <artifactPathPattern>[orgPath]/[module](-[fileItegRev]).[ext]</artifactPathPattern>
+            <distinctiveDescriptorPathPattern>false</distinctiveDescriptorPathPattern>
+            <folderIntegrationRevisionRegExp>.*</folderIntegrationRevisionRegExp>
+            <fileIntegrationRevisionRegExp>.*</fileIntegrationRevisionRegExp>
+        </repoLayout>
+    </repoLayouts>
+    <remoteReplications/>
+    <localReplications/>
+    <gcConfig>
+        <cronExp>0 0 /4 * * ?</cronExp>
+    </gcConfig>
+    <cleanupConfig>
+        <cronExp>0 12 5 * * ?</cronExp>
+    </cleanupConfig>
+    <virtualCacheCleanupConfig>
+        <cronExp>0 12 0 * * ?</cronExp>
+    </virtualCacheCleanupConfig>
+    <folderDownloadConfig>
+        <enabled>false</enabled>
+        <enabledForAnonymous>false</enabledForAnonymous>
+        <maxDownloadSizeMb>1024</maxDownloadSizeMb>
+        <maxFiles>5000</maxFiles>
+        <maxConcurrentRequests>10</maxConcurrentRequests>
+    </folderDownloadConfig>
+    <trashcanConfig>
+        <enabled>true</enabled>
+        <allowPermDeletes>false</allowPermDeletes>
+        <retentionPeriodDays>14</retentionPeriodDays>
+    </trashcanConfig>
+    <replicationsConfig>
+        <blockPushReplications>false</blockPushReplications>
+        <blockPullReplications>false</blockPullReplications>
+    </replicationsConfig>
+    <bintrayApplications/>
+    <sumoLogicConfig>
+        <enabled>false</enabled>
+    </sumoLogicConfig>
+    <releaseBundlesConfig>
+        <incompleteCleanupPeriodHours>720</incompleteCleanupPeriodHours>
+    </releaseBundlesConfig>
+    <downloadRedirectConfig>
+        <fileMinimumSize>5</fileMinimumSize>
+    </downloadRedirectConfig>
+</config>

data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/files/autosign.sh

@@ -0,0 +1,23 @@
+#! /bin/bash
+
+csr=`cat`
+
+csr_text=$(echo "$csr" | openssl req -noout -text)
+certname=$1
+
+# The challenge password for each node should be:
+# the sha512sum of the hostname with a salt of
+# "securityishard" appended to the end.
+
+salt=`date +"%Y%m%d%H%M"`
+
+# Calculate the expected sha512sum
+# This is complex because we have to cut some trailing whitespace off
+expected_sum=$(echo "$certname$salt" | sha512sum | rev | cut -c 4- | rev)
+
+if [[ $csr_text == *"$expected_sum"* ]]
+then
+  exit 0
+fi
+
+exit 1

data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/files/hudson.tasks.Shell.xml

@@ -0,0 +1,4 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<hudson.tasks.Shell_-DescriptorImpl>
+  <shell>/bin/bash</shell>
+</hudson.tasks.Shell_-DescriptorImpl>

data/spec/fixtures/controlrepos/puppet_controlrepo/site-modules/profile/files/motd

@@ -0,0 +1,4 @@
+🍺 UNAUTHORIZED ACCESS IS PROHIBITED 🍺
+
+Lorem ipsum dolor sit amet, legal jargon consectetur adipiscing elit. Ut gravida
+turpis in ligula 💩 dignissim, non feugiat turpis ultricies!