r10k 3.3.0 → 3.3.1

data/r10k.gemspec

@@ -28,7 +28,7 @@ Gem::Specification.new do |s|
   s.add_dependency 'log4r',     '1.1.10'
   s.add_dependency 'multi_json', '~> 1.10'
 
-  s.add_dependency 'puppet_forge', '~> 2.2.8'
+  s.add_dependency 'puppet_forge', '~> 2.3.0'
 
   s.add_dependency 'gettext-setup', '~>0.24'
 

data/spec/fixtures/unit/puppetfile/default-branch-override/Puppetfile

@@ -0,0 +1,5 @@
+mod 'cd4pe',
+  :git => 'test@randomurl.com:something/some_module.git',
+  :ref => 'expected_ref',
+  :default_branch => 'here_lies_the_default_branch'
+

data/spec/unit/action/deploy/environment_spec.rb

@@ -19,6 +19,10 @@ describe R10K::Action::Deploy::Environment do
       described_class.new({puppetfile: true}, [])
     end
 
+    it "can accept a default_branch_override option" do
+      described_class.new({:'default-branch-override' => 'default_branch_override_name'}, [])
+    end
+
     it "can accept a no-force option" do
       described_class.new({:'no-force' => true}, [])
     end
@@ -328,4 +332,63 @@ describe R10K::Action::Deploy::Environment do
       end
     end
   end
+
+  describe "write_environment_info!" do
+
+    class Fake_Environment
+      attr_accessor :path
+      attr_accessor :puppetfile
+      attr_accessor :info
+
+      def initialize(path, info)
+        @path = path
+        @info = info
+        @puppetfile = R10K::Puppetfile.new
+      end
+    end
+
+    let(:mock_stateful_repo_1) { instance_double("R10K::Git::StatefulRepository", :head => "123456") }
+    let(:mock_stateful_repo_2) { instance_double("R10K::Git::StatefulRepository", :head => "654321") }
+    let(:mock_git_module_1) { instance_double("R10K::Module::Git", :name => "my_cool_module", :version => "1.0", :repo => mock_stateful_repo_1) }
+    let(:mock_git_module_2) { instance_double("R10K::Module::Git", :name => "my_lame_module", :version => "0.0.1", :repo => mock_stateful_repo_2) }
+    let(:mock_forge_module_1) { double(:name => "their_shiny_module", :version => "2.0.0") }
+    let(:mock_puppetfile) { instance_double("R10K::Puppetfile", :modules => [mock_git_module_1, mock_git_module_2, mock_forge_module_1]) }
+
+    before(:all) do
+      @tmp_path = "./tmp-r10k-test-dir/"
+      Dir.mkdir(@tmp_path) unless File.exists?(@tmp_path)
+    end
+
+    after(:all) do
+      File.delete("#{@tmp_path}/.r10k-deploy.json")
+      Dir.delete(@tmp_path)
+    end
+
+    it "writes the .r10k-deploy file correctly" do
+      allow(R10K::Puppetfile).to receive(:new).and_return(mock_puppetfile)
+      allow(mock_forge_module_1).to receive(:repo).and_raise(NoMethodError)
+
+      fake_env = Fake_Environment.new(@tmp_path, {:name => "my_cool_environment", :signature => "pablo picasso"})
+      subject.send(:write_environment_info!, fake_env, "2019-01-01 23:23:22 +0000", true)
+
+      file_contents = File.read("#{@tmp_path}/.r10k-deploy.json")
+      r10k_deploy = JSON.parse(file_contents)
+
+      expect(r10k_deploy['name']).to eq("my_cool_environment")
+      expect(r10k_deploy['signature']).to eq("pablo picasso")
+      expect(r10k_deploy['started_at']).to eq("2019-01-01 23:23:22 +0000")
+      expect(r10k_deploy['deploy_success']).to eq(true)
+      expect(r10k_deploy['module_deploys'].length).to eq(3)
+      expect(r10k_deploy['module_deploys'][0]['name']).to eq("my_cool_module")
+      expect(r10k_deploy['module_deploys'][0]['version']).to eq("1.0")
+      expect(r10k_deploy['module_deploys'][0]['sha']).to eq("123456")
+      expect(r10k_deploy['module_deploys'][1]['name']).to eq("my_lame_module")
+      expect(r10k_deploy['module_deploys'][1]['version']).to eq("0.0.1")
+      expect(r10k_deploy['module_deploys'][1]['sha']).to eq("654321")
+      expect(r10k_deploy['module_deploys'][2]['name']).to eq("their_shiny_module")
+      expect(r10k_deploy['module_deploys'][2]['version']).to eq("2.0.0")
+      expect(r10k_deploy['module_deploys'][2]['sha']).to eq(nil)
+
+    end
+  end
 end

data/spec/unit/forge/module_release_spec.rb

@@ -7,6 +7,7 @@ describe R10K::Forge::ModuleRelease do
   subject { described_class.new('branan-eight_hundred', '8.0.0') }
 
   let(:forge_release_class) { PuppetForge::V3::Release }
+  let(:sha256_digest_class) { Digest::SHA256 }
   let(:md5_digest_class) { Digest::MD5 }
 
   let(:download_path) { instance_double('Pathname') }
@@ -14,14 +15,21 @@ describe R10K::Forge::ModuleRelease do
   let(:tarball_cache_root) { instance_double('Pathname') }
   let(:unpack_path) { instance_double('Pathname') }
   let(:target_dir) { instance_double('Pathname') }
+  let(:tarball_cache_path) { instance_double('Pathname') }
   let(:md5_file_path) { instance_double('Pathname') }
+  let(:sha256_file_path) { instance_double('Pathname') }
 
   let(:file_lists) { {:valid=>['valid_ex'], :invalid=>[], :symlinks=>['symlink_ex']} }
 
   let(:file_contents) { "skeletor's closet" }
-  let(:md5_of_tarball) { "something_hexy" }
+  let(:sha256_digest) { instance_double('Digest::SHA256') }
+  let(:sha256_of_tarball) { "sha256_hash" }
+  let(:md5_digest) { instance_double('Digest::MD5') }
+  let(:md5_of_tarball) { "md5_hash" }
   let(:good_md5) { md5_of_tarball }
-  let(:bad_md5) { "different_hexy_thing" }
+  let(:good_sha256) { sha256_of_tarball }
+  let(:bad_sha256) { "bad_sha256_hash" }
+  let(:bad_md5) { "bad_md5_hash" }
 
   before do
     subject.download_path = download_path
@@ -29,6 +37,7 @@ describe R10K::Forge::ModuleRelease do
     subject.tarball_cache_root = tarball_cache_root
     subject.unpack_path = unpack_path
     subject.md5_file_path = md5_file_path
+    subject.sha256_file_path = sha256_file_path
   end
 
   context "no cached tarball" do
@@ -55,51 +64,78 @@ describe R10K::Forge::ModuleRelease do
 
   describe '#verify' do
 
-    it "verifies using the file md5, if that exists" do
-      allow(File).to receive(:read).and_return(file_contents)
-      allow(md5_digest_class).to receive(:hexdigest).and_return(md5_of_tarball)
-      allow(md5_file_path).to receive(:exist?).and_return(true)
-      expect(subject).to receive(:verify_from_md5_file).with(md5_of_tarball)
+    it "verifies using the file SHA256, if that exists" do
+      allow(sha256_digest_class).to receive(:file).and_return(sha256_digest)
+      allow(sha256_digest).to receive(:hexdigest).and_return(sha256_of_tarball)
+      allow(sha256_file_path).to receive(:exist?).and_return(true)
+      expect(subject).to receive(:verify_from_file).with(sha256_of_tarball, sha256_file_path)
       subject.verify
     end
 
-    it "verifies using the forge file_md5, if no md5 file exists" do
-      allow(File).to receive(:read).and_return(file_contents)
-      allow(md5_digest_class).to receive(:hexdigest).and_return(md5_of_tarball)
-      allow(md5_file_path).to receive(:exist?).and_return(false)
-      expect(subject).to receive(:verify_from_forge).with(md5_of_tarball)
+    it "verifies using the forge file_sha256, if no sha256 file exists" do
+      allow(sha256_digest_class).to receive(:file).and_return(sha256_digest)
+      allow(sha256_digest).to receive(:hexdigest).and_return(sha256_of_tarball)
+      allow(sha256_file_path).to receive(:exist?).and_return(false)
+      allow(subject.forge_release).to receive(:respond_to?).and_return(true)
+      allow(subject.forge_release).to receive(:sha256_file).and_return(sha256_of_tarball)
+      expect(subject).to receive(:verify_from_forge)
       subject.verify
     end
+
+    it "falls back to md5 verification when not in FIPS mode and no sha256 available" do
+      expect(R10K::Util::Platform).to receive(:fips?).and_return(false)
+      # failed sha256 verification
+      allow(sha256_digest_class).to receive(:file).and_return(sha256_digest)
+      allow(sha256_digest).to receive(:hexdigest).and_return(sha256_of_tarball)
+      allow(sha256_file_path).to receive(:exist?).and_return(false)
+      allow(subject.forge_release).to receive(:respond_to?).and_return(false)
+      allow(subject).to receive(:verify_from_forge)
+      # md5 verification
+      allow(md5_digest_class).to receive(:file).and_return(md5_digest)
+      allow(md5_digest).to receive(:hexdigest).and_return(md5_of_tarball)
+      allow(md5_file_path).to receive(:exist?).and_return(true)
+      expect(subject).to receive(:verify_from_file)
+      subject.verify
+    end
+
+    it "errors when in FIPS mode and no sha256 is available" do
+      expect(R10K::Util::Platform).to receive(:fips?).and_return(true)
+      allow(sha256_digest_class).to receive(:file).and_return(sha256_digest)
+      allow(sha256_digest).to receive(:hexdigest).and_return(sha256_of_tarball)
+      allow(sha256_file_path).to receive(:exist?).and_return(false)
+      allow(subject.forge_release).to receive(:respond_to?).and_return(false)
+      allow(subject).to receive(:verify_from_forge)
+      expect { subject.verify }.to raise_error(R10K::Error)
+    end
   end
 
-  describe '#verify_from_md5_file' do
+  describe '#verify_from_file' do
 
     it "does nothing when the checksums match" do
-      expect(File).to receive(:read).with(md5_file_path).and_return(good_md5)
+      expect(File).to receive(:read).with(sha256_file_path).and_return(good_sha256)
       expect(subject).not_to receive(:cleanup_cached_tarball_path)
-      subject.verify_from_md5_file(md5_of_tarball)
+      subject.verify_from_file(sha256_of_tarball, sha256_file_path)
     end
 
     it "raises an error and cleans up when the checksums do not match" do
-      expect(File).to receive(:read).with(md5_file_path).and_return(bad_md5)
-      expect(subject).to receive(:cleanup_cached_tarball_path)
-      expect(subject).to receive(:cleanup_md5_file_path)
-      expect { subject.verify_from_md5_file(md5_of_tarball) }.to raise_error(PuppetForge::V3::Release::ChecksumMismatch)
+      expect(File).to receive(:read).with(sha256_file_path).and_return(bad_sha256)
+      expect(tarball_cache_path).to receive(:delete)
+      expect(sha256_file_path).to receive(:delete)
+      expect { subject.verify_from_file(sha256_of_tarball, sha256_file_path) }.to raise_error(PuppetForge::V3::Release::ChecksumMismatch)
     end
   end
 
   describe '#verify_from_forge' do
-    it "write the md5 to file when the checksums match" do
-      expect(subject.forge_release).to receive(:file_md5).and_return(good_md5)
-      expect(subject).not_to receive(:cleanup_cached_tarball_path)
-      expect(File).to receive(:write).with(md5_file_path, good_md5)
-      subject.verify_from_forge(md5_of_tarball)
+    it "write the checksum to file when the checksums match" do
+      expect(tarball_cache_path).not_to receive(:delete)
+      expect(File).to receive(:write).with(sha256_file_path, good_sha256)
+      subject.verify_from_forge(sha256_of_tarball, good_sha256, sha256_file_path)
     end
 
     it "raises an error and cleans up when the checksums do not match" do
-      expect(subject.forge_release).to receive(:file_md5).and_return(bad_md5)
-      expect(subject).to receive(:cleanup_cached_tarball_path)
-      expect { subject.verify_from_forge(md5_of_tarball) }.to raise_error(PuppetForge::V3::Release::ChecksumMismatch)
+      expect(tarball_cache_path).to receive(:delete)
+      expect { subject.verify_from_forge(sha256_of_tarball, bad_sha256, sha256_file_path) }
+        .to raise_error(PuppetForge::V3::Release::ChecksumMismatch)
     end
   end
 

data/spec/unit/puppetfile_spec.rb

@@ -227,6 +227,25 @@ describe R10K::Puppetfile do
       subject = described_class.new(path)
       expect { subject.load! }.not_to raise_error
     end
+
+    it "creates a git module and applies the default branch sepcified in the Puppetfile" do
+      path = File.join(PROJECT_ROOT, 'spec', 'fixtures', 'unit', 'puppetfile', 'default-branch-override')
+      pf_path = File.join(path, 'Puppetfile')
+      subject = described_class.new(path)
+      expect { subject.load! }.not_to raise_error
+      git_module = subject.modules[0]
+      expect(git_module.default_ref).to eq 'here_lies_the_default_branch'
+    end
+
+    it "creates a git module and applies the provided default_branch_override" do
+      path = File.join(PROJECT_ROOT, 'spec', 'fixtures', 'unit', 'puppetfile', 'default-branch-override')
+      pf_path = File.join(path, 'Puppetfile')
+      subject = described_class.new(path)
+      default_branch_override = 'default_branch_override_name'
+      expect { subject.load!(default_branch_override) }.not_to raise_error
+      git_module = subject.modules[0]
+      expect(git_module.default_ref).to eq default_branch_override
+    end
   end
 
   describe "accepting a visitor" do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: r10k
 version: !ruby/object:Gem::Version
-  version: 3.3.0
+  version: 3.3.1
 platform: ruby
 authors:
 - Adrien Thebo
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-06-03 00:00:00.000000000 Z
+date: 2019-08-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: colored
@@ -72,14 +72,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.2.8
+        version: 2.3.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.2.8
+        version: 2.3.0
 - !ruby/object:Gem::Dependency
   name: gettext-setup
   requirement: !ruby/object:Gem::Requirement
@@ -164,6 +164,7 @@ files:
 - ".gitignore"
 - ".travis.yml"
 - CHANGELOG.mkd
+- CODEOWNERS
 - CONTRIBUTING.mkd
 - Gemfile
 - LICENSE
@@ -192,13 +193,12 @@ files:
 - docker/Gemfile
 - docker/Makefile
 - docker/README.md
-- docker/ci/build.ps1
 - docker/distelli-manifest.yml
 - docker/r10k/Dockerfile
 - docker/r10k/docker-entrypoint.d/10-analytics.sh
 - docker/r10k/docker-entrypoint.sh
-- docker/r10k/spec/dockerfile_spec.rb
-- docker/r10k/spec/fixtures/Puppetfile
+- docker/spec/dockerfile_spec.rb
+- docker/spec/fixtures/Puppetfile
 - integration/Gemfile
 - integration/README.mkd
 - integration/Rakefile
@@ -234,7 +234,6 @@ files:
 - integration/tests/Puppetfile/HTTP_PROXY_affects_git_source.rb
 - integration/tests/README.mkd
 - integration/tests/basic_functionality/install_pe_only_module_with_puppetfile.rb
-- integration/tests/basic_functionality/negative/attempt_to_install_peonly_module_without_license.rb
 - integration/tests/basic_functionality/negative/neg_deploy_with_invalid_r10k_yaml.rb
 - integration/tests/basic_functionality/negative/neg_deploy_with_missing_r10k_yaml.rb
 - integration/tests/basic_functionality/negative/neg_invalid_git_provider.rb
@@ -410,6 +409,7 @@ files:
 - spec/fixtures/unit/action/r10k_generate_types.yaml
 - spec/fixtures/unit/action/r10k_puppet_path.yaml
 - spec/fixtures/unit/puppetfile/argument-error/Puppetfile
+- spec/fixtures/unit/puppetfile/default-branch-override/Puppetfile
 - spec/fixtures/unit/puppetfile/duplicate-module-error/Puppetfile
 - spec/fixtures/unit/puppetfile/invalid-syntax/Puppetfile
 - spec/fixtures/unit/puppetfile/load-error/Puppetfile

data/docker/ci/build.ps1

@@ -1,108 +0,0 @@
-$ErrorActionPreference = 'Stop'
-
-function Get-CurrentDirectory
-{
-  $thisName = $MyInvocation.MyCommand.Name
-  [IO.Path]::GetDirectoryName((Get-Content function:$thisName).File)
-}
-
-function Get-ContainerVersion
-{
-  # shallow repositories need to pull remaining code to `git describe` correctly
-  if (Test-Path "$(git rev-parse --git-dir)/shallow")
-  {
-    git pull --unshallow
-  }
-
-  # tags required for versioning
-  git fetch origin 'refs/tags/*:refs/tags/*'
-  (git describe) -replace '-.*', ''
-}
-
-function Lint-Dockerfile($Path)
-{
-  hadolint --ignore DL3008 --ignore DL3018 --ignore DL4000 --ignore DL4001 $Path
-}
-
-function Build-Container(
-  $Namespace = 'puppet',
-  $Version = (Get-ContainerVersion),
-  $Vcs_ref = $(git rev-parse HEAD))
-{
-  Push-Location (Join-Path (Get-CurrentDirectory) '..')
-
-  $build_date = (Get-Date).ToUniversalTime().ToString('o')
-  $docker_args = @(
-    '--pull',
-    '--build-arg', "vcs_ref=$Vcs_ref",
-    '--build-arg', "build_date=$build_date",
-    '--build-arg', "version=$Version",
-    '--file', "r10k/Dockerfile",
-    '--tag', "$Namespace/r10k:$Version"
-  )
-
-  docker build $docker_args r10k
-
-  Pop-Location
-}
-
-function Invoke-ContainerTest(
-  $Namespace = 'puppet',
-  $Version = (Get-ContainerVersion))
-{
-  Push-Location (Join-Path (Get-CurrentDirectory) '..')
-
-  bundle install --path .bundle/gems
-  $ENV:PUPPET_TEST_DOCKER_IMAGE = "$Namespace/r10k:$Version"
-  Write-Host "Testing against image: ${ENV:PUPPET_TEST_DOCKER_IMAGE}"
-  bundle exec rspec --version
-  bundle exec rspec r10k/spec
-
-  Pop-Location
-}
-
-# removes temporary layers / containers / images used during builds
-# removes $Namespace/$Name images > 14 days old by default
-function Clear-ContainerBuilds(
-  $Namespace = 'puppet',
-  $Name,
-  $OlderThan = [DateTime]::Now.Subtract([TimeSpan]::FromDays(14))
-)
-{
-  Write-Output 'Pruning Containers'
-  docker container prune --force
-
-  # this provides example data which ConvertFrom-String infers parsing structure with
-  $template = @'
-{Version*:10.2.3*} {ID:5b84704c1d01} {[DateTime]Created:2019-02-07 18:24:51} +0000 GMT
-{Version*:latest} {ID:0123456789ab} {[DateTime]Created:2019-01-29 00:05:33} +0000 GMT
-'@
-  $output = docker images --filter=reference="$Namespace/${Name}" --format "{{.Tag}} {{.ID}} {{.CreatedAt}}"
-  Write-Output @"
-
-Found $Namespace/${Name} images:
-$($output | Out-String)
-
-"@
-
-  if ($output -eq $null) { return }
-
-  Write-Output "Filtering removal candidates..."
-  # docker image prune supports filter until= but not repository like 'puppetlabs/foo'
-  # must use label= style filtering which is a bit more inconvenient
-  # that output is also not user-friendly!
-  # engine doesn't maintain "last used" or "last pulled" metadata, which would be more useful
-  # https://github.com/moby/moby/issues/4237
-  $output |
-    ConvertFrom-String -TemplateContent $template |
-    ? { $_.Created -lt $OlderThan } |
-    # ensure 'latest' are listed first
-    Sort-Object -Property Version -Descending |
-    % {
-      Write-Output "Removing Old $Namespace/${Name} Image $($_.Version) ($($_.ID)) Created On $($_.Created)"
-      docker image rm $_.ID
-    }
-
-  Write-Output "`nPruning Dangling Images"
-  docker image prune --filter "dangling=true" --force
-}

data/integration/tests/basic_functionality/negative/attempt_to_install_peonly_module_without_license.rb

@@ -1,71 +0,0 @@
-require 'git_utils'
-require 'r10k_utils'
-require 'master_manipulator'
-test_name 'RK-158 - C92361 - Attempt to install a PE-only module with no license file'
-
-#Init
-env_path = on(master, puppet('config print environmentpath')).stdout.rstrip
-r10k_fqp = get_r10k_fqp(master)
-master_certname = on(master, puppet('config', 'print', 'certname')).stdout.rstrip
-
-git_repo_path = '/git_repos'
-git_repo_name = 'environments'
-git_control_remote = File.join(git_repo_path, "#{git_repo_name}.git")
-git_environments_path = '/root/environments'
-last_commit = git_last_commit(master, git_environments_path)
-git_provider = ENV['GIT_PROVIDER'] || 'shellgit'
-
-r10k_config_path = get_r10k_config_file_path(master)
-r10k_config_bak_path = "#{r10k_config_path}.bak"
-
-#In-line files
-r10k_conf = <<-CONF
-cachedir: '/var/cache/r10k'
-git:
-  provider: '#{git_provider}'
-sources:
-  control:
-    basedir: "#{env_path}"
-    remote: "#{git_control_remote}"
-CONF
-
-#Manifest
-site_pp_path = File.join(git_environments_path, 'manifests', 'site.pp')
-site_pp = create_site_pp(master_certname, '  include peonly')
-
-# Verification
-error_message_regex = /You must have a valid Puppet Enterprise® license on this node in order to download ztr-peonly/
-
-#Teardown
-teardown do
-  step 'Restore Original "r10k" Config'
-  on(master, "mv #{r10k_config_bak_path} #{r10k_config_path}")
-
-  step 'cleanup r10k'
-  clean_up_r10k(master, last_commit, git_environments_path)
-end
-
-#Setup
-step 'Stub the forge'
-stub_forge_on(master)
-
-step 'Backup a Valid "r10k" Config'
-on(master, "mv #{r10k_config_path} #{r10k_config_bak_path}")
-
-step 'Update the "r10k" Config'
-create_remote_file(master, r10k_config_path, r10k_conf)
-
-step 'Inject New "site.pp" to the "production" Environment'
-inject_site_pp(master, site_pp_path, site_pp)
-
-step 'Copy Puppetfile to "production" Environment Git Repo'
-create_remote_file(master, "#{git_environments_path}/Puppetfile", 'mod "ztr-peonly"')
-
-step 'Push Changes'
-git_add_commit_push(master, 'production', 'add Puppetfile', git_environments_path)
-
-#Test
-step 'Deploy "production" Environment via r10k'
-on(master, "#{r10k_fqp} deploy environment -p", :acceptable_exit_codes => [0,1]) do |result|
-  assert_match(error_message_regex, result.stderr, 'Expected error message was not observed!')
-end