simp-rake-helpers 3.7.0 → 4.0.0

data/spec/lib/simp/rake/pupmod/fixtures/othermod/metadata.json

@@ -0,0 +1,15 @@
+{
+  "name": "other-othermod",
+  "version": "0.1.0",
+  "author": "other",
+  "summary": null,
+  "license": "Apache-2.0",
+  "source": "",
+  "project_page": null,
+  "issues_url": null,
+  "dependencies": [
+    {"name":"puppetlabs-stdlib","version_requirement":">= 1.0.0"}
+  ],
+  "data_provider": null
+}
+

data/spec/lib/simp/rake/pupmod/fixtures/othermod/spec/classes/init_spec.rb

@@ -0,0 +1,6 @@
+require 'spec_helper'
+describe 'othermod' do
+  context 'with default values for all parameters' do
+    it { should contain_class('othermod') }
+  end
+end

data/spec/lib/simp/rake/pupmod/fixtures/othermod/spec/spec_helper.rb

@@ -0,0 +1 @@
+require 'puppetlabs_spec_helper/module_spec_helper'

data/spec/lib/simp/rake/pupmod/fixtures/simpmod/CHANGELOG

@@ -0,0 +1,11 @@
+* Tue Jan 2 1970 Second Author <email1@domain.com> - 0.1.0
+- Fix number 3
+- Fix number 4
+
+* Mon Jan 1 1970 First Author <email2@domain.com> - 0.1.0
+- Fix number 1
+- Fix number 2
+
+* Mon Jan 1 1970 First Last <email@domain.com> - 0.0.1
+- First release
+- Updated CHANGELOG

data/spec/lib/simp/rake/pupmod/fixtures/simpmod/CONTRIBUTORS

@@ -0,0 +1 @@
+simp

data/spec/lib/simp/rake/pupmod/fixtures/simpmod/Gemfile

@@ -0,0 +1,40 @@
+# NOTE: SIMP Puppet rake tasks support ruby 2.1.9
+# ------------------------------------------------------------------------------
+gem_sources   = ENV.fetch('GEM_SERVERS','https://rubygems.org').split(/[, ]+/)
+
+gem_sources.each { |gem_source| source gem_source }
+
+group :test do
+  gem 'rake'
+  gem 'puppet', ENV.fetch('PUPPET_VERSION', '~>4.8.0') # Default to SIMP 6
+  gem 'rspec'
+  gem 'rspec-puppet'
+  gem 'puppet-strings'
+  gem 'hiera-puppet-helper'
+  gem 'puppetlabs_spec_helper'
+  gem 'metadata-json-lint'
+  gem 'puppet-lint-empty_string-check',   :require => false
+  gem 'puppet-lint-trailing_comma-check', :require => false
+  gem 'simp-rspec-puppet-facts', ENV.fetch('SIMP_RSPEC_PUPPET_FACTS_VERSION', '~> 1.3')
+  gem 'simp-rake-helpers', ENV.fetch('SIMP_RAKE_HELPERS_VERSION', '~> 3.5')
+end
+
+group :development do
+  gem 'travis'
+  gem 'travis-lint'
+  gem 'travish'
+  gem 'puppet-blacksmith'
+  gem 'guard-rake'
+  gem 'pry'
+  gem 'pry-doc'
+
+  # `listen` is a dependency of `guard`
+  # from `listen` 3.1+, `ruby_dep` requires Ruby version >= 2.2.3, ~> 2.2
+  gem 'listen', '~> 3.0.6'
+end
+
+group :system_tests do
+  gem 'beaker'
+  gem 'beaker-rspec'
+  gem 'simp-beaker-helpers', ENV.fetch('SIMP_BEAKER_HELPERS_VERSION', '~> 1.7')
+end

data/spec/lib/simp/rake/pupmod/fixtures/simpmod/LICENSE

@@ -0,0 +1,25 @@
+simpmod - A module fixture that models a simp module
+
+Per Section 105 of the Copyright Act of 1976, these works are not entitled to
+domestic copyright protection under US Federal law.
+
+The US Government retains the right to pursue copyright protections outside of
+the United States.
+
+The United States Government has unlimited rights in this software and all
+derivatives thereof, pursuant to the contracts under which it was developed and
+the License under which it falls.
+
+---
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.

data/spec/lib/simp/rake/pupmod/fixtures/simpmod/README.md

@@ -0,0 +1,139 @@
+**FIXME**: Ensure the badges are correct and complete, then remove this message!
+
+[![License](http://img.shields.io/:license-apache-blue.svg)](http://www.apache.org/licenses/LICENSE-2.0.html) [![Build Status](https://travis-ci.org/simp/pupmod-simp-simpmod.svg)](https://travis-ci.org/simp/pupmod-simp-simpmod) [![SIMP compatibility](https://img.shields.io/badge/SIMP%20compatibility-6.*-orange.svg)](https://img.shields.io/badge/SIMP%20compatibility-6.*-orange.svg)
+
+#### Table of Contents
+
+1. [Description](#description)
+2. [Setup - The basics of getting started with simpmod](#setup)
+    * [What simpmod affects](#what-simpmod-affects)
+    * [Setup requirements](#setup-requirements)
+    * [Beginning with simpmod](#beginning-with-simpmod)
+3. [Usage - Configuration options and additional functionality](#usage)
+4. [Reference - An under-the-hood peek at what the module is doing and how](#reference)
+5. [Limitations - OS compatibility, etc.](#limitations)
+6. [Development - Guide for contributing to the module](#development)
+    * [Acceptance Tests - Beaker env variables](#acceptance-tests)
+
+## Description
+
+**FIXME:** Ensure the *Description* section is correct and complete, then remove this message!
+
+Start with a one- or two-sentence summary of what the module does and/or what
+problem it solves. This is your 30-second elevator pitch for your module.
+Consider including OS and Puppet version compatability, and any other
+information users will need to quickly assess the module's viability within
+their environment.
+
+You can give more descriptive information in a second paragraph. This paragraph
+should answer the questions: "What does this module *do*?" and "Why would I use
+it?" If your module has a range of functionality (installation, configuration,
+management, etc.), this is the time to mention it.
+
+### This is a SIMP module
+
+This module is a component of the [System Integrity Management
+Platform](https://github.com/NationalSecurityAgency/SIMP), a
+compliance-management framework built on Puppet.
+
+If you find any issues, they may be submitted to our [bug
+tracker](https://simp-project.atlassian.net/).
+
+**FIXME:** Ensure the *This is a SIMP module* section is correct and complete, then remove this message!
+
+This module is optimally designed for use within a larger SIMP ecosystem, but
+it can be used independently:
+
+ * When included within the SIMP ecosystem, security compliance settings will
+   be managed from the Puppet server.
+ * If used independently, all SIMP-managed security subsystems are disabled by
+   default and must be explicitly opted into by administrators.  Please review
+   the parameters in
+   [`simp/simp_options`](https://github.com/simp/pupmod-simp-simp_options) for
+   details.
+
+## Setup
+
+### What simpmod affects
+
+**FIXME:** Ensure the *What simpmod affects* section is correct and complete, then remove this message!
+
+If it's obvious what your module touches, you can skip this section. For
+example, folks can probably figure out that your mysql_instance module affects
+their MySQL instances.
+
+If there's more that they should know about, though, this is the place to
+mention:
+
+ * A list of files, packages, services, or operations that the module will
+   alter, impact, or execute.
+ * Dependencies that your module automatically installs.
+ * Warnings or other important notices.
+
+### Setup Requirements **OPTIONAL**
+
+**FIXME:** Ensure the *Setup Requirements* section is correct and complete, then remove this message!
+
+If your module requires anything extra before setting up (pluginsync enabled,
+etc.), mention it here.
+
+If your most recent release breaks compatibility or requires particular steps
+for upgrading, you might want to include an additional "Upgrading" section
+here.
+
+### Beginning with simpmod
+
+**FIXME:** Ensure the *Beginning with simpmod* section is correct and complete, then remove this message!
+
+The very basic steps needed for a user to get the module up and running. This
+can include setup steps, if necessary, or it can be an example of the most
+basic use of the module.
+
+## Usage
+
+**FIXME:** Ensure the *Usage* section is correct and complete, then remove this message!
+
+This section is where you describe how to customize, configure, and do the
+fancy stuff with your module here. It's especially helpful if you include usage
+examples and code samples for doing things with your module.
+
+## Reference
+
+**FIXME:** Ensure the *Reference* section is correct and complete, then remove this message!  If there is pre-generated YARD documentation for this module, ensure the text links to it and remove references to inline documentation.
+
+Please refer to the inline documentation within each source file, or to the
+module's generated YARD documentation for reference material.
+
+## Limitations
+
+**FIXME:** Ensure the *Limitations* section is correct and complete, then remove this message!
+
+SIMP Puppet modules are generally intended for use on Red Hat Enterprise Linux
+and compatible distributions, such as CentOS. Please see the
+[`metadata.json` file](./metadata.json) for the most up-to-date list of
+supported operating systems, Puppet versions, and module dependencies.
+
+## Development
+
+**FIXME:** Ensure the *Development* section is correct and complete, then remove this message!
+
+Please read our [Contribution Guide](http://simp-doc.readthedocs.io/en/stable/contributors_guide/index.html).
+
+### Acceptance tests
+
+This module includes [Beaker](https://github.com/puppetlabs/beaker) acceptance
+tests using the SIMP [Beaker Helpers](https://github.com/simp/rubygem-simp-beaker-helpers).
+By default the tests use [Vagrant](https://www.vagrantup.com/) with
+[VirtualBox](https://www.virtualbox.org) as a back-end; Vagrant and VirtualBox
+must both be installed to run these tests without modification. To execute the
+tests run the following:
+
+```shell
+bundle install
+bundle exec rake beaker:suites
+```
+
+**FIXME:** Ensure the *Acceptance tests* section is correct and complete, including any module-specific instructions, and remove this message!
+
+Please refer to the [SIMP Beaker Helpers documentation](https://github.com/simp/rubygem-simp-beaker-helpers/blob/master/README.md)
+for more information.

data/spec/lib/simp/rake/pupmod/fixtures/simpmod/Rakefile

@@ -0,0 +1,3 @@
+require 'simp/rake/pupmod/helpers'
+
+Simp::Rake::Pupmod::Helpers.new(File.dirname(__FILE__))

data/spec/lib/simp/rake/pupmod/fixtures/simpmod/build/rpm_metadata/requires

@@ -0,0 +1,7 @@
+# Drop all Requires, Obsoletes, and Provides statements in here
+Requires: pupmod-puppetlabs-stdlib >= 4.13.1-0
+Requires: pupmod-puppetlabs-stdlib < 5.0.0-0
+Requires: pupmod-simp-simplib >= 3.3.1-0
+Requires: pupmod-simp-simplib < 4.0.0-0
+Requires: pupmod-simp-iptables >= 6.0.1-0
+Requires: pupmod-simp-iptables < 7.0.0-0

data/spec/lib/simp/rake/pupmod/fixtures/simpmod/data/common.yaml

@@ -0,0 +1,2 @@
+---
+# simpmod::parameter_name: 'value'

data/spec/lib/simp/rake/pupmod/fixtures/simpmod/hiera.yaml

@@ -0,0 +1,10 @@
+---
+version: 4
+datadir: data
+hierarchy:
+  - name: "OS family"
+    backend: yaml
+    path: "os/%{facts.os.family}"
+
+  - name: "common"
+    backend: yaml

data/spec/lib/simp/rake/pupmod/fixtures/simpmod/manifests/config.pp

@@ -0,0 +1,7 @@
+# == Class simpmod::config
+#
+# This class is called from simpmod for service config.
+#
+class simpmod::config {
+  assert_private()
+}

data/spec/lib/simp/rake/pupmod/fixtures/simpmod/manifests/config/auditing.pp

@@ -0,0 +1,15 @@
+# == Class simpmod::config::auditing
+#
+# This class is meant to be called from simpmod.
+# It ensures that auditing rules are defined.
+#
+class simpmod::config::auditing {
+  assert_private()
+
+  # FIXME: ensure your module's auditing settings are defined here.
+  $msg = "FIXME: define the ${module_name} module's auditing settings."
+
+  notify{ 'FIXME: auditing': message => $msg } # FIXME: remove this and add logic
+  err( $msg )                                  # FIXME: remove this and add logic
+
+}

data/spec/lib/simp/rake/pupmod/fixtures/simpmod/manifests/config/firewall.pp

@@ -0,0 +1,14 @@
+# == Class simpmod::config::firewall
+#
+# This class is meant to be called from simpmod.
+# It ensures that firewall rules are defined.
+#
+class simpmod::config::firewall {
+  assert_private()
+
+  # FIXME: ensure your module's firewall settings are defined here.
+  iptables::listen::tcp_stateful { 'allow_simpmod_tcp_connections':
+    trusted_nets => $::simpmod::trusted_nets,
+    dports       => $::simpmod::tcp_listen_port
+  }
+}

data/spec/lib/simp/rake/pupmod/fixtures/simpmod/manifests/config/logging.pp

@@ -0,0 +1,16 @@
+# == Class simpmod::config::logging
+#
+# This class is meant to be called from simpmod.
+# It ensures that logging rules are defined.
+#
+class simpmod::config::logging {
+  assert_private()
+
+  # FIXME: ensure your module's logging settings are defined here.
+  $msg = "FIXME: define the ${module_name} module's logging settings."
+
+  notify{ 'FIXME: logging': message => $msg } # FIXME: remove this and add logic
+  err( $msg )                                 # FIXME: remove this and add logic
+
+}
+

data/spec/lib/simp/rake/pupmod/fixtures/simpmod/manifests/config/pki.pp

@@ -0,0 +1,16 @@
+# == Class simpmod::config::config::pki
+#
+# This class is meant to be called from simpmod.
+# It ensures that pki rules are defined.
+#
+class simpmod::config::pki {
+  assert_private()
+
+  # FIXME: ensure your module's pki settings are defined here.
+  $msg = "FIXME: define the ${module_name} module's pki settings."
+
+  notify{ 'FIXME: pki': message => $msg } # FIXME: remove this and add logic
+  err( $msg )                             # FIXME: remove this and add logic
+
+}
+

data/spec/lib/simp/rake/pupmod/fixtures/simpmod/manifests/config/selinux.pp

@@ -0,0 +1,15 @@
+# == Class simpmod::config::selinux
+#
+# This class is meant to be called from simpmod.
+# It ensures that selinux rules are defined.
+#
+class simpmod::config::selinux {
+  assert_private()
+
+  # FIXME: ensure your module's selinux settings are defined here.
+  $msg = "FIXME: define the ${module_name} module's selinux settings."
+
+  notify{ 'FIXME: selinux': message => $msg } # FIXME: remove this and add logic
+  err( $msg )                                 # FIXME: remove this and add logic
+
+}

data/spec/lib/simp/rake/pupmod/fixtures/simpmod/manifests/config/tcpwrappers.pp

@@ -0,0 +1,16 @@
+# == Class simpmod::config::tcpwrappers
+#
+# This class is meant to be called from simpmod.
+# It ensures that tcpwrappers rules are defined.
+#
+class simpmod::config::tcpwrappers {
+  assert_private()
+
+  # FIXME: ensure your module's tcpwrappers settings are defined here.
+  $msg = "FIXME: define the ${module_name} module's tcpwrappers settings."
+
+  notify{ 'FIXME: tcpwrappers': message => $msg } # FIXME: remove this, add logic
+  err( $msg )                                     # FIXME: remove this, add logic
+
+}
+

data/spec/lib/simp/rake/pupmod/fixtures/simpmod/manifests/init.pp

@@ -0,0 +1,110 @@
+# Full description of SIMP module 'simpmod' here.
+#
+# === Welcome to SIMP!
+# This module is a component of the System Integrity Management Platform, a
+# managed security compliance framework built on Puppet.
+#
+# ---
+# *FIXME:* verify that the following paragraph fits this module's characteristics!
+# ---
+#
+# This module is optimally designed for use within a larger SIMP ecosystem, but
+# it can be used independently:
+#
+# * When included within the SIMP ecosystem, security compliance settings will
+#   be managed from the Puppet server.
+#
+# * If used independently, all SIMP-managed security subsystems are disabled by
+#   default, and must be explicitly opted into by administrators.  Please
+#   review the +trusted_nets+ and +$enable_*+ parameters for details.
+#
+# @param service_name
+#   The name of the simpmod service
+#
+# @param package_name
+#   The name of the simpmod package
+#
+# @param trusted_nets
+#   A whitelist of subnets (in CIDR notation) permitted access
+#
+# @param enable_auditing
+#   If true, manage auditing for simpmod
+#
+# @param enable_firewall
+#   If true, manage firewall rules to acommodate simpmod
+#
+# @param enable_logging
+#   If true, manage logging configuration for simpmod
+#
+# @param enable_pki
+#   If true, manage PKI/PKE configuration for simpmod
+#
+# @param enable_selinux
+#   If true, manage selinux to permit simpmod
+#
+# @param enable_tcpwrappers
+#   If true, manage TCP wrappers configuration for simpmod
+#
+# @author simp
+#
+class simpmod (
+  String           $service_name           = 'simpmod',
+  String           $package_name           = 'simpmod',
+  Simplib::Port    $tcp_listen_port        = 9999,
+  Simplib::Netlist $trusted_nets           = simplib::lookup('simp_options::trusted_nets', {'default_value' => ['127.0.0.1/32'] }),
+  Boolean          $enable_pki             = simplib::lookup('simp_options::pki', { 'default_value' => false }),
+  Boolean          $enable_auditing        = simplib::lookup('simp_options::auditd', { 'default_value' => false }),
+  Boolean          $enable_firewall        = simplib::lookup('simp_options::firewall', { 'default_value' => false }),
+  Boolean          $enable_logging         = simplib::lookup('simp_options::syslog', { 'default_value' => false }),
+  Boolean          $enable_selinux         = simplib::lookup('simp_options::selinux', { 'default_value' => false }),
+  Boolean          $enable_tcpwrappers     = simplib::lookup('simp_options::tcpwrappers', { 'default_value' => false })
+
+) {
+
+  $oses = load_module_metadata( $module_name )['operatingsystem_support'].map |$i| { $i['operatingsystem'] }
+  unless $::operatingsystem in $oses { fail("${::operatingsystem} not supported") }
+
+  include '::simpmod::install'
+  include '::simpmod::config'
+  include '::simpmod::service'
+  Class[ '::simpmod::install' ]
+  -> Class[ '::simpmod::config'  ]
+  ~> Class[ '::simpmod::service' ]
+  -> Class[ '::simpmod' ]
+
+  if $enable_pki {
+    include '::simpmod::config::pki'
+    Class[ '::simpmod::config::pki' ]
+    -> Class[ '::simpmod::service' ]
+  }
+
+  if $enable_auditing {
+    include '::simpmod::config::auditing'
+    Class[ '::simpmod::config::auditing' ]
+    -> Class[ '::simpmod::service' ]
+  }
+
+  if $enable_firewall {
+    include '::simpmod::config::firewall'
+    Class[ '::simpmod::config::firewall' ]
+    -> Class[ '::simpmod::service'  ]
+  }
+
+  if $enable_logging {
+    include '::simpmod::config::logging'
+    Class[ '::simpmod::config::logging' ]
+    -> Class[ '::simpmod::service' ]
+  }
+
+  if $enable_selinux {
+    include '::simpmod::config::selinux'
+    Class[ '::simpmod::config::selinux' ]
+    -> Class[ '::simpmod::service' ]
+  }
+
+  if $enable_tcpwrappers {
+    include '::simpmod::config::tcpwrappers'
+    Class[ '::simpmod::config::tcpwrappers' ]
+    -> Class[ '::simpmod::service' ]
+  }
+}