RubyGems - simp-rake-helpers - Versions diffs - 3.7.0 → 4.0.0 - Mend

simp-rake-helpers 3.7.0 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (43) hide show

data/spec/lib/simp/rake/pupmod/fixtures/othermod/metadata.json ADDED Viewed

@@ -0,0 +1,15 @@
+{
+  "name": "other-othermod",
+  "version": "0.1.0",
+  "author": "other",
+  "summary": null,
+  "license": "Apache-2.0",
+  "source": "",
+  "project_page": null,
+  "issues_url": null,
+  "dependencies": [
+    {"name":"puppetlabs-stdlib","version_requirement":">= 1.0.0"}
+  ],
+  "data_provider": null
+}

data/spec/lib/simp/rake/pupmod/fixtures/othermod/spec/classes/init_spec.rb ADDED Viewed

@@ -0,0 +1,6 @@
+require 'spec_helper'
+describe 'othermod' do
+  context 'with default values for all parameters' do
+    it { should contain_class('othermod') }
+  end
+end

data/spec/lib/simp/rake/pupmod/fixtures/othermod/spec/spec_helper.rb ADDED Viewed

	@@ -0,0 +1 @@
1	+ require 'puppetlabs_spec_helper/module_spec_helper'

data/spec/lib/simp/rake/pupmod/fixtures/simpmod/CHANGELOG ADDED Viewed

@@ -0,0 +1,11 @@
+* Tue Jan 2 1970 Second Author <email1@domain.com> - 0.1.0
+- Fix number 3
+- Fix number 4
+* Mon Jan 1 1970 First Author <email2@domain.com> - 0.1.0
+- Fix number 1
+- Fix number 2
+* Mon Jan 1 1970 First Last <email@domain.com> - 0.0.1
+- First release
+- Updated CHANGELOG

data/spec/lib/simp/rake/pupmod/fixtures/simpmod/CONTRIBUTORS ADDED Viewed

	@@ -0,0 +1 @@
1	+ simp

data/spec/lib/simp/rake/pupmod/fixtures/simpmod/Gemfile ADDED Viewed

@@ -0,0 +1,40 @@
+# NOTE: SIMP Puppet rake tasks support ruby 2.1.9
+# ------------------------------------------------------------------------------
+gem_sources   = ENV.fetch('GEM_SERVERS','https://rubygems.org').split(/[, ]+/)
+gem_sources.each { |gem_source| source gem_source }
+group :test do
+  gem 'rake'
+  gem 'puppet', ENV.fetch('PUPPET_VERSION', '~>4.8.0') # Default to SIMP 6
+  gem 'rspec'
+  gem 'rspec-puppet'
+  gem 'puppet-strings'
+  gem 'hiera-puppet-helper'
+  gem 'puppetlabs_spec_helper'
+  gem 'metadata-json-lint'
+  gem 'puppet-lint-empty_string-check',   :require => false
+  gem 'puppet-lint-trailing_comma-check', :require => false
+  gem 'simp-rspec-puppet-facts', ENV.fetch('SIMP_RSPEC_PUPPET_FACTS_VERSION', '~> 1.3')
+  gem 'simp-rake-helpers', ENV.fetch('SIMP_RAKE_HELPERS_VERSION', '~> 3.5')
+end
+group :development do
+  gem 'travis'
+  gem 'travis-lint'
+  gem 'travish'
+  gem 'puppet-blacksmith'
+  gem 'guard-rake'
+  gem 'pry'
+  gem 'pry-doc'
+  # `listen` is a dependency of `guard`
+  # from `listen` 3.1+, `ruby_dep` requires Ruby version >= 2.2.3, ~> 2.2
+  gem 'listen', '~> 3.0.6'
+end
+group :system_tests do
+  gem 'beaker'
+  gem 'beaker-rspec'
+  gem 'simp-beaker-helpers', ENV.fetch('SIMP_BEAKER_HELPERS_VERSION', '~> 1.7')
+end

data/spec/lib/simp/rake/pupmod/fixtures/simpmod/LICENSE ADDED Viewed

@@ -0,0 +1,25 @@
+simpmod - A module fixture that models a simp module
+Per Section 105 of the Copyright Act of 1976, these works are not entitled to
+domestic copyright protection under US Federal law.
+The US Government retains the right to pursue copyright protections outside of
+the United States.
+The United States Government has unlimited rights in this software and all
+derivatives thereof, pursuant to the contracts under which it was developed and
+the License under which it falls.
+---
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.

data/spec/lib/simp/rake/pupmod/fixtures/simpmod/README.md ADDED Viewed

@@ -0,0 +1,139 @@
+**FIXME**: Ensure the badges are correct and complete, then remove this message!
+[![License](http://img.shields.io/:license-apache-blue.svg)](http://www.apache.org/licenses/LICENSE-2.0.html) [![Build Status](https://travis-ci.org/simp/pupmod-simp-simpmod.svg)](https://travis-ci.org/simp/pupmod-simp-simpmod) [![SIMP compatibility](https://img.shields.io/badge/SIMP%20compatibility-6.*-orange.svg)](https://img.shields.io/badge/SIMP%20compatibility-6.*-orange.svg)
+#### Table of Contents
+1. [Description](#description)
+2. [Setup - The basics of getting started with simpmod](#setup)
+    * [What simpmod affects](#what-simpmod-affects)
+    * [Setup requirements](#setup-requirements)
+    * [Beginning with simpmod](#beginning-with-simpmod)
+3. [Usage - Configuration options and additional functionality](#usage)
+4. [Reference - An under-the-hood peek at what the module is doing and how](#reference)
+5. [Limitations - OS compatibility, etc.](#limitations)
+6. [Development - Guide for contributing to the module](#development)
+    * [Acceptance Tests - Beaker env variables](#acceptance-tests)
+## Description
+**FIXME:** Ensure the *Description* section is correct and complete, then remove this message!
+Start with a one- or two-sentence summary of what the module does and/or what
+problem it solves. This is your 30-second elevator pitch for your module.
+Consider including OS and Puppet version compatability, and any other
+information users will need to quickly assess the module's viability within
+their environment.
+You can give more descriptive information in a second paragraph. This paragraph
+should answer the questions: "What does this module *do*?" and "Why would I use
+it?" If your module has a range of functionality (installation, configuration,
+management, etc.), this is the time to mention it.
+### This is a SIMP module
+This module is a component of the [System Integrity Management
+Platform](https://github.com/NationalSecurityAgency/SIMP), a
+compliance-management framework built on Puppet.
+If you find any issues, they may be submitted to our [bug
+tracker](https://simp-project.atlassian.net/).
+**FIXME:** Ensure the *This is a SIMP module* section is correct and complete, then remove this message!
+This module is optimally designed for use within a larger SIMP ecosystem, but
+it can be used independently:
+ * When included within the SIMP ecosystem, security compliance settings will
+   be managed from the Puppet server.
+ * If used independently, all SIMP-managed security subsystems are disabled by
+   default and must be explicitly opted into by administrators.  Please review
+   the parameters in
+   [`simp/simp_options`](https://github.com/simp/pupmod-simp-simp_options) for
+   details.
+## Setup
+### What simpmod affects
+**FIXME:** Ensure the *What simpmod affects* section is correct and complete, then remove this message!
+If it's obvious what your module touches, you can skip this section. For
+example, folks can probably figure out that your mysql_instance module affects
+their MySQL instances.
+If there's more that they should know about, though, this is the place to
+mention:
+ * A list of files, packages, services, or operations that the module will
+   alter, impact, or execute.
+ * Dependencies that your module automatically installs.
+ * Warnings or other important notices.
+### Setup Requirements **OPTIONAL**
+**FIXME:** Ensure the *Setup Requirements* section is correct and complete, then remove this message!
+If your module requires anything extra before setting up (pluginsync enabled,
+etc.), mention it here.
+If your most recent release breaks compatibility or requires particular steps
+for upgrading, you might want to include an additional "Upgrading" section
+here.
+### Beginning with simpmod
+**FIXME:** Ensure the *Beginning with simpmod* section is correct and complete, then remove this message!
+The very basic steps needed for a user to get the module up and running. This
+can include setup steps, if necessary, or it can be an example of the most
+basic use of the module.
+## Usage
+**FIXME:** Ensure the *Usage* section is correct and complete, then remove this message!
+This section is where you describe how to customize, configure, and do the
+fancy stuff with your module here. It's especially helpful if you include usage
+examples and code samples for doing things with your module.
+## Reference
+**FIXME:** Ensure the *Reference* section is correct and complete, then remove this message!  If there is pre-generated YARD documentation for this module, ensure the text links to it and remove references to inline documentation.
+Please refer to the inline documentation within each source file, or to the
+module's generated YARD documentation for reference material.
+## Limitations
+**FIXME:** Ensure the *Limitations* section is correct and complete, then remove this message!
+SIMP Puppet modules are generally intended for use on Red Hat Enterprise Linux
+and compatible distributions, such as CentOS. Please see the
+[`metadata.json` file](./metadata.json) for the most up-to-date list of
+supported operating systems, Puppet versions, and module dependencies.
+## Development
+**FIXME:** Ensure the *Development* section is correct and complete, then remove this message!
+Please read our [Contribution Guide](http://simp-doc.readthedocs.io/en/stable/contributors_guide/index.html).
+### Acceptance tests
+This module includes [Beaker](https://github.com/puppetlabs/beaker) acceptance
+tests using the SIMP [Beaker Helpers](https://github.com/simp/rubygem-simp-beaker-helpers).
+By default the tests use [Vagrant](https://www.vagrantup.com/) with
+[VirtualBox](https://www.virtualbox.org) as a back-end; Vagrant and VirtualBox
+must both be installed to run these tests without modification. To execute the
+tests run the following:
+```shell
+bundle install
+bundle exec rake beaker:suites
+```
+**FIXME:** Ensure the *Acceptance tests* section is correct and complete, including any module-specific instructions, and remove this message!
+Please refer to the [SIMP Beaker Helpers documentation](https://github.com/simp/rubygem-simp-beaker-helpers/blob/master/README.md)
+for more information.

data/spec/lib/simp/rake/pupmod/fixtures/simpmod/Rakefile ADDED Viewed

@@ -0,0 +1,3 @@
+require 'simp/rake/pupmod/helpers'
+Simp::Rake::Pupmod::Helpers.new(File.dirname(__FILE__))

data/spec/lib/simp/rake/pupmod/fixtures/simpmod/build/rpm_metadata/requires ADDED Viewed

@@ -0,0 +1,7 @@
+# Drop all Requires, Obsoletes, and Provides statements in here
+Requires: pupmod-puppetlabs-stdlib >= 4.13.1-0
+Requires: pupmod-puppetlabs-stdlib < 5.0.0-0
+Requires: pupmod-simp-simplib >= 3.3.1-0
+Requires: pupmod-simp-simplib < 4.0.0-0
+Requires: pupmod-simp-iptables >= 6.0.1-0
+Requires: pupmod-simp-iptables < 7.0.0-0

data/spec/lib/simp/rake/pupmod/fixtures/simpmod/data/common.yaml ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ ---
2	+ # simpmod::parameter_name: 'value'

data/spec/lib/simp/rake/pupmod/fixtures/simpmod/hiera.yaml ADDED Viewed

@@ -0,0 +1,10 @@
+---
+version: 4
+datadir: data
+hierarchy:
+  - name: "OS family"
+    backend: yaml
+    path: "os/%{facts.os.family}"
+  - name: "common"
+    backend: yaml

data/spec/lib/simp/rake/pupmod/fixtures/simpmod/manifests/config.pp ADDED Viewed

@@ -0,0 +1,7 @@
+# == Class simpmod::config
+#
+# This class is called from simpmod for service config.
+#
+class simpmod::config {
+  assert_private()
+}

data/spec/lib/simp/rake/pupmod/fixtures/simpmod/manifests/config/auditing.pp ADDED Viewed

@@ -0,0 +1,15 @@
+# == Class simpmod::config::auditing
+#
+# This class is meant to be called from simpmod.
+# It ensures that auditing rules are defined.
+#
+class simpmod::config::auditing {
+  assert_private()
+  # FIXME: ensure your module's auditing settings are defined here.
+  $msg = "FIXME: define the ${module_name} module's auditing settings."
+  notify{ 'FIXME: auditing': message => $msg } # FIXME: remove this and add logic
+  err( $msg )                                  # FIXME: remove this and add logic
+}

data/spec/lib/simp/rake/pupmod/fixtures/simpmod/manifests/config/firewall.pp ADDED Viewed

@@ -0,0 +1,14 @@
+# == Class simpmod::config::firewall
+#
+# This class is meant to be called from simpmod.
+# It ensures that firewall rules are defined.
+#
+class simpmod::config::firewall {
+  assert_private()
+  # FIXME: ensure your module's firewall settings are defined here.
+  iptables::listen::tcp_stateful { 'allow_simpmod_tcp_connections':
+    trusted_nets => $::simpmod::trusted_nets,
+    dports       => $::simpmod::tcp_listen_port
+  }
+}

data/spec/lib/simp/rake/pupmod/fixtures/simpmod/manifests/config/logging.pp ADDED Viewed

@@ -0,0 +1,16 @@
+# == Class simpmod::config::logging
+#
+# This class is meant to be called from simpmod.
+# It ensures that logging rules are defined.
+#
+class simpmod::config::logging {
+  assert_private()
+  # FIXME: ensure your module's logging settings are defined here.
+  $msg = "FIXME: define the ${module_name} module's logging settings."
+  notify{ 'FIXME: logging': message => $msg } # FIXME: remove this and add logic
+  err( $msg )                                 # FIXME: remove this and add logic
+}

data/spec/lib/simp/rake/pupmod/fixtures/simpmod/manifests/config/pki.pp ADDED Viewed

@@ -0,0 +1,16 @@
+# == Class simpmod::config::config::pki
+#
+# This class is meant to be called from simpmod.
+# It ensures that pki rules are defined.
+#
+class simpmod::config::pki {
+  assert_private()
+  # FIXME: ensure your module's pki settings are defined here.
+  $msg = "FIXME: define the ${module_name} module's pki settings."
+  notify{ 'FIXME: pki': message => $msg } # FIXME: remove this and add logic
+  err( $msg )                             # FIXME: remove this and add logic
+}

data/spec/lib/simp/rake/pupmod/fixtures/simpmod/manifests/config/selinux.pp ADDED Viewed

@@ -0,0 +1,15 @@
+# == Class simpmod::config::selinux
+#
+# This class is meant to be called from simpmod.
+# It ensures that selinux rules are defined.
+#
+class simpmod::config::selinux {
+  assert_private()
+  # FIXME: ensure your module's selinux settings are defined here.
+  $msg = "FIXME: define the ${module_name} module's selinux settings."
+  notify{ 'FIXME: selinux': message => $msg } # FIXME: remove this and add logic
+  err( $msg )                                 # FIXME: remove this and add logic
+}

data/spec/lib/simp/rake/pupmod/fixtures/simpmod/manifests/config/tcpwrappers.pp ADDED Viewed

@@ -0,0 +1,16 @@
+# == Class simpmod::config::tcpwrappers
+#
+# This class is meant to be called from simpmod.
+# It ensures that tcpwrappers rules are defined.
+#
+class simpmod::config::tcpwrappers {
+  assert_private()
+  # FIXME: ensure your module's tcpwrappers settings are defined here.
+  $msg = "FIXME: define the ${module_name} module's tcpwrappers settings."
+  notify{ 'FIXME: tcpwrappers': message => $msg } # FIXME: remove this, add logic
+  err( $msg )                                     # FIXME: remove this, add logic
+}

data/spec/lib/simp/rake/pupmod/fixtures/simpmod/manifests/init.pp ADDED Viewed

@@ -0,0 +1,110 @@
+# Full description of SIMP module 'simpmod' here.
+#
+# === Welcome to SIMP!
+# This module is a component of the System Integrity Management Platform, a
+# managed security compliance framework built on Puppet.
+#
+# ---
+# *FIXME:* verify that the following paragraph fits this module's characteristics!
+# ---
+#
+# This module is optimally designed for use within a larger SIMP ecosystem, but
+# it can be used independently:
+#
+# * When included within the SIMP ecosystem, security compliance settings will
+#   be managed from the Puppet server.
+#
+# * If used independently, all SIMP-managed security subsystems are disabled by
+#   default, and must be explicitly opted into by administrators.  Please
+#   review the +trusted_nets+ and +$enable_*+ parameters for details.
+#
+# @param service_name
+#   The name of the simpmod service
+#
+# @param package_name
+#   The name of the simpmod package
+#
+# @param trusted_nets
+#   A whitelist of subnets (in CIDR notation) permitted access
+#
+# @param enable_auditing
+#   If true, manage auditing for simpmod
+#
+# @param enable_firewall
+#   If true, manage firewall rules to acommodate simpmod
+#
+# @param enable_logging
+#   If true, manage logging configuration for simpmod
+#
+# @param enable_pki
+#   If true, manage PKI/PKE configuration for simpmod
+#
+# @param enable_selinux
+#   If true, manage selinux to permit simpmod
+#
+# @param enable_tcpwrappers
+#   If true, manage TCP wrappers configuration for simpmod
+#
+# @author simp
+#
+class simpmod (
+  String           $service_name           = 'simpmod',
+  String           $package_name           = 'simpmod',
+  Simplib::Port    $tcp_listen_port        = 9999,
+  Simplib::Netlist $trusted_nets           = simplib::lookup('simp_options::trusted_nets', {'default_value' => ['127.0.0.1/32'] }),
+  Boolean          $enable_pki             = simplib::lookup('simp_options::pki', { 'default_value' => false }),
+  Boolean          $enable_auditing        = simplib::lookup('simp_options::auditd', { 'default_value' => false }),
+  Boolean          $enable_firewall        = simplib::lookup('simp_options::firewall', { 'default_value' => false }),
+  Boolean          $enable_logging         = simplib::lookup('simp_options::syslog', { 'default_value' => false }),
+  Boolean          $enable_selinux         = simplib::lookup('simp_options::selinux', { 'default_value' => false }),
+  Boolean          $enable_tcpwrappers     = simplib::lookup('simp_options::tcpwrappers', { 'default_value' => false })
+) {
+  $oses = load_module_metadata( $module_name )['operatingsystem_support'].map |$i| { $i['operatingsystem'] }
+  unless $::operatingsystem in $oses { fail("${::operatingsystem} not supported") }
+  include '::simpmod::install'
+  include '::simpmod::config'
+  include '::simpmod::service'
+  Class[ '::simpmod::install' ]
+  -> Class[ '::simpmod::config'  ]
+  ~> Class[ '::simpmod::service' ]
+  -> Class[ '::simpmod' ]
+  if $enable_pki {
+    include '::simpmod::config::pki'
+    Class[ '::simpmod::config::pki' ]
+    -> Class[ '::simpmod::service' ]
+  }
+  if $enable_auditing {
+    include '::simpmod::config::auditing'
+    Class[ '::simpmod::config::auditing' ]
+    -> Class[ '::simpmod::service' ]
+  }
+  if $enable_firewall {
+    include '::simpmod::config::firewall'
+    Class[ '::simpmod::config::firewall' ]
+    -> Class[ '::simpmod::service'  ]
+  }
+  if $enable_logging {
+    include '::simpmod::config::logging'
+    Class[ '::simpmod::config::logging' ]
+    -> Class[ '::simpmod::service' ]
+  }
+  if $enable_selinux {
+    include '::simpmod::config::selinux'
+    Class[ '::simpmod::config::selinux' ]
+    -> Class[ '::simpmod::service' ]
+  }
+  if $enable_tcpwrappers {
+    include '::simpmod::config::tcpwrappers'
+    Class[ '::simpmod::config::tcpwrappers' ]
+    -> Class[ '::simpmod::service' ]
+  }
+}