From bb27b940ead669a81bf0433f3765547bf997dbc5 Mon Sep 17 00:00:00 2001 From: Imran Iqbal Date: Wed, 9 Oct 2019 18:56:37 +0100 Subject: [PATCH 1/4] fix(googleauth.sls): fix `salt-lint` errors ```bash Examining users/googleauth.sls of type state [201] Trailing whitespace users/googleauth.sls:9 - file: {{ users.googleauth_dir }} [204] Lines should be no longer that 160 chars users/googleauth.sls:26 - repl: "auth [success=done new_authtok_reqd=done default=die] pam_google_authenticator.so user=root secret={{ users.googleauth_dir }}/${USER}_{{ svc }} echo_verification_code\n@include common-auth" ``` --- users/googleauth.sls | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/users/googleauth.sls b/users/googleauth.sls index 3f59c8f..22e5065 100644 --- a/users/googleauth.sls +++ b/users/googleauth.sls @@ -6,7 +6,7 @@ users_googleauth-package: pkg.installed: - name: {{ users.googleauth_package }} - require: - - file: {{ users.googleauth_dir }} + - file: {{ users.googleauth_dir }} users_{{ users.googleauth_dir }}: file.directory: @@ -19,11 +19,23 @@ users_{{ users.googleauth_dir }}: {%- if 'google_auth' in user %} {%- for svc in user['google_auth'] %} {%- if user.get('google_2fa', True) %} +{%- set repl = '{0} {1} {2} {3} {4}{5}/{6}_{7} {8}\n{9}'.format( + 'auth', + '[success=done new_authtok_reqd=done default=die]', + 'pam_google_authenticator.so', + 'user=root', + 'secret=', + users.googleauth_dir, + '${USER}', + svc, + 'echo_verification_code', + '@include common-auth', + ) %} users_googleauth-pam-{{ svc }}-{{ name }}: file.replace: - name: /etc/pam.d/{{ svc }} - pattern: "^@include common-auth" - - repl: "auth [success=done new_authtok_reqd=done default=die] pam_google_authenticator.so user=root secret={{ users.googleauth_dir }}/${USER}_{{ svc }} echo_verification_code\n@include common-auth" + - repl: "{{ repl }}" - unless: grep pam_google_authenticator.so /etc/pam.d/{{ svc }} - backup: .bak {%- endif %} From 4cec0ef4cc880d262672be5cdf67c34377e8b54f Mon Sep 17 00:00:00 2001 From: Imran Iqbal Date: Wed, 9 Oct 2019 18:57:20 +0100 Subject: [PATCH 2/4] fix(init.sls): fix `salt-lint` errors ```bash Examining users/init.sls of type state [206] Jinja variables should have spaces before and after: {{ var_name }} users/init.sls:176 - expire: {{ (user['expire'] / 86400) | int}} [206] Jinja variables should have spaces before and after: {{ var_name }} users/init.sls:202 - {{optional_group}} ``` --- users/init.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/users/init.sls b/users/init.sls index 21df048..55edcd3 100644 --- a/users/init.sls +++ b/users/init.sls @@ -173,7 +173,7 @@ users_{{ name }}_user: {% elif grains['kernel'] == 'Linux' and user['expire'] > 84006 %} {# 2932896 days since epoch equals 9999-12-31 #} - - expire: {{ (user['expire'] / 86400) | int}} + - expire: {{ (user['expire'] / 86400) | int }} {% else %} - expire: {{ user['expire'] }} {% endif %} @@ -199,7 +199,7 @@ users_{{ name }}_user: {% if 'optional_groups' in user %} - optional_groups: {% for optional_group in user['optional_groups'] -%} - - {{optional_group}} + - {{ optional_group }} {% endfor %} {% endif %} - require: From 560f5e10d93079889c0611a391f7cbb974939a91 Mon Sep 17 00:00:00 2001 From: Imran Iqbal Date: Wed, 9 Oct 2019 18:57:44 +0100 Subject: [PATCH 3/4] fix(sudo.sls): fix `salt-lint` errors ```bash Examining users/sudo.sls of type state [201] Trailing whitespace users/sudo.sls:13 - file: {{ users.sudoers_dir }} [201] Trailing whitespace users/sudo.sls:22 - name: {{ users.sudoers_file }} ``` --- users/sudo.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/users/sudo.sls b/users/sudo.sls index e87acbb..6439173 100644 --- a/users/sudo.sls +++ b/users/sudo.sls @@ -10,7 +10,7 @@ users_sudo-package: pkg.installed: - name: {{ users.sudo_package }} - require: - - file: {{ users.sudoers_dir }} + - file: {{ users.sudoers_dir }} - unless: test "`uname`" = "Darwin" users_{{ users.sudoers_dir }}: @@ -19,7 +19,7 @@ users_{{ users.sudoers_dir }}: users_sudoer-defaults: file.append: - - name: {{ users.sudoers_file }} + - name: {{ users.sudoers_file }} - require: - pkg: users_sudo-package - text: From f17d156e6eb20d71a104402b315802ae0f20e02d Mon Sep 17 00:00:00 2001 From: Imran Iqbal Date: Wed, 9 Oct 2019 18:59:33 +0100 Subject: [PATCH 4/4] ci: merge travis matrix, add `salt-lint` & `rubocop` to `lint` job * Semi-automated using https://github.com/myii/ssf-formula/pull/60 --- .rubocop.yml | 10 +++++ .salt-lint | 13 ++++++ .travis.yml | 117 +++++++++++++++++++++++++++++++-------------------- .yamllint | 1 + Gemfile | 7 +-- bin/kitchen | 21 +++++---- 6 files changed, 111 insertions(+), 58 deletions(-) create mode 100644 .rubocop.yml create mode 100644 .salt-lint diff --git a/.rubocop.yml b/.rubocop.yml new file mode 100644 index 0000000..bdae9aa --- /dev/null +++ b/.rubocop.yml @@ -0,0 +1,10 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +# General overrides used across formulas in the org +Metrics/LineLength: + # Increase from default of `80` + # Based on https://github.com/PyCQA/flake8-bugbear#opinionated-warnings (`B950`) + Max: 88 + +# Any offenses that should be fixed, e.g. collected via. `rubocop --auto-gen-config` diff --git a/.salt-lint b/.salt-lint new file mode 100644 index 0000000..a539954 --- /dev/null +++ b/.salt-lint @@ -0,0 +1,13 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +exclude_paths: [] +skip_list: + # Using `salt-lint` for linting other files as well, such as Jinja macros/templates + - 205 # Use ".sls" as a Salt State file extension + # Skipping `207` and `208` because `210` is sufficient, at least for the time-being + # I.e. Allows 3-digit unquoted codes to still be used, such as `644` and `755` + - 207 # File modes should always be encapsulated in quotation marks + - 208 # File modes should always contain a leading zero +tags: [] +verbosity: 1 diff --git a/.travis.yml b/.travis.yml index 8884a9b..ee1a690 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,64 +1,43 @@ # -*- coding: utf-8 -*- # vim: ft=yaml --- +## Machine config dist: bionic -stages: - - test - - lint - - name: release - if: branch = master AND type != pull_request - sudo: required -cache: bundler -language: ruby - services: - docker -# Make sure the instances listed below match up with -# the `platforms` defined in `kitchen.yml` -env: - matrix: - - INSTANCE: default-debian-10-develop-py3 - # - INSTANCE: default-ubuntu-1804-develop-py3 - # - INSTANCE: default-centos-7-develop-py3 - # - INSTANCE: default-fedora-30-develop-py3 - # - INSTANCE: default-opensuse-leap-15-develop-py3 - # - INSTANCE: default-amazonlinux-2-develop-py2 - # - INSTANCE: default-arch-base-latest-develop-py2 - # - INSTANCE: default-debian-9-2019-2-py3 - - INSTANCE: default-ubuntu-1804-2019-2-py3 - # - INSTANCE: default-centos-7-2019-2-py3 - # - INSTANCE: default-fedora-30-2019-2-py3 - # - INSTANCE: default-opensuse-leap-15-2019-2-py3 - - INSTANCE: default-amazonlinux-2-2019-2-py2 - # - INSTANCE: default-arch-base-latest-2019-2-py2 - # - INSTANCE: default-debian-9-2018-3-py2 - # - INSTANCE: default-ubuntu-1604-2018-3-py2 - # - INSTANCE: default-centos-7-2018-3-py2 - - INSTANCE: default-fedora-29-2018-3-py2 - - INSTANCE: default-opensuse-leap-15-2018-3-py2 - # - INSTANCE: default-amazonlinux-2-2018-3-py2 - # - INSTANCE: default-arch-base-latest-2018-3-py2 - # - INSTANCE: default-debian-8-2017-7-py2 - # - INSTANCE: default-ubuntu-1604-2017-7-py2 - - INSTANCE: default-centos-6-2017-7-py2 - # - INSTANCE: default-fedora-29-2017-7-py2 - # - INSTANCE: default-opensuse-leap-15-2017-7-py2 - # - INSTANCE: default-amazonlinux-2-2017-7-py2 - # - INSTANCE: default-arch-base-latest-2017-7-py2 +## Language and cache config +language: ruby +cache: bundler +## Script to run for the test stage script: - - bin/kitchen verify ${INSTANCE} + - bin/kitchen verify "${INSTANCE}" +## Stages and jobs matrix +stages: + - test + - name: release + if: branch = master AND type != pull_request jobs: + allow_failures: + - env: Lint_rubocop + fast_finish: true include: - # Define the `lint` stage (runs `yamllint` and `commitlint`) - - stage: lint - language: node_js + ## Define the test stage that runs the linters (and testing matrix, if applicable) + + # Run all of the linters in a single job (except `rubocop`) + - language: node_js node_js: lts/* + env: Lint + name: 'Lint: salt-lint, yamllint & commitlint' before_install: skip script: + # Install and run `salt-lint` + - pip install --user salt-lint + - git ls-files | grep '\.sls$\|\.jinja$\|\.j2$\|\.tmpl$' + | xargs -I {} salt-lint {} # Install and run `yamllint` # Need at least `v1.17.0` for the `yaml-files` setting - pip install --user yamllint>=1.17.0 @@ -67,10 +46,56 @@ jobs: - npm install @commitlint/config-conventional -D - npm install @commitlint/travis-cli -D - commitlint-travis - # Define the release stage that runs `semantic-release` + # Run the `rubocop` linter in a separate job that is allowed to fail + # Once these lint errors are fixed, this can be merged into a single job + - language: node_js + node_js: lts/* + env: Lint_rubocop + name: 'Lint: rubocop' + before_install: skip + script: + # Install and run `rubocop` + - gem install rubocop + - rubocop -d + + ## Define the rest of the matrix based on Kitchen testing + # Make sure the instances listed below match up with + # the `platforms` defined in `kitchen.yml` + - env: INSTANCE=default-debian-10-develop-py3 + # - env: INSTANCE=default-ubuntu-1804-develop-py3 + # - env: INSTANCE=default-centos-7-develop-py3 + # - env: INSTANCE=default-fedora-30-develop-py3 + # - env: INSTANCE=default-opensuse-leap-15-develop-py3 + # - env: INSTANCE=default-amazonlinux-2-develop-py2 + # - env: INSTANCE=default-arch-base-latest-develop-py2 + # - env: INSTANCE=default-debian-9-2019-2-py3 + - env: INSTANCE=default-ubuntu-1804-2019-2-py3 + # - env: INSTANCE=default-centos-7-2019-2-py3 + # - env: INSTANCE=default-fedora-30-2019-2-py3 + # - env: INSTANCE=default-opensuse-leap-15-2019-2-py3 + - env: INSTANCE=default-amazonlinux-2-2019-2-py2 + # - env: INSTANCE=default-arch-base-latest-2019-2-py2 + # - env: INSTANCE=default-debian-9-2018-3-py2 + # - env: INSTANCE=default-ubuntu-1604-2018-3-py2 + # - env: INSTANCE=default-centos-7-2018-3-py2 + - env: INSTANCE=default-fedora-29-2018-3-py2 + - env: INSTANCE=default-opensuse-leap-15-2018-3-py2 + # - env: INSTANCE=default-amazonlinux-2-2018-3-py2 + # - env: INSTANCE=default-arch-base-latest-2018-3-py2 + # - env: INSTANCE=default-debian-8-2017-7-py2 + # - env: INSTANCE=default-ubuntu-1604-2017-7-py2 + - env: INSTANCE=default-centos-6-2017-7-py2 + # - env: INSTANCE=default-fedora-29-2017-7-py2 + # - env: INSTANCE=default-opensuse-leap-15-2017-7-py2 + # - env: INSTANCE=default-amazonlinux-2-2017-7-py2 + # - env: INSTANCE=default-arch-base-latest-2017-7-py2 + + ## Define the release stage that runs `semantic-release` - stage: release language: node_js node_js: lts/* + env: Release + name: 'Run semantic-release inc. file updates to AUTHORS, CHANGELOG & FORMULA' before_install: skip script: # Update `AUTHORS.md` diff --git a/.yamllint b/.yamllint index c16f39b..740beca 100644 --- a/.yamllint +++ b/.yamllint @@ -17,6 +17,7 @@ yaml-files: # Default settings - '*.yaml' - '*.yml' + - .salt-lint - .yamllint # SaltStack Formulas additional settings - '*.example' diff --git a/Gemfile b/Gemfile index 3b36de3..5a232b6 100644 --- a/Gemfile +++ b/Gemfile @@ -1,6 +1,7 @@ -source "https://rubygems.org" +# frozen_string_literal: true + +source 'https://rubygems.org' gem 'kitchen-docker', '>= 2.9' -gem 'kitchen-salt', '>= 0.6.0' gem 'kitchen-inspec', '>= 1.1' - +gem 'kitchen-salt', '>= 0.6.0' diff --git a/bin/kitchen b/bin/kitchen index 1cd44f3..dcfdb4c 100755 --- a/bin/kitchen +++ b/bin/kitchen @@ -8,22 +8,25 @@ # this file is here to facilitate running it. # -require "pathname" -ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile", - Pathname.new(__FILE__).realpath) +require 'pathname' +ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', + Pathname.new(__FILE__).realpath) -bundle_binstub = File.expand_path("../bundle", __FILE__) +bundle_binstub = File.expand_path('bundle', __dir__) if File.file?(bundle_binstub) if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/ load(bundle_binstub) else - abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. -Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") + abort( + 'Your `bin/bundle` was not generated by Bundler, '\ + 'so this binstub cannot run. Replace `bin/bundle` by running '\ + '`bundle binstubs bundler --force`, then run this command again.' + ) end end -require "rubygems" -require "bundler/setup" +require 'rubygems' +require 'bundler/setup' -load Gem.bin_path("test-kitchen", "kitchen") +load Gem.bin_path('test-kitchen', 'kitchen')