* Automated using `ssf-formula` (v0.1.0-rc.1)tags/v0.5.0
.kitchen | .kitchen | ||||
.kitchen.local.yml | .kitchen.local.yml | ||||
kitchen.local.yml | kitchen.local.yml | ||||
junit-*.xml | |||||
# Translations | # Translations | ||||
*.mo | *.mo | ||||
# copied `.md` files used for conversion to `.rst` using `m2r` | # copied `.md` files used for conversion to `.rst` using `m2r` | ||||
docs/*.md | docs/*.md | ||||
# Vim | |||||
*.sw? | |||||
## Collected when centralising formulas (check and sort) | |||||
# `collectd-formula` | |||||
.pytest_cache/ | |||||
/.idea/ | |||||
Dockerfile.*_* | |||||
ignore/ | |||||
tmp/ |
# -*- coding: utf-8 -*- | |||||
# vim: ft=yaml | |||||
--- | |||||
stages: | stages: | ||||
- test | - test | ||||
- commitlint | - commitlint | ||||
sudo: required | sudo: required | ||||
cache: bundler | cache: bundler | ||||
language: ruby | language: ruby | ||||
dist: trusty | |||||
services: | services: | ||||
- docker | - docker | ||||
# - INSTANCE: default-ubuntu-1604-2018-3-py2 | # - INSTANCE: default-ubuntu-1604-2018-3-py2 | ||||
# - INSTANCE: default-centos-7-2018-3-py2 | # - INSTANCE: default-centos-7-2018-3-py2 | ||||
- INSTANCE: default-fedora-29-2018-3-py2 | - INSTANCE: default-fedora-29-2018-3-py2 | ||||
# TODO: Use this when fixed instead of `opensuse-leap-42` | |||||
# Ref: https://github.com/netmanagers/salt-image-builder/issues/2 | |||||
# - INSTANCE: default-opensuse-leap-15-2018-3-py2 | |||||
- INSTANCE: default-opensuse-leap-42-2018-3-py2 | - INSTANCE: default-opensuse-leap-42-2018-3-py2 | ||||
- INSTANCE: default-debian-8-2017-7-py2 | - INSTANCE: default-debian-8-2017-7-py2 | ||||
# - INSTANCE: default-ubuntu-1604-2017-7-py2 | # - INSTANCE: default-ubuntu-1604-2017-7-py2 | ||||
# TODO: Enable after improving the formula to work with other than `systemd` | |||||
# - INSTANCE: default-centos-6-2017-7-py2 | # - INSTANCE: default-centos-6-2017-7-py2 | ||||
# - INSTANCE: default-fedora-28-2017-7-py2 | # - INSTANCE: default-fedora-28-2017-7-py2 | ||||
# - INSTANCE: default-opensuse-leap-42-2017-7-py2 | # - INSTANCE: default-opensuse-leap-42-2017-7-py2 | ||||
script: | script: | ||||
- bundle exec kitchen verify ${INSTANCE} | |||||
- bin/kitchen verify ${INSTANCE} | |||||
jobs: | jobs: | ||||
include: | include: |
source 'https://rubygems.org' | |||||
source "https://rubygems.org" | |||||
gem 'kitchen-docker', '>= 2.9' | gem 'kitchen-docker', '>= 2.9' | ||||
gem 'kitchen-salt', '>= 0.6.0' | |||||
gem 'kitchen-salt', '>= 0.6.0' | |||||
gem 'kitchen-inspec', '>= 1.1' | gem 'kitchen-inspec', '>= 1.1' | ||||
#!/usr/bin/env ruby | |||||
# frozen_string_literal: true | |||||
# | |||||
# This file was generated by Bundler. | |||||
# | |||||
# The application 'kitchen' is installed as part of a gem, and | |||||
# this file is here to facilitate running it. | |||||
# | |||||
require "pathname" | |||||
ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile", | |||||
Pathname.new(__FILE__).realpath) | |||||
bundle_binstub = File.expand_path("../bundle", __FILE__) | |||||
if File.file?(bundle_binstub) | |||||
if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/ | |||||
load(bundle_binstub) | |||||
else | |||||
abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. | |||||
Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") | |||||
end | |||||
end | |||||
require "rubygems" | |||||
require "bundler/setup" | |||||
load Gem.bin_path("test-kitchen", "kitchen") |
BREAKING CHANGE: With the removal of all of the `.sls` files under | BREAKING CHANGE: With the removal of all of the `.sls` files under | ||||
`template package`, this formula no longer supports the installation of | `template package`, this formula no longer supports the installation of | ||||
packages. | packages. | ||||
- sh bootstrap-salt.sh -XdPbfrq -x python3 git develop | - sh bootstrap-salt.sh -XdPbfrq -x python3 git develop | ||||
run_command: /usr/lib/systemd/systemd | run_command: /usr/lib/systemd/systemd | ||||
## SALT 2019.2 | |||||
## SALT `2019.2` | |||||
- name: debian-9-2019-2-py3 | - name: debian-9-2019-2-py3 | ||||
driver: | driver: | ||||
image: netmanagers/salt-2019.2-py3:debian-9 | image: netmanagers/salt-2019.2-py3:debian-9 | ||||
image: netmanagers/salt-2019.2-py3:opensuse-leap-15 | image: netmanagers/salt-2019.2-py3:opensuse-leap-15 | ||||
run_command: /usr/lib/systemd/systemd | run_command: /usr/lib/systemd/systemd | ||||
## SALT 2018.3 | |||||
## SALT `2018.3` | |||||
- name: debian-9-2018-3-py2 | - name: debian-9-2018-3-py2 | ||||
driver: | driver: | ||||
image: netmanagers/salt-2018.3-py2:debian-9 | image: netmanagers/salt-2018.3-py2:debian-9 | ||||
- name: fedora-29-2018-3-py2 | - name: fedora-29-2018-3-py2 | ||||
driver: | driver: | ||||
image: netmanagers/salt-2018.3-py2:fedora-29 | image: netmanagers/salt-2018.3-py2:fedora-29 | ||||
# TODO: Use this when fixed instead of `opensuse-leap-42` | |||||
# Ref: https://github.com/netmanagers/salt-image-builder/issues/2 | |||||
# - name: opensuse-leap-15-2018-3-py2 | |||||
# driver: | |||||
# image: netmanagers/salt-2018.3-py2:opensuse-leap-15 | |||||
# run_command: /usr/lib/systemd/systemd | |||||
- name: opensuse-leap-42-2018-3-py2 | - name: opensuse-leap-42-2018-3-py2 | ||||
driver: | driver: | ||||
image: netmanagers/salt-2018.3-py2:opensuse-leap-42 | image: netmanagers/salt-2018.3-py2:opensuse-leap-42 | ||||
run_command: /usr/lib/systemd/systemd | run_command: /usr/lib/systemd/systemd | ||||
## SALT 2017.7 | |||||
## SALT `2017.7` | |||||
- name: debian-8-2017-7-py2 | - name: debian-8-2017-7-py2 | ||||
driver: | driver: | ||||
image: netmanagers/salt-2017.7-py2:debian-8 | image: netmanagers/salt-2017.7-py2:debian-8 | ||||
salt_copy_filter: | salt_copy_filter: | ||||
- .kitchen | - .kitchen | ||||
- .git | - .git | ||||
state_top: | |||||
base: | |||||
'*': | |||||
- ufw | |||||
pillars: | |||||
top.sls: | |||||
base: | |||||
'*': | |||||
- ufw | |||||
pillars_from_files: | |||||
ufw.sls: test/salt/pillar/default.sls | |||||
verifier: | verifier: | ||||
# https://www.inspec.io/ | # https://www.inspec.io/ | ||||
# cli, documentation, html, progress, json, json-min, json-rspec, junit | # cli, documentation, html, progress, json, json-min, json-rspec, junit | ||||
reporter: | reporter: | ||||
- cli | - cli | ||||
inspec_tests: | |||||
- path: test/integration/default | |||||
suites: | suites: | ||||
- name: default | - name: default | ||||
provisioner: | |||||
state_top: | |||||
base: | |||||
'*': | |||||
- ufw | |||||
pillars: | |||||
top.sls: | |||||
base: | |||||
'*': | |||||
- ufw | |||||
pillars_from_files: | |||||
ufw.sls: test/salt/pillar/default.sls | |||||
verifier: | |||||
inspec_tests: | |||||
- path: test/integration/default |
# InSpec Profile: `default` | |||||
This shows the implementation of the `default` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md). | |||||
## Verify a profile | |||||
InSpec ships with built-in features to verify a profile structure. | |||||
```bash | |||||
$ inspec check default | |||||
Summary | |||||
------- | |||||
Location: default | |||||
Profile: profile | |||||
Controls: 4 | |||||
Timestamp: 2019-06-24T23:09:01+00:00 | |||||
Valid: true | |||||
Errors | |||||
------ | |||||
Warnings | |||||
-------- | |||||
``` | |||||
## Execute a profile | |||||
To run all **supported** controls on a local machine use `inspec exec /path/to/profile`. | |||||
```bash | |||||
$ inspec exec default | |||||
.. | |||||
Finished in 0.0025 seconds (files took 0.12449 seconds to load) | |||||
8 examples, 0 failures | |||||
``` | |||||
## Execute a specific control from a profile | |||||
To run one control from the profile use `inspec exec /path/to/profile --controls name`. | |||||
```bash | |||||
$ inspec exec default --controls package | |||||
. | |||||
Finished in 0.0025 seconds (files took 0.12449 seconds to load) | |||||
1 examples, 0 failures | |||||
``` | |||||
See an [example control here](https://github.com/inspec/inspec/blob/master/examples/profile/controls/example.rb). |
name: ufw | |||||
title: UFW Formula | |||||
maintainer: Alexandre Anriot | |||||
name: default | |||||
title: ufw formula | |||||
maintainer: SaltStack Formulas | |||||
license: Apache-2.0 | license: Apache-2.0 | ||||
summary: Verify that the ufw formula is setup and configured correctly | summary: Verify that the ufw formula is setup and configured correctly | ||||
supports: | supports: | ||||
- os-name: debian | |||||
- os-name: ubuntu | |||||
- os-name: centos | |||||
- os-name: fedora | |||||
- os-name: opensuse | |||||
- os-name: suse | |||||
- platform-name: debian | |||||
- platform-name: ubuntu | |||||
- platform-name: centos | |||||
- platform-name: fedora | |||||
- platform-name: opensuse | |||||
- platform-name: suse | |||||
- platform-name: freebsd | |||||
- platform-name: amazon |
{%- else %} | {%- else %} | ||||
{%- set fs_dir = salt['config.get'](tplroot ~ ':tofs:dirs:default', 'default') %} | {%- set fs_dir = salt['config.get'](tplroot ~ ':tofs:dirs:default', 'default') %} | ||||
{%- endif %} | {%- endif %} | ||||
{%- set url = '- salt://' ~ '/'.join([ | |||||
path_prefix_inc_ext, | |||||
files_dir, | |||||
fs_dir, | |||||
src_file.lstrip('/') | |||||
]) %} | |||||
{%- set url = [ | |||||
'- salt:/', | |||||
path_prefix_inc_ext.strip('/'), | |||||
files_dir.strip('/'), | |||||
fs_dir.strip('/'), | |||||
src_file.strip('/'), | |||||
] | select | join('/') %} | |||||
{{ url | indent(indent_width, true) }} | {{ url | indent(indent_width, true) }} | ||||
{%- endfor %} | {%- endfor %} | ||||
{%- endfor %} | {%- endfor %} |