diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index adf0c07..db7e5d7 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,26 +1,27 @@ # The testing matrix considers ruby/puppet versions supported by SIMP and PE: # -# https://puppet.com/docs/pe/2017.3/overview/component_versions_in_recent_pe_releases.html +# https://puppet.com/docs/pe/2018.1/component_versions_in_recent_pe_releases.html # https://puppet.com/misc/puppet-enterprise-lifecycle -# https://puppet.com/docs/pe/2017.3/overview/getting_support_for_pe.html#standard-releases-and-long-term-support-releases +# https://puppet.com/docs/pe/2018.1/overview/getting_support_for_pe.html # ------------------------------------------------------------------------------ -# release pup ruby eol -# PE 2016.4 4.7 2.1.9 2018-10 (LTS)*** -# SIMP 6.0 4.8 2.1.9 TBD*** -# SIMP 6.2 4.10 2.1.9 TBD -# PE 2017.2 4.10 2.1.9 2018-02 -# PE 2017.3 5.3 2.4.1 2018-08 -# PE 2018.1 5.5 2.4.1 2020-05 (LTS) +# Release Puppet Ruby EOL +# SIMP 6.1 4.10.6 2.1.9 TBD +# SIMP 6.2 4.10.12 2.1.9 TBD +# PE 2016.4.15 4.10.12 2.1.9 2018-12 (LTS) +# PE 2017.3.10 5.3.8 2.4.4 2018-12 (STS) +# SIMP 6.3 5.5.7 2.4.4 TBD*** +# PE 2018.1 5.5.6 2.4.4 2020-05 (LTS)*** # -# *** = Modules created for SIMP 6.2+ are not required to support Puppet < 4.10 +# *** = Modules created for SIMP 6.3+ are not required to support Puppet < 5.5 --- stages: - 'sanity' - 'validation' - 'acceptance' + - 'compliance' - 'deployment' -image: 'ruby:2.1' +image: 'ruby:2.4' variables: PUPPET_VERSION: 'UNDEFINED' # <- Matrixed jobs MUST override this (or fail) @@ -47,61 +48,73 @@ variables: paths: - '.vendor' before_script: + - 'ruby -e "puts %(Environment Variables:\n * #{ENV.keys.grep(/PUPPET|SIMP|BEAKER|MATRIX/).map{|v| %(#{v} = #{ENV[v]})}.join(%(\n * ))})"' - 'declare GEM_BUNDLER_VER=(-v "~> ${BUNDLER_VERSION:-1.16.0}")' - 'declare GEM_INSTALL_CMD=(gem install --no-document)' - 'declare BUNDLER_INSTALL_CMD=(bundle install --no-binstubs --jobs $(nproc) "${FLAGS[@]}")' - 'mkdir -p ${GEM_HOME} ${BUNDLER_BIN}' - 'gem list -ie "${GEM_BUNDLER_VER[@]}" --silent bundler || "${GEM_INSTALL_CMD[@]}" --local "${GEM_BUNDLER_VER[@]}" bundler || "${GEM_INSTALL_CMD[@]}" "${GEM_BUNDLER_VER[@]}" bundler' - 'rm -rf pkg/ || :' - - 'bundle check || rm -f Gemfile.lock && ("${BUNDLER_INSTALL_CMD[@]}" --local || "${BUNDLER_INSTALL_CMD[@]}" || bundle pristine || "${BUNDLER_INSTALL_CMD[@]}") || echo "PIPELNE: Bundler could not find everything"' + - 'bundle check || rm -f Gemfile.lock && ("${BUNDLER_INSTALL_CMD[@]}" --local || "${BUNDLER_INSTALL_CMD[@]}" || bundle pristine || "${BUNDLER_INSTALL_CMD[@]}") || echo "PIPELINE: Bundler could not find everything"' -# Puppet + testing environments -# -------------------------------------- -.pup_4_10_0: &pup_4_10_0 - image: 'ruby:2.1' +# To avoid running a prohibitive number of tests every commit, +# don't set this env var in your gitlab instance +.only_with_SIMP_FULL_MATRIX: &only_with_SIMP_FULL_MATRIX + only: + variables: + - $SIMP_FULL_MATRIX + +# Puppet Versions +#----------------------------------------------------------------------- + +.pup_4: &pup_4 + image: 'ruby:2.4' variables: - PUPPET_VERSION: '~> 4.10.0' + PUPPET_VERSION: '~> 4.0' MATRIX_RUBY_VERSION: '2.1' -.pup_4_latest: &pup_4_latest +.pup_4_10: &pup_4_10 image: 'ruby:2.1' variables: - PUPPET_VERSION: '~> 4.0' + PUPPET_VERSION: '~> 4.10.4' MATRIX_RUBY_VERSION: '2.1' -.pup_5_3_2: &pup_5_3_2 +.pup_5: &pup_5 image: 'ruby:2.4' variables: - PUPPET_VERSION: '~> 5.3.2' + PUPPET_VERSION: '~> 5.0' BEAKER_PUPPET_COLLECTION: 'puppet5' MATRIX_RUBY_VERSION: '2.4' - # These versions are allowed to fail for the purposes of SIMP-5125 - # TODO: Fixing these failures will be addressed in a follow-on issue. - allow_failure: true -.pup_5_5_1: &pup_5_5_1 +.pup_5_3: &pup_5_3 image: 'ruby:2.4' variables: - PUPPET_VERSION: '~> 5.5.1' + PUPPET_VERSION: '~> 5.3.0' BEAKER_PUPPET_COLLECTION: 'puppet5' MATRIX_RUBY_VERSION: '2.4' - # These versions are allowed to fail for the purposes of SIMP-5125 - # TODO: Fixing these failures will be addressed in a follow-on issue. - allow_failure: true - -.pup_5_latest: &pup_5_latest +# Puppet for SIMP 6.3, PE is at 5.5.6 but close enough +.pup_5_5_7: &pup_5_5_7 image: 'ruby:2.4' variables: - PUPPET_VERSION: '~> 5.0' + PUPPET_VERSION: '5.5.7' BEAKER_PUPPET_COLLECTION: 'puppet5' MATRIX_RUBY_VERSION: '2.4' - # These versions are allowed to fail for the purposes of SIMP-5125 - # TODO: Fixing these failures will be addressed in a follow-on issue. + +# Experimental +#^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.pup_6: &pup_6 allow_failure: true + image: 'ruby:2.4' + variables: + PUPPET_VERSION: '~> 6.0' + BEAKER_PUPPET_COLLECTION: 'puppet6' + MATRIX_RUBY_VERSION: '2.4' + +# Testing Environments +#----------------------------------------------------------------------- -# jobs -# -------------------------------------- .lint_tests: &lint_tests stage: 'validation' tags: ['docker'] @@ -109,81 +122,112 @@ variables: script: - 'bundle exec rake syntax' - 'bundle exec rake lint' + - 'bundle exec rake metadata_lint' .unit_tests: &unit_tests stage: 'validation' tags: ['docker'] <<: *setup_bundler_env script: - - 'STRICT_VARIABLES=${STRICT_VARIABLES:-yes} bundle exec rake spec' + - 'bundle exec rake spec' -.acceptance_base: &acceptance_base +.acceptance_tests: &acceptance_tests stage: 'acceptance' tags: ['beaker'] <<: *setup_bundler_env +.compliance_tests: &compliance_tests + stage: 'compliance' + tags: ['beaker'] + <<: *setup_bundler_env + + # Pipeline / testing matrix #======================================================================= sanity_checks: - <<: *pup_4_latest + <<: *pup_5 <<: *setup_bundler_env stage: 'sanity' tags: ['docker'] script: + - 'if `hash apt-get`; then apt-get update; fi' + - 'if `hash apt-get`; then apt-get install -y rpm; fi' - 'bundle exec rake check:dot_underscore' - 'bundle exec rake check:test_file' - 'bundle exec rake pkg:check_version' - 'bundle exec rake pkg:compare_latest_tag' + - 'bundle exec rake pkg:create_tag_changelog' + - 'bundle exec puppet module build' +# Linting +#----------------------------------------------------------------------- pup4-lint: - <<: *pup_4_latest + <<: *pup_4_10 <<: *lint_tests pup5-lint: - <<: *pup_5_latest + <<: *pup_5 + <<: *lint_tests + +pup6-lint: + <<: *pup_6 <<: *lint_tests +# Unit Tests +#----------------------------------------------------------------------- pup4.10-unit: - <<: *pup_4_10_0 + <<: *pup_4_10 <<: *unit_tests -pup5.3-unit: - <<: *pup_5_3_2 +pup5-unit: + <<: *pup_5 <<: *unit_tests -pup5.5-unit: - <<: *pup_5_5_1 +pup5_3-unit: + <<: *pup_5_3 <<: *unit_tests -pup5.latest-unit: - <<: *pup_5_latest +pup5.5.7-unit: + <<: *pup_5_5_7 <<: *unit_tests +pup6-unit: + <<: *pup_6 + <<: *unit_tests + +# Acceptance Tests +#----------------------------------------------------------------------- -pup4.10-acceptance: - <<: *pup_4_10_0 - <<: *acceptance_base +pup4.10: + <<: *pup_4_10 + <<: *acceptance_tests script: - 'bundle exec rake beaker:suites' -pup4.10-fips-acceptance: - <<: *pup_4_10_0 - <<: *acceptance_base +pup4.10-fips: + <<: *pup_4_10 + <<: *acceptance_tests + <<: *only_with_SIMP_FULL_MATRIX script: - 'BEAKER_fips=yes bundle exec rake beaker:suites' -pup5.5-acceptance: - <<: *pup_5_5_1 - <<: *acceptance_base +pup5.5.7: + <<: *pup_5_5_7 + <<: *acceptance_tests script: - 'bundle exec rake beaker:suites' -pup5.5-fips-acceptance: - <<: *pup_5_5_1 - <<: *acceptance_base +pup5.5.7-fips: + <<: *pup_5_5_7 + <<: *acceptance_tests script: - 'BEAKER_fips=yes bundle exec rake beaker:suites' +pup5.5.7-oel: + <<: *pup_5_5_7 + <<: *acceptance_tests + script: + - 'bundle exec rake beaker:suites[default,oel]' diff --git a/.ruby-version b/.ruby-version index 63a1a1c..79a6144 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -2.1.9 +2.4.4 diff --git a/.travis.yml b/.travis.yml index ba6431e..6a28a93 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,23 +1,31 @@ # The testing matrix considers ruby/puppet versions supported by SIMP and PE: # -# https://puppet.com/docs/pe/2017.3/overview/component_versions_in_recent_pe_releases.html +# https://puppet.com/docs/pe/2018.1/component_versions_in_recent_pe_releases.html # https://puppet.com/misc/puppet-enterprise-lifecycle -# https://puppet.com/docs/pe/2017.3/overview/getting_support_for_pe.html#standard-releases-and-long-term-support-releases +# https://puppet.com/docs/pe/2018.1/overview/getting_support_for_pe.html # ------------------------------------------------------------------------------ -# release pup ruby eol -# PE 2016.4 4.7 2.1.9 2018-10 (LTS)*** -# SIMP 6.0 4.8 2.1.9 TBD*** -# SIMP 6.2 4.10 2.1.9 TBD -# PE 2017.2 4.10 2.1.9 2018-02 -# PE 2017.3 5.3 2.4.1 2018-08 -# PE 2018.1 5.5 2.4.1 2020-05 (LTS) +# Release Puppet Ruby EOL +# SIMP 6.2 4.10 2.1.9 TBD +# PE 2016.4 4.10 2.1.9 2018-12-31 (LTS) +# PE 2017.3 5.3 2.4.4 2018-12-31 +# SIMP 6.3 5.5 2.4.4 TBD*** +# PE 2018.1 5.5 2.4.4 2020-05 (LTS)*** +# PE 2019.0 6.0 2.5.1 2019-08-31^^^ # -# *** = Modules created for SIMP 6.2+ are not required to support Puppet < 4.10 +# *** = Modules created for SIMP 6.3+ are not required to support Puppet < 5.5 +# ^^^ = SIMP doesn't support 6 yet; tests are info-only and allowed to fail + --- language: ruby cache: bundler sudo: false +stages: + - check + - spec + - name: deploy + if: 'fork = false AND tag = true' + bundler_args: --without development system_tests --path .vendor notifications: @@ -30,63 +38,61 @@ addons: before_install: - rm -f Gemfile.lock - - gem update --system + +global: + - STRICT_VARIABLES=yes jobs: allow_failures: - - env: STRICT_VARIABLES=yes PUPPET_VERSION="~> 5.0" - # These versions are allowed to fail for the purposes of SIMP-5125 - # FIXME: Fixing these failures will be addressed in a follow-on issue. - - env: STRICT_VARIABLES=yes PUPPET_VERSION="~> 5.3.2" - - env: STRICT_VARIABLES=yes PUPPET_VERSION="~> 5.5.1" + - name: 'Latest Puppet 6.x (allowed to fail)' include: - stage: check - rvm: 2.4.1 + name: 'Syntax, style, and validation checks' + rvm: 2.4.4 + env: PUPPET_VERSION="~> 5" script: - bundle exec rake check:dot_underscore - bundle exec rake check:test_file - - bundle exec rake lint - - bundle exec rake metadata_lint - bundle exec rake pkg:check_version + - bundle exec rake metadata_lint - bundle exec rake pkg:compare_latest_tag - bundle exec rake pkg:create_tag_changelog + - bundle exec rake lint - bundle exec puppet module build - stage: spec + name: 'Puppet 4.10 (SIMP 6.2, PE 2016.4)' rvm: 2.1.9 - env: STRICT_VARIABLES=yes PUPPET_VERSION="~> 4.7.1" + env: PUPPET_VERSION="~> 4.10.0" script: - bundle exec rake spec - stage: spec - rvm: 2.1.9 - env: STRICT_VARIABLES=yes PUPPET_VERSION="~> 4.8.2" - script: - - bundle exec rake spec - - - stage: spec - rvm: 2.1.9 - env: STRICT_VARIABLES=yes PUPPET_VERSION="~> 4.10.4" + name: 'Puppet 5.3 (PE 2017.3)' + rvm: 2.4.4 + env: PUPPET_VERSION="~> 5.3.0" script: - bundle exec rake spec - stage: spec - rvm: 2.4.1 - env: STRICT_VARIABLES=yes PUPPET_VERSION="~> 5.3.2" + rvm: 2.4.4 + name: 'Puppet 5.5 (SIMP 6.3, PE 2018.1)' + env: PUPPET_VERSION="~> 5.5.0" script: - bundle exec rake spec - stage: spec + name: 'Latest Puppet 5.x' rvm: 2.4.4 - env: STRICT_VARIABLES=yes PUPPET_VERSION="~> 5.5.1" + env: PUPPET_VERSION="~> 5.0" script: - bundle exec rake spec - # Check latest 5.x release, regardless of support matrix (allowed to fail) - stage: spec - rvm: 2.4.4 - env: STRICT_VARIABLES=yes PUPPET_VERSION="~> 5.0" + name: 'Latest Puppet 6.x (allowed to fail)' + rvm: 2.5.1 + env: PUPPET_VERSION="~> 6.0" script: - bundle exec rake spec @@ -111,5 +117,4 @@ jobs: secure: "LBBYg2vKjWhAOILc/bhgV2ybDEt+JJfZ0mp/pIHb4QaWOnRmdOs5bgSiDrK6a/SLk4W5LNSRTOyLqz5oSO5OvtEC/go/8RndsVq5UJM72/TbmSLdTAUQSTVAYZ3NVY2x5FG3BLtzb1XeCyR7oHSrKvgra4UNG68euebltmANVkF1Ly1Bx8LE/5PK/1CY8bmbhHRCFugAkFkalXVmY6EV65S23vyrkN1nV2Xu+i7y9ewpnECsG7sdduvP/AO7PgGuVX/A4sfw9i8ZOGhfKUxS6xeYmlmT6YdbSlRclwoVqhsLX3lmtbXUGNSWwpoWcOm2kk/t369i2SicD6QIitpQoC9OwlNBsaRTp6cfanyIpNsp1WBOStQLsT2wJUzxrWPs4qGiBBDocGb5Iwv9cNyKFS2ydK/NHGX3EC6JQsORM/3ogkEOtEsgg+ad1FHyxg4fyEMt8339fG2ri58gYyib6KkJTRxM8aBkw/uGOQFFDecF69+Bl6kI4ymAEvxpgwJKBncF2z2IMs7e953Q/fXp4p3vToTRiFGUqeL18vUCmMlmVXlPu5dW/STuMVTJiY1f+0PdY8RLn2IOD8O4tC9OaO30R2DPnLwK3kGKS8zjbcSwkzb8rLGqMWBDTV8iv3EAQ/8FtWhZFk39LDrDvRJLzk9WQRrhaorMGvEt8pJHdxA=" on: tags: true - rvm: 2.4.4 condition: '($SKIP_FORGE_PUBLISH != true)' diff --git a/CHANGELOG b/CHANGELOG index 4390f0a..18ccde6 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +* Thu Nov 01 2018 Jeanne Greulich - 0.1.0-0 +- static asset updates + * Fri Sep 14 2018 Michael Morrone - 0.1.0-0 - Made ima::appraise and ima::policy unambiguously public classes diff --git a/Gemfile b/Gemfile index 4482ab7..43226f2 100644 --- a/Gemfile +++ b/Gemfile @@ -1,14 +1,10 @@ -# ------------------------------------------------------------------------------ -# NOTE: SIMP Puppet rake tasks support ruby 2.1.9 -# ------------------------------------------------------------------------------ gem_sources = ENV.fetch('GEM_SERVERS','https://rubygems.org').split(/[, ]+/) gem_sources.each { |gem_source| source gem_source } group :test do gem 'rake' - gem 'puppet', ENV.fetch('PUPPET_VERSION', '~> 4.0') - gem 'facter', ENV.fetch('FACTER_VERSION', '~> 2.4.0') + gem 'puppet', ENV.fetch('PUPPET_VERSION', '~> 5.5') gem 'rspec' gem 'rspec-puppet' gem 'hiera-puppet-helper' @@ -17,26 +13,17 @@ group :test do gem 'puppet-strings' gem 'puppet-lint-empty_string-check', :require => false gem 'puppet-lint-trailing_comma-check', :require => false - gem 'simp-rspec-puppet-facts', ENV.fetch('SIMP_RSPEC_PUPPET_FACTS_VERSION', '~> 2.0') - gem 'simp-rake-helpers', ENV.fetch('SIMP_RAKE_HELPERS_VERSION', ['>= 5.2', '< 6.0']) + gem 'simp-rspec-puppet-facts', ENV.fetch('SIMP_RSPEC_PUPPET_FACTS_VERSION', '~> 2.2') + gem 'simp-rake-helpers', ENV.fetch('SIMP_RAKE_HELPERS_VERSION', '~> 5.6') end group :development do - gem 'travis' - gem 'travis-lint' - gem 'travish' - gem 'puppet-blacksmith' - gem 'guard-rake' gem 'pry' gem 'pry-doc' - - # `listen` is a dependency of `guard` - # from `listen` 3.1+, `ruby_dep` requires Ruby version >= 2.2.3, ~> 2.2 - gem 'listen', '~> 3.0.6' end group :system_tests do gem 'beaker' gem 'beaker-rspec' - gem 'simp-beaker-helpers', ENV.fetch('SIMP_BEAKER_HELPERS_VERSION', '~> 1.7') + gem 'simp-beaker-helpers', ENV.fetch('SIMP_BEAKER_HELPERS_VERSION', '~> 1.12') end diff --git a/README.md b/README.md index 70a73af..07dc890 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,8 @@ your system to become read-only. ### This is a SIMP module -This module is a component of the [System Integrity Management Platform](https://github.com/NationalSecurityAgency/SIMP), a compliance-management framework built on Puppet. +This module is a component of the [System Integrity Management Platform](https://simp-project.com), +a compliance-management framework built on Puppet If you find any issues, they may be submitted to our [bug tracker](https://simp-project.atlassian.net/). diff --git a/spec/acceptance/nodesets/default.yml b/spec/acceptance/nodesets/default.yml deleted file mode 120000 index f64b2c8..0000000 --- a/spec/acceptance/nodesets/default.yml +++ /dev/null @@ -1 +0,0 @@ -../suites/default/nodesets/default.yml \ No newline at end of file diff --git a/spec/acceptance/nodesets/default.yml b/spec/acceptance/nodesets/default.yml new file mode 100644 index 0000000..8798267 --- /dev/null +++ b/spec/acceptance/nodesets/default.yml @@ -0,0 +1,43 @@ +<% + if ENV['BEAKER_HYPERVISOR'] + hypervisor = ENV['BEAKER_HYPERVISOR'] + else + hypervisor = 'vagrant' + end +-%> +HOSTS: + el7: + roles: + - server + - default + platform: el-7-x86_64 + box: centos/7 + hypervisor: <%= hypervisor %> + yum_repos: + epel: + mirrorlist: 'https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch' + gpgkeys: + - https://getfedora.org/static/352C64E5.txt + el6: + roles: + - server + platform: el-6-x86_64 + box: centos/6 + hypervisor: <%= hypervisor %> + yum_repos: + epel: + mirrorlist: 'https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch' + gpgkeys: + - https://getfedora.org/static/0608B895.txt +CONFIG: + log_level: verbose + type: aio + vagrant_memsize: 512 + synced_folder: disabled + ssh: + timeout: 2 +<% if ENV['BEAKER_PUPPET_COLLECTION'] -%> + puppet_collection: <%= ENV['BEAKER_PUPPET_COLLECTION'] %> +<% end -%> + +# vb_gui: true diff --git a/spec/acceptance/nodesets/oel.yml b/spec/acceptance/nodesets/oel.yml new file mode 100644 index 0000000..c7eb2af --- /dev/null +++ b/spec/acceptance/nodesets/oel.yml @@ -0,0 +1,33 @@ +<% + if ENV['BEAKER_HYPERVISOR'] + hypervisor = ENV['BEAKER_HYPERVISOR'] + else + hypervisor = 'vagrant' + end +-%> +HOSTS: + el7: + roles: + - server + - default + platform: el-7-x86_64 + box: onyxpoint/oel-7-x86_64 + hypervisor: <%= hypervisor %> + el6: + roles: + - server + platform: el-6-x86_64 + box: onyxpoint/oel-6-x86_64 + hypervisor: <%= hypervisor %> + +CONFIG: + log_level: verbose + type: aio + vagrant_memsize: 512 + synced_folder: disabled + ssh: + timeout: 2 +<% if ENV['BEAKER_PUPPET_COLLECTION'] -%> + puppet_collection: <%= ENV['BEAKER_PUPPET_COLLECTION'] %> +<% end -%> +# vb_gui: true diff --git a/spec/acceptance/suites/default/nodesets b/spec/acceptance/suites/default/nodesets new file mode 120000 index 0000000..f2ea7de --- /dev/null +++ b/spec/acceptance/suites/default/nodesets @@ -0,0 +1 @@ +../../nodesets/ \ No newline at end of file diff --git a/spec/acceptance/suites/default/nodesets/default.yml b/spec/acceptance/suites/default/nodesets/default.yml deleted file mode 100644 index 1b9771b..0000000 --- a/spec/acceptance/suites/default/nodesets/default.yml +++ /dev/null @@ -1,23 +0,0 @@ -HOSTS: - el7: - roles: - - server - - default - platform: el-7-x86_64 - box: centos/7 - hypervisor: vagrant - el6: - roles: - - server - platform: el-6-x86_64 - box: centos/6 - hypervisor: vagrant - -CONFIG: - log_level: verbose - type: aio - vagrant_memsize: 512 - synced_folder: disabled - ssh: - timeout: 2 -# vb_gui: true