From b73d4324f9908097fb26fba566550e9b99c14952 Mon Sep 17 00:00:00 2001 From: "Mark E. Schill" Date: Sat, 12 Oct 2019 18:16:49 -0400 Subject: [PATCH] Closes #69, #68, #67, #66, #65 --- .circleci/config.yml | 65 ++++++++++++++++++ .mdlrc | 1 + .travis.yml | 47 ------------- CHANGELOG.md | 8 ++- CONTRIBUTING.md | 2 +- Dangerfile | 40 +++++++++++ README.md | 5 +- TESTING.md | 2 +- kitchen.dokken.yml | 107 +++++++++++++++--------------- kitchen.yml | 3 +- metadata.rb | 4 +- spec/unit/recipes/centos_spec.rb | 6 +- spec/unit/recipes/default_spec.rb | 8 +-- spec/unit/recipes/ubuntu_spec.rb | 6 +- 14 files changed, 183 insertions(+), 121 deletions(-) create mode 100644 .circleci/config.yml create mode 100644 .mdlrc delete mode 100644 .travis.yml create mode 100644 Dangerfile diff --git a/.circleci/config.yml b/.circleci/config.yml new file mode 100644 index 0000000..74524ee --- /dev/null +++ b/.circleci/config.yml @@ -0,0 +1,65 @@ +--- +lint_and_unit: &lint_and_unit + - delivery + - danger + - lint-yaml + - lint-markdown +version: 2.1 +orbs: + kitchen: sous-chefs/kitchen@2 +workflows: + kitchen: + jobs: + - kitchen/yamllint: + name: lint-yaml + - kitchen/mdlint: + name: lint-markdown + - kitchen/danger: + name: danger + context: Danger + - kitchen/delivery: + name: delivery + - kitchen/dokken-single: + name: default-amazonlinux + suite: default-amazonlinux + requires: *lint_and_unit + - kitchen/dokken-single: + name: default-amazonlinux-2 + suite: default-amazonlinux-2 + requires: *lint_and_unit + - kitchen/dokken-single: + name: default-debian-9 + suite: default-debian-9 + requires: *lint_and_unit + - kitchen/dokken-single: + name: default-debian-10 + suite: default-debian-10 + requires: *lint_and_unit + - kitchen/dokken-single: + name: default-centos-6 + suite: default-centos-6 + requires: *lint_and_unit + - kitchen/dokken-single: + name: default-centos-7 + suite: default-centos-7 + requires: *lint_and_unit + - kitchen/dokken-single: + name: default-fedora-latest + suite: default-fedora-latest + requires: *lint_and_unit + - kitchen/dokken-single: + name: default-ubuntu-1604 + suite: default-ubuntu-1604 + requires: *lint_and_unit + - kitchen/dokken-single: + name: default-ubuntu-1804 + suite: default-ubuntu-1804 + requires: *lint_and_unit + - kitchen/dokken-single: + name: default-opensuse-leap-42 + suite: default-opensuse-leap-42 + requires: *lint_and_unit + - kitchen/dokken-single: + name: default-opensuse-leap-15 + suite: default-opensuse-leap-15 + requires: *lint_and_unit diff --git a/.mdlrc b/.mdlrc new file mode 100644 index 0000000..050f38b --- /dev/null +++ b/.mdlrc @@ -0,0 +1 @@ +rules "~MD013", "~MD024", "~MD033" \ No newline at end of file diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 4447341..0000000 --- a/.travis.yml +++ /dev/null @@ -1,47 +0,0 @@ -addons: - apt: - sources: - - chef-current-xenial - packages: - - chef-workstation - -install: echo "skip bundle install" - -env: - - CHEF_LICENSE=accept - -branches: - only: - - master - -services: docker - -env: - matrix: - - INSTANCE=default-amazonlinux - - INSTANCE=default-amazonlinux-2 - - INSTANCE=default-centos-6 - - INSTANCE=default-centos-7 - - INSTANCE=default-debian-9 - - INSTANCE=default-debian-10 - #- INSTANCE=default-opensuse-leap-42 - #- INSTANCE=default-opensuse-leap-15 - - INSTANCE=default-ubuntu-1604 - - INSTANCE=default-ubuntu-1804 - -before_script: - - sudo iptables -L DOCKER || ( echo "DOCKER iptables chain missing" ; sudo iptables -N DOCKER ) - - eval "$(chef shell-init bash)" - - chef --version - - cookstyle --version - - foodcritic --version - -script: KITCHEN_LOCAL_YAML=kitchen.dokken.yml CHEF_VERSION=${CHEF_VERSION} kitchen verify ${INSTANCE} - -matrix: - include: - - script: - - chef exec delivery local all - env: - - UNIT_AND_LINT=1 - - CHEF_LICENSE=accept diff --git a/CHANGELOG.md b/CHANGELOG.md index 2dfe630..a1543a2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,10 @@ -# fail2ban Cookbook CHANGELOG +# Changelog +All notable changes to this project will be documented in this file. -This file is used to list changes made in each version of the fail2ban cookbook. +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] ## 6.0.0 (2019-05-08) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index ef2f2b8..0943d17 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,2 +1,2 @@ Please refer to -https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD + diff --git a/Dangerfile b/Dangerfile new file mode 100644 index 0000000..2d99dba --- /dev/null +++ b/Dangerfile @@ -0,0 +1,40 @@ +# Reference: http://danger.systems/reference.html + +# A pull request summary is required. Add a description of the pull request purpose. +# Changelog must be updated for each pull request that changes code. +# Warnings will be issued for: +# Pull request with more than 400 lines of code changed +# Pull reqest that change more than 5 lines without test changes +# Failures will be issued for: +# Pull request without summary +# Pull requests with code changes without changelog entry + +def code_changes? + code = %w(libraries attributes recipes resources files templates) + code.each do |location| + return true unless git.modified_files.grep(/#{location}/).empty? + end + false +end + +def test_changes? + tests = %w(spec test .kitchen.yml .kitchen.dokken.yml) + tests.each do |location| + return true unless git.modified_files.grep(/#{location}/).empty? + end + false +end + +failure 'Please provide a summary of your Pull Request.' if github.pr_body.length < 10 + +warn 'This is a big Pull Request.' if git.lines_of_code > 400 + +# Require a CHANGELOG entry for non-test changes. +if !git.modified_files.include?('CHANGELOG.md') && code_changes? + failure 'Please include a CHANGELOG entry.' +end + +# A sanity check for tests. +if git.lines_of_code > 5 && code_changes? && !test_changes? + warn 'This Pull Request is probably missing tests.' +end diff --git a/README.md b/README.md index cf73556..60c19bf 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,7 @@ Installs and configures `fail2ban`, a utility that watches logs for failed login - OpenSUSE ### Chef + - Chef 13.0+ ### Cookbooks @@ -42,7 +43,6 @@ The `CRITICAL` and `NOTICE` log levels are only available on fail2ban >= 0.9.x. The `syslogsocket`, `dbfile`, and `dbpurgeage` options are only applicable to fail2ban >= 0.9.x - This cookbook has a set of configuration options for jail.conf - default['fail2ban']['ignoreip'] = '127.0.0.1/8' @@ -115,8 +115,7 @@ Then you will get notifications like this: > [hostname] Banned 🇳🇬 217.117.13.12 in the jail sshd after 5 attempts -Issues related to rsyslog -========================== +## Issues related to rsyslog If you are using rsyslog parameter "$RepeatedMsgReduction on" in rsyslog.conf file then you can get "Last message repeated N times" in system log file (for example auth.log). diff --git a/TESTING.md b/TESTING.md index ca524ab..9596d9b 100644 --- a/TESTING.md +++ b/TESTING.md @@ -1,2 +1,2 @@ Please refer to -https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/TESTING.MD + diff --git a/kitchen.dokken.yml b/kitchen.dokken.yml index 6024057..7c19934 100644 --- a/kitchen.dokken.yml +++ b/kitchen.dokken.yml @@ -1,6 +1,7 @@ +--- driver: name: dokken - privileged: true # because Docker and SystemD/Upstart + privileged: true # because Docker and SystemD/Upstart chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> transport: @@ -15,65 +16,65 @@ verifier: name: inspec platforms: -- name: amazonlinux - driver: - image: dokken/amazonlinux - pid_one_command: /sbin/init + - name: amazonlinux + driver: + image: dokken/amazonlinux + pid_one_command: /sbin/init -- name: amazonlinux-2 - driver: - image: dokken/amazonlinux-2 - pid_one_command: /usr/lib/systemd/systemd + - name: amazonlinux-2 + driver: + image: dokken/amazonlinux-2 + pid_one_command: /usr/lib/systemd/systemd -- name: debian-9 - driver: - image: dokken/debian-9 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update + - name: debian-9 + driver: + image: dokken/debian-9 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update -- name: debian-10 - driver: - image: dokken/debian-10 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update + - name: debian-10 + driver: + image: dokken/debian-10 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update -- name: centos-6 - driver: - image: dokken/centos-6 - pid_one_command: /sbin/init + - name: centos-6 + driver: + image: dokken/centos-6 + pid_one_command: /sbin/init -- name: centos-7 - driver: - image: dokken/centos-7 - pid_one_command: /usr/lib/systemd/systemd + - name: centos-7 + driver: + image: dokken/centos-7 + pid_one_command: /usr/lib/systemd/systemd -- name: fedora-latest - driver: - image: dokken/fedora-latest - pid_one_command: /usr/lib/systemd/systemd + - name: fedora-latest + driver: + image: dokken/fedora-latest + pid_one_command: /usr/lib/systemd/systemd -- name: ubuntu-16.04 - driver: - image: dokken/ubuntu-16.04 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update + - name: ubuntu-16.04 + driver: + image: dokken/ubuntu-16.04 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update -- name: ubuntu-18.04 - driver: - image: dokken/ubuntu-18.04 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update + - name: ubuntu-18.04 + driver: + image: dokken/ubuntu-18.04 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update -- name: opensuse-leap-42 - driver: - image: dokken/opensuse-leap-42 - pid_one_command: /bin/systemd + - name: opensuse-leap-42 + driver: + image: dokken/opensuse-leap-42 + pid_one_command: /bin/systemd -- name: opensuse-leap-15 - driver: - image: dokken/opensuse-leap-15 - pid_one_command: /bin/systemd + - name: opensuse-leap-15 + driver: + image: dokken/opensuse-leap-15 + pid_one_command: /bin/systemd diff --git a/kitchen.yml b/kitchen.yml index 8d8c585..8b765e3 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -1,3 +1,4 @@ +--- driver: name: vagrant @@ -26,4 +27,4 @@ platforms: suites: - name: default run_list: - recipe[test::default] + recipe[test::default] diff --git a/metadata.rb b/metadata.rb index b62a6fa..a126251 100644 --- a/metadata.rb +++ b/metadata.rb @@ -3,10 +3,8 @@ maintainer_email 'cookbooks@chef.io' license 'Apache-2.0' description 'Installs and configures fail2ban' -long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) -version '6.0.0' -recipe 'default', 'Installs and configures fail2ban' +version '6.0.0' depends 'yum-epel' diff --git a/spec/unit/recipes/centos_spec.rb b/spec/unit/recipes/centos_spec.rb index 571b0ff..9707542 100644 --- a/spec/unit/recipes/centos_spec.rb +++ b/spec/unit/recipes/centos_spec.rb @@ -3,7 +3,7 @@ describe 'default recipe on CentOS 5' do let(:chef_run) do runner = ChefSpec::ServerRunner.new(platform: 'centos', version: '5.11') - runner.node.normal['packages']['fail2ban'] = { + runner.node.default['packages']['fail2ban'] = { epoch: '0', version: '0.8.14', release: '1.el5', @@ -25,7 +25,7 @@ describe 'default recipe on CentOS 6' do let(:chef_run) do runner = ChefSpec::ServerRunner.new(platform: 'centos', version: '6.9') - runner.node.normal['packages']['fail2ban'] = { + runner.node.default['packages']['fail2ban'] = { epoch: '0', version: '0.9.6', release: '1.el6.1', @@ -50,7 +50,7 @@ describe 'default recipe on CentOS 7' do let(:chef_run) do runner = ChefSpec::ServerRunner.new(platform: 'centos', version: '7.3.1611') - runner.node.normal['packages']['fail2ban'] = { + runner.node.default['packages']['fail2ban'] = { epoch: '0', version: '0.9.7', release: '1.el7', diff --git a/spec/unit/recipes/default_spec.rb b/spec/unit/recipes/default_spec.rb index 8a59848..b9b4be0 100644 --- a/spec/unit/recipes/default_spec.rb +++ b/spec/unit/recipes/default_spec.rb @@ -3,13 +3,13 @@ describe 'fail2ban::default converge' do let(:chef_run) do runner = ChefSpec::ServerRunner.new(platform: 'ubuntu', version: '16.04') - runner.node.normal['fail2ban']['filters'] = { + runner.node.default['fail2ban']['filters'] = { 'nginx-proxy' => { 'failregex' => ['^ -.*GET http.*'], 'ignoreregex' => [], }, } - runner.node.normal['packages']['fail2ban'] = { + runner.node.default['packages']['fail2ban'] = { version: '0.9.3-1', arch: 'all', } @@ -59,7 +59,7 @@ describe 'fail2ban::default converge with a given slack webhook' do let(:chef_run) do runner = ChefSpec::ServerRunner.new(platform: 'ubuntu', version: '16.04') - runner.node.normal['fail2ban'] = { + runner.node.default['fail2ban'] = { filters: { 'nginx-proxy' => { 'failregex' => ['^ -.*GET http.*'], @@ -69,7 +69,7 @@ slack_channel: 'infra', slack_webhook: 'https://hooks.slack.com/services/A123BCD4E/FG5HI6KLM/7n8opqrsT9UVWxyZ0AbCdefG', } - runner.node.normal['packages']['fail2ban'] = { + runner.node.default['packages']['fail2ban'] = { version: '0.9.3-1', arch: 'all', } diff --git a/spec/unit/recipes/ubuntu_spec.rb b/spec/unit/recipes/ubuntu_spec.rb index 704683d..42b4166 100644 --- a/spec/unit/recipes/ubuntu_spec.rb +++ b/spec/unit/recipes/ubuntu_spec.rb @@ -3,7 +3,7 @@ describe 'default recipe on Ubuntu 12.04' do let(:chef_run) do runner = ChefSpec::ServerRunner.new(platform: 'ubuntu', version: '16.04') - runner.node.normal['packages']['fail2ban'] = { version: '0.8.6-3wheezy3build0.12.04.1', arch: 'all' } + runner.node.default['packages']['fail2ban'] = { version: '0.8.6-3wheezy3build0.12.04.1', arch: 'all' } runner.converge('fail2ban::default') end @@ -19,7 +19,7 @@ describe 'default recipe on Ubuntu 14.04' do let(:chef_run) do runner = ChefSpec::ServerRunner.new(platform: 'ubuntu', version: '14.04') - runner.node.normal['packages']['fail2ban'] = { version: '0.8.11-1', arch: 'all' } + runner.node.default['packages']['fail2ban'] = { version: '0.8.11-1', arch: 'all' } runner.converge('fail2ban::default') end @@ -35,7 +35,7 @@ describe 'default recipe on Ubuntu 18.04' do let(:chef_run) do runner = ChefSpec::ServerRunner.new(platform: 'ubuntu', version: '18.04') - runner.node.normal['packages']['fail2ban'] = { version: '0.10.2-2', arch: 'all' } + runner.node.default['packages']['fail2ban'] = { version: '0.10.2-2', arch: 'all' } runner.converge('fail2ban::default') end