diff --git a/.github/SECURITY.md b/.github/SECURITY.md new file mode 100644 index 00000000..cacadf22 --- /dev/null +++ b/.github/SECURITY.md @@ -0,0 +1,3 @@ +# Vox Pupuli Security Policy + +Our vulnerabilities reporting process is at https://voxpupuli.org/security/ diff --git a/.msync.yml b/.msync.yml index 8864fc09..4c7999c4 100644 --- a/.msync.yml +++ b/.msync.yml @@ -1 +1 @@ -modulesync_config_version: '2.12.0' +modulesync_config_version: '3.0.0' diff --git a/.rubocop.yml b/.rubocop.yml index c2ebc88d..316e4ec1 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -528,6 +528,9 @@ RSpec/RepeatedDescription: RSpec/NestedGroups: Enabled: False +RSpec/MultipleExpectations: + Enabled: false + # this is broken on ruby1.9 Layout/IndentHeredoc: Enabled: False diff --git a/.travis.yml b/.travis.yml index b3885153..b8ba2d89 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,4 +1,5 @@ --- +os: linux dist: bionic language: ruby cache: bundler @@ -7,7 +8,7 @@ before_install: - bundle --version script: - 'bundle exec rake $CHECK' -matrix: +jobs: fast_finish: true include: - rvm: 2.4.4 @@ -76,7 +77,7 @@ notifications: - "chat.freenode.org#voxpupuli-notifications" deploy: provider: puppetforge - user: puppet + username: puppet password: secure: "bBDDSSz8OQwK0zxJ4EjM01bE4uoNMzTXyxp2lllXdv6PYAJCI4bCCcdRF7OKLAWaRtm6c0HJGnfMXzmwqHF/pJSUZzfTGe4uwZrrmaGvdalP4fXtLWpviAoez8La0Nx7JYqwPPprP7nySBD8M3rUuOZJetXQM6yGgj4YSs2lKMo=" on: diff --git a/Gemfile b/Gemfile index 32c31146..8592cd61 100644 --- a/Gemfile +++ b/Gemfile @@ -11,9 +11,9 @@ def location_for(place, fake_version = nil) end group :test do - gem 'voxpupuli-test', '>= 1.0.0', :require => false - gem 'coveralls', :require => false - gem 'simplecov-console', :require => false + gem 'voxpupuli-test', '~> 2.0', :require => false + gem 'coveralls', :require => false + gem 'simplecov-console', :require => false end group :development do diff --git a/manifests/config.pp b/manifests/config.pp index 73a346d7..cbb466f1 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -5,7 +5,6 @@ # include python::config # class python::config { - Class['python::install'] -> Python::Pip <| |> Class['python::install'] -> Python::Requirements <| |> Class['python::install'] -> Python::Virtualenv <| |> @@ -27,5 +26,4 @@ } } } - } diff --git a/manifests/dotfile.pp b/manifests/dotfile.pp index 47556fea..e42106c1 100644 --- a/manifests/dotfile.pp +++ b/manifests/dotfile.pp @@ -34,7 +34,7 @@ exec { "create ${title}'s parent dir": command => "install -o ${owner} -g ${group} -d ${parent_dir}", - path => [ '/usr/bin', '/bin', '/usr/local/bin', ], + path => ['/usr/bin', '/bin', '/usr/local/bin',], creates => $parent_dir, } diff --git a/manifests/gunicorn.pp b/manifests/gunicorn.pp index 9daa7ff1..d9625a04 100644 --- a/manifests/gunicorn.pp +++ b/manifests/gunicorn.pp @@ -79,5 +79,4 @@ content => template($template), } } - } diff --git a/manifests/init.pp b/manifests/init.pp index e2071925..468725be 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -49,11 +49,11 @@ $gunicorn_package_name = $python::params::gunicorn_package_name, Optional[Enum['pip', 'scl', 'rhscl', 'anaconda', '']] $provider = $python::params::provider, $valid_versions = $python::params::valid_versions, - Hash $python_pips = { }, - Hash $python_virtualenvs = { }, - Hash $python_pyvenvs = { }, - Hash $python_requirements = { }, - Hash $python_dotfiles = { }, + Hash $python_pips = {}, + Hash $python_virtualenvs = {}, + Hash $python_pyvenvs = {}, + Hash $python_requirements = {}, + Hash $python_dotfiles = {}, Boolean $use_epel = $python::params::use_epel, $rhscl_use_public_repository = $python::params::rhscl_use_public_repository, Stdlib::Httpurl $anaconda_installer_url = $python::params::anaconda_installer_url, @@ -61,7 +61,6 @@ Boolean $manage_scl = $python::params::manage_scl, Optional[Pattern[/[0-7]{1,4}/]] $umask = undef, ) inherits python::params { - $exec_prefix = $provider ? { 'scl' => "/usr/bin/scl enable ${version} -- ", 'rhscl' => "/usr/bin/scl enable ${version} -- ", @@ -69,12 +68,12 @@ } unless $version =~ Pattern[/\A(python)?[0-9](\.?[0-9])*/, - /\Apypy\Z/, /\Asystem\Z/, /\Arh-python[0-9]{2}(?:-python)?\Z/] { + /\Apypy\Z/, /\Asystem\Z/, /\Arh-python[0-9]{2}(?:-python)?\Z/] { fail("version needs to be pypy, system or a version string like '36', '3.6' or 'python3.6' )") } # Module compatibility check - $compatible = [ 'Debian', 'RedHat', 'Suse', 'Gentoo', 'AIX' ] + $compatible = ['Debian', 'RedHat', 'Suse', 'Gentoo', 'AIX'] if ! ($facts['os']['family'] in $compatible) { fail("Module is not compatible with ${facts['os']['name']}") } @@ -96,5 +95,4 @@ create_resources('python::virtualenv', $python_virtualenvs) create_resources('python::requirements', $python_requirements) create_resources('python::dotfile', $python_dotfiles) - } diff --git a/manifests/install.pp b/manifests/install.pp index 6861c5e9..fd063cdf 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -5,7 +5,6 @@ # include python::install # class python::install { - $python = $python::version ? { 'system' => 'python', 'pypy' => 'pypy', @@ -67,7 +66,6 @@ case $python::provider { 'pip': { - if $python::manage_pip_package { package { 'pip': ensure => $pip_ensure, @@ -208,7 +206,7 @@ 'AIX': { if String($python::version) =~ /^python3/ { class { 'python::pip::bootstrap': - version => 'pip3', + version => 'pip3', } } else { if $python::manage_pip_package { @@ -227,7 +225,6 @@ provider => 'yum', } } - } default: { if $python::manage_pip_package { @@ -243,7 +240,6 @@ alias => $pythondev, } } - } } diff --git a/manifests/params.pp b/manifests/params.pp index af9bfd4d..8ff6a669 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -34,8 +34,8 @@ } $pip_lookup_path = $facts['os']['family'] ? { - 'AIX' => [ '/bin', '/usr/bin', '/usr/local/bin', '/opt/freeware/bin/' ], - default => [ '/bin', '/usr/bin', '/usr/local/bin' ] + 'AIX' => ['/bin', '/usr/bin', '/usr/local/bin', '/opt/freeware/bin/'], + default => ['/bin', '/usr/bin', '/usr/local/bin'] } $gunicorn_package_name = $facts['os']['family'] ? { diff --git a/manifests/pip.pp b/manifests/pip.pp index fdafcb12..8f09c95d 100644 --- a/manifests/pip.pp +++ b/manifests/pip.pp @@ -68,7 +68,7 @@ String[1] $log_dir = '/tmp', Array[String] $path = ['/usr/local/bin','/usr/bin','/bin', '/usr/sbin'], String[1] $exec_provider = 'shell', -){ +) { $python_provider = getparam(Class['python'], 'provider') $python_version = getparam(Class['python'], 'version') @@ -111,9 +111,9 @@ } $pypi_index = $index ? { - false => '', - default => "--index-url=${index}", - } + false => '', + default => "--index-url=${index}", + } $proxy_flag = $proxy ? { undef => '', @@ -204,15 +204,15 @@ # Note: we DO need to repeat ourselves with "from version" in both grep and sed as on some systems pip returns # more than one line with paretheses. $latest_version = join(["${pip_install} ${pypi_index} ${proxy_flag} ${install_args} ${install_editable} ${real_pkgname}==notreallyaversion 2>&1", - ' | grep -oP "\(from versions: .*\)" | sed -E "s/\(from versions: (.*?, )*(.*)\)/\2/g"', - ' | tr -d "[:space:]"']) + ' | grep -oP "\(from versions: .*\)" | sed -E "s/\(from versions: (.*?, )*(.*)\)/\2/g"', + ' | tr -d "[:space:]"']) # Packages with underscores in their names are listed with dashes in their place in `pip freeze` output $pkgname_with_dashes = regsubst($real_pkgname, '_', '-', 'G') $grep_regex_pkgname_with_dashes = "^${pkgname_with_dashes}==" $installed_version = join(["${pip_env} freeze --all", - " | grep -i -e ${grep_regex_pkgname_with_dashes} | cut -d= -f3", - " | tr -d '[:space:]'"]) + " | grep -i -e ${grep_regex_pkgname_with_dashes} | cut -d= -f3", + " | tr -d '[:space:]'"]) $command = "${pip_install} --upgrade ${pip_common_args}" $unless_command = "[ \$(${latest_version}) = \$(${installed_version}) ]" @@ -243,5 +243,4 @@ path => $_path, provider => $exec_provider, } - } diff --git a/manifests/pip/bootstrap.pp b/manifests/pip/bootstrap.pp index 7dcbc2b4..1b69c8ae 100644 --- a/manifests/pip/bootstrap.pp +++ b/manifests/pip/bootstrap.pp @@ -26,8 +26,8 @@ $environ = $http_proxy ? { undef => [], default => $facts['os']['family'] ? { - 'AIX' => [ "http_proxy=${http_proxy}", "https_proxy=${http_proxy}" ], - default => [ "HTTP_PROXY=${http_proxy}", "HTTPS_PROXY=${http_proxy}" ], + 'AIX' => ["http_proxy=${http_proxy}", "https_proxy=${http_proxy}"], + default => ["HTTP_PROXY=${http_proxy}", "HTTPS_PROXY=${http_proxy}"], } } diff --git a/manifests/pyvenv.pp b/manifests/pyvenv.pp index a9b00721..8b8d59d5 100644 --- a/manifests/pyvenv.pp +++ b/manifests/pyvenv.pp @@ -29,7 +29,7 @@ $owner = 'root', $group = 'root', $mode = '0755', - $path = [ '/bin', '/usr/bin', '/usr/sbin', '/usr/local/bin' ], + $path = ['/bin', '/usr/bin', '/usr/sbin', '/usr/local/bin'], $environment = [], ) { include python @@ -44,7 +44,7 @@ $normalized_python_version = sprintf('%s.%s', $python_version_parts[0], $python_version_parts[1]) # Debian splits the venv module into a seperate package - if ( $facts['os']['family'] == 'Debian'){ + if ( $facts['os']['family'] == 'Debian') { $python3_venv_package="python${normalized_python_version}-venv" case $facts['os']['distro']['codename'] { 'xenial','bionic','cosmic','disco', diff --git a/manifests/requirements.pp b/manifests/requirements.pp index e1f65878..e0fbcf2b 100644 --- a/manifests/requirements.pp +++ b/manifests/requirements.pp @@ -42,7 +42,6 @@ $log_dir = '/tmp', $timeout = 1800, ) { - include python if $virtualenv == 'system' and ($owner != 'root' or $group != 'root') { @@ -81,7 +80,7 @@ # the same requirements file. if !defined(File[$requirements]) and $manage_requirements == true { file { $requirements: - ensure => present, + ensure => file, mode => '0644', owner => $owner_real, group => $group_real, diff --git a/manifests/virtualenv.pp b/manifests/virtualenv.pp index ebc22498..e19cfa3b 100644 --- a/manifests/virtualenv.pp +++ b/manifests/virtualenv.pp @@ -44,7 +44,7 @@ $mode = '0755', Optional[Stdlib::HTTPUrl] $proxy = undef, $environment = [], - $path = [ '/bin', '/usr/bin', '/usr/sbin', '/usr/local/bin' ], + $path = ['/bin', '/usr/bin', '/usr/sbin', '/usr/local/bin'], $cwd = undef, $timeout = 1800, $pip_args = '', diff --git a/spec/acceptance/facts_test_spec.rb b/spec/acceptance/facts_test_spec.rb index af136015..39c1ad83 100644 --- a/spec/acceptance/facts_test_spec.rb +++ b/spec/acceptance/facts_test_spec.rb @@ -18,7 +18,7 @@ class { 'python' : EOS # rubocop:disable RSpec/RepeatedExample - it 'outputs python facts when not installed' do # rubocop:disable RSpec/MultipleExpectations + it 'outputs python facts when not installed' do apply_manifest(fact_notices, catch_failures: true) do |r| expect(r.stdout).to match(%r{python_version: \S+}) expect(r.stdout).to match(%r{pip_version: \S+}) @@ -31,7 +31,7 @@ class { 'python' : apply_manifest(install_python, catch_failures: true) end - it 'outputs python facts when installed' do # rubocop:disable RSpec/MultipleExpectations + it 'outputs python facts when installed' do apply_manifest(fact_notices, catch_failures: true) do |r| expect(r.stdout).to match(%r{python_version: \S+}) expect(r.stdout).to match(%r{pip_version: \S+}) diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index ffbdaf47..bec34fdd 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -1,3 +1,6 @@ +# This file is completely managed via modulesync require 'voxpupuli/acceptance/spec_helper_acceptance' configure_beaker + +Dir['./spec/support/acceptance/**/*.rb'].sort.each { |f| require f }