parent
b925a00048
commit
1774df001e
@ -0,0 +1,113 @@ |
||||
# Byte-compiled / optimized / DLL files |
||||
__pycache__/ |
||||
*.py[cod] |
||||
*$py.class |
||||
|
||||
# C extensions |
||||
*.so |
||||
|
||||
# Distribution / packaging |
||||
.Python |
||||
env/ |
||||
build/ |
||||
develop-eggs/ |
||||
dist/ |
||||
downloads/ |
||||
eggs/ |
||||
.eggs/ |
||||
lib/ |
||||
lib64/ |
||||
parts/ |
||||
sdist/ |
||||
var/ |
||||
wheels/ |
||||
*.egg-info/ |
||||
.installed.cfg |
||||
*.egg |
||||
|
||||
# PyInstaller |
||||
# Usually these files are written by a python script from a packager |
||||
# before PyInstaller builds the exe, so as to inject date/other infos into it. |
||||
*.manifest |
||||
*.spec |
||||
|
||||
# Installer logs |
||||
pip-log.txt |
||||
pip-delete-this-directory.txt |
||||
|
||||
# Unit test / coverage reports |
||||
htmlcov/ |
||||
.tox/ |
||||
.coverage |
||||
.coverage.* |
||||
.cache |
||||
nosetests.xml |
||||
coverage.xml |
||||
*.cover |
||||
.hypothesis/ |
||||
.kitchen |
||||
.kitchen.local.yml |
||||
kitchen.local.yml |
||||
|
||||
# Translations |
||||
*.mo |
||||
*.pot |
||||
|
||||
# Django stuff: |
||||
*.log |
||||
local_settings.py |
||||
|
||||
# Flask stuff: |
||||
instance/ |
||||
.webassets-cache |
||||
|
||||
# Scrapy stuff: |
||||
.scrapy |
||||
|
||||
# Sphinx documentation |
||||
docs/_build/ |
||||
|
||||
# PyBuilder |
||||
target/ |
||||
|
||||
# Jupyter Notebook |
||||
.ipynb_checkpoints |
||||
|
||||
# pyenv |
||||
.python-version |
||||
|
||||
# celery beat schedule file |
||||
celerybeat-schedule |
||||
|
||||
# SageMath parsed files |
||||
*.sage.py |
||||
|
||||
# dotenv |
||||
.env |
||||
|
||||
# virtualenv |
||||
.venv |
||||
venv/ |
||||
ENV/ |
||||
|
||||
# Spyder project settings |
||||
.spyderproject |
||||
.spyproject |
||||
|
||||
# Rope project settings |
||||
.ropeproject |
||||
|
||||
# mkdocs documentation |
||||
/site |
||||
|
||||
# mypy |
||||
.mypy_cache/ |
||||
|
||||
# Bundler |
||||
Gemfile.lock |
||||
|
||||
# copied `.md` files used for conversion to `.rst` using `m2r` |
||||
docs/*.md |
||||
|
||||
# Vim |
||||
*.sw? |
@ -0,0 +1,48 @@ |
||||
stages: |
||||
- test |
||||
|
||||
#sudo: required |
||||
cache: bundler |
||||
language: ruby |
||||
|
||||
services: |
||||
- docker |
||||
|
||||
# Make sure the instances listed below match up with |
||||
# the `platforms` defined in `kitchen.yml` |
||||
# NOTE: Please try to select up to six instances that add some meaningful |
||||
# testing of the formula's behaviour. If possible, try to refrain from |
||||
# the classical "chosing all the instances because I want to test on |
||||
# another/all distro/s" trap: it will just add time to the testing (see |
||||
# the discussion on #121). As an example, the set chosen below covers |
||||
# the most used distros families, systemd and non-systemd and the latest |
||||
# three supported Saltstack versions with python2 and 3." |
||||
# As for `kitchen.yml`, that should still contain all of the platforms, |
||||
# to allow for comprehensive local testing |
||||
# Ref: https://github.com/saltstack-formulas/template-formula/issues/118 |
||||
# Ref: https://github.com/saltstack-formulas/template-formula/issues/121 |
||||
env: |
||||
matrix: |
||||
- INSTANCE: default-debian-9-2019-2-py3 |
||||
# - INSTANCE: default-ubuntu-1804-2019-2-py3 |
||||
- INSTANCE: default-centos-7-2019-2-py3 |
||||
# - INSTANCE: default-fedora-29-2019-2-py3 |
||||
- INSTANCE: default-opensuse-leap-15-2019-2-py3 |
||||
# - INSTANCE: default-debian-9-2018-3-py2 |
||||
- INSTANCE: default-ubuntu-1604-2018-3-py2 |
||||
# - INSTANCE: default-centos-7-2018-3-py2 |
||||
- INSTANCE: default-fedora-29-2018-3-py2 |
||||
# TODO: Use this when fixed instead of `opensuse-leap-42` |
||||
# Ref: https://github.com/netmanagers/salt-image-builder/issues/2 |
||||
# - INSTANCE: default-opensuse-leap-15-2018-3-py2 |
||||
# - INSTANCE: default-opensuse-leap-42-2018-3-py2 |
||||
# - INSTANCE: default-debian-8-2017-7-py2 |
||||
# - INSTANCE: default-ubuntu-1604-2017-7-py2 |
||||
# TODO: Enable after improving the formula to work with other than `systemd` |
||||
- INSTANCE: default-centos-6-2017-7-py2 |
||||
# - INSTANCE: default-fedora-28-2017-7-py2 |
||||
# - INSTANCE: default-opensuse-leap-42-2017-7-py2 |
||||
|
||||
script: |
||||
- bundle exec kitchen verify ${INSTANCE} |
||||
|
@ -0,0 +1,6 @@ |
||||
source "https://rubygems.org" |
||||
|
||||
gem 'kitchen-docker', '>= 2.9' |
||||
gem 'kitchen-salt', '>= 0.6.0' |
||||
gem 'kitchen-inspec', '>= 1.1' |
||||
|
@ -0,0 +1,110 @@ |
||||
# -*- coding: utf-8 -*- |
||||
# vim: ft=yaml |
||||
--- |
||||
# For help on this file's format, see https://kitchen.ci/ |
||||
driver: |
||||
name: docker |
||||
use_sudo: false |
||||
privileged: true |
||||
run_command: /lib/systemd/systemd |
||||
|
||||
# Make sure the platforms listed below match up with |
||||
# the `env.matrix` instances defined in `.travis.yml` |
||||
platforms: |
||||
## SALT 2019.2 |
||||
- name: debian-9-2019-2-py3 |
||||
driver: |
||||
image: netmanagers/salt-2019.2-py3:debian-9 |
||||
- name: ubuntu-1804-2019-2-py3 |
||||
driver: |
||||
image: netmanagers/salt-2019.2-py3:ubuntu-18.04 |
||||
- name: centos-7-2019-2-py3 |
||||
driver: |
||||
image: netmanagers/salt-2019.2-py3:centos-7 |
||||
- name: fedora-29-2019-2-py3 |
||||
driver: |
||||
image: netmanagers/salt-2019.2-py3:fedora-29 |
||||
- name: opensuse-leap-15-2019-2-py3 |
||||
driver: |
||||
image: netmanagers/salt-2019.2-py3:opensuse-leap-15 |
||||
run_command: /usr/lib/systemd/systemd |
||||
|
||||
## SALT 2018.3 |
||||
- name: debian-9-2018-3-py2 |
||||
driver: |
||||
image: netmanagers/salt-2018.3-py2:debian-9 |
||||
- name: ubuntu-1604-2018-3-py2 |
||||
driver: |
||||
image: netmanagers/salt-2018.3-py2:ubuntu-16.04 |
||||
- name: centos-7-2018-3-py2 |
||||
driver: |
||||
image: netmanagers/salt-2018.3-py2:centos-7 |
||||
- name: fedora-29-2018-3-py2 |
||||
driver: |
||||
image: netmanagers/salt-2018.3-py2:fedora-29 |
||||
# TODO: Use this when fixed instead of `opensuse-leap-42` |
||||
# Ref: https://github.com/netmanagers/salt-image-builder/issues/2 |
||||
# - name: opensuse-leap-15-2018-3-py2 |
||||
# driver: |
||||
# image: netmanagers/salt-2018.3-py2:opensuse-leap-15 |
||||
# run_command: /usr/lib/systemd/systemd |
||||
- name: opensuse-leap-42-2018-3-py2 |
||||
driver: |
||||
image: netmanagers/salt-2018.3-py2:opensuse-leap-42 |
||||
run_command: /usr/lib/systemd/systemd |
||||
|
||||
## SALT 2017.7 |
||||
- name: debian-8-2017-7-py2 |
||||
driver: |
||||
image: netmanagers/salt-2017.7-py2:debian-8 |
||||
- name: ubuntu-1604-2017-7-py2 |
||||
driver: |
||||
image: netmanagers/salt-2017.7-py2:ubuntu-16.04 |
||||
# TODO: Modify the formula to work for non-`systemd` platforms |
||||
- name: centos-6-2017-7-py2 |
||||
driver: |
||||
image: netmanagers/salt-2017.7-py2:centos-6 |
||||
run_command: /sbin/init |
||||
- name: fedora-28-2017-7-py2 |
||||
driver: |
||||
image: netmanagers/salt-2017.7-py2:fedora-28 |
||||
- name: opensuse-leap-42-2017-7-py2 |
||||
driver: |
||||
image: netmanagers/salt-2017.7-py2:opensuse-leap-42 |
||||
run_command: /usr/lib/systemd/systemd |
||||
|
||||
provisioner: |
||||
name: salt_solo |
||||
log_level: info |
||||
salt_install: none |
||||
require_chef: false |
||||
formula: sudoers |
||||
salt_copy_filter: |
||||
- .kitchen |
||||
- .git |
||||
state_top: |
||||
base: |
||||
'*': |
||||
- sudoers |
||||
pillars: |
||||
top.sls: |
||||
base: |
||||
'*': |
||||
- kitchen |
||||
- sudoers |
||||
pillars_from_files: |
||||
kitchen.sls: test/salt/pillar/kitchen.sls |
||||
sudoers.sls: test/salt/pillar/default.sls |
||||
|
||||
verifier: |
||||
# https://www.inspec.io/ |
||||
name: inspec |
||||
sudo: true |
||||
# cli, documentation, html, progress, json, json-min, json-rspec, junit |
||||
reporter: |
||||
- cli |
||||
inspec_tests: |
||||
- path: test/integration/default |
||||
|
||||
suites: |
||||
- name: default |
@ -0,0 +1,8 @@ |
||||
|
||||
control 'Sudo package' do |
||||
title 'should be installed' |
||||
|
||||
describe package('sudo') do |
||||
it { should be_installed } |
||||
end |
||||
end |
@ -0,0 +1,12 @@ |
||||
name: sudoers |
||||
title: Sudoers Formula |
||||
maintainer: Saltstack-formulas |
||||
license: Apache-2.0 |
||||
summary: Verify that the sudoers formula is setup and configured correctly |
||||
supports: |
||||
- os-name: debian |
||||
- os-name: ubuntu |
||||
- os-name: centos |
||||
- os-name: fedora |
||||
- os-name: opensuse |
||||
- os-name: suse |
@ -0,0 +1,60 @@ |
||||
sudoers: |
||||
# By default the main sudoers file is managed by this formula (False to skip) |
||||
manage_main_config: True |
||||
users: |
||||
johndoe: |
||||
- 'ALL=(ALL) ALL' |
||||
- 'ALL=(root) NOPASSWD: /etc/init.d/httpd' |
||||
groups: |
||||
sudo: |
||||
- 'ALL=(ALL) ALL' |
||||
- 'ALL=(nodejs) NOPASSWD: ALL' |
||||
netgroups: |
||||
sysadmins: |
||||
- 'ALL=(ALL) ALL' |
||||
defaults: |
||||
generic: |
||||
- env_reset |
||||
- mail_badpass |
||||
- secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" |
||||
user_list: |
||||
johndoe: '!requiretty' |
||||
ADMINS: '!lecture' |
||||
host_list: |
||||
www1: 'log_year, logfile=/var/log/sudo.log' |
||||
command_list: |
||||
PROCESSES: 'noexec' |
||||
runas_list: |
||||
root: '!set_logname' |
||||
aliases: |
||||
hosts: |
||||
WEBSERVERS: |
||||
- www1 |
||||
- www2 |
||||
- www3 |
||||
users: |
||||
ADMINS: |
||||
- millert |
||||
- dowdy |
||||
- mikef |
||||
commands: |
||||
PROCESSES: |
||||
- /usr/bin/nice |
||||
- /bin/kill |
||||
- /usr/bin/renice |
||||
- /usr/bin/pkill |
||||
- /usr/bin/top |
||||
includedir: /etc/sudoers.d |
||||
included_files: |
||||
/etc/sudoers.d/extra-file: |
||||
users: |
||||
foo: |
||||
- 'ALL=(ALL) ALL' |
||||
extra-file-2: |
||||
groups: |
||||
bargroup: |
||||
- 'ALL=(ALL) NOPASSWD: ALL' |
||||
extra-file-3: |
||||
netgroups: |
||||
other_netgroup: |
||||
- 'ALL=(ALL) ALL' |
@ -0,0 +1,7 @@ |
||||
# Pillar needed to run Inspec inside Docker image using sudo to authenticate |
||||
# Must be added to pillar of all test suites |
||||
sudoers: |
||||
users: |
||||
kitchen: |
||||
- 'ALL=(root) NOPASSWD: ALL' |
||||
|
Loading…
Reference in new issue