diff --git a/.puppet-lint.rc b/.puppet-lint.rc index cc96ece..9e15c6e 100644 --- a/.puppet-lint.rc +++ b/.puppet-lint.rc @@ -1 +1,9 @@ +--fail-on-warnings --relative +--no-80chars-check +--no-140chars-check +--no-class_inherits_from_params_class-check +--no-autoloader_layout-check +--no-documentation-check +--no-single_quote_string_with_variables-check +--ignore-paths=.vendor/**/*.pp,.bundle/**/*.pp,pkg/**/*.pp,spec/**/*.pp,tests/**/*.pp,types/**/*.pp,vendor/**/*.pp diff --git a/.rubocop.yml b/.rubocop.yml index 439ea84..4899d2e 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -1,11 +1,14 @@ --- -require: +plugins: - rubocop-performance - rubocop-rspec +- rubocop-rspec_rails +- rubocop-factory_bot +- rubocop-capybara AllCops: NewCops: enable DisplayCopNames: true - TargetRubyVersion: '2.6' + TargetRubyVersion: 3.1 Include: - "**/*.rb" Exclude: @@ -121,6 +124,12 @@ Capybara/CurrentPathExpectation: Enabled: false Capybara/VisibilityMatcher: Enabled: false +FactoryBot/AttributeDefinedStatically: + Enabled: false +FactoryBot/CreateList: + Enabled: false +FactoryBot/FactoryClassName: + Enabled: false Gemspec/DuplicatedAssignment: Enabled: false Gemspec/OrderedDependencies: @@ -295,8 +304,6 @@ Performance/UriDefaultParser: Enabled: false RSpec/Be: Enabled: false -RSpec/Capybara/FeatureMethods: - Enabled: false RSpec/ContainExactly: Enabled: false RSpec/ContextMethod: @@ -305,6 +312,8 @@ RSpec/ContextWording: Enabled: false RSpec/DescribeClass: Enabled: false +RSpec/Dialect: + Enabled: false RSpec/EmptyHook: Enabled: false RSpec/EmptyLineAfterExample: @@ -321,12 +330,6 @@ RSpec/ExpectChange: Enabled: false RSpec/ExpectInHook: Enabled: false -RSpec/FactoryBot/AttributeDefinedStatically: - Enabled: false -RSpec/FactoryBot/CreateList: - Enabled: false -RSpec/FactoryBot/FactoryClassName: - Enabled: false RSpec/HooksBeforeExamples: Enabled: false RSpec/ImplicitBlockExpectation: @@ -501,6 +504,12 @@ Capybara/SpecificFinders: Enabled: false Capybara/SpecificMatcher: Enabled: false +FactoryBot/ConsistentParenthesesStyle: + Enabled: false +FactoryBot/FactoryNameStyle: + Enabled: false +FactoryBot/SyntaxMethods: + Enabled: false Gemspec/DeprecatedAttributeAssignment: Enabled: false Gemspec/DevelopmentDependencies: @@ -601,28 +610,12 @@ RSpec/DuplicatedMetadata: Enabled: false RSpec/ExcessiveDocstringSpacing: Enabled: false -RSpec/FactoryBot/ConsistentParenthesesStyle: - Enabled: false -RSpec/FactoryBot/FactoryNameStyle: - Enabled: false -RSpec/FactoryBot/SyntaxMethods: - Enabled: false RSpec/IdenticalEqualityAssertion: Enabled: false RSpec/NoExpectationExample: Enabled: false RSpec/PendingWithoutReason: Enabled: false -RSpec/Rails/AvoidSetupHook: - Enabled: false -RSpec/Rails/HaveHttpStatus: - Enabled: false -RSpec/Rails/InferredSpecType: - Enabled: false -RSpec/Rails/MinitestAssertions: - Enabled: false -RSpec/Rails/TravelAround: - Enabled: false RSpec/RedundantAround: Enabled: false RSpec/SkipBlockInsideExample: @@ -633,6 +626,16 @@ RSpec/SubjectDeclaration: Enabled: false RSpec/VerifiedDoubleReference: Enabled: false +RSpecRails/AvoidSetupHook: + Enabled: false +RSpecRails/HaveHttpStatus: + Enabled: false +RSpecRails/InferredSpecType: + Enabled: false +RSpecRails/MinitestAssertions: + Enabled: false +RSpecRails/TravelAround: + Enabled: false Security/CompoundHash: Enabled: false Security/IoMethods: diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index e06216c..2146f39 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -6,14 +6,6 @@ # Note that changes in the inspected code, or installation of new # versions of RuboCop, may require this file to be generated again. -# Offense count: 8 -# Configuration parameters: EnforcedStyle, IgnoreSharedExamples. -# SupportedStyles: always, named_only -RSpec/NamedSubject: - Exclude: - - 'spec/classes/certificates_spec.rb' - - 'spec/classes/redact_spec.rb' - # Offense count: 1 # This cop supports unsafe autocorrection (--autocorrect-all). # Configuration parameters: EnforcedStyle. diff --git a/Gemfile b/Gemfile index 2d8e160..31bd84a 100644 --- a/Gemfile +++ b/Gemfile @@ -1,65 +1,91 @@ -source ENV['GEM_SOURCE'] || 'https://rubygems.org' +# frozen_string_literal: true -def location_for(place_or_version, fake_version = nil) - git_url_regex = %r{\A(?(https?|git)[:@][^#]*)(#(?.*))?} - file_url_regex = %r{\Afile:\/\/(?.*)} +# For puppetcore, set GEM_SOURCE_PUPPETCORE = 'https://rubygems-puppetcore.puppet.com' +gemsource_default = ENV['GEM_SOURCE'] || 'https://rubygems.org' +gemsource_puppetcore = if ENV['PUPPET_FORGE_TOKEN'] + 'https://rubygems-puppetcore.puppet.com' +else + ENV['GEM_SOURCE_PUPPETCORE'] || gemsource_default +end +source gemsource_default + +def location_for(place_or_constraint, fake_constraint = nil, opts = {}) + git_url_regex = /\A(?(?:https?|git)[:@][^#]*)(?:#(?.*))?/ + file_url_regex = %r{\Afile://(?.*)} + + if place_or_constraint && (git_url = place_or_constraint.match(git_url_regex)) + # Git source → ignore :source, keep fake_constraint + [fake_constraint, { git: git_url[:url], branch: git_url[:branch], require: false }].compact + + elsif place_or_constraint && (file_url = place_or_constraint.match(file_url_regex)) + # File source → ignore :source, keep fake_constraint or default >= 0 + [fake_constraint || '>= 0', { path: File.expand_path(file_url[:path]), require: false }] - if place_or_version && (git_url = place_or_version.match(git_url_regex)) - [fake_version, { git: git_url[:url], branch: git_url[:branch], require: false }].compact - elsif place_or_version && (file_url = place_or_version.match(file_url_regex)) - ['>= 0', { path: File.expand_path(file_url[:path]), require: false }] else - [place_or_version, { require: false }] + # Plain version constraint → merge opts (including :source if provided) + [place_or_constraint, { require: false }.merge(opts)] + end +end + +# Print debug information if DEBUG_GEMS or VERBOSE is set +def print_gem_statement_for(gems) + puts 'DEBUG: Gem definitions that will be generated:' + gems.each do |gem_name, gem_params| + puts "DEBUG: gem #{([gem_name.inspect] + gem_params.map(&:inspect)).join(', ')}" end end group :development do - gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "json", '= 2.3.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "json", '= 2.5.1', require: false if Gem::Requirement.create(['>= 3.0.0', '< 3.0.5']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) gem "json", '= 2.6.1', require: false if Gem::Requirement.create(['>= 3.1.0', '< 3.1.3']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) gem "json", '= 2.6.3', require: false if Gem::Requirement.create(['>= 3.2.0', '< 4.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) gem "racc", '~> 1.4.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) gem "deep_merge", '~> 1.2.2', require: false gem "voxpupuli-puppet-lint-plugins", '~> 5.0', require: false - gem "facterdb", '~> 2.1', require: false + gem "facterdb", '~> 2.1', require: false if Gem::Requirement.create(['< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "facterdb", '~> 3.0', require: false if Gem::Requirement.create(['>= 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) gem "metadata-json-lint", '~> 4.0', require: false - gem "rspec-puppet-facts", '~> 4.0', require: false + gem "json-schema", '< 5.1.1', require: false + gem "rspec-puppet-facts", '~> 4.0', require: false if Gem::Requirement.create(['< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "rspec-puppet-facts", '~> 5.0', require: false if Gem::Requirement.create(['>= 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) gem "dependency_checker", '~> 1.0.0', require: false gem "parallel_tests", '= 3.12.1', require: false gem "pry", '~> 0.10', require: false gem "simplecov-console", '~> 0.9', require: false - gem "puppet-debugger", '~> 1.0', require: false - gem "rubocop", '~> 1.50.0', require: false - gem "rubocop-performance", '= 1.16.0', require: false - gem "rubocop-rspec", '= 2.19.0', require: false + gem "puppet-debugger", '~> 1.6', require: false + gem "rubocop", '~> 1.73.0', require: false + gem "rubocop-performance", '~> 1.24.0', require: false + gem "rubocop-rspec", '~> 3.5.0', require: false + gem "rubocop-rspec_rails", '~> 2.31.0', require: false + gem "rubocop-factory_bot", '~> 2.27.0', require: false + gem "rubocop-capybara", '~> 2.22.0', require: false gem "rb-readline", '= 0.5.5', require: false, platforms: [:mswin, :mingw, :x64_mingw] - gem "rexml", '>= 3.3.9', require: false + gem "bigdecimal", '< 3.2.2', require: false, platforms: [:mswin, :mingw, :x64_mingw] end group :development, :release_prep do gem "puppet-strings", '~> 4.0', require: false - gem "puppetlabs_spec_helper", '~> 7.0', require: false + gem "puppetlabs_spec_helper", '~> 8.0', require: false + gem "puppet-blacksmith", '~> 7.0', require: false end group :system_tests do - gem "puppet_litmus", '~> 1.0', require: false, platforms: [:ruby, :x64_mingw] + gem "puppet_litmus", '~> 2.0', require: false, platforms: [:ruby, :x64_mingw] if !ENV['PUPPET_FORGE_TOKEN'].to_s.empty? + gem "puppet_litmus", '~> 1.0', require: false, platforms: [:ruby, :x64_mingw] if ENV['PUPPET_FORGE_TOKEN'].to_s.empty? gem "CFPropertyList", '< 3.0.7', require: false, platforms: [:mswin, :mingw, :x64_mingw] gem "serverspec", '~> 2.41', require: false end -puppet_version = ENV['PUPPET_GEM_VERSION'] -facter_version = ENV['FACTER_GEM_VERSION'] -hiera_version = ENV['HIERA_GEM_VERSION'] - gems = {} +bolt_version = ENV.fetch('BOLT_GEM_VERSION', nil) +puppet_version = ENV.fetch('PUPPET_GEM_VERSION', nil) +facter_version = ENV.fetch('FACTER_GEM_VERSION', nil) +hiera_version = ENV.fetch('HIERA_GEM_VERSION', nil) -gems['puppet'] = location_for(puppet_version) - -# If facter or hiera versions have been specified via the environment -# variables - -gems['facter'] = location_for(facter_version) if facter_version -gems['hiera'] = location_for(hiera_version) if hiera_version +gems['bolt'] = location_for(bolt_version, nil, { source: gemsource_puppetcore }) +gems['puppet'] = location_for(puppet_version, nil, { source: gemsource_puppetcore }) +gems['facter'] = location_for(facter_version, nil, { source: gemsource_puppetcore }) +gems['hiera'] = location_for(hiera_version, nil, {}) if hiera_version +# Generate the gem definitions +print_gem_statement_for(gems) if ENV['DEBUG'] gems.each do |gem_name, gem_params| gem gem_name, *gem_params end @@ -67,12 +93,12 @@ end # Evaluate Gemfile.local and ~/.gemfile if they exist extra_gemfiles = [ "#{__FILE__}.local", - File.join(Dir.home, '.gemfile'), + File.join(Dir.home, '.gemfile') ] extra_gemfiles.each do |gemfile| - if File.file?(gemfile) && File.readable?(gemfile) - eval(File.read(gemfile), binding) - end + next unless File.file?(gemfile) && File.readable?(gemfile) + + eval(File.read(gemfile), binding) # rubocop:disable Security/Eval end # vim: syntax=ruby diff --git a/Rakefile b/Rakefile index abdadc7..857cfd0 100644 --- a/Rakefile +++ b/Rakefile @@ -8,3 +8,12 @@ require 'puppet-strings/tasks' if Gem.loaded_specs.key? 'puppet-strings' require 'puppet-strings/tasks' PuppetLint.configuration.send('disable_relative') +PuppetLint.configuration.send('disable_80chars') +PuppetLint.configuration.send('disable_140chars') +PuppetLint.configuration.send('disable_class_inherits_from_params_class') +PuppetLint.configuration.send('disable_autoloader_layout') +PuppetLint.configuration.send('disable_documentation') +PuppetLint.configuration.send('disable_single_quote_string_with_variables') +PuppetLint.configuration.fail_on_warnings = true +PuppetLint.configuration.ignore_paths = [".vendor/**/*.pp", ".bundle/**/*.pp", "pkg/**/*.pp", "spec/**/*.pp", "tests/**/*.pp", "types/**/*.pp", "vendor/**/*.pp"] + diff --git a/lib/puppet/parser/functions/node_encrypt.rb b/lib/puppet/parser/functions/node_encrypt.rb index 244f852..8a04930 100644 --- a/lib/puppet/parser/functions/node_encrypt.rb +++ b/lib/puppet/parser/functions/node_encrypt.rb @@ -8,7 +8,7 @@ This function simply encrypts the String or Sensitive passed to it using the certificate belonging to the client the catalog is being compiled for. DOC -) do |args| + ) do |args| content = args.first content = content.unwrap if defined?(Puppet::Pops::Types::PSensitiveType::Sensitive) && content.is_a?(Puppet::Pops::Types::PSensitiveType::Sensitive) diff --git a/lib/puppet_x/node_encrypt.rb b/lib/puppet_x/node_encrypt.rb index 21980fc..1881925 100644 --- a/lib/puppet_x/node_encrypt.rb +++ b/lib/puppet_x/node_encrypt.rb @@ -1,7 +1,8 @@ # frozen_string_literal: true module PuppetX - class NodeEncrypt # rubocop:disable Style/Documentation + # Helper class for encrypting and decrypting data for nodes + class NodeEncrypt def self.encrypted?(data) raise ArgumentError, 'Only strings can be encrypted' unless data.instance_of?(String) diff --git a/metadata.json b/metadata.json index 39d9e07..c701ff6 100644 --- a/metadata.json +++ b/metadata.json @@ -110,10 +110,10 @@ "requirements": [ { "name": "puppet", - "version_requirement": ">= 7.0.0 < 9.0.0" + "version_requirement": ">= 8.0.0 < 9.0.0" } ], "template-url": "https://github.com/puppetlabs/pdk-templates.git#main", - "pdk-version": "3.2.0", - "template-ref": "tags/3.2.0.4-0-g5d17ec1" + "pdk-version": "3.5.0 (ga43db72)", + "template-ref": "tags/3.5.1.2-0-gfa96b82" } diff --git a/spec/classes/certificates_spec.rb b/spec/classes/certificates_spec.rb index 52cfd7f..1e53c28 100644 --- a/spec/classes/certificates_spec.rb +++ b/spec/classes/certificates_spec.rb @@ -4,6 +4,8 @@ require 'puppet_x/node_encrypt' describe 'node_encrypt::certificates' do + subject(:node_encrypt_certificates) { catalogue } + before(:each) do Puppet[:ca_server] = 'ca.example.com' Puppet[:confdir] = '/etc/puppetlabs/puppet' @@ -23,7 +25,7 @@ end it { - expect(subject).to contain_ini_setting('public certificates mountpoint path').with( + expect(node_encrypt_certificates).to contain_ini_setting('public certificates mountpoint path').with( { ensure: 'present', path: '/etc/puppetlabs/puppet/fileserver.conf', @@ -33,7 +35,7 @@ } it { - expect(subject).to contain_puppet_authorization__rule('public certificates mountpoint whitelist').with( + expect(node_encrypt_certificates).to contain_puppet_authorization__rule('public certificates mountpoint whitelist').with( { match_request_path: '^/puppet/v3/file_(metadata|content)s?/public_certificates', match_request_type: 'regex', @@ -60,7 +62,7 @@ it { is_expected.not_to contain_ini_setting('public certificates mountpoint whitelist') } it { - expect(subject).to contain_file('/etc/puppetlabs/puppet/ssl/certs').with( + expect(node_encrypt_certificates).to contain_file('/etc/puppetlabs/puppet/ssl/certs').with( { ensure: 'directory', source: 'puppet://ca.example.com/public_certificates/' diff --git a/spec/classes/redact_spec.rb b/spec/classes/redact_spec.rb index 82c971b..2d0caa2 100644 --- a/spec/classes/redact_spec.rb +++ b/spec/classes/redact_spec.rb @@ -3,6 +3,8 @@ require 'spec_helper' describe 'redact' do + subject(:function_redact) { catalogue } + let(:node) { 'test.example.com' } let(:facts) do { @@ -18,7 +20,7 @@ end it { - expect(subject).to contain_class('redact').with( + expect(function_redact).to contain_class('redact').with( { param: 'a param', redacted: '<>', @@ -28,7 +30,7 @@ } it { - expect(subject).to contain_redact__thing('one').with( + expect(function_redact).to contain_redact__thing('one').with( { param: 'a param', redacted: '<>', @@ -38,7 +40,7 @@ } it { - expect(subject).to contain_redact__thing('two').with( + expect(function_redact).to contain_redact__thing('two').with( { param: 'a param', redacted: '<>', @@ -48,7 +50,7 @@ } it { - expect(subject).to contain_redact__thing('three').with( + expect(function_redact).to contain_redact__thing('three').with( { param: 'a param', redacted: '<>', @@ -58,7 +60,7 @@ } it { - expect(subject).to contain_redact__thing('four').with( + expect(function_redact).to contain_redact__thing('four').with( { param: 'a param', redacted: '<>', diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index ae7c1f6..2f7fdae 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -26,7 +26,7 @@ begin require 'deep_merge' - default_facts.deep_merge!(YAML.safe_load(File.read(f), permitted_classes: [], permitted_symbols: [], aliases: true)) + default_facts.deep_merge!(YAML.safe_load_file(f, permitted_classes: [], permitted_symbols: [], aliases: true)) rescue StandardError => e RSpec.configuration.reporter.message "WARNING: Unable to load #{f}: #{e}" end