diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 93cd3406b..22742aea6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,4 +18,5 @@ jobs: uses: "puppetlabs/cat-github-actions/.github/workflows/module_acceptance.yml@main" with: runs_on: "ubuntu-24.04" + flags: "--nightly" secrets: "inherit" diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index dddcf87b3..0696dddc9 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -17,5 +17,6 @@ jobs: uses: "puppetlabs/cat-github-actions/.github/workflows/module_acceptance.yml@main" with: runs_on: "ubuntu-24.04" + flags: "--nightly" secrets: "inherit" diff --git a/.puppet-lint.rc b/.puppet-lint.rc index cc96ece05..9e15c6e01 100644 --- a/.puppet-lint.rc +++ b/.puppet-lint.rc @@ -1 +1,9 @@ +--fail-on-warnings --relative +--no-80chars-check +--no-140chars-check +--no-class_inherits_from_params_class-check +--no-autoloader_layout-check +--no-documentation-check +--no-single_quote_string_with_variables-check +--ignore-paths=.vendor/**/*.pp,.bundle/**/*.pp,pkg/**/*.pp,spec/**/*.pp,tests/**/*.pp,types/**/*.pp,vendor/**/*.pp diff --git a/.rubocop.yml b/.rubocop.yml index 439ea84ee..d199d8f2e 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -5,7 +5,7 @@ require: AllCops: NewCops: enable DisplayCopNames: true - TargetRubyVersion: '2.6' + TargetRubyVersion: '3.1' Include: - "**/*.rb" Exclude: diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index a2bb533e5..0a367cd88 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -1,56 +1,11 @@ # This configuration was generated by # `rubocop --auto-gen-config` -# on 2023-08-29 15:26:08 UTC using RuboCop version 1.48.1. +# on 2025-07-01 09:21:38 UTC using RuboCop version 1.50.2. # The point is for the user to remove these configuration records # one by one as the offenses are removed from the code base. # Note that changes in the inspected code, or installation of new # versions of RuboCop, may require this file to be generated again. -# Offense count: 20 -# Configuration parameters: AllowedMethods, AllowedPatterns, CountRepeatedAttributes. -Metrics/AbcSize: - Max: 270 - -# Offense count: 2 -# Configuration parameters: CountComments, CountAsOne, AllowedMethods, AllowedPatterns, inherit_mode. -# AllowedMethods: refine -Metrics/BlockLength: - Max: 127 - -# Offense count: 3 -# Configuration parameters: CountComments, CountAsOne. -Metrics/ClassLength: - Max: 776 - -# Offense count: 17 -# Configuration parameters: AllowedMethods, AllowedPatterns. -Metrics/CyclomaticComplexity: - Max: 122 - -# Offense count: 20 -# Configuration parameters: CountComments, CountAsOne, AllowedMethods, AllowedPatterns. -Metrics/MethodLength: - Max: 135 - -# Offense count: 12 -# Configuration parameters: AllowedMethods, AllowedPatterns. -Metrics/PerceivedComplexity: - Max: 122 - -# Offense count: 18 -# Configuration parameters: IgnoredMetadata. -RSpec/DescribeClass: - Enabled: false - -# Offense count: 9 -# Configuration parameters: CountAsOne. -RSpec/ExampleLength: - Max: 8 - -# Offense count: 41 -RSpec/MultipleExpectations: - Max: 2 - # Offense count: 38 # Configuration parameters: EnforcedStyle, IgnoreSharedExamples. # SupportedStyles: always, named_only @@ -60,31 +15,9 @@ RSpec/NamedSubject: - 'spec/unit/classes/firewall_linux_debian_spec.rb' - 'spec/unit/classes/firewall_linux_redhat_spec.rb' -# Offense count: 38 -# Configuration parameters: AllowedGroups. -RSpec/NestedGroups: - Max: 5 - -# Offense count: 43 -# Configuration parameters: AllowedPatterns. -# AllowedPatterns: ^expect_, ^assert_ -RSpec/NoExpectationExample: - Exclude: - - 'spec/acceptance/class_spec.rb' - - 'spec/acceptance/firewall_attributes_exceptions_spec.rb' - - 'spec/acceptance/firewall_attributes_ipv6_exceptions_spec.rb' - - 'spec/acceptance/firewallchain_spec.rb' - - 'spec/acceptance/rules_spec.rb' - - 'spec/acceptance/standard_usage_spec.rb' - -# Offense count: 83 +# Offense count: 85 # Configuration parameters: AllowedVariables. Style/GlobalVars: Exclude: - 'lib/puppet/provider/firewall/firewall.rb' - 'lib/puppet/provider/firewallchain/firewallchain.rb' - -# Offense count: 1 -Style/MixinUsage: - Exclude: - - 'spec/spec_helper.rb' diff --git a/.sync.yml b/.sync.yml index 9a5a52b0b..372453590 100644 --- a/.sync.yml +++ b/.sync.yml @@ -1,4 +1,6 @@ --- +common: + service_url: https://facade-set-subnetwork-1079112402178.europe-west1.run.app/v1/provision ".gitlab-ci.yml": delete: true appveyor.yml: diff --git a/Gemfile b/Gemfile index e43a37f62..2d829cead 100644 --- a/Gemfile +++ b/Gemfile @@ -14,51 +14,56 @@ def location_for(place_or_version, fake_version = nil) end group :development do - gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "json", '= 2.3.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "json", '= 2.5.1', require: false if Gem::Requirement.create(['>= 3.0.0', '< 3.0.5']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) gem "json", '= 2.6.1', require: false if Gem::Requirement.create(['>= 3.1.0', '< 3.1.3']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) gem "json", '= 2.6.3', require: false if Gem::Requirement.create(['>= 3.2.0', '< 4.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) gem "racc", '~> 1.4.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) gem "deep_merge", '~> 1.2.2', require: false gem "voxpupuli-puppet-lint-plugins", '~> 5.0', require: false - gem "facterdb", '~> 1.18', require: false + gem "facterdb", '~> 2.1', require: false if Gem::Requirement.create(['< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "facterdb", '~> 3.0', require: false if Gem::Requirement.create(['>= 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) gem "metadata-json-lint", '~> 4.0', require: false - gem "rspec-puppet-facts", '~> 2.0', require: false + gem "json-schema", '< 5.1.1', require: false + gem "rspec-puppet-facts", '~> 4.0', require: false if Gem::Requirement.create(['< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "rspec-puppet-facts", '~> 5.0', require: false if Gem::Requirement.create(['>= 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) gem "dependency_checker", '~> 1.0.0', require: false gem "parallel_tests", '= 3.12.1', require: false gem "pry", '~> 0.10', require: false gem "simplecov-console", '~> 0.9', require: false - gem "puppet-debugger", '~> 1.0', require: false + gem "puppet-debugger", '~> 1.6', require: false gem "rubocop", '~> 1.50.0', require: false gem "rubocop-performance", '= 1.16.0', require: false gem "rubocop-rspec", '= 2.19.0', require: false gem "rb-readline", '= 0.5.5', require: false, platforms: [:mswin, :mingw, :x64_mingw] - gem "rexml", '>= 3.3.9', require: false + gem "bigdecimal", '< 3.2.2', require: false, platforms: [:mswin, :mingw, :x64_mingw] gem "puppet-resource_api", require: false end group :development, :release_prep do gem "puppet-strings", '~> 4.0', require: false - gem "puppetlabs_spec_helper", '~> 7.0', require: false + gem "puppetlabs_spec_helper", '~> 8.0', require: false + gem "puppet-blacksmith", '~> 7.0', require: false end group :system_tests do - gem "puppet_litmus", '~> 1.0', require: false, platforms: [:ruby, :x64_mingw] + gem "puppet_litmus", '~> 2.0', require: false, platforms: [:ruby, :x64_mingw] if !ENV['PUPPET_FORGE_TOKEN'].to_s.empty? + gem "puppet_litmus", '~> 1.0', require: false, platforms: [:ruby, :x64_mingw] if ENV['PUPPET_FORGE_TOKEN'].to_s.empty? gem "CFPropertyList", '< 3.0.7', require: false, platforms: [:mswin, :mingw, :x64_mingw] gem "serverspec", '~> 2.41', require: false end -puppet_version = ENV['PUPPET_GEM_VERSION'] -facter_version = ENV['FACTER_GEM_VERSION'] -hiera_version = ENV['HIERA_GEM_VERSION'] - gems = {} +puppet_version = ENV.fetch('PUPPET_GEM_VERSION', nil) +facter_version = ENV.fetch('FACTER_GEM_VERSION', nil) +hiera_version = ENV.fetch('HIERA_GEM_VERSION', nil) -gems['puppet'] = location_for(puppet_version) - -# If facter or hiera versions have been specified via the environment -# variables +# If PUPPET_FORGE_TOKEN is set then use authenticated source for both puppet and facter, since facter is a transitive dependency of puppet +# Otherwise, do as before and use location_for to fetch gems from the default source +if !ENV['PUPPET_FORGE_TOKEN'].to_s.empty? + gems['puppet'] = ['~> 8.11', { require: false, source: 'https://rubygems-puppetcore.puppet.com' }] + gems['facter'] = ['~> 4.11', { require: false, source: 'https://rubygems-puppetcore.puppet.com' }] +else + gems['puppet'] = location_for(puppet_version) + gems['facter'] = location_for(facter_version) if facter_version +end -gems['facter'] = location_for(facter_version) if facter_version gems['hiera'] = location_for(hiera_version) if hiera_version gems.each do |gem_name, gem_params| diff --git a/Rakefile b/Rakefile index 77590fe6f..31b593053 100644 --- a/Rakefile +++ b/Rakefile @@ -7,3 +7,12 @@ require 'puppet-syntax/tasks/puppet-syntax' require 'puppet-strings/tasks' if Gem.loaded_specs.key? 'puppet-strings' PuppetLint.configuration.send('disable_relative') +PuppetLint.configuration.send('disable_80chars') +PuppetLint.configuration.send('disable_140chars') +PuppetLint.configuration.send('disable_class_inherits_from_params_class') +PuppetLint.configuration.send('disable_autoloader_layout') +PuppetLint.configuration.send('disable_documentation') +PuppetLint.configuration.send('disable_single_quote_string_with_variables') +PuppetLint.configuration.fail_on_warnings = true +PuppetLint.configuration.ignore_paths = [".vendor/**/*.pp", ".bundle/**/*.pp", "pkg/**/*.pp", "spec/**/*.pp", "tests/**/*.pp", "types/**/*.pp", "vendor/**/*.pp"] + diff --git a/metadata.json b/metadata.json index a87afe7c4..d56c672a8 100644 --- a/metadata.json +++ b/metadata.json @@ -81,10 +81,10 @@ "requirements": [ { "name": "puppet", - "version_requirement": ">= 7.0.0 < 9.0.0" + "version_requirement": ">= 8.0.0 < 9.0.0" } ], "template-url": "https://github.com/puppetlabs/pdk-templates.git#main", - "template-ref": "tags/3.2.0.4-0-g5d17ec1", - "pdk-version": "3.2.0" + "template-ref": "heads/main-0-ga1e4056", + "pdk-version": "3.5.0 (ga43db72)" } diff --git a/spec/spec_helper_acceptance_local.rb b/spec/spec_helper_acceptance_local.rb index f0000b782..6b34002e1 100644 --- a/spec/spec_helper_acceptance_local.rb +++ b/spec/spec_helper_acceptance_local.rb @@ -71,6 +71,15 @@ def fetch_os_name end LitmusHelper.instance.run_shell('touch /etc/sysconfig/iptables') LitmusHelper.instance.run_shell('touch /etc/sysconfig/ip6tables') + elsif ['almalinux-8', 'rocky-8'].include?("#{fetch_os_name}-#{os[:release].to_i}") + LitmusHelper.instance.run_shell('yum update -y') + LitmusHelper.instance.run_shell('depmod -a') + ['xt_bpf'].each do |t| + LitmusHelper.instance.run_shell("modprobe iptable_#{t}") + LitmusHelper.instance.run_shell("modprobe ip6table_#{t}") + end + LitmusHelper.instance.run_shell('touch /etc/sysconfig/iptables') + LitmusHelper.instance.run_shell('touch /etc/sysconfig/ip6tables') end if os[:family] == 'debian' LitmusHelper.instance.run_shell('apt-get update -y') diff --git a/spec/spec_helper_local.rb b/spec/spec_helper_local.rb index 999393038..9cd413ff7 100644 --- a/spec/spec_helper_local.rb +++ b/spec/spec_helper_local.rb @@ -44,14 +44,14 @@ end end -shared_context 'when Debian 10' do - let(:facts) { on_supported_os['debian-10-x86_64'] } -end - shared_context 'when Debian 11' do let(:facts) { on_supported_os['debian-11-x86_64'] } end +shared_context 'when Debian 12' do + let(:facts) { on_supported_os['debian-12-x86_64'] } +end + shared_context 'when Debian Unstable' do let(:facts) do { diff --git a/spec/unit/classes/firewall_linux_debian_spec.rb b/spec/unit/classes/firewall_linux_debian_spec.rb index 384baf078..14e553420 100644 --- a/spec/unit/classes/firewall_linux_debian_spec.rb +++ b/spec/unit/classes/firewall_linux_debian_spec.rb @@ -3,8 +3,8 @@ require 'spec_helper' describe 'firewall::linux::debian', type: :class do - context 'with Debian 10' do - include_examples 'when Debian 10' + context 'with Debian 11' do + include_examples 'when Debian 11' it { expect(subject).to contain_package('iptables-persistent').with( @@ -21,10 +21,10 @@ } end - context 'with Debian 10, enable => false' do + context 'with Debian 11, enable => false' do let(:params) { { enable: 'false' } } - include_examples 'when Debian 10' + include_examples 'when Debian 11' it { expect(subject).to contain_service('netfilter-persistent').with( @@ -33,10 +33,10 @@ } end - context 'with Debian 10, ensure => stopped' do + context 'with Debian 11, ensure => stopped' do let(:params) { { ensure: 'stopped' } } - include_examples 'when Debian 10' + include_examples 'when Debian 11' it { expect(subject).to contain_service('netfilter-persistent').with( @@ -45,8 +45,8 @@ } end - context 'with Debian 11' do - include_examples 'when Debian 11' + context 'with Debian 12' do + include_examples 'when Debian 12' it { expect(subject).to contain_package('iptables-persistent').with( @@ -63,10 +63,10 @@ } end - context 'with Debian 11, enable => false' do + context 'with Debian 12, enable => false' do let(:params) { { enable: 'false' } } - include_examples 'when Debian 11' + include_examples 'when Debian 12' it { expect(subject).to contain_service('netfilter-persistent').with( @@ -75,10 +75,10 @@ } end - context 'with Debian 11, ensure => stopped' do + context 'with Debian 12, ensure => stopped' do let(:params) { { ensure: 'stopped' } } - include_examples 'when Debian 11' + include_examples 'when Debian 12' it { expect(subject).to contain_service('netfilter-persistent').with( diff --git a/spec/unit/classes/firewall_spec.rb b/spec/unit/classes/firewall_spec.rb index 82296891b..2216aebb8 100644 --- a/spec/unit/classes/firewall_spec.rb +++ b/spec/unit/classes/firewall_spec.rb @@ -4,7 +4,7 @@ describe 'firewall', type: :class do context 'with kernel => Linux' do - include_examples 'when Debian 10' + include_examples 'when Debian 12' it { is_expected.to contain_class('firewall::linux').with_ensure('running') } end @@ -30,7 +30,7 @@ context 'with ensure => stopped' do let(:params) { { ensure: 'stopped' } } - include_examples 'when Debian 10' + include_examples 'when Debian 12' it { is_expected.to contain_class('firewall::linux').with_ensure('stopped') } end diff --git a/spec/unit/puppet/provider/firewall/firewall_public_spec.rb b/spec/unit/puppet/provider/firewall/firewall_public_spec.rb index e9405f6cc..5651785ed 100644 --- a/spec/unit/puppet/provider/firewall/firewall_public_spec.rb +++ b/spec/unit/puppet/provider/firewall/firewall_public_spec.rb @@ -62,7 +62,7 @@ }, ].each do |test| it "updates the resource: '#{test[:should][:name]}'" do - expect(context).to receive(:notice).with(%r{\Updating Rule '#{test[:should][:name]}'}) + expect(context).to receive(:notice).with(%r{Updating Rule '#{test[:should][:name]}'}) allow(described_class).to receive(:insert_order) .with(context, test[:should][:name], test[:should][:chain], test[:should][:table], test[:should][:protocol]).and_return(1) allow(described_class).to receive(:hash_to_rule)