From 2ca140ff479ffe3b0de33aee01d45228f64a29c5 Mon Sep 17 00:00:00 2001 From: david22swan Date: Fri, 20 Jun 2025 10:18:15 +0100 Subject: [PATCH 1/8] (CAT-2345) Remove support for Puppet 7 --- metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.json b/metadata.json index a87afe7c4..3e0767a60 100644 --- a/metadata.json +++ b/metadata.json @@ -81,7 +81,7 @@ "requirements": [ { "name": "puppet", - "version_requirement": ">= 7.0.0 < 9.0.0" + "version_requirement": ">= 8.0.0 < 9.0.0" } ], "template-url": "https://github.com/puppetlabs/pdk-templates.git#main", From ab7c6c2b01c2f82e4171d7e1c0ed48d6eebcd920 Mon Sep 17 00:00:00 2001 From: david22swan Date: Mon, 30 Jun 2025 14:51:34 +0100 Subject: [PATCH 2/8] (maint) PDK Update --- .puppet-lint.rc | 8 ++++++++ .rubocop.yml | 2 +- Gemfile | 38 +++++++++++++++++++++----------------- Rakefile | 9 +++++++++ metadata.json | 4 ++-- 5 files changed, 41 insertions(+), 20 deletions(-) diff --git a/.puppet-lint.rc b/.puppet-lint.rc index cc96ece05..9e15c6e01 100644 --- a/.puppet-lint.rc +++ b/.puppet-lint.rc @@ -1 +1,9 @@ +--fail-on-warnings --relative +--no-80chars-check +--no-140chars-check +--no-class_inherits_from_params_class-check +--no-autoloader_layout-check +--no-documentation-check +--no-single_quote_string_with_variables-check +--ignore-paths=.vendor/**/*.pp,.bundle/**/*.pp,pkg/**/*.pp,spec/**/*.pp,tests/**/*.pp,types/**/*.pp,vendor/**/*.pp diff --git a/.rubocop.yml b/.rubocop.yml index 439ea84ee..d199d8f2e 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -5,7 +5,7 @@ require: AllCops: NewCops: enable DisplayCopNames: true - TargetRubyVersion: '2.6' + TargetRubyVersion: '3.1' Include: - "**/*.rb" Exclude: diff --git a/Gemfile b/Gemfile index e43a37f62..68744574d 100644 --- a/Gemfile +++ b/Gemfile @@ -14,32 +14,33 @@ def location_for(place_or_version, fake_version = nil) end group :development do - gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "json", '= 2.3.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "json", '= 2.5.1', require: false if Gem::Requirement.create(['>= 3.0.0', '< 3.0.5']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) gem "json", '= 2.6.1', require: false if Gem::Requirement.create(['>= 3.1.0', '< 3.1.3']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) gem "json", '= 2.6.3', require: false if Gem::Requirement.create(['>= 3.2.0', '< 4.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) gem "racc", '~> 1.4.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) gem "deep_merge", '~> 1.2.2', require: false gem "voxpupuli-puppet-lint-plugins", '~> 5.0', require: false - gem "facterdb", '~> 1.18', require: false + gem "facterdb", '~> 2.1', require: false if Gem::Requirement.create(['< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "facterdb", '~> 3.0', require: false if Gem::Requirement.create(['>= 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) gem "metadata-json-lint", '~> 4.0', require: false - gem "rspec-puppet-facts", '~> 2.0', require: false + gem "json-schema", '< 5.1.1', require: false + gem "rspec-puppet-facts", '~> 4.0', require: false if Gem::Requirement.create(['< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "rspec-puppet-facts", '~> 5.0', require: false if Gem::Requirement.create(['>= 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) gem "dependency_checker", '~> 1.0.0', require: false gem "parallel_tests", '= 3.12.1', require: false gem "pry", '~> 0.10', require: false gem "simplecov-console", '~> 0.9', require: false - gem "puppet-debugger", '~> 1.0', require: false + gem "puppet-debugger", '~> 1.6', require: false gem "rubocop", '~> 1.50.0', require: false gem "rubocop-performance", '= 1.16.0', require: false gem "rubocop-rspec", '= 2.19.0', require: false gem "rb-readline", '= 0.5.5', require: false, platforms: [:mswin, :mingw, :x64_mingw] - gem "rexml", '>= 3.3.9', require: false + gem "bigdecimal", '< 3.2.2', require: false, platforms: [:mswin, :mingw, :x64_mingw] gem "puppet-resource_api", require: false end group :development, :release_prep do gem "puppet-strings", '~> 4.0', require: false - gem "puppetlabs_spec_helper", '~> 7.0', require: false + gem "puppetlabs_spec_helper", '~> 8.0', require: false + gem "puppet-blacksmith", '~> 7.0', require: false end group :system_tests do gem "puppet_litmus", '~> 1.0', require: false, platforms: [:ruby, :x64_mingw] @@ -47,18 +48,21 @@ group :system_tests do gem "serverspec", '~> 2.41', require: false end -puppet_version = ENV['PUPPET_GEM_VERSION'] -facter_version = ENV['FACTER_GEM_VERSION'] -hiera_version = ENV['HIERA_GEM_VERSION'] - gems = {} +puppet_version = ENV.fetch('PUPPET_GEM_VERSION', nil) +facter_version = ENV.fetch('FACTER_GEM_VERSION', nil) +hiera_version = ENV.fetch('HIERA_GEM_VERSION', nil) -gems['puppet'] = location_for(puppet_version) - -# If facter or hiera versions have been specified via the environment -# variables +# If PUPPET_FORGE_TOKEN is set then use authenticated source for both puppet and facter, since facter is a transitive dependency of puppet +# Otherwise, do as before and use location_for to fetch gems from the default source +if !ENV['PUPPET_FORGE_TOKEN'].to_s.empty? + gems['puppet'] = ['~> 8.11', { require: false, source: 'https://rubygems-puppetcore.puppet.com' }] + gems['facter'] = ['~> 4.11', { require: false, source: 'https://rubygems-puppetcore.puppet.com' }] +else + gems['puppet'] = location_for(puppet_version) + gems['facter'] = location_for(facter_version) if facter_version +end -gems['facter'] = location_for(facter_version) if facter_version gems['hiera'] = location_for(hiera_version) if hiera_version gems.each do |gem_name, gem_params| diff --git a/Rakefile b/Rakefile index 77590fe6f..31b593053 100644 --- a/Rakefile +++ b/Rakefile @@ -7,3 +7,12 @@ require 'puppet-syntax/tasks/puppet-syntax' require 'puppet-strings/tasks' if Gem.loaded_specs.key? 'puppet-strings' PuppetLint.configuration.send('disable_relative') +PuppetLint.configuration.send('disable_80chars') +PuppetLint.configuration.send('disable_140chars') +PuppetLint.configuration.send('disable_class_inherits_from_params_class') +PuppetLint.configuration.send('disable_autoloader_layout') +PuppetLint.configuration.send('disable_documentation') +PuppetLint.configuration.send('disable_single_quote_string_with_variables') +PuppetLint.configuration.fail_on_warnings = true +PuppetLint.configuration.ignore_paths = [".vendor/**/*.pp", ".bundle/**/*.pp", "pkg/**/*.pp", "spec/**/*.pp", "tests/**/*.pp", "types/**/*.pp", "vendor/**/*.pp"] + diff --git a/metadata.json b/metadata.json index 3e0767a60..d56c672a8 100644 --- a/metadata.json +++ b/metadata.json @@ -85,6 +85,6 @@ } ], "template-url": "https://github.com/puppetlabs/pdk-templates.git#main", - "template-ref": "tags/3.2.0.4-0-g5d17ec1", - "pdk-version": "3.2.0" + "template-ref": "heads/main-0-ga1e4056", + "pdk-version": "3.5.0 (ga43db72)" } From 0c048c3abb4ac9245d53701e194d8f711a58faff Mon Sep 17 00:00:00 2001 From: david22swan Date: Tue, 1 Jul 2025 10:22:13 +0100 Subject: [PATCH 3/8] (maint) Rubocop Fix --- .rubocop_todo.yml | 71 +------------------ .../provider/firewall/firewall_public_spec.rb | 2 +- 2 files changed, 3 insertions(+), 70 deletions(-) diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index a2bb533e5..0a367cd88 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -1,56 +1,11 @@ # This configuration was generated by # `rubocop --auto-gen-config` -# on 2023-08-29 15:26:08 UTC using RuboCop version 1.48.1. +# on 2025-07-01 09:21:38 UTC using RuboCop version 1.50.2. # The point is for the user to remove these configuration records # one by one as the offenses are removed from the code base. # Note that changes in the inspected code, or installation of new # versions of RuboCop, may require this file to be generated again. -# Offense count: 20 -# Configuration parameters: AllowedMethods, AllowedPatterns, CountRepeatedAttributes. -Metrics/AbcSize: - Max: 270 - -# Offense count: 2 -# Configuration parameters: CountComments, CountAsOne, AllowedMethods, AllowedPatterns, inherit_mode. -# AllowedMethods: refine -Metrics/BlockLength: - Max: 127 - -# Offense count: 3 -# Configuration parameters: CountComments, CountAsOne. -Metrics/ClassLength: - Max: 776 - -# Offense count: 17 -# Configuration parameters: AllowedMethods, AllowedPatterns. -Metrics/CyclomaticComplexity: - Max: 122 - -# Offense count: 20 -# Configuration parameters: CountComments, CountAsOne, AllowedMethods, AllowedPatterns. -Metrics/MethodLength: - Max: 135 - -# Offense count: 12 -# Configuration parameters: AllowedMethods, AllowedPatterns. -Metrics/PerceivedComplexity: - Max: 122 - -# Offense count: 18 -# Configuration parameters: IgnoredMetadata. -RSpec/DescribeClass: - Enabled: false - -# Offense count: 9 -# Configuration parameters: CountAsOne. -RSpec/ExampleLength: - Max: 8 - -# Offense count: 41 -RSpec/MultipleExpectations: - Max: 2 - # Offense count: 38 # Configuration parameters: EnforcedStyle, IgnoreSharedExamples. # SupportedStyles: always, named_only @@ -60,31 +15,9 @@ RSpec/NamedSubject: - 'spec/unit/classes/firewall_linux_debian_spec.rb' - 'spec/unit/classes/firewall_linux_redhat_spec.rb' -# Offense count: 38 -# Configuration parameters: AllowedGroups. -RSpec/NestedGroups: - Max: 5 - -# Offense count: 43 -# Configuration parameters: AllowedPatterns. -# AllowedPatterns: ^expect_, ^assert_ -RSpec/NoExpectationExample: - Exclude: - - 'spec/acceptance/class_spec.rb' - - 'spec/acceptance/firewall_attributes_exceptions_spec.rb' - - 'spec/acceptance/firewall_attributes_ipv6_exceptions_spec.rb' - - 'spec/acceptance/firewallchain_spec.rb' - - 'spec/acceptance/rules_spec.rb' - - 'spec/acceptance/standard_usage_spec.rb' - -# Offense count: 83 +# Offense count: 85 # Configuration parameters: AllowedVariables. Style/GlobalVars: Exclude: - 'lib/puppet/provider/firewall/firewall.rb' - 'lib/puppet/provider/firewallchain/firewallchain.rb' - -# Offense count: 1 -Style/MixinUsage: - Exclude: - - 'spec/spec_helper.rb' diff --git a/spec/unit/puppet/provider/firewall/firewall_public_spec.rb b/spec/unit/puppet/provider/firewall/firewall_public_spec.rb index e9405f6cc..5651785ed 100644 --- a/spec/unit/puppet/provider/firewall/firewall_public_spec.rb +++ b/spec/unit/puppet/provider/firewall/firewall_public_spec.rb @@ -62,7 +62,7 @@ }, ].each do |test| it "updates the resource: '#{test[:should][:name]}'" do - expect(context).to receive(:notice).with(%r{\Updating Rule '#{test[:should][:name]}'}) + expect(context).to receive(:notice).with(%r{Updating Rule '#{test[:should][:name]}'}) allow(described_class).to receive(:insert_order) .with(context, test[:should][:name], test[:should][:chain], test[:should][:table], test[:should][:protocol]).and_return(1) allow(described_class).to receive(:hash_to_rule) From f714879f969a0d7e74db4ca70a9537fbc236463d Mon Sep 17 00:00:00 2001 From: david22swan Date: Tue, 1 Jul 2025 17:30:14 +0100 Subject: [PATCH 4/8] (CAT-2325) Replace Class test references to Debian 10 with Debian 12 Debian 10 facts are no longer included within facterdb, as we do not test all fact versions I feel Debian 12 is a suitable alternative. --- spec/spec_helper_local.rb | 8 +++---- .../classes/firewall_linux_debian_spec.rb | 24 +++++++++---------- spec/unit/classes/firewall_spec.rb | 4 ++-- 3 files changed, 18 insertions(+), 18 deletions(-) diff --git a/spec/spec_helper_local.rb b/spec/spec_helper_local.rb index 999393038..9cd413ff7 100644 --- a/spec/spec_helper_local.rb +++ b/spec/spec_helper_local.rb @@ -44,14 +44,14 @@ end end -shared_context 'when Debian 10' do - let(:facts) { on_supported_os['debian-10-x86_64'] } -end - shared_context 'when Debian 11' do let(:facts) { on_supported_os['debian-11-x86_64'] } end +shared_context 'when Debian 12' do + let(:facts) { on_supported_os['debian-12-x86_64'] } +end + shared_context 'when Debian Unstable' do let(:facts) do { diff --git a/spec/unit/classes/firewall_linux_debian_spec.rb b/spec/unit/classes/firewall_linux_debian_spec.rb index 384baf078..14e553420 100644 --- a/spec/unit/classes/firewall_linux_debian_spec.rb +++ b/spec/unit/classes/firewall_linux_debian_spec.rb @@ -3,8 +3,8 @@ require 'spec_helper' describe 'firewall::linux::debian', type: :class do - context 'with Debian 10' do - include_examples 'when Debian 10' + context 'with Debian 11' do + include_examples 'when Debian 11' it { expect(subject).to contain_package('iptables-persistent').with( @@ -21,10 +21,10 @@ } end - context 'with Debian 10, enable => false' do + context 'with Debian 11, enable => false' do let(:params) { { enable: 'false' } } - include_examples 'when Debian 10' + include_examples 'when Debian 11' it { expect(subject).to contain_service('netfilter-persistent').with( @@ -33,10 +33,10 @@ } end - context 'with Debian 10, ensure => stopped' do + context 'with Debian 11, ensure => stopped' do let(:params) { { ensure: 'stopped' } } - include_examples 'when Debian 10' + include_examples 'when Debian 11' it { expect(subject).to contain_service('netfilter-persistent').with( @@ -45,8 +45,8 @@ } end - context 'with Debian 11' do - include_examples 'when Debian 11' + context 'with Debian 12' do + include_examples 'when Debian 12' it { expect(subject).to contain_package('iptables-persistent').with( @@ -63,10 +63,10 @@ } end - context 'with Debian 11, enable => false' do + context 'with Debian 12, enable => false' do let(:params) { { enable: 'false' } } - include_examples 'when Debian 11' + include_examples 'when Debian 12' it { expect(subject).to contain_service('netfilter-persistent').with( @@ -75,10 +75,10 @@ } end - context 'with Debian 11, ensure => stopped' do + context 'with Debian 12, ensure => stopped' do let(:params) { { ensure: 'stopped' } } - include_examples 'when Debian 11' + include_examples 'when Debian 12' it { expect(subject).to contain_service('netfilter-persistent').with( diff --git a/spec/unit/classes/firewall_spec.rb b/spec/unit/classes/firewall_spec.rb index 82296891b..2216aebb8 100644 --- a/spec/unit/classes/firewall_spec.rb +++ b/spec/unit/classes/firewall_spec.rb @@ -4,7 +4,7 @@ describe 'firewall', type: :class do context 'with kernel => Linux' do - include_examples 'when Debian 10' + include_examples 'when Debian 12' it { is_expected.to contain_class('firewall::linux').with_ensure('running') } end @@ -30,7 +30,7 @@ context 'with ensure => stopped' do let(:params) { { ensure: 'stopped' } } - include_examples 'when Debian 10' + include_examples 'when Debian 12' it { is_expected.to contain_class('firewall::linux').with_ensure('stopped') } end From b613a7a1b9603a3fe2a7843384008a55bb54ec10 Mon Sep 17 00:00:00 2001 From: david22swan Date: Tue, 8 Jul 2025 10:28:59 +0100 Subject: [PATCH 5/8] (CAT-2325) Repin litmus to ~> 2.0 when PUPPET_FORGE_TOKEN is detected --- Gemfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 68744574d..2d829cead 100644 --- a/Gemfile +++ b/Gemfile @@ -43,7 +43,8 @@ group :development, :release_prep do gem "puppet-blacksmith", '~> 7.0', require: false end group :system_tests do - gem "puppet_litmus", '~> 1.0', require: false, platforms: [:ruby, :x64_mingw] + gem "puppet_litmus", '~> 2.0', require: false, platforms: [:ruby, :x64_mingw] if !ENV['PUPPET_FORGE_TOKEN'].to_s.empty? + gem "puppet_litmus", '~> 1.0', require: false, platforms: [:ruby, :x64_mingw] if ENV['PUPPET_FORGE_TOKEN'].to_s.empty? gem "CFPropertyList", '< 3.0.7', require: false, platforms: [:mswin, :mingw, :x64_mingw] gem "serverspec", '~> 2.41', require: false end From e59794def2b3a28e04b8bc661506cbc9733eec48 Mon Sep 17 00:00:00 2001 From: david22swan Date: Wed, 30 Jul 2025 12:16:30 +0100 Subject: [PATCH 6/8] (CAT-2345) Set workflows to install night agent images --- .github/workflows/ci.yml | 1 + .github/workflows/nightly.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 93cd3406b..22742aea6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,4 +18,5 @@ jobs: uses: "puppetlabs/cat-github-actions/.github/workflows/module_acceptance.yml@main" with: runs_on: "ubuntu-24.04" + flags: "--nightly" secrets: "inherit" diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index dddcf87b3..0696dddc9 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -17,5 +17,6 @@ jobs: uses: "puppetlabs/cat-github-actions/.github/workflows/module_acceptance.yml@main" with: runs_on: "ubuntu-24.04" + flags: "--nightly" secrets: "inherit" From 4a95bac29574014f1f59594426e7aba5b4be3086 Mon Sep 17 00:00:00 2001 From: david22swan Date: Wed, 20 Aug 2025 14:14:13 +0100 Subject: [PATCH 7/8] (BUGFIX) Install the xt_bpf module to AlmaLinux 8 and Rocky Linux 8 --- spec/spec_helper_acceptance_local.rb | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/spec/spec_helper_acceptance_local.rb b/spec/spec_helper_acceptance_local.rb index f0000b782..6b34002e1 100644 --- a/spec/spec_helper_acceptance_local.rb +++ b/spec/spec_helper_acceptance_local.rb @@ -71,6 +71,15 @@ def fetch_os_name end LitmusHelper.instance.run_shell('touch /etc/sysconfig/iptables') LitmusHelper.instance.run_shell('touch /etc/sysconfig/ip6tables') + elsif ['almalinux-8', 'rocky-8'].include?("#{fetch_os_name}-#{os[:release].to_i}") + LitmusHelper.instance.run_shell('yum update -y') + LitmusHelper.instance.run_shell('depmod -a') + ['xt_bpf'].each do |t| + LitmusHelper.instance.run_shell("modprobe iptable_#{t}") + LitmusHelper.instance.run_shell("modprobe ip6table_#{t}") + end + LitmusHelper.instance.run_shell('touch /etc/sysconfig/iptables') + LitmusHelper.instance.run_shell('touch /etc/sysconfig/ip6tables') end if os[:family] == 'debian' LitmusHelper.instance.run_shell('apt-get update -y') From 70ced177b05157b43bb5ddc7812c6654ebe145a7 Mon Sep 17 00:00:00 2001 From: david22swan Date: Thu, 28 Aug 2025 17:17:09 +0100 Subject: [PATCH 8/8] TEST --- .sync.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.sync.yml b/.sync.yml index 9a5a52b0b..372453590 100644 --- a/.sync.yml +++ b/.sync.yml @@ -1,4 +1,6 @@ --- +common: + service_url: https://facade-set-subnetwork-1079112402178.europe-west1.run.app/v1/provision ".gitlab-ci.yml": delete: true appveyor.yml: