fix(yamllint): fix all errors

```bash apache-formula$ yamllint -s . ./pillar.example 2:1 warning missing document start "---" (document-start) 5:26 warning truthy value should be one of [false, true] (truthy) 50:18 warning too few spaces before comment (comments) 51:16 warning truthy value should be one of [false, true] (truthy) 52:57 warning too few spaces before comment (comments) 52:89 error line too long (104 > 88 characters) (line-length) 67:33 warning truthy value should be one of [false, true] (truthy) 67:38 warning too few spaces before comment (comments) 69:31 warning too few spaces before comment (comments) 70:8 warning missing starting space in comment (comments) 75:53 warning too few spaces before comment (comments) 75:89 error line too long (98 > 88 characters) (line-length) 76:55 warning too few spaces before comment (comments) 76:89 error line too long (101 > 88 characters) (line-length) 78:50 warning too few spaces before comment (comments) 79:89 error line too long (95 > 88 characters) (line-length) 82:47 warning too few spaces before comment (comments) 83:54 warning too few spaces before comment (comments) 83:89 error line too long (100 > 88 characters) (line-length) 84:58 warning too few spaces before comment (comments) 84:89 error line too long (109 > 88 characters) (line-length) 93:32 warning too few spaces before comment (comments) 100:89 error line too long (105 > 88 characters) (line-length) 101:33 error trailing spaces (trailing-spaces) 102:16 warning truthy value should be one of [false, true] (truthy) 231:20 warning truthy value should be one of [false, true] (truthy) 242:32 warning too few spaces before comment (comments) 249:20 warning truthy value should be one of [false, true] (truthy) 254:20 warning truthy value should be one of [false, true] (truthy) 260:21 warning truthy value should be one of [false, true] (truthy) 283:8 warning missing starting space in comment (comments) 284:8 warning missing starting space in comment (comments) 297:15 warning too few spaces before comment (comments) 328:18 warning truthy value should be one of [false, true] (truthy) 330:20 warning truthy value should be one of [false, true] (truthy) 342:15 error empty value in block mapping (empty-values) 345:18 warning truthy value should be one of [false, true] (truthy) 348:18 warning truthy value should be one of [false, true] (truthy) 355:18 warning truthy value should be one of [false, true] (truthy) 358:89 error line too long (91 > 88 characters) (line-length) 359:26 warning truthy value should be one of [false, true] (truthy) 362:89 error line too long (99 > 88 characters) (line-length) 365:89 error line too long (267 > 88 characters) (line-length) 367:21 warning truthy value should be one of [false, true] (truthy) 369:26 warning truthy value should be one of [false, true] (truthy) 371:1 error too many blank lines (1 > 0) (empty-lines) ./apache/osfingermap.yaml 3:1 warning missing document start "---" (document-start) ./apache/modsecurity.yaml 4:1 warning missing document start "---" (document-start) 6:18 warning truthy value should be one of [false, true] (truthy) 7:20 warning truthy value should be one of [false, true] (truthy) 14:18 warning truthy value should be one of [false, true] (truthy) 15:20 warning truthy value should be one of [false, true] (truthy) 22:18 warning truthy value should be one of [false, true] (truthy) 23:20 warning truthy value should be one of [false, true] (truthy) ./apache/defaults.yaml 4:1 warning missing document start "---" (document-start) 5:26 warning truthy value should be one of [false, true] (truthy) 7:19 warning truthy value should be one of [false, true] (truthy) 10:18 warning truthy value should be one of [false, true] (truthy) 11:20 warning truthy value should be one of [false, true] (truthy) ./apache/oscodenamemap.yaml 4:1 warning missing document start "---" (document-start) 4:8 error trailing spaces (trailing-spaces) 9:8 error trailing spaces (trailing-spaces) 14:7 error trailing spaces (trailing-spaces) 19:6 error trailing spaces (trailing-spaces) 24:8 error trailing spaces (trailing-spaces) 29:9 error trailing spaces (trailing-spaces) 34:7 error trailing spaces (trailing-spaces) 39:8 error trailing spaces (trailing-spaces) 44:8 error trailing spaces (trailing-spaces) 50:9 error trailing spaces (trailing-spaces) 61:1 error too many blank lines (1 > 0) (empty-lines) ./apache/osfamilymap.yaml 4:1 warning missing document start "---" (document-start) 16:89 error line too long (104 > 88 characters) (line-length) 43:89 error line too long (105 > 88 characters) (line-length) 56:16 warning truthy value should be one of [false, true] (truthy) 114:11 error empty value in block mapping (empty-values) 114:11 error trailing spaces (trailing-spaces) ./test/salt/pillar/default.sls 5:26 warning truthy value should be one of [false, true] (truthy) 7:18 warning truthy value should be one of [false, true] (truthy) 8:20 warning truthy value should be one of [false, true] (truthy) ```
2019-10-17 04:48:22 +01:00 · 2019-10-17 04:48:22 +01:00 · 97f6ead9f4
commit 97f6ead9f4
parent 68b971bd77
7 changed files with 98 additions and 80 deletions
--- a/apache/defaults.yaml
+++ b/apache/defaults.yaml
@ -1,11 +1,11 @@
 # -*- coding: utf-8 -*-
 # vim: ft=yaml
-
+---
 apache:
-  manage_service_states: True
+  manage_service_states: true
  service_state: running
-  service_enable: True
+  service_enable: true

  mod_security:
-    crs_install: False
-    manage_config: False
+    crs_install: false
+    manage_config: false
--- a/apache/modsecurity.yaml
+++ b/apache/modsecurity.yaml
@ -1,25 +1,25 @@
 # -*- coding: utf-8 -*-
-# vim: ft=yam
-
+# vim: ft=yaml
+---
 Debian:
  mod_security:
-    crs_install: False
-    manage_config: False
+    crs_install: false
+    manage_config: false
    package: libapache2-mod-security2
    crs_package: modsecurity-crs
    config_file: /etc/modsecurity/modsecurity.conf-recommended

 RedHat:
  mod_security:
-    crs_install: False
-    manage_config: False
+    crs_install: false
+    manage_config: false
    package: mod_security
    crs_package: mod_security_crs
    config_file: /etc/httpd/conf.d/mod_security.conf

 Suse:
  mod_security:
-    crs_install: False
-    manage_config: False
+    crs_install: false
+    manage_config: false
    package: apache2-mod_security2
    config_file: /etc/apache2/conf.d/mod_security2.conf
--- a/apache/oscodenamemap.yaml
+++ b/apache/oscodenamemap.yaml
@ -1,53 +1,53 @@
 # -*- coding: utf-8 -*-
 # vim: ft=yaml
-
-trusty: 
+---
+trusty:
  confext: .conf
  default_site: 000-default.conf
  default_site_ssl: default-ssl.conf

-utopic: 
+utopic:
  confext: .conf
  default_site: 000-default.conf
  default_site_ssl: default-ssl.conf

-vivid: 
+vivid:
  confext: .conf
  default_site: 000-default.conf
  default_site_ssl: default-ssl.conf

-wily: 
+wily:
  confext: .conf
  default_site: 000-default.conf
  default_site_ssl: default-ssl.conf

-xenial: 
+xenial:
  confext: .conf
  default_site: 000-default.conf
  default_site_ssl: default-ssl.conf

-yakkety: 
+yakkety:
  confext: .conf
  default_site: 000-default.conf
  default_site_ssl: default-ssl.conf

-zesty: 
+zesty:
  confext: .conf
  default_site: 000-default.conf
  default_site_ssl: default-ssl.conf

-artful: 
+artful:
  confext: .conf
  default_site: 000-default.conf
  default_site_ssl: default-ssl.conf

-jessie: 
+jessie:
  wwwdir: /var/www
  confext: .conf
  default_site: 000-default.conf
  default_site_ssl: default-ssl.conf

-stretch: 
+stretch:
  wwwdir: /var/www
  confext: .conf
  default_site: 000-default.conf
@ -58,4 +58,3 @@ buster:
  confext: .conf
  default_site: 000-default.conf
  default_site_ssl: default-ssl.conf
-
--- a/apache/osfamilymap.yaml
+++ b/apache/osfamilymap.yaml
@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
 # vim: ft=yaml
-
+---
 Debian:
  server: apache2
  service: apache2
@ -13,6 +13,7 @@ Debian:
  mod_php5: libapache2-mod-php5
  mod_perl2: libapache2-mod-perl2
  mod_fcgid: libapache2-mod-fcgid
+  # yamllint disable-line rule:line-length
  mod_pagespeed_source: https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_amd64.deb
  mod_xsendfile: libapache2-mod-xsendfile
  mod_fastcgi: libapache2-mod-fastcgi
@ -40,6 +41,7 @@ RedHat:
  conf_mod_wsgi: /etc/httpd/conf.d/wsgi.conf
  mod_php5: php
  mod_fcgid: mod_fcgid
+  # yamllint disable-line rule:line-length
  mod_pagespeed_source: https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_x86_64.rpm
  mod_geoip: mod_geoip
  mod_geoip_database: GeoIP
@ -53,7 +55,7 @@ RedHat:
  logrotatedir: /etc/logrotate.d/httpd
  wwwdir: /var/www
  default_charset: UTF-8
-  use_require: False
+  use_require: false
  moddir: /etc/httpd/conf.modules.d

 Gentoo:
@ -111,7 +113,7 @@ FreeBSD:
  modulesdir: /usr/local/etc/apache24/modules.d
  global_document_root: /usr/local/www/apache24/data

-  confext: 
+  confext: ''
  default_site: default
  default_site_ssl: default-ssl
  logdir: /var/log/
--- a/apache/osfingermap.yaml
+++ b/apache/osfingermap.yaml
@ -1,5 +1,6 @@
 # -*- coding: utf-8 -*-
 # vim: ft=yaml
+---
 default:
  version: '2.4'
 Ubuntu-12.04:
--- a/pillar.example
+++ b/pillar.example
@ -1,8 +1,11 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
 # ``apache`` formula configuration:
 apache:

  # By default apache restart/reload states run (false skips)
-  manage_service_states: True
+  manage_service_states: true

  # lookup section overrides ``map.jinja`` values
  lookup:
@ -47,9 +50,10 @@ apache:
    example.net:
      template_file: salt://apache/vhosts/minimal.tmpl

-    example.com: # must be unique; used as an ID declaration in Salt.
-      enabled: True
-      template_file: salt://apache/vhosts/standard.tmpl # or minimal.tmpl or redirect.tmpl or proxy.tmpl
+    example.com:  # must be unique; used as an ID declaration in Salt.
+      enabled: true
+      # or minimal.tmpl or redirect.tmpl or proxy.tmpl
+      template_file: salt://apache/vhosts/standard.tmpl

      ####################### DEFAULT VALUES BELOW ############################
      # NOTE: the values below are simply default settings that *can* be
@ -64,42 +68,51 @@ apache:
      interface: '*'
      port: '80'

-      exclude_listen_directive: True # Do not add a Listen directive in httpd.conf
+      exclude_listen_directive: true  # Do not add a Listen directive in httpd.conf

-      ServerName: example.com # uses the unique ID above unless specified
-      #ServerAlias: www.example.com # Do not add ServerAlias unless defined
+      ServerName: example.com  # uses the unique ID above unless specified
+      # ServerAlias: www.example.com  # Do not add ServerAlias unless defined

      ServerAdmin: webmaster@example.com

      LogLevel: warn
-      ErrorLog: /path/to/logs/example.com-error.log # E.g.: /var/log/apache2/example.com-error.log
-      CustomLog: /path/to/logs/example.com-access.log # E.g.: /var/log/apache2/example.com-access.log
+      # E.g.: /var/log/apache2/example.com-error.log
+      ErrorLog: /path/to/logs/example.com-error.log
+      # E.g.: /var/log/apache2/example.com-access.log
+      CustomLog: /path/to/logs/example.com-access.log

-      DocumentRoot: /path/to/www/dir/example.com # E.g., /var/www/example.com
-      DocumentRootUser: null       # do not enforce user, defaults to lookup:document_root_user
-      DocumentRootGroup: www-data  # Force group, defaults to lookup:document_root_group
+      # E.g., /var/www/example.com
+      DocumentRoot: /path/to/www/dir/example.com
+      # do not enforce user, defaults to lookup:document_root_user
+      DocumentRootUser: null
+      # Force group, defaults to lookup:document_root_group
+      DocumentRootGroup: www-data

-      SSLCertificateFile: /etc/ssl/mycert.pem # if ssl is desired
-      SSLCertificateKeyFile: /etc/ssl/mycert.pem.key # if key for cert is needed or in an extra file
-      SSLCertificateChainFile: /etc/ssl/mycert.chain.pem # if you require a chain of server certificates file
+      # if ssl is desired
+      SSLCertificateFile: /etc/ssl/mycert.pem
+      # if key for cert is needed or in an extra file
+      SSLCertificateKeyFile: /etc/ssl/mycert.pem.key
+      # if you require a chain of server certificates file
+      SSLCertificateChainFile: /etc/ssl/mycert.chain.pem

      Directory:
        # "default" is a special case; uses DocumentRoot value
        # E.g.: /var/www/example.com
        default:
          Options: -Indexes +FollowSymLinks
-          Order: allow,deny    # For Apache < 2.4
-          Allow: from all      # For apache < 2.4
-          Require: all granted # For apache > 2.4.
+          Order: allow,deny     # For Apache < 2.4
+          Allow: from all       # For apache < 2.4
+          Require: all granted  # For apache > 2.4.
          AllowOverride: None
          Formula_Append: |
            Additional config as a
            multi-line string here

    redirectmatch.com:
-      # Use RedirectMatch Directive https://httpd.apache.org/docs/2.4/fr/mod/mod_alias.html#redirectmatch
-      # Require module mod_alias 
-      enabled: True
+      # Use RedirectMatch Directive
+      # - https://httpd.apache.org/docs/2.4/fr/mod/mod_alias.html#redirectmatch
+      # Require module mod_alias
+      enabled: true
      template_file: salt://apache/vhosts/redirect.tmpl
      ServerName: www.redirectmatch.com
      ServerAlias: www.redirectmatch.com
@ -228,7 +241,7 @@ apache:

      Location:
        /:
-          Require: False
+          Require: false
          Formula_Append: |
            SecRuleRemoveById 981231
            SecRuleRemoveById 981173
@ -237,27 +250,27 @@ apache:
          Require: 'all granted'

        /docs:
-          Order: allow,deny    # For Apache < 2.4
-          Allow: from all      # For apache < 2.4
-          Require: all granted # For apache > 2.4.
+          Order: allow,deny     # For Apache < 2.4
+          Allow: from all       # For apache < 2.4
+          Require: all granted  # For apache > 2.4.
          Formula_Append: |
            Additional config as a
            multi-line string here

      LocationMatch:
        '^[.\\/]+([Ww][Ee][Bb][Mm][Aa][Ii][Ll])[.\\/]':
-          Require: False
+          Require: false
          Formula_Append: |
            RequestHeader  set  Host  mail.example.com

        '^[.\\/]+([Ss][Vv][Cc])[.\\/]':
-          Require: False
+          Require: false
          Formula_Append: |
            Require ip 123.123.13.6 84.24.25.74

      Proxy_control:
        '*':
-          AllowAll: False
+          AllowAll: false
          AllowCountry:
            - DE
          AllowIP:
@ -280,21 +293,21 @@ apache:
      path: 'salt://path/to/sites-available/conf/file'
      state: 'enabled'
      # Optional - use managed file as Jinja Template
-      #template: true
-      #defaults:
-      #  custom_var: "default value"
+      # template: true
+      # defaults:
+      #   custom_var: "default value"

  modules:
-    enabled:  # List modules to enable
+    enabled:   # List modules to enable
      - ldap
      - ssl
    disabled:  # List modules to disable
      - rewrite

  flags:
-    enabled:  # List server flags to enable
+    enabled:   # List server flags to enable
      - SSL
-    disabled: # List server flags to disable
+    disabled:  # List server flags to disable
      - status

  # KeepAlive: Whether or not to allow persistent connections (more than
@ -325,9 +338,9 @@ apache:

  # ``apache.mod_security`` formula additional configuration:
  mod_security:
-    crs_install: True
+    crs_install: true
    # If not set, default distro's configuration is installed as is
-    manage_config: True
+    manage_config: true
    sec_rule_engine: 'On'
    sec_request_body_access: 'On'
    sec_request_body_limit: '14000000'
@ -339,33 +352,36 @@ apache:
    sec_debug_log_level: '3'

    rules:
-      enabled:
+      enabled: ~
      modsecurity_crs_10_setup.conf:
        rule_set: ''
-        enabled: True
+        enabled: true
      modsecurity_crs_20_protocol_violations.conf:
        rule_set: 'base_rules'
-        enabled: False
+        enabled: false

    custom_rule_files:
      # any name as an array index, and you can duplicate this section
      UNIQUE_VALUE_HERE:
        file: 'my name'
        path: 'salt://path/to/modsecurity/custom/file'
-        enabled: True
+        enabled: true

  mod_ssl:
-    # set this to True if you want to override your distributions default TLS configuration
-    manage_tls_defaults: False
-    # This stuff is deliberately not configured via map.jinja resp. apache:lookup.
-    # We're unable to know sane defaults for each release of every distribution.
-    # See https://github.com/saltstack-formulas/openssh-formula/issues/102 for a related discussion
-    # Have a look at bettercrypto.org for up-to-date settings.
+    # set this to true if you want to override your distributions default TLS
+    # configuration
+    manage_tls_defaults: false
+    # This stuff is deliberately not configured via map.jinja resp.
+    # apache:lookup.  We're unable to know sane defaults for each release of
+    # every distribution.
+    # See https://github.com/saltstack-formulas/openssh-formula/issues/102 for
+    # a related discussion Have a look at bettercrypto.org for up-to-date
+    # settings.
    # These are default values:
+    # yamllint disable-line rule:line-length
    SSLCipherSuite: EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
    # Mitigate the CRIME attack
-    SSLCompression: Off
+    SSLCompression: 'Off'
    SSLProtocol: all -SSLv2 -SSLv3 -TLSv1
-    SSLHonorCipherOrder: On
+    SSLHonorCipherOrder: 'On'
    SSLOptions: "+StrictRequire"
-
--- a/test/salt/pillar/default.sls
+++ b/test/salt/pillar/default.sls
@ -2,10 +2,10 @@
 # vim: ft=yaml
 ---
 apache:
-  manage_service_states: False
+  manage_service_states: false
  mod_security:
-    crs_install: True
-    manage_config: True
+    crs_install: true
+    manage_config: true
    sec_rule_engine: 'On'
    sec_request_body_access: 'On'
    sec_request_body_limit: '14000000'