diff --git a/.github/workflows/kitchen.vagrant.yml b/.github/workflows/kitchen.vagrant.yml
new file mode 100644
index 0000000..ee67a32
--- /dev/null
+++ b/.github/workflows/kitchen.vagrant.yml
@@ -0,0 +1,38 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+name: 'Kitchen Vagrant (FreeBSD)'
+'on': ['push', 'pull_request']
+
+env:
+ KITCHEN_LOCAL_YAML: 'kitchen.vagrant.yml'
+
+jobs:
+ test:
+ runs-on: 'macos-10.15'
+ strategy:
+ fail-fast: false
+ matrix:
+ instance:
+ - default-freebsd-130-master-py3
+ # - freebsd-130-master-py3
+ - default-freebsd-123-master-py3
+ # - freebsd-123-master-py3
+ # - default-freebsd-130-3004-0-py3
+ # - default-freebsd-123-3004-0-py3
+ steps:
+ - name: 'Check out code'
+ uses: 'actions/checkout@v2'
+ - name: 'Set up Bundler cache'
+ uses: 'actions/cache@v1'
+ with:
+ path: 'vendor/bundle'
+ key: "${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }}"
+ restore-keys: "${{ runner.os }}-gems-"
+ - name: 'Run Bundler'
+ run: |
+ ruby --version
+ bundle config path vendor/bundle
+ bundle install --jobs 4 --retry 3
+ - name: 'Run Test Kitchen'
+ run: 'bundle exec kitchen verify ${{ matrix.instance }}'
diff --git a/.gitignore b/.gitignore
index 6995110..39752a7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -91,6 +91,9 @@ celerybeat-schedule
venv/
ENV/
+# visual studio
+.vs/
+
# Spyder project settings
.spyderproject
.spyproject
@@ -120,3 +123,12 @@ docs/*.md
Dockerfile.*_*
ignore/
tmp/
+
+# `salt-formula` -- Vagrant Specific files
+.vagrant
+top.sls
+!test/salt/pillar/top.sls
+
+# `suricata-formula` -- Platform binaries
+*.rpm
+*.deb
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 2f263f1..440bfff 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -46,7 +46,7 @@ variables:
DOCKER_DRIVER: 'overlay2'
###############################################################################
-# `lint` stage: `commitlint` & `pre-commit`
+# `lint` stage: `commitlint`, `pre-commit` & `rubocop` (latest, failure allowed)
###############################################################################
commitlint:
stage: *stage_lint
@@ -102,7 +102,7 @@ rubocop:
###############################################################################
# Define `test` template
###############################################################################
-.test_instance:
+.test_instance: &test_instance
stage: *stage_test
image: *image_dindruby
services: *services_docker_dind
@@ -117,41 +117,121 @@ rubocop:
# Alternative value to consider: `${CI_JOB_NAME}`
- 'bin/kitchen verify "${DOCKER_ENV_CI_JOB_NAME}"'
+###############################################################################
+# Define `test` template (`allow_failure: true`)
+###############################################################################
+.test_instance_failure_permitted:
+ <<: *test_instance
+ allow_failure: true
+
###############################################################################
# `test` stage: each instance below uses the `test` template above
###############################################################################
## Define the rest of the matrix based on Kitchen testing
# Make sure the instances listed below match up with
# the `platforms` defined in `kitchen.yml`
-default-debian-10-master-py3: {extends: '.test_instance'}
+# yamllint disable rule:line-length
+# default-debian-11-tiamat-py3: {extends: '.test_instance'}
+# default-debian-10-tiamat-py3: {extends: '.test_instance'}
+# default-debian-9-tiamat-py3: {extends: '.test_instance'}
+# default-ubuntu-2004-tiamat-py3: {extends: '.test_instance'}
+# default-ubuntu-1804-tiamat-py3: {extends: '.test_instance'}
+# default-centos-stream8-tiamat-py3: {extends: '.test_instance_failure_permitted'}
+# default-centos-7-tiamat-py3: {extends: '.test_instance'}
+# default-amazonlinux-2-tiamat-py3: {extends: '.test_instance'}
+# default-oraclelinux-8-tiamat-py3: {extends: '.test_instance'}
+# default-oraclelinux-7-tiamat-py3: {extends: '.test_instance'}
+# default-almalinux-8-tiamat-py3: {extends: '.test_instance'}
+# default-rockylinux-8-tiamat-py3: {extends: '.test_instance'}
+# default-debian-11-master-py3: {extends: '.test_instance'}
+# passenger-debian-11-master-py3: {extends: '.test_instance'}
+debian-11-master-py3: {extends: '.test_instance_failure_permitted'}
+# default-debian-10-master-py3: {extends: '.test_instance'}
+# passenger-debian-10-master-py3: {extends: '.test_instance'}
+debian-10-master-py3: {extends: '.test_instance'}
+# default-debian-9-master-py3: {extends: '.test_instance'}
+# passenger-debian-9-master-py3: {extends: '.test_instance'}
+debian-9-master-py3: {extends: '.test_instance'}
+# default-ubuntu-2004-master-py3: {extends: '.test_instance'}
+# passenger-ubuntu-2004-master-py3: {extends: '.test_instance'}
+ubuntu-2004-master-py3: {extends: '.test_instance'}
# default-ubuntu-1804-master-py3: {extends: '.test_instance'}
-# default-centos-8-master-py3: {extends: '.test_instance'}
-# default-fedora-31-master-py3: {extends: '.test_instance'}
-# default-opensuse-leap-151-master-py3: {extends: '.test_instance'}
-# default-amazonlinux-2-master-py3: {extends: '.test_instance'}
-# default-debian-10-2019-2-py3: {extends: '.test_instance'}
-# default-debian-9-2019-2-py3: {extends: '.test_instance'}
-default-ubuntu-1804-2019-2-py3: {extends: '.test_instance'}
-default-centos-8-2019-2-py3: {extends: '.test_instance'}
-# default-fedora-31-2019-2-py3: {extends: '.test_instance'}
-# default-opensuse-leap-151-2019-2-py3: {extends: '.test_instance'}
-# default-centos-7-2019-2-py2: {extends: '.test_instance'}
-# default-amazonlinux-2-2019-2-py3: {extends: '.test_instance'}
-default-arch-base-latest-2019-2-py2: {extends: '.test_instance'}
-default-fedora-30-2018-3-py3: {extends: '.test_instance'}
-# default-debian-9-2018-3-py2: {extends: '.test_instance'}
-# default-ubuntu-1604-2018-3-py2: {extends: '.test_instance'}
-# default-centos-7-2018-3-py2: {extends: '.test_instance'}
-default-opensuse-leap-151-2018-3-py2: {extends: '.test_instance'}
-# default-amazonlinux-1-2018-3-py2: {extends: '.test_instance'}
-# default-arch-base-latest-2018-3-py2: {extends: '.test_instance'}
-# default-debian-8-2017-7-py2: {extends: '.test_instance'}
-# default-ubuntu-1604-2017-7-py2: {extends: '.test_instance'}
-# default-centos-6-2017-7-py2: {extends: '.test_instance'}
-# default-fedora-30-2017-7-py2: {extends: '.test_instance'}
-# default-opensuse-leap-151-2017-7-py2: {extends: '.test_instance'}
-# default-amazonlinux-1-2017-7-py2: {extends: '.test_instance'}
-# default-arch-base-latest-2017-7-py2: {extends: '.test_instance'}
+# passenger-ubuntu-1804-master-py3: {extends: '.test_instance'}
+ubuntu-1804-master-py3: {extends: '.test_instance'}
+# default-centos-stream8-master-py3: {extends: '.test_instance_failure_permitted'}
+# passenger-centos-stream8-master-py3: {extends: '.test_instance_failure_permitted'}
+centos-stream8-master-py3: {extends: '.test_instance_failure_permitted'}
+# default-centos-7-master-py3: {extends: '.test_instance'}
+# passenger-centos-7-master-py3: {extends: '.test_instance'}
+centos-7-master-py3: {extends: '.test_instance'}
+default-fedora-36-master-py3: {extends: '.test_instance_failure_permitted'}
+# fedora-36-master-py3: {extends: '.test_instance_failure_permitted'}
+default-fedora-35-master-py3: {extends: '.test_instance'}
+# fedora-35-master-py3: {extends: '.test_instance'}
+default-fedora-34-master-py3: {extends: '.test_instance'}
+# fedora-34-master-py3: {extends: '.test_instance'}
+default-opensuse-leap-153-master-py3: {extends: '.test_instance'}
+# opensuse-leap-153-master-py3: {extends: '.test_instance'}
+default-opensuse-tmbl-latest-master-py3: {extends: '.test_instance_failure_permitted'}
+# opensuse-tmbl-latest-master-py3: {extends: '.test_instance_failure_permitted'}
+default-amazonlinux-2-master-py3: {extends: '.test_instance'}
+# amazonlinux-2-master-py3: {extends: '.test_instance'}
+# default-oraclelinux-8-master-py3: {extends: '.test_instance'}
+# passenger-oraclelinux-8-master-py3: {extends: '.test_instance'}
+oraclelinux-8-master-py3: {extends: '.test_instance'}
+default-oraclelinux-7-master-py3: {extends: '.test_instance'}
+# oraclelinux-7-master-py3: {extends: '.test_instance'}
+default-arch-base-latest-master-py3: {extends: '.test_instance'}
+# arch-base-latest-master-py3: {extends: '.test_instance'}
+# default-gentoo-stage3-latest-master-py3: {extends: '.test_instance'}
+# gentoo-stage3-latest-master-py3: {extends: '.test_instance'}
+default-gentoo-stage3-systemd-master-py3: {extends: '.test_instance'}
+# gentoo-stage3-systemd-master-py3: {extends: '.test_instance'}
+# default-almalinux-8-master-py3: {extends: '.test_instance'}
+# passenger-almalinux-8-master-py3: {extends: '.test_instance'}
+almalinux-8-master-py3: {extends: '.test_instance'}
+# default-rockylinux-8-master-py3: {extends: '.test_instance'}
+# passenger-rockylinux-8-master-py3: {extends: '.test_instance'}
+rockylinux-8-master-py3: {extends: '.test_instance'}
+# default-debian-11-3004-1-py3: {extends: '.test_instance'}
+# default-debian-10-3004-1-py3: {extends: '.test_instance'}
+# default-debian-9-3004-1-py3: {extends: '.test_instance'}
+# default-ubuntu-2004-3004-1-py3: {extends: '.test_instance'}
+# default-ubuntu-1804-3004-1-py3: {extends: '.test_instance'}
+# default-centos-stream8-3004-1-py3: {extends: '.test_instance_failure_permitted'}
+# default-centos-7-3004-1-py3: {extends: '.test_instance'}
+# default-fedora-36-3004-1-py3: {extends: '.test_instance_failure_permitted'}
+# default-fedora-35-3004-1-py3: {extends: '.test_instance'}
+# default-fedora-34-3004-1-py3: {extends: '.test_instance'}
+# default-amazonlinux-2-3004-1-py3: {extends: '.test_instance'}
+# default-oraclelinux-8-3004-1-py3: {extends: '.test_instance'}
+# default-oraclelinux-7-3004-1-py3: {extends: '.test_instance'}
+# default-arch-base-latest-3004-1-py3: {extends: '.test_instance'}
+# default-gentoo-stage3-latest-3004-1-py3: {extends: '.test_instance'}
+# default-gentoo-stage3-systemd-3004-1-py3: {extends: '.test_instance'}
+# default-almalinux-8-3004-1-py3: {extends: '.test_instance'}
+# default-rockylinux-8-3004-1-py3: {extends: '.test_instance'}
+# default-opensuse-leap-153-3004-0-py3: {extends: '.test_instance'}
+# default-opensuse-tmbl-latest-3004-0-py3: {extends: '.test_instance_failure_permitted'}
+# default-debian-10-3003-4-py3: {extends: '.test_instance'}
+# default-debian-9-3003-4-py3: {extends: '.test_instance'}
+# default-ubuntu-2004-3003-4-py3: {extends: '.test_instance'}
+# default-ubuntu-1804-3003-4-py3: {extends: '.test_instance'}
+# default-centos-stream8-3003-4-py3: {extends: '.test_instance_failure_permitted'}
+# default-centos-7-3003-4-py3: {extends: '.test_instance'}
+# default-amazonlinux-2-3003-4-py3: {extends: '.test_instance'}
+# default-oraclelinux-8-3003-4-py3: {extends: '.test_instance'}
+# default-oraclelinux-7-3003-4-py3: {extends: '.test_instance'}
+# default-almalinux-8-3003-4-py3: {extends: '.test_instance'}
+# default-debian-10-3002-8-py3: {extends: '.test_instance'}
+# default-debian-9-3002-8-py3: {extends: '.test_instance'}
+# default-ubuntu-2004-3002-8-py3: {extends: '.test_instance'}
+# default-ubuntu-1804-3002-8-py3: {extends: '.test_instance'}
+# default-centos-7-3002-8-py3: {extends: '.test_instance'}
+# default-amazonlinux-2-3002-8-py3: {extends: '.test_instance'}
+# default-oraclelinux-8-3002-8-py3: {extends: '.test_instance'}
+# default-oraclelinux-7-3002-8-py3: {extends: '.test_instance'}
+# yamllint enable rule:line-length
###############################################################################
# `release` stage: `semantic-release`
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 136e470..2cb381e 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -17,16 +17,23 @@ repos:
stages: [manual]
additional_dependencies: ['@commitlint/config-conventional@8.3.4']
always_run: true
- - repo: https://github.com/jumanjihouse/pre-commit-hooks
- rev: 2.1.3
+ - repo: https://github.com/rubocop-hq/rubocop
+ rev: v1.25.1
+ hooks:
+ - id: rubocop
+ name: Check Ruby files with rubocop
+ args: [--debug]
+ always_run: true
+ pass_filenames: false
+ - repo: https://github.com/shellcheck-py/shellcheck-py
+ rev: v0.8.0.4
hooks:
- id: shellcheck
name: Check shell scripts with shellcheck
files: ^.*\.(sh|bash|ksh)$
types: []
- args: []
- - repo: https://github.com/adrienverge/yamllint.git
- rev: v1.23.0
+ - repo: https://github.com/adrienverge/yamllint
+ rev: v1.26.3
hooks:
- id: yamllint
name: Check YAML syntax with yamllint
@@ -34,7 +41,7 @@ repos:
always_run: true
pass_filenames: false
- repo: https://github.com/warpnet/salt-lint
- rev: v0.3.0
+ rev: v0.8.0
hooks:
- id: salt-lint
name: Check Salt files using salt-lint
@@ -45,4 +52,14 @@ repos:
- id: rstcheck
name: Check reST files using rstcheck
exclude: 'docs/CHANGELOG.rst'
- args: [--report=warning]
+ - repo: https://github.com/saltstack-formulas/mirrors-rst-lint
+ rev: v1.3.2
+ hooks:
+ - id: rst-lint
+ name: Check reST files using rst-lint
+ exclude: |
+ (?x)^(
+ docs/CHANGELOG.rst|
+ docs/TOFS_pattern.rst|
+ )$
+ additional_dependencies: [pygments==2.9.0]
diff --git a/.rstcheck.cfg b/.rstcheck.cfg
index 05856dc..5383623 100644
--- a/.rstcheck.cfg
+++ b/.rstcheck.cfg
@@ -1,3 +1,4 @@
[rstcheck]
-report=error
+report=info
ignore_language=rst
+ignore_messages=(Duplicate (ex|im)plicit target.*|Hyperlink target ".*" is not referenced\.$)
diff --git a/.rubocop.yml b/.rubocop.yml
index 7fd75ac..bf4d107 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -7,10 +7,17 @@ Layout/LineLength:
# Based on https://github.com/PyCQA/flake8-bugbear#opinionated-warnings (`B950`)
Max: 88
Metrics/BlockLength:
- ExcludedMethods:
+ IgnoredMethods:
- control
- describe
# Increase from default of `25`
Max: 30
+Security/YAMLLoad:
+ Exclude:
+ - test/integration/**/_mapdata.rb
+
+# General settings across all cops in this formula
+AllCops:
+ NewCops: enable
# Any offenses that should be fixed, e.g. collected via. `rubocop --auto-gen-config`
diff --git a/.travis.yml b/.travis.yml
index 0110ed0..f7cd207 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -36,17 +36,14 @@ stages:
# - name: 'release'
# if: 'branch = master AND type != pull_request'
jobs:
- allow_failures:
- - env: Lint_rubocop
- fast_finish: true
include:
## Define the test stage that runs the linters (and testing matrix, if applicable)
- # Run all of the linters in a single job (except `rubocop`)
+ # Run all of the linters in a single job
- language: 'node_js'
node_js: 'lts/*'
env: 'Lint'
- name: 'Lint: salt-lint, yamllint, shellcheck & commitlint'
+ name: 'Lint: salt-lint, yamllint, rubocop, shellcheck & commitlint'
before_install: 'skip'
script:
# Install and run `salt-lint`
@@ -57,6 +54,9 @@ jobs:
# Need at least `v1.17.0` for the `yaml-files` setting
- pip install --user yamllint>=1.17.0
- yamllint -s .
+ # Install and run `rubocop`
+ - gem install rubocop
+ - rubocop -d
# Run `shellcheck` (already pre-installed in Travis)
- shellcheck --version
- git ls-files -- '*.sh' '*.bash' '*.ksh'
@@ -65,17 +65,6 @@ jobs:
- npm i -D @commitlint/config-conventional
@commitlint/travis-cli
- commitlint-travis
- # Run the `rubocop` linter in a separate job that is allowed to fail
- # Once these lint errors are fixed, this can be merged into a single job
- - language: node_js
- node_js: lts/*
- env: Lint_rubocop
- name: 'Lint: rubocop'
- before_install: skip
- script:
- # Install and run `rubocop`
- - gem install rubocop
- - rubocop -d
# Run `pre-commit` linters in a single job
- language: 'python'
@@ -94,35 +83,106 @@ jobs:
## Define the rest of the matrix based on Kitchen testing
# Make sure the instances listed below match up with
# the `platforms` defined in `kitchen.yml`
- - env: INSTANCE=default-debian-10-master-py3
+ # - env: INSTANCE=default-debian-11-tiamat-py3
+ # - env: INSTANCE=default-debian-10-tiamat-py3
+ # - env: INSTANCE=default-debian-9-tiamat-py3
+ # - env: INSTANCE=default-ubuntu-2004-tiamat-py3
+ # - env: INSTANCE=default-ubuntu-1804-tiamat-py3
+ # - env: INSTANCE=default-centos-stream8-tiamat-py3
+ # - env: INSTANCE=default-centos-7-tiamat-py3
+ # - env: INSTANCE=default-amazonlinux-2-tiamat-py3
+ # - env: INSTANCE=default-oraclelinux-8-tiamat-py3
+ # - env: INSTANCE=default-oraclelinux-7-tiamat-py3
+ # - env: INSTANCE=default-almalinux-8-tiamat-py3
+ # - env: INSTANCE=default-rockylinux-8-tiamat-py3
+ # - env: INSTANCE=default-debian-11-master-py3
+ # - env: INSTANCE=passenger-debian-11-master-py3
+ - env: INSTANCE=debian-11-master-py3
+ # - env: INSTANCE=default-debian-10-master-py3
+ # - env: INSTANCE=passenger-debian-10-master-py3
+ - env: INSTANCE=debian-10-master-py3
+ # - env: INSTANCE=default-debian-9-master-py3
+ # - env: INSTANCE=passenger-debian-9-master-py3
+ - env: INSTANCE=debian-9-master-py3
+ # - env: INSTANCE=default-ubuntu-2004-master-py3
+ # - env: INSTANCE=passenger-ubuntu-2004-master-py3
+ - env: INSTANCE=ubuntu-2004-master-py3
# - env: INSTANCE=default-ubuntu-1804-master-py3
- # - env: INSTANCE=default-centos-8-master-py3
- # - env: INSTANCE=default-fedora-31-master-py3
- # - env: INSTANCE=default-opensuse-leap-151-master-py3
- # - env: INSTANCE=default-amazonlinux-2-master-py3
- # - env: INSTANCE=default-debian-10-2019-2-py3
- # - env: INSTANCE=default-debian-9-2019-2-py3
- - env: INSTANCE=default-ubuntu-1804-2019-2-py3
- - env: INSTANCE=default-centos-8-2019-2-py3
- # - env: INSTANCE=default-fedora-31-2019-2-py3
- # - env: INSTANCE=default-opensuse-leap-151-2019-2-py3
- # - env: INSTANCE=default-centos-7-2019-2-py2
- # - env: INSTANCE=default-amazonlinux-2-2019-2-py3
- - env: INSTANCE=default-arch-base-latest-2019-2-py2
- - env: INSTANCE=default-fedora-30-2018-3-py3
- # - env: INSTANCE=default-debian-9-2018-3-py2
- # - env: INSTANCE=default-ubuntu-1604-2018-3-py2
- # - env: INSTANCE=default-centos-7-2018-3-py2
- - env: INSTANCE=default-opensuse-leap-151-2018-3-py2
- # - env: INSTANCE=default-amazonlinux-1-2018-3-py2
- # - env: INSTANCE=default-arch-base-latest-2018-3-py2
- # - env: INSTANCE=default-debian-8-2017-7-py2
- # - env: INSTANCE=default-ubuntu-1604-2017-7-py2
- # - env: INSTANCE=default-centos-6-2017-7-py2
- # - env: INSTANCE=default-fedora-30-2017-7-py2
- # - env: INSTANCE=default-opensuse-leap-151-2017-7-py2
- # - env: INSTANCE=default-amazonlinux-1-2017-7-py2
- # - env: INSTANCE=default-arch-base-latest-2017-7-py2
+ # - env: INSTANCE=passenger-ubuntu-1804-master-py3
+ - env: INSTANCE=ubuntu-1804-master-py3
+ # - env: INSTANCE=default-centos-stream8-master-py3
+ # - env: INSTANCE=passenger-centos-stream8-master-py3
+ - env: INSTANCE=centos-stream8-master-py3
+ # - env: INSTANCE=default-centos-7-master-py3
+ # - env: INSTANCE=passenger-centos-7-master-py3
+ - env: INSTANCE=centos-7-master-py3
+ - env: INSTANCE=default-fedora-36-master-py3
+ # - env: INSTANCE=fedora-36-master-py3
+ - env: INSTANCE=default-fedora-35-master-py3
+ # - env: INSTANCE=fedora-35-master-py3
+ - env: INSTANCE=default-fedora-34-master-py3
+ # - env: INSTANCE=fedora-34-master-py3
+ - env: INSTANCE=default-opensuse-leap-153-master-py3
+ # - env: INSTANCE=opensuse-leap-153-master-py3
+ - env: INSTANCE=default-opensuse-tmbl-latest-master-py3
+ # - env: INSTANCE=opensuse-tmbl-latest-master-py3
+ - env: INSTANCE=default-amazonlinux-2-master-py3
+ # - env: INSTANCE=amazonlinux-2-master-py3
+ # - env: INSTANCE=default-oraclelinux-8-master-py3
+ # - env: INSTANCE=passenger-oraclelinux-8-master-py3
+ - env: INSTANCE=oraclelinux-8-master-py3
+ - env: INSTANCE=default-oraclelinux-7-master-py3
+ # - env: INSTANCE=oraclelinux-7-master-py3
+ - env: INSTANCE=default-arch-base-latest-master-py3
+ # - env: INSTANCE=arch-base-latest-master-py3
+ # - env: INSTANCE=default-gentoo-stage3-latest-master-py3
+ # - env: INSTANCE=gentoo-stage3-latest-master-py3
+ - env: INSTANCE=default-gentoo-stage3-systemd-master-py3
+ # - env: INSTANCE=gentoo-stage3-systemd-master-py3
+ # - env: INSTANCE=default-almalinux-8-master-py3
+ # - env: INSTANCE=passenger-almalinux-8-master-py3
+ - env: INSTANCE=almalinux-8-master-py3
+ # - env: INSTANCE=default-rockylinux-8-master-py3
+ # - env: INSTANCE=passenger-rockylinux-8-master-py3
+ - env: INSTANCE=rockylinux-8-master-py3
+ # - env: INSTANCE=default-debian-11-3004-1-py3
+ # - env: INSTANCE=default-debian-10-3004-1-py3
+ # - env: INSTANCE=default-debian-9-3004-1-py3
+ # - env: INSTANCE=default-ubuntu-2004-3004-1-py3
+ # - env: INSTANCE=default-ubuntu-1804-3004-1-py3
+ # - env: INSTANCE=default-centos-stream8-3004-1-py3
+ # - env: INSTANCE=default-centos-7-3004-1-py3
+ # - env: INSTANCE=default-fedora-36-3004-1-py3
+ # - env: INSTANCE=default-fedora-35-3004-1-py3
+ # - env: INSTANCE=default-fedora-34-3004-1-py3
+ # - env: INSTANCE=default-amazonlinux-2-3004-1-py3
+ # - env: INSTANCE=default-oraclelinux-8-3004-1-py3
+ # - env: INSTANCE=default-oraclelinux-7-3004-1-py3
+ # - env: INSTANCE=default-arch-base-latest-3004-1-py3
+ # - env: INSTANCE=default-gentoo-stage3-latest-3004-1-py3
+ # - env: INSTANCE=default-gentoo-stage3-systemd-3004-1-py3
+ # - env: INSTANCE=default-almalinux-8-3004-1-py3
+ # - env: INSTANCE=default-rockylinux-8-3004-1-py3
+ # - env: INSTANCE=default-opensuse-leap-153-3004-0-py3
+ # - env: INSTANCE=default-opensuse-tmbl-latest-3004-0-py3
+ # - env: INSTANCE=default-debian-10-3003-4-py3
+ # - env: INSTANCE=default-debian-9-3003-4-py3
+ # - env: INSTANCE=default-ubuntu-2004-3003-4-py3
+ # - env: INSTANCE=default-ubuntu-1804-3003-4-py3
+ # - env: INSTANCE=default-centos-stream8-3003-4-py3
+ # - env: INSTANCE=default-centos-7-3003-4-py3
+ # - env: INSTANCE=default-amazonlinux-2-3003-4-py3
+ # - env: INSTANCE=default-oraclelinux-8-3003-4-py3
+ # - env: INSTANCE=default-oraclelinux-7-3003-4-py3
+ # - env: INSTANCE=default-almalinux-8-3003-4-py3
+ # - env: INSTANCE=default-debian-10-3002-8-py3
+ # - env: INSTANCE=default-debian-9-3002-8-py3
+ # - env: INSTANCE=default-ubuntu-2004-3002-8-py3
+ # - env: INSTANCE=default-ubuntu-1804-3002-8-py3
+ # - env: INSTANCE=default-centos-7-3002-8-py3
+ # - env: INSTANCE=default-amazonlinux-2-3002-8-py3
+ # - env: INSTANCE=default-oraclelinux-8-3002-8-py3
+ # - env: INSTANCE=default-oraclelinux-7-3002-8-py3
## Define the release stage that runs `semantic-release`
- stage: 'release'
diff --git a/.yamllint b/.yamllint
index 73bcbe2..0864486 100644
--- a/.yamllint
+++ b/.yamllint
@@ -2,17 +2,25 @@
# vim: ft=yaml
---
# Extend the `default` configuration provided by `yamllint`
-extends: default
+extends: 'default'
# Files to ignore completely
-# 1. All YAML files under directory `node_modules/`, introduced during the Travis run
-# 2. Any SLS files under directory `test/`, which are actually state files
-# 3. Any YAML files under directory `.kitchen/`, introduced during local testing
+# 1. All YAML files under directory `.bundle/`, introduced if gems are installed locally
+# 2. All YAML files under directory `.cache/`, introduced during the CI run
+# 3. All YAML files under directory `.git/`
+# 4. All YAML files under directory `node_modules/`, introduced during the CI run
+# 5. Any SLS files under directory `test/`, which are actually state files
+# 6. Any YAML files under directory `.kitchen/`, introduced during local testing
+# 7. `kitchen.vagrant.yml`, which contains Embedded Ruby (ERB) template syntax
ignore: |
+ .bundle/
.cache/
+ .git/
node_modules/
test/**/states/**/*.sls
.kitchen/
+ kitchen.vagrant.yml
+ test/salt/passenger/pillar/nginx.sls
yaml-files:
# Default settings
diff --git a/AUTHORS.md b/AUTHORS.md
index 87a22dc..7b56f65 100644
--- a/AUTHORS.md
+++ b/AUTHORS.md
@@ -4,79 +4,82 @@ This list is sorted by the number of commits per contributor in _descending_ ord
Avatar|Contributor|Contributions
:-:|---|:-:
-
|[@myii](https://github.com/myii)|82
-
|[@aboe76](https://github.com/aboe76)|46
-
|[@gravyboat](https://github.com/gravyboat)|27
-
|[@nmadhok](https://github.com/nmadhok)|24
-
|[@noelmcloughlin](https://github.com/noelmcloughlin)|18
-
|[@whiteinge](https://github.com/whiteinge)|17
-
|[@ross-p](https://github.com/ross-p)|13
-
|[@daks](https://github.com/daks)|11
-
|[@techhat](https://github.com/techhat)|10
-
|[@javierbertoli](https://github.com/javierbertoli)|9
-
|[@arthurlogilab](https://github.com/arthurlogilab)|8
-
|[@cheuschober](https://github.com/cheuschober)|8
-
|[@dseira](https://github.com/dseira)|8
-
|[@amontalban](https://github.com/amontalban)|7
-
|[@puneetk](https://github.com/puneetk)|7
-
|[@TaiSHiNet](https://github.com/TaiSHiNet)|6
-
|[@EvaSDK](https://github.com/EvaSDK)|6
-
|[@cackovic](https://github.com/cackovic)|5
-
|[@auser](https://github.com/auser)|5
-
|[@stp-ip](https://github.com/stp-ip)|5
-
|[@ahmadsherif](https://github.com/ahmadsherif)|4
-
|[@n-rodriguez](https://github.com/n-rodriguez)|4
-
|[@teepark](https://github.com/teepark)|4
-
|[@alinefr](https://github.com/alinefr)|3
-
|[@devaos](https://github.com/devaos)|3
-
|[@bmwiedemann](https://github.com/bmwiedemann)|3
-
|[@terminalmage](https://github.com/terminalmage)|3
-
|[@imran1008](https://github.com/imran1008)|3
-
|[@morsik](https://github.com/morsik)|3
-
|[@msciciel](https://github.com/msciciel)|3
-
|[@rfairburn](https://github.com/rfairburn)|3
-
|[@westurner](https://github.com/westurner)|3
-
|[@chris-sanders](https://github.com/chris-sanders)|2
-
|[@dafyddj](https://github.com/dafyddj)|2
-
|[@UtahDave](https://github.com/UtahDave)|2
-
|[@ghtyrant](https://github.com/ghtyrant)|2
-
|[@pprkut](https://github.com/pprkut)|2
-
|[@jstrunk](https://github.com/jstrunk)|2
-
|[@johnkeates](https://github.com/johnkeates)|2
-
|[@kmshultz](https://github.com/kmshultz)|2
-
|[@malept](https://github.com/malept)|2
-
|[@meganlkm](https://github.com/meganlkm)|2
-
|[@garrettw](https://github.com/garrettw)|2
-
|[@ErisDS](https://github.com/ErisDS)|2
-
|[@myoung34](https://github.com/myoung34)|2
-
|[@sticky-note](https://github.com/sticky-note)|2
-
|[@bebosudo](https://github.com/bebosudo)|1
-
|[@aanriot](https://github.com/aanriot)|1
-
|[@andrew-vant](https://github.com/andrew-vant)|1
-
|[@bemosior](https://github.com/bemosior)|1
-
|[@SuperTux88](https://github.com/SuperTux88)|1
-
|[@bogdanr](https://github.com/bogdanr)|1
-
|[@blbradley](https://github.com/blbradley)|1
-
|[@CorwinTanner](https://github.com/CorwinTanner)|1
-
|[@fayetted](https://github.com/fayetted)|1
-
|[@czarneckid](https://github.com/czarneckid)|1
-
|[@statik](https://github.com/statik)|1
-
|[@ekristen](https://github.com/ekristen)|1
-
|[@jeduardo](https://github.com/jeduardo)|1
-
|[@stromnet](https://github.com/stromnet)|1
-
|[@bsdlp](https://github.com/bsdlp)|1
-
|[@MEschenbacher](https://github.com/MEschenbacher)|1
-
|[@renich](https://github.com/renich)|1
-
|[@outime](https://github.com/outime)|1
-
|[@scub](https://github.com/scub)|1
-
|[@thatch45](https://github.com/thatch45)|1
-
|[@blarghmatey](https://github.com/blarghmatey)|1
-
|[@babilen5](https://github.com/babilen5)|1
-
|[@abednarik](https://github.com/abednarik)|1
-
|[@francesco-a](https://github.com/francesco-a)|1
-
|[@oboyle](https://github.com/oboyle)|1
-
|[@bersace](https://github.com/bersace)|1
+
|[@myii](https://github.com/myii)|155
+
|[@aboe76](https://github.com/aboe76)|46
+
|[@javierbertoli](https://github.com/javierbertoli)|29
+
|[@gravyboat](https://github.com/gravyboat)|27
+
|[@nmadhok](https://github.com/nmadhok)|24
+
|[@noelmcloughlin](https://github.com/noelmcloughlin)|19
+
|[@whiteinge](https://github.com/whiteinge)|17
+
|[@ross-p](https://github.com/ross-p)|13
+
|[@daks](https://github.com/daks)|11
+
|[@techhat](https://github.com/techhat)|10
+
|[@arthurlogilab](https://github.com/arthurlogilab)|8
+
|[@cheuschober](https://github.com/cheuschober)|8
+
|[@dseira](https://github.com/dseira)|8
+
|[@amontalban](https://github.com/amontalban)|7
+
|[@puneetk](https://github.com/puneetk)|7
+
|[@TaiSHiNet](https://github.com/TaiSHiNet)|6
+
|[@EvaSDK](https://github.com/EvaSDK)|6
+
|[@cackovic](https://github.com/cackovic)|5
+
|[@auser](https://github.com/auser)|5
+
|[@stp-ip](https://github.com/stp-ip)|5
+
|[@ahmadsherif](https://github.com/ahmadsherif)|4
+
|[@n-rodriguez](https://github.com/n-rodriguez)|4
+
|[@teepark](https://github.com/teepark)|4
+
|[@alinefr](https://github.com/alinefr)|3
+
|[@devaos](https://github.com/devaos)|3
+
|[@bmwiedemann](https://github.com/bmwiedemann)|3
+
|[@dafyddj](https://github.com/dafyddj)|3
+
|[@terminalmage](https://github.com/terminalmage)|3
+
|[@imran1008](https://github.com/imran1008)|3
+
|[@morsik](https://github.com/morsik)|3
+
|[@msciciel](https://github.com/msciciel)|3
+
|[@rfairburn](https://github.com/rfairburn)|3
+
|[@westurner](https://github.com/westurner)|3
+
|[@toanju](https://github.com/toanju)|3
+
|[@chris-sanders](https://github.com/chris-sanders)|2
+
|[@UtahDave](https://github.com/UtahDave)|2
+
|[@ghtyrant](https://github.com/ghtyrant)|2
+
|[@pprkut](https://github.com/pprkut)|2
+
|[@jstrunk](https://github.com/jstrunk)|2
+
|[@johnkeates](https://github.com/johnkeates)|2
+
|[@kmshultz](https://github.com/kmshultz)|2
+
|[@malept](https://github.com/malept)|2
+
|[@meganlkm](https://github.com/meganlkm)|2
+
|[@ErisDS](https://github.com/ErisDS)|2
+
|[@myoung34](https://github.com/myoung34)|2
+
|[@sticky-note](https://github.com/sticky-note)|2
+
|[@bebosudo](https://github.com/bebosudo)|1
+
|[@aanriot](https://github.com/aanriot)|1
+
|[@andrew-vant](https://github.com/andrew-vant)|1
+
|[@bemosior](https://github.com/bemosior)|1
+
|[@SuperTux88](https://github.com/SuperTux88)|1
+
|[@bogdanr](https://github.com/bogdanr)|1
+
|[@blbradley](https://github.com/blbradley)|1
+
|[@CorwinTanner](https://github.com/CorwinTanner)|1
+
|[@fayetted](https://github.com/fayetted)|1
+
|[@baby-gnu](https://github.com/baby-gnu)|1
+
|[@czarneckid](https://github.com/czarneckid)|1
+
|[@statik](https://github.com/statik)|1
+
|[@ekristen](https://github.com/ekristen)|1
+
|[@garrettw](https://github.com/garrettw)|1
+
|[@jeduardo](https://github.com/jeduardo)|1
+
|[@stromnet](https://github.com/stromnet)|1
+
|[@bsdlp](https://github.com/bsdlp)|1
+
|[@anderbubble](https://github.com/anderbubble)|1
+
|[@MEschenbacher](https://github.com/MEschenbacher)|1
+
|[@renich](https://github.com/renich)|1
+
|[@outime](https://github.com/outime)|1
+
|[@scub](https://github.com/scub)|1
+
|[@thatch45](https://github.com/thatch45)|1
+
|[@blarghmatey](https://github.com/blarghmatey)|1
+
|[@babilen](https://github.com/babilen)|1
+
|[@abednarik](https://github.com/abednarik)|1
+
|[@francesco-a](https://github.com/francesco-a)|1
+
|[@oboyle](https://github.com/oboyle)|1
+
|[@bersace](https://github.com/bersace)|1
---
-Auto-generated by a [forked version](https://github.com/myii/maintainer) of [gaocegege/maintainer](https://github.com/gaocegege/maintainer) on 2021-01-04.
+Auto-generated by a [forked version](https://github.com/myii/maintainer) of [gaocegege/maintainer](https://github.com/gaocegege/maintainer) on 2022-03-02.
diff --git a/CHANGELOG.md b/CHANGELOG.md
index c1a27ac..e3c2c5c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,204 @@
# Changelog
+## [2.8.1](https://github.com/saltstack-formulas/nginx-formula/compare/v2.8.0...v2.8.1) (2022-03-02)
+
+
+### Bug Fixes
+
+* **debian:** avoid adding repositories entries multiple times ([d1d3e55](https://github.com/saltstack-formulas/nginx-formula/commit/d1d3e552adf3bc17265ffcc1c27920d4b9a09c6d)), closes [/github.com/saltstack/salt/issues/59785#issuecomment-826590482](https://github.com//github.com/saltstack/salt/issues/59785/issues/issuecomment-826590482)
+
+
+### Continuous Integration
+
+* update linters to latest versions [skip ci] ([512fe00](https://github.com/saltstack-formulas/nginx-formula/commit/512fe00a069f2fcabed119c36f9444c2a65e179c))
+
+
+### Tests
+
+* **repository:** use `system.platform[:codename]` [skip ci] ([0e51694](https://github.com/saltstack-formulas/nginx-formula/commit/0e51694c2a59b975be0fe4972c525b73f556a6db))
+* **system:** add `build_platform_codename` [skip ci] ([5f1a289](https://github.com/saltstack-formulas/nginx-formula/commit/5f1a289f11cdcbb2dac6021109cfc390068134d4))
+
+# [2.8.0](https://github.com/saltstack-formulas/nginx-formula/compare/v2.7.5...v2.8.0) (2022-02-03)
+
+
+### Code Refactoring
+
+* **pkgs:** readbility ([b76e8cc](https://github.com/saltstack-formulas/nginx-formula/commit/b76e8cc6640943d97bc778948555ae3f45a71552))
+
+
+### Continuous Integration
+
+* **kitchen+gitlab:** update for new pre-salted images [skip ci] ([7fcb960](https://github.com/saltstack-formulas/nginx-formula/commit/7fcb9608cd838469e7c1faf2126ea8d5673d0481))
+
+
+### Features
+
+* **debian:** use keyrings instead of key_ids ([037c13a](https://github.com/saltstack-formulas/nginx-formula/commit/037c13a674d9e2850a808bcb0fe8600e4ec8b177))
+
+
+### Reverts
+
+* **pkg:** use grains.osfinger in a format suitable for all platforms ([8fee9f0](https://github.com/saltstack-formulas/nginx-formula/commit/8fee9f05bd86c549a050a5b4c555fa0d532493d3))
+
+
+### Styles
+
+* **map.jinja:** remove empty line ([ae52641](https://github.com/saltstack-formulas/nginx-formula/commit/ae52641cfc87ad576f22f0675eff436ebccf3d34))
+
+
+### Tests
+
+* **repository:** favor `platform` over `os` ([c16ecf8](https://github.com/saltstack-formulas/nginx-formula/commit/c16ecf82f52b0236a8b54b5ad984c08902b79534))
+
+## [2.7.5](https://github.com/saltstack-formulas/nginx-formula/compare/v2.7.4...v2.7.5) (2022-02-02)
+
+
+### Bug Fixes
+
+* **snippets:** make sure they're deployed before being used ([9dfc1c1](https://github.com/saltstack-formulas/nginx-formula/commit/9dfc1c1b2f4a0cd17221b303c95af1d7a9aba781))
+
+
+### Continuous Integration
+
+* **3003.1:** update inc. AlmaLinux, Rocky & `rst-lint` [skip ci] ([6a42a9b](https://github.com/saltstack-formulas/nginx-formula/commit/6a42a9bdf84e764cb4b3313ad2b6d95688517dec))
+* **freebsd:** update with latest pre-salted Vagrant boxes [skip ci] ([860fabe](https://github.com/saltstack-formulas/nginx-formula/commit/860fabe327cfa9512152b0f278897311f35449bf))
+* **gemfile:** allow rubygems proxy to be provided as an env var [skip ci] ([1557473](https://github.com/saltstack-formulas/nginx-formula/commit/155747346c5b0fe7e1af5214734581e992832b45))
+* **gemfile+lock:** use `ssf` customised `inspec` repo [skip ci] ([a11da83](https://github.com/saltstack-formulas/nginx-formula/commit/a11da83d03fad1c50a93ba06c1c5af21f1c79e7a))
+* **gitlab-ci:** enable instance after upstream issue resolved [skip ci] ([79499e8](https://github.com/saltstack-formulas/nginx-formula/commit/79499e841be74162dd5ec869de267366b6048af1))
+* **kitchen:** move `provisioner` block & update `run_command` [skip ci] ([6b65017](https://github.com/saltstack-formulas/nginx-formula/commit/6b650177aaa9800151f2e7f628551856f0c28c54))
+* **kitchen+ci:** update with `3004` pre-salted images/boxes [skip ci] ([30f87cc](https://github.com/saltstack-formulas/nginx-formula/commit/30f87cc84b2991c7f0ed1f0066f9241a3754e8df))
+* **kitchen+ci:** update with latest `3003.2` pre-salted images [skip ci] ([70a1f31](https://github.com/saltstack-formulas/nginx-formula/commit/70a1f3135ccfde09f6016a46eee3fc55b2ca9840))
+* **kitchen+ci:** update with latest CVE pre-salted images [skip ci] ([e041418](https://github.com/saltstack-formulas/nginx-formula/commit/e0414181a724076176cb37f6402f013f4e498109))
+* **vagrant:** replace FreeBSD 12.2 with 12.3 [skip ci] ([7deb74f](https://github.com/saltstack-formulas/nginx-formula/commit/7deb74fdbccad7e8590b9ddf7d0630e9a2ba56e1))
+* add Debian 11 Bullseye & update `yamllint` configuration [skip ci] ([fa8a5db](https://github.com/saltstack-formulas/nginx-formula/commit/fa8a5db5079b1e41eeac5d4ee25c06d976a24f3e))
+* **kitchen+gitlab:** remove Ubuntu 16.04 & Fedora 32 (EOL) [skip ci] ([d15f3de](https://github.com/saltstack-formulas/nginx-formula/commit/d15f3decb3fb1d8d1d04934c8d909913380d53f1))
+
+## [2.7.4](https://github.com/saltstack-formulas/nginx-formula/compare/v2.7.3...v2.7.4) (2021-06-15)
+
+
+### Bug Fixes
+
+* **servers:** include main config file watch in extend ([00387e7](https://github.com/saltstack-formulas/nginx-formula/commit/00387e7cbd90ceb5496df5cf9bce8f7dae25b056))
+
+## [2.7.3](https://github.com/saltstack-formulas/nginx-formula/compare/v2.7.2...v2.7.3) (2021-06-14)
+
+
+### Tests
+
+* **snippets:** add tests for snippets includes ([1c83b6d](https://github.com/saltstack-formulas/nginx-formula/commit/1c83b6d5fa93079476ca9e8baa1ccd9d44e5237f)), closes [#275](https://github.com/saltstack-formulas/nginx-formula/issues/275) [#274](https://github.com/saltstack-formulas/nginx-formula/issues/274)
+
+## [2.7.2](https://github.com/saltstack-formulas/nginx-formula/compare/v2.7.1...v2.7.2) (2021-06-14)
+
+
+### Bug Fixes
+
+* **certificates:** ensure `openssl` installed before `cmd.run` ([0cd7c7b](https://github.com/saltstack-formulas/nginx-formula/commit/0cd7c7b20528ce9fbd4f8991a365415a3093546d)), closes [/gitlab.com/saltstack-formulas/nginx-formula/-/jobs/1345325819#L2830](https://github.com//gitlab.com/saltstack-formulas/nginx-formula/-/jobs/1345325819/issues/L2830)
+* **snippets:** ignore servers or snippets when undefined ([6cb486d](https://github.com/saltstack-formulas/nginx-formula/commit/6cb486dbd290c91bbdbf00fd0061efaedbef4dea)), closes [#274](https://github.com/saltstack-formulas/nginx-formula/issues/274)
+
+## [2.7.1](https://github.com/saltstack-formulas/nginx-formula/compare/v2.7.0...v2.7.1) (2021-05-12)
+
+
+### Bug Fixes
+
+* **servers:** wrong conditional specification ([494b2fb](https://github.com/saltstack-formulas/nginx-formula/commit/494b2fbea490fded02cecd4d3e3e0372476548fb))
+
+
+### Continuous Integration
+
+* add `arch-master` to matrix and update `.travis.yml` [skip ci] ([4697152](https://github.com/saltstack-formulas/nginx-formula/commit/46971528d7a7e23241564da146ee8d28b7d2eecc))
+
+# [2.7.0](https://github.com/saltstack-formulas/nginx-formula/compare/v2.6.3...v2.7.0) (2021-04-28)
+
+
+### Continuous Integration
+
+* **kitchen+gitlab:** adjust matrix to add `3003` [skip ci] ([46faf4e](https://github.com/saltstack-formulas/nginx-formula/commit/46faf4e24b39f7d4fd138126dbe5eb6a06eb5b67))
+* **vagrant:** add FreeBSD 13.0 [skip ci] ([b41062e](https://github.com/saltstack-formulas/nginx-formula/commit/b41062e3b19c4c109198bd95c53158d871bbff85))
+* **vagrant:** use pre-salted boxes & conditional local settings [skip ci] ([b9e9cd3](https://github.com/saltstack-formulas/nginx-formula/commit/b9e9cd38e6d29b7eb4cd8ae74a1bdf901959dee3))
+
+
+### Documentation
+
+* **readme:** add `Testing with Vagrant` section [skip ci] ([5727848](https://github.com/saltstack-formulas/nginx-formula/commit/57278481de489441a5c04aee544962212e91c5af))
+
+
+### Features
+
+* **servers_config:** add require statement to manage dependencies ([622d22f](https://github.com/saltstack-formulas/nginx-formula/commit/622d22f9711085aeca19f3907e22e87c6b21b8d0))
+
+
+### Tests
+
+* **requires:** verify dependencies in vhosts ([6478143](https://github.com/saltstack-formulas/nginx-formula/commit/64781431b9187d392f56ce5461c3b1a9c2944f90))
+
+## [2.6.3](https://github.com/saltstack-formulas/nginx-formula/compare/v2.6.2...v2.6.3) (2021-04-03)
+
+
+### Bug Fixes
+
+* **freebsd:** add `openssl` pkg and update all `default` tests ([4cd351a](https://github.com/saltstack-formulas/nginx-formula/commit/4cd351adbc184b938b0d0cf587419bab5b39a7d3))
+
+
+### Continuous Integration
+
+* enable Vagrant-based testing using GitHub Actions ([c79ce9a](https://github.com/saltstack-formulas/nginx-formula/commit/c79ce9a9ae30e889ab925bb0398008b434bc9b0a))
+
+## [2.6.2](https://github.com/saltstack-formulas/nginx-formula/compare/v2.6.1...v2.6.2) (2021-03-30)
+
+
+### Bug Fixes
+
+* **servers_config:** fixup 05994e1 ([c03729a](https://github.com/saltstack-formulas/nginx-formula/commit/c03729ae326876a20cb22c346f9d4cd96418af9a))
+
+## [2.6.1](https://github.com/saltstack-formulas/nginx-formula/compare/v2.6.0...v2.6.1) (2021-03-29)
+
+
+### Bug Fixes
+
+* **servers_config:** remove service depedency ([05994e1](https://github.com/saltstack-formulas/nginx-formula/commit/05994e1b174ccdf3ff4a444f81314ad925fa478d))
+
+
+### Code Refactoring
+
+* **servers_config:** remove unused loop ([3825557](https://github.com/saltstack-formulas/nginx-formula/commit/3825557070a18db4828cc634dd036a428f8a9836))
+
+
+### Continuous Integration
+
+* **kitchen+ci:** include `passenger` suite [skip ci] ([0bbe686](https://github.com/saltstack-formulas/nginx-formula/commit/0bbe68619fdf3791e6202ce3f17ca03efc4441c1))
+
+
+### Tests
+
+* standardise use of `share` suite & `_mapdata` state [skip ci] ([8ea3c82](https://github.com/saltstack-formulas/nginx-formula/commit/8ea3c82be3fccb2bad8bac566f210454549d141e))
+
+# [2.6.0](https://github.com/saltstack-formulas/nginx-formula/compare/v2.5.0...v2.6.0) (2021-03-11)
+
+
+### Bug Fixes
+
+* **passenger:** various fixes ([7271c9d](https://github.com/saltstack-formulas/nginx-formula/commit/7271c9d16c8218244ae5ef0b188b7f9f4a414074))
+* **pkg:** add inline EPEL repo configuration for Amazon Linux 2 ([ae6375c](https://github.com/saltstack-formulas/nginx-formula/commit/ae6375ccccd56a506ee28babbeabf351112a06de))
+
+
+### Continuous Integration
+
+* **gemfile+lock:** use `ssf` customised `kitchen-docker` repo [skip ci] ([123d13e](https://github.com/saltstack-formulas/nginx-formula/commit/123d13e2f483c203cbfc1366b36a30e1732603e1))
+* **kitchen+ci:** make rubocop happy [skip ci] ([eedfc56](https://github.com/saltstack-formulas/nginx-formula/commit/eedfc56b41b673e196029274048670e89e55a694))
+* **kitchen+ci:** use latest pre-salted images (after CVE) [skip ci] ([63d32a4](https://github.com/saltstack-formulas/nginx-formula/commit/63d32a40b13ca2c77bb83cceba620218617aab6a))
+* **kitchen+gitlab-ci:** use latest pre-salted images [skip ci] ([b4411c6](https://github.com/saltstack-formulas/nginx-formula/commit/b4411c61d3352ecb9775197f991f5f33996730dc))
+* **pre-commit:** update hook for `rubocop` [skip ci] ([2a23743](https://github.com/saltstack-formulas/nginx-formula/commit/2a23743fca8fd54b2a18dc2a07d0daa8142c0289))
+
+
+### Features
+
+* **config:** validate config before applying ([b396b24](https://github.com/saltstack-formulas/nginx-formula/commit/b396b24fe456de7001b2cc013814ada189351e6f))
+
+
+### Tests
+
+* **config:** fix for Amazon Linux 2 & Oracle Linux 7/8 ([ab39c8f](https://github.com/saltstack-formulas/nginx-formula/commit/ab39c8f7c3c9bf5dbd4436cad8ccce21263fe646))
+
# [2.5.0](https://github.com/saltstack-formulas/nginx-formula/compare/v2.4.1...v2.5.0) (2021-01-04)
diff --git a/CODEOWNERS b/CODEOWNERS
index 05c8e5d..a307644 100644
--- a/CODEOWNERS
+++ b/CODEOWNERS
@@ -15,10 +15,14 @@
/docs/AUTHORS.rst @saltstack-formulas/ssf
/docs/CHANGELOG.rst @saltstack-formulas/ssf
/docs/TOFS_pattern.rst @saltstack-formulas/ssf
+/*/_mapdata/ @saltstack-formulas/ssf
/*/libsaltcli.jinja @saltstack-formulas/ssf
/*/libtofs.jinja @saltstack-formulas/ssf
+/test/integration/**/_mapdata.rb @saltstack-formulas/ssf
+/test/integration/**/libraries/system.rb @saltstack-formulas/ssf
/test/integration/**/inspec.yml @saltstack-formulas/ssf
/test/integration/**/README.md @saltstack-formulas/ssf
+/test/salt/pillar/top.sls @saltstack-formulas/ssf
/.gitignore @saltstack-formulas/ssf
/.cirrus.yml @saltstack-formulas/ssf
/.gitlab-ci.yml @saltstack-formulas/ssf
@@ -36,6 +40,8 @@
/Gemfile @saltstack-formulas/ssf
/Gemfile.lock @saltstack-formulas/ssf
/kitchen.yml @saltstack-formulas/ssf
+/kitchen.vagrant.yml @saltstack-formulas/ssf
+/kitchen.windows.yml @saltstack-formulas/ssf
/pre-commit_semantic-release.sh @saltstack-formulas/ssf
/release-rules.js @saltstack-formulas/ssf
/release.config.js @saltstack-formulas/ssf
diff --git a/FORMULA b/FORMULA
index 0dc428b..f10cee2 100644
--- a/FORMULA
+++ b/FORMULA
@@ -1,7 +1,7 @@
name: nginx
os: Debian, Ubuntu, RedHat, Fedora, CentOS, Suse, openSUSE
os_family: Debian, RedHat, Suse
-version: 2.5.0
+version: 2.8.1
release: 1
minimum_version: 2017.3
summary: nginx formula
diff --git a/Gemfile b/Gemfile
index 82c4a31..8020f66 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,12 +1,23 @@
# frozen_string_literal: true
-source 'https://rubygems.org'
+source ENV['PROXY_RUBYGEMSORG'] || 'https://rubygems.org'
-# Use the latest version of `inspec` prior to `4.23.4`, which introduces a
-# regression where the diff isn't displayed when comparing using `eq`.
-gem 'inspec', '~> 4.22.22'
-# Install the `kitchen-docker` gem from GitHub because the latest version
-# currently available (`2.10.0`) doesn't include a recent fix for Gentoo.
-gem 'kitchen-docker', github: 'test-kitchen/kitchen-docker', ref: '41e80fe'
-gem 'kitchen-inspec', '>= 2.2.1'
-gem 'kitchen-salt', '>= 0.6.3'
+# Install the `inspec` gem using `git` because versions after `4.22.22`
+# suppress diff output; this version fixes this for our uses.
+# rubocop:disable Layout/LineLength
+gem 'inspec', git: 'https://gitlab.com/saltstack-formulas/infrastructure/inspec', branch: 'ssf'
+# rubocop:enable Layout/LineLength
+
+# Install the `kitchen-docker` gem using `git` in order to gain a performance
+# improvement: avoid package installations which are already covered by the
+# `salt-image-builder` (i.e. the pre-salted images that we're using)
+# rubocop:disable Layout/LineLength
+gem 'kitchen-docker', git: 'https://gitlab.com/saltstack-formulas/infrastructure/kitchen-docker', branch: 'ssf'
+# rubocop:enable Layout/LineLength
+
+gem 'kitchen-inspec', '>= 2.5.0'
+gem 'kitchen-salt', '>= 0.7.2'
+
+group :vagrant do
+ gem 'kitchen-vagrant'
+end
diff --git a/Gemfile.lock b/Gemfile.lock
index 19bf26d..b670242 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,321 +1,420 @@
GIT
- remote: https://github.com/test-kitchen/kitchen-docker.git
- revision: 41e80fed3a7cc86323e19c16a5a340cebf7e5848
- ref: 41e80fe
+ remote: https://gitlab.com/saltstack-formulas/infrastructure/inspec
+ revision: 1821d2dfd3365e8f05b8439845c58fa4d069806b
+ branch: ssf
specs:
- kitchen-docker (2.10.0)
+ inspec (5.12.2)
+ cookstyle
+ faraday_middleware (>= 0.12.2, < 1.1)
+ inspec-core (= 5.12.2)
+ mongo (= 2.13.2)
+ progress_bar (~> 1.3.3)
+ rake
+ train (~> 3.0)
+ train-aws (~> 0.2)
+ train-habitat (~> 0.1)
+ train-winrm (~> 0.2)
+ inspec-core (5.12.2)
+ addressable (~> 2.4)
+ chef-telemetry (~> 1.0, >= 1.0.8)
+ faraday (>= 0.9.0, < 1.5)
+ faraday_middleware (~> 1.0)
+ hashie (>= 3.4, < 5.0)
+ license-acceptance (>= 0.2.13, < 3.0)
+ method_source (>= 0.8, < 2.0)
+ mixlib-log (~> 3.0)
+ multipart-post (~> 2.0)
+ parallel (~> 1.9)
+ parslet (>= 1.5, < 2.0)
+ pry (~> 0.13)
+ rspec (>= 3.9, <= 3.11)
+ rspec-its (~> 1.2)
+ rubyzip (>= 1.2.2, < 3.0)
+ semverse (~> 3.0)
+ sslshake (~> 1.2)
+ thor (>= 0.20, < 2.0)
+ tomlrb (>= 1.2, < 2.1)
+ train-core (~> 3.0)
+ tty-prompt (~> 0.17)
+ tty-table (~> 0.10)
+
+GIT
+ remote: https://gitlab.com/saltstack-formulas/infrastructure/kitchen-docker
+ revision: 9a09bc1e571e25f3ccabf4725ca2048d970fff82
+ branch: ssf
+ specs:
+ kitchen-docker (2.12.0)
test-kitchen (>= 1.0.0)
GEM
remote: https://rubygems.org/
specs:
- activesupport (5.2.4.4)
+ activesupport (7.0.2.3)
concurrent-ruby (~> 1.0, >= 1.0.2)
- i18n (>= 0.7, < 2)
- minitest (~> 5.1)
- tzinfo (~> 1.1)
- addressable (2.7.0)
+ i18n (>= 1.6, < 2)
+ minitest (>= 5.1)
+ tzinfo (~> 2.0)
+ addressable (2.8.0)
public_suffix (>= 2.0.2, < 5.0)
- aws-eventstream (1.1.0)
- aws-partitions (1.386.0)
- aws-sdk-apigateway (1.55.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ ast (2.4.2)
+ aws-eventstream (1.2.0)
+ aws-partitions (1.577.0)
+ aws-sdk-alexaforbusiness (1.56.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
- aws-sdk-apigatewayv2 (1.29.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-amplify (1.32.0)
+ aws-sdk-core (~> 3, >= 3.120.0)
aws-sigv4 (~> 1.1)
- aws-sdk-athena (1.33.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-apigateway (1.76.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
- aws-sdk-autoscaling (1.22.0)
- aws-sdk-core (~> 3, >= 3.52.1)
+ aws-sdk-apigatewayv2 (1.42.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
- aws-sdk-budgets (1.36.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-applicationautoscaling (1.51.0)
+ aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
- aws-sdk-cloudformation (1.44.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-athena (1.53.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
- aws-sdk-cloudfront (1.46.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-autoscaling (1.63.0)
+ aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
- aws-sdk-cloudhsm (1.27.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-batch (1.47.0)
+ aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
- aws-sdk-cloudhsmv2 (1.30.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-budgets (1.49.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
- aws-sdk-cloudtrail (1.29.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-cloudformation (1.68.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
- aws-sdk-cloudwatch (1.45.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-cloudfront (1.63.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
- aws-sdk-cloudwatchlogs (1.38.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-cloudhsm (1.39.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
- aws-sdk-codecommit (1.40.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-cloudhsmv2 (1.42.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
- aws-sdk-codedeploy (1.37.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-cloudtrail (1.48.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
- aws-sdk-codepipeline (1.37.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-cloudwatch (1.64.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
- aws-sdk-configservice (1.53.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-cloudwatchevents (1.46.0)
+ aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
- aws-sdk-core (3.109.1)
+ aws-sdk-cloudwatchlogs (1.52.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-codecommit (1.51.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-codedeploy (1.49.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-codepipeline (1.53.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-cognitoidentity (1.31.0)
+ aws-sdk-core (~> 3, >= 3.112.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-cognitoidentityprovider (1.53.0)
+ aws-sdk-core (~> 3, >= 3.112.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-configservice (1.77.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-core (3.130.1)
aws-eventstream (~> 1, >= 1.0.2)
- aws-partitions (~> 1, >= 1.239.0)
+ aws-partitions (~> 1, >= 1.525.0)
aws-sigv4 (~> 1.1)
jmespath (~> 1.0)
- aws-sdk-costandusagereportservice (1.28.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-costandusagereportservice (1.40.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
- aws-sdk-dynamodb (1.55.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-databasemigrationservice (1.53.0)
+ aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
- aws-sdk-ec2 (1.202.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-dynamodb (1.74.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
- aws-sdk-ecr (1.39.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-ec2 (1.307.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
- aws-sdk-ecs (1.70.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-ecr (1.56.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
- aws-sdk-efs (1.36.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-ecrpublic (1.12.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
- aws-sdk-eks (1.45.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-ecs (1.99.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
- aws-sdk-elasticache (1.44.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-efs (1.54.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
- aws-sdk-elasticbeanstalk (1.39.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-eks (1.74.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
- aws-sdk-elasticloadbalancing (1.29.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-elasticache (1.76.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
- aws-sdk-elasticloadbalancingv2 (1.53.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-elasticbeanstalk (1.51.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
- aws-sdk-elasticsearchservice (1.43.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-elasticloadbalancing (1.40.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
- aws-sdk-firehose (1.35.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-elasticloadbalancingv2 (1.77.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
- aws-sdk-guardduty (1.42.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-elasticsearchservice (1.65.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
- aws-sdk-iam (1.46.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-emr (1.53.0)
+ aws-sdk-core (~> 3, >= 3.121.2)
aws-sigv4 (~> 1.1)
- aws-sdk-kafka (1.29.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-eventbridge (1.24.0)
+ aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
- aws-sdk-kinesis (1.30.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-firehose (1.48.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
- aws-sdk-kms (1.39.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-glue (1.88.0)
+ aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
- aws-sdk-lambda (1.51.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-guardduty (1.56.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
- aws-sdk-organizations (1.17.0)
- aws-sdk-core (~> 3, >= 3.39.0)
- aws-sigv4 (~> 1.0)
- aws-sdk-rds (1.104.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-iam (1.68.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
- aws-sdk-redshift (1.50.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-kafka (1.49.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
- aws-sdk-route53 (1.44.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-kinesis (1.41.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
- aws-sdk-route53domains (1.28.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-kms (1.55.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
- aws-sdk-route53resolver (1.21.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-lambda (1.83.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
- aws-sdk-s3 (1.83.1)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-mq (1.40.0)
+ aws-sdk-core (~> 3, >= 3.120.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-networkfirewall (1.15.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-networkmanager (1.22.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-organizations (1.59.0)
+ aws-sdk-core (~> 3, >= 3.112.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-ram (1.26.0)
+ aws-sdk-core (~> 3, >= 3.112.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-rds (1.143.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-redshift (1.80.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-route53 (1.62.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-route53domains (1.40.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-route53resolver (1.37.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-s3 (1.113.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
aws-sdk-kms (~> 1)
+ aws-sigv4 (~> 1.4)
+ aws-sdk-s3control (1.43.0)
+ aws-sdk-core (~> 3, >= 3.122.0)
aws-sigv4 (~> 1.1)
- aws-sdk-securityhub (1.35.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-secretsmanager (1.46.0)
+ aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
- aws-sdk-ses (1.36.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-securityhub (1.63.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
- aws-sdk-sms (1.27.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-servicecatalog (1.60.0)
+ aws-sdk-core (~> 3, >= 3.112.0)
aws-sigv4 (~> 1.1)
- aws-sdk-sns (1.34.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-ses (1.41.0)
+ aws-sdk-core (~> 3, >= 3.120.0)
aws-sigv4 (~> 1.1)
- aws-sdk-sqs (1.34.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-shield (1.48.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
aws-sigv4 (~> 1.1)
- aws-sdk-ssm (1.95.0)
- aws-sdk-core (~> 3, >= 3.109.0)
+ aws-sdk-signer (1.32.0)
+ aws-sdk-core (~> 3, >= 3.120.0)
aws-sigv4 (~> 1.1)
- aws-sigv4 (1.2.2)
+ aws-sdk-simpledb (1.29.0)
+ aws-sdk-core (~> 3, >= 3.120.0)
+ aws-sigv2 (~> 1.0)
+ aws-sdk-sms (1.40.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-sns (1.53.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-sqs (1.51.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-ssm (1.134.0)
+ aws-sdk-core (~> 3, >= 3.127.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-states (1.39.0)
+ aws-sdk-core (~> 3, >= 3.112.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-synthetics (1.19.0)
+ aws-sdk-core (~> 3, >= 3.121.2)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-transfer (1.34.0)
+ aws-sdk-core (~> 3, >= 3.112.0)
+ aws-sigv4 (~> 1.1)
+ aws-sdk-waf (1.43.0)
+ aws-sdk-core (~> 3, >= 3.122.0)
+ aws-sigv4 (~> 1.1)
+ aws-sigv2 (1.1.0)
+ aws-sigv4 (1.4.0)
aws-eventstream (~> 1, >= 1.0.2)
azure_graph_rbac (0.17.2)
ms_rest_azure (~> 0.12.0)
- azure_mgmt_key_vault (0.17.6)
+ azure_mgmt_key_vault (0.17.7)
ms_rest_azure (~> 0.12.0)
- azure_mgmt_resources (0.18.0)
+ azure_mgmt_resources (0.18.2)
ms_rest_azure (~> 0.12.0)
- azure_mgmt_security (0.18.2)
+ azure_mgmt_security (0.19.0)
ms_rest_azure (~> 0.12.0)
- azure_mgmt_storage (0.22.0)
+ azure_mgmt_storage (0.23.0)
ms_rest_azure (~> 0.12.0)
- bcrypt_pbkdf (1.0.1)
+ bcrypt_pbkdf (1.1.0)
+ bson (4.14.1)
builder (3.2.4)
- chef-config (16.6.14)
+ chef-config (17.10.0)
addressable
- chef-utils (= 16.6.14)
+ chef-utils (= 17.10.0)
fuzzyurl
mixlib-config (>= 2.2.12, < 4.0)
mixlib-shellout (>= 2.0, < 4.0)
tomlrb (~> 1.2)
- chef-telemetry (1.0.14)
+ chef-telemetry (1.1.1)
chef-config
concurrent-ruby (~> 1.0)
- ffi-yajl (~> 2.2)
- chef-utils (16.6.14)
+ chef-utils (17.10.0)
+ concurrent-ruby
coderay (1.1.3)
- concurrent-ruby (1.1.7)
+ concurrent-ruby (1.1.10)
+ cookstyle (7.32.1)
+ rubocop (= 1.25.1)
declarative (0.0.20)
- declarative-option (0.1.0)
- diff-lcs (1.4.4)
- docker-api (2.0.0)
+ diff-lcs (1.5.0)
+ docker-api (2.2.0)
excon (>= 0.47.0)
multi_json
domain_name (0.5.20190701)
unf (>= 0.0.5, < 1.0.0)
- ecma-re-validator (0.2.1)
- regexp_parser (~> 1.2)
- ed25519 (1.2.4)
- erubi (1.9.0)
- excon (0.78.0)
- faraday (0.17.3)
+ ed25519 (1.3.0)
+ erubi (1.10.0)
+ excon (0.92.2)
+ faraday (1.4.3)
+ faraday-em_http (~> 1.0)
+ faraday-em_synchrony (~> 1.0)
+ faraday-excon (~> 1.1)
+ faraday-net_http (~> 1.0)
+ faraday-net_http_persistent (~> 1.1)
multipart-post (>= 1.2, < 3)
+ ruby2_keywords (>= 0.0.4)
faraday-cookie_jar (0.0.7)
faraday (>= 0.8.0)
http-cookie (~> 1.0.0)
- faraday_middleware (0.12.2)
- faraday (>= 0.7.4, < 1.0)
- ffi (1.13.1)
- ffi-yajl (2.3.4)
- libyajl2 (~> 1.2)
+ faraday-em_http (1.0.0)
+ faraday-em_synchrony (1.0.0)
+ faraday-excon (1.1.0)
+ faraday-net_http (1.0.1)
+ faraday-net_http_persistent (1.2.0)
+ faraday_middleware (1.0.0)
+ faraday (~> 1.0)
+ ffi (1.15.5)
fuzzyurl (0.9.0)
- google-api-client (0.44.0)
+ google-api-client (0.52.0)
addressable (~> 2.5, >= 2.5.1)
googleauth (~> 0.9)
httpclient (>= 2.8.1, < 3.0)
mini_mime (~> 1.0)
representable (~> 3.0)
retriable (>= 2.0, < 4.0)
+ rexml
signet (~> 0.12)
- googleauth (0.13.0)
+ googleauth (0.14.0)
faraday (>= 0.17.3, < 2.0)
jwt (>= 1.4, < 3.0)
memoist (~> 0.16)
multi_json (~> 1.11)
os (>= 0.9, < 2.0)
signet (~> 0.14)
- gssapi (1.3.0)
+ gssapi (1.3.1)
ffi (>= 1.0.1)
- gyoku (1.3.1)
+ gyoku (1.4.0)
builder (>= 2.1.2)
- hana (1.3.6)
- hashie (3.6.0)
- http-cookie (1.0.3)
+ rexml (~> 3.0)
+ hashie (4.1.0)
+ highline (2.0.3)
+ http-cookie (1.0.4)
domain_name (~> 0.5)
httpclient (2.8.3)
- i18n (1.8.5)
+ i18n (1.10.0)
concurrent-ruby (~> 1.0)
inifile (3.0.0)
- inspec (4.22.22)
- faraday_middleware (~> 0.12.2)
- inspec-core (= 4.22.22)
- train (~> 3.0)
- train-aws (~> 0.1)
- train-habitat (~> 0.1)
- train-winrm (~> 0.2)
- inspec-core (4.22.22)
- addressable (~> 2.4)
- chef-telemetry (~> 1.0)
- faraday (>= 0.9.0)
- hashie (~> 3.4)
- json_schemer (>= 0.2.1, < 0.2.12)
- license-acceptance (>= 0.2.13, < 2.0)
- method_source (>= 0.8, < 2.0)
- mixlib-log (~> 3.0)
- multipart-post (~> 2.0)
- parallel (~> 1.9)
- parslet (~> 1.5)
- pry (~> 0.13)
- rspec (~> 3.9)
- rspec-its (~> 1.2)
- rubyzip (~> 1.2, >= 1.2.2)
- semverse (~> 3.0)
- sslshake (~> 1.2)
- thor (>= 0.20, < 2.0)
- tomlrb (~> 1.2.0)
- train-core (~> 3.0)
- tty-prompt (~> 0.17)
- tty-table (~> 0.10)
- jmespath (1.4.0)
- json (2.3.1)
- json_schemer (0.2.11)
- ecma-re-validator (~> 0.2)
- hana (~> 1.3)
- regexp_parser (~> 1.5)
- uri_template (~> 0.7)
- jwt (2.2.2)
- kitchen-inspec (2.2.1)
- hashie (~> 3.4)
- inspec (>= 2.2.64, < 5.0)
- test-kitchen (>= 2.7, < 3)
- kitchen-salt (0.6.3)
+ jmespath (1.6.1)
+ json (2.6.1)
+ jwt (2.3.0)
+ kitchen-inspec (2.5.2)
+ hashie (>= 3.4, <= 5.0)
+ inspec (>= 2.2.64, < 6.0)
+ test-kitchen (>= 2.7, < 4)
+ kitchen-salt (0.7.2)
hashie (>= 3.5)
test-kitchen (>= 1.4)
- libyajl2 (1.2.0)
- license-acceptance (1.0.19)
+ kitchen-vagrant (1.11.0)
+ test-kitchen (>= 1.4, < 4)
+ license-acceptance (2.1.13)
pastel (~> 0.7)
- tomlrb (~> 1.2)
- tty-box (~> 0.3)
- tty-prompt (~> 0.18)
+ tomlrb (>= 1.2, < 3.0)
+ tty-box (~> 0.6)
+ tty-prompt (~> 0.20)
little-plugger (1.1.4)
logging (2.3.0)
little-plugger (~> 1.1)
multi_json (~> 1.14)
memoist (0.16.2)
method_source (1.0.0)
- mini_mime (1.0.2)
- minitest (5.14.2)
+ mini_mime (1.1.2)
+ minitest (5.15.0)
mixlib-config (3.0.9)
tomlrb
- mixlib-install (3.12.3)
+ mixlib-install (3.12.16)
mixlib-shellout
mixlib-versioning
thor
mixlib-log (3.0.9)
- mixlib-shellout (3.1.6)
+ mixlib-shellout (3.2.7)
chef-utils
mixlib-versioning (1.2.12)
+ mongo (2.13.2)
+ bson (>= 4.8.2, < 5.0.0)
ms_rest (0.7.6)
concurrent-ruby (~> 1.0)
faraday (>= 0.9, < 2.0.0)
@@ -333,53 +432,76 @@ GEM
net-ssh-gateway (2.0.0)
net-ssh (>= 4.0.0)
nori (2.6.0)
- os (1.1.1)
- parallel (1.19.2)
+ options (2.3.2)
+ os (1.1.4)
+ parallel (1.22.1)
+ parser (3.1.2.0)
+ ast (~> 2.4.1)
parslet (1.8.2)
pastel (0.8.0)
tty-color (~> 0.5)
- pry (0.13.1)
+ progress_bar (1.3.3)
+ highline (>= 1.6, < 3)
+ options (~> 2.3.0)
+ pry (0.14.1)
coderay (~> 1.1)
method_source (~> 1.0)
- public_suffix (4.0.6)
- regexp_parser (1.8.2)
- representable (3.0.4)
+ public_suffix (4.0.7)
+ rainbow (3.1.1)
+ rake (13.0.6)
+ regexp_parser (2.3.0)
+ representable (3.1.1)
declarative (< 0.1.0)
- declarative-option (< 0.2.0)
+ trailblazer-option (>= 0.1.1, < 0.2.0)
uber (< 0.2.0)
retriable (3.1.2)
- rspec (3.9.0)
- rspec-core (~> 3.9.0)
- rspec-expectations (~> 3.9.0)
- rspec-mocks (~> 3.9.0)
- rspec-core (3.9.3)
- rspec-support (~> 3.9.3)
- rspec-expectations (3.9.3)
+ rexml (3.2.5)
+ rspec (3.11.0)
+ rspec-core (~> 3.11.0)
+ rspec-expectations (~> 3.11.0)
+ rspec-mocks (~> 3.11.0)
+ rspec-core (3.11.0)
+ rspec-support (~> 3.11.0)
+ rspec-expectations (3.11.0)
diff-lcs (>= 1.2.0, < 2.0)
- rspec-support (~> 3.9.0)
+ rspec-support (~> 3.11.0)
rspec-its (1.3.0)
rspec-core (>= 3.0.0)
rspec-expectations (>= 3.0.0)
- rspec-mocks (3.9.1)
+ rspec-mocks (3.11.1)
diff-lcs (>= 1.2.0, < 2.0)
- rspec-support (~> 3.9.0)
- rspec-support (3.9.4)
- rubyntlm (0.6.2)
- rubyzip (1.3.0)
+ rspec-support (~> 3.11.0)
+ rspec-support (3.11.0)
+ rubocop (1.25.1)
+ parallel (~> 1.10)
+ parser (>= 3.1.0.0)
+ rainbow (>= 2.2.2, < 4.0)
+ regexp_parser (>= 1.8, < 3.0)
+ rexml
+ rubocop-ast (>= 1.15.1, < 2.0)
+ ruby-progressbar (~> 1.7)
+ unicode-display_width (>= 1.4.0, < 3.0)
+ rubocop-ast (1.17.0)
+ parser (>= 3.1.1.0)
+ ruby-progressbar (1.11.0)
+ ruby2_keywords (0.0.5)
+ rubyntlm (0.6.3)
+ rubyzip (2.3.2)
semverse (3.0.0)
- signet (0.14.0)
- addressable (~> 2.3)
- faraday (>= 0.17.3, < 2.0)
+ signet (0.16.1)
+ addressable (~> 2.8)
+ faraday (>= 0.17.5, < 3.0)
jwt (>= 1.5, < 3.0)
multi_json (~> 1.10)
sslshake (1.3.1)
- strings (0.2.0)
+ strings (0.2.1)
strings-ansi (~> 0.2)
- unicode-display_width (~> 1.5)
+ unicode-display_width (>= 1.5, < 3.0)
unicode_utils (~> 1.4)
strings-ansi (0.2.0)
- test-kitchen (2.7.2)
+ test-kitchen (3.2.2)
bcrypt_pbkdf (~> 1.0)
+ chef-utils (>= 16.4.35)
ed25519 (~> 1.2)
license-acceptance (>= 1.0.11, < 3.0)
mixlib-install (~> 3.6)
@@ -391,28 +513,32 @@ GEM
winrm (~> 2.0)
winrm-elevated (~> 1.0)
winrm-fs (~> 1.1)
- thor (1.0.1)
- thread_safe (0.3.6)
+ thor (1.2.1)
timeliness (0.3.10)
- tomlrb (1.2.9)
- train (3.3.27)
- activesupport (>= 5.2.4.3, < 6.0.0)
+ tomlrb (1.3.0)
+ trailblazer-option (0.1.2)
+ train (3.9.2)
+ activesupport (>= 6.0.3.1)
azure_graph_rbac (~> 0.16)
azure_mgmt_key_vault (~> 0.17)
azure_mgmt_resources (~> 0.15)
azure_mgmt_security (~> 0.18)
azure_mgmt_storage (~> 0.18)
docker-api (>= 1.26, < 3.0)
- google-api-client (>= 0.23.9, < 0.44.1)
- googleauth (>= 0.6.6, < 0.13.1)
+ google-api-client (>= 0.23.9, <= 0.52.0)
+ googleauth (>= 0.6.6, <= 0.14.0)
inifile (~> 3.0)
- train-core (= 3.3.27)
+ train-core (= 3.9.2)
train-winrm (~> 0.2)
- train-aws (0.1.18)
+ train-aws (0.2.24)
+ aws-sdk-alexaforbusiness (~> 1.0)
+ aws-sdk-amplify (~> 1.32.0)
aws-sdk-apigateway (~> 1.0)
aws-sdk-apigatewayv2 (~> 1.0)
+ aws-sdk-applicationautoscaling (>= 1.46, < 1.52)
aws-sdk-athena (~> 1.0)
- aws-sdk-autoscaling (~> 1.22.0)
+ aws-sdk-autoscaling (>= 1.22, < 1.64)
+ aws-sdk-batch (>= 1.36, < 1.48)
aws-sdk-budgets (~> 1.0)
aws-sdk-cloudformation (~> 1.0)
aws-sdk-cloudfront (~> 1.0)
@@ -420,16 +546,21 @@ GEM
aws-sdk-cloudhsmv2 (~> 1.0)
aws-sdk-cloudtrail (~> 1.8)
aws-sdk-cloudwatch (~> 1.13)
+ aws-sdk-cloudwatchevents (>= 1.36, < 1.47)
aws-sdk-cloudwatchlogs (~> 1.13)
aws-sdk-codecommit (~> 1.0)
aws-sdk-codedeploy (~> 1.0)
aws-sdk-codepipeline (~> 1.0)
+ aws-sdk-cognitoidentity (>= 1.26, < 1.32)
+ aws-sdk-cognitoidentityprovider (>= 1.46, < 1.54)
aws-sdk-configservice (~> 1.21)
aws-sdk-core (~> 3.0)
aws-sdk-costandusagereportservice (~> 1.6)
+ aws-sdk-databasemigrationservice (>= 1.42, < 1.54)
aws-sdk-dynamodb (~> 1.31)
aws-sdk-ec2 (~> 1.70)
aws-sdk-ecr (~> 1.18)
+ aws-sdk-ecrpublic (~> 1.3)
aws-sdk-ecs (~> 1.30)
aws-sdk-efs (~> 1.0)
aws-sdk-eks (~> 1.9)
@@ -438,48 +569,65 @@ GEM
aws-sdk-elasticloadbalancing (~> 1.8)
aws-sdk-elasticloadbalancingv2 (~> 1.0)
aws-sdk-elasticsearchservice (~> 1.0)
+ aws-sdk-emr (~> 1.53.0)
+ aws-sdk-eventbridge (~> 1.24.0)
aws-sdk-firehose (~> 1.0)
+ aws-sdk-glue (>= 1.71, < 1.89)
aws-sdk-guardduty (~> 1.31)
aws-sdk-iam (~> 1.13)
aws-sdk-kafka (~> 1.0)
aws-sdk-kinesis (~> 1.0)
aws-sdk-kms (~> 1.13)
aws-sdk-lambda (~> 1.0)
- aws-sdk-organizations (~> 1.17.0)
+ aws-sdk-mq (~> 1.40.0)
+ aws-sdk-networkfirewall (>= 1.6.0)
+ aws-sdk-networkmanager (>= 1.13.0)
+ aws-sdk-organizations (>= 1.17, < 1.60)
+ aws-sdk-ram (>= 1.21, < 1.27)
aws-sdk-rds (~> 1.43)
aws-sdk-redshift (~> 1.0)
aws-sdk-route53 (~> 1.0)
aws-sdk-route53domains (~> 1.0)
aws-sdk-route53resolver (~> 1.0)
aws-sdk-s3 (~> 1.30)
+ aws-sdk-s3control (~> 1.43.0)
+ aws-sdk-secretsmanager (>= 1.42, < 1.47)
aws-sdk-securityhub (~> 1.0)
- aws-sdk-ses (~> 1.0)
+ aws-sdk-servicecatalog (>= 1.48, < 1.61)
+ aws-sdk-ses (~> 1.41.0)
+ aws-sdk-shield (~> 1.30)
+ aws-sdk-signer (~> 1.32.0)
+ aws-sdk-simpledb (~> 1.29.0)
aws-sdk-sms (~> 1.0)
aws-sdk-sns (~> 1.9)
aws-sdk-sqs (~> 1.10)
aws-sdk-ssm (~> 1.0)
- train-core (3.3.27)
+ aws-sdk-states (>= 1.35, < 1.40)
+ aws-sdk-synthetics (~> 1.19.0)
+ aws-sdk-transfer (>= 1.26, < 1.35)
+ aws-sdk-waf (~> 1.43.0)
+ train-core (3.9.2)
addressable (~> 2.5)
ffi (!= 1.13.0)
json (>= 1.8, < 3.0)
mixlib-shellout (>= 2.0, < 4.0)
net-scp (>= 1.2, < 4.0)
net-ssh (>= 2.9, < 7.0)
- train-habitat (0.2.13)
- train-winrm (0.2.11)
- winrm (~> 2.0)
+ train-habitat (0.2.22)
+ train-winrm (0.2.13)
+ winrm (>= 2.3.6, < 3.0)
winrm-elevated (~> 1.2.2)
winrm-fs (~> 1.0)
- tty-box (0.6.0)
+ tty-box (0.7.0)
pastel (~> 0.8)
strings (~> 0.2.0)
tty-cursor (~> 0.7)
- tty-color (0.5.2)
+ tty-color (0.6.0)
tty-cursor (0.7.1)
- tty-prompt (0.22.0)
+ tty-prompt (0.23.1)
pastel (~> 0.8)
tty-reader (~> 0.8)
- tty-reader (0.8.0)
+ tty-reader (0.9.0)
tty-cursor (~> 0.7)
tty-screen (~> 0.8)
wisper (~> 2.0)
@@ -488,16 +636,15 @@ GEM
pastel (~> 0.8)
strings (~> 0.2.0)
tty-screen (~> 0.8)
- tzinfo (1.2.7)
- thread_safe (~> 0.1)
+ tzinfo (2.0.4)
+ concurrent-ruby (~> 1.0)
uber (0.1.0)
unf (0.1.4)
unf_ext
- unf_ext (0.0.7.7)
- unicode-display_width (1.7.0)
+ unf_ext (0.0.8.1)
+ unicode-display_width (2.1.0)
unicode_utils (1.4.0)
- uri_template (0.7.0)
- winrm (2.3.5)
+ winrm (2.3.6)
builder (>= 2.1.2)
erubi (~> 1.8)
gssapi (~> 1.2)
@@ -505,15 +652,15 @@ GEM
httpclient (~> 2.2, >= 2.2.0.2)
logging (>= 1.6.1, < 3.0)
nori (~> 2.0)
- rubyntlm (~> 0.6.0, >= 0.6.1)
- winrm-elevated (1.2.2)
+ rubyntlm (~> 0.6.0, >= 0.6.3)
+ winrm-elevated (1.2.3)
erubi (~> 1.8)
winrm (~> 2.0)
winrm-fs (~> 1.0)
- winrm-fs (1.3.3)
+ winrm-fs (1.3.5)
erubi (~> 1.8)
logging (>= 1.6.1, < 3.0)
- rubyzip (~> 1.1)
+ rubyzip (~> 2.0)
winrm (~> 2.0)
wisper (2.0.1)
@@ -521,10 +668,11 @@ PLATFORMS
ruby
DEPENDENCIES
- inspec (~> 4.22.22)
+ inspec!
kitchen-docker!
- kitchen-inspec (>= 2.2.1)
- kitchen-salt (>= 0.6.3)
+ kitchen-inspec (>= 2.5.0)
+ kitchen-salt (>= 0.7.2)
+ kitchen-vagrant
BUNDLED WITH
2.1.2
diff --git a/docs/AUTHORS.rst b/docs/AUTHORS.rst
index 57a4015..230b1f2 100644
--- a/docs/AUTHORS.rst
+++ b/docs/AUTHORS.rst
@@ -13,224 +13,233 @@ This list is sorted by the number of commits per contributor in *descending* ord
* - Avatar
- Contributor
- Contributions
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@myii `_
- - 82
- * - :raw-html-m2r:``
+ - 155
+ * - :raw-html-m2r:``
- `@aboe76 `_
- 46
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
+ - `@javierbertoli `_
+ - 29
+ * - :raw-html-m2r:``
- `@gravyboat `_
- 27
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@nmadhok `_
- 24
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@noelmcloughlin `_
- - 18
- * - :raw-html-m2r:``
+ - 19
+ * - :raw-html-m2r:``
- `@whiteinge `_
- 17
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@ross-p `_
- 13
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@daks `_
- 11
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@techhat `_
- 10
- * - :raw-html-m2r:``
- - `@javierbertoli `_
- - 9
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@arthurlogilab `_
- 8
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@cheuschober `_
- 8
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@dseira `_
- 8
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@amontalban `_
- 7
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@puneetk `_
- 7
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@TaiSHiNet `_
- 6
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@EvaSDK `_
- 6
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@cackovic `_
- 5
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@auser `_
- 5
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@stp-ip `_
- 5
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@ahmadsherif `_
- 4
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@n-rodriguez `_
- 4
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@teepark `_
- 4
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@alinefr `_
- 3
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@devaos `_
- 3
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@bmwiedemann `_
- 3
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
+ - `@dafyddj `_
+ - 3
+ * - :raw-html-m2r:``
- `@terminalmage `_
- 3
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@imran1008 `_
- 3
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@morsik `_
- 3
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@msciciel `_
- 3
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@rfairburn `_
- 3
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@westurner `_
- 3
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
+ - `@toanju `_
+ - 3
+ * - :raw-html-m2r:``
- `@chris-sanders `_
- 2
- * - :raw-html-m2r:``
- - `@dafyddj `_
- - 2
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@UtahDave `_
- 2
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@ghtyrant `_
- 2
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@pprkut `_
- 2
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@jstrunk `_
- 2
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@johnkeates `_
- 2
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@kmshultz `_
- 2
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@malept `_
- 2
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@meganlkm `_
- 2
- * - :raw-html-m2r:``
- - `@garrettw `_
- - 2
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@ErisDS `_
- 2
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@myoung34 `_
- 2
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@sticky-note `_
- 2
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@bebosudo `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@aanriot `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@andrew-vant `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@bemosior `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@SuperTux88 `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@bogdanr `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@blbradley `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@CorwinTanner `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@fayetted `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
+ - `@baby-gnu `_
+ - 1
+ * - :raw-html-m2r:``
- `@czarneckid `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@statik `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@ekristen `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
+ - `@garrettw `_
+ - 1
+ * - :raw-html-m2r:``
- `@jeduardo `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@stromnet `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@bsdlp `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
+ - `@anderbubble `_
+ - 1
+ * - :raw-html-m2r:``
- `@MEschenbacher `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@renich `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@outime `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@scub `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@thatch45 `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@blarghmatey `_
- 1
- * - :raw-html-m2r:``
- - `@babilen5 `_
+ * - :raw-html-m2r:``
+ - `@babilen `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@abednarik `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@francesco-a `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@oboyle `_
- 1
- * - :raw-html-m2r:``
+ * - :raw-html-m2r:``
- `@bersace `_
- 1
----
-Auto-generated by a `forked version `_ of `gaocegege/maintainer `_ on 2021-01-04.
+Auto-generated by a `forked version `_ of `gaocegege/maintainer `_ on 2022-03-02.
diff --git a/docs/CHANGELOG.rst b/docs/CHANGELOG.rst
index a0e38f1..be410c0 100644
--- a/docs/CHANGELOG.rst
+++ b/docs/CHANGELOG.rst
@@ -2,6 +2,248 @@
Changelog
=========
+`2.8.1 `_ (2022-03-02)
+-------------------------------------------------------------------------------------------------------
+
+Bug Fixes
+^^^^^^^^^
+
+
+* **debian:** avoid adding repositories entries multiple times (\ `d1d3e55 `_\ ), closes `/github.com/saltstack/salt/issues/59785#issuecomment-826590482 `_
+
+Continuous Integration
+^^^^^^^^^^^^^^^^^^^^^^
+
+
+* update linters to latest versions [skip ci] (\ `512fe00 `_\ )
+
+Tests
+^^^^^
+
+
+* **repository:** use ``system.platform[:codename]`` [skip ci] (\ `0e51694 `_\ )
+* **system:** add ``build_platform_codename`` [skip ci] (\ `5f1a289 `_\ )
+
+`2.8.0 `_ (2022-02-03)
+-------------------------------------------------------------------------------------------------------
+
+Code Refactoring
+^^^^^^^^^^^^^^^^
+
+
+* **pkgs:** readbility (\ `b76e8cc `_\ )
+
+Continuous Integration
+^^^^^^^^^^^^^^^^^^^^^^
+
+
+* **kitchen+gitlab:** update for new pre-salted images [skip ci] (\ `7fcb960 `_\ )
+
+Features
+^^^^^^^^
+
+
+* **debian:** use keyrings instead of key_ids (\ `037c13a `_\ )
+
+Reverts
+^^^^^^^
+
+
+* **pkg:** use grains.osfinger in a format suitable for all platforms (\ `8fee9f0 `_\ )
+
+Styles
+^^^^^^
+
+
+* **map.jinja:** remove empty line (\ `ae52641 `_\ )
+
+Tests
+^^^^^
+
+
+* **repository:** favor ``platform`` over ``os`` (\ `c16ecf8 `_\ )
+
+`2.7.5 `_ (2022-02-02)
+-------------------------------------------------------------------------------------------------------
+
+Bug Fixes
+^^^^^^^^^
+
+
+* **snippets:** make sure they're deployed before being used (\ `9dfc1c1 `_\ )
+
+Continuous Integration
+^^^^^^^^^^^^^^^^^^^^^^
+
+
+* **3003.1:** update inc. AlmaLinux, Rocky & ``rst-lint`` [skip ci] (\ `6a42a9b `_\ )
+* **freebsd:** update with latest pre-salted Vagrant boxes [skip ci] (\ `860fabe `_\ )
+* **gemfile:** allow rubygems proxy to be provided as an env var [skip ci] (\ `1557473 `_\ )
+* **gemfile+lock:** use ``ssf`` customised ``inspec`` repo [skip ci] (\ `a11da83 `_\ )
+* **gitlab-ci:** enable instance after upstream issue resolved [skip ci] (\ `79499e8 `_\ )
+* **kitchen:** move ``provisioner`` block & update ``run_command`` [skip ci] (\ `6b65017 `_\ )
+* **kitchen+ci:** update with ``3004`` pre-salted images/boxes [skip ci] (\ `30f87cc `_\ )
+* **kitchen+ci:** update with latest ``3003.2`` pre-salted images [skip ci] (\ `70a1f31 `_\ )
+* **kitchen+ci:** update with latest CVE pre-salted images [skip ci] (\ `e041418 `_\ )
+* **vagrant:** replace FreeBSD 12.2 with 12.3 [skip ci] (\ `7deb74f `_\ )
+* add Debian 11 Bullseye & update ``yamllint`` configuration [skip ci] (\ `fa8a5db `_\ )
+* **kitchen+gitlab:** remove Ubuntu 16.04 & Fedora 32 (EOL) [skip ci] (\ `d15f3de `_\ )
+
+`2.7.4 `_ (2021-06-15)
+-------------------------------------------------------------------------------------------------------
+
+Bug Fixes
+^^^^^^^^^
+
+
+* **servers:** include main config file watch in extend (\ `00387e7 `_\ )
+
+`2.7.3 `_ (2021-06-14)
+-------------------------------------------------------------------------------------------------------
+
+Tests
+^^^^^
+
+
+* **snippets:** add tests for snippets includes (\ `1c83b6d `_\ ), closes `#275 `_ `#274 `_
+
+`2.7.2 `_ (2021-06-14)
+-------------------------------------------------------------------------------------------------------
+
+Bug Fixes
+^^^^^^^^^
+
+
+* **certificates:** ensure ``openssl`` installed before ``cmd.run`` (\ `0cd7c7b `_\ ), closes `/gitlab.com/saltstack-formulas/nginx-formula/-/jobs/1345325819#L2830 `_
+* **snippets:** ignore servers or snippets when undefined (\ `6cb486d `_\ ), closes `#274 `_
+
+`2.7.1 `_ (2021-05-12)
+-------------------------------------------------------------------------------------------------------
+
+Bug Fixes
+^^^^^^^^^
+
+
+* **servers:** wrong conditional specification (\ `494b2fb `_\ )
+
+Continuous Integration
+^^^^^^^^^^^^^^^^^^^^^^
+
+
+* add ``arch-master`` to matrix and update ``.travis.yml`` [skip ci] (\ `4697152 `_\ )
+
+`2.7.0 `_ (2021-04-28)
+-------------------------------------------------------------------------------------------------------
+
+Continuous Integration
+^^^^^^^^^^^^^^^^^^^^^^
+
+
+* **kitchen+gitlab:** adjust matrix to add ``3003`` [skip ci] (\ `46faf4e `_\ )
+* **vagrant:** add FreeBSD 13.0 [skip ci] (\ `b41062e `_\ )
+* **vagrant:** use pre-salted boxes & conditional local settings [skip ci] (\ `b9e9cd3 `_\ )
+
+Documentation
+^^^^^^^^^^^^^
+
+
+* **readme:** add ``Testing with Vagrant`` section [skip ci] (\ `5727848 `_\ )
+
+Features
+^^^^^^^^
+
+
+* **servers_config:** add require statement to manage dependencies (\ `622d22f `_\ )
+
+Tests
+^^^^^
+
+
+* **requires:** verify dependencies in vhosts (\ `6478143 `_\ )
+
+`2.6.3 `_ (2021-04-03)
+-------------------------------------------------------------------------------------------------------
+
+Bug Fixes
+^^^^^^^^^
+
+
+* **freebsd:** add ``openssl`` pkg and update all ``default`` tests (\ `4cd351a `_\ )
+
+Continuous Integration
+^^^^^^^^^^^^^^^^^^^^^^
+
+
+* enable Vagrant-based testing using GitHub Actions (\ `c79ce9a `_\ )
+
+`2.6.2 `_ (2021-03-30)
+-------------------------------------------------------------------------------------------------------
+
+Bug Fixes
+^^^^^^^^^
+
+
+* **servers_config:** fixup 05994e1 (\ `c03729a `_\ )
+
+`2.6.1 `_ (2021-03-29)
+-------------------------------------------------------------------------------------------------------
+
+Bug Fixes
+^^^^^^^^^
+
+
+* **servers_config:** remove service depedency (\ `05994e1 `_\ )
+
+Code Refactoring
+^^^^^^^^^^^^^^^^
+
+
+* **servers_config:** remove unused loop (\ `3825557 `_\ )
+
+Continuous Integration
+^^^^^^^^^^^^^^^^^^^^^^
+
+
+* **kitchen+ci:** include ``passenger`` suite [skip ci] (\ `0bbe686 `_\ )
+
+Tests
+^^^^^
+
+
+* standardise use of ``share`` suite & ``_mapdata`` state [skip ci] (\ `8ea3c82 `_\ )
+
+`2.6.0 `_ (2021-03-11)
+-------------------------------------------------------------------------------------------------------
+
+Bug Fixes
+^^^^^^^^^
+
+
+* **passenger:** various fixes (\ `7271c9d `_\ )
+* **pkg:** add inline EPEL repo configuration for Amazon Linux 2 (\ `ae6375c `_\ )
+
+Continuous Integration
+^^^^^^^^^^^^^^^^^^^^^^
+
+
+* **gemfile+lock:** use ``ssf`` customised ``kitchen-docker`` repo [skip ci] (\ `123d13e `_\ )
+* **kitchen+ci:** make rubocop happy [skip ci] (\ `eedfc56 `_\ )
+* **kitchen+ci:** use latest pre-salted images (after CVE) [skip ci] (\ `63d32a4 `_\ )
+* **kitchen+gitlab-ci:** use latest pre-salted images [skip ci] (\ `b4411c6 `_\ )
+* **pre-commit:** update hook for ``rubocop`` [skip ci] (\ `2a23743 `_\ )
+
+Features
+^^^^^^^^
+
+
+* **config:** validate config before applying (\ `b396b24 `_\ )
+
+Tests
+^^^^^
+
+
+* **config:** fix for Amazon Linux 2 & Oracle Linux 7/8 (\ `ab39c8f `_\ )
+
`2.5.0 `_ (2021-01-04)
-------------------------------------------------------------------------------------------------------
diff --git a/docs/README.apt.keyrings.rst b/docs/README.apt.keyrings.rst
new file mode 100644
index 0000000..7319c96
--- /dev/null
+++ b/docs/README.apt.keyrings.rst
@@ -0,0 +1,34 @@
+.. _readme_apt_keyrings:
+
+apt repositories' keyrings
+==========================
+
+Debian family of OSes deprecated the use of `apt-key` to manage repositories' keys
+in favor of using `keyring files` which contain a binary OpenPGP format of the key
+(also known as "GPG key public ring")
+
+As nginx and passenger don't provide such key files, we created them following the
+official recomendations in their sites and install the resulting files.
+
+Nginx
+-----
+
+See https://nginx.org/en/linux_packages.html#Debian for details
+
+.. code-block:: bash
+
+ $ curl -s https://nginx.org/keys/nginx_signing.key | \
+ gpg --dearmor --output nginx-archive-keyring.gpg
+
+Phusion-passenger
+-----------------
+
+See https://www.phusionpassenger.com/docs/tutorials/deploy_to_production/installations/oss/ownserver/ruby/nginx/
+for more details.
+
+.. code-block:: bash
+
+ $ gpg --keyserver keyserver.ubuntu.com \
+ --output - \
+ --recv-keys 561F9B9CAC40B2F7 | \
+ gpg --export --output phusionpassenger-archive-keyring.gpg
diff --git a/docs/README.rst b/docs/README.rst
index 7451490..78148a4 100644
--- a/docs/README.rst
+++ b/docs/README.rst
@@ -169,3 +169,65 @@ Runs all of the stages above in one go: i.e. ``destroy`` + ``converge`` + ``veri
^^^^^^^^^^^^^^^^^^^^^
Gives you SSH access to the instance for manual testing.
+
+Testing with Vagrant
+--------------------
+
+Windows/FreeBSD/OpenBSD testing is done with ``kitchen-salt``.
+
+Requirements
+^^^^^^^^^^^^
+
+* Ruby
+* Virtualbox
+* Vagrant
+
+Setup
+^^^^^
+
+.. code-block:: bash
+
+ $ gem install bundler
+ $ bundle install --with=vagrant
+ $ bin/kitchen test [platform]
+
+Where ``[platform]`` is the platform name defined in ``kitchen.vagrant.yml``,
+e.g. ``windows-81-latest-py3``.
+
+Note
+^^^^
+
+When testing using Vagrant you must set the environment variable ``KITCHEN_LOCAL_YAML`` to ``kitchen.vagrant.yml``. For example:
+
+.. code-block:: bash
+
+ $ KITCHEN_LOCAL_YAML=kitchen.vagrant.yml bin/kitchen test # Alternatively,
+ $ export KITCHEN_LOCAL_YAML=kitchen.vagrant.yml
+ $ bin/kitchen test
+
+Then run the following commands as needed.
+
+``bin/kitchen converge``
+^^^^^^^^^^^^^^^^^^^^^^^^
+
+Creates the Vagrant instance and runs the ``nginx`` main state, ready for testing.
+
+``bin/kitchen verify``
+^^^^^^^^^^^^^^^^^^^^^^
+
+Runs the ``inspec`` tests on the actual instance.
+
+``bin/kitchen destroy``
+^^^^^^^^^^^^^^^^^^^^^^^
+
+Removes the Vagrant instance.
+
+``bin/kitchen test``
+^^^^^^^^^^^^^^^^^^^^
+
+Runs all of the stages above in one go: i.e. ``destroy`` + ``converge`` + ``verify`` + ``destroy``.
+
+``bin/kitchen login``
+^^^^^^^^^^^^^^^^^^^^^
+
+Gives you RDP/SSH access to the instance for manual testing.
diff --git a/kitchen.vagrant.yml b/kitchen.vagrant.yml
new file mode 100644
index 0000000..f9661b3
--- /dev/null
+++ b/kitchen.vagrant.yml
@@ -0,0 +1,32 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+driver:
+ name: vagrant
+ cache_directory: false
+ customize:
+ usbxhci: 'off'
+ gui: false
+ ssh:
+ shell: /bin/sh
+ <% unless ENV['CI'] %>
+ linked_clone: true
+ synced_folders:
+ - - '.kitchen/kitchen-vagrant/%{instance_name}/vagrant'
+ - '/vagrant'
+ - 'create: true, disabled: false'
+ <% end %>
+
+platforms:
+ - name: freebsd-130-master-py3
+ driver:
+ box: myii/freebsd-13.0-master-py3
+ - name: freebsd-123-master-py3
+ driver:
+ box: myii/freebsd-12.3-master-py3
+ - name: freebsd-130-3004-0-py3
+ driver:
+ box: myii/freebsd-13.0-3004.0-py3
+ - name: freebsd-123-3004-0-py3
+ driver:
+ box: myii/freebsd-12.3-3004.0-py3
diff --git a/kitchen.yml b/kitchen.yml
index 6ea5972..5ccf8a4 100644
--- a/kitchen.yml
+++ b/kitchen.yml
@@ -6,131 +6,7 @@ driver:
name: docker
use_sudo: false
privileged: true
- run_command: /lib/systemd/systemd
-
-# Make sure the platforms listed below match up with
-# the `env.matrix` instances defined in `.travis.yml`
-platforms:
- ## SALT `master`
- - name: debian-10-master-py3
- driver:
- image: saltimages/salt-master-py3:debian-10
- - name: ubuntu-1804-master-py3
- driver:
- image: saltimages/salt-master-py3:ubuntu-18.04
- - name: centos-8-master-py3
- driver:
- image: saltimages/salt-master-py3:centos-8
- - name: fedora-31-master-py3
- driver:
- image: saltimages/salt-master-py3:fedora-31
- - name: opensuse-leap-151-master-py3
- driver:
- image: netmanagers/salt-master-py3:opensuse-leap-15.1
- run_command: /usr/lib/systemd/systemd
- # Workaround to avoid intermittent failures on `opensuse-leap-15.1`:
- # => SCP did not finish successfully (255): (Net::SCP::Error)
- transport:
- max_ssh_sessions: 1
- - name: amazonlinux-2-master-py3
- driver:
- image: saltimages/salt-master-py3:amazonlinux-2
-
- ## SALT `2019.2`
- - name: debian-10-2019-2-py3
- driver:
- image: saltimages/salt-2019.2-py3:debian-10
- - name: debian-9-2019-2-py3
- driver:
- image: saltimages/salt-2019.2-py3:debian-9
- - name: ubuntu-1804-2019-2-py3
- driver:
- image: saltimages/salt-2019.2-py3:ubuntu-18.04
- - name: centos-8-2019-2-py3
- driver:
- image: saltimages/salt-2019.2-py3:centos-8
- - name: fedora-31-2019-2-py3
- driver:
- image: saltimages/salt-2019.2-py3:fedora-31
- - name: opensuse-leap-151-2019-2-py3
- driver:
- image: netmanagers/salt-2019.2-py3:opensuse-leap-15.1
- run_command: /usr/lib/systemd/systemd
- # Workaround to avoid intermittent failures on `opensuse-leap-15.1`:
- # => SCP did not finish successfully (255): (Net::SCP::Error)
- transport:
- max_ssh_sessions: 1
- - name: centos-7-2019-2-py2
- driver:
- image: netmanagers/salt-2019.2-py2:centos-7
- - name: amazonlinux-2-2019-2-py3
- driver:
- image: saltimages/salt-2019.2-py3:amazonlinux-2
- - name: arch-base-latest-2019-2-py2
- driver:
- image: saltimages/salt-2019.2-py2:arch-base-latest
- run_command: /usr/lib/systemd/systemd
-
- ## SALT `2018.3`
- - name: fedora-30-2018-3-py3
- driver:
- image: netmanagers/salt-2018.3-py3:fedora-30
- - name: debian-9-2018-3-py2
- driver:
- image: netmanagers/salt-2018.3-py2:debian-9
- - name: ubuntu-1604-2018-3-py2
- driver:
- image: netmanagers/salt-2018.3-py2:ubuntu-16.04
- - name: centos-7-2018-3-py2
- driver:
- image: netmanagers/salt-2018.3-py2:centos-7
- - name: opensuse-leap-151-2018-3-py2
- driver:
- image: netmanagers/salt-2018.3-py2:opensuse-leap-15.1
- run_command: /usr/lib/systemd/systemd
- # Workaround to avoid intermittent failures on `opensuse-leap-15.1`:
- # => SCP did not finish successfully (255): (Net::SCP::Error)
- transport:
- max_ssh_sessions: 1
- - name: amazonlinux-1-2018-3-py2
- driver:
- image: netmanagers/salt-2018.3-py2:amazonlinux-1
- run_command: /sbin/init
- - name: arch-base-latest-2018-3-py2
- driver:
- image: netmanagers/salt-2018.3-py2:arch-base-latest
- run_command: /usr/lib/systemd/systemd
-
- ## SALT `2017.7`
- - name: debian-8-2017-7-py2
- driver:
- image: netmanagers/salt-2017.7-py2:debian-8
- - name: ubuntu-1604-2017-7-py2
- driver:
- image: netmanagers/salt-2017.7-py2:ubuntu-16.04
- - name: centos-6-2017-7-py2
- driver:
- image: netmanagers/salt-2017.7-py2:centos-6
- run_command: /sbin/init
- - name: fedora-30-2017-7-py2
- driver:
- image: netmanagers/salt-2017.7-py2:fedora-30
- - name: opensuse-leap-151-2017-7-py2
- driver:
- image: netmanagers/salt-2017.7-py2:opensuse-leap-15.1
- run_command: /usr/lib/systemd/systemd
- # Workaround to avoid intermittent failures on `opensuse-leap-15.1`:
- # => SCP did not finish successfully (255): (Net::SCP::Error)
- transport:
- max_ssh_sessions: 1
- - name: amazonlinux-1-2017-7-py2
- driver:
- image: netmanagers/salt-2017.7-py2:amazonlinux-1
- run_command: /sbin/init
- - name: arch-base-latest-2017-7-py2
- driver:
- image: netmanagers/salt-2017.7-py2:arch-base-latest
- run_command: /usr/lib/systemd/systemd
+ run_command: /usr/lib/systemd/systemd
provisioner:
name: salt_solo
@@ -142,20 +18,289 @@ provisioner:
- .kitchen
- .git
+platforms:
+ ## SALT `tiamat`
+ - name: debian-11-tiamat-py3
+ driver:
+ image: saltimages/salt-tiamat-py3:debian-11
+ run_command: /lib/systemd/systemd
+ - name: debian-10-tiamat-py3
+ driver:
+ image: saltimages/salt-tiamat-py3:debian-10
+ run_command: /lib/systemd/systemd
+ - name: debian-9-tiamat-py3
+ driver:
+ image: saltimages/salt-tiamat-py3:debian-9
+ run_command: /lib/systemd/systemd
+ - name: ubuntu-2004-tiamat-py3
+ driver:
+ image: saltimages/salt-tiamat-py3:ubuntu-20.04
+ run_command: /lib/systemd/systemd
+ - name: ubuntu-1804-tiamat-py3
+ driver:
+ image: saltimages/salt-tiamat-py3:ubuntu-18.04
+ run_command: /lib/systemd/systemd
+ - name: centos-stream8-tiamat-py3
+ driver:
+ image: saltimages/salt-tiamat-py3:centos-stream8
+ - name: centos-7-tiamat-py3
+ driver:
+ image: saltimages/salt-tiamat-py3:centos-7
+ - name: amazonlinux-2-tiamat-py3
+ driver:
+ image: saltimages/salt-tiamat-py3:amazonlinux-2
+ - name: oraclelinux-8-tiamat-py3
+ driver:
+ image: saltimages/salt-tiamat-py3:oraclelinux-8
+ - name: oraclelinux-7-tiamat-py3
+ driver:
+ image: saltimages/salt-tiamat-py3:oraclelinux-7
+ - name: almalinux-8-tiamat-py3
+ driver:
+ image: saltimages/salt-tiamat-py3:almalinux-8
+ - name: rockylinux-8-tiamat-py3
+ driver:
+ image: saltimages/salt-tiamat-py3:rockylinux-8
+
+ ## SALT `master`
+ - name: debian-11-master-py3
+ driver:
+ image: saltimages/salt-master-py3:debian-11
+ run_command: /lib/systemd/systemd
+ - name: debian-10-master-py3
+ driver:
+ image: saltimages/salt-master-py3:debian-10
+ run_command: /lib/systemd/systemd
+ - name: debian-9-master-py3
+ driver:
+ image: saltimages/salt-master-py3:debian-9
+ run_command: /lib/systemd/systemd
+ - name: ubuntu-2004-master-py3
+ driver:
+ image: saltimages/salt-master-py3:ubuntu-20.04
+ run_command: /lib/systemd/systemd
+ - name: ubuntu-1804-master-py3
+ driver:
+ image: saltimages/salt-master-py3:ubuntu-18.04
+ run_command: /lib/systemd/systemd
+ - name: centos-stream8-master-py3
+ driver:
+ image: saltimages/salt-master-py3:centos-stream8
+ - name: centos-7-master-py3
+ driver:
+ image: saltimages/salt-master-py3:centos-7
+ - name: fedora-36-master-py3
+ driver:
+ image: saltimages/salt-master-py3:fedora-36
+ - name: fedora-35-master-py3
+ driver:
+ image: saltimages/salt-master-py3:fedora-35
+ - name: fedora-34-master-py3
+ driver:
+ image: saltimages/salt-master-py3:fedora-34
+ - name: opensuse-leap-153-master-py3
+ driver:
+ image: saltimages/salt-master-py3:opensuse-leap-15.3
+ # Workaround to avoid intermittent failures on `opensuse-leap-15.3`:
+ # => SCP did not finish successfully (255): (Net::SCP::Error)
+ transport:
+ max_ssh_sessions: 1
+ - name: opensuse-tmbl-latest-master-py3
+ driver:
+ image: saltimages/salt-master-py3:opensuse-tumbleweed-latest
+ # Workaround to avoid intermittent failures on `opensuse-tumbleweed`:
+ # => SCP did not finish successfully (255): (Net::SCP::Error)
+ transport:
+ max_ssh_sessions: 1
+ - name: amazonlinux-2-master-py3
+ driver:
+ image: saltimages/salt-master-py3:amazonlinux-2
+ - name: oraclelinux-8-master-py3
+ driver:
+ image: saltimages/salt-master-py3:oraclelinux-8
+ - name: oraclelinux-7-master-py3
+ driver:
+ image: saltimages/salt-master-py3:oraclelinux-7
+ - name: arch-base-latest-master-py3
+ driver:
+ image: saltimages/salt-master-py3:arch-base-latest
+ - name: gentoo-stage3-latest-master-py3
+ driver:
+ image: saltimages/salt-master-py3:gentoo-stage3-latest
+ run_command: /sbin/init
+ - name: gentoo-stage3-systemd-master-py3
+ driver:
+ image: saltimages/salt-master-py3:gentoo-stage3-systemd
+ - name: almalinux-8-master-py3
+ driver:
+ image: saltimages/salt-master-py3:almalinux-8
+ - name: rockylinux-8-master-py3
+ driver:
+ image: saltimages/salt-master-py3:rockylinux-8
+
+ ## SALT `3004.1`
+ - name: debian-11-3004-1-py3
+ driver:
+ image: saltimages/salt-3004.1-py3:debian-11
+ run_command: /lib/systemd/systemd
+ - name: debian-10-3004-1-py3
+ driver:
+ image: saltimages/salt-3004.1-py3:debian-10
+ run_command: /lib/systemd/systemd
+ - name: debian-9-3004-1-py3
+ driver:
+ image: saltimages/salt-3004.1-py3:debian-9
+ run_command: /lib/systemd/systemd
+ - name: ubuntu-2004-3004-1-py3
+ driver:
+ image: saltimages/salt-3004.1-py3:ubuntu-20.04
+ run_command: /lib/systemd/systemd
+ - name: ubuntu-1804-3004-1-py3
+ driver:
+ image: saltimages/salt-3004.1-py3:ubuntu-18.04
+ run_command: /lib/systemd/systemd
+ - name: centos-stream8-3004-1-py3
+ driver:
+ image: saltimages/salt-3004.1-py3:centos-stream8
+ - name: centos-7-3004-1-py3
+ driver:
+ image: saltimages/salt-3004.1-py3:centos-7
+ - name: fedora-36-3004-1-py3
+ driver:
+ image: saltimages/salt-3004.1-py3:fedora-36
+ - name: fedora-35-3004-1-py3
+ driver:
+ image: saltimages/salt-3004.1-py3:fedora-35
+ - name: fedora-34-3004-1-py3
+ driver:
+ image: saltimages/salt-3004.1-py3:fedora-34
+ - name: amazonlinux-2-3004-1-py3
+ driver:
+ image: saltimages/salt-3004.1-py3:amazonlinux-2
+ - name: oraclelinux-8-3004-1-py3
+ driver:
+ image: saltimages/salt-3004.1-py3:oraclelinux-8
+ - name: oraclelinux-7-3004-1-py3
+ driver:
+ image: saltimages/salt-3004.1-py3:oraclelinux-7
+ - name: arch-base-latest-3004-1-py3
+ driver:
+ image: saltimages/salt-3004.1-py3:arch-base-latest
+ - name: gentoo-stage3-latest-3004-1-py3
+ driver:
+ image: saltimages/salt-3004.1-py3:gentoo-stage3-latest
+ run_command: /sbin/init
+ - name: gentoo-stage3-systemd-3004-1-py3
+ driver:
+ image: saltimages/salt-3004.1-py3:gentoo-stage3-systemd
+ - name: almalinux-8-3004-1-py3
+ driver:
+ image: saltimages/salt-3004.1-py3:almalinux-8
+ - name: rockylinux-8-3004-1-py3
+ driver:
+ image: saltimages/salt-3004.1-py3:rockylinux-8
+
+ ## SALT `3004.0`
+ - name: opensuse-leap-153-3004-0-py3
+ driver:
+ image: saltimages/salt-3004.0-py3:opensuse-leap-15.3
+ # Workaround to avoid intermittent failures on `opensuse-leap-15.3`:
+ # => SCP did not finish successfully (255): (Net::SCP::Error)
+ transport:
+ max_ssh_sessions: 1
+ - name: opensuse-tmbl-latest-3004-0-py3
+ driver:
+ image: saltimages/salt-3004.0-py3:opensuse-tumbleweed-latest
+ # Workaround to avoid intermittent failures on `opensuse-tumbleweed`:
+ # => SCP did not finish successfully (255): (Net::SCP::Error)
+ transport:
+ max_ssh_sessions: 1
+
+ ## SALT `3003.4`
+ - name: debian-10-3003-4-py3
+ driver:
+ image: saltimages/salt-3003.4-py3:debian-10
+ run_command: /lib/systemd/systemd
+ - name: debian-9-3003-4-py3
+ driver:
+ image: saltimages/salt-3003.4-py3:debian-9
+ run_command: /lib/systemd/systemd
+ - name: ubuntu-2004-3003-4-py3
+ driver:
+ image: saltimages/salt-3003.4-py3:ubuntu-20.04
+ run_command: /lib/systemd/systemd
+ - name: ubuntu-1804-3003-4-py3
+ driver:
+ image: saltimages/salt-3003.4-py3:ubuntu-18.04
+ run_command: /lib/systemd/systemd
+ - name: centos-stream8-3003-4-py3
+ driver:
+ image: saltimages/salt-3003.4-py3:centos-stream8
+ - name: centos-7-3003-4-py3
+ driver:
+ image: saltimages/salt-3003.4-py3:centos-7
+ - name: amazonlinux-2-3003-4-py3
+ driver:
+ image: saltimages/salt-3003.4-py3:amazonlinux-2
+ - name: oraclelinux-8-3003-4-py3
+ driver:
+ image: saltimages/salt-3003.4-py3:oraclelinux-8
+ - name: oraclelinux-7-3003-4-py3
+ driver:
+ image: saltimages/salt-3003.4-py3:oraclelinux-7
+ - name: almalinux-8-3003-4-py3
+ driver:
+ image: saltimages/salt-3003.4-py3:almalinux-8
+
+ ## SALT `3002.8`
+ - name: debian-10-3002-8-py3
+ driver:
+ image: saltimages/salt-3002.8-py3:debian-10
+ run_command: /lib/systemd/systemd
+ - name: debian-9-3002-8-py3
+ driver:
+ image: saltimages/salt-3002.8-py3:debian-9
+ run_command: /lib/systemd/systemd
+ - name: ubuntu-2004-3002-8-py3
+ driver:
+ image: saltimages/salt-3002.8-py3:ubuntu-20.04
+ run_command: /lib/systemd/systemd
+ - name: ubuntu-1804-3002-8-py3
+ driver:
+ image: saltimages/salt-3002.8-py3:ubuntu-18.04
+ run_command: /lib/systemd/systemd
+ - name: centos-7-3002-8-py3
+ driver:
+ image: saltimages/salt-3002.8-py3:centos-7
+ - name: amazonlinux-2-3002-8-py3
+ driver:
+ image: saltimages/salt-3002.8-py3:amazonlinux-2
+ - name: oraclelinux-8-3002-8-py3
+ driver:
+ image: saltimages/salt-3002.8-py3:oraclelinux-8
+ - name: oraclelinux-7-3002-8-py3
+ driver:
+ image: saltimages/salt-3002.8-py3:oraclelinux-7
+
verifier:
# https://www.inspec.io/
name: inspec
sudo: true
- # cli, documentation, html, progress, json, json-min, json-rspec, junit
reporter:
+ # cli, documentation, html, progress, json, json-min, json-rspec, junit
- cli
suites:
- name: default
provisioner:
+ dependencies:
+ - name: test_dep
+ path: test/salt/default/states
state_top:
base:
'*':
+ - test_dep.create_dependency_file
+ - nginx._mapdata
- nginx
pillars:
top.sls:
@@ -167,3 +312,65 @@ suites:
verifier:
inspec_tests:
- path: test/integration/default
+ - name: passenger
+ includes:
+ - debian-11-tiamat-py3
+ - debian-10-tiamat-py3
+ - debian-9-tiamat-py3
+ - ubuntu-2004-tiamat-py3
+ - ubuntu-1804-tiamat-py3
+ - centos-stream8-tiamat-py3
+ - centos-7-tiamat-py3
+ - oraclelinux-8-tiamat-py3
+ - almalinux-8-tiamat-py3
+ - rockylinux-8-tiamat-py3
+ - debian-11-master-py3
+ - debian-10-master-py3
+ - debian-9-master-py3
+ - ubuntu-2004-master-py3
+ - ubuntu-1804-master-py3
+ - centos-stream8-master-py3
+ - centos-7-master-py3
+ - oraclelinux-8-master-py3
+ - almalinux-8-master-py3
+ - rockylinux-8-master-py3
+ - debian-11-3004-1-py3
+ - debian-10-3004-1-py3
+ - debian-9-3004-1-py3
+ - ubuntu-2004-3004-1-py3
+ - ubuntu-1804-3004-1-py3
+ - centos-stream8-3004-1-py3
+ - centos-7-3004-1-py3
+ - oraclelinux-8-3004-1-py3
+ - almalinux-8-3004-1-py3
+ - rockylinux-8-3004-1-py3
+ - debian-10-3003-4-py3
+ - debian-9-3003-4-py3
+ - ubuntu-2004-3003-4-py3
+ - ubuntu-1804-3003-4-py3
+ - centos-stream8-3003-4-py3
+ - centos-7-3003-4-py3
+ - oraclelinux-8-3003-4-py3
+ - almalinux-8-3003-4-py3
+ - debian-10-3002-8-py3
+ - debian-9-3002-8-py3
+ - ubuntu-2004-3002-8-py3
+ - ubuntu-1804-3002-8-py3
+ - centos-7-3002-8-py3
+ - oraclelinux-8-3002-8-py3
+ provisioner:
+ state_top:
+ base:
+ '*':
+ - nginx._mapdata
+ - nginx.passenger
+ pillars:
+ top.sls:
+ base:
+ '*':
+ - nginx
+ pillars_from_files:
+ nginx.sls: test/salt/passenger/pillar/nginx.sls
+ verifier:
+ inspec_tests:
+ - path: test/integration/passenger
diff --git a/nginx/_mapdata/_mapdata.jinja b/nginx/_mapdata/_mapdata.jinja
new file mode 100644
index 0000000..aa9649c
--- /dev/null
+++ b/nginx/_mapdata/_mapdata.jinja
@@ -0,0 +1,13 @@
+# yamllint disable rule:indentation rule:line-length
+# {{ grains.get("osfinger", grains.os) }}
+---
+{#- use salt.slsutil.serialize to avoid encoding errors on some platforms #}
+{{ salt["slsutil.serialize"](
+ "yaml",
+ map,
+ default_flow_style=False,
+ allow_unicode=True,
+ )
+ | regex_replace("^\s+'$", "'", multiline=True)
+ | trim
+}}
diff --git a/nginx/_mapdata/init.sls b/nginx/_mapdata/init.sls
new file mode 100644
index 0000000..650b3e8
--- /dev/null
+++ b/nginx/_mapdata/init.sls
@@ -0,0 +1,22 @@
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+---
+{#- Get the `tplroot` from `tpldir` #}
+{%- set tplroot = tpldir.split("/")[0] %}
+{%- from tplroot ~ "/map.jinja" import nginx with context %}
+
+{%- set _mapdata = {
+ "values": nginx,
+ } %}
+{%- do salt["log.debug"]("### MAP.JINJA DUMP ###\n" ~ _mapdata | yaml(False)) %}
+
+{%- set output_dir = "/temp" if grains.os_family == "Windows" else "/tmp" %}
+{%- set output_file = output_dir ~ "/salt_mapdata_dump.yaml" %}
+
+{{ tplroot }}-mapdata-dump:
+ file.managed:
+ - name: {{ output_file }}
+ - source: salt://{{ tplroot }}/_mapdata/_mapdata.jinja
+ - template: jinja
+ - context:
+ map: {{ _mapdata | yaml }}
diff --git a/nginx/certificates.sls b/nginx/certificates.sls
index 2a8330b..8781045 100644
--- a/nginx/certificates.sls
+++ b/nginx/certificates.sls
@@ -30,6 +30,7 @@ generate_nginx_dhparam_{{ dh_param }}_key:
- creates: {{ certificates_path }}/{{ dh_param }}
- require:
- file: prepare_certificates_path_dir
+ - pkg: generate_nginx_dhparam_{{ dh_param }}_key
- watch_in:
- service: nginx_service
{%- endif %}
diff --git a/nginx/files/default/nginx-archive-keyring.gpg b/nginx/files/default/nginx-archive-keyring.gpg
new file mode 100644
index 0000000..82b5bff
Binary files /dev/null and b/nginx/files/default/nginx-archive-keyring.gpg differ
diff --git a/nginx/files/default/phusionpassenger-archive-keyring.gpg b/nginx/files/default/phusionpassenger-archive-keyring.gpg
new file mode 100644
index 0000000..ee1337f
Binary files /dev/null and b/nginx/files/default/phusionpassenger-archive-keyring.gpg differ
diff --git a/nginx/init.sls b/nginx/init.sls
index 7ad31bd..b278137 100644
--- a/nginx/init.sls
+++ b/nginx/init.sls
@@ -13,6 +13,9 @@ include:
{%- if nginx.snippets is defined %}
- nginx.snippets
{%- endif %}
+ {%- if nginx.streams is defined %}
+ - nginx.streams
+ {%- endif %}
- nginx.servers
- nginx.certificates
diff --git a/nginx/map.jinja b/nginx/map.jinja
index c273349..824c5a7 100644
--- a/nginx/map.jinja
+++ b/nginx/map.jinja
@@ -9,16 +9,19 @@
'Debian': {
'package': 'nginx',
'passenger_package': 'passenger',
- 'passenger_config_file': '/etc/nginx/conf.d/passenger.conf',
+ 'passenger_config_file': '/etc/nginx/conf.d/mod-http-passenger.conf',
'service': 'nginx',
'webuser': 'www-data',
'conf_file': '/etc/nginx/nginx.conf',
'server_available': '/etc/nginx/sites-available',
'server_enabled': '/etc/nginx/sites-enabled',
'snippets_dir': '/etc/nginx/snippets',
+ 'streams_dir': '/etc/nginx/streams',
'server_use_symlink': True,
'pid_file': '/run/nginx.pid',
'openssl_package': 'openssl',
+ 'package_repo_keyring': '/usr/share/keyrings/nginx-archive-keyring.gpg',
+ 'passenger_package_repo_keyring': '/usr/share/keyrings/phusionpassenger-archive-keyring.gpg',
},
'CentOS': {
'package': 'nginx',
@@ -30,6 +33,7 @@
'server_available': '/etc/nginx/conf.d',
'server_enabled': '/etc/nginx/conf.d',
'snippets_dir': '/etc/nginx/snippets',
+ 'streams_dir': '/etc/nginx/streams',
'server_use_symlink': False,
'pid_file': '/run/nginx.pid',
'rh_os_releasever': '$releasever',
@@ -47,6 +51,7 @@
'server_available': '/etc/nginx/conf.d',
'server_enabled': '/etc/nginx/conf.d',
'snippets_dir': '/etc/nginx/snippets',
+ 'streams_dir': '/etc/nginx/streams',
'server_use_symlink': False,
'pid_file': '/run/nginx.pid',
'rh_os_releasever': '$releasever',
@@ -67,6 +72,7 @@
'server_available': '/etc/nginx/vhosts.d',
'server_enabled': '/etc/nginx/vhosts.d',
'snippets_dir': '/etc/nginx/snippets',
+ 'streams_dir': '/etc/nginx/streams',
'server_use_symlink': False,
'pid_file': '/run/nginx.pid',
'gpg_check': True,
@@ -81,6 +87,7 @@
'server_available': '/etc/nginx/sites-available',
'server_enabled': '/etc/nginx/sites-enabled',
'snippets_dir': '/etc/nginx/snippets',
+ 'streams_dir': '/etc/nginx/streams',
'server_use_symlink': True,
'openssl_package': 'openssl',
},
@@ -92,6 +99,7 @@
'server_available': '/etc/nginx/sites-available',
'server_enabled': '/etc/nginx/sites-enabled',
'snippets_dir': '/etc/nginx/snippets',
+ 'streams_dir': '/etc/nginx/streams',
'server_use_symlink': True,
'openssl_package': 'dev-libs/openssl',
},
@@ -104,7 +112,9 @@
'server_available': '/usr/local/etc/nginx/sites-available',
'server_enabled': '/usr/local/etc/nginx/sites-enabled',
'snippets_dir': '/usr/local/etc/nginx/snippets',
+ 'streams_dir': '/usr/local/etc/nginx/streams',
'server_use_symlink': True,
+ 'openssl_package': 'openssl',
'pid_file': '/var/run/nginx.pid',
},
}, default='Debian' ),
@@ -112,6 +122,7 @@
'install_from_ppa': False,
'install_from_repo': False,
'install_from_phusionpassenger': False,
+ 'check_config_before_apply': False,
'ppa_version': 'stable',
'source_version': '1.10.0',
'source_hash': '8ed647c3dd65bc4ced03b0e0f6bf9e633eff6b01bac772bcf97077d58bc2be4d',
@@ -119,7 +130,9 @@
'opts': {},
},
'package': {
- 'opts': {},
+ 'opts': {
+ 'refresh': True,
+ },
},
'service': {
'enable': True,
@@ -132,6 +145,9 @@
'events': {
'worker_connections': 512,
},
+ 'stream' : {
+ 'include': '/etc/nginx/streams/*',
+ },
'http': {
'sendfile': 'on',
'tcp_nopush': 'on',
@@ -196,3 +212,7 @@
}) %}
{% endif %}
{% endif %}
+
+{% if salt['grains.get']('os_family') == 'FreeBSD' %}
+ {% do nginx.server.config.stream.update({'include' : nginx.lookup.streams_dir ~ '/*'}) %}
+{% endif %}
diff --git a/nginx/passenger.sls b/nginx/passenger.sls
index 91808c0..c22f6a9 100644
--- a/nginx/passenger.sls
+++ b/nginx/passenger.sls
@@ -15,16 +15,21 @@ include:
{%- if nginx.snippets is defined %}
- nginx.snippets
{%- endif %}
+ {%- if nginx.streams is defined %}
+ - nginx.streams
+ {%- endif %}
- nginx.servers
- nginx.certificates
passenger_install:
pkg.installed:
+ {{ sls_block(nginx.package.opts) }}
- name: {{ nginx.lookup.passenger_package }}
- require:
- pkg: nginx_install
- require_in:
- service: nginx_service
+ - file: nginx_config
/etc/nginx/passenger.conf:
file.absent:
@@ -46,6 +51,7 @@ passenger_config:
- service: nginx_service
- require_in:
- service: nginx_service
+ - file: nginx_config
- require:
- file: /etc/nginx/passenger.conf
- pkg: passenger_install
diff --git a/nginx/pkg.sls b/nginx/pkg.sls
index 11d91ec..b2742f6 100644
--- a/nginx/pkg.sls
+++ b/nginx/pkg.sls
@@ -2,7 +2,11 @@
#
# Manages installation of nginx from pkg.
-{% from 'nginx/map.jinja' import nginx, sls_block with context %}
+{#- Get the `tplroot` from `tpldir` #}
+{%- set tplroot = tpldir.split('/')[0] %}
+{%- from tplroot ~ "/map.jinja" import nginx, sls_block with context %}
+{%- from tplroot ~ "/libtofs.jinja" import files_switch with context %}
+
{%- if nginx.install_from_repo %}
{% set from_official = true %}
{% set from_ppa = false %}
@@ -21,6 +25,8 @@
{% set from_phusionpassenger = false %}
{%- endif %}
+{%- set resource_repo_managed = 'file' if grains.os_family == 'Debian' else 'pkgrepo' %}
+
nginx_install:
pkg.installed:
{{ sls_block(nginx.package.opts) }}
@@ -33,19 +39,31 @@ nginx_install:
- name: {{ nginx.lookup.package }}
{% endif %}
-{% if salt['grains.get']('os_family') == 'Debian' %}
+{% if grains.os_family == 'Debian' %}
+ {%- if from_official %}
+nginx_official_repo_keyring:
+ file.managed:
+ - name: {{ nginx.lookup.package_repo_keyring }}
+ - source: {{ files_switch(['nginx-archive-keyring.gpg'],
+ lookup='nginx_official_repo_keyring'
+ )
+ }}
+ - require_in:
+ - {{ resource_repo_managed }}: nginx_official_repo
+ {%- endif %}
+
nginx_official_repo:
- pkgrepo:
+ file:
{%- if from_official %}
- managed
{%- else %}
- absent
{%- endif %}
- - humanname: nginx apt repo
- - name: deb http://nginx.org/packages/{{ grains['os'].lower() }}/ {{ grains['oscodename'] }} nginx
- - file: /etc/apt/sources.list.d/nginx-official-{{ grains['oscodename'] }}.list
- - keyid: ABF5BD827BD9BF62
- - keyserver: keyserver.ubuntu.com
+ - name: /etc/apt/sources.list.d/nginx-official-{{ grains.oscodename }}.list
+ - contents: >
+ deb [signed-by={{ nginx.lookup.package_repo_keyring }}]
+ http://nginx.org/packages/{{ grains.os | lower }}/ {{ grains.oscodename }} nginx
+
- require_in:
- pkg: nginx_install
- watch_in:
@@ -60,10 +78,10 @@ nginx_ppa_repo:
{%- else %}
- absent
{%- endif %}
- {% if salt['grains.get']('os') == 'Ubuntu' %}
+ {% if grains.os == 'Ubuntu' %}
- ppa: nginx/{{ nginx.ppa_version }}
{% else %}
- - name: deb http://ppa.launchpad.net/nginx/{{ nginx.ppa_version }}/ubuntu {{ grains['oscodename'] }} main
+ - name: deb http://ppa.launchpad.net/nginx/{{ nginx.ppa_version }}/ubuntu {{ grains.oscodename }} main
- keyid: C300EE8C
- keyserver: keyserver.ubuntu.com
{% endif %}
@@ -73,25 +91,49 @@ nginx_ppa_repo:
- pkg: nginx_install
{%- endif %}
+ {%- if from_phusionpassenger %}
+nginx_phusionpassenger_repo_keyring:
+ file.managed:
+ - name: /usr/share/keyrings/phusionpassenger-archive-keyring.gpg
+ - source: {{ files_switch(['phusionpassenger-archive-keyring.gpg'],
+ lookup='nginx_phusionpassenger_repo_keyring'
+ )
+ }}
+ - require_in:
+ - {{ resource_repo_managed }}: nginx_phusionpassenger_repo
+
+# Remove the old repo file
+nginx_phusionpassenger_repo_remove:
+ pkgrepo.absent:
+ - name: deb http://nginx.org/packages/{{ grains.os |lower }}/ {{ grains.oscodename }} nginx
+ - keyid: 561F9B9CAC40B2F7
+ - require_in:
+ - {{ resource_repo_managed }}: nginx_phusionpassenger_repo
+ file.absent:
+ - name: /etc/apt/sources.list.d/nginx-phusionpassenger-{{ grains.oscodename }}.list
+ - require_in:
+ - {{ resource_repo_managed }}: nginx_phusionpassenger_repo
+ {%- endif %}
+
nginx_phusionpassenger_repo:
- pkgrepo:
+ file:
{%- if from_phusionpassenger %}
- managed
{%- else %}
- absent
{%- endif %}
- - humanname: nginx phusionpassenger repo
- - name: deb https://oss-binaries.phusionpassenger.com/apt/passenger {{ grains['oscodename'] }} main
- - file: /etc/apt/sources.list.d/nginx-phusionpassenger-{{ grains['oscodename'] }}.list
- - keyid: 561F9B9CAC40B2F7
- - keyserver: keyserver.ubuntu.com
+ - name: /etc/apt/sources.list.d/phusionpassenger-official-{{ grains.oscodename }}.list
+ - contents: >
+ deb [signed-by={{ nginx.lookup.passenger_package_repo_keyring }}]
+ https://oss-binaries.phusionpassenger.com/apt/passenger {{ grains.oscodename }} main
+
- require_in:
- pkg: nginx_install
- watch_in:
- pkg: nginx_install
{% endif %}
-{% if salt['grains.get']('os_family') == 'Suse' or salt['grains.get']('os') == 'SUSE' %}
+{% if grains.os_family == 'Suse' or grains.os == 'SUSE' %}
nginx_zypp_repo:
pkgrepo:
{%- if from_official %}
@@ -112,7 +154,23 @@ nginx_zypp_repo:
- pkg: nginx_install
{% endif %}
-{% if salt['grains.get']('os_family') == 'RedHat' %}
+{% if grains.os_family == 'RedHat' %}
+ {% if grains.get('osfinger', '') == 'Amazon Linux-2' %}
+nginx_epel_repo:
+ pkgrepo.managed:
+ - name: epel
+ - humanname: Extra Packages for Enterprise Linux 7 - $basearch
+ - mirrorlist: https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
+ - enabled: 1
+ - gpgcheck: 1
+ - gpgkey: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
+ - failovermethod: priority
+ - require_in:
+ - pkg: nginx_install
+ - watch_in:
+ - pkg: nginx_install
+{% endif %}
+
nginx_yum_repo:
pkgrepo:
{%- if from_official %}
@@ -122,7 +180,7 @@ nginx_yum_repo:
{%- endif %}
- name: nginx
- humanname: nginx repo
- {%- if salt['grains.get']('os') == 'CentOS' %}
+ {%- if grains.os == 'CentOS' %}
- baseurl: 'http://nginx.org/packages/centos/$releasever/$basearch/'
{%- else %}
- baseurl: 'http://nginx.org/packages/rhel/{{ nginx.lookup.rh_os_releasever }}/$basearch/'
@@ -147,7 +205,7 @@ nginx_phusionpassenger_yum_repo:
- baseurl: 'https://oss-binaries.phusionpassenger.com/yum/passenger/el/$releasever/$basearch'
- repo_gpgcheck: 1
- gpgcheck: 0
- - gpgkey: 'https://packagecloud.io/gpg.key'
+ - gpgkey: 'https://oss-binaries.phusionpassenger.com/yum/definitions/RPM-GPG-KEY.asc'
- enabled: True
- sslverify: 1
- sslcacert: /etc/pki/tls/certs/ca-bundle.crt
diff --git a/nginx/servers.sls b/nginx/servers.sls
index f3033bb..4f26fd4 100644
--- a/nginx/servers.sls
+++ b/nginx/servers.sls
@@ -5,12 +5,11 @@
{%- set tplroot = tpldir.split('/')[0] %}
{%- from tplroot ~ '/map.jinja' import nginx, sls_block with context %}
{%- from tplroot ~ '/servers_config.sls' import server_states with context %}
-{%- from tplroot ~ '/service.sls' import service_function with context %}
{% macro file_requisites(states) %}
- {%- for state in states %}
- - file: {{ state }}
- {%- endfor -%}
+{%- for state in states %}
+ - file: {{ state }}
+{%- endfor -%}
{% endmacro %}
include:
@@ -18,15 +17,14 @@ include:
- nginx.servers_config
{% if server_states|length() > 0 %}
-nginx_service_reload:
- service.{{ service_function }}:
- - name: {{ nginx.lookup.service }}
- - reload: True
- - use:
- - service: nginx_service
- - listen:
- {{ file_requisites(server_states) }}
- - require:
- {{ file_requisites(server_states) }}
- - service: nginx_service
+extend:
+ nginx_service:
+ service:
+ - reload: True
+ - require:
+ - file: nginx_config
+ {{ file_requisites(server_states) }}
+ - listen:
+ - file: nginx_config
+ {{ file_requisites(server_states) }}
{% endif %}
diff --git a/nginx/servers_config.sls b/nginx/servers_config.sls
index 3d86d1a..0b1a4f1 100644
--- a/nginx/servers_config.sls
+++ b/nginx/servers_config.sls
@@ -10,8 +10,9 @@
{% set server_states = [] %}
{#- _nginx is a lightened copy of nginx map intended to passed in templates #}
{%- set _nginx = nginx.copy() %}
-{%- do _nginx.pop('snippets') %}
-{%- do _nginx.pop('servers') %}
+{%- do _nginx.pop('streams') if nginx.streams is defined %}
+{%- do _nginx.pop('snippets') if nginx.snippets is defined %}
+{%- do _nginx.pop('servers') if nginx.servers is defined %}
# Simple path concatenation.
# Needs work to make this function on windows.
@@ -52,6 +53,7 @@
file.symlink:
{{ sls_block(nginx.servers.symlink_opts) }}
- name: {{ server_path(server, state) }}
+ - makedirs: True
- target: {{ server_path(server, anti_state) }}
{%- else %}
{%- if deleted == True %}
@@ -98,10 +100,6 @@ nginx_server_available_dir:
- clean: {{ nginx.servers.purge_servers_config }}
{%- endif %}
-# Manage the actual server files
-{% for server, settings in nginx.servers.managed.items() %}
-{% endfor %}
-
# Managed enabled/disabled state for servers
{% for server, settings in nginx.servers.managed.items() %}
{% set conf_state_id = 'server_conf_' ~ loop.index0 %}
@@ -109,6 +107,7 @@ nginx_server_available_dir:
{{ conf_state_id }}:
file.absent:
- name: {{ server_curpath(server) }}
+{% do server_states.append(conf_state_id) %}
{% else %}
{% if settings.enabled == True %}
{{ conf_state_id }}:
@@ -125,8 +124,12 @@ nginx_server_available_dir:
}}
- makedirs: True
- template: jinja
- - require_in:
- - service: nginx_service
+ {%- if 'requires' in settings %}
+ - require:
+ {%- for k, v in settings.requires.items() %}
+ - {{ k }}: {{ v }}
+ {%- endfor %}
+ {%- endif %}
{% if 'source_path' not in settings.config %}
- context:
config: {{ settings.config|json(sort_keys=False) }}
@@ -156,9 +159,7 @@ nginx_server_available_dir:
- file: {{ conf_state_id }}
{% endif %}
-{% if 'deleted' not in settings or ( 'deleted' in settings and settings.deleted == False ) %}
{% do server_states.append(status_state_id) %}
-{% endif %}
{%- endif %} {# enabled != available_dir #}
{% endif %}
{% endfor %}
diff --git a/nginx/service.sls b/nginx/service.sls
index 9cbc5cc..adb51f0 100644
--- a/nginx/service.sls
+++ b/nginx/service.sls
@@ -42,3 +42,6 @@ nginx_service:
{% else %}
- pkg: nginx_install
{% endif %}
+{% if nginx.check_config_before_apply %}
+ - onlyif: /usr/sbin/nginx -t
+{% endif %}
diff --git a/nginx/snippets.sls b/nginx/snippets.sls
index 31a0a15..3bd7834 100644
--- a/nginx/snippets.sls
+++ b/nginx/snippets.sls
@@ -8,8 +8,8 @@
{#- _nginx is a lightened copy of nginx map intended to passed in templates #}
{%- set _nginx = nginx.copy() %}
-{%- do _nginx.pop('snippets') %}
-{%- do _nginx.pop('servers') %}
+{%- do _nginx.pop('snippets') if nginx.snippets is defined %}
+{%- do _nginx.pop('servers') if nginx.servers is defined %}
nginx_snippets_dir:
file.directory:
@@ -28,4 +28,11 @@ nginx_snippet_{{ snippet }}:
- context:
config: {{ config|json() }}
nginx: {{ _nginx|json() }}
+ - require:
+ - file: nginx_snippets_dir
+ - require_in:
+ - file: nginx_config
+ - sls: nginx.servers
+ - sls: nginx.servers_config
+ - service: nginx_service
{% endfor %}
diff --git a/nginx/streams.sls b/nginx/streams.sls
new file mode 100644
index 0000000..3bf4d99
--- /dev/null
+++ b/nginx/streams.sls
@@ -0,0 +1,33 @@
+# nginx.streams
+#
+# Manages creation of streams
+
+{%- set tplroot = tpldir.split('/')[0] %}
+{%- from tplroot ~ '/map.jinja' import nginx, sls_block with context %}
+{%- from tplroot ~ '/libtofs.jinja' import files_switch with context %}
+
+{#- _nginx is a lightened copy of nginx map intended to passed in templates #}
+{%- set _nginx = nginx.copy() %}
+
+{%- do _nginx.pop('streams') if nginx.snippets is defined %}
+{%- do _nginx.pop('servers') if nginx.servers is defined %}
+
+
+nginx_streams_dir:
+ file.directory:
+ {{ sls_block(nginx.servers.dir_opts) }}
+ - name: {{ nginx.lookup.streams_dir }}
+
+{% for stream, config in nginx.streams.items() %}
+nginx_streams_{{ stream }}:
+ file.managed:
+ - name: {{ nginx.lookup.streams_dir ~ '/' ~ stream }}
+ - source: {{ files_switch([ stream, 'server.conf' ],
+ 'nginx_stream_file_managed'
+ )
+ }}
+ - template: jinja
+ - context:
+ config: {{ config|json() }}
+ nginx: {{ _nginx|json() }}
+{% endfor %}
diff --git a/pillar.example b/pillar.example
index 3654979..24d91a6 100644
--- a/pillar.example
+++ b/pillar.example
@@ -28,6 +28,17 @@ nginx:
source_version: '1.10.0'
source_hash: ''
+ # Check the configuration before applying:
+ # To prevent applying a configuration that might break nginx, set this
+ # parameter to true so the configuration is checked BEFORE applying. If
+ # the check fails, the state will fail and it won't be deployed.
+ # CAVEAT: As the configuration file is created in a temp dir, it can't
+ # have relative references or it will fail to check. You'll need to
+ # specify full paths where required (ie, `include`, `load_module`,
+ # `snippets`, etc.0
+ # Defaults to false
+ check_config_before_apply: false
+
# These are usually set by grains in map.jinja
# Typically you can comment these out.
lookup:
@@ -94,7 +105,16 @@ nginx:
- upstream netdata:
- server: 127.0.0.1:19999
- keepalive: 64
-
+
+ streams:
+ example_stream:
+ - upstream some_upstream:
+ - server: '10.0.0.1:8000'
+ - server: '10.0.0.2:8000'
+ - server:
+ - listen: 7000
+ - proxy_pass: some_upstream
+
server:
# this partially exposes file.managed parameters as they relate to the main
# nginx.conf file
@@ -191,6 +211,18 @@ nginx:
# and None indicates no action
enabled: true
+ # This let's you add dependencies on other resources being applied for a
+ # particular vhost
+ # A common case is when you use this formula together with letsencrypt's,
+ # validating through nginx: you need nginx running (to validate the vhost) but
+ # can't have the ssl vhost up until the certificate is created (because it
+ # won't exist and will make nginx fail to load the configuration)
+ #
+ # An example, when using LE to create the cert for 'some.host.domain':
+ # requires:
+ # cmd: create-initial-cert-some.host.domain
+ requires: {}
+
# Remove the site config file shipped by nginx
# (i.e. '/etc/nginx/sites-available/default' by default)
# It also remove the symlink (if it is exists).
diff --git a/pre-commit_semantic-release.sh b/pre-commit_semantic-release.sh
index 458b7b6..80f46e2 100755
--- a/pre-commit_semantic-release.sh
+++ b/pre-commit_semantic-release.sh
@@ -7,16 +7,16 @@ sed -i -e "s_^\(version:\).*_\1 ${1}_" FORMULA
###############################################################################
-# (B) Use `m2r` to convert automatically produced `.md` docs to `.rst`
+# (B) Use `m2r2` to convert automatically produced `.md` docs to `.rst`
###############################################################################
-# Install `m2r`
-pip3 install m2r
+# Install `m2r2`
+pip3 install m2r2
# Copy and then convert the `.md` docs
cp ./*.md docs/
cd docs/ || exit
-m2r --overwrite ./*.md
+m2r2 --overwrite ./*.md
# Change excess `H1` headings to `H2` in converted `CHANGELOG.rst`
sed -i -e '/^=.*$/s/=/-/g' CHANGELOG.rst
diff --git a/test/integration/default/controls/config.rb b/test/integration/default/controls/config.rb
index fb7d69c..c2845eb 100644
--- a/test/integration/default/controls/config.rb
+++ b/test/integration/default/controls/config.rb
@@ -1,37 +1,52 @@
+# frozen_string_literal: true
+
# Set defaults, use debian as base
-server_available = '/etc/nginx/sites-available'
-server_enabled = '/etc/nginx/sites-enabled'
+# Override by platform family
+server_available, server_enabled =
+ case platform[:family]
+ when 'redhat', 'fedora'
+ %w[/etc/nginx/conf.d /etc/nginx/conf.d]
+ when 'suse'
+ %w[/etc/nginx/vhosts.d /etc/nginx/vhosts.d]
+ when 'bsd'
+ %w[/usr/local/etc/nginx/sites-available /usr/local/etc/nginx/sites-enabled]
+ else
+ %w[/etc/nginx/sites-available /etc/nginx/sites-enabled]
+ end
-# Override by OS
-case os[:name]
-when 'redhat', 'centos', 'fedora'
- server_available = '/etc/nginx/conf.d'
- server_enabled = '/etc/nginx/conf.d'
-when 'opensuse'
- server_available = '/etc/nginx/vhosts.d'
- server_enabled = '/etc/nginx/vhosts.d'
-end
+nginx_conf, snippets_letsencrypt_conf, file_owner, file_group =
+ case platform[:family]
+ when 'bsd'
+ %w[/usr/local/etc/nginx/nginx.conf /usr/local/etc/nginx/snippets/letsencrypt.conf
+ root wheel]
+ else
+ %w[/etc/nginx/nginx.conf /etc/nginx/snippets/letsencrypt.conf root root]
+ end
control 'Nginx configuration' do
title 'should match desired lines'
# main configuration
- describe file('/etc/nginx/nginx.conf') do
+ describe file(nginx_conf) do
it { should be_file }
- it { should be_owned_by 'root' }
- it { should be_grouped_into 'root' }
+ it { should be_owned_by file_owner }
+ it { should be_grouped_into file_group }
its('mode') { should cmp '0644' }
- its('content') { should include %Q[ log_format main '$remote_addr - $remote_user [$time_local] $status '
+ its('content') do
+ # rubocop:disable Metrics/LineLength
+ should include %( log_format main '$remote_addr - $remote_user [$time_local] $status '
'"$request" $body_bytes_sent "$http_referer" '
- '"$http_user_agent" "$http_x_forwarded_for"';] }
+ '"$http_user_agent" "$http_x_forwarded_for"';)
+ # rubocop:enable Metrics/LineLength
+ end
end
# snippets configuration
- describe file('/etc/nginx/snippets/letsencrypt.conf') do
+ describe file(snippets_letsencrypt_conf) do
it { should be_file }
- it { should be_owned_by 'root' }
- it { should be_grouped_into 'root' }
+ it { should be_owned_by file_owner }
+ it { should be_grouped_into file_group }
its('mode') { should cmp '0644' }
its('content') { should include 'location ^~ /.well-known/acme-challenge/ {' }
its('content') { should include 'proxy_pass http://localhost:9999;' }
@@ -40,15 +55,14 @@ control 'Nginx configuration' do
# sites configuration
[server_available, server_enabled].each do |dir|
-
- describe file ("#{dir}/default") do
- it { should_not exist }
+ describe file "#{dir}/default" do
+ it { should_not exist }
end
- describe file ("#{dir}/mysite") do
+ describe file "#{dir}/mysite" do
it { should be_file }
- it { should be_owned_by 'root' }
- it { should be_grouped_into 'root' }
+ it { should be_owned_by file_owner }
+ it { should be_grouped_into file_group }
its('mode') { should cmp '0644' }
its('content') { should include 'server_name localhost;' }
its('content') { should include 'listen 80 default_server;' }
@@ -57,6 +71,16 @@ control 'Nginx configuration' do
its('content') { should include 'try_files $uri $uri/ =404;' }
its('content') { should include 'include snippets/letsencrypt.conf;' }
end
-
+ describe file "#{dir}/mysite_with_require" do
+ it { should be_file }
+ it { should be_owned_by file_owner }
+ it { should be_grouped_into file_group }
+ its('mode') { should cmp '0644' }
+ its('content') { should include 'server_name with-deps;' }
+ its('content') { should include 'listen 80;' }
+ its('content') { should include 'index index.html index.htm;' }
+ its('content') { should include 'location ~ .htm {' }
+ its('content') { should include 'try_files $uri $uri/ =404;' }
+ end
end
end
diff --git a/test/integration/default/controls/file.rb b/test/integration/default/controls/file.rb
new file mode 100644
index 0000000..57151af
--- /dev/null
+++ b/test/integration/default/controls/file.rb
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+control 'Dependency test file' do
+ title 'should exist'
+
+ describe file('/tmp/created_to_test_dependencies') do
+ it { should be_file }
+ end
+end
diff --git a/test/integration/default/controls/install.rb b/test/integration/default/controls/install.rb
index 49aea2e..5aa8d0e 100644
--- a/test/integration/default/controls/install.rb
+++ b/test/integration/default/controls/install.rb
@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
control 'Nginx package' do
title 'should be installed'
diff --git a/test/integration/default/controls/service.rb b/test/integration/default/controls/service.rb
index 5dad48c..605e936 100644
--- a/test/integration/default/controls/service.rb
+++ b/test/integration/default/controls/service.rb
@@ -1,7 +1,10 @@
+# frozen_string_literal: true
+
control 'Nginx service' do
title 'should be running and enabled'
describe service('nginx') do
+ it { should be_installed }
it { should be_enabled }
it { should be_running }
end
diff --git a/test/integration/default/inspec.yml b/test/integration/default/inspec.yml
index bd6a065..987eb15 100644
--- a/test/integration/default/inspec.yml
+++ b/test/integration/default/inspec.yml
@@ -6,6 +6,9 @@ title: nginx formula
maintainer: SaltStack Formulas
license: Apache-2.0
summary: Verify that the nginx formula is setup and configured correctly
+depends:
+ - name: share
+ path: test/integration/share
supports:
- platform-name: debian
- platform-name: ubuntu
@@ -14,5 +17,11 @@ supports:
- platform-name: opensuse
- platform-name: suse
- platform-name: freebsd
+ - platform-name: openbsd
- platform-name: amazon
+ - platform-name: oracle
- platform-name: arch
+ - platform-name: gentoo
+ - platform-name: almalinux
+ - platform-name: rocky
+ - platform: windows
diff --git a/test/integration/passenger/README.md b/test/integration/passenger/README.md
new file mode 100644
index 0000000..66fa3cd
--- /dev/null
+++ b/test/integration/passenger/README.md
@@ -0,0 +1,50 @@
+# InSpec Profile: `passenger`
+
+This shows the implementation of the `passenger` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md).
+
+## Verify a profile
+
+InSpec ships with built-in features to verify a profile structure.
+
+```bash
+$ inspec check passenger
+Summary
+-------
+Location: passenger
+Profile: profile
+Controls: 4
+Timestamp: 2019-06-24T23:09:01+00:00
+Valid: true
+
+Errors
+------
+
+Warnings
+--------
+```
+
+## Execute a profile
+
+To run all **supported** controls on a local machine use `inspec exec /path/to/profile`.
+
+```bash
+$ inspec exec passenger
+..
+
+Finished in 0.0025 seconds (files took 0.12449 seconds to load)
+8 examples, 0 failures
+```
+
+## Execute a specific control from a profile
+
+To run one control from the profile use `inspec exec /path/to/profile --controls name`.
+
+```bash
+$ inspec exec passenger --controls package
+.
+
+Finished in 0.0025 seconds (files took 0.12449 seconds to load)
+1 examples, 0 failures
+```
+
+See an [example control here](https://github.com/inspec/inspec/blob/master/examples/profile/controls/example.rb).
diff --git a/test/integration/passenger/controls/config.rb b/test/integration/passenger/controls/config.rb
new file mode 100644
index 0000000..177a8dc
--- /dev/null
+++ b/test/integration/passenger/controls/config.rb
@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+# Set defaults, use debian as base
+
+# Override by OS Family
+case platform[:family]
+when 'redhat', 'centos', 'fedora'
+ server_available = '/etc/nginx/conf.d'
+ server_enabled = '/etc/nginx/conf.d'
+ passenger_mod = '/usr/lib64/nginx/modules/ngx_http_passenger_module.so'
+ passenger_root = '/usr/share/ruby/vendor_ruby/phusion_passenger/locations.ini'
+ passenger_config_file = '/etc/nginx/conf.d/passenger.conf'
+ should_not_exist_file = '/etc/nginx/conf.d/mod-http-passenger.conf'
+when 'debian', 'ubuntu'
+ server_available = '/etc/nginx/sites-available'
+ server_enabled = '/etc/nginx/sites-enabled'
+ passenger_mod = '/usr/lib/nginx/modules/ngx_http_passenger_module.so'
+ passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini'
+ passenger_config_file = '/etc/nginx/conf.d/mod-http-passenger.conf'
+ should_not_exist_file = '/etc/nginx/conf.d/passenger.conf'
+end
+
+control 'Passenger configuration' do
+ title 'should match desired lines'
+
+ # main configuration
+ describe file('/etc/nginx/nginx.conf') do
+ its('content') { should include "load_module #{passenger_mod}" }
+ end
+
+ describe file(passenger_config_file) do
+ it { should be_file }
+ it { should be_owned_by 'root' }
+ it { should be_grouped_into 'root' }
+ its('mode') { should cmp '0644' }
+ its('content') { should include "passenger_root #{passenger_root};" }
+ its('content') { should include 'passenger_ruby /usr/bin/ruby;' }
+ end
+
+ describe file(should_not_exist_file) do
+ it { should_not exist }
+ end
+
+ # sites configuration
+ [server_available, server_enabled].each do |dir|
+ describe file "#{dir}/default" do
+ it { should_not exist }
+ end
+
+ describe file "#{dir}/mysite" do
+ it { should be_file }
+ it { should be_owned_by 'root' }
+ it { should be_grouped_into 'root' }
+ its('mode') { should cmp '0644' }
+ its('content') { should include 'passenger_enabled on;' }
+ end
+ end
+end
diff --git a/test/integration/passenger/controls/install.rb b/test/integration/passenger/controls/install.rb
new file mode 100644
index 0000000..bbba8cb
--- /dev/null
+++ b/test/integration/passenger/controls/install.rb
@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+control 'Nginx package' do
+ title 'should be installed'
+
+ describe package('nginx') do
+ it { should be_installed }
+ end
+end
+
+control 'Passenger packages' do
+ title 'should be installed'
+
+ # Override by OS Family
+ passenger_mod_pkg = case platform[:family]
+ when 'redhat', 'centos', 'fedora'
+ 'nginx-mod-http-passenger'
+ when 'debian', 'ubuntu'
+ 'libnginx-mod-http-passenger'
+ end
+
+ describe package('passenger') do
+ it { should be_installed }
+ end
+ describe package(passenger_mod_pkg) do
+ it { should be_installed }
+ end
+end
diff --git a/test/integration/passenger/controls/repository.rb b/test/integration/passenger/controls/repository.rb
new file mode 100644
index 0000000..4b92764
--- /dev/null
+++ b/test/integration/passenger/controls/repository.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+case platform.family
+when 'redhat'
+ repo_file = '/etc/yum.repos.d/passenger.repo'
+ repo_url = 'https://oss-binaries.phusionpassenger.com/yum/passenger/el/$releasever/$basearch'
+when 'debian'
+ codename = system.platform[:codename]
+ repo_keyring = '/usr/share/keyrings/phusionpassenger-archive-keyring.gpg'
+ repo_file = "/etc/apt/sources.list.d/phusionpassenger-official-#{codename}.list"
+ # rubocop:disable Layout/LineLength
+ repo_url = "deb [signed-by=#{repo_keyring}] https://oss-binaries.phusionpassenger.com/apt/passenger #{codename} main"
+ # rubocop:enable Layout/LineLength
+end
+
+control 'Phusion-passenger repository keyring' do
+ title 'should be installed'
+
+ only_if('Requirement for Debian family') do
+ os.debian?
+ end
+
+ describe file(repo_keyring) do
+ it { should exist }
+ it { should be_owned_by 'root' }
+ it { should be_grouped_into 'root' }
+ its('mode') { should cmp '0644' }
+ end
+end
+
+control 'Phusion-passenger repository' do
+ impact 1
+ title 'should be configured'
+ describe file(repo_file) do
+ its('content') { should include repo_url }
+ end
+end
diff --git a/test/integration/passenger/controls/service.rb b/test/integration/passenger/controls/service.rb
new file mode 100644
index 0000000..b4af800
--- /dev/null
+++ b/test/integration/passenger/controls/service.rb
@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+control 'Nginx service' do
+ title 'should be running and enabled'
+
+ describe service('nginx') do
+ it { should be_enabled }
+ it { should be_running }
+ end
+end
+
+control 'Passenger module' do
+ title 'should be running and enabled'
+
+ describe 'Passenger engine' do
+ it 'passenger-config should say configuration "looks good"' do
+ expect(command(
+ '/usr/bin/passenger-config validate-install --auto'
+ ).stdout).to match(/looks good/)
+ end
+
+ it 'passenger-memory-stats should return Passenger stats' do
+ expect(command('/usr/sbin/passenger-memory-stats').stdout).to match(
+ %r{nginx: master process /usr/sbin/nginx.*Passenger watchdog.*Passenger core.*}m
+ )
+ end
+ end
+end
diff --git a/test/integration/passenger/inspec.yml b/test/integration/passenger/inspec.yml
new file mode 100644
index 0000000..19741ce
--- /dev/null
+++ b/test/integration/passenger/inspec.yml
@@ -0,0 +1,27 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+name: passenger
+title: nginx formula
+maintainer: SaltStack Formulas
+license: Apache-2.0
+summary: Verify that the nginx formula is setup and configured correctly
+depends:
+ - name: share
+ path: test/integration/share
+supports:
+ - platform-name: debian
+ - platform-name: ubuntu
+ - platform-name: centos
+ - platform-name: fedora
+ - platform-name: opensuse
+ - platform-name: suse
+ - platform-name: freebsd
+ - platform-name: openbsd
+ - platform-name: amazon
+ - platform-name: oracle
+ - platform-name: arch
+ - platform-name: gentoo
+ - platform-name: almalinux
+ - platform-name: rocky
+ - platform: windows
diff --git a/test/integration/share/README.md b/test/integration/share/README.md
new file mode 100644
index 0000000..5c5785b
--- /dev/null
+++ b/test/integration/share/README.md
@@ -0,0 +1,22 @@
+# InSpec Profile: `share`
+
+This shows the implementation of the `share` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md).
+
+Its goal is to share the libraries between all profiles.
+
+## Libraries
+
+### `system`
+
+The `system` library provides easy access to system dependent information:
+
+- `system.platform`: based on `inspec.platform`, modify to values that are more consistent from a SaltStack perspective
+ - `system.platform[:family]` provide a family name for Arch and Gentoo
+ - `system.platform[:name]` append `linux` to both `amazon` and `oracle`; ensure Windows platforms are resolved as simply `windows`
+ - `system.platform[:release]` tweak Arch, Amazon Linux, Gentoo, openSUSE and Windows:
+ - `Arch` is always `base-latest`
+ - `Amazon Linux` release `2018` is resolved as `1`
+ - `Gentoo` release is trimmed to its major version number and then the init system is appended (i.e. `sysv` or `sysd`)
+ - `openSUSE` is resolved as `tumbleweed` if the `platform[:release]` is in date format
+ - `Windows` uses the widely-used release number (e.g. `8.1` or `2019-server`) in place of the actual system release version
+ - `system.platform[:finger]` is the concatenation of the name and the major release number (except for Ubuntu, which gives `ubuntu-20.04` for example)
diff --git a/test/integration/share/inspec.yml b/test/integration/share/inspec.yml
new file mode 100644
index 0000000..ee20080
--- /dev/null
+++ b/test/integration/share/inspec.yml
@@ -0,0 +1,24 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+name: share
+title: InSpec shared resources
+maintainer: SaltStack Formulas
+license: Apache-2.0
+summary: shared resources
+supports:
+ - platform-name: debian
+ - platform-name: ubuntu
+ - platform-name: centos
+ - platform-name: fedora
+ - platform-name: opensuse
+ - platform-name: suse
+ - platform-name: freebsd
+ - platform-name: openbsd
+ - platform-name: amazon
+ - platform-name: oracle
+ - platform-name: arch
+ - platform-name: gentoo
+ - platform-name: almalinux
+ - platform-name: rocky
+ - platform: windows
diff --git a/test/integration/share/libraries/system.rb b/test/integration/share/libraries/system.rb
new file mode 100644
index 0000000..64fe7ea
--- /dev/null
+++ b/test/integration/share/libraries/system.rb
@@ -0,0 +1,134 @@
+# frozen_string_literal: true
+
+# system.rb -- InSpec resources for system values
+# Author: Daniel Dehennin
+# Copyright (C) 2020 Daniel Dehennin
+
+# rubocop:disable Metrics/ClassLength
+class SystemResource < Inspec.resource(1)
+ name 'system'
+
+ attr_reader :platform
+
+ def initialize
+ super
+ @platform = build_platform
+ end
+
+ private
+
+ def build_platform
+ {
+ family: build_platform_family,
+ name: build_platform_name,
+ release: build_platform_release,
+ finger: build_platform_finger,
+ codename: build_platform_codename
+ }
+ end
+
+ def build_platform_family
+ case inspec.platform[:name]
+ when 'arch', 'gentoo'
+ inspec.platform[:name]
+ else
+ inspec.platform[:family]
+ end
+ end
+
+ def build_platform_name
+ case inspec.platform[:name]
+ when 'amazon', 'oracle', 'rocky'
+ "#{inspec.platform[:name]}linux"
+ when /^windows_/
+ inspec.platform[:family]
+ else
+ inspec.platform[:name]
+ end
+ end
+
+ # rubocop:disable Metrics/MethodLength,Metrics/AbcSize,Metrics/CyclomaticComplexity
+ def build_platform_release
+ case inspec.platform[:name]
+ when 'amazon'
+ # `2018` relase is named `1` in `kitchen.yml`
+ inspec.platform[:release].gsub(/2018.*/, '1')
+ when 'arch'
+ 'base-latest'
+ when 'gentoo'
+ "#{inspec.platform[:release].split('.')[0]}-#{derive_gentoo_init_system}"
+ when 'opensuse'
+ # rubocop:disable Style/NumericLiterals,Layout/LineLength
+ inspec.platform[:release].to_i > 20210101 ? 'tumbleweed' : inspec.platform[:release]
+ # rubocop:enable Style/NumericLiterals,Layout/LineLength
+ when 'windows_8.1_pro'
+ '8.1'
+ when 'windows_server_2022_datacenter'
+ '2022-server'
+ when 'windows_server_2019_datacenter'
+ '2019-server'
+ when 'windows_server_2016_datacenter'
+ '2016-server'
+ else
+ inspec.platform[:release]
+ end
+ end
+ # rubocop:enable Metrics/MethodLength,Metrics/AbcSize,Metrics/CyclomaticComplexity
+
+ def derive_gentoo_init_system
+ inspec.command('systemctl').exist? ? 'sysd' : 'sysv'
+ end
+
+ def build_platform_finger
+ "#{build_platform_name}-#{build_finger_release}"
+ end
+
+ def build_finger_release
+ case inspec.platform[:name]
+ when 'ubuntu'
+ build_platform_release.split('.').slice(0, 2).join('.')
+ else
+ build_platform_release.split('.')[0]
+ end
+ end
+
+ # rubocop:disable Metrics/MethodLength,Metrics/CyclomaticComplexity
+ def build_platform_codename
+ case build_platform_finger
+ when 'ubuntu-20.04'
+ 'focal'
+ when 'ubuntu-18.04'
+ 'bionic'
+ when 'debian-11'
+ 'bullseye'
+ when 'debian-10'
+ 'buster'
+ when 'debian-9'
+ 'stretch'
+ when 'almalinux-8'
+ "AlmaLinux #{build_platform_release} (Arctic Sphynx)"
+ when 'amazonlinux-2'
+ 'Amazon Linux 2'
+ when 'arch-base-latest'
+ 'Arch Linux'
+ when 'centos-7'
+ 'CentOS Linux 7 (Core)'
+ when 'centos-8'
+ 'CentOS Stream 8'
+ when 'opensuse-tumbleweed'
+ 'openSUSE Tumbleweed'
+ when 'opensuse-15'
+ "openSUSE Leap #{build_platform_release}"
+ when 'oraclelinux-8', 'oraclelinux-7'
+ "Oracle Linux Server #{build_platform_release}"
+ when 'gentoo-2-sysd', 'gentoo-2-sysv'
+ 'Gentoo/Linux'
+ when 'rockylinux-8'
+ "Rocky Linux #{build_platform_release} (Green Obsidian)"
+ else
+ ''
+ end
+ end
+ # rubocop:enable Metrics/MethodLength,Metrics/CyclomaticComplexity
+end
+# rubocop:enable Metrics/ClassLength
diff --git a/test/salt/default/pillar/nginx.sls b/test/salt/default/pillar/nginx.sls
index ef6ccfa..84afe98 100644
--- a/test/salt/default/pillar/nginx.sls
+++ b/test/salt/default/pillar/nginx.sls
@@ -37,6 +37,19 @@ nginx:
- location ~ .htm:
- try_files: '$uri $uri/ =404'
- include: 'snippets/letsencrypt.conf'
+ mysite_with_require:
+ enabled: true
+ config:
+ - server:
+ - server_name: with-deps
+ - listen:
+ - '80'
+ - index: 'index.html index.htm'
+ - location ~ .htm:
+ - try_files: '$uri $uri/ =404'
+ requires:
+ file: created_to_test_dependencies
+
dh_param:
'mydhparam2.pem':
keysize: 2048
diff --git a/test/salt/default/states/test_dep/create_dependency_file.sls b/test/salt/default/states/test_dep/create_dependency_file.sls
new file mode 100644
index 0000000..e242927
--- /dev/null
+++ b/test/salt/default/states/test_dep/create_dependency_file.sls
@@ -0,0 +1,6 @@
+## this state creates a file that is used to test vhosts dependencies
+# (see https://github.com/saltstack-formulas/nginx-formula/pull/278)
+
+created_to_test_dependencies:
+ file.managed:
+ - name: /tmp/created_to_test_dependencies
diff --git a/test/salt/passenger/pillar/nginx.sls b/test/salt/passenger/pillar/nginx.sls
new file mode 100644
index 0000000..c8d90d4
--- /dev/null
+++ b/test/salt/passenger/pillar/nginx.sls
@@ -0,0 +1,60 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+# Simple pillar setup
+# - remove 'default' site
+# - create 'mysite' site
+
+{%- if grains.os_family in ('RedHat',) %}
+ {%- set passenger_pkg = 'nginx-mod-http-passenger' %}
+ {%- set passenger_mod = '/usr/lib64/nginx/modules/ngx_http_passenger_module.so' %}
+{%- else %}
+ {%- set passenger_pkg = 'libnginx-mod-http-passenger' %}
+ {%- set passenger_mod = '/usr/lib/nginx/modules/ngx_http_passenger_module.so' %}
+{%- endif %}
+
+nginx:
+ check_config_before_apply: true
+
+ install_from_phusionpassenger: true
+ lookup:
+ passenger_package: {{ passenger_pkg }}
+
+ server:
+ config:
+ # This is required to get the passenger module loaded
+ # In Debian it can be done with this
+ # include: 'modules-enabled/*.conf'
+ load_module: {{ passenger_mod }}
+
+ worker_processes: 4
+ http:
+ ### module ngx_http_log_module example
+ log_format: |-
+ main '$remote_addr - $remote_user [$time_local] $status '
+ '"$request" $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"'
+ include:
+ - /etc/nginx/mime.types
+ - /etc/nginx/conf.d/*.conf
+ - /etc/nginx/sites-enabled/*
+
+ servers:
+ managed:
+ default:
+ deleted: true
+ enabled: false
+ config: {}
+
+ mysite:
+ enabled: true
+ config:
+ - server:
+ - passenger_enabled: 'on'
+
+ - server_name: localhost
+ - listen:
+ - '80 default_server'
+ - index: 'index.html index.htm'
+ - location ~ .htm:
+ - try_files: '$uri $uri/ =404'