Merge pull request #22 from dev-sec/1.1.0

1.1.0, add changelog, update gems

.rubocop.yml

@@ -1,32 +1,32 @@
 ---
 AllCops:
+  DisplayCopNames: true
   Exclude:
   - vendor/**/*
   - test/**/*
-  - metadata.rb
-  - Berksfile
-Documentation:
-  Enabled: false
-AlignParameters:
-  Enabled: true
-Encoding:
-  Enabled: true
-HashSyntax:
-  Enabled: true
-LineLength:
-  Enabled: false
-EmptyLinesAroundBlockBody:
-  Enabled: false
-MethodLength:
-  Max: 40
-NumericLiterals:
-  MinDigits: 10
+Metrics/AbcSize:
+  Max: 29
 Metrics/CyclomaticComplexity:
   Max: 10
+Metrics/LineLength:
+  Enabled: false
+Metrics/MethodLength:
+  Max: 40
 Metrics/PerceivedComplexity:
   Max: 10
-Metrics/AbcSize:
-  Max: 29
+Style/Documentation:
+  Enabled: false
 Style/DotPosition:
   EnforcedStyle: trailing
   Enabled: true
+Style/Encoding:
+  EnforcedStyle: always
+  Enabled: true
+Style/ExtraSpacing:
+  Exclude:
+    - attributes/default.rb
+Style/RegexpLiteral:
+  AllowInnerSlashes: true
+Style/SpaceAroundOperators:
+  Exclude:
+    - attributes/default.rb

.travis.yml

@@ -1,9 +1,7 @@
 ---
 rvm:
-- 2.0.0
-- 2.1.3
+- 2.3.3
 gemfile:
 - Gemfile
-- gemfile.chef-11
 language: ruby
 bundler_args: "--without development integration openstack"

CHANGELOG.md

@@ -1,8 +1,39 @@
-# Changelog
+# Change Log
 
-## 1.0.0
+## [v1.1.0](https://github.com/dev-sec/chef-postgres-hardening/tree/v1.1.0) (2017-01-03)
+[Full Changelog](https://github.com/dev-sec/chef-postgres-hardening/compare/v1.0.0...v1.1.0)
 
-* feature: work in conjunction with postgresql cookbook
-* feature: add hardening configuration in default['postgresql']['config']
-* feature: test against serverspec
-* feature: implement as overlay module
+**Closed issues:**
+
+- Remove default self-generated ssl certificates [\#3](https://github.com/dev-sec/chef-postgres-hardening/issues/3)
+
+**Merged pull requests:**
+
+- upgrade to Berkshelf 4 [\#21](https://github.com/dev-sec/chef-postgres-hardening/pull/21) ([chris-rock](https://github.com/chris-rock))
+- update common kitchen.yml platforms [\#20](https://github.com/dev-sec/chef-postgres-hardening/pull/20) ([chris-rock](https://github.com/chris-rock))
+- add copyright header [\#19](https://github.com/dev-sec/chef-postgres-hardening/pull/19) ([chris-rock](https://github.com/chris-rock))
+- update common Gemfile for chef11+12 [\#18](https://github.com/dev-sec/chef-postgres-hardening/pull/18) ([arlimus](https://github.com/arlimus))
+- common files: centos7 + rubocop [\#17](https://github.com/dev-sec/chef-postgres-hardening/pull/17) ([arlimus](https://github.com/arlimus))
+- update travis tests for chef 11 and chef 12 [\#16](https://github.com/dev-sec/chef-postgres-hardening/pull/16) ([chris-rock](https://github.com/chris-rock))
+- update common kitchen.yml platforms [\#15](https://github.com/dev-sec/chef-postgres-hardening/pull/15) ([arlimus](https://github.com/arlimus))
+- update common readme badges, kitchen.yml platforms [\#14](https://github.com/dev-sec/chef-postgres-hardening/pull/14) ([arlimus](https://github.com/arlimus))
+- Fix Tests [\#13](https://github.com/dev-sec/chef-postgres-hardening/pull/13) ([chris-rock](https://github.com/chris-rock))
+- updating common files [\#12](https://github.com/dev-sec/chef-postgres-hardening/pull/12) ([arlimus](https://github.com/arlimus))
+- add badges to readme [\#11](https://github.com/dev-sec/chef-postgres-hardening/pull/11) ([chris-rock](https://github.com/chris-rock))
+- add chefspec first pass, 100% coverage [\#10](https://github.com/dev-sec/chef-postgres-hardening/pull/10) ([ehaselwanter](https://github.com/ehaselwanter))
+- updating common files [\#9](https://github.com/dev-sec/chef-postgres-hardening/pull/9) ([arlimus](https://github.com/arlimus))
+- updating common files [\#8](https://github.com/dev-sec/chef-postgres-hardening/pull/8) ([arlimus](https://github.com/arlimus))
+- improvement: switch to site location in berkshelf [\#7](https://github.com/dev-sec/chef-postgres-hardening/pull/7) ([chris-rock](https://github.com/chris-rock))
+
+## [v1.0.0](https://github.com/dev-sec/chef-postgres-hardening/tree/v1.0.0) (2014-09-02)
+**Merged pull requests:**
+
+- Overlay [\#6](https://github.com/dev-sec/chef-postgres-hardening/pull/6) ([chris-rock](https://github.com/chris-rock))
+- Lint [\#5](https://github.com/dev-sec/chef-postgres-hardening/pull/5) ([chris-rock](https://github.com/chris-rock))
+- add reame info for ssl and attributes, default ssl to false/off, remove snake-oil cert links [\#4](https://github.com/dev-sec/chef-postgres-hardening/pull/4) ([ehaselwanter](https://github.com/ehaselwanter))
+- add all boxes. remove all config for redhat derivates \(missing cert\) for now. [\#2](https://github.com/dev-sec/chef-postgres-hardening/pull/2) ([ehaselwanter](https://github.com/ehaselwanter))
+- add hardening requirements [\#1](https://github.com/dev-sec/chef-postgres-hardening/pull/1) ([ehaselwanter](https://github.com/ehaselwanter))
+
+
+
+\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*

Gemfile

@@ -2,32 +2,42 @@
 
 source 'https://rubygems.org'
 
-gem 'berkshelf',  '~> 4.0'
-gem 'chef',       '>= 12.0'
+gem 'berkshelf', '~> 5.3'
+gem 'chef', '~> 12.5'
+
+# pin dependency for Ruby 1.9.3 since bundler is not
+# detecting that net-ssh 3 does not work with 1.9.3
+if Gem::Version.new(RUBY_VERSION) <= Gem::Version.new('1.9.3')
+  gem 'net-ssh', '~> 2.9'
+end
 
 group :test do
-  gem 'rake'
-  gem 'chefspec',   '~> 4.2.0'
-  gem 'foodcritic', '~> 4.0'
-  gem 'thor-foodcritic'
-  gem 'rubocop',    '~> 0.28.0'
+  gem 'bundler', '~> 1.5'
+  gem 'chefspec',   '~> 5.3.0'
   gem 'coveralls',  require: false
+  gem 'foodcritic', '~> 6.0'
+  gem 'minitest', '~> 5.5'
+  gem 'rake'
+  gem 'rubocop', '~> 0.46.0'
+  gem 'simplecov', '~> 0.10'
 end
 
 group :development do
   gem 'guard'
-  gem 'guard-rspec'
+  gem 'guard-foodcritic'
   gem 'guard-kitchen'
+  gem 'guard-rspec'
   gem 'guard-rubocop'
-  gem 'guard-foodcritic'
 end
 
 group :integration do
-  gem 'test-kitchen', '~> 1.0'
+  gem 'concurrent-ruby', '~> 0.9'
+  gem 'kitchen-dokken'
+  gem 'kitchen-inspec', '~> 0.9'
   gem 'kitchen-vagrant'
-  gem 'kitchen-sharedtests', '~> 0.2.0'
+  gem 'test-kitchen', '~> 1.0'
 end
 
-group :openstack do
-  gem 'kitchen-openstack'
+group :tools do
+  gem 'github_changelog_generator', '~> 1.12.0'
 end

Guardfile

@@ -1,7 +1,5 @@
 # encoding: utf-8
 
-# Guardfile
-
 guard :rubocop do
   watch(/.+\.rb$/)
   watch(/(?:.+\/)?\.rubocop\.yml$/) { |m| File.dirname(m[0]) }
@@ -17,8 +15,8 @@ end
 
 guard :rspec do
   watch(/^spec\/.+_spec\.rb$/)
-  watch(/^(recipes)\/(.+)\.rb$/)     { |m| "spec/#{m[1]}_spec.rb" }
-  watch('spec/spec_helper.rb')  { 'spec' }
+  watch(/^(recipes)\/(.+)\.rb$/) { |m| "spec/#{m[1]}_spec.rb" }
+  watch('spec/spec_helper.rb') { 'spec' }
 end
 
 guard :kitchen, all_on_start: false do

Rakefile

@@ -4,6 +4,7 @@
 require 'foodcritic'
 require 'rspec/core/rake_task'
 require 'rubocop/rake_task'
+require 'chef/cookbook/metadata'
 
 # General tasks
 
@@ -61,3 +62,19 @@ begin
 rescue LoadError
   puts '>>>>> Kitchen gem not loaded, omitting tasks' unless ENV['CI']
 end
+
+# Automatically generate a changelog for this project. Only loaded if
+# the necessary gem is installed.
+begin
+  # read version from metadata
+  metadata = Chef::Cookbook::Metadata.new
+  metadata.instance_eval(File.read('metadata.rb'))
+
+  # build changelog
+  require 'github_changelog_generator/task'
+  GitHubChangelogGenerator::RakeTask.new :changelog do |config|
+    config.future_release = "v#{metadata.version}"
+  end
+rescue LoadError
+  puts '>>>>> GitHub Changelog Generator not loaded, omitting tasks'
+end

metadata.rb

@@ -1,10 +1,11 @@
-name             "postgres-hardening"
-maintainer       "Christoph Hartmann"
-maintainer_email "chris@lollyrock.com"
-license          "Apache v2.0"
-description      "Installs and configures a secure posgres server"
+# encoding: utf-8
+name             'postgres-hardening'
+maintainer       'Christoph Hartmann'
+maintainer_email 'chris@lollyrock.com'
+license          'Apache v2.0'
+description      'Installs and configures a secure posgres server'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          "1.0.0"
+version          '1.1.0'
 
 depends 'postgresql', '>= 3.4.0'
 
@@ -17,3 +18,6 @@
 supports 'fedora'
 supports 'debian'
 supports 'ubuntu'
+
+source_url 'https://github.com/dev-sec/chef-postgres-hardening'
+issues_url 'https://github.com/dev-sec/chef-postgres-hardening/issues'

recipes/hardening.rb

@@ -21,9 +21,7 @@
 # ensure, that you have postgresql::server in your runlist
 case node['platform_family']
 when 'debian'
-
   ['', node['postgresql']['version']].each do |dir|
-
     directory File.join('/var/lib/postgresql/', dir) do
       mode '0700'
     end
@@ -42,5 +40,4 @@
     only_if "ls -l /var/lib/postgresql/#{node['postgresql']['version']}/main/server.key |grep /etc/ssl/private/ssl-cert-snakeoil.key"
     notifies change_notify, 'service[postgresql]'
   end
-
 end

spec/default_spec.rb

@@ -18,7 +18,6 @@
 require 'spec_helper'
 
 describe 'postgres-hardening::default' do
-
   let(:chef_run) do
     ChefSpec::SoloRunner.new do |node|
       node.set['postgresql']['version'] = '9.3'
@@ -35,5 +34,4 @@
   it 'includes postgres-hardening::hardening recipe' do
     expect(chef_run).to include_recipe('postgres-hardening::hardening')
   end
-
 end

spec/hardening_spec.rb

@@ -18,9 +18,7 @@
 require 'spec_helper'
 
 describe 'postgres-hardening::hardening' do
-
   context 'with platform_family debian' do
-
     platforms = [
       { os_name: 'ubuntu', os_version: '12.04', postgres_version: '9.3' },
       { os_name: 'ubuntu', os_version: '14.04', postgres_version: '9.3' },
@@ -29,9 +27,7 @@
     ]
 
     platforms.each do |platform|
-
       context "operating system #{platform[:os_name]} #{platform[:os_version]}" do
-
         let(:chef_run) do
           ChefSpec::ServerRunner.new(
             platform: platform[:os_name], version: platform[:os_version]
@@ -46,7 +42,6 @@
         end
 
         it 'creates necessary directories with correct mode' do
-
           stub_command("ls -l /var/lib/postgresql/#{@postgres_version}/main/server.crt |grep /etc/ssl/certs/ssl-cert-snakeoil.pem").and_return(true)
           stub_command("ls -l /var/lib/postgresql/#{@postgres_version}/main/server.key |grep /etc/ssl/private/ssl-cert-snakeoil.key").and_return(true)
 
@@ -55,33 +50,24 @@
 
           expect(chef_run).to create_directory("/var/lib/postgresql/#{@postgres_version}").
             with(mode: '0700')
-
         end
 
         it 'deletes links if commands return true' do
-
           stub_command("ls -l /var/lib/postgresql/#{@postgres_version}/main/server.crt |grep /etc/ssl/certs/ssl-cert-snakeoil.pem").and_return(true)
           stub_command("ls -l /var/lib/postgresql/#{@postgres_version}/main/server.key |grep /etc/ssl/private/ssl-cert-snakeoil.key").and_return(true)
 
           expect(chef_run).to delete_link("/var/lib/postgresql/#{@postgres_version}/main/server.crt")
           expect(chef_run).to delete_link("/var/lib/postgresql/#{@postgres_version}/main/server.key")
-
         end
 
         it 'does not delete links if commands return false' do
-
           stub_command("ls -l /var/lib/postgresql/#{@postgres_version}/main/server.crt |grep /etc/ssl/certs/ssl-cert-snakeoil.pem").and_return(false)
           stub_command("ls -l /var/lib/postgresql/#{@postgres_version}/main/server.key |grep /etc/ssl/private/ssl-cert-snakeoil.key").and_return(false)
 
           expect(chef_run).to_not delete_link("/var/lib/postgresql/#{@postgres_version}/main/server.crt")
           expect(chef_run).to_not delete_link("/var/lib/postgresql/#{@postgres_version}/main/server.key")
-
         end
-
       end
-
     end
-
   end
-
 end