From 55e57a22e5a8dc024a359d64c03f9393e06b927b Mon Sep 17 00:00:00 2001
From: Christoph Hartmann <chris@lollyrock.com>
Date: Tue, 3 Jan 2017 12:49:06 +0100
Subject: [PATCH 1/3] 1.1.0, add changelog, update gems

---
 .travis.yml     |  1 -
 CHANGELOG.md    | 43 +++++++++++++++++++++++++++++++++++++------
 Gemfile         | 34 ++++++++++++++++++++++------------
 Rakefile        | 17 +++++++++++++++++
 gemfile.chef-11 | 33 ---------------------------------
 metadata.rb     |  2 +-
 6 files changed, 77 insertions(+), 53 deletions(-)
 delete mode 100644 gemfile.chef-11

diff --git a/.travis.yml b/.travis.yml
index 7dbe7d9..f2e2696 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -4,6 +4,5 @@ rvm:
 - 2.1.3
 gemfile:
 - Gemfile
-- gemfile.chef-11
 language: ruby
 bundler_args: "--without development integration openstack"
diff --git a/CHANGELOG.md b/CHANGELOG.md
index e79cb8a..5e2ebad 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,8 +1,39 @@
-# Changelog
+# Change Log
 
-## 1.0.0
+## [v1.1.0](https://github.com/dev-sec/chef-postgres-hardening/tree/v1.1.0) (2017-01-03)
+[Full Changelog](https://github.com/dev-sec/chef-postgres-hardening/compare/v1.0.0...v1.1.0)
 
-* feature: work in conjunction with postgresql cookbook
-* feature: add hardening configuration in default['postgresql']['config']
-* feature: test against serverspec
-* feature: implement as overlay module
\ No newline at end of file
+**Closed issues:**
+
+- Remove default self-generated ssl certificates [\#3](https://github.com/dev-sec/chef-postgres-hardening/issues/3)
+
+**Merged pull requests:**
+
+- upgrade to Berkshelf 4 [\#21](https://github.com/dev-sec/chef-postgres-hardening/pull/21) ([chris-rock](https://github.com/chris-rock))
+- update common kitchen.yml platforms [\#20](https://github.com/dev-sec/chef-postgres-hardening/pull/20) ([chris-rock](https://github.com/chris-rock))
+- add copyright header [\#19](https://github.com/dev-sec/chef-postgres-hardening/pull/19) ([chris-rock](https://github.com/chris-rock))
+- update common Gemfile for chef11+12 [\#18](https://github.com/dev-sec/chef-postgres-hardening/pull/18) ([arlimus](https://github.com/arlimus))
+- common files: centos7 + rubocop [\#17](https://github.com/dev-sec/chef-postgres-hardening/pull/17) ([arlimus](https://github.com/arlimus))
+- update travis tests for chef 11 and chef 12 [\#16](https://github.com/dev-sec/chef-postgres-hardening/pull/16) ([chris-rock](https://github.com/chris-rock))
+- update common kitchen.yml platforms [\#15](https://github.com/dev-sec/chef-postgres-hardening/pull/15) ([arlimus](https://github.com/arlimus))
+- update common readme badges, kitchen.yml platforms [\#14](https://github.com/dev-sec/chef-postgres-hardening/pull/14) ([arlimus](https://github.com/arlimus))
+- Fix Tests [\#13](https://github.com/dev-sec/chef-postgres-hardening/pull/13) ([chris-rock](https://github.com/chris-rock))
+- updating common files [\#12](https://github.com/dev-sec/chef-postgres-hardening/pull/12) ([arlimus](https://github.com/arlimus))
+- add badges to readme [\#11](https://github.com/dev-sec/chef-postgres-hardening/pull/11) ([chris-rock](https://github.com/chris-rock))
+- add chefspec first pass, 100% coverage [\#10](https://github.com/dev-sec/chef-postgres-hardening/pull/10) ([ehaselwanter](https://github.com/ehaselwanter))
+- updating common files [\#9](https://github.com/dev-sec/chef-postgres-hardening/pull/9) ([arlimus](https://github.com/arlimus))
+- updating common files [\#8](https://github.com/dev-sec/chef-postgres-hardening/pull/8) ([arlimus](https://github.com/arlimus))
+- improvement: switch to site location in berkshelf [\#7](https://github.com/dev-sec/chef-postgres-hardening/pull/7) ([chris-rock](https://github.com/chris-rock))
+
+## [v1.0.0](https://github.com/dev-sec/chef-postgres-hardening/tree/v1.0.0) (2014-09-02)
+**Merged pull requests:**
+
+- Overlay [\#6](https://github.com/dev-sec/chef-postgres-hardening/pull/6) ([chris-rock](https://github.com/chris-rock))
+- Lint [\#5](https://github.com/dev-sec/chef-postgres-hardening/pull/5) ([chris-rock](https://github.com/chris-rock))
+- add reame info for ssl and attributes, default ssl to false/off, remove snake-oil cert links [\#4](https://github.com/dev-sec/chef-postgres-hardening/pull/4) ([ehaselwanter](https://github.com/ehaselwanter))
+- add all boxes. remove all config for redhat derivates \(missing cert\) for now. [\#2](https://github.com/dev-sec/chef-postgres-hardening/pull/2) ([ehaselwanter](https://github.com/ehaselwanter))
+- add hardening requirements [\#1](https://github.com/dev-sec/chef-postgres-hardening/pull/1) ([ehaselwanter](https://github.com/ehaselwanter))
+
+
+
+\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*
\ No newline at end of file
diff --git a/Gemfile b/Gemfile
index c7212a4..6d10a84 100644
--- a/Gemfile
+++ b/Gemfile
@@ -2,32 +2,42 @@
 
 source 'https://rubygems.org'
 
-gem 'berkshelf',  '~> 4.0'
-gem 'chef',       '>= 12.0'
+gem 'berkshelf', '~> 5.3'
+gem 'chef', '~> 12.5'
+
+# pin dependency for Ruby 1.9.3 since bundler is not
+# detecting that net-ssh 3 does not work with 1.9.3
+if Gem::Version.new(RUBY_VERSION) <= Gem::Version.new('1.9.3')
+  gem 'net-ssh', '~> 2.9'
+end
 
 group :test do
-  gem 'rake'
+  gem 'bundler', '~> 1.5'
   gem 'chefspec',   '~> 4.2.0'
-  gem 'foodcritic', '~> 4.0'
-  gem 'thor-foodcritic'
-  gem 'rubocop',    '~> 0.28.0'
   gem 'coveralls',  require: false
+  gem 'foodcritic', '~> 6.0'
+  gem 'minitest', '~> 5.5'
+  gem 'rake'
+  gem 'rubocop', '~> 0.46.0'
+  gem 'simplecov', '~> 0.10'
 end
 
 group :development do
   gem 'guard'
-  gem 'guard-rspec'
+  gem 'guard-foodcritic'
   gem 'guard-kitchen'
+  gem 'guard-rspec'
   gem 'guard-rubocop'
-  gem 'guard-foodcritic'
 end
 
 group :integration do
-  gem 'test-kitchen', '~> 1.0'
+  gem 'concurrent-ruby', '~> 0.9'
+  gem 'kitchen-dokken'
+  gem 'kitchen-inspec', '~> 0.9'
   gem 'kitchen-vagrant'
-  gem 'kitchen-sharedtests', '~> 0.2.0'
+  gem 'test-kitchen', '~> 1.0'
 end
 
-group :openstack do
-  gem 'kitchen-openstack'
+group :tools do
+  gem 'github_changelog_generator', '~> 1.12.0'
 end
diff --git a/Rakefile b/Rakefile
index 642dffd..d3b0d8b 100644
--- a/Rakefile
+++ b/Rakefile
@@ -4,6 +4,7 @@
 require 'foodcritic'
 require 'rspec/core/rake_task'
 require 'rubocop/rake_task'
+require 'chef/cookbook/metadata'
 
 # General tasks
 
@@ -61,3 +62,19 @@ begin
 rescue LoadError
   puts '>>>>> Kitchen gem not loaded, omitting tasks' unless ENV['CI']
 end
+
+# Automatically generate a changelog for this project. Only loaded if
+# the necessary gem is installed.
+begin
+  # read version from metadata
+  metadata = Chef::Cookbook::Metadata.new
+  metadata.instance_eval(File.read('metadata.rb'))
+
+  # build changelog
+  require 'github_changelog_generator/task'
+  GitHubChangelogGenerator::RakeTask.new :changelog do |config|
+    config.future_release = "v#{metadata.version}"
+  end
+rescue LoadError
+  puts '>>>>> GitHub Changelog Generator not loaded, omitting tasks'
+end
diff --git a/gemfile.chef-11 b/gemfile.chef-11
deleted file mode 100644
index c81fa8e..0000000
--- a/gemfile.chef-11
+++ /dev/null
@@ -1,33 +0,0 @@
-# encoding: utf-8
-
-source 'https://rubygems.org'
-
-gem 'berkshelf',  '~> 4.0'
-gem 'chef',       '~> 11.18'
-
-group :test do
-  gem 'rake'
-  gem 'chefspec',   '~> 4.1.1'
-  gem 'foodcritic', '~> 3.0'
-  gem 'thor-foodcritic'
-  gem 'rubocop',    '~> 0.28.0'
-  gem 'coveralls',  require: false
-end
-
-group :development do
-  gem 'guard'
-  gem 'guard-rspec'
-  gem 'guard-kitchen'
-  gem 'guard-rubocop'
-  gem 'guard-foodcritic'
-end
-
-group :integration do
-  gem 'test-kitchen', '~> 1.0'
-  gem 'kitchen-vagrant'
-  gem 'kitchen-sharedtests', '~> 0.2.0'
-end
-
-group :openstack do
-  gem 'kitchen-openstack'
-end
diff --git a/metadata.rb b/metadata.rb
index 8d4939b..a98fb42 100644
--- a/metadata.rb
+++ b/metadata.rb
@@ -4,7 +4,7 @@
 license          "Apache v2.0"
 description      "Installs and configures a secure posgres server"
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          "1.0.0"
+version          "1.1.0"
 
 depends 'postgresql', '>= 3.4.0'
 

From b2b2aebb4eb1fc4619019db80a7fb634d427932d Mon Sep 17 00:00:00 2001
From: Christoph Hartmann <chris@lollyrock.com>
Date: Tue, 3 Jan 2017 13:03:17 +0100
Subject: [PATCH 2/3] update chefspec, restrict travis testing to 2.3.3

---
 .travis.yml | 3 +--
 Gemfile     | 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index f2e2696..89b05ce 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,7 +1,6 @@
 ---
 rvm:
-- 2.0.0
-- 2.1.3
+- 2.3.3
 gemfile:
 - Gemfile
 language: ruby
diff --git a/Gemfile b/Gemfile
index 6d10a84..6dd04f9 100644
--- a/Gemfile
+++ b/Gemfile
@@ -13,7 +13,7 @@ end
 
 group :test do
   gem 'bundler', '~> 1.5'
-  gem 'chefspec',   '~> 4.2.0'
+  gem 'chefspec',   '~> 5.3.0'
   gem 'coveralls',  require: false
   gem 'foodcritic', '~> 6.0'
   gem 'minitest', '~> 5.5'

From 65b25e952167847d2c8bc5519b6c12cf0e17c77b Mon Sep 17 00:00:00 2001
From: Christoph Hartmann <chris@lollyrock.com>
Date: Tue, 3 Jan 2017 13:03:40 +0100
Subject: [PATCH 3/3] comply with latest rubocop rules

Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
---
 .rubocop.yml           | 40 ++++++++++++++++++++--------------------
 Guardfile              |  6 ++----
 metadata.rb            | 16 ++++++++++------
 recipes/hardening.rb   |  3 ---
 spec/default_spec.rb   |  2 --
 spec/hardening_spec.rb | 14 --------------
 6 files changed, 32 insertions(+), 49 deletions(-)

diff --git a/.rubocop.yml b/.rubocop.yml
index c01a434..a46a829 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -1,32 +1,32 @@
 ---
 AllCops:
+  DisplayCopNames: true
   Exclude:
   - vendor/**/*
   - test/**/*
-  - metadata.rb
-  - Berksfile
-Documentation:
-  Enabled: false
-AlignParameters:
-  Enabled: true
-Encoding:
-  Enabled: true
-HashSyntax:
-  Enabled: true
-LineLength:
-  Enabled: false
-EmptyLinesAroundBlockBody:
-  Enabled: false
-MethodLength:
-  Max: 40
-NumericLiterals:
-  MinDigits: 10
+Metrics/AbcSize:
+  Max: 29
 Metrics/CyclomaticComplexity:
   Max: 10
+Metrics/LineLength:
+  Enabled: false
+Metrics/MethodLength:
+  Max: 40
 Metrics/PerceivedComplexity:
   Max: 10
-Metrics/AbcSize:
-  Max: 29
+Style/Documentation:
+  Enabled: false
 Style/DotPosition:
   EnforcedStyle: trailing
   Enabled: true
+Style/Encoding:
+  EnforcedStyle: always
+  Enabled: true
+Style/ExtraSpacing:
+  Exclude:
+    - attributes/default.rb
+Style/RegexpLiteral:
+  AllowInnerSlashes: true
+Style/SpaceAroundOperators:
+  Exclude:
+    - attributes/default.rb
diff --git a/Guardfile b/Guardfile
index fe71ed4..fa6820b 100644
--- a/Guardfile
+++ b/Guardfile
@@ -1,7 +1,5 @@
 # encoding: utf-8
 
-# Guardfile
-
 guard :rubocop do
   watch(/.+\.rb$/)
   watch(/(?:.+\/)?\.rubocop\.yml$/) { |m| File.dirname(m[0]) }
@@ -17,8 +15,8 @@ end
 
 guard :rspec do
   watch(/^spec\/.+_spec\.rb$/)
-  watch(/^(recipes)\/(.+)\.rb$/)     { |m| "spec/#{m[1]}_spec.rb" }
-  watch('spec/spec_helper.rb')  { 'spec' }
+  watch(/^(recipes)\/(.+)\.rb$/) { |m| "spec/#{m[1]}_spec.rb" }
+  watch('spec/spec_helper.rb') { 'spec' }
 end
 
 guard :kitchen, all_on_start: false do
diff --git a/metadata.rb b/metadata.rb
index a98fb42..b6ec432 100644
--- a/metadata.rb
+++ b/metadata.rb
@@ -1,10 +1,11 @@
-name             "postgres-hardening"
-maintainer       "Christoph Hartmann"
-maintainer_email "chris@lollyrock.com"
-license          "Apache v2.0"
-description      "Installs and configures a secure posgres server"
+# encoding: utf-8
+name             'postgres-hardening'
+maintainer       'Christoph Hartmann'
+maintainer_email 'chris@lollyrock.com'
+license          'Apache v2.0'
+description      'Installs and configures a secure posgres server'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          "1.1.0"
+version          '1.1.0'
 
 depends 'postgresql', '>= 3.4.0'
 
@@ -17,3 +18,6 @@
 supports 'fedora'
 supports 'debian'
 supports 'ubuntu'
+
+source_url 'https://github.com/dev-sec/chef-postgres-hardening'
+issues_url 'https://github.com/dev-sec/chef-postgres-hardening/issues'
diff --git a/recipes/hardening.rb b/recipes/hardening.rb
index 84799f5..e4a1bc6 100644
--- a/recipes/hardening.rb
+++ b/recipes/hardening.rb
@@ -21,9 +21,7 @@
 # ensure, that you have postgresql::server in your runlist
 case node['platform_family']
 when 'debian'
-
   ['', node['postgresql']['version']].each do |dir|
-
     directory File.join('/var/lib/postgresql/', dir) do
       mode '0700'
     end
@@ -42,5 +40,4 @@
     only_if "ls -l /var/lib/postgresql/#{node['postgresql']['version']}/main/server.key |grep /etc/ssl/private/ssl-cert-snakeoil.key"
     notifies change_notify, 'service[postgresql]'
   end
-
 end
diff --git a/spec/default_spec.rb b/spec/default_spec.rb
index bad76c7..1224e30 100644
--- a/spec/default_spec.rb
+++ b/spec/default_spec.rb
@@ -18,7 +18,6 @@
 require 'spec_helper'
 
 describe 'postgres-hardening::default' do
-
   let(:chef_run) do
     ChefSpec::SoloRunner.new do |node|
       node.set['postgresql']['version'] = '9.3'
@@ -35,5 +34,4 @@
   it 'includes postgres-hardening::hardening recipe' do
     expect(chef_run).to include_recipe('postgres-hardening::hardening')
   end
-
 end
diff --git a/spec/hardening_spec.rb b/spec/hardening_spec.rb
index 1ec8047..c555ab1 100644
--- a/spec/hardening_spec.rb
+++ b/spec/hardening_spec.rb
@@ -18,9 +18,7 @@
 require 'spec_helper'
 
 describe 'postgres-hardening::hardening' do
-
   context 'with platform_family debian' do
-
     platforms = [
       { os_name: 'ubuntu', os_version: '12.04', postgres_version: '9.3' },
       { os_name: 'ubuntu', os_version: '14.04', postgres_version: '9.3' },
@@ -29,9 +27,7 @@
     ]
 
     platforms.each do |platform|
-
       context "operating system #{platform[:os_name]} #{platform[:os_version]}" do
-
         let(:chef_run) do
           ChefSpec::ServerRunner.new(
             platform: platform[:os_name], version: platform[:os_version]
@@ -46,7 +42,6 @@
         end
 
         it 'creates necessary directories with correct mode' do
-
           stub_command("ls -l /var/lib/postgresql/#{@postgres_version}/main/server.crt |grep /etc/ssl/certs/ssl-cert-snakeoil.pem").and_return(true)
           stub_command("ls -l /var/lib/postgresql/#{@postgres_version}/main/server.key |grep /etc/ssl/private/ssl-cert-snakeoil.key").and_return(true)
 
@@ -55,33 +50,24 @@
 
           expect(chef_run).to create_directory("/var/lib/postgresql/#{@postgres_version}").
             with(mode: '0700')
-
         end
 
         it 'deletes links if commands return true' do
-
           stub_command("ls -l /var/lib/postgresql/#{@postgres_version}/main/server.crt |grep /etc/ssl/certs/ssl-cert-snakeoil.pem").and_return(true)
           stub_command("ls -l /var/lib/postgresql/#{@postgres_version}/main/server.key |grep /etc/ssl/private/ssl-cert-snakeoil.key").and_return(true)
 
           expect(chef_run).to delete_link("/var/lib/postgresql/#{@postgres_version}/main/server.crt")
           expect(chef_run).to delete_link("/var/lib/postgresql/#{@postgres_version}/main/server.key")
-
         end
 
         it 'does not delete links if commands return false' do
-
           stub_command("ls -l /var/lib/postgresql/#{@postgres_version}/main/server.crt |grep /etc/ssl/certs/ssl-cert-snakeoil.pem").and_return(false)
           stub_command("ls -l /var/lib/postgresql/#{@postgres_version}/main/server.key |grep /etc/ssl/private/ssl-cert-snakeoil.key").and_return(false)
 
           expect(chef_run).to_not delete_link("/var/lib/postgresql/#{@postgres_version}/main/server.crt")
           expect(chef_run).to_not delete_link("/var/lib/postgresql/#{@postgres_version}/main/server.key")
-
         end
-
       end
-
     end
-
   end
-
 end