27 changed files with 1537 additions and 65 deletions
@ -0,0 +1,17 @@
|
||||
source 'https://rubygems.org' |
||||
|
||||
group :kitchen do |
||||
gem 'test-kitchen' |
||||
gem 'kitchen-docker' |
||||
gem 'kitchen-inspec' |
||||
gem 'kitchen-salt' |
||||
end |
||||
|
||||
group :develop do |
||||
gem 'kitchen-vagrant' |
||||
end |
||||
|
||||
group :formula do |
||||
# Put any dependencies needed by the formula tests here. |
||||
end |
||||
|
@ -0,0 +1,535 @@
|
||||
GEM |
||||
remote: https://rubygems.org/ |
||||
specs: |
||||
activesupport (5.2.4.3) |
||||
concurrent-ruby (~> 1.0, >= 1.0.2) |
||||
i18n (>= 0.7, < 2) |
||||
minitest (~> 5.1) |
||||
tzinfo (~> 1.1) |
||||
addressable (2.7.0) |
||||
public_suffix (>= 2.0.2, < 5.0) |
||||
aws-eventstream (1.1.0) |
||||
aws-partitions (1.337.0) |
||||
aws-sdk-apigateway (1.47.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-apigatewayv2 (1.23.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-athena (1.29.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-autoscaling (1.22.0) |
||||
aws-sdk-core (~> 3, >= 3.52.1) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-budgets (1.32.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-cloudformation (1.40.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-cloudfront (1.32.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-cloudhsm (1.24.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-cloudhsmv2 (1.25.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-cloudtrail (1.25.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-cloudwatch (1.40.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-cloudwatchlogs (1.33.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-codecommit (1.36.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-codedeploy (1.33.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-codepipeline (1.33.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-configservice (1.47.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-core (3.102.1) |
||||
aws-eventstream (~> 1, >= 1.0.2) |
||||
aws-partitions (~> 1, >= 1.239.0) |
||||
aws-sigv4 (~> 1.1) |
||||
jmespath (~> 1.0) |
||||
aws-sdk-costandusagereportservice (1.23.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-dynamodb (1.50.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-ec2 (1.172.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-ecr (1.32.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-ecs (1.66.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-efs (1.31.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-eks (1.39.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-elasticache (1.39.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-elasticbeanstalk (1.33.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-elasticloadbalancing (1.24.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-elasticloadbalancingv2 (1.46.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-elasticsearchservice (1.38.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-firehose (1.30.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-iam (1.42.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-kafka (1.23.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-kinesis (1.25.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-kms (1.35.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-lambda (1.45.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-organizations (1.17.0) |
||||
aws-sdk-core (~> 3, >= 3.39.0) |
||||
aws-sigv4 (~> 1.0) |
||||
aws-sdk-rds (1.89.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-redshift (1.45.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-route53 (1.39.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-route53domains (1.24.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-route53resolver (1.16.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-s3 (1.72.0) |
||||
aws-sdk-core (~> 3, >= 3.102.1) |
||||
aws-sdk-kms (~> 1) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-securityhub (1.28.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-ses (1.32.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-sms (1.22.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-sns (1.26.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-sqs (1.29.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sdk-ssm (1.83.0) |
||||
aws-sdk-core (~> 3, >= 3.99.0) |
||||
aws-sigv4 (~> 1.1) |
||||
aws-sigv4 (1.2.1) |
||||
aws-eventstream (~> 1, >= 1.0.2) |
||||
azure_graph_rbac (0.17.2) |
||||
ms_rest_azure (~> 0.12.0) |
||||
azure_mgmt_key_vault (0.17.6) |
||||
ms_rest_azure (~> 0.12.0) |
||||
azure_mgmt_resources (0.17.9) |
||||
ms_rest_azure (~> 0.12.0) |
||||
azure_mgmt_security (0.18.2) |
||||
ms_rest_azure (~> 0.12.0) |
||||
azure_mgmt_storage (0.21.1) |
||||
ms_rest_azure (~> 0.12.0) |
||||
bcrypt_pbkdf (1.0.1) |
||||
builder (3.2.4) |
||||
chef-config (16.2.50) |
||||
addressable |
||||
chef-utils (= 16.2.50) |
||||
fuzzyurl |
||||
mixlib-config (>= 2.2.12, < 4.0) |
||||
mixlib-shellout (>= 2.0, < 4.0) |
||||
tomlrb (~> 1.2) |
||||
chef-telemetry (1.0.8) |
||||
chef-config |
||||
concurrent-ruby (~> 1.0) |
||||
ffi-yajl (~> 2.2) |
||||
chef-utils (16.2.50) |
||||
coderay (1.1.3) |
||||
concurrent-ruby (1.1.6) |
||||
declarative (0.0.20) |
||||
declarative-option (0.1.0) |
||||
diff-lcs (1.4.3) |
||||
docker-api (1.34.2) |
||||
excon (>= 0.47.0) |
||||
multi_json |
||||
domain_name (0.5.20190701) |
||||
unf (>= 0.0.5, < 1.0.0) |
||||
ecma-re-validator (0.2.1) |
||||
regexp_parser (~> 1.2) |
||||
ed25519 (1.2.4) |
||||
equatable (0.6.1) |
||||
erubi (1.9.0) |
||||
excon (0.75.0) |
||||
faraday (0.17.3) |
||||
multipart-post (>= 1.2, < 3) |
||||
faraday-cookie_jar (0.0.6) |
||||
faraday (>= 0.7.4) |
||||
http-cookie (~> 1.0.0) |
||||
faraday_middleware (0.12.2) |
||||
faraday (>= 0.7.4, < 1.0) |
||||
ffi (1.13.1) |
||||
ffi-yajl (2.3.3) |
||||
libyajl2 (~> 1.2) |
||||
fuzzyurl (0.9.0) |
||||
google-api-client (0.34.1) |
||||
addressable (~> 2.5, >= 2.5.1) |
||||
googleauth (~> 0.9) |
||||
httpclient (>= 2.8.1, < 3.0) |
||||
mini_mime (~> 1.0) |
||||
representable (~> 3.0) |
||||
retriable (>= 2.0, < 4.0) |
||||
signet (~> 0.12) |
||||
googleauth (0.10.0) |
||||
faraday (~> 0.12) |
||||
jwt (>= 1.4, < 3.0) |
||||
memoist (~> 0.16) |
||||
multi_json (~> 1.11) |
||||
os (>= 0.9, < 2.0) |
||||
signet (~> 0.12) |
||||
gssapi (1.3.0) |
||||
ffi (>= 1.0.1) |
||||
gyoku (1.3.1) |
||||
builder (>= 2.1.2) |
||||
hana (1.3.6) |
||||
hashie (3.6.0) |
||||
htmlentities (4.3.4) |
||||
http-cookie (1.0.3) |
||||
domain_name (~> 0.5) |
||||
httpclient (2.8.3) |
||||
i18n (1.8.3) |
||||
concurrent-ruby (~> 1.0) |
||||
inifile (3.0.0) |
||||
inspec (4.21.1) |
||||
faraday_middleware (~> 0.12.2) |
||||
inspec-core (= 4.21.1) |
||||
train (~> 3.0) |
||||
train-aws (~> 0.1) |
||||
train-habitat (~> 0.1) |
||||
train-winrm (~> 0.2) |
||||
inspec-core (4.21.1) |
||||
addressable (~> 2.4) |
||||
chef-telemetry (~> 1.0) |
||||
faraday (>= 0.9.0) |
||||
hashie (~> 3.4) |
||||
htmlentities (~> 4.3) |
||||
json_schemer (~> 0.2.1) |
||||
license-acceptance (>= 0.2.13, < 2.0) |
||||
method_source (>= 0.8, < 2.0) |
||||
mixlib-log (~> 3.0) |
||||
multipart-post (~> 2.0) |
||||
parallel (~> 1.9) |
||||
parslet (~> 1.5) |
||||
pry (~> 0.13) |
||||
rspec (~> 3.9) |
||||
rspec-its (~> 1.2) |
||||
rubyzip (~> 1.2, >= 1.2.2) |
||||
semverse (~> 3.0) |
||||
sslshake (~> 1.2) |
||||
term-ansicolor (~> 1.7) |
||||
thor (>= 0.20, < 2.0) |
||||
tomlrb (~> 1.2.0) |
||||
train-core (~> 3.0) |
||||
tty-prompt (~> 0.17) |
||||
tty-table (~> 0.10) |
||||
jmespath (1.4.0) |
||||
json (2.3.0) |
||||
json_schemer (0.2.11) |
||||
ecma-re-validator (~> 0.2) |
||||
hana (~> 1.3) |
||||
regexp_parser (~> 1.5) |
||||
uri_template (~> 0.7) |
||||
jwt (2.2.1) |
||||
kitchen-docker (2.10.0) |
||||
test-kitchen (>= 1.0.0) |
||||
kitchen-inspec (2.0.0) |
||||
hashie (~> 3.4) |
||||
inspec (>= 2.2.64, < 5.0) |
||||
test-kitchen (>= 1.6, < 3) |
||||
kitchen-salt (0.6.3) |
||||
hashie (>= 3.5) |
||||
test-kitchen (>= 1.4) |
||||
kitchen-vagrant (1.6.1) |
||||
test-kitchen (>= 1.4, < 3) |
||||
libyajl2 (1.2.0) |
||||
license-acceptance (1.0.19) |
||||
pastel (~> 0.7) |
||||
tomlrb (~> 1.2) |
||||
tty-box (~> 0.3) |
||||
tty-prompt (~> 0.18) |
||||
little-plugger (1.1.4) |
||||
logging (2.2.2) |
||||
little-plugger (~> 1.1) |
||||
multi_json (~> 1.10) |
||||
memoist (0.16.2) |
||||
method_source (1.0.0) |
||||
mini_mime (1.0.2) |
||||
minitest (5.14.1) |
||||
mixlib-config (3.0.6) |
||||
tomlrb |
||||
mixlib-install (3.12.1) |
||||
mixlib-shellout |
||||
mixlib-versioning |
||||
thor |
||||
mixlib-log (3.0.8) |
||||
mixlib-shellout (3.0.9) |
||||
mixlib-versioning (1.2.12) |
||||
ms_rest (0.7.6) |
||||
concurrent-ruby (~> 1.0) |
||||
faraday (>= 0.9, < 2.0.0) |
||||
timeliness (~> 0.3.10) |
||||
ms_rest_azure (0.12.0) |
||||
concurrent-ruby (~> 1.0) |
||||
faraday (>= 0.9, < 2.0.0) |
||||
faraday-cookie_jar (~> 0.0.6) |
||||
ms_rest (~> 0.7.6) |
||||
multi_json (1.14.1) |
||||
multipart-post (2.1.1) |
||||
necromancer (0.5.1) |
||||
net-scp (3.0.0) |
||||
net-ssh (>= 2.6.5, < 7.0.0) |
||||
net-ssh (6.1.0) |
||||
net-ssh-gateway (2.0.0) |
||||
net-ssh (>= 4.0.0) |
||||
nori (2.6.0) |
||||
os (1.1.0) |
||||
parallel (1.19.2) |
||||
parslet (1.8.2) |
||||
pastel (0.7.4) |
||||
equatable (~> 0.6) |
||||
tty-color (~> 0.5) |
||||
pry (0.13.1) |
||||
coderay (~> 1.1) |
||||
method_source (~> 1.0) |
||||
public_suffix (4.0.5) |
||||
regexp_parser (1.7.1) |
||||
representable (3.0.4) |
||||
declarative (< 0.1.0) |
||||
declarative-option (< 0.2.0) |
||||
uber (< 0.2.0) |
||||
retriable (3.1.2) |
||||
rspec (3.9.0) |
||||
rspec-core (~> 3.9.0) |
||||
rspec-expectations (~> 3.9.0) |
||||
rspec-mocks (~> 3.9.0) |
||||
rspec-core (3.9.2) |
||||
rspec-support (~> 3.9.3) |
||||
rspec-expectations (3.9.2) |
||||
diff-lcs (>= 1.2.0, < 2.0) |
||||
rspec-support (~> 3.9.0) |
||||
rspec-its (1.3.0) |
||||
rspec-core (>= 3.0.0) |
||||
rspec-expectations (>= 3.0.0) |
||||
rspec-mocks (3.9.1) |
||||
diff-lcs (>= 1.2.0, < 2.0) |
||||
rspec-support (~> 3.9.0) |
||||
rspec-support (3.9.3) |
||||
rubyntlm (0.6.2) |
||||
rubyzip (1.3.0) |
||||
semverse (3.0.0) |
||||
signet (0.14.0) |
||||
addressable (~> 2.3) |
||||
faraday (>= 0.17.3, < 2.0) |
||||
jwt (>= 1.5, < 3.0) |
||||
multi_json (~> 1.10) |
||||
sslshake (1.3.1) |
||||
strings (0.1.8) |
||||
strings-ansi (~> 0.1) |
||||
unicode-display_width (~> 1.5) |
||||
unicode_utils (~> 1.4) |
||||
strings-ansi (0.2.0) |
||||
sync (0.5.0) |
||||
term-ansicolor (1.7.1) |
||||
tins (~> 1.0) |
||||
test-kitchen (2.5.2) |
||||
bcrypt_pbkdf (~> 1.0) |
||||
ed25519 (~> 1.2) |
||||
license-acceptance (~> 1.0, >= 1.0.11) |
||||
mixlib-install (~> 3.6) |
||||
mixlib-shellout (>= 1.2, < 4.0) |
||||
net-scp (>= 1.1, < 4.0) |
||||
net-ssh (>= 2.9, < 7.0) |
||||
net-ssh-gateway (>= 1.2, < 3.0) |
||||
thor (>= 0.19, < 2.0) |
||||
winrm (~> 2.0) |
||||
winrm-elevated (~> 1.0) |
||||
winrm-fs (~> 1.1) |
||||
thor (1.0.1) |
||||
thread_safe (0.3.6) |
||||
timeliness (0.3.10) |
||||
tins (1.25.0) |
||||
sync |
||||
tomlrb (1.2.9) |
||||
train (3.3.4) |
||||
activesupport (>= 5.2.4.3, < 6.0.0) |
||||
azure_graph_rbac (~> 0.16) |
||||
azure_mgmt_key_vault (~> 0.17) |
||||
azure_mgmt_resources (~> 0.15) |
||||
azure_mgmt_security (~> 0.18) |
||||
azure_mgmt_storage (~> 0.18) |
||||
docker-api (~> 1.26) |
||||
google-api-client (>= 0.23.9, < 0.35.0) |
||||
googleauth (>= 0.6.6, < 0.11.0) |
||||
inifile (~> 3.0) |
||||
train-core (= 3.3.4) |
||||
train-winrm (~> 0.2) |
||||
train-aws (0.1.17) |
||||
aws-sdk-apigateway (~> 1.0) |
||||
aws-sdk-apigatewayv2 (~> 1.0) |
||||
aws-sdk-athena (~> 1.0) |
||||
aws-sdk-autoscaling (~> 1.22.0) |
||||
aws-sdk-budgets (~> 1.0) |
||||
aws-sdk-cloudformation (~> 1.0) |
||||
aws-sdk-cloudfront (~> 1.0) |
||||
aws-sdk-cloudhsm (~> 1.0) |
||||
aws-sdk-cloudhsmv2 (~> 1.0) |
||||
aws-sdk-cloudtrail (~> 1.8) |
||||
aws-sdk-cloudwatch (~> 1.13) |
||||
aws-sdk-cloudwatchlogs (~> 1.13) |
||||
aws-sdk-codecommit (~> 1.0) |
||||
aws-sdk-codedeploy (~> 1.0) |
||||
aws-sdk-codepipeline (~> 1.0) |
||||
aws-sdk-configservice (~> 1.21) |
||||
aws-sdk-core (~> 3.0) |
||||
aws-sdk-costandusagereportservice (~> 1.6) |
||||
aws-sdk-dynamodb (~> 1.31) |
||||
aws-sdk-ec2 (~> 1.70) |
||||
aws-sdk-ecr (~> 1.18) |
||||
aws-sdk-ecs (~> 1.30) |
||||
aws-sdk-efs (~> 1.0) |
||||
aws-sdk-eks (~> 1.9) |
||||
aws-sdk-elasticache (~> 1.0) |
||||
aws-sdk-elasticbeanstalk (~> 1.0) |
||||
aws-sdk-elasticloadbalancing (~> 1.8) |
||||
aws-sdk-elasticloadbalancingv2 (~> 1.0) |
||||
aws-sdk-elasticsearchservice (~> 1.0) |
||||
aws-sdk-firehose (~> 1.0) |
||||
aws-sdk-iam (~> 1.13) |
||||
aws-sdk-kafka (~> 1.0) |
||||
aws-sdk-kinesis (~> 1.0) |
||||
aws-sdk-kms (~> 1.13) |
||||
aws-sdk-lambda (~> 1.0) |
||||
aws-sdk-organizations (~> 1.17.0) |
||||
aws-sdk-rds (~> 1.43) |
||||
aws-sdk-redshift (~> 1.0) |
||||
aws-sdk-route53 (~> 1.0) |
||||
aws-sdk-route53domains (~> 1.0) |
||||
aws-sdk-route53resolver (~> 1.0) |
||||
aws-sdk-s3 (~> 1.30) |
||||
aws-sdk-securityhub (~> 1.0) |
||||
aws-sdk-ses (~> 1.0) |
||||
aws-sdk-sms (~> 1.0) |
||||
aws-sdk-sns (~> 1.9) |
||||
aws-sdk-sqs (~> 1.10) |
||||
aws-sdk-ssm (~> 1.0) |
||||
train-core (3.3.4) |
||||
addressable (~> 2.5) |
||||
ffi (!= 1.13.0) |
||||
json (>= 1.8, < 3.0) |
||||
mixlib-shellout (>= 2.0, < 4.0) |
||||
net-scp (>= 1.2, < 4.0) |
||||
net-ssh (>= 2.9, < 7.0) |
||||
train-habitat (0.2.13) |
||||
train-winrm (0.2.6) |
||||
winrm (~> 2.0) |
||||
winrm-fs (~> 1.0) |
||||
tty-box (0.5.0) |
||||
pastel (~> 0.7.2) |
||||
strings (~> 0.1.6) |
||||
tty-cursor (~> 0.7) |
||||
tty-color (0.5.1) |
||||
tty-cursor (0.7.1) |
||||
tty-prompt (0.21.0) |
||||
necromancer (~> 0.5.0) |
||||
pastel (~> 0.7.0) |
||||
tty-reader (~> 0.7.0) |
||||
tty-reader (0.7.0) |
||||
tty-cursor (~> 0.7) |
||||
tty-screen (~> 0.7) |
||||
wisper (~> 2.0.0) |
||||
tty-screen (0.8.0) |
||||
tty-table (0.11.0) |
||||
equatable (~> 0.6) |
||||
necromancer (~> 0.5) |
||||
pastel (~> 0.7.2) |
||||
strings (~> 0.1.5) |
||||
tty-screen (~> 0.7) |
||||
tzinfo (1.2.7) |
||||
thread_safe (~> 0.1) |
||||
uber (0.1.0) |
||||
unf (0.1.4) |
||||
unf_ext |
||||
unf_ext (0.0.7.7) |
||||
unicode-display_width (1.7.0) |
||||
unicode_utils (1.4.0) |
||||
uri_template (0.7.0) |
||||
winrm (2.3.4) |
||||
builder (>= 2.1.2) |
||||
erubi (~> 1.8) |
||||
gssapi (~> 1.2) |
||||
gyoku (~> 1.0) |
||||
httpclient (~> 2.2, >= 2.2.0.2) |
||||
logging (>= 1.6.1, < 3.0) |
||||
nori (~> 2.0) |
||||
rubyntlm (~> 0.6.0, >= 0.6.1) |
||||
winrm-elevated (1.2.1) |
||||
erubi (~> 1.8) |
||||
winrm (~> 2.0) |
||||
winrm-fs (~> 1.0) |
||||
winrm-fs (1.3.3) |
||||
erubi (~> 1.8) |
||||
logging (>= 1.6.1, < 3.0) |
||||
rubyzip (~> 1.1) |
||||
winrm (~> 2.0) |
||||
wisper (2.0.1) |
||||
|
||||
PLATFORMS |
||||
ruby |
||||
|
||||
DEPENDENCIES |
||||
kitchen-docker |
||||
kitchen-inspec |
||||
kitchen-salt |
||||
kitchen-vagrant |
||||
test-kitchen |
||||
|
||||
BUNDLED WITH |
||||
2.1.4 |
@ -1,7 +0,0 @@
|
||||
--- |
||||
|
||||
apt-file: |
||||
pkg.installed: |
||||
- name: apt-file |
||||
cmd.run: |
||||
- name: "apt-file update" |
@ -1,2 +1,3 @@
|
||||
{% import_yaml "base/package_map.yaml" as pkg_map %} |
||||
{% import_yaml "base/pip_packages.yaml" as pip_pkgs %} |
||||
{% set packages = salt["grains.filter_by"](pkg_map, grain="os") or {} %} |
||||
|
@ -1,27 +1,29 @@
|
||||
--- |
||||
|
||||
Debian: |
||||
apt-file: |
||||
name: apt-file |
||||
then: "apt-file update" |
||||
curl: |
||||
name: curl |
||||
dnsutils: |
||||
name: dnsutils |
||||
htop: |
||||
name: htop |
||||
iptables: |
||||
name: iptables |
||||
latest: true |
||||
source_for: |
||||
stretch: ~ |
||||
buster: buster-backports |
||||
jq: |
||||
name: jq |
||||
libcap2_bin: |
||||
name: libcap2-bin |
||||
parted: |
||||
name: parted |
||||
pip: |
||||
require: ">=19.0.0" |
||||
py2_name: python-pip |
||||
py3_name: python3-pip |
||||
python3: |
||||
name: python3 |
||||
python_requests: |
||||
name: python-requests |
||||
python3_requests: |
||||
name: python3-requests |
||||
latest: true |
||||
tmux: |
||||
name: tmux |
||||
|
@ -0,0 +1,10 @@
|
||||
--- |
||||
|
||||
pip: |
||||
require: ">=19.0.0" |
||||
py2_name: python-pip |
||||
py3_name: python3-pip |
||||
python_requests: |
||||
name: python-requests |
||||
python3_requests: |
||||
name: python3-requests |
@ -0,0 +1,99 @@
|
||||
#!pydsl |
||||
|
||||
state("concourse_worker ipv4 chain").iptables.chain_present( |
||||
"concourse_worker", |
||||
family="ipv4", |
||||
) |
||||
|
||||
state("concourse_worker ipv6 chain").iptables.chain_present( |
||||
"concourse_worker", |
||||
family="ipv6", |
||||
) |
||||
|
||||
addresses_v4 = ["107.155.67.64/29"] |
||||
addresses_v6 = ["2604:880:396::/48"] |
||||
|
||||
for address in addresses_v4: |
||||
# SSH |
||||
state("ssh ipv4 " + address).iptables.append( |
||||
table="filter", |
||||
family="ipv4", |
||||
chain="concourse_worker", |
||||
source=address, |
||||
protocol="tcp", |
||||
match="tcp", |
||||
dport=22, |
||||
) |
||||
|
||||
# Concourse worker |
||||
state("concourse-atc ipv4 " + address).iptables.append( |
||||
table="filter", |
||||
family="ipv4", |
||||
chain="concourse_worker", |
||||
source=address, |
||||
protocol="tcp", |
||||
match="tcp", |
||||
dport=7777, |
||||
) |
||||
|
||||
state("concourse-baggageclaim ipv4 " + address).append( |
||||
table="filter", |
||||
family="ipv4", |
||||
chain="concourse_worker", |
||||
source=address, |
||||
protocol="tcp", |
||||
match="tcp", |
||||
dport=7778, |
||||
) |
||||
|
||||
for address in addresses_v6: |
||||
# SSH |
||||
state("ssh ipv6 " + address).iptables.append( |
||||
table="filter", |
||||
family="ipv6", |
||||
chain="concourse_worker", |
||||
source=address, |
||||
protocol="tcp", |
||||
match="tcp", |
||||
dport=7777, |
||||
) |
||||
|
||||
# Concourse private |
||||
state("concourse-atc ipv6 " + address).iptables.append( |
||||
table="filter", |
||||
family="ipv6", |
||||
chain="concourse_worker", |
||||
source=address, |
||||
protocol="tcp", |
||||
match="tcp", |
||||
dport=7777, |
||||
) |
||||
|
||||
state("concourse-baggageclaim ipv6 " + address).iptables.append( |
||||
table="filter", |
||||
family="ipv6", |
||||
chain="concourse_worker", |
||||
source=address, |
||||
protocol="tcp", |
||||
match="tcp", |
||||
dport=7778, |
||||
) |
||||
|
||||
|
||||
state("concourse_worker ipv4 input chain").iptables.append( |
||||
table="filter", |
||||
family="ipv4", |
||||
chain="INPUT", |
||||
match="comment", |
||||
comment="concourse_worker", |
||||
jump="concourse_worker", |
||||
) |
||||
|
||||
state("concourse_worker ipv6 input chain").iptables.append( |
||||
table="filter", |
||||
family="ipv6", |
||||
chain="INPUT", |
||||
match="comment", |
||||
comment="concourse_worker", |
||||
jump="concourse_worker", |
||||
) |
@ -0,0 +1,45 @@
|
||||
#!pydsl |
||||
|
||||
state("es-ingest ipv4 " + address).iptables.append( |
||||
table="filter", |
||||
family="ipv4", |
||||
chain="INPUT", |
||||
source="10.1.0.0/24", |
||||
protocol="tcp", |
||||
match="tcp", |
||||
dport=9200, |
||||
) |
||||
|
||||
state("es-transport ipv4 " + address).iptables.append( |
||||
table="filter", |
||||
family="ipv4", |
||||
chain="INPUT", |
||||
source="10.1.0.0/24", |
||||
protocol="tcp", |
||||
match="tcp", |
||||
dport=9300, |
||||
) |
||||
|
||||
addresses_v4 = __salt__.minion_net.public_addresses("*", target_type="glob", addr_type="ipv4") |
||||
for address in addresses_v4: |
||||
state("es-ingest ipv4 " + address).iptables.append( |
||||
table="filter", |
||||
family="ipv4", |
||||
chain="INPUT", |
||||
source=address, |
||||
protocol="tcp", |
||||
match="tcp", |
||||
dport=9200, |
||||
) |
||||
|
||||
addresses_v6 = __salt__.minion_net.public_addresses("*", target_type="glob", addr_type="ipv6") |
||||
for address in addresses_v6: |
||||
state("es-ingest ipv6 " + address).iptables.append( |
||||
table="filter", |
||||
family="ipv6", |
||||
chain="INPUT", |
||||
source=address, |
||||
protocol="tcp", |
||||
match="tcp", |
||||
dport=9200, |
||||
) |
@ -0,0 +1,56 @@
|
||||
#!pydsl |
||||
|
||||
state("elasticsearch_exporter_private ipv4 chain").iptables.chain_present( |
||||
"elasticsearch_exporter_private", |
||||
family="ipv4", |
||||
) |
||||
|
||||
state("elasticsearch_exporter_private ipv6 chain").iptables.chain_present( |
||||
"elasticsearch_exporter_private", |
||||
family="ipv6", |
||||
) |
||||
|
||||
addresses_v4 = __salt__.minion_net.public_addresses("app:metrics", target_type="grain", addr_type="ipv4") |
||||
for address in addresses_v4: |
||||
# Salt private |
||||
state("elasticsearch_exporter ipv4 " + address).iptables.append( |
||||
table="filter", |
||||
family="ipv4", |
||||
chain="elasticsearch_exporter_private", |
||||
source=address, |
||||
protocol="tcp", |
||||
match="tcp", |
||||
dport=9114, |
||||
) |
||||
|
||||
addresses_v6 = __salt__.minion_net.public_addresses("app:metrics", target_type="grain", addr_type="ipv6") |
||||
for address in addresses_v6: |
||||
state("elasticsearch_exporter ipv6 " + address).iptables.append( |
||||
table="filter", |
||||
family="ipv6", |
||||
chain="elasticsearch_exporter_private", |
||||
source=address, |
||||
protocol="tcp", |
||||
match="tcp", |
||||
dport=9114, |
||||
) |
||||
|
||||
|
||||
state("elasticsearch_exporter_private ipv4 input chain").iptables.append( |
||||
table="filter", |
||||
family="ipv4", |
||||
chain="INPUT", |
||||
match="comment", |
||||
comment="elasticsearch_exporter_private", |
||||
jump="elasticsearch_exporter_private", |
||||
) |
||||
|
||||
state("elasticsearch_exporter_private ipv6 input chain").iptables.append( |
||||
table="filter", |
||||
family="ipv6", |
||||
chain="INPUT", |
||||
match="comment", |
||||
comment="elasticsearch_exporter_private", |
||||
jump="elasticsearch_exporter_private", |
||||
) |
||||
|
@ -0,0 +1,54 @@
|
||||
#!pydsl |
||||
|
||||
families = [ |
||||
("ipv4", ["0.0.0.0/0"]), |
||||
("ipv6", ["::/0"]), |
||||
] |
||||
|
||||
ports = [ |
||||
("http", 80), |
||||
("https", 443), |
||||
] |
||||
|
||||
state("http_public ipv4 chain").iptables.chain_present( |
||||
"http_public", |
||||
family="ipv4", |
||||
) |
||||
|
||||
state("http_public ipv6 chain").iptables.chain_present( |
||||
"http_public", |
||||
family="ipv6", |
||||
) |
||||
|
||||
for family, addresses in families: |
||||
for address in addresses: |
||||
for protocol, port in ports: |
||||
state("{} {} {}".format(protocol, family, address)).iptables.append( |
||||
table="filter", |
||||
family=family, |
||||
chain="http_public", |
||||
source=address, |
||||
protocol="tcp", |
||||
match=["tcp", "comment"], |
||||
comment=protocol, |
||||
dport=port, |
||||
jump="ACCEPT", |
||||
) |
||||
|
||||
state("http_public ipv4 input chain").iptables.append( |
||||
table="filter", |
||||
family="ipv4", |
||||
chain="INPUT", |
||||
match="comment", |
||||
comment="http_public", |
||||
jump="http_public", |
||||
) |
||||
|
||||
state("http_public ipv6 input chain").iptables.append( |
||||
table="filter", |
||||
family="ipv6", |
||||
chain="INPUT", |
||||
match="comment", |
||||
comment="http_public", |
||||
jump="http_public", |
||||
) |
@ -0,0 +1,100 @@
|
||||
#!pydsl |
||||
|
||||
import socket |
||||
from copy import copy |
||||
from salt.utils import network |
||||
|
||||
pillar = __salt__["pillar.get"] |
||||
|
||||
addresses_v4 = pillar("firewall:management:ipv4", []) |
||||
addresses_v6 = pillar("firewall:management:ipv6", []) |
||||
names = pillar("firewall:management:resolve_names", []) |
||||
|
||||
public_addresses = __salt__.minion_net.public_addresses |
||||
|
||||
# CI worker nodes need to be able to access everything |
||||
for address in public_addresses("app:builder", target_type="glob", addr_type="ipv4"): |
||||
addresses_v4.append(address) |
||||
|
||||
for address in public_addresses("app:builder", target_type="glob", addr_type="ipv6"): |
||||
addresses_v6.append(address) |
||||
|
||||
# Salt master needs to be able to access everything |
||||
for address in public_addresses("app:saltbox", target_type="glob", addr_type="ipv4"): |
||||
addresses_v4.append(address) |
||||
|
||||
for address in public_addresses("app:saltbox", target_type="glob", addr_type="ipv6"): |
||||
addresses_v6.append(address) |
||||
|
||||
# Resolve any names to add to the allow lists |
||||
for hostname in names: |
||||
mods = {} |
||||
if isinstance(hostname, dict): |
||||
hostname, mods = hostname.popitem() |
||||
print(hostname, mods) |
||||
|
||||
widen_ipv6 = mods.get("widen_ipv6") |
||||
v4, v6 = __salt__.minion_net.resolve_hostname(hostname) |
||||
if widen_ipv6: |
||||
cv6 = copy(v6) |
||||
v6.clear() |
||||
for addr6 in cv6: |
||||
addr6 = __salt__.minion_net.strip_cidr(addr6) |
||||
v6.append(network.calc_net(addr6, widen_ipv6)) |
||||
|
||||
addresses_v4.extend(v4) |
||||
addresses_v6.extend(v6) |
||||
|
||||
|
||||
state("management ipv4 chain").iptables.chain_present( |
||||
"management", |
||||
family="ipv4", |
||||
) |
||||
|
||||
state("management ipv6 chain").iptables.chain_present( |
||||
"management", |
||||
family="ipv6", |
||||
) |
||||
|
||||
for address in addresses_v4: |
||||
state("ipv4 " + address).iptables.append( |
||||
table="filter", |
||||
family="ipv4", |
||||
chain="management", |
||||
source=address, |
||||
match=["comment"], |
||||
comment="management", |
||||
jump="ACCEPT", |
||||
) |
||||
|
||||
|
||||
for address in addresses_v6: |
||||
# SSH private |
||||
state("ipv6 " + address).iptables.append( |
||||
table="filter", |
||||
family="ipv6", |
||||
chain="management", |
||||
source=address, |
||||
match=["comment"], |
||||
comment="management", |
||||
jump="ACCEPT", |
||||
) |
||||
|
||||
|
||||
state("management ipv4 input chain").iptables.append( |
||||
table="filter", |
||||
family="ipv4", |
||||
chain="INPUT", |
||||
match="comment", |
||||
comment="management", |
||||
jump="management", |
||||
) |
||||
|
||||
state("management ipv6 input chain").iptables.append( |
||||
table="filter", |
||||
family="ipv6", |
||||
chain="INPUT", |
||||
match="comment", |
||||
comment="management", |
||||
jump="management", |
||||
) |
@ -0,0 +1,54 @@
|
||||
#!pydsl |
||||
|
||||
families = [ |
||||
("ipv4", ["0.0.0.0/0"]), |
||||
("ipv6", ["::/0"]), |
||||
] |
||||
|
||||
ports = [ |
||||
("mqtts-tcp", 4883), |
||||
("mqtts-ws", 4884), |
||||
] |
||||
|
||||
state("mqtt_public ipv4 chain").iptables.chain_present( |
||||
"mqtt_public", |
||||
family="ipv4", |
||||
) |
||||
|
||||
state("mqtt_public ipv6 chain").iptables.chain_present( |
||||
"mqtt_public", |
||||
family="ipv6", |
||||
) |
||||
|
||||
for family, addresses in families: |
||||
for address in addresses: |
||||
for protocol, port in ports: |
||||
state("{} {} {}".format(protocol, family, address)).iptables.append( |
||||
table="filter", |
||||
family=family, |
||||
chain="mqtt_public", |
||||
source=address, |
||||
protocol="tcp", |
||||
match=["tcp", "comment"], |
||||
comment=protocol, |
||||
dport=port, |
||||
jump="ACCEPT", |
||||
) |
||||
|
||||
state("mqtt_public ipv4 input chain").iptables.append( |
||||
table="filter", |
||||
family="ipv4", |
||||
chain="INPUT", |
||||
match="comment", |
||||
comment="mqtt_public", |
||||
jump="mqtt_public", |
||||
) |
||||
|
||||
state("mqtt_public ipv6 input chain").iptables.append( |
||||
table="filter", |
||||
family="ipv6", |
||||
chain="INPUT", |
||||
match="comment", |
||||
comment="mqtt_public", |
||||
jump="mqtt_public", |
||||
) |
@ -0,0 +1,55 @@
|
||||
#!pydsl |
||||
|
||||
state("node_exporter_private ipv4 chain").iptables.chain_present( |
||||
"node_exporter_private", |
||||
family="ipv4", |
||||
) |
||||
|
||||
state("node_exporter_private ipv6 chain").iptables.chain_present( |
||||
"node_exporter_private", |
||||
family="ipv6", |
||||
) |
||||
|
||||
addresses_v4 = __salt__.minion_net.public_addresses("app:metrics", target_type="grain", addr_type="ipv4") |
||||
for address in addresses_v4: |
||||
# Salt private |
||||
state("node_exporter ipv4 " + address).iptables.append( |
||||
table="filter", |
||||
family="ipv4", |
||||
chain="node_exporter_private", |
||||
source=address, |
||||
protocol="tcp", |
||||
match="tcp", |
||||
dport=9100, |
||||
) |
||||
|
||||
addresses_v6 = __salt__.minion_net.public_addresses("app:metrics", target_type="grain", addr_type="ipv6") |
||||
for address in addresses_v6: |
||||
state("node_exporter ipv6 " + address).iptables.append( |
||||
table="filter", |
||||
family="ipv6", |
||||
chain="node_exporter_private", |
||||
source=address, |
||||
protocol="tcp", |
||||
match="tcp", |
||||
dport=9100, |
||||
) |
||||
|
||||
|
||||
state("node_exporter_private ipv4 input chain").iptables.append( |
||||
table="filter", |
||||
family="ipv4", |
||||
chain="INPUT", |
||||
match="comment", |
||||
comment="node_exporter_private", |
||||
jump="node_exporter_private", |
||||
) |
||||
|
||||
state("node_exporter_private ipv6 input chain").iptables.append( |
||||
table="filter", |
||||
family="ipv6", |
||||
chain="INPUT", |
||||
match="comment", |
||||
comment="node_exporter_private", |
||||
jump="node_exporter_private", |
||||
) |
@ -0,0 +1,76 @@
|
||||
#!pydsl |
||||
|
||||
state("salt_private ipv4 chain").iptables.chain_present( |
||||
"salt_private", |
||||
family="ipv4", |
||||
) |
||||
|
||||
state("salt_private ipv6 chain").iptables.chain_present( |
||||
"salt_private", |
||||
family="ipv6", |
||||
) |
||||
|
||||
addresses_v4 = __salt__.minion_net.public_addresses("*", target_type="glob", addr_type="ipv4") |
||||
for address in addresses_v4: |
||||
# Salt private |
||||
state("salt-publish ipv4 " + address).iptables.append( |
||||
table="filter", |
||||
family="ipv4", |
||||
chain="salt_private", |
||||
source=address, |
||||
protocol="tcp", |
||||
match="tcp", |
||||
dport=4505, |
||||
) |
||||
|
||||
state("salt-return ipv4 " + address).append( |
||||
table="filter", |
||||
family="ipv4", |
||||
chain="salt_private", |
||||
source=address, |
||||
protocol="tcp", |
||||
match="tcp", |
||||
dport=4506, |
||||
) |
||||
|
||||
addresses_v6 = __salt__.minion_net.public_addresses("*", target_type="glob", addr_type="ipv6") |
||||
for address in addresses_v6: |
||||
# Salt private |
||||
state("salt-publish ipv6 " + address).iptables.append( |
||||
table="filter", |
||||
family="ipv6", |
||||
chain="salt_private", |
||||
source=address, |
||||
protocol="tcp", |
||||
match="tcp", |
||||
dport=4505, |
||||
) |
||||
|
||||
state("salt-return ipv6 " + address).iptables.append( |
||||
table="filter", |
||||
family="ipv6", |
||||
chain="salt_private", |
||||
source=address, |
||||
protocol="tcp", |
||||
match="tcp", |
||||
dport=4506, |
||||
) |
||||
|
||||
|
||||
state("salt_private ipv4 input chain").iptables.append( |
||||
table="filter", |
||||
family="ipv4", |
||||
chain="INPUT", |
||||
match="comment", |
||||
comment="salt_private", |
||||
jump="salt_private", |
||||
) |
||||
|
||||
state("salt_private ipv6 input chain").iptables.append( |
||||
table="filter", |
||||
family="ipv6", |
||||
chain="INPUT", |
||||
match="comment", |
||||
comment="salt_private", |
||||
jump="salt_private", |
||||
) |
@ -0,0 +1,88 @@
|
||||
#!pydsl |
||||
|
||||
defaults = __salt__["pillar.get"]("firewall:defaults", {}) |
||||
defaults.setdefault("allow_loopback", True) |
||||
defaults.setdefault("conntrack", True) |
||||
|
||||
input_policy = __salt__["pillar.get"]("firewall:policies:INPUT", "DROP") |
||||
forward_policy = __salt__["pillar.get"]("firewall:policies:FORWARD", "DROP") |
||||
output_policy = __salt__["pillar.get"]("firewall:policies:OUTPUT", "ACCEPT") |
||||
|
||||
|
||||
state("default v4 input " + input_policy).iptables.set_policy( |
||||
table="filter", |
||||
family="ipv4", |
||||
chain="INPUT", |
||||
policy=input_policy, |
||||
) |
||||
|
||||
state("default v4 forward " + forward_policy).iptables.set_policy( |
||||
table="filter", |
||||
family="ipv4", |
||||
chain="FORWARD", |
||||
policy=forward_policy, |
||||
) |
||||
|
||||
state("default v4 output " + output_policy).iptables.set_policy( |
||||
table="filter", |
||||
family="ipv4", |
||||
chain="OUTPUT", |
||||
policy=output_policy, |
||||
) |
||||
|
||||
state("default v6 input " + input_policy).iptables.set_policy( |
||||
table="filter", |
||||
family="ipv6", |
||||
chain="INPUT", |
||||
policy=input_policy, |
||||
) |
||||
|
||||
state("default v6 forward " + forward_policy).iptables.set_policy( |
||||
table="filter", |
||||
family="ipv6", |
||||
chain="FORWARD", |
||||
policy=forward_policy, |
||||
) |
||||
|
||||
state("default v6 output " + output_policy).iptables.set_policy( |
||||
table="filter", |
||||
family="ipv6", |
||||
chain="OUTPUT", |
||||
policy=output_policy, |
||||
) |
||||
|
||||
if defaults["conntrack"]: |
||||
state("conntrack ipv4").iptables.append( |
||||
table="filter", |
||||
chain="INPUT", |
||||
family="ipv4", |
||||
match=["conntrack"], |
||||
ctstate="RELATED,ESTABLISHED", |
||||
jump="ACCEPT", |
||||
) |
||||
|
||||
state("conntrack ipv6").iptables.append( |
||||
table="filter", |
||||
chain="INPUT", |
||||
family="ipv6", |
||||
match=["conntrack"], |
||||
ctstate="RELATED,ESTABLISHED", |
||||
jump="ACCEPT", |
||||
) |
||||
|
||||
if defaults["allow_loopback"]: |
||||
state("loopback ipv4").iptables.append( |
||||
table="filter", |
||||
chain="INPUT", |
||||
family="ipv4", |
||||
source="127.0.0.0/8", |
||||
jump="ACCEPT", |
||||
) |
||||
|
||||
state("loopback ipv6").iptables.append( |
||||
table="filter", |
||||
chain="INPUT", |
||||
family="ipv6", |
||||
source="::1/128", |
||||
jump="ACCEPT", |
||||
) |
@ -0,0 +1,101 @@
|
||||
--- |
||||
|
||||
driver: |
||||
name: docker |
||||
|
||||
transport: |
||||
name: docker |
||||
|
||||
driver_config: |
||||
use_sudo: false |
||||
privileged: true |
||||
provision_command: mkdir -p /run/sshd |
||||
run_command: /lib/systemd/systemd |
||||
cap_add: |
||||
- CAP_SYS_ADMIN |
||||
|
||||
verifier: |
||||
name: inspec |
||||
sudo: true |
||||
reporter: |
||||
- cli |
||||
|
||||
platforms: |
||||
- name: debian-9 |
||||
driver_config: |
||||
image: debian:9 |
||||
provision_command: |
||||
- apt-get install -y python3-pip git |
||||
- pip3 install pytoml |
||||
|
||||
provisioner: |
||||
name: salt_solo |
||||
require_chef: false |
||||
state_collection: . |
||||
is_file_root: true |
||||
|
||||
# Salt-solo installation options |
||||
salt_install: bootstrap |
||||
salt_version: latest |
||||
salt_bootstrap_options: "-x python3" |
||||
salt_copy_filter: |
||||
- .git |
||||
- .kitchen |
||||
|
||||
dependencies: |
||||
- name: openssh |
||||
repo: git |
||||
source: https://github.com/saltstack-formulas/openssh-formula.git |
||||
|
||||
# Provision with states |
||||
state_top: |
||||
base: |
||||
'*': |
||||
- base.files |
||||
- base.repositories |
||||
- base.packages |
||||
- base.python |
||||
- base.sshd |
||||
- base.unattended_upgrades |
||||
- fwrules |
||||
|
||||
pillars: |
||||
top.sls: |
||||
base: |
||||
'*': |
||||
- firewall |
||||
firewall.sls: |
||||
firewall: |
||||
defaults: |
||||
conntrack: false |
||||
policies: |
||||
INPUT: ACCEPT |
||||
FORWARD: DROP |
||||
OUTPUT: ACCEPT |
||||
management: |
||||
ipv4: |
||||
- "107.155.67.64/29" |
||||
ipv6: |
||||
- "2604:880:396::/48" |
||||
resolve_names: |
||||
- "adephagia.synology.me": |
||||
widen_ipv6: 64 |
||||
|
||||
suites: |
||||
- name: default |
||||
provisioner: |
||||
state_top: |
||||
base: |
||||
'*': |
||||
- base.files |
||||
- base.repositories |
||||
- base.packages |
||||
- base.python |
||||
- base.sshd |
||||
- base.unattended_upgrades |
||||
- fwrules |
||||
- fwrules.chains.management |
||||
- fwrules.chains.minion_access |
||||
- fwrules.chains.http_public |
||||
- fwrules.chains.mqtt_public |
||||
pillars: {} |
@ -0,0 +1,86 @@
|
||||
--- |
||||
|
||||
driver: |
||||
name: vagrant |
||||
|
||||
verifier: |
||||
name: inspec |
||||
sudo: true |
||||
reporter: |
||||
- cli |
||||
|
||||
platforms: |
||||
- name: debian-9 |
||||
driver: |
||||
box: generic/debian9 |
||||
|
||||
provisioner: |
||||
name: salt_solo |
||||
require_chef: false |
||||
state_collection: . |
||||
is_file_root: true |
||||
|
||||
# Salt-solo installation options |
||||
salt_install: bootstrap |
||||
salt_version: latest |
||||
salt_copy_filter: |
||||
- .git |
||||
- .kitchen |
||||
|
||||
dependencies: |
||||
- name: openssh |
||||
repo: git |
||||
source: https://github.com/saltstack-formulas/openssh-formula.git |
||||
|
||||
# Provision with states |
||||
state_top: |
||||
base: |
||||
'*': |
||||
- base.files |
||||
- base.repositories |
||||
- base.packages |
||||
- base.python |
||||
- base.sshd |
||||
- base.unattended_upgrades |
||||
- fwrules |
||||
|
||||
pillars: |
||||
top.sls: |
||||
base: |
||||
'*': |
||||
- firewall |
||||
firewall.sls: |
||||
firewall: |
||||
defaults: |
||||
conntrack: false |
||||
policies: |
||||
INPUT: ACCEPT |
||||
FORWARD: DROP |
||||
OUTPUT: ACCEPT |
||||
management: |
||||
ipv4: |
||||
- "107.155.67.64/29" |
||||
ipv6: |
||||
- "2604:880:396::/48" |
||||