refactoring against puppet-lint

481175b0 · Max Adamo · 1e59bc02 · 481175b0 · 481175b0 · 481175b0
Unverified Commit 481175b0 authored 2 years ago by Max Adamo
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
+---
+stages:
+  - pdk_validate
+  - g10k_deploy
+  - send_notification
+
+job_validate:
+  stage: pdk_validate
+  script:
+    - /home/gitlab-runner/bin/git-rev-count.sh ${CI_PROJECT_NAME} ${CI_COMMIT_REF_NAME}
+    - pdk validate puppet --parallel
+  tags:
+    - shared-runner
+
+job_deploy:
+  stage: g10k_deploy
+  when: on_success
+  script:
+    - /home/gitlab-runner/bin/ci2puppet.sh ${CI_PROJECT_NAME} ${CI_COMMIT_REF_NAME}
+  tags:
+    - shared-runner
+
+job_notification:
+  stage: send_notification
+  when: on_failure
+  variables:
+    msg: "*ERROR on Commit ID*: ${CI_COMMIT_SHA}\n*Commit Author*: ${GITLAB_USER_NAME}\n*Commit Title*: ${CI_COMMIT_TITLE}\n*Repository*: ${CI_PROJECT_NAME}\n*Branch*: ${CI_COMMIT_REF_NAME}"
+  script:
+    - echo -e "${msg}" > /home/gitlab-runner/${CI_PROJECT_NAME}_msg.txt
+    - cat /home/gitlab-runner/${CI_PROJECT_NAME}_rev_count_msg.txt >> /home/gitlab-runner/${CI_PROJECT_NAME}_msg.txt
+    - cat /home/gitlab-runner/msg_closure.txt >> /home/gitlab-runner/${CI_PROJECT_NAME}_msg.txt
+    - /usr/local/bin/upload_to_slack.sh /home/gitlab-runner/${CI_PROJECT_NAME}_msg.txt post "Puppet CI Error" "${DEVOPS_CHANNEL}" ${DEVOPSBOT_TOKEN} ERROR
+    - cat /home/gitlab-runner/${CI_PROJECT_NAME}_msg.txt | mail -s "Puppet CI Error on Repository ${CI_PROJECT_NAME}" $RCPT
+  tags:
+    - shared-runner
--- a/.puppet-lint.rc
+++ b/.puppet-lint.rc
 --relative
+--no-anchor_resource-check
--- a/functions/fw_builder.pp
+++ b/functions/fw_builder.pp
@@ -24,9 +24,7 @@ function fw_builder::fw_builder() {
  # define, for latter use 
  #
  if ($fw_conf['custom_ipset']) {
-
    $ipsets = $fw_conf['custom_ipset'].keys().map |$name| {
-
      # check if key names are valid
      #
      $ipset_keys = keys($fw_conf['custom_ipset'][$name])
@@ -50,9 +48,11 @@ function fw_builder::fw_builder() {
      # getting IPs or FQDNs from 'hieradata' lookup, if 'hieradata' is defined
      #
      if ($fw_conf['custom_ipset'][$name]['hieradata']) {
-        $_hieradata = flatten($fw_conf['custom_ipset'][$name]['hieradata'].map |$hash_name| {
-          lookup($hash_name, Array, 'deep')
-        })
+        $_hieradata = flatten(
+          $fw_conf['custom_ipset'][$name]['hieradata'].map |$hash_name| {
+            lookup($hash_name, Array, 'deep')
+          }
+        )
        if $_hieradata !~ Fw_builder::List { fail("${_hieradata} types are not IPs, Networks or FQDNs") }
        $hieradata = fw_builder::parser($_hieradata)
      }
@@ -80,7 +80,7 @@ function fw_builder::fw_builder() {
              }
            } else {
              # we use the same environment of the agent
-              $env_string = "= '${::environment}'"
+              $env_string = "= '${facts['agent_specified_environment']}'"
            }
            "facts.fqdn ~ '${hash[name]}' and facts.agent_specified_environment ${env_string}"
          },
@@ -90,7 +90,7 @@ function fw_builder::fw_builder() {
        # facts.fqdn ~ 'nomad\d+\.geant\.org' and facts.agent_specified_environment = 'test') or (facts.fqdn ~ ... 
        $query = "inventory[facts.hostname, facts.ipaddress, facts.ipaddress6, facts.fqdn] { (${pdb_filter}) order by certname }"
        $full_list = puppetdb_query($query)
-        $searchlist = $full_list.map |$hash| { $hash['facts.ipaddress']} + $full_list.map |$hash| { $hash['facts.ipaddress6'] }
+        $searchlist = $full_list.map |$hash| { $hash['facts.ipaddress'] } + $full_list.map |$hash| { $hash['facts.ipaddress6'] }
        # an empty list creates an empty fact, it means that the regex is not working
        # and the firewall setting is ineffective. We better fail here
        if $searchlist !~ Fw_builder::Iplist {
@@ -116,10 +116,9 @@ function fw_builder::fw_builder() {
          "fwb_${name}_v6":
            set     => $full_ip_list_sorted.filter |$ip| { $ip =~ Stdlib::IP::Address::V6 },
            options => {
-              'family' => 'inet6'
-            }
-        };
-        { $name => $full_ip_list }
+              'family' => 'inet6',
+            },
+        }; { $name => $full_ip_list }
      }
    }
  } else {
@@ -127,7 +126,7 @@ function fw_builder::fw_builder() {
  }

  file { '/etc/facter/facts.d/fw_ipsets.yaml':
-    content => to_yaml({fw_ipsets => $ipsets});
+    content => to_yaml({ fw_ipsets => $ipsets });
  }

  # emit warning if the key is deinfed and it's empty

--- a/functions/fw_builder_public_ips.pp
+++ b/functions/fw_builder_public_ips.pp
@@ -27,13 +27,12 @@ function fw_builder::fw_builder_public_ips(
  # when puppet runs for the first time these facts are not available
  if $facts_fw_conf =~ Undef or $facts_ipsets =~ Undef {
    $public_ipsets = []
-  # if public is empty it's seen as empty string
+    # if public is empty it's seen as empty string
  } elsif $facts_fw_conf['public'] =~ String or  $facts_fw_conf['public'] =~ Undef {
    $public_ipsets = []
  } else {
    # if public is present and contains some value
    if 'public' in $facts_fw_conf {
-
      $facts_fw_conf_public = $facts_fw_conf['public']

      # create a list of lists with all the ipsets in public

--- a/manifests/chains.pp
+++ b/manifests/chains.pp
@@ -7,13 +7,19 @@
 #
 # === Parameters
 #
+# [*ipv4_enable*] Boolean
+# enable iptables provider
+#
+# [*ipv6_enable*] Boolean
+# enable ip6tables provider
+#
 # === Requires
 #
 # === Examples
 #
 class fw_builder::chains (
-  $ipv4_enable = $fw_builder::params::ipv4_enable,
-  $ipv6_enable = $fw_builder::params::ipv6_enable
+  Boolean $ipv4_enable = $fw_builder::params::ipv4_enable,
+  Boolean $ipv6_enable = $fw_builder::params::ipv6_enable
 ) {
  assert_private()

@@ -64,7 +70,6 @@ class fw_builder::chains (
      ipset    => "${trusted_net} src",
      provider => $provider;
    }
-
  }

  if ($ipv4_enable) {

--- a/manifests/docker.pp
+++ b/manifests/docker.pp
@@ -36,25 +36,27 @@ class fw_builder::docker {
    purge  => false,
  }

-  firewallchain { [
-    'INPUT:nat:IPv4', 'PREROUTING:nat:IPv4',
-    'OUTPUT:nat:IPv4', 'PREROUTING:mangle:IPv4',
-    'POSTROUTING:mangle:IPv4', 'INPUT:mangle:IPv4',
-    'FORWARD:mangle:IPv4', 'OUTPUT:mangle:IPv4',
-    'OUTPUT:raw:IPv4', 'PREROUTING:raw:IPv4'
+  firewallchain {
+    [
+      'INPUT:nat:IPv4', 'PREROUTING:nat:IPv4',
+      'OUTPUT:nat:IPv4', 'PREROUTING:mangle:IPv4',
+      'POSTROUTING:mangle:IPv4', 'INPUT:mangle:IPv4',
+      'FORWARD:mangle:IPv4', 'OUTPUT:mangle:IPv4',
+      'OUTPUT:raw:IPv4', 'PREROUTING:raw:IPv4',
    ]:
-    purge  => true,
-    ignore => ['DOCKER', 'cali-', 'KUBE'],
+      purge  => true,
+      ignore => ['DOCKER', 'cali-', 'KUBE'],
  }

  # this is is for kube / cali
-  firewallchain { [
-    'cali-PREROUTING:mangle:IPv4', 'cali-failsafe-in:mangle:IPv4',
-    'cali-from-host-endpoint:mangle:IPv4', 'cali-failsafe-in:raw:IPv4',
-    'cali-failsafe-out:raw:IPv4', 'cali-from-host-endpoint:raw:IPv4',
-    'cali-to-host-endpoint:raw:IPv4', 'KUBE-SERVICES:filter:IPv4'
+  firewallchain {
+    [
+      'cali-PREROUTING:mangle:IPv4', 'cali-failsafe-in:mangle:IPv4',
+      'cali-from-host-endpoint:mangle:IPv4', 'cali-failsafe-in:raw:IPv4',
+      'cali-failsafe-out:raw:IPv4', 'cali-from-host-endpoint:raw:IPv4',
+      'cali-to-host-endpoint:raw:IPv4', 'KUBE-SERVICES:filter:IPv4',
    ]:
-    purge  => false,
+      purge  => false,
  }
 }
 # vim:ts=2:sw=2
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -29,6 +29,10 @@
 # [*limit*] Variant[Undef, String]
 # define limit for RST and Dropped connection on post.pp
 #
+# === Requires
+#
+# === Examples
+#
 # == Authors:
 #
 #   Pete Pedersen<pete.pedersen@geant.org>
@@ -36,14 +40,14 @@
 #
 class fw_builder (
  Fw_builder::Iplist $trusted_networks,
-  Boolean $manage_docker     = $fw_builder::params::manage_docker,
-  Boolean $ipv4_enable       = $fw_builder::params::ipv4_enable,
-  Boolean $ipv6_enable       = $fw_builder::params::ipv6_enable,
-  Boolean $logging           = $fw_builder::params::logging,
-  Boolean $purge_rules       = $fw_builder::params::purge_rules,
-  Integer $log_rotation_days = $fw_builder::params::log_rotation_days,
-  Optional[String] $limit    = $fw_builder::params::limit,
-  $ipset_package_ensure      = $fw_builder::params::ipset_package_ensure
+  Boolean $manage_docker       = $fw_builder::params::manage_docker,
+  Boolean $ipv4_enable         = $fw_builder::params::ipv4_enable,
+  Boolean $ipv6_enable         = $fw_builder::params::ipv6_enable,
+  Boolean $logging             = $fw_builder::params::logging,
+  Boolean $purge_rules         = $fw_builder::params::purge_rules,
+  Integer $log_rotation_days   = $fw_builder::params::log_rotation_days,
+  Optional[String] $limit      = $fw_builder::params::limit,
+  String $ipset_package_ensure = $fw_builder::params::ipset_package_ensure
 ) inherits fw_builder::params {
  if ! ($purge_rules) and ($manage_docker) {
    fail('cannot set purge_rules to false and manage_docker to true')

--- a/manifests/ipset.pp
+++ b/manifests/ipset.pp
 # Class: fw_builder::ipset
 #
+# === Parameters
+#
+# [*ipv4_enable*] Boolean
+# enable iptables provider
+#
+# [*ipv6_enable*] Boolean
+# enable ip6tables provider
+#
+# === Requires
+#
+# === Examples
 #
 class fw_builder::ipset (
-  $ipv4_enable = $fw_builder::params::ipv4_enable,
-  $ipv6_enable = $fw_builder::params::ipv6_enable
+  Boolean $ipv4_enable = $fw_builder::params::ipv4_enable,
+  Boolean $ipv6_enable = $fw_builder::params::ipv6_enable
 ) {
  assert_private()

@@ -22,7 +33,7 @@ class fw_builder::ipset (
  class { 'ipset':
    packages         => $packages,
    package_ensure   => $fw_builder::ipset_package_ensure,
-    firewall_service => $firewall_service
+    firewall_service => $firewall_service;
  }

  if ($ipv4_enable) {
@@ -40,7 +51,9 @@ class fw_builder::ipset (
      ensure  => 'present',
      type    => 'hash:net',
      set     => $trusted_networks_v6,
-      options => {'family' => 'inet6'}
+      options => {
+        'family' => 'inet6',
+      };
    }
  }
 }

--- a/manifests/logrotate.pp
+++ b/manifests/logrotate.pp
 # == Class: fw_builder
 #
-# == Authors:
+# == Parameter
 #
-#   Pete Pedersen<pete.pedersen@geant.org>
-#   Massimiliano Adamo<massimiliano.adamo@geant.org>
+# [*logging*] Boolean
+# enable logging
+#
+# [*log_rotation_days*] Integer
+# define log retention in days
+#
+# === Requires
+#
+# === Examples
 #
 class fw_builder::logrotate (
-  $logging           = $fw_builder::params::logging,
-  $log_rotation_days = $fw_builder::params::log_rotation_days
+  Boolean $logging           = $fw_builder::params::logging,
+  Integer $log_rotation_days = $fw_builder::params::log_rotation_days
 ) {
  assert_private()


--- a/manifests/post.pp
+++ b/manifests/post.pp
 # == Class: fw_builder::post
 #
+# == Parameter
+#
+# [*logging*] Boolean
+# enable logging
+#
+# === Requires
+#
+# === Examples
+#
 class fw_builder::post (
-  $logging = $fw_builder::params::logging
+  Boolean $logging = $fw_builder::params::logging
 ) {
  assert_private()