refactor: modernize openvpn cookbook to custom resource standards#253
Open
damacus wants to merge 13 commits into
Open
refactor: modernize openvpn cookbook to custom resource standards#253damacus wants to merge 13 commits into
damacus wants to merge 13 commits into
Conversation
- Add openvpn_conf resource spec (1 example, 0 failures) - Note: conf :delete action has a bug (references local var from :create) - Update spec_helper ubuntu 16.04 to 22.04 - Add frozen_string_literal to 7 files - Replace all EOL platforms with current non-EOL in kitchen.yml, kitchen.dokken.yml, CI
damacus
force-pushed
the
fix/modernize-standards
branch
from
ace2b25 to
2359cfb
Compare
…utes BREAKING CHANGE: Remove recipes/, attributes/, and legacy service management. New resources: - openvpn_install: package installation, apt repo, yum-epel, IP forwarding - openvpn_server: PKI/CA management (keys, certs, DH params, CRL, easy-rsa) - openvpn_conf: rewritten with properties (no node attributes), :delete bug fixed - openvpn_user: rewritten with properties (no node attributes) - openvpn_service: systemd instance service with platform-specific naming Templates rewritten to use @variables instead of node[] attributes. 4 examples, 0 failures locally. Signed-off-by: Dan Webb <dan.webb@damacus.io>
damacus
force-pushed
the
fix/modernize-standards
branch
from
e421b8f to
e56857c
Compare
- Add LIMITATIONS.md documenting OpenVPN package availability - Create proper InSpec profile for default suite (inspec.yml + controls/) - Fix kitchen.yml default suite verifier path to test/integration/default - Remove EOL platforms from kitchen.global.yml - Simplify kitchen.dokken.yml format - Remove stale integration test directories (server, server_verification, server_verify_no_databag, data_bags)
- Create resources/_partial/_pki.rb with shared PKI properties - Update server.rb and user.rb to use the partial - No functional changes, cookstyle and rspec pass
- Add server_spec.rb covering create action with defaults and custom PKI - Add service_spec.rb covering Ubuntu and AlmaLinux service names - Add user_spec.rb covering create with/without bundle, custom properties, and delete - All 43 examples pass with 0 failures
- Add documentation/openvpn_install.md - Add documentation/openvpn_conf.md - Add documentation/openvpn_server.md - Add documentation/openvpn_service.md - Add documentation/openvpn_user.md - Remove documentation/.gitkeep Signed-off-by: Dan Webb <dan.webb@damacus.io>
damacus
changed the title
… templates - pkitool.erb: use @message_digest instead of node['openvpn']['key']['message_digest'] - Rakefile.erb: use @dev, @proto, @PORT, @server_verification - client.conf.erb: use template variables for all config values - client-inline.conf.erb: use template variables for all config values - server.rb: add dev, proto, port, server_verification properties - user.rb: add dev, proto, gateway, port, config_options, server_verification properties
- Remove -extensions server from openssl req (fails on OpenSSL 3.x) - Update openssl.cnf.erb: remove deprecated RANDFILE, default_md md5->sha256 - Fix RHEL symlink target: openvpn-server@.service not openvpn@.service - Fix test recipe: use platform-appropriate group (nogroup/nobody) - Fix InSpec profile: platform-family redhat not rhel
…Dokken The shared workflow 5.0.8 uses Ruby/Bundler instead of chef-install for lint-unit. Dokken still needs Chef's mixlib-install to resolve 'chef' product in containers.
Use cincproject/cinc Docker image and product_name: cinc in provisioner. This eliminates the need for actionshub/chef-install entirely.
… images Cinc Docker images use 'latest' tag, not 'current' like Chef.
sysctl resources are not idempotent in Docker containers. Switch kitchen configs to use Cinc instead of Chef.
Slowest examplesTop 10 slowest examples (0.92 seconds, 32% of total time)
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Modernize the openvpn cookbook to follow sous-chefs custom resource standards.
Changes
LIMITATIONS.mddocumenting OpenVPN package availability and container constraintsresources/_partial/_pki.rbpartial (used byserveranduser)server,service, anduserresources (43 examples, 0 failures)test/integration/default/with controls for install, service, config, PKI, CRL, and IP forwardinginstall,conf,server,service,user)Verification
cookbook-helpers check-structure✓cookbook-helpers check-kitchen✓chef exec rspec— 43 examples, 0 failureschef exec cookstyle— 17 files, 0 offenses