Merge pull request #1 from osuosl-cookbooks/ramereth/cleanup

Author: osuosl-manatee

.gitignore

@@ -1,20 +1,21 @@
+.vagrant
 *~
 *#
 .#*
 \#*#
 .*.sw[a-z]
 *.un~
-pkg/
-
-# Berkshelf
-.vagrant
-/cookbooks
-Berksfile.lock
 
 # Bundler
 Gemfile.lock
 bin/*
 .bundle/*
 
+# test kitchen
 .kitchen/
 .kitchen.local.yml
+
+# Chef
+Berksfile.lock
+.zero-knife.rb
+Policyfile.lock.json

.kitchen.yml

@@ -1,15 +1,8 @@
 ---
 driver:
-  name: vagrant
-
-provisioner:
-  name: chef_solo
-
-platforms:
-  - name: ubuntu-14.04
-  - name: centos-7.1
+  flavor_ref: 'm1.medium'
 
 suites:
   - name: default
     run_list:
-    attributes:
+      - recipe[osl-letsencrypt-boulder-server]

.rspec

@@ -0,0 +1 @@
+--format documentation --color

.rubocop.yml

@@ -0,0 +1,21 @@
+AllCops:
+  Include:
+    - '**/Berksfile'
+    - '**/Cheffile'
+  Exclude:
+    - 'metadata.rb'
+
+Style/NumericLiteralPrefix:
+  EnforcedOctalStyle: zero_only
+
+Metrics/LineLength:
+  Max: 120
+
+Style/IfUnlessModifier:
+  MaxLineLength: 120
+
+Style/WhileUntilModifier:
+  MaxLineLength: 120
+
+Metrics/BlockLength:
+  Enabled: false

Berksfile

@@ -1,3 +1,3 @@
-source "https://supermarket.chef.io"
+source 'https://supermarket.chef.io'
 
 metadata

README.md

@@ -3,15 +3,17 @@
 This is a cookbook for provisioning [Boulder][], an
 [ACME-based][acme-spec] certificate authority, written in Go. The
 Boulder application is an official effort of [Let's Encrypt
-project][letsencrypt].
+project][letsencrypt]. This particular cookbook is a fork of
+[letsencrypt-boulder-server](https://github.com/patcon/chef-letsencrypt-boulder-server)
+for use at the OSUOSL.
 
 **Warning:** This cookbook was created for testing other cookbooks, not
 production purposes.
 
 ## Supported Platforms
 
-* Ubuntu 14.04
-* Centos 7
+* CentOS 6
+* CentOS 7
 
 ## Attributes
 

Rakefile

@@ -1,2 +1,130 @@
-require 'stove/rake_task'
-Stove::RakeTask.new
+# Rake tasks
+
+require 'rake'
+
+require 'fileutils'
+require 'base64'
+require 'chef/encrypted_data_bag_item'
+require 'json'
+require 'openssl'
+
+snakeoil_file_path = 'test/integration/data_bags/certificates/snakeoil.json'
+encrypted_data_bag_secret_path = 'test/integration/encrypted_data_bag_secret'
+
+##
+# Run command wrapper
+def run_command(command)
+  if File.exist?('Gemfile.lock')
+    sh %(bundle exec #{command})
+  else
+    sh %(chef exec #{command})
+  end
+end
+
+##
+# Create a self-signed SSL certificate
+#
+def gen_ssl_cert
+  name = OpenSSL::X509::Name.new [
+    ['C', 'US'],
+    ['ST', 'Oregon'],
+    ['CN', 'OSU Open Source Lab'],
+    ['DC', 'example']
+  ]
+  key = OpenSSL::PKey::RSA.new 2048
+
+  cert = OpenSSL::X509::Certificate.new
+  cert.version = 2
+  cert.serial = 2
+  cert.subject = name
+  cert.public_key = key.public_key
+  cert.not_before = Time.now
+  cert.not_after = cert.not_before + 1 * 365 * 24 * 60 * 60 # 1 years validity
+
+  # Self-sign the Certificate
+  cert.issuer = name
+  cert.sign(key, OpenSSL::Digest::SHA1.new)
+
+  return cert, key
+end
+
+##
+# Create a data bag item (with the id of snakeoil) containing a self-signed SSL
+#  certificate
+#
+def ssl_data_bag_item
+  cert, key = gen_ssl_cert
+  Chef::DataBagItem.from_hash(
+    'id' => 'snakeoil',
+    'cert' => cert.to_pem,
+    'key' => key.to_pem
+  )
+end
+
+##
+# Create the integration tests directory if it doesn't exist
+#
+directory 'test/integration'
+
+##
+# Generates a 512 byte random sequence and write it to
+#  'test/integration/encrypted_data_bag_secret'
+#
+file encrypted_data_bag_secret_path => 'test/integration' do
+  encrypted_data_bag_secret = OpenSSL::Random.random_bytes(512)
+  open encrypted_data_bag_secret_path, 'w' do |io|
+    io.write Base64.encode64(encrypted_data_bag_secret)
+  end
+end
+
+##
+# Create the certificates data bag if it doesn't exist
+#
+directory 'test/integration/data_bags/certificates' => 'test/integration'
+
+##
+# Create the encrypted snakeoil certificate under
+#  test/integration/data_bags/certificates
+#
+file snakeoil_file_path => [
+  'test/integration/data_bags/certificates',
+  'test/integration/encrypted_data_bag_secret'
+] do
+
+  encrypted_data_bag_secret = Chef::EncryptedDataBagItem.load_secret(
+    encrypted_data_bag_secret_path
+  )
+
+  encrypted_snakeoil_cert = Chef::EncryptedDataBagItem.encrypt_data_bag_item(
+    ssl_data_bag_item, encrypted_data_bag_secret
+  )
+
+  open snakeoil_file_path, 'w' do |io|
+    io.write JSON.pretty_generate(encrypted_snakeoil_cert)
+  end
+end
+
+desc 'Create an Encrypted Databag Snakeoil SSL Certificate'
+task snakeoil: snakeoil_file_path
+
+desc 'Create an Encrypted Databag Secret'
+task secret_file: encrypted_data_bag_secret_path
+
+require 'rubocop/rake_task'
+desc 'Run RuboCop (style) tests'
+RuboCop::RakeTask.new(:style)
+
+desc 'Run FoodCritic (lint) tests'
+task :lint do
+    run_command('foodcritic --epic-fail any .')
+end
+
+desc 'Run RSpec (unit) tests'
+task :unit do
+    run_command('rspec')
+end
+
+desc 'Run all tests'
+task test: [:style, :lint, :unit]
+
+task default: :test

attributes/default.rb

@@ -18,7 +18,8 @@
 # limitations under the License.
 #
 
-default['boulder']['revision'] = 'master'
+default['boulder']['revision'] = '2d33a9900cafe82993744fe73bd341fe47df2171'
+default['boulder']['host_aliases'] = []
 
 default['boulder']['config']['boulder-config']['va']['portConfig']['httpPort'] = 80
 default['boulder']['config']['boulder-config']['va']['portConfig']['httpsPort'] = 443

chefignore

@@ -1,5 +1,5 @@
 # Put files/directories that should be ignored in this file when uploading
-# or sharing to the community site.
+# to a chef-server or supermarket.
 # Lines that start with '# ' are comments.
 
 # OS generated files #
@@ -51,8 +51,16 @@ spec/*
 spec/fixtures/*
 test/*
 features/*
+examples/*
 Guardfile
 Procfile
+.kitchen*
+.rubocop.yml
+spec/*
+Rakefile
+.travis.yml
+.foodcritic
+.codeclimate.yml
 
 # SCM #
 #######
@@ -69,13 +77,22 @@ Procfile
 
 # Berkshelf #
 #############
+Berksfile
+Berksfile.lock
 cookbooks/*
 tmp
 
+# Policyfile #
+##############
+Policyfile.rb
+Policyfile.lock.json
+
 # Cookbooks #
 #############
-CONTRIBUTING
+CONTRIBUTING*
 CHANGELOG*
+TESTING*
+MAINTAINERS.toml
 
 # Strainer #
 ############
@@ -88,11 +105,3 @@ Strainerfile
 ###########
 .vagrant
 Vagrantfile
-
-# Travis #
-##########
-.travis.yml
-
-# Test-Kitchen #
-################
-.kitchen

files/default/setup.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+#
+# Fetch dependencies of Boulder that are necessary for development or testing,
+# and configure database and RabbitMQ.
+#
+
+set -ev
+
+go get \
+  bitbucket.org/liamstask/goose/cmd/goose \
+  github.com/golang/lint/golint \
+  github.com/golang/mock/mockgen \
+  github.com/golang/protobuf/proto \
+  github.com/golang/protobuf/protoc-gen-go \
+  github.com/jsha/listenbuddy \
+  github.com/kisielk/errcheck \
+  github.com/mattn/goveralls \
+  github.com/modocache/gover \
+  github.com/tools/godep \
+  golang.org/x/tools/cmd/stringer \
+  golang.org/x/tools/cover &
+
+(curl -sL https://github.com/google/protobuf/releases/download/v2.6.1/protobuf-2.6.1.tar.gz | \
+ tar -xzv &&
+ cd protobuf-2.6.1 && ./configure --prefix=$HOME && make && make install) &
+
+# Set up rabbitmq exchange
+go run cmd/rabbitmq-setup/main.go -server amqp://boulder-rabbitmq &
+
+# Wait for all the background commands to finish.
+wait
+
+# Create the database and roles
+./test/create_db.sh

metadata.rb

@@ -1,19 +1,20 @@
-name             'letsencrypt-boulder-server'
-maintainer       'Thijs Houtenbos'
-maintainer_email '[email protected]'
-license          'All rights reserved'
+name             'osl-letsencrypt-boulder-server'
+maintainer       'Oregon State University'
+maintainer_email '[email protected]'
+license          'apachev2'
 description      "Installs/Configures Boulder, the ACME-based CA server by Let's Encrypt."
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-issues_url       'https://github.com/patcon/chef-letsencrypt-boulder-server/issues'
-source_url       'https://github.com/patcon/chef-letsencrypt-boulder-server'
+issues_url       'https://github.com/osuosl-cookbooks/osl-letsencrypt-boulder-server/issues'
+source_url       'https://github.com/osuosl-cookbooks/osl-letsencrypt-boulder-server'
 version          '0.1.2'
 
-supports         'ubuntu', '= 14.04'
-supports         'centos', '~> 7'
+supports         'centos', '~> 6.0'
+supports         'centos', '~> 7.0'
 
 depends          'golang'
 depends          'rabbitmq'
 depends          'mariadb'
 depends          'build-essential'
+depends          'poise-python'
 depends          'yum'
 depends          'hostsfile'