diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 42c5805..548990c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,7 +9,7 @@ name: ci jobs: lint-unit: - uses: sous-chefs/.github/.github/workflows/lint-unit.yml@5.0.8 + uses: sous-chefs/.github/.github/workflows/lint-unit.yml@6.0.0 permissions: actions: write checks: write @@ -18,7 +18,7 @@ jobs: issues: write integration: - needs: "lint-unit" + needs: lint-unit runs-on: ubuntu-latest strategy: @@ -33,8 +33,8 @@ jobs: steps: - name: Check out code uses: actions/checkout@v6 - - name: Install Chef - uses: actionshub/chef-install@6.0.0 + - name: Install Cinc Workstation + uses: sous-chefs/.github/.github/actions/install-workstation@6.0.0 - name: Dokken uses: actionshub/test-kitchen@3.0.0 env: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3aa7360..e892f26 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -16,12 +16,10 @@ permissions: jobs: release: -<<<<<<< HEAD uses: sous-chefs/.github/.github/workflows/release-cookbook.yml@6.0.0 -======= - uses: sous-chefs/.github/.github/workflows/release-cookbook.yml@6.0.0 ->>>>>>> e461a40 (ci: bump release workflow to 6.0.0) secrets: token: ${{ secrets.PORTER_GITHUB_TOKEN }} supermarket_user: ${{ secrets.CHEF_SUPERMARKET_USER }} supermarket_key: ${{ secrets.CHEF_SUPERMARKET_KEY }} + slack_bot_token: ${{ secrets.SLACK_BOT_TOKEN }} + slack_channel_id: ${{ secrets.SLACK_CHANNEL_ID }} diff --git a/.markdownlint-cli2.yaml b/.markdownlint-cli2.yaml index ac5076b..a86e4b8 100644 --- a/.markdownlint-cli2.yaml +++ b/.markdownlint-cli2.yaml @@ -1,3 +1,4 @@ +--- config: ul-indent: false # MD007 line-length: false # MD013 @@ -7,3 +8,4 @@ config: maximum: 2 ignores: - .github/copilot-instructions.md + - .windsurf/** diff --git a/.yamllint b/.yamllint index 0046b23..ccdcdab 100644 --- a/.yamllint +++ b/.yamllint @@ -4,7 +4,10 @@ rules: line-length: max: 256 level: warning - document-start: disable + truthy: + allowed-values: ['true', 'false', 'on'] + document-start: + present: true braces: forbid: false min-spaces-inside: 0 diff --git a/Berksfile b/Berksfile index 34fea21..4c37302 100644 --- a/Berksfile +++ b/Berksfile @@ -1,3 +1,9 @@ +# frozen_string_literal: true + source 'https://supermarket.chef.io' metadata + +group :integration do + cookbook 'test', path: 'test/cookbooks/test' +end diff --git a/LIMITATIONS.md b/LIMITATIONS.md new file mode 100644 index 0000000..8a39b32 --- /dev/null +++ b/LIMITATIONS.md @@ -0,0 +1,42 @@ +# Limitations + +## Package Availability + +### DNF/YUM (Fedora) + +This cookbook manages the Fedora repositories that ship with Fedora systems. It does not install +third-party packages or compiled software. + +Fedora currently publishes repositories through MirrorManager metalinks such as: + +* `https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch` +* `https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch` +* `https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch` + +Fedora repository metadata is available for Fedora-supported architectures through the release +repositories. The cookbook preserves the upstream `$releasever` and `$basearch` substitutions so +Fedora resolves the correct release and architecture at runtime. + +## Architecture Limitations + +The cookbook does not hard-code an architecture. Fedora's `$basearch` variable is preserved in all +default metalinks and GPG key paths. + +## Source/Compiled Installation + +No source or compiled installation path is used. This cookbook only manages `.repo` configuration +through Chef Infra's built-in `yum_repository` resource. + +## Platform Support + +The cookbook supports Fedora only. Fedora Linux 44 was released on April 28, 2026, Fedora 43 remains +supported, and Fedora 42 reaches end of life in May 2026. Kitchen uses `fedora-latest` so CI tracks +the currently published Dokken Fedora image without pinning an EOL Fedora release. + +## Known Issues + +* The cookbook intentionally removes `/etc/yum.repos.d/fedora-updates.repo` and + `/etc/yum.repos.d/fedora-updates-testing.repo` before managing repositories, preserving the legacy + behavior of taking over stock Fedora repo file management. +* Optional debug, source, and testing repositories remain unmanaged and disabled by default. Enable + them with resource properties when required. diff --git a/README.md b/README.md index 41141fc..809eae0 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,10 @@ [![OpenCollective](https://opencollective.com/sous-chefs/sponsors/badge.svg)](#sponsors) [![License](https://img.shields.io/badge/License-Apache%202.0-green.svg)](https://opensource.org/licenses/Apache-2.0) -The yum-fedora cookbook takes over management of the default repositoryids that ship with Fedora systems. It allows attribute manipulation of `fedora`, `fedora-debuginfo`, `fedora-source`, `updates`, `updates-debuginfo`, `updates-source`, `updates-testing`, `updates-testing-debuginfo`, and `updates-testing-source` +The yum-fedora cookbook takes over management of the default repository ids that ship with Fedora systems. +It provides custom resources for `fedora`, `fedora-debuginfo`, `fedora-source`, `updates`, +`updates-debuginfo`, `updates-source`, `updates-testing`, `updates-testing-debuginfo`, and +`updates-testing-source`. ## Maintainers @@ -18,148 +21,54 @@ This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of - Fedora -### Chef +### Chef Infra -- Chef 12.14+ +- Chef Infra 15.3+ ### Cookbooks - none -## Attributes +## Resources -The following attributes are set by default +- [yum_fedora_repository](documentation/yum_fedora_repository.md) +- [yum_fedora_repositories](documentation/yum_fedora_repositories.md) -```ruby -default['yum']['fedora']['repositoryid'] = 'fedora' -default['yum']['fedora']['description'] = 'Fedora $releasever - $basearch' -default['yum']['fedora']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch' -default['yum']['fedora']['enabled'] = true -default['yum']['fedora']['managed'] = true -default['yum']['fedora']['metadata_expire'] = '7d' -default['yum']['fedora']['gpgcheck'] = true -default['yum']['fedora']['gpgkey'] = 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch' -``` - -```ruby -default['yum']['fedora-debuginfo']['repositoryid'] = 'fedora-debuginfo' -default['yum']['fedora-debuginfo']['description'] = 'Fedora $releasever - $basearch - Debug' -default['yum']['fedora-debuginfo']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch' -default['yum']['fedora-debuginfo']['enabled'] = false -default['yum']['fedora-debuginfo']['managed'] = false -default['yum']['fedora-debuginfo']['metadata_expire'] = '7d' -default['yum']['fedora-debuginfo']['gpgcheck'] = true -default['yum']['fedora-debuginfo']['gpgkey'] = 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch' -``` - -```ruby -default['yum']['fedora-source']['repositoryid'] = 'fedora-source' -default['yum']['fedora-source']['description'] = 'Fedora $releasever - Source' -default['yum']['fedora-source']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch' -default['yum']['fedora-source']['enabled'] = false -default['yum']['fedora-source']['managed'] = false -default['yum']['fedora-source']['metadata_expire'] = '7d' -default['yum']['fedora-source']['gpgcheck'] = true -default['yum']['fedora-source']['gpgkey'] = 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch' -``` - -```ruby -default['yum']['updates']['repositoryid'] = 'updates' -default['yum']['updates']['description'] = 'Fedora $releasever - $basearch - Updates' -default['yum']['updates']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch' -default['yum']['updates']['enabled'] = true -default['yum']['updates']['managed'] = true -default['yum']['updates']['gpgcheck'] = true -default['yum']['updates']['gpgkey'] = 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch' -``` - -```ruby -default['yum']['updates-debuginfo']['repositoryid'] = 'updates-debuginfo' -default['yum']['updates-debuginfo']['description'] = 'Fedora $releasever - $basearch - Updates - Debug' -default['yum']['updates-debuginfo']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch' -default['yum']['updates-debuginfo']['enabled'] = false -default['yum']['updates-debuginfo']['managed'] = false -default['yum']['updates-debuginfo']['gpgcheck'] = true -default['yum']['updates-debuginfo']['gpgkey'] = 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch' -``` +## Migration -```ruby -default['yum']['updates-source']['repositoryid'] = 'updates-source' -default['yum']['updates-source']['description'] = 'Fedora $releasever - Updates Source' -default['yum']['updates-source']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch' -default['yum']['updates-source']['enabled'] = true -default['yum']['updates-source']['gpgcheck'] = true -default['yum']['updates-source']['gpgkey'] = 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch' -``` +This cookbook no longer ships recipes or attributes. See [migration.md](migration.md) for the +breaking change guide. -```ruby -default['yum']['updates-testing']['repositoryid'] = 'updates-testing' -default['yum']['updates-testing']['description'] = 'Fedora $releasever - $basearch - Test Updates' -default['yum']['updates-testing']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch' -default['yum']['updates-testing']['enabled'] = false -default['yum']['updates-testing']['managed'] = false -default['yum']['updates-testing']['gpgcheck'] = true -default['yum']['updates-testing']['gpgkey'] = 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch' -``` +## Usage -```ruby -default['yum']['updates-testing-debuginfo']['repositoryid'] = 'updates-testing-debuginfo' -default['yum']['updates-testing-debuginfo']['description'] = 'Fedora $releasever - $basearch - Test Updates Debug' -default['yum']['updates-testing-debuginfo']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch' -default['yum']['updates-testing-debuginfo']['enabled'] = false -default['yum']['updates-testing-debuginfo']['managed'] = false -default['yum']['updates-testing-debuginfo']['gpgcheck'] = true -default['yum']['updates-testing-debuginfo']['gpgkey'] = 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch' -``` +Manage the default Fedora repositories: ```ruby -default['yum']['updates-testing-source']['repositoryid'] = 'updates-testing-source' -default['yum']['updates-testing-source']['description'] = 'Fedora $releasever - Test Updates Source' -default['yum']['updates-testing-source']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch' -default['yum']['updates-testing-source']['enabled'] = false -default['yum']['updates-testing-source']['managed'] = false -default['yum']['updates-testing-source']['gpgcheck'] = true -default['yum']['updates-testing-source']['gpgkey'] = 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch' +yum_fedora_repositories 'default' ``` -## Recipes - -- default - Walks through node attributes and feeds a yum_resource -- parameters. The following is an example a resource generated by the -- recipe during compilation. - -```ruby - yum_repository 'fedora' do - mirrorlist 'https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch' - description 'Fedora $releasever - $basearch' - enabled true - gpgcheck true - gpgkey 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch' - end -``` - -## Usage Example - -To disable the Fedora Updates repository through a Role or Environment definition +Manage and enable an optional repository: ```ruby -default_attributes( - :yum => { - :updates => { - :enabled => { - false - } - } - } - ) +yum_fedora_repository 'updates-testing' do + managed true + enabled true +end ``` -Uncommonly used repositoryids are not managed by default. This is speeds up integration testing pipelines by avoiding yum-cache builds that nobody cares about. To enable the Fedora Debuginfo repository with a wrapper cookbook, place the following in a recipe: +Uncommonly used repository ids are not managed by default. This speeds up integration testing +pipelines by avoiding yum-cache builds for repositories that are rarely used. To manage and enable +every Fedora repository: ```ruby -node.default['yum']['fedora-debuginfo']['managed'] = true -node.default['yum']['fedora-debuginfo']['enabled'] = true -include_recipe 'yum-fedora' +yum_fedora_repositories 'all' do + manage_debuginfo true + manage_source true + manage_testing true + enable_debuginfo true + enable_source true + enable_testing true +end ``` ## More Examples @@ -167,16 +76,17 @@ include_recipe 'yum-fedora' Point the fedora and updates repositories at an internally hosted server. ```ruby -node.default['yum']['fedora']['enabled'] = true -node.default['yum']['fedora']['mirrorlist'] = nil -node.default['yum']['fedora']['baseurl'] = 'https://internal.example.com/fedora/19/os/x86_64' -node.default['yum']['fedora']['sslverify'] = false -node.default['yum']['updates']['enabled'] = true -node.default['yum']['updates']['mirrorlist'] = nil -node.default['yum']['updates']['baseurl'] = 'https://internal.example.com/fedora/19/updates/x86_64' -node.default['yum']['updates']['sslverify'] = false - -include_recipe 'yum-fedora' +yum_fedora_repository 'fedora' do + mirrorlist nil + baseurl 'https://internal.example.com/fedora/$releasever/os/$basearch' + sslverify false +end + +yum_fedora_repository 'updates' do + mirrorlist nil + baseurl 'https://internal.example.com/fedora/$releasever/updates/$basearch' + sslverify false +end ``` ## Contributors diff --git a/attributes/fedora-debuginfo.rb b/attributes/fedora-debuginfo.rb deleted file mode 100644 index ba929fe..0000000 --- a/attributes/fedora-debuginfo.rb +++ /dev/null @@ -1,8 +0,0 @@ -default['yum']['fedora-debuginfo']['repositoryid'] = 'fedora-debuginfo' -default['yum']['fedora-debuginfo']['description'] = 'Fedora $releasever - $basearch - Debug' -default['yum']['fedora-debuginfo']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch' -default['yum']['fedora-debuginfo']['enabled'] = false -default['yum']['fedora-debuginfo']['managed'] = false -default['yum']['fedora-debuginfo']['metadata_expire'] = '7d' -default['yum']['fedora-debuginfo']['gpgcheck'] = true -default['yum']['fedora-debuginfo']['gpgkey'] = 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch' diff --git a/attributes/fedora-source.rb b/attributes/fedora-source.rb deleted file mode 100644 index a7e72f1..0000000 --- a/attributes/fedora-source.rb +++ /dev/null @@ -1,8 +0,0 @@ -default['yum']['fedora-source']['repositoryid'] = 'fedora-source' -default['yum']['fedora-source']['description'] = 'Fedora $releasever - Source' -default['yum']['fedora-source']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch' -default['yum']['fedora-source']['enabled'] = false -default['yum']['fedora-source']['managed'] = false -default['yum']['fedora-source']['metadata_expire'] = '7d' -default['yum']['fedora-source']['gpgcheck'] = true -default['yum']['fedora-source']['gpgkey'] = 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch' diff --git a/attributes/fedora.rb b/attributes/fedora.rb deleted file mode 100644 index ff38ea5..0000000 --- a/attributes/fedora.rb +++ /dev/null @@ -1,8 +0,0 @@ -default['yum']['fedora']['repositoryid'] = 'fedora' -default['yum']['fedora']['description'] = 'Fedora $releasever - $basearch' -default['yum']['fedora']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch' -default['yum']['fedora']['enabled'] = true -default['yum']['fedora']['managed'] = true -default['yum']['fedora']['metadata_expire'] = '7d' -default['yum']['fedora']['gpgcheck'] = true -default['yum']['fedora']['gpgkey'] = 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch' diff --git a/attributes/updates-debuginfo.rb b/attributes/updates-debuginfo.rb deleted file mode 100644 index 4a6120d..0000000 --- a/attributes/updates-debuginfo.rb +++ /dev/null @@ -1,7 +0,0 @@ -default['yum']['updates-debuginfo']['repositoryid'] = 'updates-debuginfo' -default['yum']['updates-debuginfo']['description'] = 'Fedora $releasever - $basearch - Updates - Debug' -default['yum']['updates-debuginfo']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch' -default['yum']['updates-debuginfo']['enabled'] = false -default['yum']['updates-debuginfo']['managed'] = false -default['yum']['updates-debuginfo']['gpgcheck'] = true -default['yum']['updates-debuginfo']['gpgkey'] = 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch' diff --git a/attributes/updates-source.rb b/attributes/updates-source.rb deleted file mode 100644 index fb8bd3c..0000000 --- a/attributes/updates-source.rb +++ /dev/null @@ -1,7 +0,0 @@ -default['yum']['updates-source']['repositoryid'] = 'updates-source' -default['yum']['updates-source']['description'] = 'Fedora $releasever - Updates Source' -default['yum']['updates-source']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch' -default['yum']['updates-source']['enabled'] = false -default['yum']['updates-source']['managed'] = false -default['yum']['updates-source']['gpgcheck'] = true -default['yum']['updates-source']['gpgkey'] = 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch' diff --git a/attributes/updates-testing-debuginfo.rb b/attributes/updates-testing-debuginfo.rb deleted file mode 100644 index bfed29f..0000000 --- a/attributes/updates-testing-debuginfo.rb +++ /dev/null @@ -1,7 +0,0 @@ -default['yum']['updates-testing-debuginfo']['repositoryid'] = 'updates-testing-debuginfo' -default['yum']['updates-testing-debuginfo']['description'] = 'Fedora $releasever - $basearch - Test Updates Debug' -default['yum']['updates-testing-debuginfo']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch' -default['yum']['updates-testing-debuginfo']['enabled'] = false -default['yum']['updates-testing-debuginfo']['managed'] = false -default['yum']['updates-testing-debuginfo']['gpgcheck'] = true -default['yum']['updates-testing-debuginfo']['gpgkey'] = 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch' diff --git a/attributes/updates-testing-source.rb b/attributes/updates-testing-source.rb deleted file mode 100644 index c4b1530..0000000 --- a/attributes/updates-testing-source.rb +++ /dev/null @@ -1,7 +0,0 @@ -default['yum']['updates-testing-source']['repositoryid'] = 'updates-testing-source' -default['yum']['updates-testing-source']['description'] = 'Fedora $releasever - Test Updates Source' -default['yum']['updates-testing-source']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch' -default['yum']['updates-testing-source']['enabled'] = false -default['yum']['updates-testing-source']['managed'] = false -default['yum']['updates-testing-source']['gpgcheck'] = true -default['yum']['updates-testing-source']['gpgkey'] = 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch' diff --git a/attributes/updates-testing.rb b/attributes/updates-testing.rb deleted file mode 100644 index 41561b0..0000000 --- a/attributes/updates-testing.rb +++ /dev/null @@ -1,7 +0,0 @@ -default['yum']['updates-testing']['repositoryid'] = 'updates-testing' -default['yum']['updates-testing']['description'] = 'Fedora $releasever - $basearch - Test Updates' -default['yum']['updates-testing']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch' -default['yum']['updates-testing']['enabled'] = false -default['yum']['updates-testing']['managed'] = false -default['yum']['updates-testing']['gpgcheck'] = true -default['yum']['updates-testing']['gpgkey'] = 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch' diff --git a/attributes/updates.rb b/attributes/updates.rb deleted file mode 100644 index ca358c6..0000000 --- a/attributes/updates.rb +++ /dev/null @@ -1,7 +0,0 @@ -default['yum']['updates']['repositoryid'] = 'updates' -default['yum']['updates']['description'] = 'Fedora $releasever - $basearch - Updates' -default['yum']['updates']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch' -default['yum']['updates']['enabled'] = true -default['yum']['updates']['managed'] = true -default['yum']['updates']['gpgcheck'] = true -default['yum']['updates']['gpgkey'] = 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch' diff --git a/documentation/.gitkeep b/documentation/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/documentation/yum_fedora_repositories.md b/documentation/yum_fedora_repositories.md new file mode 100644 index 0000000..3c5cdf4 --- /dev/null +++ b/documentation/yum_fedora_repositories.md @@ -0,0 +1,54 @@ +# yum_fedora_repositories + +Manages the standard Fedora repository set and removes stock Fedora repo files that conflict with +cookbook-managed repository files. + +## Actions + +| Action | Description | +|-----------|---------------------------------------------| +| `:create` | Deletes stock repo files and creates repos | +| `:remove` | Removes all Fedora repository definitions | + +## Properties + +| Property | Type | Default | Description | +|------------------------|-------------|---------|--------------------------------------------------| +| `manage_debuginfo` | true, false | `false` | Manage all `*-debuginfo` repositories | +| `manage_source` | true, false | `false` | Manage all `*-source` repositories | +| `manage_testing` | true, false | `false` | Manage all `updates-testing*` repositories | +| `enable_debuginfo` | true, false | `false` | Enable all `*-debuginfo` repositories | +| `enable_source` | true, false | `false` | Enable all `*-source` repositories | +| `enable_testing` | true, false | `false` | Enable all `updates-testing*` repositories | +| `managed_repositories` | Array | `[]` | Additional repository ids to manage | +| `enabled_repositories` | Array | `[]` | Additional repository ids to enable | + +## Examples + +### Default repositories + +```ruby +yum_fedora_repositories 'default' +``` + +### Manage and enable every Fedora repository + +```ruby +yum_fedora_repositories 'all' do + manage_debuginfo true + manage_source true + manage_testing true + enable_debuginfo true + enable_source true + enable_testing true +end +``` + +### Enable selected optional repositories + +```ruby +yum_fedora_repositories 'selected' do + managed_repositories %w(fedora-source updates-testing) + enabled_repositories %w(fedora-source updates-testing) +end +``` diff --git a/documentation/yum_fedora_repository.md b/documentation/yum_fedora_repository.md new file mode 100644 index 0000000..67c6209 --- /dev/null +++ b/documentation/yum_fedora_repository.md @@ -0,0 +1,77 @@ +# yum_fedora_repository + +Manages one Fedora Yum repository by wrapping Chef Infra's `yum_repository` resource. + +## Actions + +| Action | Description | +|-----------|-----------------------------------------------| +| `:create` | Creates the repository when `managed` is true | +| `:remove` | Removes the repository | + +## Properties + +| Property | Type | Default | Description | +|-------------------------|----------------------|----------------|------------------------------------------| +| `repositoryid` | String | name property | Fedora repository id | +| `managed` | true, false | repo default | Whether the repository should be managed | +| `description` | String | repo default | Repository description | +| `mirrorlist` | String, nil | repo default | Fedora MirrorManager metalink | +| `baseurl` | String, Array | `nil` | Direct repository URL | +| `enabled` | true, false | repo default | Whether the repository is enabled | +| `gpgcheck` | true, false | `true` | Enables GPG package validation | +| `gpgkey` | String, Array | Fedora key URL | GPG key URL | +| `metadata_expire` | String | repo default | Metadata expiration setting | +| `cost` | Integer, String | `nil` | Yum repository cost | +| `enablegroups` | true, false | `nil` | Yum group support | +| `exclude` | String, Array | `nil` | Excluded packages | +| `failovermethod` | String | `nil` | Failover method | +| `fastestmirror_enabled` | true, false | `nil` | Fastest mirror plugin setting | +| `http_caching` | String | `nil` | HTTP cache policy | +| `include_config` | String | `nil` | Include another Yum config file | +| `includepkgs` | String, Array | `nil` | Included packages | +| `keepalive` | true, false | `nil` | HTTP keepalive setting | +| `max_retries` | Integer, String | `nil` | Maximum retries | +| `mirror_expire` | Integer, String | `nil` | Mirror expiration setting | +| `mirrorlist_expire` | Integer, String | `nil` | Mirrorlist expiration setting | +| `password` | String | `nil` | Repository password | +| `priority` | Integer, String | `nil` | Repository priority | +| `proxy` | String | `nil` | Proxy URL | +| `proxy_username` | String | `nil` | Proxy username | +| `proxy_password` | String | `nil` | Proxy password | +| `report_instanceid` | true, false | `nil` | Report cloud instance id | +| `skip_if_unavailable` | true, false | `nil` | Skip unavailable repo | +| `source` | String | `nil` | Source path | +| `sslcacert` | String | `nil` | SSL CA certificate path | +| `sslclientcert` | String | `nil` | SSL client certificate path | +| `sslclientkey` | String | `nil` | SSL client key path | +| `sslverify` | true, false | `nil` | Enables SSL verification | +| `timeout` | Integer, String | `nil` | Repository timeout | +| `username` | String | `nil` | Repository username | + +## Examples + +### Default repository + +```ruby +yum_fedora_repository 'fedora' +``` + +### Enable an optional repository + +```ruby +yum_fedora_repository 'updates-testing' do + managed true + enabled true +end +``` + +### Use an internal mirror + +```ruby +yum_fedora_repository 'updates' do + baseurl 'https://internal.example.com/fedora/$releasever/updates/$basearch' + mirrorlist nil + sslverify false +end +``` diff --git a/kitchen.dokken.yml b/kitchen.dokken.yml index 47eff95..06ac282 100644 --- a/kitchen.dokken.yml +++ b/kitchen.dokken.yml @@ -1,113 +1,18 @@ +--- driver: name: dokken privileged: true chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> transport: { name: dokken } -provisioner: { name: dokken } -platforms: - - name: almalinux-8 - driver: - image: dokken/almalinux-8 - pid_one_command: /usr/lib/systemd/systemd - - - name: almalinux-9 - driver: - image: dokken/almalinux-9 - pid_one_command: /usr/lib/systemd/systemd - - - name: amazonlinux-2023 - driver: - image: dokken/amazonlinux-2023 - pid_one_command: /usr/lib/systemd/systemd - - - name: centos-7 - driver: - image: dokken/centos-7 - pid_one_command: /usr/lib/systemd/systemd - - - name: centos-stream-8 - driver: - image: dokken/centos-stream-8 - pid_one_command: /usr/lib/systemd/systemd - - - name: centos-stream-9 - driver: - image: dokken/centos-stream-9 - pid_one_command: /usr/lib/systemd/systemd - - - name: debian-9 - driver: - image: dokken/debian-9 - pid_one_command: /bin/systemd - - - name: debian-10 - driver: - image: dokken/debian-10 - pid_one_command: /bin/systemd - - - name: debian-11 - driver: - image: dokken/debian-11 - pid_one_command: /bin/systemd - - - name: debian-12 - driver: - image: dokken/debian-12 - pid_one_command: /bin/systemd +provisioner: + name: dokken + multiple_converge: 2 + enforce_idempotency: true +platforms: - name: fedora-latest driver: image: dokken/fedora-latest pid_one_command: /usr/lib/systemd/systemd - - - name: opensuse-leap-15 - driver: - image: dokken/opensuse-leap-15 - pid_one_command: /usr/lib/systemd/systemd - - - name: oraclelinux-7 - driver: - image: dokken/oraclelinux-7 - pid_one_command: /usr/lib/systemd/systemd - - - name: oraclelinux-8 - driver: - image: dokken/oraclelinux-8 - pid_one_command: /usr/lib/systemd/systemd - - - name: oraclelinux-9 - driver: - image: dokken/oraclelinux-9 - pid_one_command: /usr/lib/systemd/systemd - - - name: rockylinux-8 - driver: - image: dokken/rockylinux-8 - pid_one_command: /usr/lib/systemd/systemd - - - name: rockylinux-9 - driver: - image: dokken/rockylinux-9 - pid_one_command: /usr/lib/systemd/systemd - - - name: ubuntu-18.04 - driver: - image: dokken/ubuntu-18.04 - pid_one_command: /bin/systemd - - - name: ubuntu-20.04 - driver: - image: dokken/ubuntu-20.04 - pid_one_command: /bin/systemd - - - name: ubuntu-22.04 - driver: - image: dokken/ubuntu-22.04 - pid_one_command: /bin/systemd - - - name: ubuntu-23.04 - driver: - image: dokken/ubuntu-23.04 - pid_one_command: /bin/systemd diff --git a/kitchen.exec.yml b/kitchen.exec.yml deleted file mode 100644 index ba7b2a9..0000000 --- a/kitchen.exec.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -driver: { name: exec } -transport: { name: exec } - -platforms: - - name: macos-latest - - name: windows-latest diff --git a/kitchen.global.yml b/kitchen.global.yml index a382fcd..af940e1 100644 --- a/kitchen.global.yml +++ b/kitchen.global.yml @@ -15,24 +15,4 @@ verifier: name: inspec platforms: - - name: almalinux-8 - - name: almalinux-9 - - name: amazonlinux-2023 - - name: centos-7 - - name: centos-stream-8 - - name: centos-stream-9 - - name: debian-9 - - name: debian-10 - - name: debian-11 - - name: debian-12 - name: fedora-latest - - name: opensuse-leap-15 - - name: oraclelinux-7 - - name: oraclelinux-8 - - name: oraclelinux-9 - - name: rockylinux-8 - - name: rockylinux-9 - - name: ubuntu-18.04 - - name: ubuntu-20.04 - - name: ubuntu-22.04 - - name: ubuntu-23.04 diff --git a/kitchen.yml b/kitchen.yml index aaa23c5..91d4815 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -1,50 +1,43 @@ +--- driver: name: vagrant provisioner: - name: chef_zero + name: chef_infra + product_name: chef + product_version: latest + channel: stable deprecations_as_errors: true - chef_license: accept-no-persist + chef_license: accept + multiple_converge: 2 + enforce_idempotency: true verifier: name: inspec + sudo: true platforms: - name: fedora-latest +x-run_lists: + default: &default_run_list + - recipe[test::default] + enable_all: &enable_all_run_list + - recipe[test::enable_all] + +x-verifiers: + default: &default_verifier + inspec_tests: + - path: test/integration/default + enable_all: &enable_all_verifier + inspec_tests: + - path: test/integration/enable-all + suites: - - name: enable-all - run_list: - - recipe[yum-fedora::default] - attributes: - yum: - fedora: - managed: true - enabled: true - fedora-debuginfo: - managed: true - enabled: true - fedora-source: - managed: true - enabled: true - updates: - managed: true - enabled: true - updates-debuginfo: - managed: true - enabled: true - updates-source: - managed: true - enabled: true - updates-testing: - managed: true - enabled: true - updates-testing-debuginfo: - managed: true - enabled: true - updates-testing-source: - managed: true - enabled: true - name: default - run_list: - - recipe[yum-fedora::default] + run_list: *default_run_list + verifier: *default_verifier + + - name: enable-all + run_list: *enable_all_run_list + verifier: *enable_all_verifier diff --git a/libraries/helpers.rb b/libraries/helpers.rb new file mode 100644 index 0000000..74d6470 --- /dev/null +++ b/libraries/helpers.rb @@ -0,0 +1,114 @@ +# frozen_string_literal: true + +module YumFedora + module Helpers + REPOSITORIES = { + 'fedora' => { + description: 'Fedora $releasever - $basearch', + mirrorlist: 'https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch', + enabled: true, + managed: true, + metadata_expire: '7d', + }, + 'fedora-debuginfo' => { + description: 'Fedora $releasever - $basearch - Debug', + mirrorlist: 'https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch', + enabled: false, + managed: false, + metadata_expire: '7d', + }, + 'fedora-source' => { + description: 'Fedora $releasever - Source', + mirrorlist: 'https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch', + enabled: false, + managed: false, + metadata_expire: '7d', + }, + 'updates' => { + description: 'Fedora $releasever - $basearch - Updates', + mirrorlist: 'https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch', + enabled: true, + managed: true, + }, + 'updates-debuginfo' => { + description: 'Fedora $releasever - $basearch - Updates - Debug', + mirrorlist: 'https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch', + enabled: false, + managed: false, + }, + 'updates-source' => { + description: 'Fedora $releasever - Updates Source', + mirrorlist: 'https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch', + enabled: false, + managed: false, + }, + 'updates-testing' => { + description: 'Fedora $releasever - $basearch - Test Updates', + mirrorlist: 'https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch', + enabled: false, + managed: false, + }, + 'updates-testing-debuginfo' => { + description: 'Fedora $releasever - $basearch - Test Updates Debug', + mirrorlist: 'https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch', + enabled: false, + managed: false, + }, + 'updates-testing-source' => { + description: 'Fedora $releasever - Test Updates Source', + mirrorlist: 'https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch', + enabled: false, + managed: false, + }, + }.freeze unless const_defined?(:REPOSITORIES) + + STOCK_REPO_FILES = %w( + /etc/yum.repos.d/fedora-updates.repo + /etc/yum.repos.d/fedora-updates-testing.repo + ).freeze unless const_defined?(:STOCK_REPO_FILES) + + def fedora_repository_ids + REPOSITORIES.keys + end + + def fedora_repository_config(repositoryid) + REPOSITORIES.fetch(repositoryid) + end + + def fedora_repository?(repositoryid) + REPOSITORIES.key?(repositoryid) + end + + def fedora_debug_repository?(repositoryid) + repositoryid.end_with?('-debuginfo') + end + + def fedora_source_repository?(repositoryid) + repositoryid.end_with?('-source') + end + + def fedora_testing_repository?(repositoryid) + repositoryid.start_with?('updates-testing') + end + + def fedora_default_managed?(repositoryid) + fedora_repository_config(repositoryid).fetch(:managed) + end + + def fedora_default_enabled?(repositoryid) + fedora_repository_config(repositoryid).fetch(:enabled) + end + + def fedora_default_description(repositoryid) + fedora_repository_config(repositoryid).fetch(:description) + end + + def fedora_default_mirrorlist(repositoryid) + fedora_repository_config(repositoryid).fetch(:mirrorlist) + end + + def fedora_default_metadata_expire(repositoryid) + fedora_repository_config(repositoryid)[:metadata_expire] + end + end +end diff --git a/metadata.rb b/metadata.rb index 07d2c69..1944406 100644 --- a/metadata.rb +++ b/metadata.rb @@ -1,11 +1,13 @@ +# frozen_string_literal: true + name 'yum-fedora' maintainer 'Sous Chefs' maintainer_email 'help@sous-chefs.org' license 'Apache-2.0' -description 'Installs and configures the Fedora Yum repositories' +description 'Provides custom resources for managing Fedora Yum repositories' version '3.1.9' source_url 'https://github.com/sous-chefs/yum-fedora' issues_url 'https://github.com/sous-chefs/yum-fedora/issues' -chef_version '>= 12.15' +chef_version '>= 15.3' supports 'fedora' diff --git a/migration.md b/migration.md new file mode 100644 index 0000000..48527da --- /dev/null +++ b/migration.md @@ -0,0 +1,56 @@ +# Migration Guide + +## From Recipes and Attributes to Resources + +This release removes the legacy `yum-fedora::default` recipe and all +`node['yum'][repo]` attributes. Use custom resources directly from your own cookbook recipes. + +### Before + +```ruby +node.default['yum']['updates-testing']['managed'] = true +node.default['yum']['updates-testing']['enabled'] = true + +include_recipe 'yum-fedora' +``` + +### After + +```ruby +yum_fedora_repository 'updates-testing' do + managed true + enabled true +end +``` + +### Managing the Default Repository Set + +The default behavior from the old recipe is now: + +```ruby +yum_fedora_repositories 'default' +``` + +This removes the stock Fedora updates repo files and manages only `fedora` and `updates` by +default. Debug, source, and testing repositories remain unmanaged and disabled unless enabled with +properties. + +### Enabling All Repositories + +```ruby +yum_fedora_repositories 'all' do + manage_debuginfo true + manage_source true + manage_testing true + enable_debuginfo true + enable_source true + enable_testing true +end +``` + +### Test Cookbook Examples + +Executable examples live under `test/cookbooks/test/recipes/`: + +* `default.rb` exercises the default repository set. +* `enable_all.rb` exercises every public Fedora repository id. diff --git a/recipes/default.rb b/recipes/default.rb deleted file mode 100644 index 713cfdb..0000000 --- a/recipes/default.rb +++ /dev/null @@ -1,79 +0,0 @@ -# -# Author:: Sean OMeara () -# Recipe:: yum-fedora::default -# -# Copyright:: 2013-2019, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -file '/etc/yum.repos.d/fedora-updates.repo' do - action :delete -end - -file '/etc/yum.repos.d/fedora-updates-testing.repo' do - action :delete -end - -%w( - fedora - fedora-debuginfo - fedora-source - updates - updates-debuginfo - updates-source - updates-testing - updates-testing-debuginfo - updates-testing-source -).each do |repo| - next unless node['yum'][repo]['managed'] - - yum_repository repo do - baseurl node['yum'][repo]['baseurl'] unless node['yum'][repo]['baseurl'].nil? - cost node['yum'][repo]['cost'] unless node['yum'][repo]['cost'].nil? - description node['yum'][repo]['description'] unless node['yum'][repo]['description'].nil? - enabled node['yum'][repo]['enabled'] unless node['yum'][repo]['enabled'].nil? - enablegroups node['yum'][repo]['enablegroups'] unless node['yum'][repo]['enablegroups'].nil? - exclude node['yum'][repo]['exclude'] unless node['yum'][repo]['exclude'].nil? - failovermethod node['yum'][repo]['failovermethod'] unless node['yum'][repo]['failovermethod'].nil? - fastestmirror_enabled node['yum'][repo]['fastestmirror_enabled'] unless node['yum'][repo]['fastestmirror_enabled'].nil? - gpgcheck node['yum'][repo]['gpgcheck'] unless node['yum'][repo]['gpgcheck'].nil? - gpgkey node['yum'][repo]['gpgkey'] unless node['yum'][repo]['gpgkey'].nil? - http_caching node['yum'][repo]['http_caching'] unless node['yum'][repo]['http_caching'].nil? - include_config node['yum'][repo]['include_config'] unless node['yum'][repo]['include_config'].nil? - includepkgs node['yum'][repo]['includepkgs'] unless node['yum'][repo]['includepkgs'].nil? - keepalive node['yum'][repo]['keepalive'] unless node['yum'][repo]['keepalive'].nil? - max_retries node['yum'][repo]['max_retries'] unless node['yum'][repo]['max_retries'].nil? - metadata_expire node['yum'][repo]['metadata_expire'] unless node['yum'][repo]['metadata_expire'].nil? - mirror_expire node['yum'][repo]['mirror_expire'] unless node['yum'][repo]['mirror_expire'].nil? - mirrorlist node['yum'][repo]['mirrorlist'] unless node['yum'][repo]['mirrorlist'].nil? - mirrorlist_expire node['yum'][repo]['mirrorlist_expire'] unless node['yum'][repo]['mirrorlist_expire'].nil? - password node['yum'][repo]['password'] unless node['yum'][repo]['password'].nil? - priority node['yum'][repo]['priority'] unless node['yum'][repo]['priority'].nil? - proxy node['yum'][repo]['proxy'] unless node['yum'][repo]['proxy'].nil? - proxy_username node['yum'][repo]['proxy_username'] unless node['yum'][repo]['proxy_username'].nil? - proxy_password node['yum'][repo]['proxy_password'] unless node['yum'][repo]['proxy_password'].nil? - report_instanceid node['yum'][repo]['report_instanceid'] unless node['yum'][repo]['report_instanceid'].nil? - repositoryid node['yum'][repo]['repositoryid'] unless node['yum'][repo]['repositoryid'].nil? - skip_if_unavailable node['yum'][repo]['skip_if_unavailable'] unless node['yum'][repo]['skip_if_unavailable'].nil? - source node['yum'][repo]['source'] unless node['yum'][repo]['source'].nil? - sslcacert node['yum'][repo]['sslcacert'] unless node['yum'][repo]['sslcacert'].nil? - sslclientcert node['yum'][repo]['sslclientcert'] unless node['yum'][repo]['sslclientcert'].nil? - sslclientkey node['yum'][repo]['sslclientkey'] unless node['yum'][repo]['sslclientkey'].nil? - sslverify node['yum'][repo]['sslverify'] unless node['yum'][repo]['sslverify'].nil? - timeout node['yum'][repo]['timeout'] unless node['yum'][repo]['timeout'].nil? - username node['yum'][repo]['username'] unless node['yum'][repo]['username'].nil? - - only_if { platform_family?('fedora') } - action :create - end -end diff --git a/resources/yum_fedora_repositories.rb b/resources/yum_fedora_repositories.rb new file mode 100644 index 0000000..25d2431 --- /dev/null +++ b/resources/yum_fedora_repositories.rb @@ -0,0 +1,64 @@ +# frozen_string_literal: true + +provides :yum_fedora_repositories +unified_mode true + +include YumFedora::Helpers + +property :manage_debuginfo, [true, false], default: false +property :manage_source, [true, false], default: false +property :manage_testing, [true, false], default: false +property :enable_debuginfo, [true, false], default: false +property :enable_source, [true, false], default: false +property :enable_testing, [true, false], default: false +property :managed_repositories, Array, default: [], desired_state: false +property :enabled_repositories, Array, default: [], desired_state: false + +default_action :create + +action_class do + include YumFedora::Helpers + + def manage_repository?(repositoryid) + return true if new_resource.managed_repositories.include?(repositoryid) + return true if new_resource.manage_debuginfo && fedora_debug_repository?(repositoryid) + return true if new_resource.manage_source && fedora_source_repository?(repositoryid) + return true if new_resource.manage_testing && fedora_testing_repository?(repositoryid) + + fedora_default_managed?(repositoryid) + end + + def enable_repository?(repositoryid) + return true if new_resource.enabled_repositories.include?(repositoryid) + return true if new_resource.enable_debuginfo && fedora_debug_repository?(repositoryid) + return true if new_resource.enable_source && fedora_source_repository?(repositoryid) + return true if new_resource.enable_testing && fedora_testing_repository?(repositoryid) + + fedora_default_enabled?(repositoryid) + end +end + +action :create do + YumFedora::Helpers::STOCK_REPO_FILES.each do |repo_file| + file repo_file do + only_if { platform_family?('fedora') } + action :delete + end + end + + fedora_repository_ids.each do |repositoryid| + yum_fedora_repository repositoryid do + managed manage_repository?(repositoryid) + enabled enable_repository?(repositoryid) + action :create + end + end +end + +action :remove do + fedora_repository_ids.each do |repositoryid| + yum_fedora_repository repositoryid do + action :remove + end + end +end diff --git a/resources/yum_fedora_repository.rb b/resources/yum_fedora_repository.rb new file mode 100644 index 0000000..9bc262f --- /dev/null +++ b/resources/yum_fedora_repository.rb @@ -0,0 +1,87 @@ +# frozen_string_literal: true + +provides :yum_fedora_repository +unified_mode true + +include YumFedora::Helpers + +property :repositoryid, String, name_property: true +property :baseurl, [String, Array] +property :cost, [Integer, String] +property :description, String, default: lazy { fedora_default_description(repositoryid) } +property :enabled, [true, false], default: lazy { fedora_default_enabled?(repositoryid) } +property :enablegroups, [true, false] +property :exclude, [String, Array] +property :failovermethod, String +property :fastestmirror_enabled, [true, false] +property :gpgcheck, [true, false], default: true +property :gpgkey, [String, Array], default: 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch' +property :http_caching, String +property :include_config, String +property :includepkgs, [String, Array] +property :keepalive, [true, false] +property :managed, [true, false], default: lazy { fedora_default_managed?(repositoryid) }, desired_state: false +property :max_retries, [Integer, String] +property :metadata_expire, [String, NilClass], default: lazy { fedora_default_metadata_expire(repositoryid) } +property :mirror_expire, [Integer, String] +property :mirrorlist, [String, NilClass], default: lazy { fedora_default_mirrorlist(repositoryid) } +property :mirrorlist_expire, [Integer, String] +property :password, String, sensitive: true +property :priority, [Integer, String] +property :proxy, String +property :proxy_password, String, sensitive: true +property :proxy_username, String +property :report_instanceid, [true, false] +property :skip_if_unavailable, [true, false] +property :source, String +property :sslcacert, String +property :sslclientcert, String +property :sslclientkey, String +property :sslverify, [true, false] +property :timeout, [Integer, String] +property :username, String + +default_action :create + +action_class do + include YumFedora::Helpers + + def yum_repository_properties + %i( + baseurl cost description enabled enablegroups exclude failovermethod fastestmirror_enabled + gpgcheck gpgkey http_caching include_config includepkgs keepalive max_retries + metadata_expire mirror_expire mirrorlist mirrorlist_expire password priority proxy + proxy_password proxy_username report_instanceid skip_if_unavailable source sslcacert + sslclientcert sslclientkey sslverify timeout username + ) + end + + def yum_repository_property_values + yum_repository_properties.each_with_object({}) do |property_name, values| + value = new_resource.public_send(property_name) + values[property_name] = value unless value.nil? + end + end +end + +action :create do + raise ArgumentError, "Unsupported Fedora repository '#{new_resource.repositoryid}'" unless fedora_repository?(new_resource.repositoryid) + + repository_values = yum_repository_property_values + + yum_repository new_resource.repositoryid do + repository_values.each do |property_name, value| + public_send(property_name, value) + end + + only_if { platform_family?('fedora') && new_resource.managed } + action :create + end +end + +action :remove do + yum_repository new_resource.repositoryid do + only_if { platform_family?('fedora') } + action :remove + end +end diff --git a/spec/default_spec.rb b/spec/default_spec.rb deleted file mode 100644 index a747456..0000000 --- a/spec/default_spec.rb +++ /dev/null @@ -1,45 +0,0 @@ -require 'spec_helper' - -describe 'yum-fedora::default' do - context 'yum-fedora::default uses default attributes' do - cached(:chef_run) do - ChefSpec::SoloRunner.new(platform: 'fedora') do |node| - node.override['yum']['fedora']['managed'] = true - node.override['yum']['fedora-debuginfo']['managed'] = true - node.override['yum']['fedora-source']['managed'] = true - node.override['yum']['updates']['managed'] = true - node.override['yum']['updates-debuginfo']['managed'] = true - node.override['yum']['updates-source']['managed'] = true - node.override['yum']['updates-testing']['managed'] = true - node.override['yum']['updates-testing-debuginfo']['managed'] = true - node.override['yum']['updates-testing-source']['managed'] = true - end.converge(described_recipe) - end - - context 'removing stock configuration files' do - it 'deletes /etc/yum.repos.d/fedora-updates.repo' do - expect(chef_run).to delete_file('/etc/yum.repos.d/fedora-updates.repo') - end - - it 'deletes /etc/yum.repos.d/fedora-updates-testing.repo' do - expect(chef_run).to delete_file('/etc/yum.repos.d/fedora-updates-testing.repo') - end - end - - %w( - fedora - fedora-debuginfo - fedora-source - updates - updates-debuginfo - updates-source - updates-testing - updates-testing-debuginfo - updates-testing-source - ).each do |repo| - it "creates yum_repository[#{repo}]" do - expect(chef_run).to create_yum_repository(repo) - end - end - end -end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 773d557..63e556f 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,8 +1,10 @@ +# frozen_string_literal: true + require 'chefspec' require 'chefspec/berkshelf' RSpec.configure do |config| - config.color = true # Use color in STDOUT - config.formatter = :documentation # Use the specified formatter - config.log_level = :error # Avoid deprecation notice SPAM + config.color = true + config.formatter = :documentation + config.log_level = :error end diff --git a/spec/unit/helpers_spec.rb b/spec/unit/helpers_spec.rb new file mode 100644 index 0000000..6b9aea7 --- /dev/null +++ b/spec/unit/helpers_spec.rb @@ -0,0 +1,41 @@ +# frozen_string_literal: true + +require 'spec_helper' +require_relative '../../libraries/helpers' + +describe YumFedora::Helpers do + let(:helper_class) do + Class.new do + include YumFedora::Helpers + end + end + + subject(:helpers) { helper_class.new } + + it 'preserves all public Fedora repository ids' do + expect(helpers.fedora_repository_ids).to eq( + %w( + fedora + fedora-debuginfo + fedora-source + updates + updates-debuginfo + updates-source + updates-testing + updates-testing-debuginfo + updates-testing-source + ) + ) + end + + it 'keeps fedora and updates managed by default' do + expect(helpers.fedora_default_managed?('fedora')).to be(true) + expect(helpers.fedora_default_managed?('updates')).to be(true) + end + + it 'keeps debug, source, and testing repositories unmanaged by default' do + expect(helpers.fedora_default_managed?('fedora-debuginfo')).to be(false) + expect(helpers.fedora_default_managed?('updates-source')).to be(false) + expect(helpers.fedora_default_managed?('updates-testing')).to be(false) + end +end diff --git a/spec/unit/resources/yum_fedora_repositories_spec.rb b/spec/unit/resources/yum_fedora_repositories_spec.rb new file mode 100644 index 0000000..02854e0 --- /dev/null +++ b/spec/unit/resources/yum_fedora_repositories_spec.rb @@ -0,0 +1,70 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'yum_fedora_repositories' do + step_into :yum_fedora_repositories + platform 'fedora' + + context 'with default properties' do + recipe do + yum_fedora_repositories 'default' + end + + it { is_expected.to delete_file('/etc/yum.repos.d/fedora-updates.repo') } + it { is_expected.to delete_file('/etc/yum.repos.d/fedora-updates-testing.repo') } + it { is_expected.to create_yum_fedora_repository('fedora').with(managed: true, enabled: true) } + it { is_expected.to create_yum_fedora_repository('updates').with(managed: true, enabled: true) } + it { is_expected.to create_yum_fedora_repository('fedora-debuginfo').with(managed: false, enabled: false) } + it { is_expected.to create_yum_fedora_repository('updates-testing').with(managed: false, enabled: false) } + end + + context 'with all optional repositories managed and enabled' do + recipe do + yum_fedora_repositories 'all' do + manage_debuginfo true + manage_source true + manage_testing true + enable_debuginfo true + enable_source true + enable_testing true + end + end + + %w( + fedora + fedora-debuginfo + fedora-source + updates + updates-debuginfo + updates-source + updates-testing + updates-testing-debuginfo + updates-testing-source + ).each do |repositoryid| + it { is_expected.to create_yum_fedora_repository(repositoryid).with(managed: true, enabled: true) } + end + end + + context 'with action remove' do + recipe do + yum_fedora_repositories 'all' do + action :remove + end + end + + %w( + fedora + fedora-debuginfo + fedora-source + updates + updates-debuginfo + updates-source + updates-testing + updates-testing-debuginfo + updates-testing-source + ).each do |repositoryid| + it { is_expected.to remove_yum_fedora_repository(repositoryid) } + end + end +end diff --git a/spec/unit/resources/yum_fedora_repository_spec.rb b/spec/unit/resources/yum_fedora_repository_spec.rb new file mode 100644 index 0000000..ba75981 --- /dev/null +++ b/spec/unit/resources/yum_fedora_repository_spec.rb @@ -0,0 +1,78 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'yum_fedora_repository' do + step_into :yum_fedora_repository + platform 'fedora' + + context 'with the default fedora repository' do + recipe do + yum_fedora_repository 'fedora' + end + + it do + is_expected.to create_yum_repository('fedora').with( + description: 'Fedora $releasever - $basearch', + enabled: true, + gpgcheck: true, + gpgkey: 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch', + metadata_expire: '7d', + mirrorlist: 'https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch' + ) + end + end + + context 'with a repository that is unmanaged by default' do + recipe do + yum_fedora_repository 'updates-testing' + end + + it { is_expected.to_not create_yum_repository('updates-testing') } + end + + context 'with an optional repository explicitly managed and enabled' do + recipe do + yum_fedora_repository 'updates-testing' do + managed true + enabled true + end + end + + it do + is_expected.to create_yum_repository('updates-testing').with( + description: 'Fedora $releasever - $basearch - Test Updates', + enabled: true, + mirrorlist: 'https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch' + ) + end + end + + context 'with custom repository settings' do + recipe do + yum_fedora_repository 'updates' do + baseurl 'https://internal.example.com/fedora/$releasever/updates/$basearch' + mirrorlist nil + sslverify false + end + end + + it do + is_expected.to create_yum_repository('updates').with( + baseurl: 'https://internal.example.com/fedora/$releasever/updates/$basearch', + mirrorlist: nil, + sslverify: false + ) + end + end + + context 'with action remove' do + recipe do + yum_fedora_repository 'fedora' do + action :remove + end + end + + it { is_expected.to remove_yum_repository('fedora') } + end +end diff --git a/test/cookbooks/test/metadata.rb b/test/cookbooks/test/metadata.rb new file mode 100644 index 0000000..69c2d98 --- /dev/null +++ b/test/cookbooks/test/metadata.rb @@ -0,0 +1,5 @@ +# frozen_string_literal: true + +name 'test' +version '0.1.0' +depends 'yum-fedora' diff --git a/test/cookbooks/test/recipes/default.rb b/test/cookbooks/test/recipes/default.rb new file mode 100644 index 0000000..5656b12 --- /dev/null +++ b/test/cookbooks/test/recipes/default.rb @@ -0,0 +1,3 @@ +# frozen_string_literal: true + +yum_fedora_repositories 'default' diff --git a/test/cookbooks/test/recipes/enable_all.rb b/test/cookbooks/test/recipes/enable_all.rb new file mode 100644 index 0000000..85f3ea8 --- /dev/null +++ b/test/cookbooks/test/recipes/enable_all.rb @@ -0,0 +1,10 @@ +# frozen_string_literal: true + +yum_fedora_repositories 'all' do + manage_debuginfo true + manage_source true + manage_testing true + enable_debuginfo true + enable_source true + enable_testing true +end diff --git a/test/integration/default/controls/default_spec.rb b/test/integration/default/controls/default_spec.rb new file mode 100644 index 0000000..a26b91d --- /dev/null +++ b/test/integration/default/controls/default_spec.rb @@ -0,0 +1,55 @@ +# frozen_string_literal: true + +title 'Default Fedora Repository Tests' + +control 'yum-fedora-default-01' do + impact 1.0 + title 'Default Fedora repositories are managed' + + describe file('/etc/yum.repos.d/fedora.repo') do + it { should exist } + end + + describe ini('/etc/yum.repos.d/fedora.repo') do + its('fedora.enabled') { should cmp 1 } + its('fedora.mirrorlist') { should cmp 'https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch' } + end + + describe file('/etc/yum.repos.d/updates.repo') do + it { should exist } + end + + describe ini('/etc/yum.repos.d/updates.repo') do + its('updates.enabled') { should cmp 1 } + its('updates.mirrorlist') { should cmp 'https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch' } + end +end + +control 'yum-fedora-default-02' do + impact 1.0 + title 'Default Fedora repositories keep GPG validation' + + %w( + fedora + updates + ).each do |repositoryid| + describe ini("/etc/yum.repos.d/#{repositoryid}.repo") do + its("#{repositoryid}.gpgcheck") { should cmp 1 } + its("#{repositoryid}.gpgkey") { should cmp 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch' } + end + end +end + +control 'yum-fedora-default-03' do + impact 0.7 + title 'Stock Fedora repository files are removed' + + %w( + /etc/yum.repos.d/fedora-updates.repo + /etc/yum.repos.d/fedora-updates-testing.repo + ).each do |repo_file| + describe file(repo_file) do + it { should_not exist } + end + end +end diff --git a/test/integration/default/default_spec.rb b/test/integration/default/default_spec.rb deleted file mode 100644 index 98b2af2..0000000 --- a/test/integration/default/default_spec.rb +++ /dev/null @@ -1,24 +0,0 @@ -e_rel = os.release.to_i -e_arch = 'x86_64' - -describe yum.repo('fedora') do - it { should exist } - it { should be_enabled } - its('mirrors') { should cmp "https://mirrors.fedoraproject.org/metalink?repo=fedora-#{e_rel}&arch=#{e_arch}" } -end - -describe yum.repo('updates') do - it { should exist } - it { should be_enabled } - its('mirrors') { should cmp "https://mirrors.fedoraproject.org/metalink?repo=updates-released-f#{e_rel}&arch=#{e_arch}" } -end - -%w( - fedora - updates -).each do |repo| - describe ini("/etc/yum.repos.d/#{repo}.repo") do - its("#{repo}.gpgcheck") { should cmp 1 } - its("#{repo}.gpgkey") { should cmp 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch' } - end -end diff --git a/test/integration/default/inspec.yml b/test/integration/default/inspec.yml new file mode 100644 index 0000000..8430175 --- /dev/null +++ b/test/integration/default/inspec.yml @@ -0,0 +1,7 @@ +--- +name: default +title: Default Fedora Repository Tests +maintainer: Sous Chefs +license: Apache-2.0 +summary: Verifies default yum-fedora repositories +version: 1.0.0 diff --git a/test/integration/enable-all/controls/enable_all_spec.rb b/test/integration/enable-all/controls/enable_all_spec.rb new file mode 100644 index 0000000..502e1fc --- /dev/null +++ b/test/integration/enable-all/controls/enable_all_spec.rb @@ -0,0 +1,43 @@ +# frozen_string_literal: true + +title 'All Fedora Repository Tests' + +expected_repositories = { + 'fedora' => 'https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch', + 'fedora-debuginfo' => 'https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch', + 'fedora-source' => 'https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch', + 'updates' => 'https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch', + 'updates-debuginfo' => 'https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch', + 'updates-source' => 'https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch', + 'updates-testing' => 'https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch', + 'updates-testing-debuginfo' => 'https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch', + 'updates-testing-source' => 'https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch', +} + +control 'yum-fedora-enable-all-01' do + impact 1.0 + title 'All Fedora repositories are managed and enabled' + + expected_repositories.each do |repositoryid, mirrorlist| + describe file("/etc/yum.repos.d/#{repositoryid}.repo") do + it { should exist } + end + + describe ini("/etc/yum.repos.d/#{repositoryid}.repo") do + its("#{repositoryid}.enabled") { should cmp 1 } + its("#{repositoryid}.mirrorlist") { should cmp mirrorlist } + end + end +end + +control 'yum-fedora-enable-all-02' do + impact 1.0 + title 'All Fedora repositories keep GPG validation' + + expected_repositories.each_key do |repositoryid| + describe ini("/etc/yum.repos.d/#{repositoryid}.repo") do + its("#{repositoryid}.gpgcheck") { should cmp 1 } + its("#{repositoryid}.gpgkey") { should cmp 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch' } + end + end +end diff --git a/test/integration/enable-all/enable_all_spec.rb b/test/integration/enable-all/enable_all_spec.rb deleted file mode 100644 index 784b7ae..0000000 --- a/test/integration/enable-all/enable_all_spec.rb +++ /dev/null @@ -1,73 +0,0 @@ -e_rel = os.release.to_i -e_arch = 'x86_64' - -describe yum.repo('fedora-debuginfo') do - it { should exist } - it { should be_enabled } - its('mirrors') { should cmp "https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-#{e_rel}&arch=#{e_arch}" } -end - -describe yum.repo('fedora-source') do - it { should exist } - it { should be_enabled } - its('mirrors') { should cmp "https://mirrors.fedoraproject.org/metalink?repo=fedora-source-#{e_rel}&arch=#{e_arch}" } -end - -describe yum.repo('updates-debuginfo') do - it { should exist } - it { should be_enabled } - its('mirrors') { should cmp "https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f#{e_rel}&arch=#{e_arch}" } -end - -describe yum.repo('updates-source') do - it { should exist } - it { should be_enabled } - its('mirrors') { should cmp "https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f#{e_rel}&arch=#{e_arch}" } -end - -describe yum.repo('updates-testing') do - it { should exist } - it { should be_enabled } - its('mirrors') { should cmp "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f#{e_rel}&arch=#{e_arch}" } -end - -describe yum.repo('updates-testing-debuginfo') do - it { should exist } - it { should be_enabled } - its('mirrors') { should cmp "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f#{e_rel}&arch=#{e_arch}" } -end - -describe yum.repo('updates-testing-source') do - it { should exist } - it { should be_enabled } - its('mirrors') { should cmp "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f#{e_rel}&arch=#{e_arch}" } -end - -describe yum.repo('fedora') do - it { should exist } - it { should be_enabled } - its('mirrors') { should cmp "https://mirrors.fedoraproject.org/metalink?repo=fedora-#{e_rel}&arch=#{e_arch}" } -end - -describe yum.repo('updates') do - it { should exist } - it { should be_enabled } - its('mirrors') { should cmp "https://mirrors.fedoraproject.org/metalink?repo=updates-released-f#{e_rel}&arch=#{e_arch}" } -end - -%w( - fedora - fedora-debuginfo - fedora-source - updates - updates-debuginfo - updates-source - updates-testing - updates-testing-debuginfo - updates-testing-source -).each do |repo| - describe ini("/etc/yum.repos.d/#{repo}.repo") do - its("#{repo}.gpgcheck") { should cmp 1 } - its("#{repo}.gpgkey") { should cmp 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch' } - end -end diff --git a/test/integration/enable-all/inspec.yml b/test/integration/enable-all/inspec.yml new file mode 100644 index 0000000..0b40b9e --- /dev/null +++ b/test/integration/enable-all/inspec.yml @@ -0,0 +1,7 @@ +--- +name: enable-all +title: All Fedora Repository Tests +maintainer: Sous Chefs +license: Apache-2.0 +summary: Verifies all yum-fedora repositories can be managed and enabled +version: 1.0.0