# This configuration was generated by
# `rubocop --auto-gen-config`
-# on 2020-07-19 17:37:03 UTC using RuboCop version 0.88.0.
+# on 2020-07-29 12:02:45 UTC using RuboCop version 0.88.0.
# The point is for the user to remove these configuration records
# one by one as the offenses are removed from the code base.
# Note that changes in the inspected code, or installation of new
# versions of RuboCop, may require this file to be generated again.
-# Offense count: 15
-ChefCorrectness/NodeNormal:
- Exclude:
- - '**/metadata.rb'
- - '**/Berksfile'
- - 'cookbooks/dev/recipes/default.rb'
- - 'cookbooks/mediawiki/resources/site.rb'
- - 'cookbooks/networking/recipes/default.rb'
- - 'cookbooks/openvpn/recipes/default.rb'
- - 'cookbooks/web/recipes/backend.rb'
- - 'cookbooks/wordpress/resources/site.rb'
-
-# Offense count: 12
-ChefCorrectness/NodeNormalUnless:
- Exclude:
- - '**/metadata.rb'
- - '**/Berksfile'
- - 'cookbooks/mailman/recipes/default.rb'
- - 'cookbooks/mediawiki/resources/site.rb'
- - 'cookbooks/wordpress/resources/site.rb'
-
# Offense count: 1
# Configuration parameters: Include.
# Include: **/definitions/*.rb
Exclude:
- 'cookbooks/networking/definitions/firewall_rule.rb'
-# Offense count: 1056
+# Offense count: 1038
# Cop supports --auto-correct.
# Configuration parameters: .
# SupportedStyles: strings, symbols
--- /dev/null
+require "digest"
+
+class Chef
+ module Mixin
+ module PersistentToken
+ def persistent_token(*args)
+ sha256 = Digest::SHA256.new
+ sha256.update(node[:machine_id])
+ args.each do |arg|
+ sha256.update(arg)
+ end
+ sha256.hexdigest
+ end
+ end
+ end
+
+ class Recipe
+ include Chef::Mixin::PersistentToken
+ end
+end
supports "ubuntu"
depends "apache"
depends "passenger"
+depends "chef"
depends "geoipupdate"
depends "git"
depends "memcached"
if details[:repository]
site_aliases = details[:aliases] || []
- secret_key_base = details[:secret_key_base] || SecureRandom.base64(96)
+ secret_key_base = persistent_token("dev", "rails", name, "secret_key_base")
- node.normal[:dev][:rails][name][:secret_key_base] = secret_key_base
+ node.rm_normal(:dev, :rails, name)
postgresql_database database_name do
cluster "12/main"
action :drop
cluster "12/main"
end
-
- node.normal[:dev][:rails].delete(name)
end
end
version "1.0.0"
supports "ubuntu"
depends "apache"
+depends "chef"
package "mailman"
-node.normal_unless[:mailman][:subscribe_form_secret] = SecureRandom.base64(48)
+node.rm_normal(:mailman, :subscribe_form_secret)
+
+subscribe_form_secret = persistent_token("mailman", "subscribe_form_secret")
template "/etc/mailman/mm_cfg.py" do
source "mm_cfg.py.erb"
user "root"
group "root"
mode "644"
+ variables :subscribe_form_secret => subscribe_form_secret
notifies :restart, "service[mailman]"
end
#-------------------------------------------------------------
# Secret for web forms to protect against XSRF attacks
-SUBSCRIBE_FORM_SECRET='<%= node[:mailman][:subscribe_form_secret] %>'
+SUBSCRIBE_FORM_SECRET='<%= @subscribe_form_secret %>'
# Note - if you're looking for something that is imported from mm_cfg, but you
# didn't find it above, it's probably in /usr/lib/mailman/Mailman/Defaults.py.
depends "accounts"
depends "apache"
depends "apt"
+depends "chef"
depends "git"
depends "memcached"
depends "mysql"
property :reload_apache, :kind_of => [TrueClass, FalseClass], :default => true
action :create do
- node.normal_unless[:mediawiki][:sites][new_resource.site] = {}
+ node.rm_normal(:mediawiki, :sites, new_resource.site)
- node.normal[:mediawiki][:sites][new_resource.site][:directory] = site_directory
- node.normal[:mediawiki][:sites][new_resource.site][:version] = new_resource.version
+ node.default[:mediawiki][:sites][new_resource.site] = {
+ :directory => site_directory,
+ :version => new_resource.version
+ }
- node.normal_unless[:mediawiki][:sites][new_resource.site][:wgSecretKey] = SecureRandom.base64(48)
+ secret_key = persistent_token("mediawiki", new_resource.site, "wgSecretKey")
mysql_user "#{new_resource.database_user}@localhost" do
password new_resource.database_password
variables :name => new_resource.site,
:directory => mediawiki_directory,
:database_params => database_params,
- :mediawiki => mediawiki_params
+ :mediawiki => mediawiki_params,
+ :secret_key => secret_key
notifies :run, "execute[#{mediawiki_directory}/maintenance/update.php]"
end
end
action_class do
+ include Chef::Mixin::PersistentToken
+
def site_directory
new_resource.directory || "/srv/#{new_resource.site}"
end
$wgPageLanguageUseDB = true;
$wgGroupPermissions['user']['pagelang'] = true;
-$wgSecretKey = '<%= @node[:mediawiki][:sites][@name][:wgSecretKey] %>';
+$wgSecretKey = '<%= @secret_key %>';
# Site upgrade key. Must be set to a string (default provided) to turn on the
# web installer while LocalSettings.php is in place
action :create do
version = new_resource.version || Chef::Wordpress.current_version
- node.normal_unless[:wordpress][:sites][new_resource.site] = {}
+ node.rm_normal(:wordpress, :sites, new_resource.site)
- node.normal[:wordpress][:sites][new_resource.site][:directory] = site_directory
+ node.default[:wordpress][:sites][new_resource.site] = {
+ :directory => site_directory
+ }
- node.normal_unless[:wordpress][:sites][new_resource.site][:auth_key] = SecureRandom.base64(48)
- node.normal_unless[:wordpress][:sites][new_resource.site][:secure_auth_key] = SecureRandom.base64(48)
- node.normal_unless[:wordpress][:sites][new_resource.site][:logged_in_key] = SecureRandom.base64(48)
- node.normal_unless[:wordpress][:sites][new_resource.site][:nonce_key] = SecureRandom.base64(48)
- node.normal_unless[:wordpress][:sites][new_resource.site][:auth_salt] = SecureRandom.base64(48)
- node.normal_unless[:wordpress][:sites][new_resource.site][:secure_auth_salt] = SecureRandom.base64(48)
- node.normal_unless[:wordpress][:sites][new_resource.site][:logged_in_salt] = SecureRandom.base64(48)
- node.normal_unless[:wordpress][:sites][new_resource.site][:nonce_salt] = SecureRandom.base64(48)
+ auth_key = persistent_token("wordpress", new_resource.site, "auth_key")
+ secure_auth_key = persistent_token("wordpress", new_resource.site, "secure_auth_key")
+ logged_in_key = persistent_token("wordpress", new_resource.site, "logged_in_key")
+ nonce_key = persistent_token("wordpress", new_resource.site, "nonce_key")
+ auth_salt = persistent_token("wordpress", new_resource.site, "auth_salt")
+ secure_auth_salt = persistent_token("wordpress", new_resource.site, "secure_auth_salt")
+ logged_in_salt = persistent_token("wordpress", new_resource.site, "logged_in_salt")
+ nonce_salt = persistent_token("wordpress", new_resource.site, "nonce_salt")
mysql_user "#{new_resource.database_user}@localhost" do
password new_resource.database_password
line.gsub!(/password_here/, new_resource.database_password)
line.gsub!(/wp_/, new_resource.database_prefix)
- line.gsub!(/('AUTH_KEY', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][new_resource.site][:auth_key]}'")
- line.gsub!(/('SECURE_AUTH_KEY', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][new_resource.site][:secure_auth_key]}'")
- line.gsub!(/('LOGGED_IN_KEY', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][new_resource.site][:logged_in_key]}'")
- line.gsub!(/('NONCE_KEY', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][new_resource.site][:nonce_key]}'")
- line.gsub!(/('AUTH_SALT', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][new_resource.site][:auth_salt]}'")
- line.gsub!(/('SECURE_AUTH_SALT', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][new_resource.site][:secure_auth_salt]}'")
- line.gsub!(/('LOGGED_IN_SALT', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][new_resource.site][:logged_in_salt]}'")
- line.gsub!(/('NONCE_SALT', *)'put your unique phrase here'/, "\\1'#{node[:wordpress][:sites][new_resource.site][:nonce_salt]}'")
+ line.gsub!(/('AUTH_KEY', *)'put your unique phrase here'/, "\\1'#{auth_key}'")
+ line.gsub!(/('SECURE_AUTH_KEY', *)'put your unique phrase here'/, "\\1'#{secure_auth_key}'")
+ line.gsub!(/('LOGGED_IN_KEY', *)'put your unique phrase here'/, "\\1'#{logged_in_key}'")
+ line.gsub!(/('NONCE_KEY', *)'put your unique phrase here'/, "\\1'#{nonce_key}'")
+ line.gsub!(/('AUTH_SALT', *)'put your unique phrase here'/, "\\1'#{auth_salt}'")
+ line.gsub!(/('SECURE_AUTH_SALT', *)'put your unique phrase here'/, "\\1'#{secure_auth_salt}'")
+ line.gsub!(/('LOGGED_IN_SALT', *)'put your unique phrase here'/, "\\1'#{logged_in_salt}'")
+ line.gsub!(/('NONCE_SALT', *)'put your unique phrase here'/, "\\1'#{nonce_salt}'")
if line =~ /define\('WP_DEBUG'/
line += "\n"
action_class do
include Chef::Mixin::EditFile
+ include Chef::Mixin::PersistentToken
def site_directory
new_resource.directory || "/srv/#{new_resource.site}"
projects / chef.git / commitdiff