From 00053754b45820a126eb3067608e756085477741 Mon Sep 17 00:00:00 2001 From: Imran Iqbal Date: Sat, 13 Jul 2019 13:43:05 +0100 Subject: [PATCH] refactor(kitchen+inspec): move inline pillar to file --- kitchen.yml | 36 ++---------------------------------- test/salt/pillar/default.sls | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 34 deletions(-) create mode 100644 test/salt/pillar/default.sls diff --git a/kitchen.yml b/kitchen.yml index 19d7cd5..52d081d 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -123,40 +123,8 @@ provisioner: base: '*': - ufw - ufw.sls: - ufw: - enabled: True - settings: - loglevel: 'low' - applications: - MySQL: - comment: Allow MySQL - Postgresql: - limit: True - comment: Limit Postgresql - SSH223: - deny: True - comment: Deny Webscale SSH - '*': - deny: True - from_addr: 10.0.0.0/8 - services: - '*': - deny: True - from_addr: - - 10.0.0.1 - - 10.0.0.2 - '22': - protocol: tcp - limit: True - comment: Limit SSH - '80': - protocol: tcp - deny: True - comment: Deny HTTP - '443': - protocol: tcp - comment: Allow HTTPS + pillars_from_files: + ufw.sls: test/salt/pillar/default.sls verifier: # https://www.inspec.io/ diff --git a/test/salt/pillar/default.sls b/test/salt/pillar/default.sls new file mode 100644 index 0000000..2eb2977 --- /dev/null +++ b/test/salt/pillar/default.sls @@ -0,0 +1,33 @@ +ufw: + enabled: True + settings: + loglevel: 'low' + applications: + MySQL: + comment: Allow MySQL + Postgresql: + limit: True + comment: Limit Postgresql + SSH223: + deny: True + comment: Deny Webscale SSH + '*': + deny: True + from_addr: 10.0.0.0/8 + services: + '*': + deny: True + from_addr: + - 10.0.0.1 + - 10.0.0.2 + '22': + protocol: tcp + limit: True + comment: Limit SSH + '80': + protocol: tcp + deny: True + comment: Deny HTTP + '443': + protocol: tcp + comment: Allow HTTPS