ci: merge travis matrix, add salt-lint & rubocop to lint job

.rubocop.yml

@@ -0,0 +1,10 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+# General overrides used across formulas in the org
+Metrics/LineLength:
+  # Increase from default of `80`
+  # Based on https://github.com/PyCQA/flake8-bugbear#opinionated-warnings (`B950`)
+  Max: 88
+
+# Any offenses that should be fixed, e.g. collected via. `rubocop --auto-gen-config`

.salt-lint

@@ -0,0 +1,13 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+exclude_paths: []
+skip_list:
+  # Using `salt-lint` for linting other files as well, such as Jinja macros/templates
+  - 205  # Use ".sls" as a Salt State file extension
+  # Skipping `207` and `208` because `210` is sufficient, at least for the time-being
+  # I.e. Allows 3-digit unquoted codes to still be used, such as `644` and `755`
+  - 207  # File modes should always be encapsulated in quotation marks
+  - 208  # File modes should always contain a leading zero
+tags: []
+verbosity: 1

.travis.yml

@@ -1,64 +1,43 @@
 # -*- coding: utf-8 -*-
 # vim: ft=yaml
 ---
+## Machine config
 dist: bionic
-stages:
-  - test
-  - lint
-  - name: release
-    if: branch = master AND type != pull_request
-
 sudo: required
-cache: bundler
-language: ruby
-
 services:
   - docker
 
-# Make sure the instances listed below match up with
-# the `platforms` defined in `kitchen.yml`
-env:
-  matrix:
-    - INSTANCE: debian-10-develop-py3
-    # - INSTANCE: ubuntu-1804-develop-py3
-    # - INSTANCE: centos-7-develop-py3
-    # - INSTANCE: fedora-30-develop-py3
-    # - INSTANCE: opensuse-leap-15-develop-py3
-    # - INSTANCE: amazonlinux-2-develop-py2
-    # - INSTANCE: arch-base-latest-develop-py2
-    # - INSTANCE: debian-9-2019-2-py3
-    - INSTANCE: prod-server-ubuntu-1804-2019-2-py3
-    # - INSTANCE: centos-7-2019-2-py3
-    - INSTANCE: prod-server-fedora-30-2019-2-py3
-    # - INSTANCE: opensuse-leap-15-2019-2-py3
-    - INSTANCE: prod-server-amazonlinux-2-2019-2-py2
-    # - INSTANCE: arch-base-latest-2019-2-py2
-    # - INSTANCE: debian-9-2018-3-py2
-    # - INSTANCE: ubuntu-1604-2018-3-py2
-    - INSTANCE: prod-server-centos-7-2018-3-py2
-    # - INSTANCE: fedora-29-2018-3-py2
-    - INSTANCE: prod-server-opensuse-leap-15-2018-3-py2
-    # - INSTANCE: amazonlinux-2-2018-3-py2
-    # - INSTANCE: arch-base-latest-2018-3-py2
-    # - INSTANCE: debian-8-2017-7-py2
-    # - INSTANCE: ubuntu-1604-2017-7-py2
-    # - INSTANCE: centos-6-2017-7-py2
-    # - INSTANCE: fedora-29-2017-7-py2
-    # - INSTANCE: opensuse-leap-15-2017-7-py2
-    # - INSTANCE: amazonlinux-2-2017-7-py2
-    - INSTANCE: prod-server-arch-base-latest-2017-7-py2
+## Language and cache config
+language: ruby
+cache: bundler
 
+## Script to run for the test stage
 script:
-  - bin/kitchen verify ${INSTANCE}
+  - bin/kitchen verify "${INSTANCE}"
 
+## Stages and jobs matrix
+stages:
+  - test
+  - name: release
+    if: branch = master AND type != pull_request
 jobs:
+  allow_failures:
+    - env: Lint_rubocop
+  fast_finish: true
   include:
-    # Define the `lint` stage (runs `yamllint` and `commitlint`)
-    - stage: lint
-      language: node_js
+    ## Define the test stage that runs the linters (and testing matrix, if applicable)
+
+    # Run all of the linters in a single job (except `rubocop`)
+    - language: node_js
       node_js: lts/*
+      env: Lint
+      name: 'Lint: salt-lint, yamllint & commitlint'
       before_install: skip
       script:
+        # Install and run `salt-lint`
+        - pip install --user salt-lint
+        - git ls-files | grep '\.sls$\|\.jinja$\|\.j2$\|\.tmpl$'
+                       | xargs -I {} salt-lint {}
         # Install and run `yamllint`
         # Need at least `v1.17.0` for the `yaml-files` setting
         - pip install --user yamllint>=1.17.0
@@ -67,10 +46,56 @@ jobs:
         - npm install @commitlint/config-conventional -D
         - npm install @commitlint/travis-cli -D
         - commitlint-travis
-    # Define the release stage that runs `semantic-release`
+    # Run the `rubocop` linter in a separate job that is allowed to fail
+    # Once these lint errors are fixed, this can be merged into a single job
+    - language: node_js
+      node_js: lts/*
+      env: Lint_rubocop
+      name: 'Lint: rubocop'
+      before_install: skip
+      script:
+        # Install and run `rubocop`
+        - gem install rubocop
+        - rubocop -d
+
+    ## Define the rest of the matrix based on Kitchen testing
+    # Make sure the instances listed below match up with
+    # the `platforms` defined in `kitchen.yml`
+    - env: INSTANCE=debian-10-develop-py3
+    # - env: INSTANCE=ubuntu-1804-develop-py3
+    # - env: INSTANCE=centos-7-develop-py3
+    # - env: INSTANCE=fedora-30-develop-py3
+    # - env: INSTANCE=opensuse-leap-15-develop-py3
+    # - env: INSTANCE=amazonlinux-2-develop-py2
+    # - env: INSTANCE=arch-base-latest-develop-py2
+    # - env: INSTANCE=debian-9-2019-2-py3
+    - env: INSTANCE=prod-server-ubuntu-1804-2019-2-py3
+    # - env: INSTANCE=centos-7-2019-2-py3
+    - env: INSTANCE=prod-server-fedora-30-2019-2-py3
+    # - env: INSTANCE=opensuse-leap-15-2019-2-py3
+    - env: INSTANCE=prod-server-amazonlinux-2-2019-2-py2
+    # - env: INSTANCE=arch-base-latest-2019-2-py2
+    # - env: INSTANCE=debian-9-2018-3-py2
+    # - env: INSTANCE=ubuntu-1604-2018-3-py2
+    - env: INSTANCE=prod-server-centos-7-2018-3-py2
+    # - env: INSTANCE=fedora-29-2018-3-py2
+    - env: INSTANCE=prod-server-opensuse-leap-15-2018-3-py2
+    # - env: INSTANCE=amazonlinux-2-2018-3-py2
+    # - env: INSTANCE=arch-base-latest-2018-3-py2
+    # - env: INSTANCE=debian-8-2017-7-py2
+    # - env: INSTANCE=ubuntu-1604-2017-7-py2
+    # - env: INSTANCE=centos-6-2017-7-py2
+    # - env: INSTANCE=fedora-29-2017-7-py2
+    # - env: INSTANCE=opensuse-leap-15-2017-7-py2
+    # - env: INSTANCE=amazonlinux-2-2017-7-py2
+    - env: INSTANCE=prod-server-arch-base-latest-2017-7-py2
+
+    ## Define the release stage that runs `semantic-release`
     - stage: release
       language: node_js
       node_js: lts/*
+      env: Release
+      name: 'Run semantic-release inc. file updates to AUTHORS, CHANGELOG & FORMULA'
       before_install: skip
       script:
         # Update `AUTHORS.md`

.yamllint

@@ -17,6 +17,7 @@ yaml-files:
   # Default settings
   - '*.yaml'
   - '*.yml'
+  - .salt-lint
   - .yamllint
   # SaltStack Formulas additional settings
   - '*.example'

Gemfile

@@ -1,7 +1,8 @@
-source "https://rubygems.org"
+# frozen_string_literal: true
 
+source 'https://rubygems.org'
+
+gem 'inspec',      '~> 4.16.0'
 gem 'kitchen-docker', '>= 2.9'
-gem 'kitchen-salt', '>= 0.6.0'
 gem 'kitchen-inspec', '>= 1.1'
-gem 'inspec',      '~> 4.16.0'
-
+gem 'kitchen-salt', '>= 0.6.0'

bin/kitchen

@@ -8,22 +8,25 @@
 # this file is here to facilitate running it.
 #
 
-require "pathname"
-ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile",
-  Pathname.new(__FILE__).realpath)
+require 'pathname'
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile',
+                                           Pathname.new(__FILE__).realpath)
 
-bundle_binstub = File.expand_path("../bundle", __FILE__)
+bundle_binstub = File.expand_path('bundle', __dir__)
 
 if File.file?(bundle_binstub)
   if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/
     load(bundle_binstub)
   else
-    abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
-Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
+    abort(
+      'Your `bin/bundle` was not generated by Bundler, '\
+      'so this binstub cannot run.  Replace `bin/bundle` by running '\
+      '`bundle binstubs bundler --force`, then run this command again.'
+    )
   end
 end
 
-require "rubygems"
-require "bundler/setup"
+require 'rubygems'
+require 'bundler/setup'
 
-load Gem.bin_path("test-kitchen", "kitchen")
+load Gem.bin_path('test-kitchen', 'kitchen')

vault/files/cert-gen.sh.j2

@@ -1,4 +1,5 @@
 {% from "vault/map.jinja" import vault with context -%}
+{% set vssc = vault.self_signed_cert -%}
 #!/usr/bin/env bash
 
 ###
@@ -31,7 +32,7 @@ pw="$child"
 root_key="$root.key"
 root_pem="$root.pem"
 root_key_nopass="$root-nopass.key"
-root_subj="/C={{ vault.self_signed_cert.country }}/ST={{ vault.self_signed_cert.state }}/L={{ vault.self_signed_cert.city }}/O={{ vault.self_signed_cert.org }}/OU={{ vault.self_signed_cert.org_unit }}/CN=$root\_ca"
+root_subj="/C={{ vssc.country }}/ST={{ vssc.state }}/L={{ vssc.city }}/O={{ vssc.org }}/OU={{ vssc.org_unit }}/CN=$root\_ca"
 root_p12="$root.p12"
 
 ###
@@ -72,7 +73,7 @@ child_name="${root}_${child}"
 child_key="$child_name.key"
 child_pem="$child_name.pem"
 child_csr="$child_name.csr"
-child_subj="/C={{ vault.self_signed_cert.country }}/ST={{ vault.self_signed_cert.state }}/L={{ vault.self_signed_cert.city }}/O={{ vault.self_signed_cert.org }}/OU={{ vault.self_signed_cert.org_unit }}/CN=$child_name"
+child_subj="/C={{ vssc.country }}/ST={{ vssc.state }}/L={{ vssc.city }}/O={{ vssc.org }}/OU={{ vssc.org_unit }}/CN=$child_name"
 child_p12="$child_name.p12"
 child_jks="$child_name.jks"