From fce35a522d8effc99f0d1e03e0ed63518c114530 Mon Sep 17 00:00:00 2001
From: Imran Iqbal <iqbalmy@hotmail.com>
Date: Sun, 24 May 2020 02:59:32 +0100
Subject: [PATCH 1/2] feat: support new platforms (`ubuntu-20.04` &
 `fedora-32`)

---
 .../default/controls/config_spec.rb           |   3 +-
 .../default/controls/packages_spec.rb         |   2 +-
 .../default/controls/services_spec.rb         |   2 +-
 .../default/controls/yaml_dump_spec.rb        |   2 +-
 .../comparison_files/main_config/fedora-32    |  67 ++++++++
 .../comparison_files/main_config/ubuntu-20    |  58 +++++++
 .../comparison_files/server_xml/fedora-32.xml | 148 ++++++++++++++++++
 .../comparison_files/server_xml/ubuntu-20.xml | 148 ++++++++++++++++++
 tomcat/osfingermap.yaml                       |  14 ++
 9 files changed, 440 insertions(+), 4 deletions(-)
 create mode 100644 test/salt/comparison_files/main_config/fedora-32
 create mode 100644 test/salt/comparison_files/main_config/ubuntu-20
 create mode 100644 test/salt/comparison_files/server_xml/fedora-32.xml
 create mode 100644 test/salt/comparison_files/server_xml/ubuntu-20.xml

diff --git a/test/integration/default/controls/config_spec.rb b/test/integration/default/controls/config_spec.rb
index 09ef4492..0cd0cd8a 100644
--- a/test/integration/default/controls/config_spec.rb
+++ b/test/integration/default/controls/config_spec.rb
@@ -22,7 +22,7 @@
   conf_dir = '/etc/tomcat8'
   server_xml_user_and_group = 'tomcat8'
   case platform_finger
-  when 'debian-10'
+  when 'debian-10', 'ubuntu-20'
     main_config_file = '/etc/default/tomcat9'
     catalina_tmpdir = '/var/cache/tomcat9/temp'
     catalina_tmpdir_user_and_group = 'tomcat'
@@ -48,6 +48,7 @@
   end
 when 'fedora'
   case platform_finger
+  when 'fedora-32'
   when 'fedora-31'
   when 'fedora-30'
   end
diff --git a/test/integration/default/controls/packages_spec.rb b/test/integration/default/controls/packages_spec.rb
index 800a43c8..192d31bf 100644
--- a/test/integration/default/controls/packages_spec.rb
+++ b/test/integration/default/controls/packages_spec.rb
@@ -11,7 +11,7 @@
     case platform[:family]
     when 'debian'
       case platform_finger
-      when 'debian-10'
+      when 'debian-10', 'ubuntu-20'
         %w[tomcat9 haveged]
       when 'debian-9', 'ubuntu-18', 'ubuntu-16'
         %w[tomcat8 haveged]
diff --git a/test/integration/default/controls/services_spec.rb b/test/integration/default/controls/services_spec.rb
index 942367ce..8bab4271 100644
--- a/test/integration/default/controls/services_spec.rb
+++ b/test/integration/default/controls/services_spec.rb
@@ -12,7 +12,7 @@
     case platform[:family]
     when 'debian'
       case platform_finger
-      when 'debian-10'
+      when 'debian-10', 'ubuntu-20'
         %w[tomcat9 haveged]
       when 'debian-9', 'ubuntu-18', 'ubuntu-16'
         %w[tomcat8 haveged]
diff --git a/test/integration/default/controls/yaml_dump_spec.rb b/test/integration/default/controls/yaml_dump_spec.rb
index 22181d89..7b630bdf 100644
--- a/test/integration/default/controls/yaml_dump_spec.rb
+++ b/test/integration/default/controls/yaml_dump_spec.rb
@@ -11,7 +11,7 @@
     case platform[:family]
     when 'debian'
       case platform_finger
-      when 'debian-10'
+      when 'debian-10', 'ubuntu-20'
         conf_dir = '/etc/tomcat9'
         group = 'tomcat'
         main_config = '/etc/default/tomcat9'
diff --git a/test/salt/comparison_files/main_config/fedora-32 b/test/salt/comparison_files/main_config/fedora-32
new file mode 100644
index 00000000..0f4c78f2
--- /dev/null
+++ b/test/salt/comparison_files/main_config/fedora-32
@@ -0,0 +1,67 @@
+# This file is managed by salt. Manual changes risk being overwritten.
+# # Modify the values passed to the tomcat pillar instead.
+
+# Service-specific configuration file for tomcat. This will be sourced by
+# the SysV init script after the global configuration file
+# /etc/tomcat/tomcat.conf, thus allowing values to be overridden in
+# a per-service manner.
+#
+# NEVER change the init script itself. To change values for all services make
+# your changes in /etc/tomcat/tomcat.conf
+#
+# To change values for a specific service make your edits here.
+# To create a new service create a link from /etc/init.d/<your new service> to
+# /etc/init.d/tomcat (do not copy the init script) and make a copy of the
+# /etc/sysconfig/tomcat file to /etc/sysconfig/<your new service> and change
+# the property values so the two services won't conflict. Register the new
+# service in the system as usual (see chkconfig and similars).
+#
+
+# Where your java installation lives
+JAVA_HOME=/usr/lib/jvm/jre
+
+CATALINA_BASE="/usr/share/tomcat"
+
+CATALINA_HOME="/usr/share/tomcat"
+
+CATALINA_TMPDIR="/var/cache/tomcat/temp"
+
+CATALINA_PID="/var/run/tomcat.pid"
+
+
+# You can pass some parameters to java here if you wish to
+#JAVA_OPTS="-Xminf0.1 -Xmaxf0.3"
+JAVA_OPTS="-Djava.awt.headless=true -Xmx128m -XX:MaxPermSize=256m -Dlog4j.configuration=file:/tmp/log4j.properties -Dlogback.configurationFile=/tmp/logback.xml"
+
+#if CLASSPATH is defined in JAVA_OPTS it may no longer munge with the default CLASSPATH
+#replace and customize if necessary
+#CLASSPATH=/usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar
+
+# Use JAVA_OPTS to set java.library.path for libtcnative.so
+#JAVA_OPTS="-Djava.library.path=/usr/lib64"
+
+# What user should run tomcat
+TOMCAT_USER=tomcat
+
+# What group should run tomcat
+TOMCAT_GROUP=tomcat
+
+# You can change your tomcat locale here
+#LANG="en_US"
+
+# Run tomcat under the Java Security Manager
+SECURITY_MANAGER="false"
+
+
+# Time to wait in seconds, before killing process
+#SHUTDOWN_WAIT="30"
+
+# Whether to annoy the user with "attempting to shut down" messages or not
+#SHUTDOWN_VERBOSE="false"
+
+# Connector port is 8080 for this tomcat instance
+#CONNECTOR_PORT="8080"
+
+# If you wish to further customize your tomcat environment,
+# put your own definitions here
+# (i.e. LD_LIBRARY_PATH for some jdbc drivers)
diff --git a/test/salt/comparison_files/main_config/ubuntu-20 b/test/salt/comparison_files/main_config/ubuntu-20
new file mode 100644
index 00000000..a63ac759
--- /dev/null
+++ b/test/salt/comparison_files/main_config/ubuntu-20
@@ -0,0 +1,58 @@
+# This file is managed by salt. Manual changes risk being overwritten.
+# Modify the values in the tomcat pillar instead.
+
+# Run Tomcat as this user ID. Not setting this or leaving it blank will use the
+# default of tomcat8.
+TOMCAT9_USER=tomcat
+
+# Run Tomcat as this group ID. Not setting this or leaving it blank will use
+# the default of tomcat8.
+TOMCAT9_GROUP=tomcat
+
+# The home directory of the Java development kit (JDK). You need at least
+# JDK version 7. If JAVA_HOME is not set, some common directories for
+# OpenJDK and the Oracle JDK are tried.
+JAVA_HOME=/usr/lib/jvm/default-java
+
+CATALINA_BASE="/var/lib/tomcat9"
+CATALINA_HOME="/usr/share/tomcat9"
+CATALINA_TMPDIR="/var/cache/tomcat9/temp"
+CATALINA_PID="/var/run/tomcat9.pid"
+
+
+# You may pass JVM startup parameters to Java here. If unset, the default
+# options will be: -Djava.awt.headless=true -Xmx128m -XX:+UseConcMarkSweepGC
+#
+# Use "-XX:+UseConcMarkSweepGC" to enable the CMS garbage collector (improved
+# response time). If you use that option and you run Tomcat on a machine with
+# exactly one CPU chip that contains one or two cores, you should also add
+# the "-XX:+CMSIncrementalMode" option.
+JAVA_OPTS="-Djava.awt.headless=true -Xmx128m -XX:MaxPermSize=256m -Dlog4j.configuration=file:/tmp/log4j.properties -Dlogback.configurationFile=/tmp/logback.xml"
+
+# To enable remote debugging uncomment the following line.
+# You will then be able to use a java debugger on port 8000.
+#JAVA_OPTS="${JAVA_OPTS} -Xdebug -Xrunjdwp:transport=dt_socket,address=8000,server=y,suspend=n"
+
+# Java compiler to use for translating JavaServer Pages (JSPs). You can use all
+# compilers that are accepted by Ant's build.compiler property.
+JSP_COMPILER=javac
+
+
+# Use the Java security manager? (yes/no, default: no)
+TOMCAT9_SECURITY=no
+
+
+# Number of days to keep logfiles in /var/log/tomcat8. Default is 14 days.
+#LOGFILE_DAYS=14
+# Whether to compress logfiles older than today's
+#LOGFILE_COMPRESS=1
+
+# Location of the JVM temporary directory
+# WARNING: This directory will be destroyed and recreated at every startup !
+JVM_TMP=/tmp/tomcat
+
+
+# If you run Tomcat on port numbers that are all higher than 1023, then you
+# do not need authbind.  It is used for binding Tomcat to lower port numbers.
+# (yes/no, default: no)
+AUTHBIND=no
diff --git a/test/salt/comparison_files/server_xml/fedora-32.xml b/test/salt/comparison_files/server_xml/fedora-32.xml
new file mode 100644
index 00000000..93757aec
--- /dev/null
+++ b/test/salt/comparison_files/server_xml/fedora-32.xml
@@ -0,0 +1,148 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!--
+
+  This file is managed/autogenerated by salt.
+  Manual changes risk being overwritten.
+
+  Modify the salt pillar for the tomcat formula
+  that generates this file instead.
+
+-->
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!-- Note:  A "Server" is not itself a "Container", so you may not
+     define subcomponents such as "Valves" at this level.
+     Documentation at /docs/config/server.html
+ -->
+<Server port="8005" shutdown="SHUTDOWN">
+  <!-- Security listener. Documentation at /docs/config/listeners.html
+  <Listener className="org.apache.catalina.security.SecurityListener" />
+  -->
+  
+  <!--APR library loader. Documentation at /docs/apr.html -->
+  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+  
+
+  
+
+  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
+  <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
+  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
+
+  <!-- Global JNDI resources
+       Documentation at /docs/jndi-resources-howto.html
+  -->
+  <GlobalNamingResources>
+    
+
+    <!-- Editable user database that can also be used by
+         UserDatabaseRealm to authenticate users
+    -->
+    <Resource name="UserDatabase" auth="Container"
+              type="org.apache.catalina.UserDatabase"
+              description="User database that can be updated and saved"
+              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
+              pathname="conf/tomcat-users.xml" />
+  </GlobalNamingResources>
+
+  <!-- A "Service" is a collection of one or more "Connectors" that share
+       a single "Container" Note:  A "Service" is not itself a "Container",
+       so you may not define subcomponents such as "Valves" at this level.
+       Documentation at /docs/config/service.html
+   -->
+  <Service name="Catalina">
+    <Connector
+    
+               port="8443"
+               protocol="org.apache.coyote.http11.Http11Protocol"
+               connectionTimeout="20000"
+               URIEncoding="UTF-8"
+               redirectPort="8443"
+               maxHttpHeaderSize="8192"
+               maxThreads="150"
+               minSpareThreads="25"
+               enableLookups="false"
+               disableUploadTimeout="true"
+               acceptCount="100"
+               scheme="https"
+               secure="true"
+               clientAuth="false"
+               sslProtocol="TLS"
+               SSLEnabled="false"
+               keystoreFile="/path/to/keystoreFile"
+               keystorePass="somerandomtext"
+    />
+    
+    
+    <Engine name="Catalina" defaultHost="localhost">
+    
+      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
+           via a brute-force attack -->
+      <Realm className="org.apache.catalina.realm.LockOutRealm">
+        <!-- This Realm uses the UserDatabase configured in the global JNDI
+             resources under the key "UserDatabase".  Any edits
+             that are performed against this UserDatabase are immediately
+             available for use by the Realm.  -->
+        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+               resourceName="UserDatabase"/>
+      </Realm>
+
+      
+      
+      <Host name="tomcat-server"
+            unpackWARs="true"
+            autoDeploy="true"
+            deployXML="false">
+            <Context path=""
+                     docBase="../webapps/myapp"
+                     debug="0"
+                     reloadable="true"
+            />
+            
+            <Alias>www.example.com</Alias>
+            
+      </Host>
+      
+      <Host name="example.net"
+            unpackWARs="true"
+            autoDeploy="true">
+            <Context path=""
+                     docBase="../webapps/myapp2"
+                     debug="0"
+                     reloadable="true"
+            />
+            
+            <Alias>www.example.net</Alias>
+            
+              <Valve
+                className="org.apache.catalina.valves.AccessLogValve"
+                directory="logs"
+                prefix="localhost_access_log."
+                fileDateFormat="yyyy-MM-dd-HH"
+                suffix=".log"
+                pattern="%h %l %u %t &quot;%m http://%v%U %H&quot; %s %b &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; %D" />
+              <Valve
+                className="org.apache.catalina.authenticator.SingleSignOn" />
+            
+      </Host>
+      
+      
+    </Engine>
+  </Service>
+</Server>
diff --git a/test/salt/comparison_files/server_xml/ubuntu-20.xml b/test/salt/comparison_files/server_xml/ubuntu-20.xml
new file mode 100644
index 00000000..93757aec
--- /dev/null
+++ b/test/salt/comparison_files/server_xml/ubuntu-20.xml
@@ -0,0 +1,148 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!--
+
+  This file is managed/autogenerated by salt.
+  Manual changes risk being overwritten.
+
+  Modify the salt pillar for the tomcat formula
+  that generates this file instead.
+
+-->
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!-- Note:  A "Server" is not itself a "Container", so you may not
+     define subcomponents such as "Valves" at this level.
+     Documentation at /docs/config/server.html
+ -->
+<Server port="8005" shutdown="SHUTDOWN">
+  <!-- Security listener. Documentation at /docs/config/listeners.html
+  <Listener className="org.apache.catalina.security.SecurityListener" />
+  -->
+  
+  <!--APR library loader. Documentation at /docs/apr.html -->
+  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+  
+
+  
+
+  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
+  <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
+  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
+
+  <!-- Global JNDI resources
+       Documentation at /docs/jndi-resources-howto.html
+  -->
+  <GlobalNamingResources>
+    
+
+    <!-- Editable user database that can also be used by
+         UserDatabaseRealm to authenticate users
+    -->
+    <Resource name="UserDatabase" auth="Container"
+              type="org.apache.catalina.UserDatabase"
+              description="User database that can be updated and saved"
+              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
+              pathname="conf/tomcat-users.xml" />
+  </GlobalNamingResources>
+
+  <!-- A "Service" is a collection of one or more "Connectors" that share
+       a single "Container" Note:  A "Service" is not itself a "Container",
+       so you may not define subcomponents such as "Valves" at this level.
+       Documentation at /docs/config/service.html
+   -->
+  <Service name="Catalina">
+    <Connector
+    
+               port="8443"
+               protocol="org.apache.coyote.http11.Http11Protocol"
+               connectionTimeout="20000"
+               URIEncoding="UTF-8"
+               redirectPort="8443"
+               maxHttpHeaderSize="8192"
+               maxThreads="150"
+               minSpareThreads="25"
+               enableLookups="false"
+               disableUploadTimeout="true"
+               acceptCount="100"
+               scheme="https"
+               secure="true"
+               clientAuth="false"
+               sslProtocol="TLS"
+               SSLEnabled="false"
+               keystoreFile="/path/to/keystoreFile"
+               keystorePass="somerandomtext"
+    />
+    
+    
+    <Engine name="Catalina" defaultHost="localhost">
+    
+      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
+           via a brute-force attack -->
+      <Realm className="org.apache.catalina.realm.LockOutRealm">
+        <!-- This Realm uses the UserDatabase configured in the global JNDI
+             resources under the key "UserDatabase".  Any edits
+             that are performed against this UserDatabase are immediately
+             available for use by the Realm.  -->
+        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+               resourceName="UserDatabase"/>
+      </Realm>
+
+      
+      
+      <Host name="tomcat-server"
+            unpackWARs="true"
+            autoDeploy="true"
+            deployXML="false">
+            <Context path=""
+                     docBase="../webapps/myapp"
+                     debug="0"
+                     reloadable="true"
+            />
+            
+            <Alias>www.example.com</Alias>
+            
+      </Host>
+      
+      <Host name="example.net"
+            unpackWARs="true"
+            autoDeploy="true">
+            <Context path=""
+                     docBase="../webapps/myapp2"
+                     debug="0"
+                     reloadable="true"
+            />
+            
+            <Alias>www.example.net</Alias>
+            
+              <Valve
+                className="org.apache.catalina.valves.AccessLogValve"
+                directory="logs"
+                prefix="localhost_access_log."
+                fileDateFormat="yyyy-MM-dd-HH"
+                suffix=".log"
+                pattern="%h %l %u %t &quot;%m http://%v%U %H&quot; %s %b &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; %D" />
+              <Valve
+                className="org.apache.catalina.authenticator.SingleSignOn" />
+            
+      </Host>
+      
+      
+    </Engine>
+  </Service>
+</Server>
diff --git a/tomcat/osfingermap.yaml b/tomcat/osfingermap.yaml
index b741050c..3211d0e1 100644
--- a/tomcat/osfingermap.yaml
+++ b/tomcat/osfingermap.yaml
@@ -40,6 +40,19 @@ Debian-7:
   group: tomcat7
 
 # os: Ubuntu
+Ubuntu-20.04:
+  ver: 9
+  pkg: tomcat9
+  manager_pkg: tomcat9-admin
+  conf_dir: /etc/tomcat9
+  main_config: /etc/default/tomcat9
+  service: tomcat9
+  user: tomcat
+  group: tomcat
+  catalina_base: /var/lib/tomcat9
+  catalina_home: /usr/share/tomcat9
+  catalina_pid: /var/run/tomcat9.pid
+  catalina_tmpdir: /var/cache/tomcat9/temp
 Ubuntu-18.04: {}
 Ubuntu-16.04: {}
 Ubuntu-14.04:
@@ -54,6 +67,7 @@ Ubuntu-14.04:
   group: tomcat7
 
 # os: Fedora
+Fedora-32: {}
 Fedora-31: {}
 Fedora-30: {}
 

From 2fd6f92a7976b42b61a21687b67a425b0ca5f54e Mon Sep 17 00:00:00 2001
From: Imran Iqbal <iqbalmy@hotmail.com>
Date: Thu, 28 May 2020 19:31:16 +0100
Subject: [PATCH 2/2] ci(kitchen+travis): use new platforms

* Semi-automated using https://github.com/myii/ssf-formula/pull/204
---
 .travis.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 56d728d0..6bc3feb4 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -59,12 +59,12 @@ jobs:
     # Make sure the instances listed below match up with
     # the `platforms` defined in `kitchen.yml`
     - env: INSTANCE=default-debian-10-master-py3
-    # - env: INSTANCE=default-ubuntu-2004-master-py3
-    - env: INSTANCE=default-ubuntu-1804-master-py3
+    - env: INSTANCE=default-ubuntu-2004-master-py3
+    # - env: INSTANCE=default-ubuntu-1804-master-py3
     # - env: INSTANCE=default-centos-8-master-py3
-    # - env: INSTANCE=default-fedora-32-master-py3
-    - env: INSTANCE=default-fedora-31-master-py3
-    - env: INSTANCE=default-opensuse-leap-152-master-py3
+    - env: INSTANCE=default-fedora-32-master-py3
+    # - env: INSTANCE=default-fedora-31-master-py3
+    # - env: INSTANCE=default-opensuse-leap-152-master-py3
     # - env: INSTANCE=default-amazonlinux-2-master-py3
     # - env: INSTANCE=default-debian-10-3000-3-py3
     # - env: INSTANCE=default-debian-9-3000-3-py3
@@ -72,7 +72,7 @@ jobs:
     # - env: INSTANCE=default-centos-8-3000-3-py3
     # - env: INSTANCE=default-centos-7-3000-3-py3
     # - env: INSTANCE=default-fedora-31-3000-3-py3
-    # - env: INSTANCE=default-opensuse-leap-152-3000-3-py3
+    - env: INSTANCE=default-opensuse-leap-152-3000-3-py3
     - env: INSTANCE=default-amazonlinux-2-3000-3-py3
     # - env: INSTANCE=default-ubuntu-1804-3000-3-py2
     # - env: INSTANCE=default-ubuntu-1604-3000-3-py2