.gitattributes

@@ -2,3 +2,4 @@
 *.erb eol=lf
 *.pp eol=lf
 *.sh eol=lf
+*.epp eol=lf

.sync.yml

@@ -15,7 +15,7 @@ Rakefile:
 
 spec/spec_helper.rb:
   mock_with: ':rspec'
-  spec_overrides: |
+  spec_overrides: |-
     require 'webmock/rspec'
     require 'puppet_x/tragiccode/azure'
     WebMock.disable_net_connect!

.travis.yml

@@ -13,7 +13,7 @@ script:
   - 'bundle exec rake $CHECK'
 bundler_args: --without system_tests
 rvm:
-  - 2.5.0
+  - 2.5.1
 env:
   global:
     - BEAKER_PUPPET_COLLECTION=puppet6 PUPPET_GEM_VERSION="~> 6.0"

CHANGELOG.md

@@ -2,6 +2,16 @@
 
 All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org).
 
+## [1.0.1](https://github.com/tragiccode/tragiccode-azure_key_vault/tree/1.0.1) (2018-12-14)
+
+[Full Changelog](https://github.com/tragiccode/tragiccode-azure_key_vault/compare/1.0.0...1.0.1)
+
+### Fixed
+
+- \(GH-42\) Fix .empty? method missing on uri [\#45](https://github.com/TraGicCode/tragiccode-azure_key_vault/pull/45) ([TraGicCode](https://github.com/TraGicCode))
+- \(GH-43\) Fix debug message [\#44](https://github.com/TraGicCode/tragiccode-azure_key_vault/pull/44) ([TraGicCode](https://github.com/TraGicCode))
+- Fix typo in readme.md [\#29](https://github.com/TraGicCode/tragiccode-azure_key_vault/pull/29) ([lupyana](https://github.com/lupyana))
+
 ## [1.0.0](https://github.com/tragiccode/tragiccode-azure_key_vault/tree/1.0.0) (2018-10-25)
 
 [Full Changelog](https://github.com/tragiccode/tragiccode-azure_key_vault/compare/0.4.0...1.0.0)

README.md

@@ -1,6 +1,8 @@
 # azure_key_vault
 
-[![Puppet Forge](http://img.shields.io/puppetforge/v/tragiccode/azure_key_vault.svg)](https://forge.puppetlabs.com/tragiccode/azure_key_vault)
+[![Puppet Forge Version](https://img.shields.io/puppetforge/v/tragiccode/azure_key_vault.svg)](https://forge.puppetlabs.com/tragiccode/azure_key_vault)
+[![Puppet Forge Downloads](https://img.shields.io/puppetforge/dt/tragiccode/azure_key_vault.svg)](https://forge.puppetlabs.com/tragiccode/azure_key_vault)
+[![Puppet Forge Endorsement](https://img.shields.io/puppetforge/e/tragiccode/azure_key_vault.svg)](https://forge.puppetlabs.com/tragiccode/azure_key_vault)
 
 #### Table of Contents
 
@@ -25,7 +27,7 @@ The module requires the following:
 
 * Puppet Agent 4.7.1 or later.
 * Azure Subscription with one or more vaults already created and loaded with secrets.
-* Puppet Server running on a machine with Managed Service Identity ( MSI ) and assigned the appropriate permissions 
+* Puppet Server running on a machine with Managed Service Identity ( MSI ) and assigned the appropriate permissions
   to pull secrets from the vault. To learn more or get help with this please visit https://docs.microsoft.com/en-us/azure/active-directory/managed-service-identity/tutorial-windows-vm-access-nonaad
 
 ## How the function works
@@ -34,7 +36,7 @@ This module contains a Puppet 4 function that allows you to securely retrieve se
 
 ```puppet
 $important_secret = azure_key_vault::secret('production-vault', 'important-secret', {
-  metadata_api_version => '2018-02-01',
+  metadata_api_version => '2018-04-02',
   vault_api_version    => '2016-10-01',
 })
 ```
@@ -58,7 +60,7 @@ Add a new entry to the `hierarchy` hash in `hiera.yaml` referencing the vault na
     options:
       vault_name: production-vault
       vault_api_version: '2016-10-01'
-      metadata_api_version: '2018-02-01'
+      metadata_api_version: '2018-04-02'
 ```
 
 To retrieve a secret in puppet code you can use the `lookup` function:
@@ -78,15 +80,15 @@ some_class::password: "%{lookup('important-secret')}"
 You can use a fact to specify different vaults for different groups of nodes. It is
 recommended to use a trusted fact such as trusted.extensions.pp_environment as these facts
 cannot be altered.
-Alternatively a custom trusted fact can be included [in the certificate request](https://puppet.com/docs/puppet/latest/ssl_attributes_extensions.html)]
+Alternatively a custom trusted fact can be included [in the certificate request](https://puppet.com/docs/puppet/latest/ssl_attributes_extensions.html)
 
 ```yaml
 - name: 'Azure Key Vault Secrets from trusted fact'
     lookup_key: azure_key_vault::lookup
     options:
       vault_name: "%{trusted.extensions.pp_environment}"
       vault_api_version: '2016-10-01'
-      metadata_api_version: '2018-02-01'
+      metadata_api_version: '2018-04-02'
 ```
 
 ## How it's secure by default
@@ -95,7 +97,7 @@ In order to prevent accidental leakage of your secrets throughout all of the loc
 
 ```puppet
 $secret = azure_key_vault::secret('production-vault', 'important-secret', {
-  metadata_api_version => '2018-02-01',
+  metadata_api_version => '2018-04-02',
   vault_api_version    => '2016-10-01',
 })
 notice($secret)
@@ -120,7 +122,7 @@ In order to change the original secret you always follow the same 3 step process
 
 ```puppet
 $secret = azure_key_vault::secret('production-vault', 'important-secret', {
-  metadata_api_version => '2018-02-01',
+  metadata_api_version => '2018-04-02',
   vault_api_version    => '2016-10-01',
 })
 
@@ -138,7 +140,7 @@ Unfortunately, All resource's don't magically handle the sensitive data type.  I
 
 ```puppet
 $admin_password_secret = azure_key_vault::secret('production-vault', 'important-secret', {
-  metadata_api_version => '2018-02-01',
+  metadata_api_version => '2018-04-02',
   vault_api_version    => '2016-10-01',
 })
 
@@ -159,7 +161,7 @@ Below shows an example of how to retrieve a secret and place it in a file on a n
 ```puppet
 file { 'C:\\DataForApplication.secret':
   content   => azure_key_vault::secret('production-vault', 'important-secret', {
-    metadata_api_version => '2018-02-01',
+    metadata_api_version => '2018-04-02',
     vault_api_version    => '2016-10-01',
   }),
   ensure    => file,
@@ -172,7 +174,7 @@ By Default, the latest secret is always retrieved from the vault.  If you want t
 
 ```puppet
 $admin_password_secret = azure_key_vault::secret('production-vault', 'admin-password', {
-  metadata_api_version => '2018-02-01',
+  metadata_api_version => '2018-04-02',
   vault_api_version    => '2016-10-01',
 },
 '067e89990f0a4a50a7bd854b40a56089')
@@ -192,4 +194,4 @@ See [REFERENCE.md](https://github.com/tragiccode/tragiccode-azure_key_vault/blob
 1. Create your feature branch (`git checkout -b my-new-feature`)
 1. Commit your changes (`git commit -am 'Add some feature'`)
 1. Push to the branch (`git push origin my-new-feature`)
-1. Create a new Pull Request
+1. Create a new Pull Request

Rakefile

@@ -2,6 +2,7 @@ require 'puppetlabs_spec_helper/rake_tasks'
 require 'puppet-syntax/tasks/puppet-syntax'
 require 'puppet_blacksmith/rake_tasks' if Bundler.rubygems.find_name('puppet-blacksmith').any?
 require 'github_changelog_generator/task' if Bundler.rubygems.find_name('github_changelog_generator').any?
+require 'puppet-strings/tasks' if Bundler.rubygems.find_name('puppet-strings').any?
 require 'puppet-strings/tasks'
 
 def changelog_user

appveyor.yml

@@ -1,5 +1,8 @@
 ---
 version: 1.1.x.{build}
+branches:
+  only:
+    - master
 skip_commits:
   message: /^\(?doc\)?.*/
 clone_depth: 10

lib/puppet/functions/azure_key_vault/secret.rb

@@ -15,7 +15,7 @@
   end
 
   def secret(vault_name, secret_name, api_versions_hash, secret_version = '')
-    Puppet.debug("vault_base_url: #{vault_name}")
+    Puppet.debug("vault_name: #{vault_name}")
     Puppet.debug("secret_name: #{secret_name}")
     Puppet.debug("secret_version: #{secret_version}")
     Puppet.debug("metadata_api_version: #{api_versions_hash['metadata_api_version']}")

lib/puppet_x/tragiccode/azure.rb

@@ -6,7 +6,7 @@ module TragicCode
   class Azure
     def self.get_access_token(api_version)
       uri = URI("http://169.254.169.254/metadata/identity/oauth2/token?api-version=#{api_version}&resource=https%3A%2F%2Fvault.azure.net")
-      req = Net::HTTP::Get.new(uri)
+      req = Net::HTTP::Get.new(uri.to_s)
       req['Metadata'] = 'true'
       res = Net::HTTP.start(uri.hostname, uri.port) do |http|
         http.request(req)
@@ -18,7 +18,7 @@ def self.get_access_token(api_version)
     def self.get_secret(vault_name, secret_name, vault_api_version, access_token, secret_version)
       version_parameter = secret_version.empty? ? secret_version : "/#{secret_version}"
       uri = URI("https://#{vault_name}.vault.azure.net/secrets/#{secret_name}#{version_parameter}?api-version=#{vault_api_version}")
-      req = Net::HTTP::Get.new(uri)
+      req = Net::HTTP::Get.new(uri.to_s)
       req['Authorization'] = "Bearer #{access_token}"
       res = Net::HTTP.start(uri.hostname, uri.port, use_ssl: true) do |http|
         http.request(req)

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "tragiccode-azure_key_vault",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "author": "tragiccode",
   "summary": "The azure_key_vault module allows you to easily fetch secrets securely within your puppet manifests.",
   "license": "Apache-2.0",
@@ -68,7 +68,7 @@
     "azure key vault",
     "azure vault"
   ],
-  "pdk-version": "1.7.1",
+  "pdk-version": "1.8.0",
   "template-url": "file:///opt/puppetlabs/pdk/share/cache/pdk-templates.git",
-  "template-ref": "1.7.1-0-g810b982"
-}
+  "template-ref": "1.8.0-0-g0d9da00"
+}

spec/default_facts.yml

@@ -2,7 +2,6 @@
 #
 # Facts specified here will override the values provided by rspec-puppet-facts.
 ---
-concat_basedir: ""
 ipaddress: "172.16.254.254"
 is_pe: false
 macaddress: "AA:AA:AA:AA:AA:AA"

spec/spec_helper.rb

@@ -5,11 +5,7 @@
 require 'puppetlabs_spec_helper/module_spec_helper'
 require 'rspec-puppet-facts'
 
-begin
-  require 'spec_helper_local' if File.file?(File.join(File.dirname(__FILE__), 'spec_helper_local.rb'))
-rescue LoadError => loaderror
-  warn "Could not require spec_helper_local: #{loaderror.message}"
-end
+require 'spec_helper_local' if File.file?(File.join(File.dirname(__FILE__), 'spec_helper_local.rb'))
 
 include RspecPuppetFacts
 
@@ -18,15 +14,19 @@
   facterversion: Facter.version,
 }
 
-default_facts_path = File.expand_path(File.join(File.dirname(__FILE__), 'default_facts.yml'))
-default_module_facts_path = File.expand_path(File.join(File.dirname(__FILE__), 'default_module_facts.yml'))
+default_fact_files = [
+  File.expand_path(File.join(File.dirname(__FILE__), 'default_facts.yml')),
+  File.expand_path(File.join(File.dirname(__FILE__), 'default_module_facts.yml')),
+]
 
-if File.exist?(default_facts_path) && File.readable?(default_facts_path)
-  default_facts.merge!(YAML.safe_load(File.read(default_facts_path)))
-end
+default_fact_files.each do |f|
+  next unless File.exist?(f) && File.readable?(f) && File.size?(f)
 
-if File.exist?(default_module_facts_path) && File.readable?(default_module_facts_path)
-  default_facts.merge!(YAML.safe_load(File.read(default_module_facts_path)))
+  begin
+    default_facts.merge!(YAML.safe_load(File.read(f)))
+  rescue => e
+    RSpec.configuration.reporter.message "WARNING: Unable to load #{f}: #{e}"
+  end
 end
 
 RSpec.configure do |c|
@@ -40,8 +40,8 @@
 
 def ensure_module_defined(module_name)
   module_name.split('::').reduce(Object) do |last_module, next_module|
-    last_module.const_set(next_module, Module.new) unless last_module.const_defined?(next_module)
-    last_module.const_get(next_module)
+    last_module.const_set(next_module, Module.new) unless last_module.const_defined?(next_module, false)
+    last_module.const_get(next_module, false)
   end
 end