From ecef2ac28414e7d004d3e5268dfba9dc0d893187 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Sun, 30 Apr 2023 13:08:04 -1000 Subject: [PATCH 1/6] Update with ModuleSync --- .github/workflows/ci.yml | 94 +++++------------------------------ .github/workflows/release.yml | 35 ++++++------- .gitignore | 25 +++++++++- .pmtignore | 37 ++++++++++++++ .puppet-lint.rc | 3 ++ .rspec | 5 +- .rspec_parallel | 4 ++ .rubocop.yml | 19 ++----- .yardopts | 2 - Gemfile | 31 +++++++----- Rakefile | 74 ++++++++++----------------- spec/spec_helper.rb | 22 +++++--- 12 files changed, 158 insertions(+), 193 deletions(-) create mode 100644 .pmtignore create mode 100644 .puppet-lint.rc create mode 100644 .rspec_parallel diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d18c2ab..8a07791 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,86 +1,18 @@ -# DO NOT EDIT THIS FILE! -# This file is managed by ModuleSync. +--- +# Managed by modulesync - DO NOT EDIT +# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ name: CI -on: - push: - branches: - - main - - master - pull_request: - branches: - - main - - master +on: pull_request -jobs: - setup_matrix: - name: 'Setup Test Matrix' - runs-on: ubuntu-latest - outputs: - beaker_setfiles: ${{ steps.get-outputs.outputs.beaker_setfiles }} - puppet_major_versions: ${{ steps.get-outputs.outputs.puppet_major_versions }} - puppet_unit_test_matrix: ${{ steps.get-outputs.outputs.puppet_unit_test_matrix }} - env: - BUNDLE_WITHOUT: development:test:release - steps: - - uses: actions/checkout@v2 - - name: Setup ruby - uses: ruby/setup-ruby@v1 - with: - ruby-version: '2.7' - bundler-cache: true - - name: Run rake validate - run: bundle exec rake validate - - name: Setup Test Matrix - id: get-outputs - run: bundle exec metadata2gha --use-fqdn --pidfile-workaround false - - unit: - needs: setup_matrix - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - include: ${{fromJson(needs.setup_matrix.outputs.puppet_unit_test_matrix)}} - env: - BUNDLE_WITHOUT: development:system_tests:release - PUPPET_VERSION: "~> ${{ matrix.puppet }}.0" - name: Puppet ${{ matrix.puppet }} (Ruby ${{ matrix.ruby }}) - steps: - - uses: actions/checkout@v2 - - name: Setup ruby - uses: ruby/setup-ruby@v1 - with: - ruby-version: ${{ matrix.ruby }} - bundler-cache: true - - name: Run tests - run: bundle exec rake +concurrency: + group: ${{ github.ref_name }} + cancel-in-progress: true - acceptance: - needs: setup_matrix - runs-on: ubuntu-latest - env: - BUNDLE_WITHOUT: development:test:release - strategy: - fail-fast: false - matrix: - setfile: ${{fromJson(needs.setup_matrix.outputs.beaker_setfiles)}} - puppet: ${{fromJson(needs.setup_matrix.outputs.puppet_major_versions)}} - name: ${{ matrix.puppet.name }} - ${{ matrix.setfile.name }} - steps: - - name: Enable IPv6 on docker - run: | - echo '{"ipv6":true,"fixed-cidr-v6":"2001:db8:1::/64"}' | sudo tee /etc/docker/daemon.json - sudo service docker restart - - uses: actions/checkout@v2 - - name: Setup ruby - uses: ruby/setup-ruby@v1 - with: - ruby-version: '2.7' - bundler-cache: true - - name: Run tests - run: bundle exec rake beaker - env: - BEAKER_PUPPET_COLLECTION: ${{ matrix.puppet.collection }} - BEAKER_setfile: ${{ matrix.setfile.value }} +jobs: + puppet: + name: Puppet + uses: voxpupuli/gha-puppet/.github/workflows/beaker.yml@v1 + with: + pidfile_workaround: 'false' diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 68b8528..1d0aa2f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,3 +1,7 @@ +--- +# Managed by modulesync - DO NOT EDIT +# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ + name: Release on: @@ -5,25 +9,14 @@ on: tags: - '*' -env: - BUNDLE_WITHOUT: development:test:system_tests - jobs: - deploy: - name: 'deploy to forge' - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v2 - - name: Setup Ruby - uses: ruby/setup-ruby@v1 - with: - ruby-version: '2.7' - bundler-cache: true - - name: Build and Deploy - env: - # Configure secrets here: - # https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets - BLACKSMITH_FORGE_USERNAME: '${{ secrets.PUPPET_FORGE_USERNAME }}' - BLACKSMITH_FORGE_API_KEY: '${{ secrets.PUPPET_FORGE_API_KEY }}' - run: bundle exec rake module:push + release: + name: Release + uses: voxpupuli/gha-puppet/.github/workflows/release.yml@v1 + with: + allowed_owner: 'opus-codium' + secrets: + # Configure secrets here: + # https://docs.github.com/en/actions/security-guides/encrypted-secrets + username: ${{ secrets.PUPPET_FORGE_USERNAME }} + api_key: ${{ secrets.PUPPET_FORGE_API_KEY }} diff --git a/.gitignore b/.gitignore index d04d974..84fd904 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,23 @@ -.bundle -Gemfile.lock +# Managed by modulesync - DO NOT EDIT +# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ + +/pkg/ +/Gemfile.lock +/Gemfile.local +/vendor/ +/.vendor/ +/spec/fixtures/manifests/ +/spec/fixtures/modules/ +/.vagrant/ +/.bundle/ +/.ruby-version +/coverage/ +/log/ +/.idea/ +/.dependencies/ +/.librarian/ +/Puppetfile.lock +*.iml +.*.sw? +/.yardoc/ +/Guardfile diff --git a/.pmtignore b/.pmtignore new file mode 100644 index 0000000..58a0408 --- /dev/null +++ b/.pmtignore @@ -0,0 +1,37 @@ +# Managed by modulesync - DO NOT EDIT +# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ + +/docs/ +/pkg/ +/Gemfile +/Gemfile.lock +/Gemfile.local +/vendor/ +/.vendor/ +/spec/ +/Rakefile +/.vagrant/ +/.bundle/ +/.ruby-version +/coverage/ +/log/ +/.idea/ +/.dependencies/ +/.github/ +/.librarian/ +/Puppetfile.lock +*.iml +/.editorconfig +/.fixtures.yml +/.gitignore +/.msync.yml +/.overcommit.yml +/.pmtignore +/.rspec +/.rspec_parallel +/.rubocop.yml +/.sync.yml +.*.sw? +/.yardoc/ +/.yardopts +/Dockerfile diff --git a/.puppet-lint.rc b/.puppet-lint.rc new file mode 100644 index 0000000..dd8272c --- /dev/null +++ b/.puppet-lint.rc @@ -0,0 +1,3 @@ +--fail-on-warnings +--no-parameter_documentation-check +--no-parameter_types-check diff --git a/.rspec b/.rspec index 0b84c1c..f634583 100644 --- a/.rspec +++ b/.rspec @@ -1,4 +1,5 @@ -# DO NOT EDIT THIS FILE! -# This file is managed by ModuleSync. +# Managed by modulesync - DO NOT EDIT +# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ + --format documentation --color diff --git a/.rspec_parallel b/.rspec_parallel new file mode 100644 index 0000000..a9a84f8 --- /dev/null +++ b/.rspec_parallel @@ -0,0 +1,4 @@ +# Managed by modulesync - DO NOT EDIT +# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ + +--format progress diff --git a/.rubocop.yml b/.rubocop.yml index 0c53a1e..53ac189 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -1,19 +1,6 @@ --- -# DO NOT EDIT THIS FILE! -# This file is managed by ModuleSync. +# Managed by modulesync - DO NOT EDIT +# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ + inherit_gem: voxpupuli-test: rubocop.yml -AllCops: - TargetRubyVersion: "2.4" -Metrics/LineLength: - Description: People have wide screens, use them. - Max: 200 -Metrics/BlockLength: - Enabled: false -Style/FrozenStringLiteralComment: - Enabled: false -Style/RegexpLiteral: - Enabled: false -Style/TrailingCommaInArguments: - Description: Be consistent with Puppet's style - EnforcedStyleForMultiline: comma diff --git a/.yardopts b/.yardopts index f235a7c..2af9eb2 100644 --- a/.yardopts +++ b/.yardopts @@ -1,3 +1 @@ -# DO NOT EDIT THIS FILE! -# This file is managed by ModuleSync. --fail-on-warning diff --git a/Gemfile b/Gemfile index ece9b37..0d3a9e0 100644 --- a/Gemfile +++ b/Gemfile @@ -1,29 +1,34 @@ -# DO NOT EDIT THIS FILE! -# This file is managed by ModuleSync. +# Managed by modulesync - DO NOT EDIT +# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ -source ENV['GEM_SOURCE'] || "https://rubygems.org" +source ENV['GEM_SOURCE'] || 'https://rubygems.org' group :test do - gem 'voxpupuli-test', '~> 2.1', :require => false - gem 'simplecov-console', :require => false + gem 'voxpupuli-test', '~> 5.4', :require => false + gem 'coveralls', :require => false + gem 'simplecov-console', :require => false + gem 'puppet_metadata', '~> 2.0', :require => false end + group :development do + gem 'guard-rake', :require => false + gem 'overcommit', '>= 0.39.1', :require => false end + group :system_tests do - gem 'puppet_metadata', '~> 0.3.0', :require => false - gem 'voxpupuli-acceptance', :require => false + gem 'voxpupuli-acceptance', '~> 1.0', :require => false end + group :release do - gem 'github_changelog_generator', '>= 1.16.1', :require => false - gem 'puppet-blacksmith', :require => false - gem 'voxpupuli-release', :require => false - gem 'puppet-strings', '>= 2.2', :require => false + gem 'github_changelog_generator', '>= 1.16.1', :require => false if RUBY_VERSION >= '2.5' + gem 'voxpupuli-release', '~> 2.0', :require => false + gem 'faraday-retry', '~> 2.1', :require => false if RUBY_VERSION >= '2.6' end -gem 'puppetlabs_spec_helper', '~> 2.0', :require => false + gem 'rake', :require => false gem 'facter', ENV['FACTER_GEM_VERSION'], :require => false, :groups => [:test] -puppetversion = ENV['PUPPET_VERSION'] || '~> 6.0' +puppetversion = ENV['PUPPET_GEM_VERSION'] || '~> 7.24' gem 'puppet', puppetversion, :require => false, :groups => [:test] # vim: syntax=ruby diff --git a/Rakefile b/Rakefile index 02eb8a1..fed0497 100644 --- a/Rakefile +++ b/Rakefile @@ -1,14 +1,22 @@ -# DO NOT EDIT THIS FILE! -# This file is managed by ModuleSync. +# Managed by modulesync - DO NOT EDIT +# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ -# Attempt to load voxupuli-test (which pulls in puppetlabs_spec_helper), +# Attempt to load voxpupuli-test (which pulls in puppetlabs_spec_helper), # otherwise attempt to load it directly. begin require 'voxpupuli/test/rake' +rescue LoadError + begin + require 'puppetlabs_spec_helper/rake_tasks' + rescue LoadError + end +end - task default: :rubocop +# load optional tasks for acceptance +# only available if gem group releases is installed +begin + require 'voxpupuli/acceptance/rake' rescue LoadError - require 'puppetlabs_spec_helper/rake_tasks' end # load optional tasks for releases @@ -16,51 +24,21 @@ end begin require 'voxpupuli/release/rake_tasks' rescue LoadError + # voxpupuli-release not present +else + GCGConfig.user = 'opus-codium' + GCGConfig.project = 'puppet-dehydrated' end -desc 'Generate REFERENCE.md' -task :reference, [:debug, :backtrace] do |t, args| - patterns = '' - Rake::Task['strings:generate:reference'].invoke(patterns, args[:debug], args[:backtrace]) -end - -begin - require 'github_changelog_generator/task' - GitHubChangelogGenerator::RakeTask.new :changelog do |config| - config.future_release = Blacksmith::Modulefile.new.version - config.header = <<~HEADER.chomp - # Changelog - - All notable changes to this project will be documented in this file. - - The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) - and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). - HEADER - config.exclude_labels = %w{duplicate question invalid wontfix wont-fix modulesync skip-changelog ignore} - config.user = 'opus-codium' - metadata_json = File.join(File.dirname(__FILE__), 'metadata.json') - metadata = JSON.load(File.read(metadata_json)) - config.project = "puppet-#{metadata['name'].split('-').last}" - end - - require 'puppet_blacksmith' - Blacksmith::RakeTask.new do |t| - t.tag_pattern = '%s' - t.commit_message_pattern = 'Bump version to %s' - end - - # Workaround for https://github.com/github-changelog-generator/github-changelog-generator/issues/715 - require 'rbconfig' - if RbConfig::CONFIG['host_os'] =~ /linux/ - task :changelog do - puts 'Fixing line endings...' - changelog_file = File.join(__dir__, 'CHANGELOG.md') - changelog_txt = File.read(changelog_file) - new_contents = changelog_txt.gsub(%r{\r\n}, "\n") - File.open(changelog_file, "w") {|file| file.puts new_contents } - end +desc "Run main 'test' task and report merged results to coveralls" +task test_with_coveralls: [:test] do + if Dir.exist?(File.expand_path('../lib', __FILE__)) + require 'coveralls/rake/task' + Coveralls::RakeTask.new + Rake::Task['coveralls:push'].invoke + else + puts 'Skipping reporting to coveralls. Module has no lib dir' end - -rescue LoadError end + # vim: syntax=ruby diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 6a41935..6515b7b 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,13 +1,19 @@ -# DO NOT EDIT THIS FILE! -# This file is managed by ModuleSync. -# # frozen_string_literal: true -require 'puppetlabs_spec_helper/module_spec_helper' +# Managed by modulesync - DO NOT EDIT +# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ -require 'rspec-puppet-facts' -include RspecPuppetFacts +# puppetlabs_spec_helper will set up coverage if the env variable is set. +# We want to do this if lib exists and it hasn't been explicitly set. +ENV['COVERAGE'] ||= 'yes' if Dir.exist?(File.expand_path('../lib', __dir__)) -RSpec.configure do |c| - c.hiera_config = 'spec/fixtures/hiera/hiera.yaml' +require 'voxpupuli/test/spec_helper' + +add_mocked_facts! + +if File.exist?(File.join(__dir__, 'default_module_facts.yml')) + facts = YAML.safe_load(File.read(File.join(__dir__, 'default_module_facts.yml'))) + facts&.each do |name, value| + add_custom_fact name.to_sym, value + end end From 66c6ac34db587cd032d6f0743f0feeec0e872260 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Sun, 30 Apr 2023 13:08:39 -1000 Subject: [PATCH 2/6] Update REFERENCE.md --- REFERENCE.md | 188 +++++++++++++++++++++++++-------------------------- 1 file changed, 94 insertions(+), 94 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index 457bf3f..b1cd8c1 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -9,7 +9,7 @@ #### Public Classes * [`dehydrated`](#dehydrated): Main class used to setup the system. -* [`dehydrated::apache`](#dehydratedapache): Serve challenges with Apache +* [`dehydrated::apache`](#dehydrated--apache): Serve challenges with Apache #### Private Classes @@ -23,16 +23,16 @@ ### Defined types -* [`dehydrated::certificate`](#dehydratedcertificate): Class used to describe the certificates that should be maintained. +* [`dehydrated::certificate`](#dehydrated--certificate): Class used to describe the certificates that should be maintained. ### Functions -* [`dehydrated::apache::vhost_attributes`](#dehydratedapachevhost_attributes): Return the apache::vhost SSL configuration for a host -* [`dehydrated::certsdir`](#dehydratedcertsdir): Return the root directory of dehydrated certificates -* [`dehydrated::ssl_cert_file`](#dehydratedssl_cert_file): Return the full path to a certificate file -* [`dehydrated::ssl_chain_file`](#dehydratedssl_chain_file): Return the full path to a certificate chain file -* [`dehydrated::ssl_fullchain_file`](#dehydratedssl_fullchain_file): Return the full path to a certificate fullchain file -* [`dehydrated::ssl_privkey_file`](#dehydratedssl_privkey_file): Return the full path to a private key file +* [`dehydrated::apache::vhost_attributes`](#dehydrated--apache--vhost_attributes): Return the apache::vhost SSL configuration for a host +* [`dehydrated::certsdir`](#dehydrated--certsdir): Return the root directory of dehydrated certificates +* [`dehydrated::ssl_cert_file`](#dehydrated--ssl_cert_file): Return the full path to a certificate file +* [`dehydrated::ssl_chain_file`](#dehydrated--ssl_chain_file): Return the full path to a certificate chain file +* [`dehydrated::ssl_fullchain_file`](#dehydrated--ssl_fullchain_file): Return the full path to a certificate fullchain file +* [`dehydrated::ssl_privkey_file`](#dehydrated--ssl_privkey_file): Return the full path to a private key file ### Tasks @@ -41,7 +41,7 @@ ### Plans -* [`dehydrated::renew`](#dehydratedrenew): Renew certificates about to expire +* [`dehydrated::renew`](#dehydrated--renew): Renew certificates about to expire ## Classes @@ -53,53 +53,53 @@ Main class used to setup the system. The following parameters are available in the `dehydrated` class: -* [`apache_user`](#apache_user) -* [`bin`](#bin) -* [`etcdir`](#etcdir) -* [`group`](#group) -* [`package`](#package) -* [`user`](#user) -* [`repo_source`](#repo_source) -* [`repo_revision`](#repo_revision) -* [`dependencies`](#dependencies) -* [`apache_integration`](#apache_integration) -* [`cron_integration`](#cron_integration) -* [`ip_version`](#ip_version) -* [`ca`](#ca) -* [`ca_terms`](#ca_terms) -* [`license`](#license) -* [`challengetype`](#challengetype) -* [`keysize`](#keysize) -* [`openssl_cnf`](#openssl_cnf) -* [`hook`](#hook) -* [`hook_chain`](#hook_chain) -* [`renew_days`](#renew_days) -* [`private_key_renew`](#private_key_renew) -* [`private_key_rollover`](#private_key_rollover) -* [`key_algo`](#key_algo) -* [`contact_email`](#contact_email) -* [`ocsp_must_staple`](#ocsp_must_staple) -* [`timeout`](#timeout) - -##### `apache_user` +* [`apache_user`](#-dehydrated--apache_user) +* [`bin`](#-dehydrated--bin) +* [`etcdir`](#-dehydrated--etcdir) +* [`group`](#-dehydrated--group) +* [`package`](#-dehydrated--package) +* [`user`](#-dehydrated--user) +* [`repo_source`](#-dehydrated--repo_source) +* [`repo_revision`](#-dehydrated--repo_revision) +* [`dependencies`](#-dehydrated--dependencies) +* [`apache_integration`](#-dehydrated--apache_integration) +* [`cron_integration`](#-dehydrated--cron_integration) +* [`ip_version`](#-dehydrated--ip_version) +* [`ca`](#-dehydrated--ca) +* [`ca_terms`](#-dehydrated--ca_terms) +* [`license`](#-dehydrated--license) +* [`challengetype`](#-dehydrated--challengetype) +* [`keysize`](#-dehydrated--keysize) +* [`openssl_cnf`](#-dehydrated--openssl_cnf) +* [`hook`](#-dehydrated--hook) +* [`hook_chain`](#-dehydrated--hook_chain) +* [`renew_days`](#-dehydrated--renew_days) +* [`private_key_renew`](#-dehydrated--private_key_renew) +* [`private_key_rollover`](#-dehydrated--private_key_rollover) +* [`key_algo`](#-dehydrated--key_algo) +* [`contact_email`](#-dehydrated--contact_email) +* [`ocsp_must_staple`](#-dehydrated--ocsp_must_staple) +* [`timeout`](#-dehydrated--timeout) + +##### `apache_user` Data type: `String` User account of apache httpd. -##### `bin` +##### `bin` Data type: `String` Path to the dehydrated command. -##### `etcdir` +##### `etcdir` Data type: `String` Path to the dehydrated configuration directory. -##### `group` +##### `group` Data type: `String` @@ -107,13 +107,13 @@ Group of the user account used to manage certificates. Default value: `'dehydrated'` -##### `package` +##### `package` Data type: `Optional[String]` Name of the package providing dehydrated. -##### `user` +##### `user` Data type: `String` @@ -121,7 +121,7 @@ User account used to manage certificates. Default value: `'dehydrated'` -##### `repo_source` +##### `repo_source` Data type: `String` @@ -129,7 +129,7 @@ URL of the repository providing dehydrated. Default value: `'https://github.com/dehydrated-io/dehydrated.git'` -##### `repo_revision` +##### `repo_revision` Data type: `String` @@ -137,7 +137,7 @@ Revision to fetch from the repository providing dehydrated. Default value: `'v0.7.0'` -##### `dependencies` +##### `dependencies` Data type: `Array[String]` @@ -145,155 +145,155 @@ Extra dependencies needed to run dehydrated. Default value: `[]` -##### `apache_integration` +##### `apache_integration` Data type: `Boolean` Setup apache to serve the generated challenges. -Default value: ``false`` +Default value: `false` -##### `cron_integration` +##### `cron_integration` Data type: `Boolean` Setup cron to automatically renew certificates. -Default value: ``false`` +Default value: `false` -##### `ip_version` +##### `ip_version` Data type: `Optional[Variant[Integer[4,4],Integer[6,6]]]` Use only this IP version for name resolution. -Default value: ``undef`` +Default value: `undef` -##### `ca` +##### `ca` Data type: `Optional[Stdlib::Httpurl]` Path to certificate authority. -Default value: ``undef`` +Default value: `undef` -##### `ca_terms` +##### `ca_terms` Data type: `Optional[Stdlib::Httpurl]` Path to certificate authority license terms redirect. -Default value: ``undef`` +Default value: `undef` -##### `license` +##### `license` Data type: `Optional[String]` Path to license agreement. -Default value: ``undef`` +Default value: `undef` -##### `challengetype` +##### `challengetype` Data type: `Optional[Enum['http-01', 'dns-01']]` Challenge type to be used. -Default value: ``undef`` +Default value: `undef` -##### `keysize` +##### `keysize` Data type: `Optional[Integer[0]]` Default keysize for private keys. -Default value: ``undef`` +Default value: `undef` -##### `openssl_cnf` +##### `openssl_cnf` Data type: `Optional[String]` Path to openssl config file. -Default value: ``undef`` +Default value: `undef` -##### `hook` +##### `hook` Data type: `Optional[String]` Program or function called in certain situations. -Default value: ``undef`` +Default value: `undef` -##### `hook_chain` +##### `hook_chain` Data type: `Optional[Boolean]` Chain clean_challenge|deploy_challenge arguments together into one hook call per certificate. -Default value: ``undef`` +Default value: `undef` -##### `renew_days` +##### `renew_days` Data type: `Optional[Integer[0]]` Minimum days before expiration to automatically renew certificate. -Default value: ``undef`` +Default value: `undef` -##### `private_key_renew` +##### `private_key_renew` Data type: `Optional[Boolean]` Regenerate private keys instead of just signing new certificates on renewal. -Default value: ``undef`` +Default value: `undef` -##### `private_key_rollover` +##### `private_key_rollover` Data type: `Optional[Boolean]` Create an extra private key for rollover. -Default value: ``undef`` +Default value: `undef` -##### `key_algo` +##### `key_algo` Data type: `Optional[Enum['rsa', 'prime256v1', 'secp384r1']]` Which public key algorithm should be used? -Default value: ``undef`` +Default value: `undef` -##### `contact_email` +##### `contact_email` Data type: `String` E-mail address Let's Encrypt can use to reach you regarding your certificates. -##### `ocsp_must_staple` +##### `ocsp_must_staple` Data type: `Optional[Boolean]` Option to add CSR-flag indicating OCSP stapling to be mandatory. -Default value: ``undef`` +Default value: `undef` -##### `timeout` +##### `timeout` Data type: `Optional[Integer[0]]` Execution timeout for dehydrated tool. -Default value: ``undef`` +Default value: `undef` -### `dehydrated::apache` +### `dehydrated::apache` Serve challenges with Apache ## Defined types -### `dehydrated::certificate` +### `dehydrated::certificate` Class used to describe the certificates that should be maintained. @@ -301,9 +301,9 @@ Class used to describe the certificates that should be maintained. The following parameters are available in the `dehydrated::certificate` defined type: -* [`domains`](#domains) +* [`domains`](#-dehydrated--certificate--domains) -##### `domains` +##### `domains` Data type: `Array[String]` @@ -313,7 +313,7 @@ Default value: `[]` ## Functions -### `dehydrated::apache::vhost_attributes` +### `dehydrated::apache::vhost_attributes` Type: Puppet Language @@ -357,7 +357,7 @@ Data type: `String` The name of the host to consider -### `dehydrated::certsdir` +### `dehydrated::certsdir` Type: Puppet Language @@ -369,7 +369,7 @@ Return the root directory of dehydrated certificates Returns: `String` The directory of dehydrated certificates -### `dehydrated::ssl_cert_file` +### `dehydrated::ssl_cert_file` Type: Puppet Language @@ -387,7 +387,7 @@ Data type: `String` The name of the host to consider -### `dehydrated::ssl_chain_file` +### `dehydrated::ssl_chain_file` Type: Puppet Language @@ -405,7 +405,7 @@ Data type: `String` The name of the host to consider -### `dehydrated::ssl_fullchain_file` +### `dehydrated::ssl_fullchain_file` Type: Puppet Language @@ -423,7 +423,7 @@ Data type: `String` The name of the host to consider -### `dehydrated::ssl_privkey_file` +### `dehydrated::ssl_privkey_file` Type: Puppet Language @@ -465,7 +465,7 @@ Renew certificates about to expire ## Plans -### `dehydrated::renew` +### `dehydrated::renew` Renew certificates about to expire @@ -473,9 +473,9 @@ Renew certificates about to expire The following parameters are available in the `dehydrated::renew` plan: -* [`targets`](#targets) +* [`targets`](#-dehydrated--renew--targets) -##### `targets` +##### `targets` Data type: `TargetSpec` From 856239142a5cb4b9b253e4548787315a11ef244a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Sun, 30 Apr 2023 13:12:06 -1000 Subject: [PATCH 3/6] bundle exec rake rubocop:auto_correct --- spec/acceptance/dehydrated_spec.rb | 2 ++ spec/classes/apache_spec.rb | 2 ++ spec/classes/dehydrated_spec.rb | 9 ++++++--- spec/defines/certificate_spec.rb | 2 ++ spec/functions/apache_vhost_attributes_spec.rb | 6 ++++-- tasks/cleanup.rb | 3 ++- 6 files changed, 18 insertions(+), 6 deletions(-) diff --git a/spec/acceptance/dehydrated_spec.rb b/spec/acceptance/dehydrated_spec.rb index 44062f4..b8fec06 100644 --- a/spec/acceptance/dehydrated_spec.rb +++ b/spec/acceptance/dehydrated_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper_acceptance' describe 'dehydrated class' do diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 1c08032..e6832e2 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'dehydrated::apache' do diff --git a/spec/classes/dehydrated_spec.rb b/spec/classes/dehydrated_spec.rb index 2957e35..62053d3 100644 --- a/spec/classes/dehydrated_spec.rb +++ b/spec/classes/dehydrated_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'dehydrated' do @@ -21,7 +23,7 @@ it { is_expected.to contain_package('curl').with(ensure: 'installed') } when 'FreeBSD' it do - is_expected.to contain_file('/usr/local/etc/dehydrated/config').without_content(/^PRIVATE_KEY_RENEW=/) + is_expected.to contain_file('/usr/local/etc/dehydrated/config').without_content(%r{^PRIVATE_KEY_RENEW=}) end context('private_key_renew') do @@ -29,14 +31,15 @@ let(:private_key_renew) { true } it do - is_expected.to contain_file('/usr/local/etc/dehydrated/config').with_content(/^PRIVATE_KEY_RENEW='yes'$/) + is_expected.to contain_file('/usr/local/etc/dehydrated/config').with_content(%r{^PRIVATE_KEY_RENEW='yes'$}) end end + context('false') do let(:private_key_renew) { false } it do - is_expected.to contain_file('/usr/local/etc/dehydrated/config').with_content(/^PRIVATE_KEY_RENEW='no'$/) + is_expected.to contain_file('/usr/local/etc/dehydrated/config').with_content(%r{^PRIVATE_KEY_RENEW='no'$}) end end end diff --git a/spec/defines/certificate_spec.rb b/spec/defines/certificate_spec.rb index 5aae186..7df85a0 100644 --- a/spec/defines/certificate_spec.rb +++ b/spec/defines/certificate_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'dehydrated::certificate' do diff --git a/spec/functions/apache_vhost_attributes_spec.rb b/spec/functions/apache_vhost_attributes_spec.rb index d73f915..23d3fc2 100644 --- a/spec/functions/apache_vhost_attributes_spec.rb +++ b/spec/functions/apache_vhost_attributes_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'dehydrated::apache::vhost_attributes' do @@ -23,7 +25,7 @@ class { 'dehydrated': { 'ssl_cert' => '/home/dehydrated/certs/hostname.example.com/fullchain.pem', 'ssl_key' => '/home/dehydrated/certs/hostname.example.com/privkey.pem', - }, + } ) end end @@ -43,7 +45,7 @@ class { 'dehydrated': { 'ssl_cert' => '/custom/etcdir/certs/hostname.example.com/fullchain.pem', 'ssl_key' => '/custom/etcdir/certs/hostname.example.com/privkey.pem', - }, + } ) end end diff --git a/tasks/cleanup.rb b/tasks/cleanup.rb index eb71c4e..c9748ba 100755 --- a/tasks/cleanup.rb +++ b/tasks/cleanup.rb @@ -1,9 +1,10 @@ #!/usr/bin/env ruby +# frozen_string_literal: true require 'fileutils' require 'open3' -require_relative '../../ruby_task_helper/files/task_helper.rb' +require_relative '../../ruby_task_helper/files/task_helper' class OldCertificatesCleaner < TaskHelper def task(dehydrated_dir: nil, **kwargs) From 5f0027310b4f1e15ddeebff9ef60181346ed2159 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Tue, 13 Jun 2023 06:29:51 -1000 Subject: [PATCH 4/6] Remove hiera data from examples They break CI and are kind of magic, so remove them completly and use pre-condition rather than fix them. --- spec/classes/apache_spec.rb | 8 ++++++++ spec/defines/certificate_spec.rb | 8 ++++++++ spec/fixtures/hiera/test.yaml | 2 -- 3 files changed, 16 insertions(+), 2 deletions(-) delete mode 100644 spec/fixtures/hiera/test.yaml diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index e6832e2..365d1fe 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -3,6 +3,14 @@ require 'spec_helper' describe 'dehydrated::apache' do + let(:pre_condition) do + <<~PP + class { 'dehydrated': + contact_email => 'dummy@example.com', + } + PP + end + on_supported_os.each do |os, facts| context "on #{os}" do let(:facts) { facts } diff --git a/spec/defines/certificate_spec.rb b/spec/defines/certificate_spec.rb index 7df85a0..edc8e40 100644 --- a/spec/defines/certificate_spec.rb +++ b/spec/defines/certificate_spec.rb @@ -3,6 +3,14 @@ require 'spec_helper' describe 'dehydrated::certificate' do + let(:pre_condition) do + <<~PP + class { 'dehydrated': + contact_email => 'dummy@example.com', + } + PP + end + on_supported_os.each do |os, facts| context "on #{os}" do let(:title) { 'example.com' } diff --git a/spec/fixtures/hiera/test.yaml b/spec/fixtures/hiera/test.yaml deleted file mode 100644 index ff0db9b..0000000 --- a/spec/fixtures/hiera/test.yaml +++ /dev/null @@ -1,2 +0,0 @@ ---- -dehydrated::contact_email: user@example.com From 23e48b321e7aa133d2e86f24819c2adcb175cfa8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Tue, 13 Jun 2023 06:40:12 -1000 Subject: [PATCH 5/6] Fix Puppet 6 support in CI We cannot use the latest major version from vcsrepo, so for now use an older one. --- .fixtures.yml | 6 +++++- spec/acceptance/dehydrated_spec.rb | 4 +++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/.fixtures.yml b/.fixtures.yml index f2ea508..fdc2d5c 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -6,6 +6,10 @@ fixtures: repo: "https://github.com/puppetlabs/puppetlabs-cron_core" puppet_version: '>= 6.0.0' stdlib: "https://github.com/puppetlabs/puppetlabs-stdlib" - vcsrepo: "https://github.com/puppetlabs/puppetlabs-vcsrepo" + vcsrepo: + repo: "https://github.com/puppetlabs/puppetlabs-vcsrepo" + # Version 6.0.0 dropped support for Puppet 6 + # TODO: remove specific version selection when we drop support for Puppet 6 + ref: "v5.5.0" symlinks: dehydrated: "#{source_dir}" diff --git a/spec/acceptance/dehydrated_spec.rb b/spec/acceptance/dehydrated_spec.rb index b8fec06..55caf6e 100644 --- a/spec/acceptance/dehydrated_spec.rb +++ b/spec/acceptance/dehydrated_spec.rb @@ -16,7 +16,9 @@ shell('update-ca-certificates') options[:forge_host] = 'https://forge.puppet.com' - puppet_module_install(module_name: 'puppetlabs-vcsrepo') + # Version 6.0.0 dropped support for Puppet 6 + # TODO: remove specific version selection when we drop support for Puppet 6 + shell('puppet module install puppetlabs-vcsrepo --version 5.5.0') pp = <<~MANIFEST package { 'git': From b92202deef7e5bf09858656239501e72a2d484e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Tue, 13 Jun 2023 07:10:07 -1000 Subject: [PATCH 6/6] Drop Debian 9 (EOL) --- metadata.json | 1 - 1 file changed, 1 deletion(-) diff --git a/metadata.json b/metadata.json index ac70b08..1bf2bb1 100644 --- a/metadata.json +++ b/metadata.json @@ -25,7 +25,6 @@ { "operatingsystem": "Debian", "operatingsystemrelease": [ - "9", "10", "11" ]