.gitignore

@@ -22,3 +22,5 @@
 /convert_report.txt
 /update_report.txt
 .DS_Store
+.envrc
+/inventory.yaml

.pdkignore

@@ -22,6 +22,8 @@
 /convert_report.txt
 /update_report.txt
 .DS_Store
+.envrc
+/inventory.yaml
 /appveyor.yml
 /.fixtures.yml
 /Gemfile
@@ -30,8 +32,10 @@
 /.gitlab-ci.yml
 /.pdkignore
 /Rakefile
+/rakelib/
 /.rspec
 /.rubocop.yml
 /.travis.yml
 /.yardopts
 /spec/
+/.vscode/

.rubocop.yml

@@ -1,5 +1,7 @@
 ---
-require: rubocop-rspec
+require:
+- rubocop-rspec
+- rubocop-i18n
 AllCops:
   DisplayCopNames: true
   TargetRubyVersion: '2.1'
@@ -19,10 +21,12 @@ AllCops:
 Metrics/LineLength:
   Description: People have wide screens, use them.
   Max: 200
+GetText:
+  Enabled: false
 GetText/DecorateString:
   Description: We don't want to decorate test output.
   Exclude:
-  - spec/*
+  - spec/**/*
 RSpec/BeforeAfterAll:
   Description: Beware of using after(:all) as it may cause state to leak between tests.
     A necessary evil in acceptance testing.

.sync.yml

@@ -1,4 +1,15 @@
 ---
+.gitignore:
+  required:
+    - ---.project
+
+.gitlab-ci.yml:
+  unmanaged: true
+
+.rubocop.yml:
+  default_configs:
+    inherit_from: .rubocop_todo.yml
+
 .travis.yml:
   docker_sets:
     - set: docker/centos-7
@@ -9,6 +20,9 @@
   branches:
     - release
 
+appveyor.yml:
+  spec_type: spec
+
 Gemfile:
   required:
     ':system_tests':
@@ -26,12 +40,6 @@ Gemfile:
         ref: '20ee04ba1234e9e83eb2ffb5056e23d641c7a018'
         condition: "Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.2.2')"
 
-.rubocop.yml:
-  default_configs:
-    inherit_from: .rubocop_todo.yml
-
-.gitlab-ci.yml:
-  unmanaged: true
-
-appveyor.yml:
-  spec_type: spec
+spec/spec_helper.rb:
+  mock_with: ':rspec'
+  coverage_report: true

.travis.yml

@@ -1,5 +1,5 @@
 ---
-dist: trusty
+dist: xenial
 language: ruby
 cache: bundler
 before_install:
@@ -12,49 +12,53 @@ script:
   - 'bundle exec rake $CHECK'
 bundler_args: --without system_tests
 rvm:
-  - 2.5.1
-env:
-  global:
-    - BEAKER_PUPPET_COLLECTION=puppet6 PUPPET_GEM_VERSION="~> 6.0"
+  - 2.5.3
+stages:
+  - static
+  - spec
+  - acceptance
+  -
+    if: tag =~ ^v\d
+    name: deploy
 matrix:
   fast_finish: true
   include:
     -
       bundler_args: 
       dist: trusty
       env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_set=docker/centos-7 BEAKER_TESTMODE=apply
-      rvm: 2.5.1
+      rvm: 2.5.3
       script: bundle exec rake beaker
       services: docker
+      stage: acceptance
       sudo: required
     -
       bundler_args: 
       dist: trusty
       env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_set=docker/ubuntu-14.04 BEAKER_TESTMODE=apply
-      rvm: 2.5.1
+      rvm: 2.5.3
       script: bundle exec rake beaker
       services: docker
+      stage: acceptance
       sudo: required
     -
-      env: CHECK="syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop"
-    -
-      env: CHECK=parallel_spec
+      env: CHECK="check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop syntax lint metadata_lint"
+      stage: static
     -
       env: PUPPET_GEM_VERSION="~> 5.0" CHECK=parallel_spec
-      rvm: 2.4.4
+      rvm: 2.4.5
+      stage: spec
+    -
+      env: PUPPET_GEM_VERSION="~> 6.0" CHECK=parallel_spec
+      rvm: 2.5.3
+      stage: spec
+    -
+      env: DEPLOY_TO_FORGE=yes
+      stage: deploy
 branches:
   only:
     - master
     - /^v\d/
     - release
 notifications:
   email: false
-deploy:
-  provider: puppetforge
-  user: puppet
-  password:
-    secure: ""
-  on:
-    tags: true
-    all_branches: true
-    condition: "$DEPLOY_TO_FORGE = yes"

.vscode/extensions.json

@@ -0,0 +1,6 @@
+{
+  "recommendations": [
+    "jpogran.puppet-vscode",
+    "rebornix.Ruby"
+  ]
+}

CHANGELOG.md

@@ -2,6 +2,25 @@
 
 All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org).
 
+## [v3.0.0](https://github.com/puppetlabs/puppetlabs-java_ks/tree/v3.0.0) (2019-08-20)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-java_ks/compare/2.4.0...v3.0.0)
+
+### Changed
+
+- pdksync - \(MODULES-8444\) - Raise lower Puppet bound [\#276](https://github.com/puppetlabs/puppetlabs-java_ks/pull/276) ([david22swan](https://github.com/david22swan))
+
+### Added
+
+- \(FM-8155\) Add Window Server 2019 support [\#281](https://github.com/puppetlabs/puppetlabs-java_ks/pull/281) ([eimlav](https://github.com/eimlav))
+- \(FM-8042\) Add RedHat 8 support [\#280](https://github.com/puppetlabs/puppetlabs-java_ks/pull/280) ([eimlav](https://github.com/eimlav))
+- Add initial support for DSA private keys. [\#273](https://github.com/puppetlabs/puppetlabs-java_ks/pull/273) ([surcouf](https://github.com/surcouf))
+
+### Fixed
+
+- FM-7945 stringify java\_ks [\#279](https://github.com/puppetlabs/puppetlabs-java_ks/pull/279) ([lionce](https://github.com/lionce))
+- Modules 8962 - java\_ks - Windows 2012 failing smoke [\#278](https://github.com/puppetlabs/puppetlabs-java_ks/pull/278) ([lionce](https://github.com/lionce))
+
 ## [2.4.0](https://github.com/puppetlabs/puppetlabs-java_ks/tree/2.4.0) (2019-02-19)
 
 [Full Changelog](https://github.com/puppetlabs/puppetlabs-java_ks/compare/2.3.0...2.4.0)

Gemfile

@@ -17,17 +17,17 @@ ruby_version_segments = Gem::Version.new(RUBY_VERSION.dup).segments
 minor_version = ruby_version_segments[0..1].join('.')
 
 group :development do
-  gem "fast_gettext", '1.1.0',                         require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.1.0')
-  gem "fast_gettext",                                  require: false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.1.0')
-  gem "json_pure", '<= 2.0.1',                         require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0')
-  gem "json", '= 1.8.1',                               require: false if Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.1.9')
-  gem "json", '= 2.0.4',                               require: false if Gem::Requirement.create('~> 2.4.2').satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
-  gem "json", '= 2.1.0',                               require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
-  gem "puppet-module-posix-default-r#{minor_version}", require: false, platforms: [:ruby]
-  gem "puppet-module-posix-dev-r#{minor_version}",     require: false, platforms: [:ruby]
-  gem "puppet-module-win-default-r#{minor_version}",   require: false, platforms: [:mswin, :mingw, :x64_mingw]
-  gem "puppet-module-win-dev-r#{minor_version}",       require: false, platforms: [:mswin, :mingw, :x64_mingw]
-  gem "github_changelog_generator",                    require: false, git: 'https://github.com/skywinder/github-changelog-generator', ref: '20ee04ba1234e9e83eb2ffb5056e23d641c7a018' if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.2.2')
+  gem "fast_gettext", '1.1.0',                                   require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.1.0')
+  gem "fast_gettext",                                            require: false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.1.0')
+  gem "json_pure", '<= 2.0.1',                                   require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0')
+  gem "json", '= 1.8.1',                                         require: false if Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.1.9')
+  gem "json", '= 2.0.4',                                         require: false if Gem::Requirement.create('~> 2.4.2').satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
+  gem "json", '= 2.1.0',                                         require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
+  gem "puppet-module-posix-default-r#{minor_version}", '~> 0.3', require: false, platforms: [:ruby]
+  gem "puppet-module-posix-dev-r#{minor_version}", '~> 0.3',     require: false, platforms: [:ruby]
+  gem "puppet-module-win-default-r#{minor_version}", '~> 0.3',   require: false, platforms: [:mswin, :mingw, :x64_mingw]
+  gem "puppet-module-win-dev-r#{minor_version}", '~> 0.3',       require: false, platforms: [:mswin, :mingw, :x64_mingw]
+  gem "github_changelog_generator",                              require: false, git: 'https://github.com/skywinder/github-changelog-generator', ref: '20ee04ba1234e9e83eb2ffb5056e23d641c7a018' if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.2.2')
 end
 group :system_tests do
   gem "puppet-module-posix-system-r#{minor_version}", require: false, platforms: [:ruby]

README.md

@@ -4,13 +4,17 @@
 
 #### Table of Contents
 
-1. [Overview - What is the java_ks module?](#overview)
-2. [Module Description - What does the module do?](#module-description)
-3. [Setup - The basics of getting started with java_ks](#setup)
-4. [Usage - The parameters available for configuration](#usage)
-5. [Reference - An under-the-hood peek at what the module is doing](#reference)
-6. [Limitations - OS compatibility, etc.](#limitations)
-7. [Development - Guide for contributing to the module](#development)
+1. [Overview](#overview)
+2. [Module Description](#module-description)
+     * [Beginning with the module](#beginning-with-the-module)
+3. [Setup](#setup)
+4. [Usage](#usage)
+     * [Certificates](#certificates)
+     * [Namevars](#namevars)
+     * [Windows task](#windows-task)
+5. [Reference](#reference)
+6. [Limitations](#limitations)
+7. [Development](#development)
 
 ## Overview
 
@@ -22,7 +26,7 @@ The java_ks module contains a type called `java_ks` and a single provider named
 
 ## Setup
 
-### Beginning with java_ks
+### Beginning with the module
 
 To get started with java_ks, declare each `java_ks` resource you need.
 
@@ -84,75 +88,7 @@ broker.ks keystore with the alias of broker.example.com.
 
 ## Reference
 
-### Public Types
-* `java_ks`: This resource manages the entries in a Java keystore, and uses composite namevars to allow the same alias across multiple target keystores.
-
-### Public Providers
-* `keytool`: Manages Java keystores by using a combination of the `openssl` and `keytool` commands.
-
-#### Parameters
-All parameters, except where specified, are optional.
-
-##### `certificate`
-*Required.* A server certificate, followed by zero or more intermediate certificate authorities. Places the certificates in the keystore. This autorequires the specified file and must be present on the node before java_ks{} is run. Valid options: string. Default: undef.
-
-##### `chain`
-Takes intermediate certificate authorities from a separate file from the server certificate. This autorequires the file of the same path and must be present on the node before java_ks{} is run. Valid options: string. Default: undef.
-
-##### `ensure`
-Valid options: absent, present, latest. Latest verifies sha1 certificate fingerprints for the stored certificate and the source file. Default: present.
-
-##### `name`
-*Required.* Identifies the entry in the keystore. This will be converted to lowercase. Valid options: string. Default: undef.
-
-##### `password`
-This password is used to protect the keystore. If private keys are also protected, this password will be used to attempt to unlock them. Valid options: String. Must be 6 or more characters. This cannot be used together with `password_file`, but *you must pass at least one of these parameters.* Default: undef.
-
-##### `password_file`
-Sets a plaintext file where the password is stored. Used as an alternative to `password`. This cannot be used together with `password`, but *you must pass at least one of these parameters.* Valid options: String to the plaintext file. Default: undef.
-
-#### `password_fail_reset`
-If the supplied password does not succeed in unlocking the keystore file, then **delete** the keystore file and create a new one. Default: `false`
-
-##### `destkeypass`
-The password you want to set to protect the key in the keystore. Can be used with `pkcs12` stores to change the source password.
-
-##### `path`
-Used for command (keytool, openssl) execution. Valid options: array or file path separated list (for example : in linux). Default: undef.
-
-##### `private_key`
-Sets a private key that encrypts traffic to a server application. Must be accompanied by a signed certificate for the keytool provider. This autorequires the specified file and must be present on the node before java_ks{} is run. Valid options: string. Default: undef.
-
-##### `private_key_type`
-Sets the type of the private key. Usually this is RSA but Elliptic Curve (EC) keys are also supported. Valid options: `rsa` and `ec`. Default: `rsa`.
-
-##### `target`
-*Required.* Specifies a destination file for the keystore. Autorequires the parent directory of the file. Valid options: string. Default: undef.
-
-##### `trustcacerts`
-Certificate authorities input into a keystore aren’t trusted by default, so if you are adding a CA you need to set this parameter to 'true'. Valid options: 'true' or 'false'. Default: 'false'.
-
-##### `keytool_timeout`
-Timeout in seconds for all keytool commands. Can be disabled by passing 0. Default: 120
-
-##### `storetype`
-The storetype parameter allows you to use 'jceks' or 'pkcs12' format certificates if desired.
-
-```puppet
-java_ks { 'puppetca:/opt/puppet/truststore.jceks':
-  ensure       => latest,
-  storetype    => 'jceks',
-  certificate  => '/etc/puppet/ssl/certs/ca.pem',
-  password     => 'puppet',
-  trustcacerts => true,
-}
-```
-
-##### `source_alias`
-The source certificate alias to import. Only supported by `pkcs12` certs.
-
-##### `source_password`
-The source keystore password. Required if using `storetype => pkcs12`.
+For information on the classes and types, see the [REFERENCE.md](https://github.com/puppetlabs/puppetlabs-java_ks/blob/master/REFERENCE.md).
 
 ## Limitations
 
@@ -168,4 +104,4 @@ For an extensive list of supported operating systems, see [metadata.json](https:
 
 Puppet modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad hardware, software, and deployment configurations that Puppet is intended to serve.
 
-We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things. For more information, see our [module contribution guide.](https://docs.puppetlabs.com/forge/contributing.html)
+We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things. For more information, see our [module contribution guide.](https://puppet.com/docs/puppet/latest/contributing.html)