.github/workflows/nightly.yml

@@ -200,5 +200,5 @@ jobs:
           repo_token: ${{ secrets.GITHUB_TOKEN }}
           slack_webhook_url: ${{ secrets.SLACK_WEBHOOK }}
           # Optional Input
-          channel: '#team-ia-bots'
+          channel: '#team-cat-bots'
           name: 'GABot'

.github/workflows/pr_test.yml

@@ -4,6 +4,7 @@ on: [pull_request]
 
 
 env:
+
   HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6
   HONEYCOMB_DATASET: litmus tests
 

.github/workflows/spec.yml

@@ -54,10 +54,10 @@ jobs:
           buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Environment'
           echo STEP_ID=Setup-Acceptance-Test-Matrix >> $GITHUB_ENV
           echo STEP_START=$(date +%s) >> $GITHUB_ENV
-#       - name: Run Static & Syntax Tests
-#         if: ${{ github.repository_owner == 'puppetlabs' }}
-#         run: |
-#           buildevents cmd $TRACE_ID $STEP_ID 'static_syntax_checks' -- bundle exec rake syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop
+      - name: Run Static & Syntax Tests
+        if: ${{ github.repository_owner == 'puppetlabs' }}
+        run: |
+          buildevents cmd $TRACE_ID $STEP_ID 'static_syntax_checks' -- bundle exec rake syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop
 
       - name: Setup Spec Test Matrix
         id: get-matrix

.github/workflows/stale.yml

@@ -1,19 +1,36 @@
-name: Mark stale issues and pull requests
+name: Audit aging issues/PRs
 
 on:
   schedule:
   - cron: "30 1 * * *"
 
 jobs:
-  stale:
+  audit:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/stale@v3
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
-        days-before-stale: 60
-        days-before-close: 7
-        stale-issue-message: 'This issue has been marked as stale because it has been open for a while and has had no recent activity. If this issue is still important to you please drop a comment below and we will add this to our backlog to complete. Otherwise, it will be closed in 7 days.'
-        stale-issue-label: 'stale'
-        stale-pr-message: 'This PR has been marked as stale because it has been open for a while and has had no recent activity. If this PR is still important to you please drop a comment below and we will add this to our backlog to complete. Otherwise, it will be closed in 7 days.'
-        stale-pr-label: 'stale'
+        days-before-issue-stale: 90
+        days-before-pr-stale: 60
+        days-before-pr-close: 7
+        stale-issue-message: |
+          Hello! 👋
+
+          This issue has been open for a while and has had no recent activity. We've labelled it with `attention-needed` so that we can get a clear view of which issues need our attention.
+
+          If you are waiting on a response from us we will try and address your comments on a future Community Day.
+
+          Alternatively, if it is no longer relevant to you please close the issue with a comment.
+        stale-issue-label: 'attention-needed'
+        stale-pr-message: |
+          Hello! 👋
+
+          This pull request has been open for a while and has had no recent activity. We've labelled it with `attention-needed` so that we can get a clear view of which PRs need our attention.
+
+          If you are waiting on a response from us we will try and address your comments on a future Community Day.
+
+          Alternatively, if it is no longer relevant to you please close the PR with a comment. 
+          
+          Please note that if a pull request receives no update for 7 after it has been labelled, it will be closed. We are always happy to re-open pull request if they have been closed in error.
+        stale-pr-label: 'attention-needed'

.puppet-lint.rc

@@ -1 +1,3 @@
 --relative
+--no-parameter_documentation-check
+--no-parameter_type-check

.sync.yml

@@ -29,3 +29,7 @@ spec/spec_helper.rb:
   unmanaged: false
 .travis.yml:
   delete: true
+Rakefile:
+  extra_disabled_lint_checks:
+    - parameter_documentation
+    - parameter_type

CHANGELOG.md

@@ -2,22 +2,30 @@
 
 All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org).
 
+## [v4.3.1](https://github.com/puppetlabs/puppetlabs-java_ks/tree/v4.3.1) (2022-05-24)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-java_ks/compare/v4.3.0...v4.3.1)
+
+### Added
+
+- Don't require certificate or private key params when ensure: absent [\#399](https://github.com/puppetlabs/puppetlabs-java_ks/pull/399) ([tparkercbn](https://github.com/tparkercbn))
+
 ## [v4.3.0](https://github.com/puppetlabs/puppetlabs-java_ks/tree/v4.3.0) (2022-04-05)
 
 [Full Changelog](https://github.com/puppetlabs/puppetlabs-java_ks/compare/v4.2.0...v4.3.0)
 
 ### Added
 
-- pdksync - \(IAC-1751\) - Add Support for Rocky 8 [\#380](https://github.com/puppetlabs/puppetlabs-java_ks/pull/380) ([david22swan](https://github.com/david22swan))
+- Add support for certificate\_content and private\_key\_content parameters [\#385](https://github.com/puppetlabs/puppetlabs-java_ks/pull/385) ([hajee](https://github.com/hajee))
 - pdksync - \(IAC-1753\) - Add Support for AlmaLinux 8 [\#381](https://github.com/puppetlabs/puppetlabs-java_ks/pull/381) ([david22swan](https://github.com/david22swan))
-- Add support for certificate_content and private_key_content parameters [\#385](https://github.com/puppetlabs/puppetlabs-java_ks/pull/385) ([hajee](https://github.com/hajee))
+- pdksync - \(IAC-1751\) - Add Support for Rocky 8 [\#380](https://github.com/puppetlabs/puppetlabs-java_ks/pull/380) ([david22swan](https://github.com/david22swan))
 
 ### Fixed
 
-- Fix "password" as Property [\#378](https://github.com/puppetlabs/puppetlabs-java_ks/pull/373782) ([cocker-cc](https://github.com/cocker-cc))
-- pdksync - \(IAC-1598\) - Remove Support for Debian 8 [\#379](https://github.com/puppetlabs/puppetlabs-java_ks/pull/379) ([david22swan](https://github.com/david22swan))
-- pdksync - \(IAC-1787\) Remove Support for CentOS 6 [\#384](https://github.com/puppetlabs/puppetlabs-java_ks/pull/384) ([david22swan](https://github.com/david22swan))
 - pdksync - \(GH-iac-334\) Remove Support for Ubuntu 14.04/16.04 [\#390](https://github.com/puppetlabs/puppetlabs-java_ks/pull/390) ([david22swan](https://github.com/david22swan))
+- pdksync - \(IAC-1787\) Remove Support for CentOS 6 [\#384](https://github.com/puppetlabs/puppetlabs-java_ks/pull/384) ([david22swan](https://github.com/david22swan))
+- pdksync - \(IAC-1598\) - Remove Support for Debian 8 [\#379](https://github.com/puppetlabs/puppetlabs-java_ks/pull/379) ([david22swan](https://github.com/david22swan))
+- Fix "password" as Property [\#378](https://github.com/puppetlabs/puppetlabs-java_ks/pull/378) ([cocker-cc](https://github.com/cocker-cc))
 
 ## [v4.2.0](https://github.com/puppetlabs/puppetlabs-java_ks/tree/v4.2.0) (2021-08-25)
 

REFERENCE.md

@@ -54,20 +54,28 @@ insync? for this parameter to accomplish this.
 
 Default value: `present`
 
+##### `password`
+
+The password used to protect the keystore.  If private keys are
+subsequently also protected this password will be used to attempt
+unlocking. Must be six or more characters in length. Cannot be used
+together with :password_file, but you must pass at least one of these parameters.
+
 #### Parameters
 
 The following parameters are available in the `java_ks` type.
 
 * [`certificate`](#certificate)
+* [`certificate_content`](#certificate_content)
 * [`chain`](#chain)
 * [`destkeypass`](#destkeypass)
 * [`keytool_timeout`](#keytool_timeout)
 * [`name`](#name)
-* [`password`](#password)
 * [`password_fail_reset`](#password_fail_reset)
 * [`password_file`](#password_file)
 * [`path`](#path)
 * [`private_key`](#private_key)
+* [`private_key_content`](#private_key_content)
 * [`private_key_type`](#private_key_type)
 * [`provider`](#provider)
 * [`source_alias`](#source_alias)
@@ -78,8 +86,13 @@ The following parameters are available in the `java_ks` type.
 
 ##### <a name="certificate"></a>`certificate`
 
-A server certificate, followed by zero or more intermediate certificate authorities.
-All certificates will be placed in the keystore.  This will autorequire the specified file.
+A file containing a server certificate, followed by zero or more intermediate certificate authorities.
+All certificates will be placed in the keystore. This will autorequire the specified file.
+
+##### <a name="certificate_content"></a>`certificate_content`
+
+A string containing a server certificate, followed by zero or more intermediate certificate authorities.
+All certificates will be placed in the keystore.
 
 ##### <a name="chain"></a>`chain`
 
@@ -103,13 +116,6 @@ namevar
 The alias that is used to identify the entry in the keystore. This will be
 converted to lowercase.
 
-##### <a name="password"></a>`password`
-
-The password used to protect the keystore.  If private keys are
-subsequently also protected this password will be used to attempt
-unlocking. Must be six or more characters in length. Cannot be used
-together with :password_file, but you must pass at least one of these parameters.
-
 ##### <a name="password_fail_reset"></a>`password_fail_reset`
 
 Valid values: ``true``, ``false``
@@ -134,7 +140,16 @@ Paths can be specified as an array or as a '
 
 If you want an application to be a server and encrypt traffic,
 you will need a private key.  Private key entries in a keystore must be
-accompanied by a signed certificate for the keytool provider. This will autorequire the specified file.
+accompanied by a signed certificate for the keytool provider. This parameter
+allows you to specify the file name containing the private key. This will autorequire
+the specified file.
+
+##### <a name="private_key_content"></a>`private_key_content`
+
+If you want an application to be a server and encrypt traffic,
+you will need a private key.  Private key entries in a keystore must be
+accompanied by a signed certificate for the keytool provider. This parameter allows you to specify the content
+of the private key.
 
 ##### <a name="private_key_type"></a>`private_key_type`
 

Rakefile

@@ -42,6 +42,8 @@ def changelog_future_release
 end
 
 PuppetLint.configuration.send('disable_relative')
+PuppetLint.configuration.send('disable_parameter_documentation')
+PuppetLint.configuration.send('disable_parameter_type')
 
 
 if Bundler.rubygems.find_name('github_changelog_generator').any?

lib/puppet/provider/java_ks/keytool.rb

@@ -280,7 +280,7 @@ def update
   end
 
   def certificate
-    return @resource[:certificate] if  @resource[:certificate]
+    return @resource[:certificate] if @resource[:certificate]
 
     # When no certificate file is specified, we infer the usage of
     # certificate content and create a tempfile containing this value.
@@ -296,20 +296,17 @@ def certificate
 
   def private_key
     return @resource[:private_key] if @resource[:private_key]
-    if @resource[:private_key_content]
-
-
-      # When no private key file is specified, we infer the usage of
-      # private key content and create a tempfile containing this value.
-      # we leave it to to the tempfile to clean it up after the pupet run exists.
-      file = Tempfile.new('private_key')
-      # Check if the specified value is a Sensitive data type. If so, unwrap it and use
-      # the value.
-      content = @resource[:private_key_content].respond_to?(:unwrap) ? @resource[:private_key_content].unwrap : @resource[:private_key_content]
-      file.write(content)
-      file.close
-      file.path
-    end
+    return unless @resource[:private_key_content]
+    # When no private key file is specified, we infer the usage of
+    # private key content and create a tempfile containing this value.
+    # we leave it to to the tempfile to clean it up after the pupet run exists.
+    file = Tempfile.new('private_key')
+    # Check if the specified value is a Sensitive data type. If so, unwrap it and use
+    # the value.
+    content = @resource[:private_key_content].respond_to?(:unwrap) ? @resource[:private_key_content].unwrap : @resource[:private_key_content]
+    file.write(content)
+    file.close
+    file.path
   end
 
   def private_key_type

lib/puppet/type/java_ks.rb

@@ -86,7 +86,7 @@ def insync?(is)
     desc 'If you want an application to be a server and encrypt traffic,
       you will need a private key.  Private key entries in a keystore must be
       accompanied by a signed certificate for the keytool provider. This parameter
-      allows you to specify the file name containing the private key. This will autorequire 
+      allows you to specify the file name containing the private key. This will autorequire
       the specified file.'
   end
 
@@ -240,16 +240,18 @@ def self.title_patterns
   end
 
   validate do
-    unless value(:certificate) || value(:certificate_content)
-      raise Puppet::Error, "You must pass one of 'certificate' or 'certificate_content'"
-    end
+    if self[:ensure] != :absent
+      unless value(:certificate) || value(:certificate_content)
+        raise Puppet::Error, "You must pass one of 'certificate' or 'certificate_content'"
+      end
 
-    if value(:certificate) && value(:certificate_content)
-      raise Puppet::Error, "You must pass either 'certificate' or 'certificate_content', not both."
-    end
+      if value(:certificate) && value(:certificate_content)
+        raise Puppet::Error, "You must pass either 'certificate' or 'certificate_content', not both."
+      end
 
-    if value(:private_key) && value(:private_key_content)
-      raise Puppet::Error, "You must pass either 'private_key' or 'private_key_content', not both."
+      if value(:private_key) && value(:private_key_content)
+        raise Puppet::Error, "You must pass either 'private_key' or 'private_key_content', not both."
+      end
     end
 
     if value(:password) && value(:password_file)

manifests/config.pp

@@ -2,7 +2,7 @@
 #   java_ks configuration
 #
 class java_ks::config (
-    $params = {},
-){
-    create_resources('java_ks', $params )
+  $params = {},
+) {
+  create_resources('java_ks', $params )
 }

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "puppetlabs-java_ks",
-  "version": "4.3.0",
+  "version": "4.3.1",
   "author": "puppetlabs",
   "summary": "Manage arbitrary Java keystore files",
   "license": "Apache-2.0",
@@ -109,6 +109,6 @@
   ],
   "description": "Uses a combination of keytool and Ruby openssl library to manage entries in a Java keystore.",
   "template-url": "https://github.com/puppetlabs/pdk-templates.git#main",
-  "template-ref": "heads/main-0-gf3911d3",
-  "pdk-version": "2.3.0"
+  "template-ref": "heads/main-0-g806810b",
+  "pdk-version": "2.4.0"
 }

spec/acceptance/content_spec.rb

@@ -3,28 +3,29 @@
 require 'spec_helper_acceptance'
 
 RSpec.shared_examples 'a private key creator' do |sensitive|
+  # rubocop:disable RSpec/InstanceVariable : Instance variables are inherited and thus cannot be contained within lets
   it 'creates a private key' do
     pp = if sensitive
-      <<-MANIFEST
-        java_ks { 'broker.example.com:#{temp_dir}private_key.ts':
-          ensure              => #{@ensure_ks},
-          certificate_content => "#{ca_content}",
-          private_key_content => "#{priv_key_content}",
-          password            => 'puppet',
-          path                => #{@resource_path},
-        }
-      MANIFEST
-    else
-      <<-MANIFEST
-        java_ks { 'broker.example.com:#{temp_dir}private_key.ts':
-          ensure              => #{@ensure_ks},
-          certificate_content => Sensitive("#{ca_content}"),
-          private_key_content => Sensitive("#{priv_key_content}"),
-          password            => 'puppet',
-          path                => #{@resource_path},
-        }
-      MANIFEST
-    end
+           <<-MANIFEST
+            java_ks { 'broker.example.com:#{temp_dir}private_key.ts':
+              ensure              => #{@ensure_ks},
+              certificate_content => "#{ca_content}",
+              private_key_content => "#{priv_key_content}",
+              password            => 'puppet',
+              path                => #{@resource_path},
+            }
+          MANIFEST
+         else
+           <<-MANIFEST
+            java_ks { 'broker.example.com:#{temp_dir}private_key.ts':
+              ensure              => #{@ensure_ks},
+              certificate_content => Sensitive("#{ca_content}"),
+              private_key_content => Sensitive("#{priv_key_content}"),
+              password            => 'puppet',
+              path                => #{@resource_path},
+            }
+          MANIFEST
+         end
     idempotent_apply(pp)
   end
 

spec/unit/puppet/provider/java_ks/keytool_spec.rb

@@ -110,7 +110,7 @@
       testing_ca.not_after = testing_ca.not_before + 360
       testing_ca.sign(testing_key, OpenSSL::Digest::SHA256.new)
 
-      context "Using the file based parameters for certificate and private_key" do
+      context 'Using the file based parameters for certificate and private_key' do
         it 'converts a certificate to a pkcs12 file' do
           allow(provider).to receive(:password).and_return(resource[:password])
           allow(File).to receive(:read).with(resource[:private_key]).and_return('private key')
@@ -125,13 +125,13 @@
         end
       end
 
-      context "Using content based parameters for certificate and private_key" do
-        let(:params) {
-          global_params.tap {|h| [:certificate, :private_key].each {|k| h.delete(k)}}.merge(
-            :private_key_content => 'private_key',
-            :certificate_content => testing_ca.to_pem,
+      context 'Using content based parameters for certificate and private_key' do
+        let(:params) do
+          global_params.tap { |h| [:certificate, :private_key].each { |k| h.delete(k) } }.merge(
+            private_key_content: 'private_key',
+            certificate_content: testing_ca.to_pem,
           )
-        }
+        end
 
         it 'converts a certificate to a pkcs12 file' do
           allow(provider).to receive(:password).and_return(resource[:password])