Showing with 93 additions and 74 deletions.
  1. +6 −2 .devcontainer/README.md
  2. +11 −0 CHANGELOG.md
  3. +20 −15 Gemfile
  4. +45 −45 REFERENCE.md
  5. +1 −0 lib/puppet/provider/java_ks/keytool.rb
  6. +1 −1 lib/puppet/type/java_ks.rb
  7. +3 −7 metadata.json
  8. +4 −2 spec/unit/puppet/provider/java_ks/keytool_spec.rb
  9. +2 −2 spec/unit/puppet/type/java_ks_spec.rb
8 changes: 6 additions & 2 deletions .devcontainer/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,14 +13,18 @@ https://github.com/microsoft/vscode-dev-containers/tree/v0.140.1/containers/pupp

// Set *default* container specific settings.json values on container create.
"settings": {
"terminal.integrated.shell.linux": "/bin/bash"
"terminal.integrated.profiles.linux": {
"bash": {
"path": "bash",
}
}
},

// Add the IDs of extensions you want installed when the container is created.
"extensions": [
"puppet.puppet-vscode",
"rebornix.Ruby"
]
],

// Use 'forwardPorts' to make a list of ports inside the container available locally.
"forwardPorts": [],
Expand Down
11 changes: 11 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,17 @@

All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org).

## [v4.4.1](https://github.com/puppetlabs/puppetlabs-java_ks/tree/v4.4.1) (2022-11-21)

[Full Changelog](https://github.com/puppetlabs/puppetlabs-java_ks/compare/v4.4.0...v4.4.1)

### Fixed

- \(CONT-186\) Set `-deststoretype` [\#418](https://github.com/puppetlabs/puppetlabs-java_ks/pull/418) ([david22swan](https://github.com/david22swan))
- pdksync - \(CONT-189\) Remove support for RedHat6 / OracleLinux6 / Scientific6 [\#417](https://github.com/puppetlabs/puppetlabs-java_ks/pull/417) ([david22swan](https://github.com/david22swan))
- pdksync - \(CONT-130\) - Dropping Support for Debian 9 [\#414](https://github.com/puppetlabs/puppetlabs-java_ks/pull/414) ([jordanbreen28](https://github.com/jordanbreen28))
- reversed insync set comparison [\#412](https://github.com/puppetlabs/puppetlabs-java_ks/pull/412) ([rstuart-indue](https://github.com/rstuart-indue))

## [v4.4.0](https://github.com/puppetlabs/puppetlabs-java_ks/tree/v4.4.0) (2022-10-03)

[Full Changelog](https://github.com/puppetlabs/puppetlabs-java_ks/compare/v4.3.1...v4.4.0)
Expand Down
35 changes: 20 additions & 15 deletions Gemfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,24 +13,29 @@ def location_for(place_or_version, fake_version = nil)
end
end

ruby_version_segments = Gem::Version.new(RUBY_VERSION.dup).segments
minor_version = ruby_version_segments[0..1].join('.')

group :development do
gem "json", '= 2.0.4', require: false if Gem::Requirement.create('~> 2.4.2').satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
gem "json", '= 2.3.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 2.8.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
gem "puppet-module-posix-default-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby]
gem "puppet-module-posix-dev-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby]
gem "puppet-module-win-default-r#{minor_version}", '~> 1.0', require: false, platforms: [:mswin, :mingw, :x64_mingw]
gem "puppet-module-win-dev-r#{minor_version}", '~> 1.0', require: false, platforms: [:mswin, :mingw, :x64_mingw]
gem "voxpupuli-puppet-lint-plugins", '>= 3.0', require: false, platforms: [:ruby]
gem "ruby-pwsh", require: false
gem "github_changelog_generator", require: false
gem "json", '~> 2.0', require: false
gem "voxpupuli-puppet-lint-plugins", '~> 3.0', require: false
gem "facterdb", '~> 1.18', require: false
gem "metadata-json-lint", '>= 2.0.2', '< 4.0.0', require: false
gem "puppetlabs_spec_helper", '>= 3.0.0', '< 5.0.0', require: false
gem "rspec-puppet-facts", '~> 2.0', require: false
gem "codecov", '~> 0.2', require: false
gem "dependency_checker", '~> 0.2', require: false
gem "parallel_tests", '~> 3.4', require: false
gem "pry", '~> 0.10', require: false
gem "simplecov-console", '~> 0.5', require: false
gem "puppet-debugger", '~> 1.0', require: false
gem "rubocop", '= 1.6.1', require: false
gem "rubocop-performance", '= 1.9.1', require: false
gem "rubocop-rspec", '= 2.0.1', require: false
gem "rb-readline", '= 0.5.5', require: false, platforms: [:mswin, :mingw, :x64_mingw]
gem "ruby-pwsh", require: false
gem "github_changelog_generator", require: false
end
group :system_tests do
gem "puppet-module-posix-system-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby]
gem "puppet-module-win-system-r#{minor_version}", '~> 1.0', require: false, platforms: [:mswin, :mingw, :x64_mingw]
gem "puppet_litmus", '< 1.0.0', require: false, platforms: [:ruby]
gem "serverspec", '~> 2.41', require: false
end

puppet_version = ENV['PUPPET_GEM_VERSION']
Expand Down
90 changes: 45 additions & 45 deletions REFERENCE.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,25 +6,25 @@

### Classes

* [`java_ks::config`](#java_ksconfig): java_ks configuration
* [`java_ks::config`](#java_ks--config): java_ks configuration

### Resource types

* [`java_ks`](#java_ks): Manages the entries in a java keystore, and uses composite namevars to accomplish the same alias spread across multiple target keystores.

## Classes

### <a name="java_ksconfig"></a>`java_ks::config`
### <a name="java_ks--config"></a>`java_ks::config`

java_ks configuration

#### Parameters

The following parameters are available in the `java_ks::config` class:

* [`params`](#params)
* [`params`](#-java_ks--config--params)

##### <a name="params"></a>`params`
##### <a name="-java_ks--config--params"></a>`params`

Data type: `Any`

Expand Down Expand Up @@ -65,93 +65,93 @@ together with :password_file, but you must pass at least one of these parameters

The following parameters are available in the `java_ks` type.

* [`certificate`](#certificate)
* [`certificate_content`](#certificate_content)
* [`chain`](#chain)
* [`destkeypass`](#destkeypass)
* [`keytool_timeout`](#keytool_timeout)
* [`name`](#name)
* [`password_fail_reset`](#password_fail_reset)
* [`password_file`](#password_file)
* [`path`](#path)
* [`private_key`](#private_key)
* [`private_key_content`](#private_key_content)
* [`private_key_type`](#private_key_type)
* [`provider`](#provider)
* [`source_alias`](#source_alias)
* [`source_password`](#source_password)
* [`storetype`](#storetype)
* [`target`](#target)
* [`trustcacerts`](#trustcacerts)

##### <a name="certificate"></a>`certificate`
* [`certificate`](#-java_ks--certificate)
* [`certificate_content`](#-java_ks--certificate_content)
* [`chain`](#-java_ks--chain)
* [`destkeypass`](#-java_ks--destkeypass)
* [`keytool_timeout`](#-java_ks--keytool_timeout)
* [`name`](#-java_ks--name)
* [`password_fail_reset`](#-java_ks--password_fail_reset)
* [`password_file`](#-java_ks--password_file)
* [`path`](#-java_ks--path)
* [`private_key`](#-java_ks--private_key)
* [`private_key_content`](#-java_ks--private_key_content)
* [`private_key_type`](#-java_ks--private_key_type)
* [`provider`](#-java_ks--provider)
* [`source_alias`](#-java_ks--source_alias)
* [`source_password`](#-java_ks--source_password)
* [`storetype`](#-java_ks--storetype)
* [`target`](#-java_ks--target)
* [`trustcacerts`](#-java_ks--trustcacerts)

##### <a name="-java_ks--certificate"></a>`certificate`

A file containing a server certificate, followed by zero or more intermediate certificate authorities.
All certificates will be placed in the keystore. This will autorequire the specified file.

##### <a name="certificate_content"></a>`certificate_content`
##### <a name="-java_ks--certificate_content"></a>`certificate_content`

A string containing a server certificate, followed by zero or more intermediate certificate authorities.
All certificates will be placed in the keystore.

##### <a name="chain"></a>`chain`
##### <a name="-java_ks--chain"></a>`chain`

The intermediate certificate authorities, if they are to be taken
from a file separate from the server certificate. This will autorequire the specified file.

##### <a name="destkeypass"></a>`destkeypass`
##### <a name="-java_ks--destkeypass"></a>`destkeypass`

The password used to protect the key in keystore.

##### <a name="keytool_timeout"></a>`keytool_timeout`
##### <a name="-java_ks--keytool_timeout"></a>`keytool_timeout`

Timeout for the keytool command in seconds.

Default value: `120`

##### <a name="name"></a>`name`
##### <a name="-java_ks--name"></a>`name`

namevar

The alias that is used to identify the entry in the keystore. This will be
converted to lowercase.

##### <a name="password_fail_reset"></a>`password_fail_reset`
##### <a name="-java_ks--password_fail_reset"></a>`password_fail_reset`

Valid values: ``true``, ``false``
Valid values: `true`, `false`

If the supplied password does not succeed in unlocking the
keystore file, then delete the keystore file and create a new one.
Default: false.

Default value: ``false``
Default value: `false`

##### <a name="password_file"></a>`password_file`
##### <a name="-java_ks--password_file"></a>`password_file`

The path to a file containing the password used to protect the
keystore. This cannot be used together with :password, but you must pass at least one of these parameters.

##### <a name="path"></a>`path`
##### <a name="-java_ks--path"></a>`path`

The search path used for command (keytool, openssl) execution.
Paths can be specified as an array or as a '

##### <a name="private_key"></a>`private_key`
##### <a name="-java_ks--private_key"></a>`private_key`

If you want an application to be a server and encrypt traffic,
you will need a private key. Private key entries in a keystore must be
accompanied by a signed certificate for the keytool provider. This parameter
allows you to specify the file name containing the private key. This will autorequire
the specified file.

##### <a name="private_key_content"></a>`private_key_content`
##### <a name="-java_ks--private_key_content"></a>`private_key_content`

If you want an application to be a server and encrypt traffic,
you will need a private key. Private key entries in a keystore must be
accompanied by a signed certificate for the keytool provider. This parameter allows you to specify the content
of the private key.

##### <a name="private_key_type"></a>`private_key_type`
##### <a name="-java_ks--private_key_type"></a>`private_key_type`

Valid values: `rsa`, `dsa`, `ec`

Expand All @@ -161,38 +161,38 @@ Valid options: <rsa>, <dsa>, <ec>. Defaults to <rsa>

Default value: `rsa`

##### <a name="provider"></a>`provider`
##### <a name="-java_ks--provider"></a>`provider`

The specific backend to use for this `java_ks` resource. You will seldom need to specify this --- Puppet will usually
discover the appropriate provider for your platform.

##### <a name="source_alias"></a>`source_alias`
##### <a name="-java_ks--source_alias"></a>`source_alias`

The source certificate alias

##### <a name="source_password"></a>`source_password`
##### <a name="-java_ks--source_password"></a>`source_password`

The source keystore password

##### <a name="storetype"></a>`storetype`
##### <a name="-java_ks--storetype"></a>`storetype`

Valid values: `jceks`, `pkcs12`, `jks`

Optional storetype
Valid options: <jceks>, <pkcs12>, <jks>

##### <a name="target"></a>`target`
##### <a name="-java_ks--target"></a>`target`

namevar

Destination file for the keystore. This will autorequire the parent directory of the file.

##### <a name="trustcacerts"></a>`trustcacerts`
##### <a name="-java_ks--trustcacerts"></a>`trustcacerts`

Valid values: ``true``, ``false``
Valid values: `true`, `false`

Certificate authorities aren't by default trusted so if you are adding a CA you need to set this to true.
Defaults to :false.

Default value: ``false``
Default value: `false`

1 change: 1 addition & 0 deletions lib/puppet/provider/java_ks/keytool.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,7 @@ def import_ks
]
cmd << '-trustcacerts' if @resource[:trustcacerts] == :true
cmd += ['-destkeypass', @resource[:destkeypass]] unless @resource[:destkeypass].nil?
cmd += ['-deststoretype', storetype] unless storetype.nil?

pwfile = password_file
run_command(cmd, @resource[:target], pwfile)
Expand Down
2 changes: 1 addition & 1 deletion lib/puppet/type/java_ks.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ def insync?(is)
unless is == :absent
current = provider.current.split('/')
latest = provider.latest.split('/')
return true if current.to_set.subset?(latest.to_set)
return true if latest.to_set.subset?(current.to_set)
end
end
end
Expand Down
10 changes: 3 additions & 7 deletions metadata.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "puppetlabs-java_ks",
"version": "4.4.0",
"version": "4.4.1",
"author": "puppetlabs",
"summary": "Manage arbitrary Java keystore files",
"license": "Apache-2.0",
Expand All @@ -14,7 +14,6 @@
{
"operatingsystem": "RedHat",
"operatingsystemrelease": [
"6",
"7",
"8",
"9"
Expand All @@ -30,14 +29,12 @@
{
"operatingsystem": "OracleLinux",
"operatingsystemrelease": [
"6",
"7"
]
},
{
"operatingsystem": "Scientific",
"operatingsystemrelease": [
"6",
"7"
]
},
Expand All @@ -51,7 +48,6 @@
{
"operatingsystem": "Debian",
"operatingsystemrelease": [
"9",
"10",
"11"
]
Expand Down Expand Up @@ -107,6 +103,6 @@
],
"description": "Uses a combination of keytool and Ruby openssl library to manage entries in a Java keystore.",
"template-url": "https://github.com/puppetlabs/pdk-templates.git#main",
"template-ref": "heads/main-0-g806810b",
"pdk-version": "2.4.0"
"template-ref": "tags/2.6.0-0-gd0490b9",
"pdk-version": "2.5.0"
}
6 changes: 4 additions & 2 deletions spec/unit/puppet/provider/java_ks/keytool_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -152,7 +152,8 @@
it 'executes openssl and keytool with specific options' do
expect(provider).to receive(:to_pkcs12).with("#{temp_dir}testing.stuff")
expect(provider).to receive(:run_command).with(['mykeytool', '-importkeystore', '-srcstoretype', 'PKCS12', '-destkeystore',
resource[:target], '-srckeystore', "#{temp_dir}testing.stuff", '-alias', resource[:name]], any_args)
resource[:target], '-srckeystore', "#{temp_dir}testing.stuff", '-alias',
resource[:name], '-deststoretype', :jceks], any_args)
provider.import_ks
end

Expand All @@ -161,7 +162,8 @@
dkp[:destkeypass] = 'keypass'
expect(provider).to receive(:to_pkcs12).with("#{temp_dir}testing.stuff")
expect(provider).to receive(:run_command).with(['mykeytool', '-importkeystore', '-srcstoretype', 'PKCS12', '-destkeystore',
dkp[:target], '-srckeystore', "#{temp_dir}testing.stuff", '-alias', dkp[:name], '-destkeypass', dkp[:destkeypass]], any_args)
dkp[:target], '-srckeystore', "#{temp_dir}testing.stuff", '-alias', dkp[:name],
'-destkeypass', dkp[:destkeypass], '-deststoretype', dkp[:storetype]], any_args)
provider.import_ks
end
end
Expand Down
4 changes: 2 additions & 2 deletions spec/unit/puppet/type/java_ks_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -212,8 +212,8 @@
it 'insync? should return true if subset of sha1 fingerprints match and state is :present' do
jks = jks_resource.dup
jks[:ensure] = :latest
allow(provider_var).to receive(:latest).and_return('9B:8B:23:4C:6A:9A:08:F6:4E:B6:01:23:EA:5A:E7:8F:6A/66:9B:8B:23:4C:6A:9A:08:F6:4E:B6:01:23:EA:5A')
allow(provider_var).to receive(:current).and_return('66:9B:8B:23:4C:6A:9A:08:F6:4E:B6:01:23:EA:5A')
allow(provider_var).to receive(:current).and_return('9B:8B:23:4C:6A:9A:08:F6:4E:B6:01:23:EA:5A:E7:8F:6A/66:9B:8B:23:4C:6A:9A:08:F6:4E:B6:01:23:EA:5A')
allow(provider_var).to receive(:latest).and_return('66:9B:8B:23:4C:6A:9A:08:F6:4E:B6:01:23:EA:5A')
expect(described_class.new(jks).property(:ensure)).to be_insync(:present)
end
end
Expand Down