CHANGELOG.md

@@ -1,5 +1,32 @@
 # Changelog
 
+## [13.0.0](https://github.com/theforeman/puppet-foreman/tree/13.0.0) (2019-10-25)
+
+[Full Changelog](https://github.com/theforeman/puppet-foreman/compare/12.2.0...13.0.0)
+
+**Breaking changes:**
+
+- Sunsetting foreman\_cockpit because functionality being integrated in remote execution [\#756](https://github.com/theforeman/puppet-foreman/pull/756) ([dgoetz](https://github.com/dgoetz))
+- Drop compatibility with Foreman 1.20 and older + puppetrun parameter [\#745](https://github.com/theforeman/puppet-foreman/pull/745) ([ekohl](https://github.com/ekohl))
+- Rewrite to support reverse proxy [\#677](https://github.com/theforeman/puppet-foreman/pull/677) ([ekohl](https://github.com/ekohl))
+
+**Implemented enhancements:**
+
+- Fixes [\#27932](https://projects.theforeman.org/issues/27932) - Add REX Cockpit support [\#760](https://github.com/theforeman/puppet-foreman/pull/760) ([ekohl](https://github.com/ekohl))
+- Drop Puppet \< 3.4 compatibility code [\#755](https://github.com/theforeman/puppet-foreman/pull/755) ([ekohl](https://github.com/ekohl))
+- Add supervisory\_authority plugin [\#754](https://github.com/theforeman/puppet-foreman/pull/754) ([laugmanuel](https://github.com/laugmanuel))
+- Rely on Puppet data types to ensure variables content is valid in apache::fragment [\#753](https://github.com/theforeman/puppet-foreman/pull/753) ([neomilium](https://github.com/neomilium))
+- Add support for foreman\_inventory\_upload plugin [\#749](https://github.com/theforeman/puppet-foreman/pull/749) ([ShimShtein](https://github.com/ShimShtein))
+- Implement a foreman::enc function [\#742](https://github.com/theforeman/puppet-foreman/pull/742) ([ekohl](https://github.com/ekohl))
+
+**Fixed bugs:**
+
+- Make SSL parameters optional within foreman::puppetmaster [\#752](https://github.com/theforeman/puppet-foreman/pull/752) ([gcoxmoz](https://github.com/gcoxmoz))
+
+**Merged pull requests:**
+
+- remove references to ruby193-\* packages [\#741](https://github.com/theforeman/puppet-foreman/pull/741) ([evgeni](https://github.com/evgeni))
+
 ## [12.2.0](https://github.com/theforeman/puppet-foreman/tree/12.2.0) (2019-06-12)
 
 [Full Changelog](https://github.com/theforeman/puppet-foreman/compare/12.1.0...12.2.0)

HISTORY.md

@@ -1,3 +1,121 @@
+## [13.0.0](https://github.com/theforeman/puppet-foreman/tree/13.0.0) (2019-10-24)
+
+[Full Changelog](https://github.com/theforeman/puppet-foreman/compare/12.2.0...13.0.0)
+
+**Breaking changes:**
+
+- Sunsetting foreman\_cockpit because functionality being integrated in remote execution [\#756](https://github.com/theforeman/puppet-foreman/pull/756) ([dgoetz](https://github.com/dgoetz))
+- Drop compatibility with Foreman 1.20 and older + puppetrun parameter [\#745](https://github.com/theforeman/puppet-foreman/pull/745) ([ekohl](https://github.com/ekohl))
+- Rewrite to support reverse proxy [\#677](https://github.com/theforeman/puppet-foreman/pull/677) ([ekohl](https://github.com/ekohl))
+
+**Implemented enhancements:**
+
+- Fixes [\#27932](https://projects.theforeman.org/issues/27932) - Add REX Cockpit support [\#760](https://github.com/theforeman/puppet-foreman/pull/760) ([ekohl](https://github.com/ekohl))
+- Drop Puppet \< 3.4 compatibility code [\#755](https://github.com/theforeman/puppet-foreman/pull/755) ([ekohl](https://github.com/ekohl))
+- Add supervisory\_authority plugin [\#754](https://github.com/theforeman/puppet-foreman/pull/754) ([laugmanuel](https://github.com/laugmanuel))
+- Rely on Puppet data types to ensure variables content is valid in apache::fragment [\#753](https://github.com/theforeman/puppet-foreman/pull/753) ([neomilium](https://github.com/neomilium))
+- Add support for foreman\_inventory\_upload plugin [\#749](https://github.com/theforeman/puppet-foreman/pull/749) ([ShimShtein](https://github.com/ShimShtein))
+- Implement a foreman::enc function [\#742](https://github.com/theforeman/puppet-foreman/pull/742) ([ekohl](https://github.com/ekohl))
+
+**Fixed bugs:**
+
+- Make SSL parameters optional within foreman::puppetmaster [\#752](https://github.com/theforeman/puppet-foreman/pull/752) ([gcoxmoz](https://github.com/gcoxmoz))
+
+**Merged pull requests:**
+
+- remove references to ruby193-\* packages [\#741](https://github.com/theforeman/puppet-foreman/pull/741) ([evgeni](https://github.com/evgeni))
+
+## [12.2.0](https://github.com/theforeman/puppet-foreman/tree/12.2.0) (2019-06-12)
+
+[Full Changelog](https://github.com/theforeman/puppet-foreman/compare/12.1.0...12.2.0)
+
+**Implemented enhancements:**
+
+- Use system packages on EL8 [\#734](https://github.com/theforeman/puppet-foreman/pull/734) ([ekohl](https://github.com/ekohl))
+
+**Merged pull requests:**
+
+- allow newer versions of dependencies [\#737](https://github.com/theforeman/puppet-foreman/pull/737) ([mmoll](https://github.com/mmoll))
+- Allow `puppetlabs/stdlib` 6.x [\#732](https://github.com/theforeman/puppet-foreman/pull/732) ([alexjfisher](https://github.com/alexjfisher))
+
+## [12.1.0](https://github.com/theforeman/puppet-foreman/tree/12.1.0) (2019-05-21)
+
+[Full Changelog](https://github.com/theforeman/puppet-foreman/compare/12.0.0...12.1.0)
+
+**Implemented enhancements:**
+
+- Add hammer plugin for foreman\_kubevirt [\#733](https://github.com/theforeman/puppet-foreman/pull/733) ([shiramax](https://github.com/shiramax))
+- Adding foreman\_kubevirt Plugin [\#730](https://github.com/theforeman/puppet-foreman/pull/730) ([masayag](https://github.com/masayag))
+- allow puppetlabs-apt 7.x and puppetlabs-postgresql 7.x [\#728](https://github.com/theforeman/puppet-foreman/pull/728) ([mmoll](https://github.com/mmoll))
+
+**Fixed bugs:**
+
+- Fixes [\#26695](https://projects.theforeman.org/issues/26695) - remove puppetdb\_dashboard\_address [\#729](https://github.com/theforeman/puppet-foreman/pull/729) ([mmoll](https://github.com/mmoll))
+
+## [12.0.0](https://github.com/theforeman/puppet-foreman/tree/12.0.0) (2019-04-18)
+
+[Full Changelog](https://github.com/theforeman/puppet-foreman/compare/11.0.1...12.0.0)
+
+**Breaking changes:**
+
+- Drop support for $use\_vhost [\#726](https://github.com/theforeman/puppet-foreman/pull/726) ([ekohl](https://github.com/ekohl))
+- Refactor running with a service to Foreman 1.22 [\#723](https://github.com/theforeman/puppet-foreman/pull/723) ([ekohl](https://github.com/ekohl))
+- drop Puppet 4 [\#719](https://github.com/theforeman/puppet-foreman/pull/719) ([mmoll](https://github.com/mmoll))
+
+**Implemented enhancements:**
+
+- Add Parameters for jobs\_service [\#725](https://github.com/theforeman/puppet-foreman/pull/725) ([cocker-cc](https://github.com/cocker-cc))
+- Refactor f::config::passenger to f::config::apache [\#722](https://github.com/theforeman/puppet-foreman/pull/722) ([ekohl](https://github.com/ekohl))
+- Add certname to error output in external\_node\_v2.rb [\#718](https://github.com/theforeman/puppet-foreman/pull/718) ([antaflos](https://github.com/antaflos))
+- Avoid processing fact yaml files with empty 'values' hash [\#717](https://github.com/theforeman/puppet-foreman/pull/717) ([antaflos](https://github.com/antaflos))
+- Expose options to the http and https vhosts [\#716](https://github.com/theforeman/puppet-foreman/pull/716) ([ekohl](https://github.com/ekohl))
+- add cors domains parameter [\#715](https://github.com/theforeman/puppet-foreman/pull/715) ([timogoebel](https://github.com/timogoebel))
+
+## [11.0.1](https://github.com/theforeman/puppet-foreman/tree/11.0.1) (2019-04-02)
+
+[Full Changelog](https://github.com/theforeman/puppet-foreman/compare/11.0.0...11.0.1)
+
+**Fixed bugs:**
+
+- Fixup yaml facts prior to parsing in node.rb [\#714](https://github.com/theforeman/puppet-foreman/pull/714) ([alexjfisher](https://github.com/alexjfisher))
+
+**Closed issues:**
+
+- Locations and Organizations get turned on by default in 11.0.0 and authentication off [\#711](https://github.com/theforeman/puppet-foreman/issues/711)
+
+**Merged pull requests:**
+
+- Clarify the defaults switched [\#712](https://github.com/theforeman/puppet-foreman/pull/712) ([ekohl](https://github.com/ekohl))
+
+## [11.0.0](https://github.com/theforeman/puppet-foreman/tree/11.0.0) (2019-01-14)
+
+[Full Changelog](https://github.com/theforeman/puppet-foreman/compare/10.0.0...11.0.0)
+
+**Breaking changes:**
+
+- Remove default repo management [\#708](https://github.com/theforeman/puppet-foreman/pull/708) ([ekohl](https://github.com/ekohl))
+- Fixes [\#25787](https://projects.theforeman.org/issues/25787) - Make login and taxonomy settings optional [\#707](https://github.com/theforeman/puppet-foreman/pull/707) ([tbrisker](https://github.com/tbrisker))
+- Fixes [\#25170](https://projects.theforeman.org/issues/25170) - Prefix user params with initial\_ [\#701](https://github.com/theforeman/puppet-foreman/pull/701) ([chris1984](https://github.com/chris1984))
+
+**Implemented enhancements:**
+
+- allow puppetlabs-apache 4.x [\#709](https://github.com/theforeman/puppet-foreman/pull/709) ([mmoll](https://github.com/mmoll))
+- Fixes [\#23054](https://projects.theforeman.org/issues/23054) - Refactor class inclusion [\#700](https://github.com/theforeman/puppet-foreman/pull/700) ([ekohl](https://github.com/ekohl))
+- Declare Foreman group explicitly [\#697](https://github.com/theforeman/puppet-foreman/pull/697) ([ehelms](https://github.com/ehelms))
+- Allow single node fact upload [\#692](https://github.com/theforeman/puppet-foreman/pull/692) ([ahmet2mir](https://github.com/ahmet2mir))
+- Clean up acceptance tests + make the apt repo parameters [\#687](https://github.com/theforeman/puppet-foreman/pull/687) ([ekohl](https://github.com/ekohl))
+- Add hammer plugin for foreman\_ansible [\#686](https://github.com/theforeman/puppet-foreman/pull/686) ([xprazak2](https://github.com/xprazak2))
+- Reuse initialize\_http in external\_node\_v2 [\#683](https://github.com/theforeman/puppet-foreman/pull/683) ([ekohl](https://github.com/ekohl))
+- Add Puppet 6 support [\#678](https://github.com/theforeman/puppet-foreman/pull/678) ([ekohl](https://github.com/ekohl))
+- namespace extlib functions [\#675](https://github.com/theforeman/puppet-foreman/pull/675) ([mmoll](https://github.com/mmoll))
+
+**Fixed bugs:**
+
+- fix foreman config location for ssl = false and use\_vhost = false [\#705](https://github.com/theforeman/puppet-foreman/pull/705) ([Dimonyga](https://github.com/Dimonyga))
+- Handle websockets\_encrypt as a boolean [\#702](https://github.com/theforeman/puppet-foreman/pull/702) ([ekohl](https://github.com/ekohl))
+- Fix wrong variable name in enc function [\#694](https://github.com/theforeman/puppet-foreman/pull/694) ([ahmet2mir](https://github.com/ahmet2mir))
+- Trying to fix rescue syntax in ENC script [\#685](https://github.com/theforeman/puppet-foreman/pull/685) ([qingbo](https://github.com/qingbo))
+
 ## [10.0.0](https://github.com/theforeman/puppet-foreman/tree/10.0.0) (2018-10-18)
 
 [Full Changelog](https://github.com/theforeman/puppet-foreman/compare/9.2.0...10.0.0)

README.md

@@ -51,23 +51,11 @@ previous stable release.
 
 ### Foreman version compatibility notes
 
-Running without passenger is only supported on Foreman 1.22+.
+This module targets Foreman 1.21+. Running without passenger is only supported
+on Foreman 1.23+.
 
-The parameters `locations_enabled`, `organizations_enabled` and `authentication`
-will only have any affect on Foreman 1.20 or older, in newer versions these
-settings have been removed.
-
-**Warning** Users configuring Foreman 1.20 and earlier will need to pay
-particular attention. Some defaults have been flipped, including all user
-authentication.
-
-| Setting                    | module 11.x with 1.20 | module 10.x with 1.20 |
-|----------------------------|-----------------------|-----------------------|
-| `authentication` (`login`) | false                 | true                  |
-| `locations_enabled`        | true                  | false                 |
-| `organizations_enabled `   | true                  | false                 |
-
-For Foreman 1.16 or older, please use the 9.x release series of this module.
+The Foreman userdata plugin has been merged into Foreman 1.23 and removed from
+this module.
 
 ## Running without passenger
 
@@ -76,7 +64,7 @@ To use this module without passenger, the `passenger` parameter must be set to
 is running.
 
 This introduces a soft dependency on `camptocamp-systemd`. This feature is only
-available on Foreman 1.22+.
+available on Foreman 1.23+.
 
 ## Types and providers
 
@@ -96,6 +84,34 @@ Foreman's database. Providers:
 * `rest_v3` provider uses API v2 with Ruby HTTP library, OAuth and JSON (default)
 * `rest_v2` provider uses API v2 with apipie-bindings and OAuth
 
+## Foreman ENC via hiera
+
+There is a function `foreman::enc` to retrieve the ENC data. This returns the
+data as a hash and can be used in Hiera. This requires the URL to use the
+Puppet CA infrastructure:
+
+```yaml
+---
+version: 5
+hierarchy:
+  - name: "Foreman ENC"
+    data_hash: foreman::enc
+    options:
+      url: https://foreman.example.com
+```
+
+It is also possible to use HTTP basic auth by adding a username/password to the
+URL in the form of `https://username:password@foreman.example.com`.
+
+Then within your manifests you can use `lookup`. For example, in
+`manifests/site.pp`:
+
+```puppet
+node default {
+  lookup('classes', {merge => unique}).include
+}
+```
+
 # Contributing
 
 * Fork the project

lib/puppet/functions/foreman/enc.rb

@@ -0,0 +1,109 @@
+Puppet::Functions.create_function(:'foreman::enc') do
+  dispatch :foreman_enc do
+    # Copied from Stdlib::HTTPUrl
+    param 'Struct[{url=>Pattern[/(?i:^https?:\/\/)/]}]', :options
+    param 'Puppet::LookupContext', :context
+  end
+
+  argument_mismatch :missing_path do
+    param 'Hash', :options
+    param 'Puppet::LookupContext', :context
+  end
+
+  def parse_error(body)
+    begin
+      require 'json'
+      content = JSON.parse(body)
+    rescue
+      content = body
+    end
+
+    begin
+      content['error']['message']
+    rescue
+      "Check Foreman's production log for more information."
+    end
+  end
+
+  def enc(url, certname)
+    # Doesn't support JSON
+    headers = { 'Accept' => 'application/yaml' }
+    options = {}
+    uri = URI.parse("#{url}/node/#{certname}?format=yml")
+
+    # The API doesn't accept SSL certificate authentication
+    if uri.user && uri.password
+      headers['Accept'] = 'application/json'
+      uri = URI.parse("#{url}/api/hosts/#{certname}/enc")
+      options[:basic_auth] = {
+        :user => uri.user,
+        :password => uri.password
+      }
+    end
+
+    use_ssl = uri.scheme == 'https'
+    ssl_context = use_ssl ? Puppet.lookup(:ssl_context) : nil
+    conn = Puppet::Network::HttpPool.connection(uri.host, uri.port, use_ssl: use_ssl, ssl_context: ssl_context)
+
+    # Puppetserver doesn't implement HTTP auth on get requests
+    # https://tickets.puppetlabs.com/browse/SERVER-2597
+    if defined?(Puppet::Server::HttpClient) && conn.is_a?(Puppet::Server::HttpClient) && options[:basic_auth]
+      require 'base64'
+      encoded = Base64.strict_encode64("#{options[:basic_auth][:user]}:#{options[:basic_auth][:password]}")
+      headers["Authorization"] = "Basic #{encoded}"
+    end
+
+    path = uri.path
+    path += "?#{uri.query}" if uri.query
+    response = conn.get(path, headers, options)
+
+    raise "#{response.class}; #{parse_error(response.body)} using #{conn}" unless response.code == "200"
+
+    case response['Content-Type'].split(';').first
+    when 'application/json'
+      require 'json'
+      data = JSON.parse(response.body)
+      raise Exception, "Empty JSON response from ENC" if data.nil?
+      data['data']
+    when 'application/yaml'
+      Puppet::Util::Yaml.safe_load(response.body, [Symbol])
+    when 'text/plain'
+      # The node data sends it as text/plain rather than application/yaml
+      Puppet::Util::Yaml.safe_load(response.body, [Symbol])
+    else
+      raise Exception, "Unable to handle content type #{response['Content-Type']}"
+    end
+  end
+
+  def foreman_enc(options, context)
+    begin
+      data = enc(options['url'], Puppet[:certname])
+    rescue Puppet::Util::Yaml::YamlLoadError => ex
+      raise Puppet::DataBinding::LookupError, _("Unable to parse %{message}") % { message: ex.message }
+    rescue Exception => ex
+      raise Puppet::DataBinding::LookupError, _("Unable to load ENC for %{certname} %{message}") % { certname: Puppet[:certname], message: ex.message }
+    end
+
+    result = {}
+
+    result.update(data['parameters']) if data['parameters']
+
+    if data['classes'].is_a?(Hash)
+      result['classes'] = data['classes'].keys
+
+      data['classes'].each_pair do |cls, parameters|
+        parameters.each_pair do |parameter, value|
+          result["#{cls}::#{parameter}"] = value
+        end
+      end
+    elsif data['classes'].is_a?(Array)
+      result['classes'] = data['classes']
+    end
+
+    result
+  end
+
+  def missing_path(options, context)
+    "'url' must be declared in hiera.yaml when using this data_hash function"
+  end
+end

lib/puppet/provider/foreman_config_entry/cli.rb

@@ -9,24 +9,14 @@
   def self.run_foreman_config(args = "", options = {})
     Dir.chdir('/usr/share/foreman') do
       command = "/usr/sbin/foreman-rake -- config #{args}"
-      if Puppet::PUPPETVERSION.to_f < 3.4
-        old_home = ENV['HOME']
-        begin
-          ENV['HOME'] = '/usr/share/foreman'
-          output, status = Puppet::Util::SUIDManager.run_and_capture(command, 'foreman', 'foreman')
-        ensure
-          ENV['HOME'] = old_home
-        end
-      else
-        output = Puppet::Util::Execution.execute(command,
-          { :failonfail         => false,
-            :combine            => false,
-            :custom_environment => { 'HOME' => '/usr/share/foreman' },
-            :uid                => 'foreman',
-            :gid                => 'foreman' }.merge(options)
-        )
-        status = $?
-      end
+      output = Puppet::Util::Execution.execute(command,
+        { :failonfail         => false,
+          :combine            => false,
+          :custom_environment => { 'HOME' => '/usr/share/foreman' },
+          :uid                => 'foreman',
+          :gid                => 'foreman' }.merge(options)
+      )
+      status = $?
       output if status.success?
     end
   end

manifests/config.pp

@@ -80,7 +80,7 @@
     ensure  => absent,
   }
 
-  if $::foreman::passenger  {
+  if $::foreman::apache  {
     contain foreman::config::apache
 
     if $::foreman::ipa_authentication {