From ee77abc6ea9ca114f8fec382522abfe56571daef Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Fri, 25 Jun 2021 11:42:07 +0200 Subject: [PATCH] Remove VCS install method This has been stuck on an old version and so far nobody has updated it to a recent version that actually works. Distribution packages just work. --- .fixtures.yml | 1 - README.md | 2 +- manifests/certonly.pp | 7 +- manifests/init.pp | 26 ++----- manifests/install.pp | 41 ++--------- metadata.json | 4 -- spec/acceptance/letsencrypt_spec.rb | 35 --------- spec/classes/letsencrypt_install_spec.rb | 87 +++++------------------ spec/classes/letsencrypt_spec.rb | 65 +++-------------- spec/defines/letsencrypt_certonly_spec.rb | 26 +++---- templates/renew-script.sh.erb | 2 +- 11 files changed, 56 insertions(+), 240 deletions(-) diff --git a/.fixtures.yml b/.fixtures.yml index adba068b..f9baf1c2 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -3,7 +3,6 @@ fixtures: epel: 'https://github.com/voxpupuli/puppet-epel.git' inifile: 'https://github.com/puppetlabs/puppetlabs-inifile.git' stdlib: 'https://github.com/puppetlabs/puppetlabs-stdlib.git' - vcsrepo: 'https://github.com/puppetlabs/puppetlabs-vcsrepo.git' yumrepo_core: repo: https://github.com/puppetlabs/puppetlabs-yumrepo_core.git puppet_version: ">= 6.0.0" diff --git a/README.md b/README.md index dbc93d4e..7a841d5f 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,7 @@ class { 'letsencrypt': } ``` -If using Ubuntu16.04 with `install_method` to default `package`, you can enforce upgrade of package from 0.4 to 0.7 with : +You can enforce upgrade of package to the latest available version (in your repositories): ```puppet class { 'letsencrypt': diff --git a/manifests/certonly.pp b/manifests/certonly.pp index b639fc95..2b46b843 100644 --- a/manifests/certonly.pp +++ b/manifests/certonly.pp @@ -16,8 +16,8 @@ # `webroot_paths` are not the same length, the last `webroot_paths` # element will be used for all subsequent domains. # @param letsencrypt_command Command to run letsencrypt -# @param additional_args An array of additional command line arguments to pass to the `letsencrypt-auto` command. -# @param environment An optional array of environment variables (in addition to VENV_PATH). +# @param additional_args An array of additional command line arguments to pass to the `letsencrypt` command. +# @param environment An optional array of environment variables # @param key_size Size for the RSA public key # @param manage_cron # Indicating whether or not to schedule cron job for renewal. @@ -157,7 +157,6 @@ ]).filter | $arg | { $arg =~ NotUndef and $arg != [] } $command = join($_command, ' ') - $execution_environment = ["VENV_PATH=${letsencrypt::venv_path}",] + $environment $verify_domains = join(unique($domains), '\' \'') if $ensure == 'present' { @@ -170,7 +169,7 @@ command => $command, * => $exec_ensure, path => $facts['path'], - environment => $execution_environment, + environment => $environment, provider => 'shell', require => [ Class['letsencrypt'], diff --git a/manifests/init.pp b/manifests/init.pp index d72707b2..261e8f7f 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -13,11 +13,7 @@ # @param email # The email address to use to register with Let's Encrypt. This takes # precedence over an 'email' setting defined in $config. -# @param path The path to the letsencrypt installation. -# @param venv_path virtualenv path for vcs-installed Certbot -# @param environment An optional array of environment variables (in addition to VENV_PATH) -# @param repo A Git URL to install the Let's encrypt client from. -# @param version The Git ref (tag, sha, branch) to check out when installing the client with the `vcs` method. +# @param environment An optional array of environment variables # @param package_name Name of package and command to use when installing the client with the `package` method. # @param package_ensure The value passed to `ensure` when installing the client with the `package` method. # @param package_command Path or name for letsencrypt executable when installing the client with the `package` method. @@ -29,7 +25,6 @@ # @param manage_install A feature flag to toggle the management of the letsencrypt client installation. # @param manage_dependencies A feature flag to toggle the management of the letsencrypt dependencies. # @param configure_epel A feature flag to include the 'epel' class and depend on it for package installation. -# @param install_method Method to install the letsencrypt client, either package or vcs. # @param agree_tos A flag to agree to the Let's Encrypt Terms of Service. # @param unsafe_registration A flag to allow using the 'register-unsafely-without-email' flag. # @param config_dir The path to the configuration directory. @@ -59,11 +54,7 @@ class letsencrypt ( Boolean $configure_epel, Optional[String] $email = undef, - String $path = '/opt/letsencrypt', - $venv_path = '/opt/letsencrypt/.venv', Array $environment = [], - String $repo = 'https://github.com/certbot/certbot.git', - String $version = 'v0.39.0', String $package_name = 'certbot', $package_ensure = 'installed', String $package_command = 'certbot', @@ -75,7 +66,6 @@ Boolean $manage_config = true, Boolean $manage_install = true, Boolean $manage_dependencies = true, - Enum['package', 'vcs'] $install_method = 'package', Boolean $agree_tos = true, Boolean $unsafe_registration = false, Integer[2048] $key_size = 4096, @@ -95,15 +85,7 @@ Class['letsencrypt::install'] -> Class['letsencrypt::renew'] } - $command = $install_method ? { - 'package' => $package_command, - 'vcs' => "${venv_path}/bin/letsencrypt", - } - - $command_init = $install_method ? { - 'package' => $package_command, - 'vcs' => "${path}/letsencrypt-auto", - } + $command = $package_command if $manage_config { contain letsencrypt::config # lint:ignore:relative_classname_inclusion @@ -114,9 +96,9 @@ # TODO: do we need this command when installing from package? exec { 'initialize letsencrypt': - command => "${command_init} -h", + command => "${package_command} -h", path => $facts['path'], - environment => concat(["VENV_PATH=${venv_path}"], $environment), + environment => $environment, refreshonly => true, } diff --git a/manifests/install.pp b/manifests/install.pp index 0ba33134..c46f33c8 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -1,48 +1,21 @@ # @summary Installs the Let's Encrypt client. # -# @param manage_install A feature flag to toggle the management of the letsencrypt client installation. -# @param manage_dependencies A feature flag to toggle the management of the letsencrypt dependencies. # @param configure_epel A feature flag to include the 'epel' class and depend on it for package installation. -# @param install_method Method to install the letsencrypt client -# @param path The path to the letsencrypt installation. -# @param repo A Git URL to install the Let's encrypt client from. -# @param version The Git ref (tag, sha, branch) to check out when installing the client with the `vcs` method. # @param package_ensure The value passed to `ensure` when installing the client with the `package` method. # @param package_name Name of package to use when installing the client with the `package` method. # class letsencrypt::install ( - Boolean $manage_install = $letsencrypt::manage_install, - Boolean $manage_dependencies = $letsencrypt::manage_dependencies, Boolean $configure_epel = $letsencrypt::configure_epel, - Enum['package', 'vcs'] $install_method = $letsencrypt::install_method, String $package_name = $letsencrypt::package_name, String $package_ensure = $letsencrypt::package_ensure, - String $path = $letsencrypt::path, - String $repo = $letsencrypt::repo, - String $version = $letsencrypt::version, ) { - if $install_method == 'vcs' { - if $manage_dependencies { - $dependencies = ['python', 'git'] - ensure_packages($dependencies) - Package[$dependencies] -> Vcsrepo[$path] - } - - vcsrepo { $path: - ensure => present, - provider => git, - source => $repo, - revision => $version, - } - } else { - package { 'letsencrypt': - ensure => $package_ensure, - name => $package_name, - } + package { 'letsencrypt': + ensure => $package_ensure, + name => $package_name, + } - if $configure_epel { - include epel - Class['epel'] -> Package['letsencrypt'] - } + if $configure_epel { + include epel + Class['epel'] -> Package['letsencrypt'] } } diff --git a/metadata.json b/metadata.json index ffdcb605..09d6a3be 100644 --- a/metadata.json +++ b/metadata.json @@ -75,10 +75,6 @@ "name": "puppetlabs/inifile", "version_requirement": ">= 2.0.0 < 5.0.0" }, - { - "name": "puppetlabs/vcsrepo", - "version_requirement": ">= 2.0.0 < 4.0.0" - }, { "name": "puppet/epel", "version_requirement": ">= 3.0.1 < 4.0.0" diff --git a/spec/acceptance/letsencrypt_spec.rb b/spec/acceptance/letsencrypt_spec.rb index 7c30e7b0..38c0d04d 100644 --- a/spec/acceptance/letsencrypt_spec.rb +++ b/spec/acceptance/letsencrypt_spec.rb @@ -27,39 +27,4 @@ class { 'letsencrypt' : its(:content) { is_expected.to match %r{email = letsregister@example.com} } end end - - context 'with install_method => vcs' do - pp = %( - class { 'letsencrypt' : - install_method => 'vcs', - email => 'letsregister@example.com', - config => { - 'server' => 'https://acme-staging-v02.api.letsencrypt.org/directory', - }, - } - ) - - it 'installs letsencrypt without error' do - apply_manifest(pp, catch_failures: true) - end - it 'installs letsencrypt idempotently' do - apply_manifest(pp, catch_changes: true) - end - - describe file('/etc/letsencrypt/cli.ini') do - it { is_expected.to be_file } - it { is_expected.to be_owned_by 'root' } - it { is_expected.to be_grouped_into 'root' } - it { is_expected.to be_mode 644 } - its(:content) { is_expected.to match %r{server = https://acme-staging-v02.api.letsencrypt.org/directory} } - its(:content) { is_expected.to match %r{email = letsregister@example.com} } - end - - describe file('/opt/letsencrypt/.venv/bin/certbot') do - it { is_expected.to be_file } - it { is_expected.to be_owned_by 'root' } - it { is_expected.to be_grouped_into 'root' } - it { is_expected.to be_mode 755 } - end - end end diff --git a/spec/classes/letsencrypt_install_spec.rb b/spec/classes/letsencrypt_install_spec.rb index 46a807cc..75105856 100644 --- a/spec/classes/letsencrypt_install_spec.rb +++ b/spec/classes/letsencrypt_install_spec.rb @@ -7,11 +7,6 @@ { configure_epel: false, package_ensure: 'installed', - manage_install: true, - manage_dependencies: true, - path: '/opt/letsencrypt', - repo: 'https://github.com/certbot/certbot.git', - version: 'v0.30.2', package_name: 'letsencrypt' } end @@ -22,79 +17,29 @@ facts end - describe 'with install_method => package' do - let(:additional_params) { { install_method: 'package' } } + it { is_expected.to compile.with_all_deps } - it { is_expected.to compile } - - it 'contains the correct resources' do - is_expected.not_to contain_vcsrepo('/opt/letsencrypt') - is_expected.not_to contain_package('python') - is_expected.not_to contain_package('git') - - is_expected.to contain_package('letsencrypt').with_ensure('installed') - end - - describe 'with package_ensure => 0.3.0-1.el7' do - let(:additional_params) { { install_method: 'package', package_ensure: '0.3.0-1.el7' } } - - it { is_expected.to compile } - it { is_expected.to contain_package('letsencrypt').with_ensure('0.3.0-1.el7') } - end - - case facts[:osfamily] - when 'RedHat' - describe 'with configure_epel => true' do - let(:additional_params) { { install_method: 'package', configure_epel: true } } - - it { is_expected.to compile } - - it 'contains the correct resources' do - is_expected.to contain_class('epel') - is_expected.to contain_package('letsencrypt').that_requires('Class[epel]') - end - end - end + it 'contains the correct resources' do + is_expected.to contain_package('letsencrypt').with_ensure('installed') end - describe 'with install_method => vcs' do - let(:additional_params) { { install_method: 'vcs' } } - - it { is_expected.to compile } + describe 'with package_ensure => 0.3.0-1.el7' do + let(:additional_params) { { package_ensure: '0.3.0-1.el7' } } - it 'contains the correct resources' do - is_expected.to contain_vcsrepo('/opt/letsencrypt').with(source: 'https://github.com/certbot/certbot.git', - revision: 'v0.30.2') - is_expected.to contain_package('python') - is_expected.to contain_package('git') - - is_expected.not_to contain_package('letsencrypt') - end - - describe 'with custom path' do - let(:additional_params) { { install_method: 'vcs', path: '/usr/lib/letsencrypt' } } - - it { is_expected.to contain_vcsrepo('/usr/lib/letsencrypt') } - end - - describe 'with custom repo' do - let(:additional_params) { { install_method: 'vcs', repo: 'git://foo.com/letsencrypt.git' } } - - it { is_expected.to contain_vcsrepo('/opt/letsencrypt').with_source('git://foo.com/letsencrypt.git') } - end - - describe 'with custom version' do - let(:additional_params) { { install_method: 'vcs', version: 'foo' } } + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_package('letsencrypt').with_ensure('0.3.0-1.el7') } + end - it { is_expected.to contain_vcsrepo('/opt/letsencrypt').with_revision('foo') } - end + case facts[:osfamily] + when 'RedHat' + describe 'with configure_epel => true' do + let(:additional_params) { { configure_epel: true } } - describe 'with manage_dependencies set to false' do - let(:additional_params) { { install_method: 'vcs', manage_dependencies: false } } + it { is_expected.to compile.with_all_deps } - it 'does not contain the dependencies' do - is_expected.not_to contain_package('git') - is_expected.not_to contain_package('python') + it 'contains the correct resources' do + is_expected.to contain_class('epel') + is_expected.to contain_package('letsencrypt').that_requires('Class[epel]') end end end diff --git a/spec/classes/letsencrypt_spec.rb b/spec/classes/letsencrypt_spec.rb index 1a5e6154..1b591645 100644 --- a/spec/classes/letsencrypt_spec.rb +++ b/spec/classes/letsencrypt_spec.rb @@ -28,14 +28,10 @@ it 'contains the correct resources' do is_expected.to contain_class('letsencrypt::install'). - with(configure_epel: epel, - manage_install: true, - manage_dependencies: true, - repo: 'https://github.com/certbot/certbot.git', - version: 'v0.39.0'). + with(configure_epel: epel). that_notifies('Exec[initialize letsencrypt]'). that_comes_before('Class[letsencrypt::renew]') - is_expected.to contain_exec('initialize letsencrypt') + is_expected.to contain_exec('initialize letsencrypt').with_command('certbot -h') is_expected.to contain_class('letsencrypt::config').that_comes_before('Exec[initialize letsencrypt]') is_expected.to contain_class('letsencrypt::renew'). with(pre_hook_commands: [], @@ -69,58 +65,39 @@ else is_expected.not_to contain_class('epel') end - is_expected.to contain_class('letsencrypt::install').with(install_method: 'package').with(package_name: 'certbot') + is_expected.to contain_class('letsencrypt::install').with(package_name: 'certbot') is_expected.to contain_class('letsencrypt').with(package_command: 'certbot') is_expected.to contain_package('letsencrypt').with(name: 'certbot') is_expected.to contain_file('/etc/letsencrypt').with(ensure: 'directory') elsif facts[:osfamily] == 'Debian' - is_expected.to contain_class('letsencrypt::install').with(install_method: 'package').with(package_name: 'certbot') + is_expected.to contain_class('letsencrypt::install').with(package_name: 'certbot') is_expected.to contain_file('/etc/letsencrypt').with(ensure: 'directory') elsif facts[:operatingsystem] == 'Gentoo' - is_expected.to contain_class('letsencrypt::install').with(install_method: 'package').with(package_name: 'app-crypt/certbot') + is_expected.to contain_class('letsencrypt::install').with(package_name: 'app-crypt/certbot') is_expected.to contain_class('letsencrypt').with(package_command: 'certbot') is_expected.to contain_package('letsencrypt').with(name: 'app-crypt/certbot') is_expected.to contain_file('/etc/letsencrypt').with(ensure: 'directory') elsif facts[:operatingsystem] == 'OpenBSD' - is_expected.to contain_class('letsencrypt::install').with(install_method: 'package').with(package_name: 'certbot') + is_expected.to contain_class('letsencrypt::install').with(package_name: 'certbot') is_expected.to contain_class('letsencrypt').with(package_command: 'certbot') is_expected.to contain_package('letsencrypt').with(name: 'certbot') is_expected.to contain_file('/etc/letsencrypt').with(ensure: 'directory') elsif facts[:operatingsystem] == 'FreeBSD' - is_expected.to contain_class('letsencrypt::install').with(install_method: 'package').with(package_name: 'py27-certbot') + is_expected.to contain_class('letsencrypt::install').with(package_name: 'py27-certbot') is_expected.to contain_class('letsencrypt').with(package_command: 'certbot') is_expected.to contain_package('letsencrypt').with(name: 'py27-certbot') is_expected.to contain_file('/usr/local/etc/letsencrypt').with(ensure: 'directory') else - is_expected.to contain_class('letsencrypt::install').with(install_method: 'vcs') + is_expected.to contain_class('letsencrypt::install') is_expected.to contain_file('/etc/letsencrypt').with(ensure: 'directory') end end end # describe 'with defaults' - describe 'with custom path' do - let(:additional_params) { { path: '/usr/lib/letsencrypt', install_method: 'vcs' } } - - it { is_expected.to contain_class('letsencrypt::install').with_path('/usr/lib/letsencrypt') } - it { is_expected.to contain_exec('initialize letsencrypt').with_command('/usr/lib/letsencrypt/letsencrypt-auto -h') } - end - describe 'with custom environment variables' do let(:additional_params) { { environment: ['FOO=bar', 'FIZZ=buzz'] } } - it { is_expected.to contain_exec('initialize letsencrypt').with_environment(['VENV_PATH=/opt/letsencrypt/.venv', 'FOO=bar', 'FIZZ=buzz']) } - end - - describe 'with custom repo' do - let(:additional_params) { { repo: 'git://foo.com/letsencrypt.git' } } - - it { is_expected.to contain_class('letsencrypt::install').with_repo('git://foo.com/letsencrypt.git') } - end - - describe 'with custom version' do - let(:additional_params) { { version: 'foo' } } - - it { is_expected.to contain_class('letsencrypt::install').with_path('/opt/letsencrypt').with_version('foo') } + it { is_expected.to contain_exec('initialize letsencrypt').with_environment(['FOO=bar', 'FIZZ=buzz']) } end describe 'with custom package_ensure' do @@ -158,20 +135,6 @@ it { is_expected.not_to contain_class('letsencrypt::install') } end - describe 'with install_method => package' do - let(:additional_params) { { install_method: 'package', package_command: 'letsencrypt' } } - - it { is_expected.to contain_class('letsencrypt::install').with_install_method('package') } - it { is_expected.to contain_exec('initialize letsencrypt').with_command('letsencrypt -h') } - end - - describe 'with install_method => vcs' do - let(:additional_params) { { install_method: 'vcs' } } - - it { is_expected.to contain_class('letsencrypt::install').with_install_method('vcs') } - it { is_expected.to contain_exec('initialize letsencrypt').with_command('/opt/letsencrypt/letsencrypt-auto -h') } - end - describe 'with custom config directory' do let(:additional_params) { { config_dir: '/foo/bar/baz' } } @@ -205,9 +168,7 @@ describe 'renew_cron_ensure' do let(:additional_params) do - { install_method: 'package', - package_command: 'certbot', - renew_cron_ensure: 'present', + { renew_cron_ensure: 'present', renew_cron_hour: 0, renew_cron_minute: 0 } end @@ -231,8 +192,6 @@ describe 'renew_cron_ensure and hooks' do let(:additional_params) do { config_dir: '/etc/letsencrypt', - install_method: 'package', - package_command: 'certbot', renew_cron_ensure: 'present', renew_pre_hook_commands: ['PreBar'], renew_post_hook_commands: ['PostBar'], @@ -248,9 +207,7 @@ describe 'renew_cron_ensure and additional args' do let(:additional_params) do - { install_method: 'package', - package_command: 'certbot', - renew_cron_ensure: 'present', + { renew_cron_ensure: 'present', renew_additional_args: ['AdditionalBar'] } end diff --git a/spec/defines/letsencrypt_certonly_spec.rb b/spec/defines/letsencrypt_certonly_spec.rb index 63028b71..b4e61bcc 100644 --- a/spec/defines/letsencrypt_certonly_spec.rb +++ b/spec/defines/letsencrypt_certonly_spec.rb @@ -172,7 +172,7 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_command('"/var/lib/puppet/letsencrypt/renew-foo.example.com.sh"').with_ensure('present') } - it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a apache --cert-name 'foo.example.com' -d 'foo.example.com'\n") } + it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a apache --cert-name 'foo.example.com' -d 'foo.example.com'\n") } end context 'with hook' do @@ -228,7 +228,7 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_hour(13).with_ensure('present') } - it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") } + it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") } end context 'with manage_cron and out of range defined cron_hour (integer)' do @@ -255,7 +255,7 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_hour('00').with_ensure('present') } - it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") } + it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") } end context 'with manage_cron and defined cron_hour (array)' do @@ -269,7 +269,7 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_hour([1, 13]).with_ensure('present') } - it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") } + it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") } end context 'with manage_cron and defined cron_minute (integer)' do @@ -283,7 +283,7 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_minute(15).with_ensure('present') } - it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") } + it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") } end context 'with manage_cron and out of range defined cron_hour (integer)' do @@ -310,7 +310,7 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_minute('15').with_ensure('present') } - it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") } + it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") } end context 'with manage_cron and defined cron_minute (array)' do @@ -324,7 +324,7 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_minute([0, 30]).with_ensure('present') } - it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") } + it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") } end context 'with manage_cron and ensure absent' do @@ -354,7 +354,7 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_file('/tmp/custom_vardir/letsencrypt').with_ensure('directory') } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_command '"/tmp/custom_vardir/letsencrypt/renew-foo.example.com.sh"' } - it { is_expected.to contain_file('/tmp/custom_vardir/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a apache --cert-name 'foo.example.com' -d 'foo.example.com'\n") } + it { is_expected.to contain_file('/tmp/custom_vardir/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a apache --cert-name 'foo.example.com' -d 'foo.example.com'\n") } end context 'with custom plugin and manage cron and cron_success_command' do @@ -370,7 +370,7 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_command '"/var/lib/puppet/letsencrypt/renew-foo.example.com.sh"' } - it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\n(echo before) && letsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a apache --cert-name 'foo.example.com' -d 'foo.example.com' && (echo success)\n") } + it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\n(echo before) && letsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a apache --cert-name 'foo.example.com' -d 'foo.example.com' && (echo success)\n") } end context 'without plugin' do @@ -401,7 +401,7 @@ class { 'letsencrypt::plugin::dns_route53': let(:params) { { environment: ['FOO=bar', 'FIZZ=buzz'] } } it { is_expected.to compile.with_all_deps } - it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_environment(['VENV_PATH=/opt/letsencrypt/.venv', 'FOO=bar', 'FIZZ=buzz']) } + it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_environment(['FOO=bar', 'FIZZ=buzz']) } end context 'with custom environment variables and manage_cron' do @@ -409,7 +409,7 @@ class { 'letsencrypt::plugin::dns_route53': let(:params) { { environment: ['FOO=bar', 'FIZZ=buzz'], manage_cron: true } } it { is_expected.to compile.with_all_deps } - it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_content "#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nexport FOO=bar\nexport FIZZ=buzz\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n" } + it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_content "#!/bin/sh\nexport FOO=bar\nexport FIZZ=buzz\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n" } end context 'with manage cron and suppress_cron_output' do\ @@ -421,7 +421,7 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_command('"/var/lib/puppet/letsencrypt/renew-foo.example.com.sh"').with_ensure('present') } - it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com' > /dev/null 2>&1\n") } + it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com' > /dev/null 2>&1\n") } end context 'with manage cron and custom day of month' do @@ -433,7 +433,7 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with(monthday: [1, 15]).with_ensure('present') } - it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") } + it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") } end context 'with custom config_dir' do diff --git a/templates/renew-script.sh.erb b/templates/renew-script.sh.erb index 8ff4b80d..a77cde55 100644 --- a/templates/renew-script.sh.erb +++ b/templates/renew-script.sh.erb @@ -1,5 +1,5 @@ #!/bin/sh -<%- @execution_environment.each do |environment| -%> +<%- @environment.each do |environment| -%> export <%= environment %> <%- end -%> <%= @cron_cmd %>