From 5fa826a83625012fc9b46d68a99f04e50a09b340 Mon Sep 17 00:00:00 2001 From: Fabien COMBERNOUS Date: Mon, 29 Jul 2019 09:32:35 +0200 Subject: [PATCH 01/68] enable acceptance with debian10 --- .sync.yml | 1 + .travis.yml | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/.sync.yml b/.sync.yml index f779bab4..408c0b35 100644 --- a/.sync.yml +++ b/.sync.yml @@ -3,6 +3,7 @@ docker_sets: - set: centos7-64 - set: debian9-64 + - set: debian10-64 - set: fedora29-64 - set: fedora30-64 - set: ubuntu1604-64 diff --git a/.travis.yml b/.travis.yml index eaf2b867..0d9655b9 100644 --- a/.travis.yml +++ b/.travis.yml @@ -39,6 +39,14 @@ matrix: bundler_args: --without development release env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=debian9-64 BEAKER_HYPERVISOR=docker CHECK=beaker services: docker + - rvm: 2.5.3 + bundler_args: --without development release + env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=debian10-64 BEAKER_HYPERVISOR=docker CHECK=beaker + services: docker + - rvm: 2.5.3 + bundler_args: --without development release + env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=debian10-64 BEAKER_HYPERVISOR=docker CHECK=beaker + services: docker - rvm: 2.5.3 bundler_args: --without development release env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=fedora29-64 BEAKER_HYPERVISOR=docker CHECK=beaker From accaa4be99ebe0f9cd4134bff6e7305785f30eb6 Mon Sep 17 00:00:00 2001 From: Alexandre Ellert Date: Thu, 8 Aug 2019 04:21:33 +0200 Subject: [PATCH 02/68] :tada: Add certbot-dns-ovh plugin support --- manifests/certonly.pp | 11 +++++++ manifests/params.pp | 10 +++++++ manifests/plugin/dns_ovh.pp | 59 +++++++++++++++++++++++++++++++++++++ types/plugin.pp | 2 +- 4 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 manifests/plugin/dns_ovh.pp diff --git a/manifests/certonly.pp b/manifests/certonly.pp index 5eaacdd1..e61a87ab 100644 --- a/manifests/certonly.pp +++ b/manifests/certonly.pp @@ -118,6 +118,17 @@ ] } + 'dns-ovh': { + require letsencrypt::plugin::dns_ovh + $_domains = join($domains, '\' -d \'') + $plugin_args = [ + "--cert-name '${title}' -d", + "'${_domains}'", + "--dns-ovh-credentials ${letsencrypt::plugin::dns_ovh::config_dir}/dns-ovh.ini", + "--dns-ovh-propagation-seconds ${letsencrypt::plugin::dns_ovh::propagation_seconds}", + ] + } + default: { if $ensure == 'present' { $_domains = join($domains, '\' -d \'') diff --git a/manifests/params.pp b/manifests/params.pp index 6ed6409f..bf8e8099 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -22,6 +22,7 @@ $package_command = 'certbot' $config_dir = '/etc/letsencrypt' $dns_rfc2136_package_name = 'python3-certbot-dns-rfc2136' + $dns_ovh_package_name = 'python3-certbot-dns-ovh' } elsif $facts['osfamily'] == 'RedHat' { $install_method = 'package' $package_name = 'certbot' @@ -29,8 +30,10 @@ $config_dir = '/etc/letsencrypt' if $facts['operatingsystemmajrelease'] == '7' { $dns_rfc2136_package_name = 'python2-certbot-dns-rfc2136' + $dns_ovh_package_name = 'python2-certbot-dns-ovh' } else { $dns_rfc2136_package_name = 'python3-certbot-dns-rfc2136' + $dns_ovh_package_name = 'python3-certbot-dns-ovh' } } elsif $facts['osfamily'] == 'Gentoo' { $install_method = 'package' @@ -38,24 +41,28 @@ $package_command = 'certbot' $config_dir = '/etc/letsencrypt' $dns_rfc2136_package_name = undef + $dns_ovh_package_name = undef } elsif $facts['osfamily'] == 'OpenBSD' { $install_method = 'package' $package_name = 'certbot' $package_command = 'certbot' $config_dir = '/etc/letsencrypt' $dns_rfc2136_package_name = undef + $dns_ovh_package_name = undef } elsif $facts['osfamily'] == 'FreeBSD' { $install_method = 'package' $package_name = 'py27-certbot' $package_command = 'certbot' $config_dir = '/usr/local/etc/letsencrypt' $dns_rfc2136_package_name = undef + $dns_ovh_package_name = undef } else { $install_method = 'vcs' $package_name = 'letsencrypt' $package_command = 'letsencrypt' $config_dir = '/etc/letsencrypt' $dns_rfc2136_package_name = undef + $dns_ovh_package_name = undef } $config_file = "${config_dir}/cli.ini" @@ -82,4 +89,7 @@ $dns_rfc2136_algorithm = 'HMAC-SHA512' $dns_rfc2136_propagation_seconds = 10 + $dns_ovh_manage_package = true + $dns_ovh_propagation_seconds = 30 + } diff --git a/manifests/plugin/dns_ovh.pp b/manifests/plugin/dns_ovh.pp new file mode 100644 index 00000000..12f46ef1 --- /dev/null +++ b/manifests/plugin/dns_ovh.pp @@ -0,0 +1,59 @@ +# == Class: letsencrypt::plugin::dns_ovh +# +# This class installs and configures the Let's Encrypt dns-ovh plugin. +# https://certbot-dns-ovh.readthedocs.io +# +# === Parameters: +# +# [*endpoint*] +# Target OVH DNS endpoint. +# [*application_key*] +# OVH application key. +# [*application_secret*] +# DNS OVH application secret. +# [*consumer_key*] +# DNS OVH consumer key. +# [*manage_package*] +# Manage the plugin package. +# [*package_name*] +# The name of the package to install when $manage_package is true. +# [*config_dir*] +# The path to the configuration directory. +# +class letsencrypt::plugin::dns_ovh ( + Enum['ovh-eu', 'ovh-ca'] $endpoint, + String[1] $application_key, + String[1] $application_secret, + String[1] $consumer_key, + Integer $propagation_seconds = $letsencrypt::dns_ovh_propagation_seconds, + Stdlib::Absolutepath $config_dir = $letsencrypt::config_dir, + Boolean $manage_package = $letsencrypt::dns_ovh_manage_package, + String $package_name = $letsencrypt::dns_ovh_package_name, +) { + + if $manage_package { + package { $package_name: + ensure => installed, + } + } + + $ini_vars = { + dns_ovh_endpoint => $endpoint, + dns_ovh_application_key => $application_key, + dns_ovh_application_secret => $application_secret, + dns_ovh_consumer_key => $consumer_key, + dns_ovh_propagation_seconds => $propagation_seconds, + } + + file { "${config_dir}/dns-ovh.ini": + ensure => file, + owner => 'root', + group => 'root', + mode => '0400', + content => epp('letsencrypt/ini.epp', { + vars => { '' => $ini_vars }, + }), + require => Class['letsencrypt'], + } + +} diff --git a/types/plugin.pp b/types/plugin.pp index d24eb26b..536d5709 100644 --- a/types/plugin.pp +++ b/types/plugin.pp @@ -1 +1 @@ -type Letsencrypt::Plugin = Enum['apache', 'standalone', 'webroot', 'nginx', 'dns-route53', 'dns-google', 'dns-cloudflare', 'dns-rfc2136'] +type Letsencrypt::Plugin = Enum['apache', 'standalone', 'webroot', 'nginx', 'dns-route53', 'dns-google', 'dns-cloudflare', 'dns-rfc2136', 'dns-ovh'] From 1175fcc8073f2affb27a124367e017592c0aba83 Mon Sep 17 00:00:00 2001 From: Alexandre Ellert Date: Thu, 8 Aug 2019 13:50:42 +0200 Subject: [PATCH 03/68] format using puppet-strings style --- manifests/plugin/dns_ovh.pp | 33 +++++++++++++++++++++++---------- 1 file changed, 23 insertions(+), 10 deletions(-) diff --git a/manifests/plugin/dns_ovh.pp b/manifests/plugin/dns_ovh.pp index 12f46ef1..a72ec3e9 100644 --- a/manifests/plugin/dns_ovh.pp +++ b/manifests/plugin/dns_ovh.pp @@ -1,23 +1,36 @@ -# == Class: letsencrypt::plugin::dns_ovh +# @summary This class installs and configures the Let's Encrypt dns-ovh plugin. # -# This class installs and configures the Let's Encrypt dns-ovh plugin. -# https://certbot-dns-ovh.readthedocs.io +# @example Basic usage +# class { 'letsencrypt::plugin::dns_ovh': +# endpoint => 'ovh-eu', +# application_key => 'MDAwMDAwMDAwMDAw', +# application_secret => 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw', +# consumer_key => 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw', +# } +# letsencrypt::certonly { 'foo': +# domains => ['foo.example.com', 'bar.example.com'], +# plugin => 'dns-ovh', +# } +# +# @see https://certbot-dns-ovh.readthedocs.io # # === Parameters: # -# [*endpoint*] +# @param endpoint # Target OVH DNS endpoint. -# [*application_key*] +# @param application_key # OVH application key. -# [*application_secret*] +# @param application_secret # DNS OVH application secret. -# [*consumer_key*] +# @param consumer_key # DNS OVH consumer key. -# [*manage_package*] +# @param propagation_seconds +# DNS OVH propagation seconds (default: 30s) +# @param manage_package # Manage the plugin package. -# [*package_name*] +# @param package_name # The name of the package to install when $manage_package is true. -# [*config_dir*] +# @param config_dir # The path to the configuration directory. # class letsencrypt::plugin::dns_ovh ( From 6858d7b2a05c6d4054c363cd5df44e8bd865af74 Mon Sep 17 00:00:00 2001 From: Alexandre Ellert Date: Thu, 8 Aug 2019 17:06:00 +0200 Subject: [PATCH 04/68] Remove hardcoded dns-ovh.ini file name (replace $config_dir by $config_file) --- manifests/certonly.pp | 2 +- manifests/plugin/dns_ovh.pp | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/manifests/certonly.pp b/manifests/certonly.pp index e61a87ab..31d32b3d 100644 --- a/manifests/certonly.pp +++ b/manifests/certonly.pp @@ -124,7 +124,7 @@ $plugin_args = [ "--cert-name '${title}' -d", "'${_domains}'", - "--dns-ovh-credentials ${letsencrypt::plugin::dns_ovh::config_dir}/dns-ovh.ini", + "--dns-ovh-credentials ${letsencrypt::plugin::dns_ovh::config_file}", "--dns-ovh-propagation-seconds ${letsencrypt::plugin::dns_ovh::propagation_seconds}", ] } diff --git a/manifests/plugin/dns_ovh.pp b/manifests/plugin/dns_ovh.pp index a72ec3e9..eae0491d 100644 --- a/manifests/plugin/dns_ovh.pp +++ b/manifests/plugin/dns_ovh.pp @@ -30,18 +30,18 @@ # Manage the plugin package. # @param package_name # The name of the package to install when $manage_package is true. -# @param config_dir -# The path to the configuration directory. +# @param config_file +# The name, with full abolute path, of the configuration file containing OVH credentials. # class letsencrypt::plugin::dns_ovh ( Enum['ovh-eu', 'ovh-ca'] $endpoint, String[1] $application_key, String[1] $application_secret, String[1] $consumer_key, - Integer $propagation_seconds = $letsencrypt::dns_ovh_propagation_seconds, - Stdlib::Absolutepath $config_dir = $letsencrypt::config_dir, - Boolean $manage_package = $letsencrypt::dns_ovh_manage_package, - String $package_name = $letsencrypt::dns_ovh_package_name, + Integer $propagation_seconds = $letsencrypt::dns_ovh_propagation_seconds, + Boolean $manage_package = $letsencrypt::dns_ovh_manage_package, + String $package_name = $letsencrypt::dns_ovh_package_name, + Stdlib::Absolutepath $config_file = "${letsencrypt::config_dir}/dns-ovh.ini", ) { if $manage_package { @@ -58,7 +58,7 @@ dns_ovh_propagation_seconds => $propagation_seconds, } - file { "${config_dir}/dns-ovh.ini": + file { $config_file: ensure => file, owner => 'root', group => 'root', From ebafaaf571b78964c7d25470cdbf9cdde97c7965 Mon Sep 17 00:00:00 2001 From: Alexandre Ellert Date: Thu, 22 Aug 2019 13:01:46 +0200 Subject: [PATCH 05/68] :white_check_mark: Add tests for dns-ovh plugin --- .../letsencrypt_plugin_dns_ovh_spec.rb | 50 +++++++++++++ spec/classes/plugin/dns_ovh_spec.rb | 74 +++++++++++++++++++ spec/defines/letsencrypt_certonly_spec.rb | 24 ++++++ spec/type_aliases/plugin_spec.rb | 2 +- 4 files changed, 149 insertions(+), 1 deletion(-) create mode 100644 spec/acceptance/letsencrypt_plugin_dns_ovh_spec.rb create mode 100644 spec/classes/plugin/dns_ovh_spec.rb diff --git a/spec/acceptance/letsencrypt_plugin_dns_ovh_spec.rb b/spec/acceptance/letsencrypt_plugin_dns_ovh_spec.rb new file mode 100644 index 00000000..2cb98d5d --- /dev/null +++ b/spec/acceptance/letsencrypt_plugin_dns_ovh_spec.rb @@ -0,0 +1,50 @@ +require 'spec_helper_acceptance' + +describe 'letsencrypt::plugin::dns_ovh' do + supported = case fact('os.family') + when 'Debian' + # Debian started shipping in Buster, Ubuntu started shipping in Disco + fact('os.release.major') != '10' && fact('os.release.major') != '19.04' + when 'RedHat' + true + else + false + end + + context 'with defaults values' do + pp = <<-PUPPET + class { 'letsencrypt' : + email => 'letsregister@example.com', + config => { + 'server' => 'https://acme-staging.api.letsencrypt.org/directory', + }, + } + class { 'letsencrypt::plugin::dns_ovh': + endpoint => 'ovh-eu', + application_key => 'MDAwMDAwMDAwMDAw', + application_secret => 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw', + consumer_key => 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw', + } + PUPPET + + if supported + it 'installs letsencrypt and dns ovh plugin without error' do + apply_manifest(pp, catch_failures: true) + end + it 'installs letsencrypt and dns ovh idempotently' do + apply_manifest(pp, catch_changes: true) + end + + describe file('/etc/letsencrypt/dns-ovh.ini') do + it { is_expected.to be_file } + it { is_expected.to be_owned_by 'root' } + it { is_expected.to be_grouped_into 'root' } + it { is_expected.to be_mode 400 } + end + else + it 'fails to install' do + apply_manifest(pp, expect_failures: true) + end + end + end +end diff --git a/spec/classes/plugin/dns_ovh_spec.rb b/spec/classes/plugin/dns_ovh_spec.rb new file mode 100644 index 00000000..eeb9ce23 --- /dev/null +++ b/spec/classes/plugin/dns_ovh_spec.rb @@ -0,0 +1,74 @@ +require 'spec_helper' + +describe 'letsencrypt::plugin::dns_ovh' do + on_supported_os.each do |os, facts| + context "on #{os} based operating systems" do + let(:facts) { facts } + let(:params) { {} } + let(:pre_condition) do + <<-PUPPET + class { 'letsencrypt': + email => 'foo@example.com', + } + PUPPET + end + let(:package_name) do + case facts[:osfamily] + when 'Debian' + 'python3-certbot-dns-ovh' + when 'RedHat' + facts[:operatingsystem] == 'Fedora' ? 'python3-certbot-dns-ovh' : 'python2-certbot-dns-ovh' + end + end + + context 'without required parameters' do + it { is_expected.not_to compile } + end + + context 'with required parameters' do + let(:params) do + super().merge( + endpoint: 'ovh-eu' + application_key: 'MDAwMDAwMDAwMDAw', + application_secret: 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw', + consumer_key: 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw' + ) + end + + it do + if package_name.nil? + is_expected.not_to compile + else + is_expected.to compile.with_all_deps + + is_expected.to contain_file('/etc/letsencrypt/dns-ovh.ini'). + with_ensure('file'). + with_owner('root'). + with_group('root'). + with_mode('0400'). + with_content(%r{^.*dns_ovh_endpoint.*$}) + end + end + + describe 'with manage_package => true' do + let(:params) { super().merge(manage_package: true) } + + it do + if package_name.nil? + is_expected.not_to compile + else + is_expected.to contain_class('letsencrypt::plugin::dns_ovh').with_package_name(package_name) + is_expected.to contain_package(package_name).with_ensure('installed') + end + end + end + + describe 'with manage_package => false' do + let(:params) { super().merge(manage_package: false, package_name: 'dns-ovh-package') } + + it { is_expected.not_to contain_package('dns-ovh-package') } + end + end + end + end +end diff --git a/spec/defines/letsencrypt_certonly_spec.rb b/spec/defines/letsencrypt_certonly_spec.rb index 7b5b17a2..87fefe58 100644 --- a/spec/defines/letsencrypt_certonly_spec.rb +++ b/spec/defines/letsencrypt_certonly_spec.rb @@ -126,6 +126,30 @@ class { 'letsencrypt::plugin::dns_rfc2136': it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a dns-rfc2136 --cert-name 'foo.example.com' -d 'foo.example.com' --dns-rfc2136-credentials /etc/letsencrypt/dns-rfc2136.ini --dns-rfc2136-propagation-seconds 10" } end + context 'with dns-ovh plugin' do + let(:title) { 'foo.example.com' } + let(:params) { { plugin: 'dns-ovh', letsencrypt_command: 'letsencrypt' } } + let(:pre_condition) do + <<-PUPPET + class { 'letsencrypt': + email => 'foo@example.com', + config_dir => '/etc/letsencrypt', + } + class { 'letsencrypt::plugin::dns_ovh': + endpoint => 'ovh-eu', + application_key => 'MDAwMDAwMDAwMDAw', + application_secret => 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw', + consumer_key => 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw', + package_name => 'irrelevant', + } + PUPPET + end + + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_class('letsencrypt::plugin::dns_ovh') } + it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a dns-ovh --cert-name 'foo.example.com' -d 'foo.example.com' --dns-ovh-credentials /etc/letsencrypt/dns-ovh.ini --dns-ovh-propagation-seconds 30" } + end + context 'with custom plugin' do let(:title) { 'foo.example.com' } let(:params) { { plugin: 'apache' } } diff --git a/spec/type_aliases/plugin_spec.rb b/spec/type_aliases/plugin_spec.rb index 2a634fbe..edf3e456 100644 --- a/spec/type_aliases/plugin_spec.rb +++ b/spec/type_aliases/plugin_spec.rb @@ -1,7 +1,7 @@ require 'spec_helper' describe 'Letsencrypt::Plugin' do - it { is_expected.to allow_values('apache', 'standalone', 'webroot', 'nginx', 'dns-route53', 'dns-google', 'dns-cloudflare', 'dns-rfc2136') } + it { is_expected.to allow_values('apache', 'standalone', 'webroot', 'nginx', 'dns-route53', 'dns-google', 'dns-cloudflare', 'dns-rfc2136', 'dns-ovh') } it { is_expected.not_to allow_value(nil) } it { is_expected.not_to allow_value('foo') } it { is_expected.not_to allow_value('custom') } From 584f525d8653b99dc89faee58063943efd5a9776 Mon Sep 17 00:00:00 2001 From: Alexandre Ellert Date: Thu, 22 Aug 2019 13:13:55 +0200 Subject: [PATCH 06/68] :books: Add dns-ovh documentation --- README.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/README.md b/README.md index 1d9b4a7c..5ea587c9 100644 --- a/README.md +++ b/README.md @@ -166,6 +166,34 @@ letsencrypt::certonly { 'foo': plugin => 'dns-rfc2136', } ``` +#### dns-ovh plugin + +To request a certificate using the `dns-ovh` plugin, you will at a minimum +need to pass `endpoint`, `application_key`, `application_secret` and +`consumer_key`to the class `letsencrypt::plugin::dns_ovh`. +Ideally keys and secret should be encrypted, eg. with eyaml if using Hiera. + +Plugin documentation and it's parameters can be found here: +https://certbot-dns-ovh.readthedocs.io + +Parameter defaults: + +- `propagation_seconds` 30 (the plugin defaults to 30) + +Example: + +```puppet +class { 'letsencrypt::plugin::dns_ovh': + endpoint => 'ovh-eu', + application_key => 'MDAwMDAwMDAwMDAw', + application_secret => 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw', + consumer_key => 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw', +} +letsencrypt::certonly { 'foo': + domains => ['foo.example.com', 'bar.example.com'], + plugin => 'dns-ovh', +} +``` #### Additional arguments From 837a6c9c4712349488b50fe86d32ac1d8d544443 Mon Sep 17 00:00:00 2001 From: Alexandre Ellert Date: Thu, 22 Aug 2019 13:21:03 +0200 Subject: [PATCH 07/68] :bug: Fix syntax error --- spec/classes/plugin/dns_ovh_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/classes/plugin/dns_ovh_spec.rb b/spec/classes/plugin/dns_ovh_spec.rb index eeb9ce23..56343ec3 100644 --- a/spec/classes/plugin/dns_ovh_spec.rb +++ b/spec/classes/plugin/dns_ovh_spec.rb @@ -28,7 +28,7 @@ class { 'letsencrypt': context 'with required parameters' do let(:params) do super().merge( - endpoint: 'ovh-eu' + endpoint: 'ovh-eu', application_key: 'MDAwMDAwMDAwMDAw', application_secret: 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw', consumer_key: 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw' From dec410b8dfa3b14988cb16bddee24096315e60e2 Mon Sep 17 00:00:00 2001 From: Alexandre Ellert Date: Thu, 22 Aug 2019 15:29:07 +0200 Subject: [PATCH 08/68] :books: Add warning about Debian based distros compatibility --- README.md | 5 +++++ manifests/plugin/dns_ovh.pp | 13 +++++++++++++ 2 files changed, 18 insertions(+) diff --git a/README.md b/README.md index 5ea587c9..e006c722 100644 --- a/README.md +++ b/README.md @@ -176,6 +176,11 @@ Ideally keys and secret should be encrypted, eg. with eyaml if using Hiera. Plugin documentation and it's parameters can be found here: https://certbot-dns-ovh.readthedocs.io +Note: + +For Debian based OS, this plugin is compatible from Debian 10 +and Ubuntu 19. Older OS are not supported. + Parameter defaults: - `propagation_seconds` 30 (the plugin defaults to 30) diff --git a/manifests/plugin/dns_ovh.pp b/manifests/plugin/dns_ovh.pp index eae0491d..0ae3732a 100644 --- a/manifests/plugin/dns_ovh.pp +++ b/manifests/plugin/dns_ovh.pp @@ -44,6 +44,19 @@ Stdlib::Absolutepath $config_file = "${letsencrypt::config_dir}/dns-ovh.ini", ) { + case $::operatingsystem { + 'Debian': { + if $::operatingsystemrelease < '10' { + fail("The dns-ovh plugin is not compatible with $::operatingsystem $::operatingsystemrelease. See README.") + } + } + 'Ubuntu': { + if $::operatingsystemrelease < '19' { + fail("The dns-ovh plugin is not compatible with $::operatingsystem $::operatingsystemrelease. See README.") + } + } + } + if $manage_package { package { $package_name: ensure => installed, From 4f72803b4c6426cd007ee7a01e641015c763d445 Mon Sep 17 00:00:00 2001 From: Alexandre Ellert Date: Thu, 22 Aug 2019 15:37:19 +0200 Subject: [PATCH 09/68] :bug: Fix version compared as number --- manifests/plugin/dns_ovh.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/plugin/dns_ovh.pp b/manifests/plugin/dns_ovh.pp index 0ae3732a..1e1f67b0 100644 --- a/manifests/plugin/dns_ovh.pp +++ b/manifests/plugin/dns_ovh.pp @@ -46,12 +46,12 @@ case $::operatingsystem { 'Debian': { - if $::operatingsystemrelease < '10' { + if versioncmp($::operatingsystemrelease, '10') < 0 { fail("The dns-ovh plugin is not compatible with $::operatingsystem $::operatingsystemrelease. See README.") } } 'Ubuntu': { - if $::operatingsystemrelease < '19' { + if versioncmp($::operatingsystemrelease, '19') < 0 { fail("The dns-ovh plugin is not compatible with $::operatingsystem $::operatingsystemrelease. See README.") } } From a49673696f6c43101af8f0419634eb53cd923f1f Mon Sep 17 00:00:00 2001 From: Alexandre Ellert Date: Thu, 22 Aug 2019 15:55:56 +0200 Subject: [PATCH 10/68] :bug: Fix Travis CI warnings --- manifests/plugin/dns_ovh.pp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/manifests/plugin/dns_ovh.pp b/manifests/plugin/dns_ovh.pp index 1e1f67b0..343481b8 100644 --- a/manifests/plugin/dns_ovh.pp +++ b/manifests/plugin/dns_ovh.pp @@ -47,14 +47,16 @@ case $::operatingsystem { 'Debian': { if versioncmp($::operatingsystemrelease, '10') < 0 { - fail("The dns-ovh plugin is not compatible with $::operatingsystem $::operatingsystemrelease. See README.") + fail("The dns-ovh plugin is not compatible with ${::operatingsystem} ${::operatingsystemrelease}. See README.") } } 'Ubuntu': { if versioncmp($::operatingsystemrelease, '19') < 0 { - fail("The dns-ovh plugin is not compatible with $::operatingsystem $::operatingsystemrelease. See README.") + fail("The dns-ovh plugin is not compatible with ${::operatingsystem} ${::operatingsystemrelease}. See README.") } } + default: { + } } if $manage_package { From 780ebec1eff445fb70b94cdf334f45c267b7adb6 Mon Sep 17 00:00:00 2001 From: Fabien COMBERNOUS Date: Wed, 28 Aug 2019 08:44:57 +0200 Subject: [PATCH 11/68] limit tests with puppet6 on debian10 --- .sync.yml | 5 ++++- .travis.yml | 4 ---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/.sync.yml b/.sync.yml index 408c0b35..2d864ab1 100644 --- a/.sync.yml +++ b/.sync.yml @@ -3,10 +3,13 @@ docker_sets: - set: centos7-64 - set: debian9-64 - - set: debian10-64 - set: fedora29-64 - set: fedora30-64 - set: ubuntu1604-64 - set: ubuntu1804-64 + - rvm: 2.5.3 + services: docker + env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=debian10-64 BEAKER_HYPERVISOR=docker CHECK=beaker + bundler_args: --without development release secure: "n/CVUS2upgv5DifCm/YsjBxR/11bdTRDYi1x9QK6ILa32+6ngVV2RQaIMXXJfJKYIPT8/O21tpc9C7fOBRGhRpNbl0usfvqsZS0C9UkpEx6AqT7lcRzj6pLrNn3IuChhZ0tQjNiKp9LxVTzltxr5uTFwKKCE4o534v/DLAzkzq5EAZuBWpRS1rcVHQA3o0767Gu3601yyYkZj9ySDH5RpbSdTCcNkTzwtFhr2NEvVb+2FI0RhchDSqPBfNWHV4Hn3dKuL42MNC2zjd2FYFpC8F27OXk/erUZIOZFfpZuIWypjSimfVC95a2Nb8kfQotTvQxUI1fwiB01ibUQGGkJj+mh7Utg/byBrbijpJnWRR7TT6oQ1NbIUHVXcqE1tfpbCBZ4Ws2Hqji0QoGc0fMrkt1NVlZlgbVrb9t+ctb1QcLaEPI+1Zf2a3AZhXOKA1EGx2W5DTQSWSPv57BUtFPICZENQi/ats30h+0FwtN7rjfx8Q6BIGO2D5JODI6eJC0nLNaL5UaPA0pjGRsNlZWoUzieuKG08G/rQtj/8jLq/3eLICv1cbfvj7lDPc0thPwXdrPIC9nLSisb/wdLufpqXsFku9TeBqrRHfQWImybcv7JRAeZZeHEo+tvFvZg5MSAEiPmz8zIOJOKhuMKEXlOmALmSjEhW6Ca5r7xuQ5Qwm0=" diff --git a/.travis.yml b/.travis.yml index 0d9655b9..4ecda047 100644 --- a/.travis.yml +++ b/.travis.yml @@ -39,10 +39,6 @@ matrix: bundler_args: --without development release env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=debian9-64 BEAKER_HYPERVISOR=docker CHECK=beaker services: docker - - rvm: 2.5.3 - bundler_args: --without development release - env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=debian10-64 BEAKER_HYPERVISOR=docker CHECK=beaker - services: docker - rvm: 2.5.3 bundler_args: --without development release env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=debian10-64 BEAKER_HYPERVISOR=docker CHECK=beaker From c81c4107235b51ffcb037dd2330bd22fc943541b Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Wed, 11 Sep 2019 13:50:04 +0200 Subject: [PATCH 12/68] fix modulesync config file --- .sync.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.sync.yml b/.sync.yml index 2d864ab1..3faa6d54 100644 --- a/.sync.yml +++ b/.sync.yml @@ -7,6 +7,7 @@ - set: fedora30-64 - set: ubuntu1604-64 - set: ubuntu1804-64 + extras: - rvm: 2.5.3 services: docker env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=debian10-64 BEAKER_HYPERVISOR=docker CHECK=beaker From ab69094af112a6e94cb2423c1b0b30f09e1ab204 Mon Sep 17 00:00:00 2001 From: Matthieu FAURE Date: Fri, 20 Sep 2019 17:04:17 +0200 Subject: [PATCH 13/68] Raise upper bound version of stdlib & vcsrepo --- metadata.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/metadata.json b/metadata.json index 261238c3..135881fe 100644 --- a/metadata.json +++ b/metadata.json @@ -70,7 +70,7 @@ "dependencies": [ { "name": "puppetlabs/stdlib", - "version_requirement": ">= 4.13.1 < 6.0.0" + "version_requirement": ">= 4.13.1 < 7.0.0" }, { "name": "puppetlabs/inifile", @@ -78,7 +78,7 @@ }, { "name": "puppetlabs/vcsrepo", - "version_requirement": ">= 2.0.0 < 3.0.0" + "version_requirement": ">= 2.0.0 < 4.0.0" }, { "name": "stahnma/epel", From d97479082787907ed34fac70116b0603289f1b6a Mon Sep 17 00:00:00 2001 From: Fabien COMBERNOUS Date: Fri, 4 Oct 2019 11:50:57 +0200 Subject: [PATCH 14/68] use puppet strings --- REFERENCE.md | 810 ++++++++++++++++++++++++++++++++ manifests/certonly.pp | 67 ++- manifests/config.pp | 4 +- manifests/hook.pp | 18 +- manifests/init.pp | 98 ++-- manifests/install.pp | 38 +- manifests/plugin/dns_rfc2136.pp | 35 +- manifests/renew.pp | 38 +- types/cron/hour.pp | 12 +- types/cron/minute.pp | 12 +- types/cron/monthday.pp | 12 +- types/plugin.pp | 12 +- 12 files changed, 979 insertions(+), 177 deletions(-) create mode 100644 REFERENCE.md diff --git a/REFERENCE.md b/REFERENCE.md new file mode 100644 index 00000000..a6e50794 --- /dev/null +++ b/REFERENCE.md @@ -0,0 +1,810 @@ +# Reference + + +## Table of Contents + +**Classes** + +_Public Classes_ + +* [`letsencrypt`](#letsencrypt): Install and configure Certbot, the LetsEncrypt client +* [`letsencrypt::install`](#letsencryptinstall): Installs the Let's Encrypt client. +* [`letsencrypt::plugin::dns_rfc2136`](#letsencryptplugindns_rfc2136): Installs and configures the dns-rfc2136 plugin +* [`letsencrypt::renew`](#letsencryptrenew): Configures renewal of Let's Encrypt certificates using Certbot + +_Private Classes_ + +* `letsencrypt::config`: Configures the Let's Encrypt client. +* `letsencrypt::params`: Default parameters + +**Defined types** + +* [`letsencrypt::certonly`](#letsencryptcertonly): Request a certificate using the `certonly` installer +* [`letsencrypt::hook`](#letsencrypthook): Creates hook scripts. + +**Functions** + +* [`letsencrypt::letsencrypt_lookup`](#letsencryptletsencrypt_lookup): + +**Data types** + +* [`Letsencrypt::Cron::Hour`](#letsencryptcronhour): mimic hour setting in cron as defined in man 5 crontab +* [`Letsencrypt::Cron::Minute`](#letsencryptcronminute): mimic minute setting in cron as defined in man 5 crontab +* [`Letsencrypt::Cron::Monthday`](#letsencryptcronmonthday): mimic monthday setting in cron as defined in man 5 crontab +* [`Letsencrypt::Plugin`](#letsencryptplugin): List of accepted plugins + +## Classes + +### letsencrypt + +Install and configure Certbot, the LetsEncrypt client + +#### Examples + +##### + +```puppet +class { 'letsencrypt' : + email => 'letsregister@example.com', + config => { + 'server' => 'https://acme-staging.api.letsencrypt.org/directory', + }, +} +``` + +#### Parameters + +The following parameters are available in the `letsencrypt` class. + +##### `email` + +Data type: `Optional[String]` + +The email address to use to register with Let's Encrypt. This takes +precedence over an 'email' setting defined in $config. + +Default value: `undef` + +##### `path` + +Data type: `String` + +The path to the letsencrypt installation. + +Default value: $letsencrypt::params::path + +##### `venv_path` + +Data type: `Any` + +virtualenv path for vcs-installed Certbot + +Default value: $letsencrypt::params::venv_path + +##### `environment` + +Data type: `Array` + +An optional array of environment variables (in addition to VENV_PATH) + +Default value: [] + +##### `repo` + +Data type: `String` + +A Git URL to install the Let's encrypt client from. + +Default value: $letsencrypt::params::repo + +##### `version` + +Data type: `String` + +The Git ref (tag, sha, branch) to check out when installing the client with the `vcs` method. + +Default value: $letsencrypt::params::version + +##### `package_name` + +Data type: `String` + +Name of package and command to use when installing the client with the `package` method. + +Default value: $letsencrypt::params::package_name + +##### `package_ensure` + +Data type: `Any` + +The value passed to `ensure` when installing the client with the `package` method. + +Default value: $letsencrypt::params::package_ensure + +##### `package_command` + +Data type: `String` + +Path or name for letsencrypt executable when installing the client with the `package` method. + +Default value: $letsencrypt::params::package_command + +##### `config_file` + +Data type: `String` + +The path to the configuration file for the letsencrypt cli. + +Default value: $letsencrypt::params::config_file + +##### `config` + +Data type: `Hash` + +A hash representation of the letsencrypt configuration file. + +Default value: $letsencrypt::params::config + +##### `cron_scripts_path` + +Data type: `String` + +The path to put the script we'll call with cron. Defaults to $puppet_vardir/letsencrypt. + +Default value: $letsencrypt::params::cron_scripts_path + +##### `manage_config` + +Data type: `Boolean` + +A feature flag to toggle the management of the letsencrypt configuration file. + +Default value: $letsencrypt::params::manage_config + +##### `manage_install` + +Data type: `Boolean` + +A feature flag to toggle the management of the letsencrypt client installation. + +Default value: $letsencrypt::params::manage_install + +##### `manage_dependencies` + +Data type: `Boolean` + +A feature flag to toggle the management of the letsencrypt dependencies. + +Default value: $letsencrypt::params::manage_dependencies + +##### `configure_epel` + +Data type: `Boolean` + +A feature flag to include the 'epel' class and depend on it for package installation. + +Default value: $letsencrypt::params::configure_epel + +##### `install_method` + +Data type: `Enum['package', 'vcs']` + +Method to install the letsencrypt client, either package or vcs. + +Default value: $letsencrypt::params::install_method + +##### `agree_tos` + +Data type: `Boolean` + +A flag to agree to the Let's Encrypt Terms of Service. + +Default value: $letsencrypt::params::agree_tos + +##### `unsafe_registration` + +Data type: `Boolean` + +A flag to allow using the 'register-unsafely-without-email' flag. + +Default value: $letsencrypt::params::unsafe_registration + +##### `config_dir` + +Data type: `Stdlib::Unixpath` + +The path to the configuration directory. + +Default value: $letsencrypt::params::config_dir + +##### `key_size` + +Data type: `Integer[2048]` + +Size for the RSA public key + +Default value: 4096 + +##### `renew_pre_hook_commands` + +Data type: `Any` + +Array of commands to run in a shell before obtaining/renewing any certificates. + +Default value: $letsencrypt::params::renew_pre_hook_commands + +##### `renew_post_hook_commands` + +Data type: `Any` + +Array of commands to run in a shell after attempting to obtain/renew certificates. + +Default value: $letsencrypt::params::renew_post_hook_commands + +##### `renew_deploy_hook_commands` + +Data type: `Any` + +Array of commands to run in a shell once for each successfully issued/renewed +certificate. Two environmental variables are supplied by certbot: +- $RENEWED_LINEAGE: Points to the live directory with the cert files and key. + Example: /etc/letsencrypt/live/example.com +- $RENEWED_DOMAINS: A space-delimited list of renewed certificate domains. + Example: "example.com www.example.com" + +Default value: $letsencrypt::params::renew_deploy_hook_commands + +##### `renew_additional_args` + +Data type: `Any` + +Array of additional command line arguments to pass to 'certbot renew'. + +Default value: $letsencrypt::params::renew_additional_args + +##### `renew_cron_ensure` + +Data type: `Any` + +Intended state of the cron resource running certbot renew. + +Default value: $letsencrypt::params::renew_cron_ensure + +##### `renew_cron_hour` + +Data type: `Any` + +Optional string, integer or array of hour(s) the renewal command should run. +E.g. '[0,12]' to execute at midnight and midday. Default: fqdn-seeded random +hour. + +Default value: $letsencrypt::params::renew_cron_hour + +##### `renew_cron_minute` + +Data type: `Any` + +Optional string, integer or array of minute(s) the renewal command should +run. E.g. 0 or '00' or [0,30]. Default: fqdn-seeded random minute. + +Default value: $letsencrypt::params::renew_cron_minute + +##### `renew_cron_monthday` + +Data type: `Any` + +Optional string, integer or array of monthday(s) the renewal command should +run. E.g. '2-30/2' to run on even days. Default: Every day. + +Default value: $letsencrypt::params::renew_cron_monthday + +### letsencrypt::install + +Installs the Let's Encrypt client. + +#### Parameters + +The following parameters are available in the `letsencrypt::install` class. + +##### `manage_install` + +Data type: `Boolean` + +A feature flag to toggle the management of the letsencrypt client installation. + +Default value: $letsencrypt::manage_install + +##### `manage_dependencies` + +Data type: `Boolean` + +A feature flag to toggle the management of the letsencrypt dependencies. + +Default value: $letsencrypt::manage_dependencies + +##### `configure_epel` + +Data type: `Boolean` + +A feature flag to include the 'epel' class and depend on it for package installation. + +Default value: $letsencrypt::configure_epel + +##### `install_method` + +Data type: `Enum['package', 'vcs']` + +Method to install the letsencrypt client + +Default value: $letsencrypt::install_method + +##### `path` + +Data type: `String` + +The path to the letsencrypt installation. + +Default value: $letsencrypt::path + +##### `repo` + +Data type: `String` + +A Git URL to install the Let's encrypt client from. + +Default value: $letsencrypt::repo + +##### `version` + +Data type: `String` + +The Git ref (tag, sha, branch) to check out when installing the client with the `vcs` method. + +Default value: $letsencrypt::version + +##### `package_ensure` + +Data type: `String` + +The value passed to `ensure` when installing the client with the `package` method. + +Default value: $letsencrypt::package_ensure + +##### `package_name` + +Data type: `String` + +Name of package to use when installing the client with the `package` method. + +Default value: $letsencrypt::package_name + +### letsencrypt::plugin::dns_rfc2136 + +This class installs and configures the Let's Encrypt dns-rfc2136 plugin. +https://certbot-dns-rfc2136.readthedocs.io + +#### Parameters + +The following parameters are available in the `letsencrypt::plugin::dns_rfc2136` class. + +##### `server` + +Data type: `Stdlib::Host` + +Target DNS server. + +##### `key_name` + +Data type: `String[1]` + +TSIG key name. + +##### `key_secret` + +Data type: `String[1]` + +TSIG key secret. + +##### `key_algorithm` + +Data type: `String[1]` + +TSIG key algorithm. + +Default value: $letsencrypt::dns_rfc2136_algorithm + +##### `port` + +Data type: `Stdlib::Port` + +Target DNS port. + +Default value: $letsencrypt::dns_rfc2136_port + +##### `propagation_seconds` + +Data type: `Integer` + +Number of seconds to wait for the DNS server to propagate the DNS-01 challenge. + +Default value: $letsencrypt::dns_rfc2136_propagation_seconds + +##### `manage_package` + +Data type: `Boolean` + +Manage the plugin package. + +Default value: $letsencrypt::dns_rfc2136_manage_package + +##### `package_name` + +Data type: `String` + +The name of the package to install when $manage_package is true. + +Default value: $letsencrypt::dns_rfc2136_package_name + +##### `config_dir` + +Data type: `Stdlib::Absolutepath` + +The path to the configuration directory. + +Default value: $letsencrypt::config_dir + +### letsencrypt::renew + +Configures renewal of Let's Encrypt certificates using the certbot renew command. + +Note: Hooks set here will run before/after/for ALL certificates, including +any not managed by Puppet. If you want to create hooks for specific +certificates only, create them using letsencrypt::certonly. + +#### Parameters + +The following parameters are available in the `letsencrypt::renew` class. + +##### `pre_hook_commands` + +Data type: `Variant[String[1], Array[String[1]]]` + +Array of commands to run in a shell before obtaining/renewing any certificates. + +Default value: $letsencrypt::renew_pre_hook_commands + +##### `post_hook_commands` + +Data type: `Variant[String[1], Array[String[1]]]` + +Array of commands to run in a shell after attempting to obtain/renew certificates. + +Default value: $letsencrypt::renew_post_hook_commands + +##### `deploy_hook_commands` + +Data type: `Variant[String[1], Array[String[1]]]` + +Array of commands to run in a shell once for each successfully issued/renewed +certificate. Two environmental variables are supplied by certbot: +- $RENEWED_LINEAGE: Points to the live directory with the cert files and key. + Example: /etc/letsencrypt/live/example.com +- $RENEWED_DOMAINS: A space-delimited list of renewed certificate domains. + Example: "example.com www.example.com" + +Default value: $letsencrypt::renew_deploy_hook_commands + +##### `additional_args` + +Data type: `Array[String[1]]` + +Array of additional command line arguments to pass to 'certbot renew'. + +Default value: $letsencrypt::renew_additional_args + +##### `cron_ensure` + +Data type: `Enum['present', 'absent']` + +Intended state of the cron resource running certbot renew + +Default value: $letsencrypt::renew_cron_ensure + +##### `cron_hour` + +Data type: `Letsencrypt::Cron::Hour` + +Optional string, integer or array of hour(s) the renewal command should run. +E.g. '[0,12]' to execute at midnight and midday. Default: fqdn-seeded random hour. + +Default value: $letsencrypt::renew_cron_hour + +##### `cron_minute` + +Data type: `Letsencrypt::Cron::Minute` + +Optional string, integer or array of minute(s) the renewal command should +run. E.g. 0 or '00' or [0,30]. Default: fqdn-seeded random minute. + +Default value: $letsencrypt::renew_cron_minute + +##### `cron_monthday` + +Data type: `Letsencrypt::Cron::Monthday` + +Optional string, integer or array of monthday(s) the renewal command should +run. E.g. '2-30/2' to run on even days. Default: Every day. + +Default value: $letsencrypt::renew_cron_monthday + +## Defined types + +### letsencrypt::certonly + +This type can be used to request a certificate using the `certonly` installer. + +#### Parameters + +The following parameters are available in the `letsencrypt::certonly` defined type. + +##### `ensure` + +Data type: `Enum['present','absent']` + +Intended state of the resource +Will remove certificates for specified domains if set to 'absent'. Will +also remove cronjobs and renewal scripts if `manage_cron` is set to 'true'. + +Default value: 'present' + +##### `domains` + +Data type: `Array[String[1]]` + +An array of domains to include in the CSR. + +Default value: [$title] + +##### `custom_plugin` + +Data type: `Boolean` + +Whether to use a custom plugin in additional_args and disable -a flag. + +Default value: `false` + +##### `plugin` + +Data type: `Letsencrypt::Plugin` + +The authenticator plugin to use when requesting the certificate. + +Default value: 'standalone' + +##### `webroot_paths` + +Data type: `Array[Stdlib::Unixpath]` + +An array of webroot paths for the domains in `domains`. +Required if using `plugin => 'webroot'`. If `domains` and +`webroot_paths` are not the same length, the last `webroot_paths` +element will be used for all subsequent domains. + +Default value: [] + +##### `letsencrypt_command` + +Data type: `String[1]` + +Command to run letsencrypt + +Default value: $letsencrypt::command + +##### `additional_args` + +Data type: `Array[String[1]]` + +An array of additional command line arguments to pass to the `letsencrypt-auto` command. + +Default value: [] + +##### `environment` + +Data type: `Array[String[1]]` + +An optional array of environment variables (in addition to VENV_PATH). + +Default value: [] + +##### `key_size` + +Data type: `Integer[2048]` + +Size for the RSA public key + +Default value: $letsencrypt::key_size + +##### `manage_cron` + +Data type: `Boolean` + +Indicating whether or not to schedule cron job for renewal. +Runs daily but only renews if near expiration, e.g. within 10 days. + +Default value: `false` + +##### `suppress_cron_output` + +Data type: `Boolean` + +Redirect cron output to devnull + +Default value: `false` + +##### `cron_before_command` + +Data type: `Optional[String[1]]` + +Representation of a command that should be run before renewal command + +Default value: `undef` + +##### `cron_success_command` + +Data type: `Optional[String[1]]` + +Representation of a command that should be run if the renewal command succeeds. + +Default value: `undef` + +##### `cron_hour` + +Data type: `Variant[Integer[0,23], String, Array]` + +Optional hour(s) that the renewal command should execute. +e.g. '[0,12]' execute at midnight and midday. Default - seeded random hour. + +Default value: fqdn_rand(24, $title) + +##### `cron_minute` + +Data type: `Variant[Integer[0,59], String, Array]` + +Optional minute(s) that the renewal command should execute. +e.g. 0 or '00' or [0,30]. Default - seeded random minute. + +Default value: fqdn_rand(60, fqdn_rand_string(10, $title)) + +##### `cron_monthday` + +Data type: `Array[Variant[Integer[0, 59], String[1]]]` + +Optional string, integer or array of monthday(s) the renewal command should +run. E.g. '2-30/2' to run on even days. Default: Every day. + +Default value: ['*'] + +##### `config_dir` + +Data type: `Stdlib::Unixpath` + +The path to the configuration directory. + +Default value: $letsencrypt::config_dir + +##### `pre_hook_commands` + +Data type: `Variant[String[1], Array[String[1]]]` + +Array of commands to run in a shell before attempting to obtain/renew the certificate. + +Default value: [] + +##### `post_hook_commands` + +Data type: `Variant[String[1], Array[String[1]]]` + +Array of command(s) to run in a shell after attempting to obtain/renew the certificate. + +Default value: [] + +##### `deploy_hook_commands` + +Data type: `Variant[String[1], Array[String[1]]]` + +Array of command(s) to run in a shell once if the certificate is successfully issued. +Two environmental variables are supplied by certbot: +- $RENEWED_LINEAGE: Points to the live directory with the cert files and key. + Example: /etc/letsencrypt/live/example.com +- $RENEWED_DOMAINS: A space-delimited list of renewed certificate domains. + Example: "example.com www.example.com" + +Default value: [] + +### letsencrypt::hook + +This type is used by letsencrypt::renew and letsencrypt::certonly to create hook scripts. + +#### Parameters + +The following parameters are available in the `letsencrypt::hook` defined type. + +##### `type` + +Data type: `Enum['pre', 'post', 'deploy']` + +Hook type. + +##### `hook_file` + +Data type: `String[1]` + +Path to deploy hook script. + +##### `commands` + +Data type: `Variant[String[1],Array[String[1]]]` + +Bash commands to execute when the hook is run by certbot. + +## Functions + +### letsencrypt::letsencrypt_lookup + +Type: Ruby 4.x API + +The letsencrypt::letsencrypt_lookup function. + +#### `letsencrypt::letsencrypt_lookup(Any $cn)` + +The letsencrypt::letsencrypt_lookup function. + +Returns: `Any` + +##### `cn` + +Data type: `Any` + + + +## Data types + +### Letsencrypt::Cron::Hour + +mimic hour setting in cron as defined in man 5 crontab + +Alias of `Variant[Integer[0,23], String[1], Array[ + Variant[ + Integer[0,23], + String[1], + ] + ]]` + +### Letsencrypt::Cron::Minute + +mimic minute setting in cron as defined in man 5 crontab + +Alias of `Variant[Integer[0,59], String[1], Array[ + Variant[ + Integer[0,59], + String[1], + ] + ]]` + +### Letsencrypt::Cron::Monthday + +mimic monthday setting in cron as defined in man 5 crontab + +Alias of `Variant[Integer[0,31], String[1], Array[ + Variant[ + Integer[0,31], + String[1], + ] + ]]` + +### Letsencrypt::Plugin + +List of accepted plugins + +Alias of `Enum['apache', 'standalone', 'webroot', 'nginx', 'dns-route53', 'dns-google', 'dns-cloudflare', 'dns-rfc2136']` + diff --git a/manifests/certonly.pp b/manifests/certonly.pp index 5eaacdd1..9ccbaac5 100644 --- a/manifests/certonly.pp +++ b/manifests/certonly.pp @@ -1,52 +1,43 @@ -# == Defined Type: letsencrypt::certonly +# @summary Request a certificate using the `certonly` installer # -# This type can be used to request a certificate using the `certonly` -# installer. +# This type can be used to request a certificate using the `certonly` installer. # -# === Parameters: -# -# [*ensure*] -# Intended state of the resource. Accepts either 'present' or 'absent'. -# Default: 'present'. +# @param ensure +# Intended state of the resource # Will remove certificates for specified domains if set to 'absent'. Will # also remove cronjobs and renewal scripts if `manage_cron` is set to 'true'. -# [*domains*] -# Namevar. An array of domains to include in the CSR. -# [*custom_plugin*] -# Whether to use a custom plugin in additional_args and disable -a flag. -# [*plugin*] -# The authenticator plugin to use when requesting the certificate. -# [*webroot_paths*] +# @param domains +# An array of domains to include in the CSR. +# @param custom_plugin Whether to use a custom plugin in additional_args and disable -a flag. +# @param plugin The authenticator plugin to use when requesting the certificate. +# @param webroot_paths # An array of webroot paths for the domains in `domains`. # Required if using `plugin => 'webroot'`. If `domains` and # `webroot_paths` are not the same length, the last `webroot_paths` # element will be used for all subsequent domains. -# [*letsencrypt_command*] -# Command to run letsencrypt -# [*additional_args*] -# An array of additional command line arguments to pass to the -# `letsencrypt-auto` command. -# [*environment*] -# An optional array of environment variables (in addition to VENV_PATH). -# [*manage_cron*] -# Boolean indicating whether or not to schedule cron job for renewal. Default: 'false'. +# @param letsencrypt_command Command to run letsencrypt +# @param additional_args An array of additional command line arguments to pass to the `letsencrypt-auto` command. +# @param environment An optional array of environment variables (in addition to VENV_PATH). +# @param key_size Size for the RSA public key +# @param manage_cron +# Indicating whether or not to schedule cron job for renewal. # Runs daily but only renews if near expiration, e.g. within 10 days. -# [*cron_before_command*] -# String representation of a command that should be run before renewal command -# [*cron_success_command*] -# String representation of a command that should be run if the renewal command -# succeeds. -# [*cron_hour*] -# Optional string, integer or array, hour(s) that the renewal command should execute. +# @param suppress_cron_output Redirect cron output to devnull +# @param cron_before_command Representation of a command that should be run before renewal command +# @param cron_success_command Representation of a command that should be run if the renewal command succeeds. +# @param cron_hour +# Optional hour(s) that the renewal command should execute. # e.g. '[0,12]' execute at midnight and midday. Default - seeded random hour. -# [*cron_minute*] -# Optional string, integer or array, minute(s) that the renewal command should execute. +# @param cron_minute +# Optional minute(s) that the renewal command should execute. # e.g. 0 or '00' or [0,30]. Default - seeded random minute. -# [*pre_hook_commands*] -# Array of commands to run in a shell before attempting to obtain/renew the certificate. -# [*post_hook_commands*] -# Array of command(s) to run in a shell after attempting to obtain/renew the certificate. -# [*deploy_hook_commands*] +# @param cron_monthday +# Optional string, integer or array of monthday(s) the renewal command should +# run. E.g. '2-30/2' to run on even days. Default: Every day. +# @param config_dir The path to the configuration directory. +# @param pre_hook_commands Array of commands to run in a shell before attempting to obtain/renew the certificate. +# @param post_hook_commands Array of command(s) to run in a shell after attempting to obtain/renew the certificate. +# @param deploy_hook_commands # Array of command(s) to run in a shell once if the certificate is successfully issued. # Two environmental variables are supplied by certbot: # - $RENEWED_LINEAGE: Points to the live directory with the cert files and key. diff --git a/manifests/config.pp b/manifests/config.pp index 8a9a271e..9b8b17bd 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -1,6 +1,6 @@ -# == Class: letsencrypt +# @summary Configures the Let's Encrypt client. # -# This class configures the Let's Encrypt client. This is a private class. +# @api private # class letsencrypt::config ( $config_dir = $letsencrypt::config_dir, diff --git a/manifests/hook.pp b/manifests/hook.pp index 99d89632..d7117dff 100644 --- a/manifests/hook.pp +++ b/manifests/hook.pp @@ -1,22 +1,16 @@ -# == Defined Type: letsencrypt::hook +# @summary Creates hook scripts. # -# This type is used by letsencrypt::renew and letsencrypt::certonly to create -# hook scripts. +# This type is used by letsencrypt::renew and letsencrypt::certonly to create hook scripts. # -# === Parameters: -# -# [*type*] -# Hook type. Can be pre, post or deploy. -# [*hook_file*] -# Path to deploy hook script. -# [*commands*] -# String or array of bash commands to execute when the hook is run by certbot. +# @param type Hook type. +# @param hook_file Path to deploy hook script. +# @param commands Bash commands to execute when the hook is run by certbot. # define letsencrypt::hook ( Enum['pre', 'post', 'deploy'] $type, String[1] $hook_file, # hook.sh.epp will validate this - $commands, + Variant[String[1],Array[String[1]]] $commands, ) { $validate_env = $type ? { diff --git a/manifests/init.pp b/manifests/init.pp index 9a62a640..9d72f7cf 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,55 +1,59 @@ -# == Class: letsencrypt +# @summary Install and configure Certbot, the LetsEncrypt client # -# This class installs and configures the Let's Encrypt client. +# Install and configure Certbot, the LetsEncrypt client # -# === Parameters: +# @example +# class { 'letsencrypt' : +# email => 'letsregister@example.com', +# config => { +# 'server' => 'https://acme-staging.api.letsencrypt.org/directory', +# }, +# } # -# [*email*] +# @param email # The email address to use to register with Let's Encrypt. This takes # precedence over an 'email' setting defined in $config. -# [*path*] -# The path to the letsencrypt installation. -# [*environment*] -# An optional array of environment variables (in addition to VENV_PATH) -# [*repo*] -# A Git URL to install the Let's encrypt client from. -# [*version*] -# The Git ref (tag, sha, branch) to check out when installing the client with -# the `vcs` method. -# [*package_ensure*] -# The value passed to `ensure` when installing the client with the `package` -# method. -# [*package_name*] -# Name of package and command to use when installing the client with the -# `package` method. -# [*package_command*] -# Path or name for letsencrypt executable when installing the client with -# the `package` method. -# [*config_dir*] -# The path to the configuration directory. -# [*config_file*] -# The path to the configuration file for the letsencrypt cli. -# [*config*] -# A hash representation of the letsencrypt configuration file. -# [*manage_config*] -# A feature flag to toggle the management of the letsencrypt configuration -# file. -# [*manage_install*] -# A feature flag to toggle the management of the letsencrypt client -# installation. -# [*manage_dependencies*] -# A feature flag to toggle the management of the letsencrypt dependencies. -# [*configure_epel*] -# A feature flag to include the 'epel' class and depend on it for package -# installation. -# [*install_method*] -# Method to install the letsencrypt client, either package or vcs. -# [*agree_tos*] -# A flag to agree to the Let's Encrypt Terms of Service. -# [*unsafe_registration*] -# A flag to allow using the 'register-unsafely-without-email' flag. -# [*cron_scripts_path*] -# The path to put the script we'll call with cron. Defaults to $puppet_vardir/letsencrypt. +# @param path The path to the letsencrypt installation. +# @param venv_path virtualenv path for vcs-installed Certbot +# @param environment An optional array of environment variables (in addition to VENV_PATH) +# @param repo A Git URL to install the Let's encrypt client from. +# @param version The Git ref (tag, sha, branch) to check out when installing the client with the `vcs` method. +# @param package_name Name of package and command to use when installing the client with the `package` method. +# @param package_ensure The value passed to `ensure` when installing the client with the `package` method. +# @param package_command Path or name for letsencrypt executable when installing the client with the `package` method. +# @param config_file The path to the configuration file for the letsencrypt cli. +# @param config A hash representation of the letsencrypt configuration file. +# @param cron_scripts_path The path to put the script we'll call with cron. Defaults to $puppet_vardir/letsencrypt. +# @param manage_config A feature flag to toggle the management of the letsencrypt configuration file. +# @param manage_install A feature flag to toggle the management of the letsencrypt client installation. +# @param manage_dependencies A feature flag to toggle the management of the letsencrypt dependencies. +# @param configure_epel A feature flag to include the 'epel' class and depend on it for package installation. +# @param install_method Method to install the letsencrypt client, either package or vcs. +# @param agree_tos A flag to agree to the Let's Encrypt Terms of Service. +# @param unsafe_registration A flag to allow using the 'register-unsafely-without-email' flag. +# @param config_dir The path to the configuration directory. +# @param key_size Size for the RSA public key +# @param renew_pre_hook_commands Array of commands to run in a shell before obtaining/renewing any certificates. +# @param renew_post_hook_commands Array of commands to run in a shell after attempting to obtain/renew certificates. +# @param renew_deploy_hook_commands +# Array of commands to run in a shell once for each successfully issued/renewed +# certificate. Two environmental variables are supplied by certbot: +# - $RENEWED_LINEAGE: Points to the live directory with the cert files and key. +# Example: /etc/letsencrypt/live/example.com +# - $RENEWED_DOMAINS: A space-delimited list of renewed certificate domains. +# Example: "example.com www.example.com" +# @param renew_additional_args Array of additional command line arguments to pass to 'certbot renew'. +# @param renew_cron_ensure Intended state of the cron resource running certbot renew. +# @param renew_cron_hour +# Optional string, integer or array of hour(s) the renewal command should run. +# E.g. '[0,12]' to execute at midnight and midday. Default: fqdn-seeded random +# hour. +# @param renew_cron_minute +# Optional string, integer or array of minute(s) the renewal command should +# run. E.g. 0 or '00' or [0,30]. Default: fqdn-seeded random minute. +# @param renew_cron_monthday +# Optional string, integer or array of monthday(s) the renewal command should +# run. E.g. '2-30/2' to run on even days. Default: Every day. # class letsencrypt ( Optional[String] $email = undef, diff --git a/manifests/install.pp b/manifests/install.pp index d17ae6e2..ed7304d4 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -1,32 +1,14 @@ -# == Class: letsencrypt::install +# @summary Installs the Let's Encrypt client. # -# This class installs the Let's Encrypt client. This is a private class. -# -# === Parameters: -# -# [*manage_install*] -# A feature flag to toggle the management of the letsencrypt client -# installation. -# [*manage_dependencies*] -# A feature flag to toggle the management of the letsencrypt dependencies. -# [*configure_epel*] -# A feature flag to include the 'epel' class and depend on it for package -# installation. -# [*install_method*] -# Method to install the letsencrypt client, either package or vcs. -# [*path*] -# The path to the letsencrypt installation. -# [*repo*] -# A Git URL to install the Let's encrypt client from. -# [*version*] -# The Git ref (tag, sha, branch) to check out when installing the client with -# the `vcs` method. -# [*package_ensure*] -# The value passed to `ensure` when installing the client with the `package` -# method. -# [*package_name*] -# Name of package to use when installing the client with the `package` -# method. +# @param manage_install A feature flag to toggle the management of the letsencrypt client installation. +# @param manage_dependencies A feature flag to toggle the management of the letsencrypt dependencies. +# @param configure_epel A feature flag to include the 'epel' class and depend on it for package installation. +# @param install_method Method to install the letsencrypt client +# @param path The path to the letsencrypt installation. +# @param repo A Git URL to install the Let's encrypt client from. +# @param version The Git ref (tag, sha, branch) to check out when installing the client with the `vcs` method. +# @param package_ensure The value passed to `ensure` when installing the client with the `package` method. +# @param package_name Name of package to use when installing the client with the `package` method. # class letsencrypt::install ( Boolean $manage_install = $letsencrypt::manage_install, diff --git a/manifests/plugin/dns_rfc2136.pp b/manifests/plugin/dns_rfc2136.pp index 1bcd5f14..9a790ba4 100644 --- a/manifests/plugin/dns_rfc2136.pp +++ b/manifests/plugin/dns_rfc2136.pp @@ -1,28 +1,17 @@ -# == Class: letsencrypt::plugin::dns_rfc2136 +# @summary Installs and configures the dns-rfc2136 plugin # -# This class installs and configures the Let's Encrypt dns-rfc2136 plugin. -# https://certbot-dns-rfc2136.readthedocs.io +# This class installs and configures the Let's Encrypt dns-rfc2136 plugin. +# https://certbot-dns-rfc2136.readthedocs.io # -# === Parameters: -# -# [*server*] -# Target DNS server. -# [*key_name*] -# TSIG key name. -# [*key_secret*] -# TSIG key secret. -# [*key_algorithm*] -# TSIG key algorithm. -# [*port*] -# Target DNS port. -# [*propagation_seconds*] -# Number of seconds to wait for the DNS server to propagate the DNS-01 challenge. -# [*manage_package*] -# Manage the plugin package. -# [*package_name*] -# The name of the package to install when $manage_package is true. -# [*config_dir*] -# The path to the configuration directory. +# @param server Target DNS server. +# @param key_name TSIG key name. +# @param key_secret TSIG key secret. +# @param key_algorithm TSIG key algorithm. +# @param port Target DNS port. +# @param propagation_seconds Number of seconds to wait for the DNS server to propagate the DNS-01 challenge. +# @param manage_package Manage the plugin package. +# @param package_name The name of the package to install when $manage_package is true. +# @param config_dir The path to the configuration directory. # class letsencrypt::plugin::dns_rfc2136 ( Stdlib::Host $server, diff --git a/manifests/renew.pp b/manifests/renew.pp index 18f8f880..33b546b5 100644 --- a/manifests/renew.pp +++ b/manifests/renew.pp @@ -1,38 +1,30 @@ -# == Class: letsencrypt::renew -# -# This class configures renewal of Let's Encrypt certificates using the -# certbot renew command. + +# @summary Configures renewal of Let's Encrypt certificates using Certbot # -# Note: Hooks set here will run before/after/for ALL certificates, including -# any not managed by Puppet. If you want to create hooks for specific -# certificates only, create them using letsencrypt::certonly. +# Configures renewal of Let's Encrypt certificates using the certbot renew command. # -# === Parameters: +# Note: Hooks set here will run before/after/for ALL certificates, including +# any not managed by Puppet. If you want to create hooks for specific +# certificates only, create them using letsencrypt::certonly. # -# [*pre_hook_commands*] -# Array of commands to run in a shell before obtaining/renewing any certificates. -# [*post_hook_commands*] -# Array of commands to run in a shell after attempting to obtain/renew certificates. -# [*deploy_hook_commands*] +# @param pre_hook_commands Array of commands to run in a shell before obtaining/renewing any certificates. +# @param post_hook_commands Array of commands to run in a shell after attempting to obtain/renew certificates. +# @param deploy_hook_commands # Array of commands to run in a shell once for each successfully issued/renewed # certificate. Two environmental variables are supplied by certbot: # - $RENEWED_LINEAGE: Points to the live directory with the cert files and key. # Example: /etc/letsencrypt/live/example.com # - $RENEWED_DOMAINS: A space-delimited list of renewed certificate domains. # Example: "example.com www.example.com" -# [*additional_args*] -# Array of additional command line arguments to pass to 'certbot renew'. -# [*cron_ensure*] -# Intended state of the cron resource running certbot renew. Accepts 'present' -# or 'absent'. Default: 'absent' -# [*cron_hour*] +# @param additional_args Array of additional command line arguments to pass to 'certbot renew'. +# @param cron_ensure Intended state of the cron resource running certbot renew +# @param cron_hour # Optional string, integer or array of hour(s) the renewal command should run. -# E.g. '[0,12]' to execute at midnight and midday. Default: fqdn-seeded random -# hour. -# [*cron_minute*] +# E.g. '[0,12]' to execute at midnight and midday. Default: fqdn-seeded random hour. +# @param cron_minute # Optional string, integer or array of minute(s) the renewal command should # run. E.g. 0 or '00' or [0,30]. Default: fqdn-seeded random minute. -# [*cron_monthday*] +# @param cron_monthday # Optional string, integer or array of monthday(s) the renewal command should # run. E.g. '2-30/2' to run on even days. Default: Every day. # diff --git a/types/cron/hour.pp b/types/cron/hour.pp index 686133f1..f1034034 100644 --- a/types/cron/hour.pp +++ b/types/cron/hour.pp @@ -1 +1,11 @@ -type Letsencrypt::Cron::Hour = Variant[Integer[0,23], String[1], Array[Variant[Integer[0,23], String[1]]]] +# @summary mimic hour setting in cron as defined in man 5 crontab +type Letsencrypt::Cron::Hour = Variant[ + Integer[0,23], + String[1], + Array[ + Variant[ + Integer[0,23], + String[1], + ] + ] +] diff --git a/types/cron/minute.pp b/types/cron/minute.pp index ab65af6f..0c52dace 100644 --- a/types/cron/minute.pp +++ b/types/cron/minute.pp @@ -1 +1,11 @@ -type Letsencrypt::Cron::Minute = Variant[Integer[0,59], String[1], Array[Variant[Integer[0,59], String[1]]]] +# @summary mimic minute setting in cron as defined in man 5 crontab +type Letsencrypt::Cron::Minute = Variant[ + Integer[0,59], + String[1], + Array[ + Variant[ + Integer[0,59], + String[1], + ] + ] +] diff --git a/types/cron/monthday.pp b/types/cron/monthday.pp index 7ded7f32..8831d1b0 100644 --- a/types/cron/monthday.pp +++ b/types/cron/monthday.pp @@ -1 +1,11 @@ -type Letsencrypt::Cron::Monthday = Variant[Integer[0,31], String[1], Array[Variant[Integer[0,31], String[1]]]] +# @summary mimic monthday setting in cron as defined in man 5 crontab +type Letsencrypt::Cron::Monthday = Variant[ + Integer[0,31], + String[1], + Array[ + Variant[ + Integer[0,31], + String[1], + ] + ] +] diff --git a/types/plugin.pp b/types/plugin.pp index d24eb26b..24b87b8c 100644 --- a/types/plugin.pp +++ b/types/plugin.pp @@ -1 +1,11 @@ -type Letsencrypt::Plugin = Enum['apache', 'standalone', 'webroot', 'nginx', 'dns-route53', 'dns-google', 'dns-cloudflare', 'dns-rfc2136'] +# @summary List of accepted plugins +type Letsencrypt::Plugin = Enum[ + 'apache', + 'standalone', + 'webroot', + 'nginx', + 'dns-route53', + 'dns-google', + 'dns-cloudflare', + 'dns-rfc2136', +] From 4a7ff77ca69afa4b364e76cfebe0d27185018436 Mon Sep 17 00:00:00 2001 From: Fabien COMBERNOUS Date: Wed, 9 Oct 2019 11:37:34 +0200 Subject: [PATCH 15/68] use ACME API v2 --- manifests/params.pp | 2 +- spec/acceptance/letsencrypt_plugin_dns_rfc2136_spec.rb | 2 +- spec/acceptance/letsencrypt_spec.rb | 8 ++++---- spec/classes/letsencrypt_spec.rb | 6 +++--- spec/defines/letsencrypt_certonly_spec.rb | 6 +++--- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index 6ed6409f..cbb1da51 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -13,7 +13,7 @@ $cron_scripts_path = "${facts['puppet_vardir']}/letsencrypt" # path for renewal scripts called by cron $version = 'v0.30.2' $config = { - 'server' => 'https://acme-v01.api.letsencrypt.org/directory', + 'server' => 'https://acme-v02.api.letsencrypt.org/directory', } if $facts['osfamily'] == 'Debian' { diff --git a/spec/acceptance/letsencrypt_plugin_dns_rfc2136_spec.rb b/spec/acceptance/letsencrypt_plugin_dns_rfc2136_spec.rb index 036f9550..32717744 100644 --- a/spec/acceptance/letsencrypt_plugin_dns_rfc2136_spec.rb +++ b/spec/acceptance/letsencrypt_plugin_dns_rfc2136_spec.rb @@ -16,7 +16,7 @@ class { 'letsencrypt' : email => 'letsregister@example.com', config => { - 'server' => 'https://acme-staging.api.letsencrypt.org/directory', + 'server' => 'https://acme-staging-v02.api.letsencrypt.org/directory', }, } class { 'letsencrypt::plugin::dns_rfc2136': diff --git a/spec/acceptance/letsencrypt_spec.rb b/spec/acceptance/letsencrypt_spec.rb index a4350514..97099bfb 100644 --- a/spec/acceptance/letsencrypt_spec.rb +++ b/spec/acceptance/letsencrypt_spec.rb @@ -6,7 +6,7 @@ class { 'letsencrypt' : email => 'letsregister@example.com', config => { - 'server' => 'https://acme-staging.api.letsencrypt.org/directory', + 'server' => 'https://acme-staging-v02.api.letsencrypt.org/directory', }, } ) @@ -23,7 +23,7 @@ class { 'letsencrypt' : it { is_expected.to be_owned_by 'root' } it { is_expected.to be_grouped_into 'root' } it { is_expected.to be_mode 644 } - its(:content) { is_expected.to match %r{server = https://acme-staging.api.letsencrypt.org/directory} } + its(:content) { is_expected.to match %r{server = https://acme-staging-v02.api.letsencrypt.org/directory} } its(:content) { is_expected.to match %r{email = letsregister@example.com} } end end @@ -34,7 +34,7 @@ class { 'letsencrypt' : install_method => 'vcs', email => 'letsregister@example.com', config => { - 'server' => 'https://acme-staging.api.letsencrypt.org/directory', + 'server' => 'https://acme-staging-v02.api.letsencrypt.org/directory', }, } ) @@ -51,7 +51,7 @@ class { 'letsencrypt' : it { is_expected.to be_owned_by 'root' } it { is_expected.to be_grouped_into 'root' } it { is_expected.to be_mode 644 } - its(:content) { is_expected.to match %r{server = https://acme-staging.api.letsencrypt.org/directory} } + its(:content) { is_expected.to match %r{server = https://acme-staging-v02.api.letsencrypt.org/directory} } its(:content) { is_expected.to match %r{email = letsregister@example.com} } end diff --git a/spec/classes/letsencrypt_spec.rb b/spec/classes/letsencrypt_spec.rb index 5bae52e7..658ef6ce 100644 --- a/spec/classes/letsencrypt_spec.rb +++ b/spec/classes/letsencrypt_spec.rb @@ -48,7 +48,7 @@ if facts[:osfamily] == 'FreeBSD' is_expected.to contain_ini_setting('/usr/local/etc/letsencrypt/cli.ini email foo@example.com') - is_expected.to contain_ini_setting('/usr/local/etc/letsencrypt/cli.ini server https://acme-v01.api.letsencrypt.org/directory') + is_expected.to contain_ini_setting('/usr/local/etc/letsencrypt/cli.ini server https://acme-v02.api.letsencrypt.org/directory') is_expected.to contain_file('letsencrypt-renewal-hooks-puppet'). with(ensure: 'directory', path: '/usr/local/etc/letsencrypt/renewal-hooks-puppet', @@ -59,7 +59,7 @@ purge: true) else is_expected.to contain_ini_setting('/etc/letsencrypt/cli.ini email foo@example.com') - is_expected.to contain_ini_setting('/etc/letsencrypt/cli.ini server https://acme-v01.api.letsencrypt.org/directory') + is_expected.to contain_ini_setting('/etc/letsencrypt/cli.ini server https://acme-v02.api.letsencrypt.org/directory') is_expected.to contain_file('letsencrypt-renewal-hooks-puppet').with_path('/etc/letsencrypt/renewal-hooks-puppet') end @@ -132,7 +132,7 @@ describe 'with custom config file' do let(:additional_params) { { config_file: '/etc/letsencrypt/custom_config.ini' } } - it { is_expected.to contain_ini_setting('/etc/letsencrypt/custom_config.ini server https://acme-v01.api.letsencrypt.org/directory') } + it { is_expected.to contain_ini_setting('/etc/letsencrypt/custom_config.ini server https://acme-v02.api.letsencrypt.org/directory') } end describe 'with custom config' do diff --git a/spec/defines/letsencrypt_certonly_spec.rb b/spec/defines/letsencrypt_certonly_spec.rb index 7b5b17a2..f5c7ee6d 100644 --- a/spec/defines/letsencrypt_certonly_spec.rb +++ b/spec/defines/letsencrypt_certonly_spec.rb @@ -23,12 +23,12 @@ if facts[:osfamily] == 'FreeBSD' it { is_expected.to contain_file('/usr/local/etc/letsencrypt') } it { is_expected.to contain_ini_setting('/usr/local/etc/letsencrypt/cli.ini email foo@example.com') } - it { is_expected.to contain_ini_setting('/usr/local/etc/letsencrypt/cli.ini server https://acme-v01.api.letsencrypt.org/directory') } + it { is_expected.to contain_ini_setting('/usr/local/etc/letsencrypt/cli.ini server https://acme-v02.api.letsencrypt.org/directory') } else it { is_expected.to contain_file('/etc/letsencrypt') } it { is_expected.to contain_package('letsencrypt') } unless facts[:os]['release']['full'] == '14.04' it { is_expected.to contain_ini_setting('/etc/letsencrypt/cli.ini email foo@example.com') } - it { is_expected.to contain_ini_setting('/etc/letsencrypt/cli.ini server https://acme-v01.api.letsencrypt.org/directory') } + it { is_expected.to contain_ini_setting('/etc/letsencrypt/cli.ini server https://acme-v02.api.letsencrypt.org/directory') } end it { is_expected.to contain_exec('initialize letsencrypt') } it { is_expected.to contain_exec('letsencrypt certonly foo.example.com') } @@ -425,7 +425,7 @@ class { 'letsencrypt::plugin::dns_rfc2136': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command %r{^certbot} } it { is_expected.to contain_ini_setting('/usr/local/etc/letsencrypt/cli.ini email foo@example.com') } - it { is_expected.to contain_ini_setting('/usr/local/etc/letsencrypt/cli.ini server https://acme-v01.api.letsencrypt.org/directory') } + it { is_expected.to contain_ini_setting('/usr/local/etc/letsencrypt/cli.ini server https://acme-v02.api.letsencrypt.org/directory') } it { is_expected.to contain_file('/usr/local/etc/letsencrypt').with_ensure('directory') } it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_unless '/usr/local/sbin/letsencrypt-domain-validation /usr/local/etc/letsencrypt/live/foo.example.com/cert.pem \'foo.example.com\'' } end From 7b295cf710fcb265c4ef95e360b286cd4cc8d844 Mon Sep 17 00:00:00 2001 From: Fabien COMBERNOUS Date: Sat, 5 Oct 2019 18:19:42 +0200 Subject: [PATCH 16/68] remove params.pp --- REFERENCE.md | 79 +++++++++++---------- data/Debian.yaml | 2 + data/Debian/10.yaml | 5 ++ data/Debian/16.04.yaml | 2 + data/Debian/18.04.yaml | 5 ++ data/FreeBSD.yaml | 5 ++ data/OpenBSD.yaml | 3 + data/RedHat.yaml | 3 + data/RedHat/29.yaml | 3 + data/RedHat/30.yaml | 3 + hiera.yaml | 16 +++++ manifests/init.pp | 64 ++++++++--------- manifests/params.pp | 85 ----------------------- manifests/plugin/dns_rfc2136.pp | 10 +-- spec/acceptance/letsencrypt_spec.rb | 2 +- spec/defines/letsencrypt_certonly_spec.rb | 1 - 16 files changed, 129 insertions(+), 159 deletions(-) create mode 100644 data/Debian.yaml create mode 100644 data/Debian/10.yaml create mode 100644 data/Debian/16.04.yaml create mode 100644 data/Debian/18.04.yaml create mode 100644 data/FreeBSD.yaml create mode 100644 data/OpenBSD.yaml create mode 100644 data/RedHat.yaml create mode 100644 data/RedHat/29.yaml create mode 100644 data/RedHat/30.yaml create mode 100644 hiera.yaml delete mode 100644 manifests/params.pp diff --git a/REFERENCE.md b/REFERENCE.md index a6e50794..28107b87 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -15,7 +15,6 @@ _Public Classes_ _Private Classes_ * `letsencrypt::config`: Configures the Let's Encrypt client. -* `letsencrypt::params`: Default parameters **Defined types** @@ -71,7 +70,7 @@ Data type: `String` The path to the letsencrypt installation. -Default value: $letsencrypt::params::path +Default value: '/opt/letsencrypt' ##### `venv_path` @@ -79,7 +78,7 @@ Data type: `Any` virtualenv path for vcs-installed Certbot -Default value: $letsencrypt::params::venv_path +Default value: '/opt/letsencrypt/.venv' ##### `environment` @@ -95,7 +94,7 @@ Data type: `String` A Git URL to install the Let's encrypt client from. -Default value: $letsencrypt::params::repo +Default value: 'https://github.com/certbot/certbot.git' ##### `version` @@ -103,7 +102,7 @@ Data type: `String` The Git ref (tag, sha, branch) to check out when installing the client with the `vcs` method. -Default value: $letsencrypt::params::version +Default value: 'v0.30.2' ##### `package_name` @@ -111,7 +110,7 @@ Data type: `String` Name of package and command to use when installing the client with the `package` method. -Default value: $letsencrypt::params::package_name +Default value: 'certbot' ##### `package_ensure` @@ -119,7 +118,7 @@ Data type: `Any` The value passed to `ensure` when installing the client with the `package` method. -Default value: $letsencrypt::params::package_ensure +Default value: 'installed' ##### `package_command` @@ -127,7 +126,7 @@ Data type: `String` Path or name for letsencrypt executable when installing the client with the `package` method. -Default value: $letsencrypt::params::package_command +Default value: 'certbot' ##### `config_file` @@ -135,7 +134,7 @@ Data type: `String` The path to the configuration file for the letsencrypt cli. -Default value: $letsencrypt::params::config_file +Default value: "${config_dir}/cli.ini" ##### `config` @@ -143,15 +142,23 @@ Data type: `Hash` A hash representation of the letsencrypt configuration file. -Default value: $letsencrypt::params::config +Default value: {'server' => 'https://acme-v01.api.letsencrypt.org/directory'} ##### `cron_scripts_path` Data type: `String` -The path to put the script we'll call with cron. Defaults to $puppet_vardir/letsencrypt. +The path for renewal scripts called by cron -Default value: $letsencrypt::params::cron_scripts_path +Default value: "${facts['puppet_vardir']}/letsencrypt" + +##### `cron_owner_group` + +Data type: `String` + +Group owner of cron renew scripts. + +Default value: 'root' ##### `manage_config` @@ -159,7 +166,7 @@ Data type: `Boolean` A feature flag to toggle the management of the letsencrypt configuration file. -Default value: $letsencrypt::params::manage_config +Default value: `true` ##### `manage_install` @@ -167,7 +174,7 @@ Data type: `Boolean` A feature flag to toggle the management of the letsencrypt client installation. -Default value: $letsencrypt::params::manage_install +Default value: `true` ##### `manage_dependencies` @@ -175,7 +182,7 @@ Data type: `Boolean` A feature flag to toggle the management of the letsencrypt dependencies. -Default value: $letsencrypt::params::manage_dependencies +Default value: `true` ##### `configure_epel` @@ -183,7 +190,7 @@ Data type: `Boolean` A feature flag to include the 'epel' class and depend on it for package installation. -Default value: $letsencrypt::params::configure_epel +Default value: `undef` ##### `install_method` @@ -191,7 +198,7 @@ Data type: `Enum['package', 'vcs']` Method to install the letsencrypt client, either package or vcs. -Default value: $letsencrypt::params::install_method +Default value: 'package' ##### `agree_tos` @@ -199,7 +206,7 @@ Data type: `Boolean` A flag to agree to the Let's Encrypt Terms of Service. -Default value: $letsencrypt::params::agree_tos +Default value: `true` ##### `unsafe_registration` @@ -207,7 +214,7 @@ Data type: `Boolean` A flag to allow using the 'register-unsafely-without-email' flag. -Default value: $letsencrypt::params::unsafe_registration +Default value: `false` ##### `config_dir` @@ -215,7 +222,7 @@ Data type: `Stdlib::Unixpath` The path to the configuration directory. -Default value: $letsencrypt::params::config_dir +Default value: '/etc/letsencrypt' ##### `key_size` @@ -231,7 +238,7 @@ Data type: `Any` Array of commands to run in a shell before obtaining/renewing any certificates. -Default value: $letsencrypt::params::renew_pre_hook_commands +Default value: [] ##### `renew_post_hook_commands` @@ -239,7 +246,7 @@ Data type: `Any` Array of commands to run in a shell after attempting to obtain/renew certificates. -Default value: $letsencrypt::params::renew_post_hook_commands +Default value: [] ##### `renew_deploy_hook_commands` @@ -252,7 +259,7 @@ certificate. Two environmental variables are supplied by certbot: - $RENEWED_DOMAINS: A space-delimited list of renewed certificate domains. Example: "example.com www.example.com" -Default value: $letsencrypt::params::renew_deploy_hook_commands +Default value: [] ##### `renew_additional_args` @@ -260,7 +267,7 @@ Data type: `Any` Array of additional command line arguments to pass to 'certbot renew'. -Default value: $letsencrypt::params::renew_additional_args +Default value: [] ##### `renew_cron_ensure` @@ -268,35 +275,35 @@ Data type: `Any` Intended state of the cron resource running certbot renew. -Default value: $letsencrypt::params::renew_cron_ensure +Default value: 'absent' ##### `renew_cron_hour` Data type: `Any` Optional string, integer or array of hour(s) the renewal command should run. -E.g. '[0,12]' to execute at midnight and midday. Default: fqdn-seeded random +E.g. '[0,12]' to execute at midnight and midday. hour. -Default value: $letsencrypt::params::renew_cron_hour +Default value: fqdn_rand(24) ##### `renew_cron_minute` Data type: `Any` Optional string, integer or array of minute(s) the renewal command should -run. E.g. 0 or '00' or [0,30]. Default: fqdn-seeded random minute. +run. E.g. 0 or '00' or [0,30]. -Default value: $letsencrypt::params::renew_cron_minute +Default value: fqdn_rand(60, fqdn_rand_string(10)) ##### `renew_cron_monthday` Data type: `Any` Optional string, integer or array of monthday(s) the renewal command should -run. E.g. '2-30/2' to run on even days. Default: Every day. +run. E.g. '2-30/2' to run on even days. -Default value: $letsencrypt::params::renew_cron_monthday +Default value: '*' ### letsencrypt::install @@ -411,7 +418,7 @@ Data type: `String[1]` TSIG key algorithm. -Default value: $letsencrypt::dns_rfc2136_algorithm +Default value: 'HMAC-SHA512' ##### `port` @@ -419,7 +426,7 @@ Data type: `Stdlib::Port` Target DNS port. -Default value: $letsencrypt::dns_rfc2136_port +Default value: 53 ##### `propagation_seconds` @@ -427,7 +434,7 @@ Data type: `Integer` Number of seconds to wait for the DNS server to propagate the DNS-01 challenge. -Default value: $letsencrypt::dns_rfc2136_propagation_seconds +Default value: 10 ##### `manage_package` @@ -435,7 +442,7 @@ Data type: `Boolean` Manage the plugin package. -Default value: $letsencrypt::dns_rfc2136_manage_package +Default value: `true` ##### `package_name` @@ -443,7 +450,7 @@ Data type: `String` The name of the package to install when $manage_package is true. -Default value: $letsencrypt::dns_rfc2136_package_name +Default value: `undef` ##### `config_dir` diff --git a/data/Debian.yaml b/data/Debian.yaml new file mode 100644 index 00000000..23925b49 --- /dev/null +++ b/data/Debian.yaml @@ -0,0 +1,2 @@ +--- +letsencrypt::configure_epel: false diff --git a/data/Debian/10.yaml b/data/Debian/10.yaml new file mode 100644 index 00000000..f0f7bfd2 --- /dev/null +++ b/data/Debian/10.yaml @@ -0,0 +1,5 @@ +--- +letsencrypt::package_name: 'certbot' +letsencrypt::package_command: 'certbot' +letsencrypt::configure_epel: false +letsencrypt::plugin::dns_rfc2136::package_name: 'python3-certbot-dns-rfc2136' diff --git a/data/Debian/16.04.yaml b/data/Debian/16.04.yaml new file mode 100644 index 00000000..23925b49 --- /dev/null +++ b/data/Debian/16.04.yaml @@ -0,0 +1,2 @@ +--- +letsencrypt::configure_epel: false diff --git a/data/Debian/18.04.yaml b/data/Debian/18.04.yaml new file mode 100644 index 00000000..f0f7bfd2 --- /dev/null +++ b/data/Debian/18.04.yaml @@ -0,0 +1,5 @@ +--- +letsencrypt::package_name: 'certbot' +letsencrypt::package_command: 'certbot' +letsencrypt::configure_epel: false +letsencrypt::plugin::dns_rfc2136::package_name: 'python3-certbot-dns-rfc2136' diff --git a/data/FreeBSD.yaml b/data/FreeBSD.yaml new file mode 100644 index 00000000..baa55b00 --- /dev/null +++ b/data/FreeBSD.yaml @@ -0,0 +1,5 @@ +--- +letsencrypt::package_name: 'py27-certbot' +letsencrypt::config_dir: '/usr/local/etc/letsencrypt' +letsencrypt::cron_owner_group: 'wheel' +letsencrypt::configure_epel: false diff --git a/data/OpenBSD.yaml b/data/OpenBSD.yaml new file mode 100644 index 00000000..f0dab5c7 --- /dev/null +++ b/data/OpenBSD.yaml @@ -0,0 +1,3 @@ +--- +letsencrypt::cron_owner_group: 'wheel' +letsencrypt::configure_epel: false diff --git a/data/RedHat.yaml b/data/RedHat.yaml new file mode 100644 index 00000000..ab6b13a0 --- /dev/null +++ b/data/RedHat.yaml @@ -0,0 +1,3 @@ +--- +letsencrypt::configure_epel: true +letsencrypt::plugin::dns_rfc2136::package_name: 'python2-certbot-dns-rfc2136' diff --git a/data/RedHat/29.yaml b/data/RedHat/29.yaml new file mode 100644 index 00000000..b2bc628f --- /dev/null +++ b/data/RedHat/29.yaml @@ -0,0 +1,3 @@ +--- +letsencrypt::configure_epel: false +letsencrypt::plugin::dns_rfc2136::package_name: 'python3-certbot-dns-rfc2136' diff --git a/data/RedHat/30.yaml b/data/RedHat/30.yaml new file mode 100644 index 00000000..b2bc628f --- /dev/null +++ b/data/RedHat/30.yaml @@ -0,0 +1,3 @@ +--- +letsencrypt::configure_epel: false +letsencrypt::plugin::dns_rfc2136::package_name: 'python3-certbot-dns-rfc2136' diff --git a/hiera.yaml b/hiera.yaml new file mode 100644 index 00000000..d1bdc64d --- /dev/null +++ b/hiera.yaml @@ -0,0 +1,16 @@ +--- +version: 5 + +defaults: + datadir: 'data' + data_hash: 'yaml_data' + +hierarchy: + - name: 'Operating System Major Release' + path: '%{facts.os.family}/%{facts.os.release.major}.yaml' + + - name: 'Operating System Family' + path: '%{facts.os.family}.yaml' + + - name: 'common' + path: 'common.yaml' diff --git a/manifests/init.pp b/manifests/init.pp index 9d72f7cf..cff5c6c2 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -23,7 +23,8 @@ # @param package_command Path or name for letsencrypt executable when installing the client with the `package` method. # @param config_file The path to the configuration file for the letsencrypt cli. # @param config A hash representation of the letsencrypt configuration file. -# @param cron_scripts_path The path to put the script we'll call with cron. Defaults to $puppet_vardir/letsencrypt. +# @param cron_scripts_path The path for renewal scripts called by cron +# @param cron_owner_group Group owner of cron renew scripts. # @param manage_config A feature flag to toggle the management of the letsencrypt configuration file. # @param manage_install A feature flag to toggle the management of the letsencrypt client installation. # @param manage_dependencies A feature flag to toggle the management of the letsencrypt dependencies. @@ -46,47 +47,48 @@ # @param renew_cron_ensure Intended state of the cron resource running certbot renew. # @param renew_cron_hour # Optional string, integer or array of hour(s) the renewal command should run. -# E.g. '[0,12]' to execute at midnight and midday. Default: fqdn-seeded random +# E.g. '[0,12]' to execute at midnight and midday. # hour. # @param renew_cron_minute # Optional string, integer or array of minute(s) the renewal command should -# run. E.g. 0 or '00' or [0,30]. Default: fqdn-seeded random minute. +# run. E.g. 0 or '00' or [0,30]. # @param renew_cron_monthday # Optional string, integer or array of monthday(s) the renewal command should -# run. E.g. '2-30/2' to run on even days. Default: Every day. +# run. E.g. '2-30/2' to run on even days. # class letsencrypt ( Optional[String] $email = undef, - String $path = $letsencrypt::params::path, - $venv_path = $letsencrypt::params::venv_path, + String $path = '/opt/letsencrypt', + $venv_path = '/opt/letsencrypt/.venv', Array $environment = [], - String $repo = $letsencrypt::params::repo, - String $version = $letsencrypt::params::version, - String $package_name = $letsencrypt::params::package_name, - $package_ensure = $letsencrypt::params::package_ensure, - String $package_command = $letsencrypt::params::package_command, - String $config_file = $letsencrypt::params::config_file, - Hash $config = $letsencrypt::params::config, - String $cron_scripts_path = $letsencrypt::params::cron_scripts_path, - Boolean $manage_config = $letsencrypt::params::manage_config, - Boolean $manage_install = $letsencrypt::params::manage_install, - Boolean $manage_dependencies = $letsencrypt::params::manage_dependencies, - Boolean $configure_epel = $letsencrypt::params::configure_epel, - Enum['package', 'vcs'] $install_method = $letsencrypt::params::install_method, - Boolean $agree_tos = $letsencrypt::params::agree_tos, - Boolean $unsafe_registration = $letsencrypt::params::unsafe_registration, - Stdlib::Unixpath $config_dir = $letsencrypt::params::config_dir, + String $repo = 'https://github.com/certbot/certbot.git', + String $version = 'v0.30.2', + String $package_name = 'certbot', + $package_ensure = 'installed', + String $package_command = 'certbot', + Stdlib::Unixpath $config_dir = '/etc/letsencrypt', + String $config_file = "${config_dir}/cli.ini", + Hash $config = {'server' => 'https://acme-v01.api.letsencrypt.org/directory'}, + String $cron_scripts_path = "${facts['puppet_vardir']}/letsencrypt", + String $cron_owner_group = 'root', + Boolean $manage_config = true, + Boolean $manage_install = true, + Boolean $manage_dependencies = true, + Boolean $configure_epel = undef, + Enum['package', 'vcs'] $install_method = 'package', + Boolean $agree_tos = true, + Boolean $unsafe_registration = false, Integer[2048] $key_size = 4096, # $renew_* should only be used in letsencrypt::renew (blame rspec) - $renew_pre_hook_commands = $letsencrypt::params::renew_pre_hook_commands, - $renew_post_hook_commands = $letsencrypt::params::renew_post_hook_commands, - $renew_deploy_hook_commands = $letsencrypt::params::renew_deploy_hook_commands, - $renew_additional_args = $letsencrypt::params::renew_additional_args, - $renew_cron_ensure = $letsencrypt::params::renew_cron_ensure, - $renew_cron_hour = $letsencrypt::params::renew_cron_hour, - $renew_cron_minute = $letsencrypt::params::renew_cron_minute, - $renew_cron_monthday = $letsencrypt::params::renew_cron_monthday, -) inherits letsencrypt::params { + $renew_pre_hook_commands = [], + $renew_post_hook_commands = [], + $renew_deploy_hook_commands = [], + $renew_additional_args = [], + $renew_cron_ensure = 'absent', + $renew_cron_hour = fqdn_rand(24), + $renew_cron_minute = fqdn_rand(60, fqdn_rand_string(10)), + $renew_cron_monthday = '*', +) { if $manage_install { contain letsencrypt::install # lint:ignore:relative_classname_inclusion diff --git a/manifests/params.pp b/manifests/params.pp deleted file mode 100644 index cbb1da51..00000000 --- a/manifests/params.pp +++ /dev/null @@ -1,85 +0,0 @@ -# @summary Default parameters -# @api private -class letsencrypt::params { - $agree_tos = true - $unsafe_registration = false - $manage_config = true - $manage_install = true - $manage_dependencies = true - $package_ensure = 'installed' - $path = '/opt/letsencrypt' - $venv_path = '/opt/letsencrypt/.venv' # virtualenv path for vcs-installed letsencrypt - $repo = 'https://github.com/certbot/certbot.git' - $cron_scripts_path = "${facts['puppet_vardir']}/letsencrypt" # path for renewal scripts called by cron - $version = 'v0.30.2' - $config = { - 'server' => 'https://acme-v02.api.letsencrypt.org/directory', - } - - if $facts['osfamily'] == 'Debian' { - $install_method = 'package' - $package_name = 'certbot' - $package_command = 'certbot' - $config_dir = '/etc/letsencrypt' - $dns_rfc2136_package_name = 'python3-certbot-dns-rfc2136' - } elsif $facts['osfamily'] == 'RedHat' { - $install_method = 'package' - $package_name = 'certbot' - $package_command = 'certbot' - $config_dir = '/etc/letsencrypt' - if $facts['operatingsystemmajrelease'] == '7' { - $dns_rfc2136_package_name = 'python2-certbot-dns-rfc2136' - } else { - $dns_rfc2136_package_name = 'python3-certbot-dns-rfc2136' - } - } elsif $facts['osfamily'] == 'Gentoo' { - $install_method = 'package' - $package_name = 'app-crypt/certbot' - $package_command = 'certbot' - $config_dir = '/etc/letsencrypt' - $dns_rfc2136_package_name = undef - } elsif $facts['osfamily'] == 'OpenBSD' { - $install_method = 'package' - $package_name = 'certbot' - $package_command = 'certbot' - $config_dir = '/etc/letsencrypt' - $dns_rfc2136_package_name = undef - } elsif $facts['osfamily'] == 'FreeBSD' { - $install_method = 'package' - $package_name = 'py27-certbot' - $package_command = 'certbot' - $config_dir = '/usr/local/etc/letsencrypt' - $dns_rfc2136_package_name = undef - } else { - $install_method = 'vcs' - $package_name = 'letsencrypt' - $package_command = 'letsencrypt' - $config_dir = '/etc/letsencrypt' - $dns_rfc2136_package_name = undef - } - - $config_file = "${config_dir}/cli.ini" - - $configure_epel = $facts['osfamily'] == 'RedHat' and $facts['os']['name'] != 'Fedora' - - $cron_owner_group = $facts['osfamily'] ? { - 'OpenBSD' => 'wheel', - 'FreeBSD' => 'wheel', - default => 'root', - } - - $renew_pre_hook_commands = [] - $renew_post_hook_commands = [] - $renew_deploy_hook_commands = [] - $renew_additional_args = [] - $renew_cron_ensure = 'absent' - $renew_cron_hour = fqdn_rand(24) - $renew_cron_minute = fqdn_rand(60, fqdn_rand_string(10)) - $renew_cron_monthday = '*' - - $dns_rfc2136_manage_package = true - $dns_rfc2136_port = 53 - $dns_rfc2136_algorithm = 'HMAC-SHA512' - $dns_rfc2136_propagation_seconds = 10 - -} diff --git a/manifests/plugin/dns_rfc2136.pp b/manifests/plugin/dns_rfc2136.pp index 9a790ba4..2513565b 100644 --- a/manifests/plugin/dns_rfc2136.pp +++ b/manifests/plugin/dns_rfc2136.pp @@ -17,12 +17,12 @@ Stdlib::Host $server, String[1] $key_name, String[1] $key_secret, - String[1] $key_algorithm = $letsencrypt::dns_rfc2136_algorithm, - Stdlib::Port $port = $letsencrypt::dns_rfc2136_port, - Integer $propagation_seconds = $letsencrypt::dns_rfc2136_propagation_seconds, + String[1] $key_algorithm = 'HMAC-SHA512', + Stdlib::Port $port = 53, + Integer $propagation_seconds = 10, Stdlib::Absolutepath $config_dir = $letsencrypt::config_dir, - Boolean $manage_package = $letsencrypt::dns_rfc2136_manage_package, - String $package_name = $letsencrypt::dns_rfc2136_package_name, + Boolean $manage_package = true, + String $package_name = undef, ) { if $manage_package { diff --git a/spec/acceptance/letsencrypt_spec.rb b/spec/acceptance/letsencrypt_spec.rb index 97099bfb..7c30e7b0 100644 --- a/spec/acceptance/letsencrypt_spec.rb +++ b/spec/acceptance/letsencrypt_spec.rb @@ -55,7 +55,7 @@ class { 'letsencrypt' : its(:content) { is_expected.to match %r{email = letsregister@example.com} } end - describe file('/opt/letsencrypt/.venv/bin/letsencrypt') do + describe file('/opt/letsencrypt/.venv/bin/certbot') do it { is_expected.to be_file } it { is_expected.to be_owned_by 'root' } it { is_expected.to be_grouped_into 'root' } diff --git a/spec/defines/letsencrypt_certonly_spec.rb b/spec/defines/letsencrypt_certonly_spec.rb index f5c7ee6d..ea32bbb7 100644 --- a/spec/defines/letsencrypt_certonly_spec.rb +++ b/spec/defines/letsencrypt_certonly_spec.rb @@ -18,7 +18,6 @@ it { is_expected.to compile.with_all_deps } it { is_expected.to contain_class('Letsencrypt::Install') } it { is_expected.to contain_class('Letsencrypt::Config') } - it { is_expected.to contain_class('Letsencrypt::Params') } if facts[:osfamily] == 'FreeBSD' it { is_expected.to contain_file('/usr/local/etc/letsencrypt') } From 07e1d555400501b99724bb33ead8ab5e3bc22417 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Tue, 8 Oct 2019 22:36:59 +0200 Subject: [PATCH 17/68] fix Datatype for package_name package_name is a mandatory parameter. This means that the default value cannot be `undef`. --- manifests/plugin/dns_rfc2136.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/plugin/dns_rfc2136.pp b/manifests/plugin/dns_rfc2136.pp index 2513565b..b6a153f8 100644 --- a/manifests/plugin/dns_rfc2136.pp +++ b/manifests/plugin/dns_rfc2136.pp @@ -17,12 +17,12 @@ Stdlib::Host $server, String[1] $key_name, String[1] $key_secret, + String[1] $package_name, String[1] $key_algorithm = 'HMAC-SHA512', Stdlib::Port $port = 53, Integer $propagation_seconds = 10, Stdlib::Absolutepath $config_dir = $letsencrypt::config_dir, Boolean $manage_package = true, - String $package_name = undef, ) { if $manage_package { From 2a3fe6921f820b89d9f44d902d5bfc552b1e0500 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Tue, 8 Oct 2019 22:39:09 +0200 Subject: [PATCH 18/68] fix package_name entry in hiera for Debian family Previously, we had no hiera entry for this key for Debian 9 / Ubuntu 16.04. Instead we had it multiple times, for Debian 10 and Ubuntu 18.04. We can reduce it to a single occurance within the Debian.yaml for the whole os family. --- data/Debian.yaml | 1 + data/Debian/10.yaml | 1 - data/Debian/18.04.yaml | 1 - 3 files changed, 1 insertion(+), 2 deletions(-) diff --git a/data/Debian.yaml b/data/Debian.yaml index 23925b49..b2bc628f 100644 --- a/data/Debian.yaml +++ b/data/Debian.yaml @@ -1,2 +1,3 @@ --- letsencrypt::configure_epel: false +letsencrypt::plugin::dns_rfc2136::package_name: 'python3-certbot-dns-rfc2136' diff --git a/data/Debian/10.yaml b/data/Debian/10.yaml index f0f7bfd2..107282ab 100644 --- a/data/Debian/10.yaml +++ b/data/Debian/10.yaml @@ -2,4 +2,3 @@ letsencrypt::package_name: 'certbot' letsencrypt::package_command: 'certbot' letsencrypt::configure_epel: false -letsencrypt::plugin::dns_rfc2136::package_name: 'python3-certbot-dns-rfc2136' diff --git a/data/Debian/18.04.yaml b/data/Debian/18.04.yaml index f0f7bfd2..107282ab 100644 --- a/data/Debian/18.04.yaml +++ b/data/Debian/18.04.yaml @@ -2,4 +2,3 @@ letsencrypt::package_name: 'certbot' letsencrypt::package_command: 'certbot' letsencrypt::configure_epel: false -letsencrypt::plugin::dns_rfc2136::package_name: 'python3-certbot-dns-rfc2136' From d57a7982f97495c4bbf175fbd0c980f54d0c9dc6 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Tue, 8 Oct 2019 22:55:24 +0200 Subject: [PATCH 19/68] fix datatype for configure_epel --- manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/init.pp b/manifests/init.pp index cff5c6c2..6e5abc8d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -57,6 +57,7 @@ # run. E.g. '2-30/2' to run on even days. # class letsencrypt ( + Boolean $configure_epel, Optional[String] $email = undef, String $path = '/opt/letsencrypt', $venv_path = '/opt/letsencrypt/.venv', @@ -74,7 +75,6 @@ Boolean $manage_config = true, Boolean $manage_install = true, Boolean $manage_dependencies = true, - Boolean $configure_epel = undef, Enum['package', 'vcs'] $install_method = 'package', Boolean $agree_tos = true, Boolean $unsafe_registration = false, From d48ccbbac5ead98aae2fb81ffed877a12f7680ce Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Tue, 8 Oct 2019 22:55:44 +0200 Subject: [PATCH 20/68] mock facts in rspec tests --- spec/defines/letsencrypt_hook_spec.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/spec/defines/letsencrypt_hook_spec.rb b/spec/defines/letsencrypt_hook_spec.rb index 936d7525..7ac1b4e7 100644 --- a/spec/defines/letsencrypt_hook_spec.rb +++ b/spec/defines/letsencrypt_hook_spec.rb @@ -1,7 +1,7 @@ require 'spec_helper' describe 'letsencrypt::hook' do - on_supported_os.each do |os, _facts| + on_supported_os.each do |os, facts| let(:title) { 'foo.example.com' } let(:pre_condition) { ["class { letsencrypt: email => 'foo@example.com', package_command => 'letsencrypt' }"] } @@ -10,6 +10,10 @@ let(:required_params) { {} } let(:additional_params) { {} } + let :facts do + facts + end + context 'without required parameters' do it { is_expected.not_to compile } end From c3f53e2abaca17ee58b3ccc1e579377e1d3d4cc9 Mon Sep 17 00:00:00 2001 From: Fabien COMBERNOUS Date: Wed, 9 Oct 2019 11:50:00 +0200 Subject: [PATCH 21/68] update REFERENCE.md --- REFERENCE.md | 10 +++------- manifests/init.pp | 4 ++-- 2 files changed, 5 insertions(+), 9 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index 28107b87..03d8fbf3 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -46,7 +46,7 @@ Install and configure Certbot, the LetsEncrypt client class { 'letsencrypt' : email => 'letsregister@example.com', config => { - 'server' => 'https://acme-staging.api.letsencrypt.org/directory', + 'server' => 'https://acme-staging-v02.api.letsencrypt.org/directory', }, } ``` @@ -142,7 +142,7 @@ Data type: `Hash` A hash representation of the letsencrypt configuration file. -Default value: {'server' => 'https://acme-v01.api.letsencrypt.org/directory'} +Default value: {'server' => 'https://acme-v02.api.letsencrypt.org/directory'} ##### `cron_scripts_path` @@ -190,8 +190,6 @@ Data type: `Boolean` A feature flag to include the 'epel' class and depend on it for package installation. -Default value: `undef` - ##### `install_method` Data type: `Enum['package', 'vcs']` @@ -446,12 +444,10 @@ Default value: `true` ##### `package_name` -Data type: `String` +Data type: `String[1]` The name of the package to install when $manage_package is true. -Default value: `undef` - ##### `config_dir` Data type: `Stdlib::Absolutepath` diff --git a/manifests/init.pp b/manifests/init.pp index 6e5abc8d..90177dcb 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -6,7 +6,7 @@ # class { 'letsencrypt' : # email => 'letsregister@example.com', # config => { -# 'server' => 'https://acme-staging.api.letsencrypt.org/directory', +# 'server' => 'https://acme-staging-v02.api.letsencrypt.org/directory', # }, # } # @@ -69,7 +69,7 @@ String $package_command = 'certbot', Stdlib::Unixpath $config_dir = '/etc/letsencrypt', String $config_file = "${config_dir}/cli.ini", - Hash $config = {'server' => 'https://acme-v01.api.letsencrypt.org/directory'}, + Hash $config = {'server' => 'https://acme-v02.api.letsencrypt.org/directory'}, String $cron_scripts_path = "${facts['puppet_vardir']}/letsencrypt", String $cron_owner_group = 'root', Boolean $manage_config = true, From 8fd5300d271d8af8d34079d5b4dad3378c5365d4 Mon Sep 17 00:00:00 2001 From: Fabien COMBERNOUS Date: Wed, 9 Oct 2019 13:37:17 +0200 Subject: [PATCH 22/68] update hierarchy and update plugin dns_rfc2136 tests --- data/Debian/10.yaml | 4 ---- data/Debian/18.04.yaml | 4 ---- data/{FreeBSD.yaml => FreeBSD-family.yaml} | 1 - data/{OpenBSD.yaml => OpenBSD-family.yaml} | 1 - data/{RedHat.yaml => RedHat-family.yaml} | 0 data/{Debian/16.04.yaml => common.yaml} | 0 data/{Debian.yaml => os/Debian/10.yaml} | 1 - data/{RedHat => os/Fedora}/29.yaml | 0 data/{RedHat => os/Fedora}/30.yaml | 0 data/os/Ubuntu/18.04.yaml | 2 ++ hiera.yaml | 4 ++-- spec/classes/plugin/dns_rfc2136_spec.rb | 11 +++++++---- 12 files changed, 11 insertions(+), 17 deletions(-) delete mode 100644 data/Debian/10.yaml delete mode 100644 data/Debian/18.04.yaml rename data/{FreeBSD.yaml => FreeBSD-family.yaml} (79%) rename data/{OpenBSD.yaml => OpenBSD-family.yaml} (55%) rename data/{RedHat.yaml => RedHat-family.yaml} (100%) rename data/{Debian/16.04.yaml => common.yaml} (100%) rename data/{Debian.yaml => os/Debian/10.yaml} (70%) rename data/{RedHat => os/Fedora}/29.yaml (100%) rename data/{RedHat => os/Fedora}/30.yaml (100%) create mode 100644 data/os/Ubuntu/18.04.yaml diff --git a/data/Debian/10.yaml b/data/Debian/10.yaml deleted file mode 100644 index 107282ab..00000000 --- a/data/Debian/10.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -letsencrypt::package_name: 'certbot' -letsencrypt::package_command: 'certbot' -letsencrypt::configure_epel: false diff --git a/data/Debian/18.04.yaml b/data/Debian/18.04.yaml deleted file mode 100644 index 107282ab..00000000 --- a/data/Debian/18.04.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -letsencrypt::package_name: 'certbot' -letsencrypt::package_command: 'certbot' -letsencrypt::configure_epel: false diff --git a/data/FreeBSD.yaml b/data/FreeBSD-family.yaml similarity index 79% rename from data/FreeBSD.yaml rename to data/FreeBSD-family.yaml index baa55b00..5e7cf810 100644 --- a/data/FreeBSD.yaml +++ b/data/FreeBSD-family.yaml @@ -2,4 +2,3 @@ letsencrypt::package_name: 'py27-certbot' letsencrypt::config_dir: '/usr/local/etc/letsencrypt' letsencrypt::cron_owner_group: 'wheel' -letsencrypt::configure_epel: false diff --git a/data/OpenBSD.yaml b/data/OpenBSD-family.yaml similarity index 55% rename from data/OpenBSD.yaml rename to data/OpenBSD-family.yaml index f0dab5c7..be708595 100644 --- a/data/OpenBSD.yaml +++ b/data/OpenBSD-family.yaml @@ -1,3 +1,2 @@ --- letsencrypt::cron_owner_group: 'wheel' -letsencrypt::configure_epel: false diff --git a/data/RedHat.yaml b/data/RedHat-family.yaml similarity index 100% rename from data/RedHat.yaml rename to data/RedHat-family.yaml diff --git a/data/Debian/16.04.yaml b/data/common.yaml similarity index 100% rename from data/Debian/16.04.yaml rename to data/common.yaml diff --git a/data/Debian.yaml b/data/os/Debian/10.yaml similarity index 70% rename from data/Debian.yaml rename to data/os/Debian/10.yaml index b2bc628f..cd92a13b 100644 --- a/data/Debian.yaml +++ b/data/os/Debian/10.yaml @@ -1,3 +1,2 @@ --- -letsencrypt::configure_epel: false letsencrypt::plugin::dns_rfc2136::package_name: 'python3-certbot-dns-rfc2136' diff --git a/data/RedHat/29.yaml b/data/os/Fedora/29.yaml similarity index 100% rename from data/RedHat/29.yaml rename to data/os/Fedora/29.yaml diff --git a/data/RedHat/30.yaml b/data/os/Fedora/30.yaml similarity index 100% rename from data/RedHat/30.yaml rename to data/os/Fedora/30.yaml diff --git a/data/os/Ubuntu/18.04.yaml b/data/os/Ubuntu/18.04.yaml new file mode 100644 index 00000000..cd92a13b --- /dev/null +++ b/data/os/Ubuntu/18.04.yaml @@ -0,0 +1,2 @@ +--- +letsencrypt::plugin::dns_rfc2136::package_name: 'python3-certbot-dns-rfc2136' diff --git a/hiera.yaml b/hiera.yaml index d1bdc64d..8f3b44bf 100644 --- a/hiera.yaml +++ b/hiera.yaml @@ -7,10 +7,10 @@ defaults: hierarchy: - name: 'Operating System Major Release' - path: '%{facts.os.family}/%{facts.os.release.major}.yaml' + path: 'os/%{facts.os.name}/%{facts.os.release.major}.yaml' - name: 'Operating System Family' - path: '%{facts.os.family}.yaml' + path: '%{facts.os.family}-family.yaml' - name: 'common' path: 'common.yaml' diff --git a/spec/classes/plugin/dns_rfc2136_spec.rb b/spec/classes/plugin/dns_rfc2136_spec.rb index bea4d75c..a1a3b275 100644 --- a/spec/classes/plugin/dns_rfc2136_spec.rb +++ b/spec/classes/plugin/dns_rfc2136_spec.rb @@ -13,11 +13,14 @@ class { 'letsencrypt': PUPPET end let(:package_name) do - case facts[:osfamily] - when 'Debian' + osname = facts[:os]['name'] + osrelease = facts[:os]['release']['major'] + osfull = "#{osname}-#{osrelease}" + case osfull + when 'Debian-10', 'Ubuntu-18.04', 'Fedora-29', 'Fedora-30' 'python3-certbot-dns-rfc2136' - when 'RedHat' - facts[:operatingsystem] == 'Fedora' ? 'python3-certbot-dns-rfc2136' : 'python2-certbot-dns-rfc2136' + when 'RedHat-7', 'CentOS-7' + 'python2-certbot-dns-rfc2136' end end From dcb0a125a5a0cdee5b121d4788d61d21ea46dfd0 Mon Sep 17 00:00:00 2001 From: Fabien COMBERNOUS Date: Wed, 9 Oct 2019 21:15:01 +0200 Subject: [PATCH 23/68] update version shiped with vcs method to 0.39.0 --- REFERENCE.md | 2 +- manifests/init.pp | 2 +- spec/classes/letsencrypt_spec.rb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index 03d8fbf3..9c6e1448 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -102,7 +102,7 @@ Data type: `String` The Git ref (tag, sha, branch) to check out when installing the client with the `vcs` method. -Default value: 'v0.30.2' +Default value: 'v0.39.0' ##### `package_name` diff --git a/manifests/init.pp b/manifests/init.pp index 90177dcb..5bb1b906 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -63,7 +63,7 @@ $venv_path = '/opt/letsencrypt/.venv', Array $environment = [], String $repo = 'https://github.com/certbot/certbot.git', - String $version = 'v0.30.2', + String $version = 'v0.39.0', String $package_name = 'certbot', $package_ensure = 'installed', String $package_command = 'certbot', diff --git a/spec/classes/letsencrypt_spec.rb b/spec/classes/letsencrypt_spec.rb index 658ef6ce..1a5e6154 100644 --- a/spec/classes/letsencrypt_spec.rb +++ b/spec/classes/letsencrypt_spec.rb @@ -32,7 +32,7 @@ manage_install: true, manage_dependencies: true, repo: 'https://github.com/certbot/certbot.git', - version: 'v0.30.2'). + version: 'v0.39.0'). that_notifies('Exec[initialize letsencrypt]'). that_comes_before('Class[letsencrypt::renew]') is_expected.to contain_exec('initialize letsencrypt') From 70e097f597a6bf34f5271598045ab2d3eacd81a4 Mon Sep 17 00:00:00 2001 From: Fabien COMBERNOUS Date: Wed, 9 Oct 2019 21:59:55 +0200 Subject: [PATCH 24/68] release 5.0.0 --- CHANGELOG.md | 36 +++++++++++++++++++++++++++++++++++- metadata.json | 2 +- 2 files changed, 36 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 435e59bf..a73c97bd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,41 @@ All notable changes to this project will be documented in this file. Each new release typically also includes the latest modulesync defaults. These should not affect the functionality of the module. -## [v4.0.0](https://github.com/voxpupuli/puppet-letsencrypt/tree/v4.0.0) (2019-03-27) +## [v5.0.0](https://github.com/voxpupuli/puppet-letsencrypt/tree/v5.0.0) (2019-10-09) + +[Full Changelog](https://github.com/voxpupuli/puppet-letsencrypt/compare/v4.0.0...v5.0.0) + +**Breaking changes:** + +- remove params.pp and change some defaults values [\#205](https://github.com/voxpupuli/puppet-letsencrypt/pull/205) ([Dan33l](https://github.com/Dan33l)) +- Drop Ubuntu 14.04 & add Debian 9/10 / Fedora 29/30 support [\#193](https://github.com/voxpupuli/puppet-letsencrypt/pull/193) ([ekohl](https://github.com/ekohl)) + +**Implemented enhancements:** + +- replace server urls with v2 urls [\#196](https://github.com/voxpupuli/puppet-letsencrypt/issues/196) +- Option to clean up cronjobs for removed domains [\#175](https://github.com/voxpupuli/puppet-letsencrypt/issues/175) +- update version shiped with vcs method to 0.39.0 [\#207](https://github.com/voxpupuli/puppet-letsencrypt/pull/207) ([Dan33l](https://github.com/Dan33l)) +- use ACME API v2 [\#206](https://github.com/voxpupuli/puppet-letsencrypt/pull/206) ([Dan33l](https://github.com/Dan33l)) +- feat\(facts\): add facts about certificates [\#187](https://github.com/voxpupuli/puppet-letsencrypt/pull/187) ([minorOffense](https://github.com/minorOffense)) + +**Fixed bugs:** + +- fix modulesync config file [\#201](https://github.com/voxpupuli/puppet-letsencrypt/pull/201) ([bastelfreak](https://github.com/bastelfreak)) + +**Closed issues:** + +- python2-certbot-dns-rfc2136 doesn't exist in debian buster [\#191](https://github.com/voxpupuli/puppet-letsencrypt/issues/191) +- letsencrypt failed to generate certificate [\#184](https://github.com/voxpupuli/puppet-letsencrypt/issues/184) +- `$letsencrypt::venv\_path` is undocumented [\#21](https://github.com/voxpupuli/puppet-letsencrypt/issues/21) + +**Merged pull requests:** + +- use puppet strings [\#204](https://github.com/voxpupuli/puppet-letsencrypt/pull/204) ([Dan33l](https://github.com/Dan33l)) +- Raise upper bound version of stdlib & vcsrepo [\#202](https://github.com/voxpupuli/puppet-letsencrypt/pull/202) ([mfaure](https://github.com/mfaure)) +- Fix type in readme: deploy\_hooks\_commands -\> deploy\_hook\_commands [\#188](https://github.com/voxpupuli/puppet-letsencrypt/pull/188) ([2ZZ](https://github.com/2ZZ)) +- Allow puppetlabs/inifile 3.x [\#186](https://github.com/voxpupuli/puppet-letsencrypt/pull/186) ([dhoppe](https://github.com/dhoppe)) + +## [v4.0.0](https://github.com/voxpupuli/puppet-letsencrypt/tree/v4.0.0) (2019-03-29) [Full Changelog](https://github.com/voxpupuli/puppet-letsencrypt/compare/v3.0.0...v4.0.0) diff --git a/metadata.json b/metadata.json index 135881fe..d9933905 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppet-letsencrypt", - "version": "4.0.1-rc0", + "version": "5.0.0", "author": "Vox Pupuli", "summary": "Manages lets-encrypt and certbot + related certs", "license": "Apache-2.0", From 9705a116cc8b434d2ece826d50b88dfe5ccc66a4 Mon Sep 17 00:00:00 2001 From: Fabien COMBERNOUS Date: Wed, 9 Oct 2019 22:36:14 +0200 Subject: [PATCH 25/68] [blacksmith] Bump version to 5.0.1-rc0 --- metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.json b/metadata.json index d9933905..b2689bc2 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppet-letsencrypt", - "version": "5.0.0", + "version": "5.0.1-rc0", "author": "Vox Pupuli", "summary": "Manages lets-encrypt and certbot + related certs", "license": "Apache-2.0", From 6f0faca0f8f8da8da73df3267fe5a8844ca04845 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Thu, 14 Nov 2019 22:24:34 +0100 Subject: [PATCH 26/68] allow puppetlabs/inifile 4.x --- metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.json b/metadata.json index b2689bc2..8b76e61e 100644 --- a/metadata.json +++ b/metadata.json @@ -74,7 +74,7 @@ }, { "name": "puppetlabs/inifile", - "version_requirement": ">= 2.0.0 < 4.0.0" + "version_requirement": ">= 2.0.0 < 5.0.0" }, { "name": "puppetlabs/vcsrepo", From d7392da8f2a2f66bc78f8f76482ba244dbbe77ee Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Thu, 21 Nov 2019 15:50:39 +0100 Subject: [PATCH 27/68] add --keep-until-expiring closer to letsencrypt command in cron This change adds "--keep-until-expiring" closer to letsencrypt binary because there can be a pipe or another command at the end. Here is an example of broken cron (a lot of parameters is omitted): certbot -d 'example.com' | grep "Congratulations" && (/sbin/service nginx reload) --keep-until-expiring This change fixes it to: certbot --keep-until-expiring -d 'example.com' | grep "Congratulations" && (/sbin/service nginx reload) --- manifests/certonly.pp | 2 +- spec/defines/letsencrypt_certonly_spec.rb | 24 +++++++++++------------ 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/manifests/certonly.pp b/manifests/certonly.pp index 9ccbaac5..01d6186b 100644 --- a/manifests/certonly.pp +++ b/manifests/certonly.pp @@ -171,7 +171,7 @@ } if $manage_cron { - $maincommand = join($_command + ['--keep-until-expiring'], ' ') + $maincommand = join(["${letsencrypt_command} --keep-until-expiring"] + $_command[1,-1], ' ') $cron_script_ensure = $ensure ? { 'present' => 'file', default => 'absent' } $cron_ensure = $ensure diff --git a/spec/defines/letsencrypt_certonly_spec.rb b/spec/defines/letsencrypt_certonly_spec.rb index ea32bbb7..f162103d 100644 --- a/spec/defines/letsencrypt_certonly_spec.rb +++ b/spec/defines/letsencrypt_certonly_spec.rb @@ -144,7 +144,7 @@ class { 'letsencrypt::plugin::dns_rfc2136': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_command('"/var/lib/puppet/letsencrypt/renew-foo.example.com.sh"').with_ensure('present') } - it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a apache --cert-name 'foo.example.com' -d 'foo.example.com' --keep-until-expiring\n") } + it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a apache --cert-name 'foo.example.com' -d 'foo.example.com'\n") } end context 'with hook' do @@ -200,7 +200,7 @@ class { 'letsencrypt::plugin::dns_rfc2136': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_hour(13).with_ensure('present') } - it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com' --keep-until-expiring\n") } + it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") } end context 'with manage_cron and out of range defined cron_hour (integer)' do @@ -227,7 +227,7 @@ class { 'letsencrypt::plugin::dns_rfc2136': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_hour('00').with_ensure('present') } - it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com' --keep-until-expiring\n") } + it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") } end context 'with manage_cron and defined cron_hour (array)' do @@ -241,7 +241,7 @@ class { 'letsencrypt::plugin::dns_rfc2136': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_hour([1, 13]).with_ensure('present') } - it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com' --keep-until-expiring\n") } + it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") } end context 'with manage_cron and defined cron_minute (integer)' do @@ -255,7 +255,7 @@ class { 'letsencrypt::plugin::dns_rfc2136': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_minute(15).with_ensure('present') } - it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com' --keep-until-expiring\n") } + it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") } end context 'with manage_cron and out of range defined cron_hour (integer)' do @@ -282,7 +282,7 @@ class { 'letsencrypt::plugin::dns_rfc2136': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_minute('15').with_ensure('present') } - it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com' --keep-until-expiring\n") } + it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") } end context 'with manage_cron and defined cron_minute (array)' do @@ -296,7 +296,7 @@ class { 'letsencrypt::plugin::dns_rfc2136': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_minute([0, 30]).with_ensure('present') } - it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com' --keep-until-expiring\n") } + it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") } end context 'with manage_cron and ensure absent' do @@ -326,7 +326,7 @@ class { 'letsencrypt::plugin::dns_rfc2136': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_file('/tmp/custom_vardir/letsencrypt').with_ensure('directory') } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_command '"/tmp/custom_vardir/letsencrypt/renew-foo.example.com.sh"' } - it { is_expected.to contain_file('/tmp/custom_vardir/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a apache --cert-name 'foo.example.com' -d 'foo.example.com' --keep-until-expiring\n") } + it { is_expected.to contain_file('/tmp/custom_vardir/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a apache --cert-name 'foo.example.com' -d 'foo.example.com'\n") } end context 'with custom plugin and manage cron and cron_success_command' do @@ -342,7 +342,7 @@ class { 'letsencrypt::plugin::dns_rfc2136': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_command '"/var/lib/puppet/letsencrypt/renew-foo.example.com.sh"' } - it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\n(echo before) && letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a apache --cert-name 'foo.example.com' -d 'foo.example.com' --keep-until-expiring && (echo success)\n") } + it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\n(echo before) && letsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a apache --cert-name 'foo.example.com' -d 'foo.example.com' && (echo success)\n") } end context 'without plugin' do @@ -381,7 +381,7 @@ class { 'letsencrypt::plugin::dns_rfc2136': let(:params) { { environment: ['FOO=bar', 'FIZZ=buzz'], manage_cron: true } } it { is_expected.to compile.with_all_deps } - it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_content "#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nexport FOO=bar\nexport FIZZ=buzz\nletsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com' --keep-until-expiring\n" } + it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_content "#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nexport FOO=bar\nexport FIZZ=buzz\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n" } end context 'with manage cron and suppress_cron_output' do\ @@ -393,7 +393,7 @@ class { 'letsencrypt::plugin::dns_rfc2136': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_command('"/var/lib/puppet/letsencrypt/renew-foo.example.com.sh"').with_ensure('present') } - it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com' --keep-until-expiring > /dev/null 2>&1\n") } + it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com' > /dev/null 2>&1\n") } end context 'with manage cron and custom day of month' do @@ -405,7 +405,7 @@ class { 'letsencrypt::plugin::dns_rfc2136': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with(monthday: [1, 15]).with_ensure('present') } - it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com' --keep-until-expiring\n") } + it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") } end context 'with custom config_dir' do From d4ed5a8dba434f26be53f10a7f887d4704c1f81c Mon Sep 17 00:00:00 2001 From: Dennis Hoppe Date: Fri, 6 Dec 2019 15:30:49 +0100 Subject: [PATCH 28/68] modulesync 2.9.0 --- .github/CONTRIBUTING.md | 136 +++++++++++++++++++++++++++++++--------- .msync.yml | 2 +- .travis.yml | 28 ++++----- Dockerfile | 2 +- Gemfile | 8 ++- Rakefile | 13 ++++ spec/spec_helper.rb | 17 +++++ 7 files changed, 159 insertions(+), 47 deletions(-) diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index 38cacd4e..f3ffb570 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -1,3 +1,18 @@ +# Contribution guidelines + +## Table of contents + +* [Contributing](#contributing) +* [Writing proper commits - short version](#writing-proper-commits-short-version) +* [Writing proper commits - long version](#writing-proper-commits-long-version) +* [Dependencies](#dependencies) + * [Note for OS X users](#note-for-os-x-users) +* [The test matrix](#the-test-matrix) +* [Syntax and style](#syntax-and-style) +* [Running the unit tests](#running-the-unit-tests) +* [Unit tests in docker](#unit-tests-in-docker) +* [Integration tests](#integration-tests) + This module has grown over time based on a range of contributions from people using it. If you follow these contributing guidelines your patch will likely make it into a release a little more quickly. @@ -8,29 +23,92 @@ Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms. [Contributor Code of Conduct](https://voxpupuli.org/coc/). -1. Fork the repo. - -1. Create a separate branch for your change. - -1. We only take pull requests with passing tests, and documentation. [travis-ci](http://travis-ci.org) - runs the tests for us. You can also execute them locally. This is explained - in a later section. - -1. Checkout [our docs](https://voxpupuli.org/docs/#reviewing-a-module-pr) we - use to review a module and the [official styleguide](https://puppet.com/docs/puppet/6.0/style_guide.html). - They provide some guidance for new code that might help you before you submit a pull request. - -1. Add a test for your change. Only refactoring and documentation - changes require no new tests. If you are adding functionality - or fixing a bug, please add a test. - -1. Squash your commits down into logical components. Make sure to rebase - against our current master. - -1. Push the branch to your fork and submit a pull request. - -Please be prepared to repeat some of these steps as our contributors review -your code. +* Fork the repo. +* Create a separate branch for your change. +* We only take pull requests with passing tests, and documentation. [travis-ci](http://travis-ci.org) runs the tests for us. You can also execute them locally. This is explained [in a later section](#the-test-matrix). +* Checkout [our docs](https://voxpupuli.org/docs/reviewing_pr/) we use to review a module and the [official styleguide](https://puppet.com/docs/puppet/6.0/style_guide.html). They provide some guidance for new code that might help you before you submit a pull request. +* Add a test for your change. Only refactoring and documentation changes require no new tests. If you are adding functionality or fixing a bug, please add a test. +* Squash your commits down into logical components. Make sure to rebase against our current master. +* Push the branch to your fork and submit a pull request. + +Please be prepared to repeat some of these steps as our contributors review your code. + +## Writing proper commits - short version + +* Make commits of logical units. +* Check for unnecessary whitespace with "git diff --check" before committing. +* Commit using Unix line endings (check the settings around "crlf" in git-config(1)). +* Do not check in commented out code or unneeded files. +* The first line of the commit message should be a short description (50 characters is the soft limit, excluding ticket number(s)), and should skip the full stop. +* Associate the issue in the message. The first line should include the issue number in the form "(#XXXX) Rest of message". +* The body should provide a meaningful commit message, which: + *uses the imperative, present tense: `change`, not `changed` or `changes`. + * includes motivation for the change, and contrasts its implementation with the previous behavior. + * Make sure that you have tests for the bug you are fixing, or feature you are adding. + * Make sure the test suites passes after your commit: + * When introducing a new feature, make sure it is properly documented in the README.md + +## Writing proper commits - long version + + 1. Make separate commits for logically separate changes. + + Please break your commits down into logically consistent units + which include new or changed tests relevant to the rest of the + change. The goal of doing this is to make the diff easier to + read for whoever is reviewing your code. In general, the easier + your diff is to read, the more likely someone will be happy to + review it and get it into the code base. + + If you are going to refactor a piece of code, please do so as a + separate commit from your feature or bug fix changes. + + We also really appreciate changes that include tests to make + sure the bug is not re-introduced, and that the feature is not + accidentally broken. + + Describe the technical detail of the change(s). If your + description starts to get too long, that is a good sign that you + probably need to split up your commit into more finely grained + pieces. + + Commits which plainly describe the things which help + reviewers check the patch and future developers understand the + code are much more likely to be merged in with a minimum of + bike-shedding or requested changes. Ideally, the commit message + would include information, and be in a form suitable for + inclusion in the release notes for the version of Puppet that + includes them. + + Please also check that you are not introducing any trailing + whitespace or other "whitespace errors". You can do this by + running "git diff --check" on your changes before you commit. + + 2. Sending your patches + + To submit your changes via a GitHub pull request, we _highly_ + recommend that you have them on a topic branch, instead of + directly on `master`. + It makes things much easier to keep track of, especially if + you decide to work on another thing before your first change + is merged in. + + GitHub has some pretty good + [general documentation](http://help.github.com/) on using + their site. They also have documentation on + [creating pull requests](http://help.github.com/send-pull-requests/). + + In general, after pushing your topic branch up to your + repository on GitHub, you can switch to the branch in the + GitHub UI and click "Pull Request" towards the top of the page + in order to open a pull request. + + + 3. Update the related GitHub issue. + + If there is a GitHub issue associated with the change you + submitted, then you should update the ticket to include the + location of your branch, along with any other commentary you + may wish to make. ## Dependencies @@ -75,13 +153,15 @@ BUNDLE_JOBS="$(nproc)" ### Note for OS X users -`nproc` isn't a valid command unter OS x. As an alternative, you can do: +`nproc` isn't a valid command under OS x. As an alternative, you can do: ```sh --jobs "$(sysctl -n hw.ncpu)" ``` -## Syntax and style +## The test matrix + +### Syntax and style The test suite will run [Puppet Lint](http://puppet-lint.com/) and [Puppet Syntax](https://github.com/gds-operations/puppet-syntax) to @@ -99,7 +179,7 @@ against it. You can run those locally ahead of time with: bundle exec rake rubocop ``` -## Running the unit tests +### Running the unit tests The unit test suite covers most of the code, as mentioned above please add tests if you're adding new functionality. If you've not used @@ -124,7 +204,7 @@ To run a specific spec test set the `SPEC` variable: bundle exec rake spec SPEC=spec/foo_spec.rb ``` -### Unit tests in docker +#### Unit tests in docker Some people don't want to run the dependencies locally or don't want to install ruby. We ship a Dockerfile that enables you to run all unit tests and linting. @@ -139,7 +219,7 @@ permission to talk to it. You can specify a remote docker host by setting the `DOCKER_HOST` environment variable. it will copy the content of the module into the docker image. So it will not work if a Gemfile.lock exists. -## Integration tests +### Integration tests The unit tests just check the code runs, not that it does exactly what we want on a real machine. For that we're using diff --git a/.msync.yml b/.msync.yml index 23dfa32f..a7c0bbf9 100644 --- a/.msync.yml +++ b/.msync.yml @@ -1 +1 @@ -modulesync_config_version: '2.8.0' +modulesync_config_version: '2.9.0' diff --git a/.travis.yml b/.travis.yml index 4ecda047..e683ade3 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,5 +1,5 @@ --- -dist: xenial +dist: bionic language: ruby cache: bundler before_install: @@ -25,55 +25,55 @@ matrix: env: PUPPET_VERSION="~> 5.0" CHECK=build DEPLOY_TO_FORGE=yes - rvm: 2.5.3 bundler_args: --without development release - env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=centos7-64 BEAKER_HYPERVISOR=docker CHECK=beaker + env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=debian10-64 BEAKER_HYPERVISOR=docker CHECK=beaker services: docker - rvm: 2.5.3 bundler_args: --without development release - env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=centos7-64 BEAKER_HYPERVISOR=docker CHECK=beaker + env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=centos7-64 BEAKER_HYPERVISOR=docker CHECK=beaker services: docker - rvm: 2.5.3 bundler_args: --without development release - env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=debian9-64 BEAKER_HYPERVISOR=docker CHECK=beaker + env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=centos7-64 BEAKER_HYPERVISOR=docker CHECK=beaker services: docker - rvm: 2.5.3 bundler_args: --without development release - env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=debian9-64 BEAKER_HYPERVISOR=docker CHECK=beaker + env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=debian9-64 BEAKER_HYPERVISOR=docker CHECK=beaker services: docker - rvm: 2.5.3 bundler_args: --without development release - env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=debian10-64 BEAKER_HYPERVISOR=docker CHECK=beaker + env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=debian9-64 BEAKER_HYPERVISOR=docker CHECK=beaker services: docker - rvm: 2.5.3 bundler_args: --without development release - env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=fedora29-64 BEAKER_HYPERVISOR=docker CHECK=beaker + env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=fedora29-64 BEAKER_HYPERVISOR=docker CHECK=beaker services: docker - rvm: 2.5.3 bundler_args: --without development release - env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=fedora29-64 BEAKER_HYPERVISOR=docker CHECK=beaker + env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=fedora29-64 BEAKER_HYPERVISOR=docker CHECK=beaker services: docker - rvm: 2.5.3 bundler_args: --without development release - env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=fedora30-64 BEAKER_HYPERVISOR=docker CHECK=beaker + env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=fedora30-64 BEAKER_HYPERVISOR=docker CHECK=beaker services: docker - rvm: 2.5.3 bundler_args: --without development release - env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=fedora30-64 BEAKER_HYPERVISOR=docker CHECK=beaker + env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=fedora30-64 BEAKER_HYPERVISOR=docker CHECK=beaker services: docker - rvm: 2.5.3 bundler_args: --without development release - env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=ubuntu1604-64 BEAKER_HYPERVISOR=docker CHECK=beaker + env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=ubuntu1604-64 BEAKER_HYPERVISOR=docker CHECK=beaker services: docker - rvm: 2.5.3 bundler_args: --without development release - env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=ubuntu1604-64 BEAKER_HYPERVISOR=docker CHECK=beaker + env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=ubuntu1604-64 BEAKER_HYPERVISOR=docker CHECK=beaker services: docker - rvm: 2.5.3 bundler_args: --without development release - env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=ubuntu1804-64 BEAKER_HYPERVISOR=docker CHECK=beaker + env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=ubuntu1804-64 BEAKER_HYPERVISOR=docker CHECK=beaker services: docker - rvm: 2.5.3 bundler_args: --without development release - env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=ubuntu1804-64 BEAKER_HYPERVISOR=docker CHECK=beaker + env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=ubuntu1804-64 BEAKER_HYPERVISOR=docker CHECK=beaker services: docker branches: only: diff --git a/Dockerfile b/Dockerfile index 67048bb4..6fd63422 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,7 +15,7 @@ RUN bundle install --without system_tests development release --path=${BUNDLE_PA COPY . . RUN bundle install -RUN bundle exec release_checks +RUN bundle exec rake release_checks # Container should not saved RUN exit 1 diff --git a/Gemfile b/Gemfile index 9571ef3c..5a2e7379 100644 --- a/Gemfile +++ b/Gemfile @@ -12,7 +12,7 @@ end group :test do gem 'puppetlabs_spec_helper', '>= 2.14.0', :require => false - gem 'rspec-puppet-facts', '>= 1.8.0', :require => false + gem 'rspec-puppet-facts', '>= 1.9.5', :require => false gem 'rspec-puppet-utils', :require => false gem 'puppet-lint-leading_zero-check', :require => false gem 'puppet-lint-trailing_comma-check', :require => false @@ -22,6 +22,8 @@ group :test do gem 'puppet-lint-variable_contains_upcase', :require => false gem 'puppet-lint-absolute_classname-check', :require => false gem 'puppet-lint-topscope-variable-check', :require => false + gem 'puppet-lint-legacy_facts-check', :require => false + gem 'puppet-lint-anchor-check', :require => false gem 'metadata-json-lint', :require => false gem 'redcarpet', :require => false gem 'rubocop', '~> 0.49.1', :require => false @@ -63,9 +65,9 @@ group :system_tests do end group :release do - gem 'github_changelog_generator', :require => false, :git => 'https://github.com/github-changelog-generator/github-changelog-generator' + gem 'github_changelog_generator', :require => false, :git => 'https://github.com/voxpupuli/github-changelog-generator', :branch => 'voxpupuli_essential_fixes' gem 'puppet-blacksmith', :require => false - gem 'voxpupuli-release', :require => false, :git => 'https://github.com/voxpupuli/voxpupuli-release-gem' + gem 'voxpupuli-release', :require => false gem 'puppet-strings', '>= 2.2', :require => false end diff --git a/Rakefile b/Rakefile index 09701d0f..e3642ace 100644 --- a/Rakefile +++ b/Rakefile @@ -77,6 +77,19 @@ begin metadata = JSON.load(File.read(metadata_json)) config.project = metadata['name'] end + + # Workaround for https://github.com/github-changelog-generator/github-changelog-generator/issues/715 + require 'rbconfig' + if RbConfig::CONFIG['host_os'] =~ /linux/ + task :changelog do + puts 'Fixing line endings...' + changelog_file = File.join(__dir__, 'CHANGELOG.md') + changelog_txt = File.read(changelog_file) + new_contents = changelog_txt.gsub(%r{\r\n}, "\n") + File.open(changelog_file, "w") {|file| file.puts new_contents } + end + end + rescue LoadError end # vim: syntax=ruby diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index f16fb152..93f417a1 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -10,6 +10,11 @@ require 'bundler' include RspecPuppetFacts +if ENV['DEBUG'] + Puppet::Util::Log.level = :debug + Puppet::Util::Log.newdestination(:console) +end + if File.exist?(File.join(__dir__, 'default_module_facts.yml')) facts = YAML.load(File.read(File.join(__dir__, 'default_module_facts.yml'))) if facts @@ -37,6 +42,18 @@ end RSpec.configure do |c| + # getting the correct facter version is tricky. We use facterdb as a source to mock facts + # see https://github.com/camptocamp/facterdb + # people might provide a specific facter version. In that case we use it. + # Otherwise we need to match the correct facter version to the used puppet version. + # as of 2019-10-31, puppet 5 ships facter 3.11 and puppet 6 ships facter 3.14 + # https://puppet.com/docs/puppet/5.5/about_agent.html + c.default_facter_version = if ENV['FACTERDB_FACTS_VERSION'] + ENV['FACTERDB_FACTS_VERSION'] + else + Gem::Dependency.new('', ENV['PUPPET_VERSION']).match?('', '5') ? '3.11.0' : '3.14.0' + end + # Coverage generation c.after(:suite) do RSpec::Puppet::Coverage.report! From 4b2842d00cc850adf820a5fed00604f2df1ce006 Mon Sep 17 00:00:00 2001 From: Dennis Hoppe Date: Fri, 13 Dec 2019 08:36:16 +0100 Subject: [PATCH 29/68] Fix build jobs for Debian 10 --- .sync.yml | 6 +----- .travis.yml | 12 ++++++++---- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.sync.yml b/.sync.yml index 3faa6d54..408c0b35 100644 --- a/.sync.yml +++ b/.sync.yml @@ -3,14 +3,10 @@ docker_sets: - set: centos7-64 - set: debian9-64 + - set: debian10-64 - set: fedora29-64 - set: fedora30-64 - set: ubuntu1604-64 - set: ubuntu1804-64 - extras: - - rvm: 2.5.3 - services: docker - env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=debian10-64 BEAKER_HYPERVISOR=docker CHECK=beaker - bundler_args: --without development release secure: "n/CVUS2upgv5DifCm/YsjBxR/11bdTRDYi1x9QK6ILa32+6ngVV2RQaIMXXJfJKYIPT8/O21tpc9C7fOBRGhRpNbl0usfvqsZS0C9UkpEx6AqT7lcRzj6pLrNn3IuChhZ0tQjNiKp9LxVTzltxr5uTFwKKCE4o534v/DLAzkzq5EAZuBWpRS1rcVHQA3o0767Gu3601yyYkZj9ySDH5RpbSdTCcNkTzwtFhr2NEvVb+2FI0RhchDSqPBfNWHV4Hn3dKuL42MNC2zjd2FYFpC8F27OXk/erUZIOZFfpZuIWypjSimfVC95a2Nb8kfQotTvQxUI1fwiB01ibUQGGkJj+mh7Utg/byBrbijpJnWRR7TT6oQ1NbIUHVXcqE1tfpbCBZ4Ws2Hqji0QoGc0fMrkt1NVlZlgbVrb9t+ctb1QcLaEPI+1Zf2a3AZhXOKA1EGx2W5DTQSWSPv57BUtFPICZENQi/ats30h+0FwtN7rjfx8Q6BIGO2D5JODI6eJC0nLNaL5UaPA0pjGRsNlZWoUzieuKG08G/rQtj/8jLq/3eLICv1cbfvj7lDPc0thPwXdrPIC9nLSisb/wdLufpqXsFku9TeBqrRHfQWImybcv7JRAeZZeHEo+tvFvZg5MSAEiPmz8zIOJOKhuMKEXlOmALmSjEhW6Ca5r7xuQ5Qwm0=" diff --git a/.travis.yml b/.travis.yml index e683ade3..9db8a93e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -23,10 +23,6 @@ matrix: - rvm: 2.4.4 bundler_args: --without system_tests development release env: PUPPET_VERSION="~> 5.0" CHECK=build DEPLOY_TO_FORGE=yes - - rvm: 2.5.3 - bundler_args: --without development release - env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=debian10-64 BEAKER_HYPERVISOR=docker CHECK=beaker - services: docker - rvm: 2.5.3 bundler_args: --without development release env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=centos7-64 BEAKER_HYPERVISOR=docker CHECK=beaker @@ -43,6 +39,14 @@ matrix: bundler_args: --without development release env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=debian9-64 BEAKER_HYPERVISOR=docker CHECK=beaker services: docker + - rvm: 2.5.3 + bundler_args: --without development release + env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=debian10-64 BEAKER_HYPERVISOR=docker CHECK=beaker + services: docker + - rvm: 2.5.3 + bundler_args: --without development release + env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=debian10-64 BEAKER_HYPERVISOR=docker CHECK=beaker + services: docker - rvm: 2.5.3 bundler_args: --without development release env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=fedora29-64 BEAKER_HYPERVISOR=docker CHECK=beaker From a51b3b15a2cb7faae20cc0322d5a6df8e17f842e Mon Sep 17 00:00:00 2001 From: Dennis Hoppe Date: Tue, 17 Dec 2019 11:50:47 +0100 Subject: [PATCH 30/68] Remove obsolete check --- spec/defines/letsencrypt_certonly_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/defines/letsencrypt_certonly_spec.rb b/spec/defines/letsencrypt_certonly_spec.rb index f162103d..f92be52d 100644 --- a/spec/defines/letsencrypt_certonly_spec.rb +++ b/spec/defines/letsencrypt_certonly_spec.rb @@ -25,7 +25,7 @@ it { is_expected.to contain_ini_setting('/usr/local/etc/letsencrypt/cli.ini server https://acme-v02.api.letsencrypt.org/directory') } else it { is_expected.to contain_file('/etc/letsencrypt') } - it { is_expected.to contain_package('letsencrypt') } unless facts[:os]['release']['full'] == '14.04' + it { is_expected.to contain_package('letsencrypt') } it { is_expected.to contain_ini_setting('/etc/letsencrypt/cli.ini email foo@example.com') } it { is_expected.to contain_ini_setting('/etc/letsencrypt/cli.ini server https://acme-v02.api.letsencrypt.org/directory') } end From 53b8ae3586201b7177b19fb28be14fbe7886a013 Mon Sep 17 00:00:00 2001 From: Dennis Hoppe Date: Tue, 17 Dec 2019 12:07:39 +0100 Subject: [PATCH 31/68] Fix Travis CI pipeline --- .travis.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 9db8a93e..d14a521e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,8 +3,7 @@ dist: bionic language: ruby cache: bundler before_install: - - gem update --system - - gem update bundler + - yes | gem update --system - bundle --version script: - 'bundle exec rake $CHECK' From 5976b4eaccb0f8e78d6a4147792130f6035d8ede Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Sun, 22 Dec 2019 12:18:07 +0100 Subject: [PATCH 32/68] modulesync 2.10.0 --- .msync.yml | 2 +- .rubocop.yml | 2 +- .travis.yml | 1 + Gemfile | 2 +- Rakefile | 10 ---------- 5 files changed, 4 insertions(+), 13 deletions(-) diff --git a/.msync.yml b/.msync.yml index a7c0bbf9..11aed5fe 100644 --- a/.msync.yml +++ b/.msync.yml @@ -1 +1 @@ -modulesync_config_version: '2.9.0' +modulesync_config_version: '2.10.0' diff --git a/.rubocop.yml b/.rubocop.yml index 099a11c5..5984ccc6 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -1,6 +1,6 @@ require: rubocop-rspec AllCops: - TargetRubyVersion: 1.9 + TargetRubyVersion: 2.1 Include: - ./**/*.rb Exclude: diff --git a/.travis.yml b/.travis.yml index d14a521e..c4859ce2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -84,6 +84,7 @@ branches: - /^v\d/ notifications: email: false + webhooks: https://voxpupu.li/incoming/travis irc: on_success: always on_failure: always diff --git a/Gemfile b/Gemfile index 5a2e7379..50a90301 100644 --- a/Gemfile +++ b/Gemfile @@ -20,7 +20,7 @@ group :test do gem 'puppet-lint-classes_and_types_beginning_with_digits-check', :require => false gem 'puppet-lint-unquoted_string-check', :require => false gem 'puppet-lint-variable_contains_upcase', :require => false - gem 'puppet-lint-absolute_classname-check', :require => false + gem 'puppet-lint-absolute_classname-check', '>= 2.0.0', :require => false gem 'puppet-lint-topscope-variable-check', :require => false gem 'puppet-lint-legacy_facts-check', :require => false gem 'puppet-lint-anchor-check', :require => false diff --git a/Rakefile b/Rakefile index e3642ace..c0f2d37d 100644 --- a/Rakefile +++ b/Rakefile @@ -8,16 +8,6 @@ rescue LoadError end PuppetLint.configuration.log_format = '%{path}:%{line}:%{check}:%{KIND}:%{message}' -PuppetLint.configuration.absolute_classname_reverse = true - -exclude_paths = %w( - pkg/**/* - vendor/**/* - .vendor/**/* - spec/**/* -) -PuppetLint.configuration.ignore_paths = exclude_paths -PuppetSyntax.exclude_paths = exclude_paths desc 'Auto-correct puppet-lint offenses' task 'lint:auto_correct' do From b996e6cf7f4f6f7ee44f2955321b7e80060960e9 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Tue, 31 Dec 2019 12:00:25 +0100 Subject: [PATCH 33/68] drop FreeBSD 10 / Add FreeBSD 12 FreeBSD 10 is EoL --- metadata.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/metadata.json b/metadata.json index 8b76e61e..1c1cadf8 100644 --- a/metadata.json +++ b/metadata.json @@ -56,8 +56,8 @@ { "operatingsystem": "FreeBSD", "operatingsystemrelease": [ - "10", - "11" + "11", + "12" ] } ], From da899e00d631325fd5074cdbb93c13329077bfcf Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Tue, 31 Dec 2019 12:22:56 +0100 Subject: [PATCH 34/68] fix facter version for local Puppet 6 tests This is now implemented in modulesync_config: https://github.com/voxpupuli/modulesync_config/pull/622 --- spec/spec_helper.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 93f417a1..e40ba446 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -48,10 +48,14 @@ # Otherwise we need to match the correct facter version to the used puppet version. # as of 2019-10-31, puppet 5 ships facter 3.11 and puppet 6 ships facter 3.14 # https://puppet.com/docs/puppet/5.5/about_agent.html + # + # The environment variable `PUPPET_VERSION` is available in our travis environment, but we cannot rely on it + # if somebody runs the tests locally. For that case we should fallback the the puppet gem version c.default_facter_version = if ENV['FACTERDB_FACTS_VERSION'] ENV['FACTERDB_FACTS_VERSION'] else - Gem::Dependency.new('', ENV['PUPPET_VERSION']).match?('', '5') ? '3.11.0' : '3.14.0' + puppet_version = ENV['PUPPET_VERSION'] ? ENV['PUPPET_VERSION'] : Gem.loaded_specs['puppet'].version.to_s + Gem::Dependency.new('', puppet_version).match?('', '5') ? '3.11.0' : '3.14.0' end # Coverage generation From 55c4ab4c7a747936cda70aa4a06eb1a4fa3d5c33 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Tue, 31 Dec 2019 12:23:25 +0100 Subject: [PATCH 35/68] pin facterdb to get latest fedora fact sets --- Gemfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Gemfile b/Gemfile index 50a90301..185dcf03 100644 --- a/Gemfile +++ b/Gemfile @@ -32,6 +32,9 @@ group :test do gem 'coveralls', :require => false gem 'simplecov-console', :require => false gem 'parallel_tests', :require => false + # we require unreleased Fedora 30 fact sets + # https://github.com/camptocamp/facterdb/commit/1bc038fd42aac53344ac1ee9c129cbccf5b5c0aa + gem 'facterdb', :require => false, :git => 'https://github.com/camptocamp/facterdb.git', :branch => 'master' end group :development do From 56b636faf3558f790ba61d4ea72c2f3355352a8a Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Mon, 16 Dec 2019 19:13:22 +0100 Subject: [PATCH 36/68] delete legacy travis directory --- .travis/setup.sh | 12 ------------ 1 file changed, 12 deletions(-) delete mode 100644 .travis/setup.sh diff --git a/.travis/setup.sh b/.travis/setup.sh deleted file mode 100644 index ae1a0438..00000000 --- a/.travis/setup.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh - -# THIS FILE IS MANAGED BY MODULESYNC - -rm -f Gemfile.lock -if [ "${PUPPET_VERSION}" = '~> 4.0' ]; then - gem install bundler -v '< 2' --no-rdoc --no-ri; -else - gem update --system; - gem update bundler; - bundle --version; -fi From ec0d0f57fa967d32f28a1d787ca32e4eae97a804 Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Tue, 31 Dec 2019 19:10:16 +0100 Subject: [PATCH 37/68] Allow setting parameters on the OS level Fedora will never have EPEL. This makes it easier to keep supporting Fedora. --- data/os/{Fedora/29.yaml => Fedora.yaml} | 0 data/os/Fedora/30.yaml | 3 --- hiera.yaml | 3 +++ 3 files changed, 3 insertions(+), 3 deletions(-) rename data/os/{Fedora/29.yaml => Fedora.yaml} (100%) delete mode 100644 data/os/Fedora/30.yaml diff --git a/data/os/Fedora/29.yaml b/data/os/Fedora.yaml similarity index 100% rename from data/os/Fedora/29.yaml rename to data/os/Fedora.yaml diff --git a/data/os/Fedora/30.yaml b/data/os/Fedora/30.yaml deleted file mode 100644 index b2bc628f..00000000 --- a/data/os/Fedora/30.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -letsencrypt::configure_epel: false -letsencrypt::plugin::dns_rfc2136::package_name: 'python3-certbot-dns-rfc2136' diff --git a/hiera.yaml b/hiera.yaml index 8f3b44bf..2058ed68 100644 --- a/hiera.yaml +++ b/hiera.yaml @@ -9,6 +9,9 @@ hierarchy: - name: 'Operating System Major Release' path: 'os/%{facts.os.name}/%{facts.os.release.major}.yaml' + - name: 'Operating System' + path: 'os/%{facts.os.name}.yaml' + - name: 'Operating System Family' path: '%{facts.os.family}-family.yaml' From cbf92e3937674f7bc2a40a5b08cdda0adacb0b40 Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Tue, 31 Dec 2019 19:13:56 +0100 Subject: [PATCH 38/68] Add Fedora 31, drop Fedora 29 Fedora 29 is EOL since November 26th. Since there's no actual code change, it'll still continue to work for users. --- .sync.yml | 2 +- .travis.yml | 8 ++++---- metadata.json | 4 ++-- spec/classes/plugin/dns_rfc2136_spec.rb | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.sync.yml b/.sync.yml index 408c0b35..6150f683 100644 --- a/.sync.yml +++ b/.sync.yml @@ -4,8 +4,8 @@ - set: centos7-64 - set: debian9-64 - set: debian10-64 - - set: fedora29-64 - set: fedora30-64 + - set: fedora31-64 - set: ubuntu1604-64 - set: ubuntu1804-64 secure: "n/CVUS2upgv5DifCm/YsjBxR/11bdTRDYi1x9QK6ILa32+6ngVV2RQaIMXXJfJKYIPT8/O21tpc9C7fOBRGhRpNbl0usfvqsZS0C9UkpEx6AqT7lcRzj6pLrNn3IuChhZ0tQjNiKp9LxVTzltxr5uTFwKKCE4o534v/DLAzkzq5EAZuBWpRS1rcVHQA3o0767Gu3601yyYkZj9ySDH5RpbSdTCcNkTzwtFhr2NEvVb+2FI0RhchDSqPBfNWHV4Hn3dKuL42MNC2zjd2FYFpC8F27OXk/erUZIOZFfpZuIWypjSimfVC95a2Nb8kfQotTvQxUI1fwiB01ibUQGGkJj+mh7Utg/byBrbijpJnWRR7TT6oQ1NbIUHVXcqE1tfpbCBZ4Ws2Hqji0QoGc0fMrkt1NVlZlgbVrb9t+ctb1QcLaEPI+1Zf2a3AZhXOKA1EGx2W5DTQSWSPv57BUtFPICZENQi/ats30h+0FwtN7rjfx8Q6BIGO2D5JODI6eJC0nLNaL5UaPA0pjGRsNlZWoUzieuKG08G/rQtj/8jLq/3eLICv1cbfvj7lDPc0thPwXdrPIC9nLSisb/wdLufpqXsFku9TeBqrRHfQWImybcv7JRAeZZeHEo+tvFvZg5MSAEiPmz8zIOJOKhuMKEXlOmALmSjEhW6Ca5r7xuQ5Qwm0=" diff --git a/.travis.yml b/.travis.yml index c4859ce2..3739c9e1 100644 --- a/.travis.yml +++ b/.travis.yml @@ -48,19 +48,19 @@ matrix: services: docker - rvm: 2.5.3 bundler_args: --without development release - env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=fedora29-64 BEAKER_HYPERVISOR=docker CHECK=beaker + env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=fedora30-64 BEAKER_HYPERVISOR=docker CHECK=beaker services: docker - rvm: 2.5.3 bundler_args: --without development release - env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=fedora29-64 BEAKER_HYPERVISOR=docker CHECK=beaker + env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=fedora30-64 BEAKER_HYPERVISOR=docker CHECK=beaker services: docker - rvm: 2.5.3 bundler_args: --without development release - env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=fedora30-64 BEAKER_HYPERVISOR=docker CHECK=beaker + env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=fedora31-64 BEAKER_HYPERVISOR=docker CHECK=beaker services: docker - rvm: 2.5.3 bundler_args: --without development release - env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=fedora30-64 BEAKER_HYPERVISOR=docker CHECK=beaker + env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=fedora31-64 BEAKER_HYPERVISOR=docker CHECK=beaker services: docker - rvm: 2.5.3 bundler_args: --without development release diff --git a/metadata.json b/metadata.json index 1c1cadf8..5f6381db 100644 --- a/metadata.json +++ b/metadata.json @@ -29,8 +29,8 @@ { "operatingsystem": "Fedora", "operatingsystemrelease": [ - "29", - "30" + "30", + "31" ] }, { diff --git a/spec/classes/plugin/dns_rfc2136_spec.rb b/spec/classes/plugin/dns_rfc2136_spec.rb index a1a3b275..5b3ebbae 100644 --- a/spec/classes/plugin/dns_rfc2136_spec.rb +++ b/spec/classes/plugin/dns_rfc2136_spec.rb @@ -17,7 +17,7 @@ class { 'letsencrypt': osrelease = facts[:os]['release']['major'] osfull = "#{osname}-#{osrelease}" case osfull - when 'Debian-10', 'Ubuntu-18.04', 'Fedora-29', 'Fedora-30' + when 'Debian-10', 'Ubuntu-18.04', 'Fedora-30', 'Fedora-31' 'python3-certbot-dns-rfc2136' when 'RedHat-7', 'CentOS-7' 'python2-certbot-dns-rfc2136' From ba8fff9976d7a5a32802cbcea684c923152f9633 Mon Sep 17 00:00:00 2001 From: Alexander Fisher Date: Sun, 29 Mar 2020 12:18:21 +0100 Subject: [PATCH 39/68] Ensure EPEL is configured before installing plugin I've noticed other PRs fail because puppet is trying to install the dns_rfc2136 package before EPEL has been configured. The cleanest way of fixing this seems to be to have the plugin class `require letsencrypt`. There are only two resources in the `letsencrypt::plugin::dns_rfc2136` and the `file` resource already required `Class['letsencrypt']`. Now the `package` resource will too. The base class already `contain`s `letsencrypt::install` and that `include`s `epel` and configures the correct ordering. --- manifests/plugin/dns_rfc2136.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/plugin/dns_rfc2136.pp b/manifests/plugin/dns_rfc2136.pp index b6a153f8..ed524327 100644 --- a/manifests/plugin/dns_rfc2136.pp +++ b/manifests/plugin/dns_rfc2136.pp @@ -24,6 +24,7 @@ Stdlib::Absolutepath $config_dir = $letsencrypt::config_dir, Boolean $manage_package = true, ) { + require letsencrypt if $manage_package { package { $package_name: @@ -47,7 +48,6 @@ content => epp('letsencrypt/ini.epp', { vars => { '' => $ini_vars }, }), - require => Class['letsencrypt'], } } From 1ba9341f5be6008f68c8d8c3b8a99eedbdef0838 Mon Sep 17 00:00:00 2001 From: Lukas Kallies Date: Sat, 28 Mar 2020 11:42:14 +0100 Subject: [PATCH 40/68] stahnma-epel has been transfered to voxpupuli --- .fixtures.yml | 2 +- README.md | 2 +- REFERENCE.md | 4 +--- metadata.json | 4 ++-- 4 files changed, 5 insertions(+), 7 deletions(-) diff --git a/.fixtures.yml b/.fixtures.yml index d9d05bff..adba068b 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -1,6 +1,6 @@ fixtures: repositories: - epel: 'https://github.com/stahnma/puppet-module-epel.git' + epel: 'https://github.com/voxpupuli/puppet-epel.git' inifile: 'https://github.com/puppetlabs/puppetlabs-inifile.git' stdlib: 'https://github.com/puppetlabs/puppetlabs-stdlib.git' vcsrepo: 'https://github.com/puppetlabs/puppetlabs-vcsrepo.git' diff --git a/README.md b/README.md index 1d9b4a7c..cb077ccf 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ versions are defined in the [metadata.json](metadata.json) On EL (Red Hat, CentOS etc.) systems, the EPEL repository needs to be enabled for the Let's Encrypt client package. -The module can integrate with [stahnma/epel](https://forge.puppetlabs.com/stahnma/epel) +The module can integrate with [puppet/epel](https://forge.puppetlabs.com/puppet/epel) to set up the repo by setting the `configure_epel` parameter to `true` (the default for RedHat) and installing the module. diff --git a/REFERENCE.md b/REFERENCE.md index 9c6e1448..c3459d5d 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -23,7 +23,7 @@ _Private Classes_ **Functions** -* [`letsencrypt::letsencrypt_lookup`](#letsencryptletsencrypt_lookup): +* [`letsencrypt::letsencrypt_lookup`](#letsencryptletsencrypt_lookup): **Data types** @@ -40,8 +40,6 @@ Install and configure Certbot, the LetsEncrypt client #### Examples -##### - ```puppet class { 'letsencrypt' : email => 'letsregister@example.com', diff --git a/metadata.json b/metadata.json index 1c1cadf8..612e9087 100644 --- a/metadata.json +++ b/metadata.json @@ -81,8 +81,8 @@ "version_requirement": ">= 2.0.0 < 4.0.0" }, { - "name": "stahnma/epel", - "version_requirement": ">= 1.0.0 < 2.0.0" + "name": "puppet/epel", + "version_requirement": ">= 3.0.1 < 4.0.0" } ] } From eaa80501ad3060a79527147ef944153b373e5017 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20S=C3=A9hier?= Date: Mon, 30 Mar 2020 11:16:06 +0200 Subject: [PATCH 41/68] allow to override --cert-name allow to override --cert-name --- manifests/certonly.pp | 11 ++++++----- spec/defines/letsencrypt_certonly_spec.rb | 8 ++++++++ 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/manifests/certonly.pp b/manifests/certonly.pp index 01d6186b..9277bd93 100644 --- a/manifests/certonly.pp +++ b/manifests/certonly.pp @@ -48,6 +48,7 @@ define letsencrypt::certonly ( Enum['present','absent'] $ensure = 'present', Array[String[1]] $domains = [$title], + String[1] $cert_name = $title, Boolean $custom_plugin = false, Letsencrypt::Plugin $plugin = 'standalone', Array[Stdlib::Unixpath] $webroot_paths = [], @@ -95,14 +96,14 @@ "-d '${domain[0]}'" } } - $plugin_args = ["--cert-name '${title}'"] + $_plugin_args + $plugin_args = ["--cert-name '${cert_name}'"] + $_plugin_args } 'dns-rfc2136': { require letsencrypt::plugin::dns_rfc2136 $_domains = join($domains, '\' -d \'') $plugin_args = [ - "--cert-name '${title}' -d", + "--cert-name '${cert_name}' -d", "'${_domains}'", "--dns-rfc2136-credentials ${letsencrypt::plugin::dns_rfc2136::config_dir}/dns-rfc2136.ini", "--dns-rfc2136-propagation-seconds ${letsencrypt::plugin::dns_rfc2136::propagation_seconds}", @@ -112,9 +113,9 @@ default: { if $ensure == 'present' { $_domains = join($domains, '\' -d \'') - $plugin_args = "--cert-name '${title}' -d '${_domains}'" + $plugin_args = "--cert-name '${cert_name}' -d '${_domains}'" } else { - $plugin_args = "--cert-name '${title}'" + $plugin_args = "--cert-name '${cert_name}'" } } } @@ -137,7 +138,7 @@ } # certbot uses --cert-name to generate the file path - $live_path_certname = regsubst($title, '^\*\.', '') + $live_path_certname = regsubst($cert_name, '^\*\.', '') $live_path = "${config_dir}/live/${live_path_certname}/cert.pem" $_command = flatten([ diff --git a/spec/defines/letsencrypt_certonly_spec.rb b/spec/defines/letsencrypt_certonly_spec.rb index f92be52d..c219aded 100644 --- a/spec/defines/letsencrypt_certonly_spec.rb +++ b/spec/defines/letsencrypt_certonly_spec.rb @@ -51,6 +51,14 @@ it { is_expected.to contain_exec('letsencrypt certonly foo').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo' -d 'foo.example.com' -d 'bar.example.com' -d '*.example.com'" } end + context 'with custom cert-name' do + let(:title) { 'foo' } + let(:params) { { cert_name: 'bar.example.com' } } + + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_exec('letsencrypt certonly foo').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'bar.example.com' -d 'foo'" } + end + context 'with custom command' do let(:title) { 'foo.example.com' } let(:params) { { letsencrypt_command: '/usr/lib/letsencrypt/letsencrypt-auto' } } From 77fba529e25afe196d6e22ba31ae6ed62b7bc633 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Sat, 4 Apr 2020 16:32:13 +0200 Subject: [PATCH 42/68] modulesync 2.12.0 --- .github/CONTRIBUTING.md | 6 +++-- .msync.yml | 2 +- .rubocop.yml | 3 ++- Gemfile | 28 +++------------------ Rakefile | 33 +------------------------ spec/spec_helper.rb | 55 +++-------------------------------------- 6 files changed, 16 insertions(+), 111 deletions(-) diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index f3ffb570..2240a970 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -256,18 +256,20 @@ Beaker also supports docker containers. We also use that in our automated CI pipeline at [travis-ci](http://travis-ci.org). To use that instead of Vagrant: ```sh -PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=debian9-64{hypervisor=docker} BEAKER_destroy=yes bundle exec rake beaker +PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=debian10-64{hypervisor=docker} BEAKER_destroy=yes bundle exec rake beaker ``` -You can replace the string `debian9` with any common operating system. +You can replace the string `debian10` with any common operating system. The following strings are known to work: * ubuntu1604 * ubuntu1804 * debian8 * debian9 +* debian10 * centos6 * centos7 +* centos8 The easiest way to debug in a docker container is to open a shell: diff --git a/.msync.yml b/.msync.yml index 11aed5fe..8864fc09 100644 --- a/.msync.yml +++ b/.msync.yml @@ -1 +1 @@ -modulesync_config_version: '2.10.0' +modulesync_config_version: '2.12.0' diff --git a/.rubocop.yml b/.rubocop.yml index 5984ccc6..c2ebc88d 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -1,6 +1,7 @@ require: rubocop-rspec AllCops: - TargetRubyVersion: 2.1 +# Puppet Server 5 defaults to jruby 1.7 so TargetRubyVersion must stay at 1.9 until we drop support for puppet 5 + TargetRubyVersion: 1.9 Include: - ./**/*.rb Exclude: diff --git a/Gemfile b/Gemfile index 185dcf03..11c85584 100644 --- a/Gemfile +++ b/Gemfile @@ -11,30 +11,9 @@ def location_for(place, fake_version = nil) end group :test do - gem 'puppetlabs_spec_helper', '>= 2.14.0', :require => false - gem 'rspec-puppet-facts', '>= 1.9.5', :require => false - gem 'rspec-puppet-utils', :require => false - gem 'puppet-lint-leading_zero-check', :require => false - gem 'puppet-lint-trailing_comma-check', :require => false - gem 'puppet-lint-version_comparison-check', :require => false - gem 'puppet-lint-classes_and_types_beginning_with_digits-check', :require => false - gem 'puppet-lint-unquoted_string-check', :require => false - gem 'puppet-lint-variable_contains_upcase', :require => false - gem 'puppet-lint-absolute_classname-check', '>= 2.0.0', :require => false - gem 'puppet-lint-topscope-variable-check', :require => false - gem 'puppet-lint-legacy_facts-check', :require => false - gem 'puppet-lint-anchor-check', :require => false - gem 'metadata-json-lint', :require => false - gem 'redcarpet', :require => false - gem 'rubocop', '~> 0.49.1', :require => false - gem 'rubocop-rspec', '~> 1.15.0', :require => false - gem 'mocha', '~> 1.4.0', :require => false - gem 'coveralls', :require => false - gem 'simplecov-console', :require => false - gem 'parallel_tests', :require => false - # we require unreleased Fedora 30 fact sets - # https://github.com/camptocamp/facterdb/commit/1bc038fd42aac53344ac1ee9c129cbccf5b5c0aa - gem 'facterdb', :require => false, :git => 'https://github.com/camptocamp/facterdb.git', :branch => 'master' + gem 'voxpupuli-test', '>= 1.0.0', :require => false + gem 'coveralls', :require => false + gem 'simplecov-console', :require => false end group :development do @@ -65,6 +44,7 @@ group :system_tests do gem 'rbnacl', '>= 4', :require => false gem 'rbnacl-libsodium', :require => false gem 'bcrypt_pbkdf', :require => false + gem 'ed25519', :require => false end group :release do diff --git a/Rakefile b/Rakefile index c0f2d37d..b450fe7b 100644 --- a/Rakefile +++ b/Rakefile @@ -1,4 +1,4 @@ -require 'puppetlabs_spec_helper/rake_tasks' +require 'voxpupuli/test/rake' # load optional tasks for releases # only available if gem group releases is installed @@ -7,37 +7,6 @@ begin rescue LoadError end -PuppetLint.configuration.log_format = '%{path}:%{line}:%{check}:%{KIND}:%{message}' - -desc 'Auto-correct puppet-lint offenses' -task 'lint:auto_correct' do - Rake::Task[:lint_fix].invoke -end - -desc 'Run acceptance tests' -RSpec::Core::RakeTask.new(:acceptance) do |t| - t.pattern = 'spec/acceptance' -end - -desc 'Run tests' -task test: [:release_checks] - -namespace :check do - desc 'Check for trailing whitespace' - task :trailing_whitespace do - Dir.glob('**/*.md', File::FNM_DOTMATCH).sort.each do |filename| - next if filename =~ %r{^((modules|acceptance|\.?vendor|spec/fixtures|pkg)/|REFERENCE.md)} - File.foreach(filename).each_with_index do |line, index| - if line =~ %r{\s\n$} - puts "#{filename} has trailing whitespace on line #{index + 1}" - exit 1 - end - end - end - end -end -Rake::Task[:release_checks].enhance ['check:trailing_whitespace'] - desc "Run main 'test' task and report merged results to coveralls" task test_with_coveralls: [:test] do if Dir.exist?(File.expand_path('../lib', __FILE__)) diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index e40ba446..b2b27045 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,19 +1,12 @@ # This file is managed via modulesync # https://github.com/voxpupuli/modulesync # https://github.com/voxpupuli/modulesync_config -RSpec.configure do |c| - c.mock_with :rspec -end -require 'puppetlabs_spec_helper/module_spec_helper' -require 'rspec-puppet-facts' -require 'bundler' -include RspecPuppetFacts +# puppetlabs_spec_helper will set up coverage if the env variable is set. +# We want to do this if lib exists and it hasn't been explicitly set. +ENV['COVERAGE'] ||= 'yes' if Dir.exist?(File.expand_path('../../lib', __FILE__)) -if ENV['DEBUG'] - Puppet::Util::Log.level = :debug - Puppet::Util::Log.newdestination(:console) -end +require 'voxpupuli/test/spec_helper' if File.exist?(File.join(__dir__, 'default_module_facts.yml')) facts = YAML.load(File.read(File.join(__dir__, 'default_module_facts.yml'))) @@ -23,43 +16,3 @@ end end end - -if Dir.exist?(File.expand_path('../../lib', __FILE__)) - require 'coveralls' - require 'simplecov' - require 'simplecov-console' - SimpleCov.formatters = [ - SimpleCov::Formatter::HTMLFormatter, - SimpleCov::Formatter::Console - ] - SimpleCov.start do - track_files 'lib/**/*.rb' - add_filter '/spec' - add_filter '/vendor' - add_filter '/.vendor' - add_filter Bundler.configured_bundle_path.path - end -end - -RSpec.configure do |c| - # getting the correct facter version is tricky. We use facterdb as a source to mock facts - # see https://github.com/camptocamp/facterdb - # people might provide a specific facter version. In that case we use it. - # Otherwise we need to match the correct facter version to the used puppet version. - # as of 2019-10-31, puppet 5 ships facter 3.11 and puppet 6 ships facter 3.14 - # https://puppet.com/docs/puppet/5.5/about_agent.html - # - # The environment variable `PUPPET_VERSION` is available in our travis environment, but we cannot rely on it - # if somebody runs the tests locally. For that case we should fallback the the puppet gem version - c.default_facter_version = if ENV['FACTERDB_FACTS_VERSION'] - ENV['FACTERDB_FACTS_VERSION'] - else - puppet_version = ENV['PUPPET_VERSION'] ? ENV['PUPPET_VERSION'] : Gem.loaded_specs['puppet'].version.to_s - Gem::Dependency.new('', puppet_version).match?('', '5') ? '3.11.0' : '3.14.0' - end - - # Coverage generation - c.after(:suite) do - RSpec::Puppet::Coverage.report! - end -end From 48343324d7bea7eb3cf99ca0715b8b80e8bc38a6 Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Mon, 6 Apr 2020 23:11:39 +0200 Subject: [PATCH 43/68] Use voxpupuli-acceptance --- .travis.yml | 28 ++++++++++++++-------------- Gemfile | 22 +--------------------- spec/spec_helper_acceptance.rb | 28 ++++++++-------------------- 3 files changed, 23 insertions(+), 55 deletions(-) diff --git a/.travis.yml b/.travis.yml index 3739c9e1..694b2d9f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -24,59 +24,59 @@ matrix: env: PUPPET_VERSION="~> 5.0" CHECK=build DEPLOY_TO_FORGE=yes - rvm: 2.5.3 bundler_args: --without development release - env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=centos7-64 BEAKER_HYPERVISOR=docker CHECK=beaker + env: BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_setfile=centos7-64 CHECK=beaker services: docker - rvm: 2.5.3 bundler_args: --without development release - env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=centos7-64 BEAKER_HYPERVISOR=docker CHECK=beaker + env: BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_setfile=centos7-64 CHECK=beaker services: docker - rvm: 2.5.3 bundler_args: --without development release - env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=debian9-64 BEAKER_HYPERVISOR=docker CHECK=beaker + env: BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_setfile=debian9-64 CHECK=beaker services: docker - rvm: 2.5.3 bundler_args: --without development release - env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=debian9-64 BEAKER_HYPERVISOR=docker CHECK=beaker + env: BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_setfile=debian9-64 CHECK=beaker services: docker - rvm: 2.5.3 bundler_args: --without development release - env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=debian10-64 BEAKER_HYPERVISOR=docker CHECK=beaker + env: BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_setfile=debian10-64 CHECK=beaker services: docker - rvm: 2.5.3 bundler_args: --without development release - env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=debian10-64 BEAKER_HYPERVISOR=docker CHECK=beaker + env: BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_setfile=debian10-64 CHECK=beaker services: docker - rvm: 2.5.3 bundler_args: --without development release - env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=fedora30-64 BEAKER_HYPERVISOR=docker CHECK=beaker + env: BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_setfile=fedora30-64 CHECK=beaker services: docker - rvm: 2.5.3 bundler_args: --without development release - env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=fedora30-64 BEAKER_HYPERVISOR=docker CHECK=beaker + env: BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_setfile=fedora30-64 CHECK=beaker services: docker - rvm: 2.5.3 bundler_args: --without development release - env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=fedora31-64 BEAKER_HYPERVISOR=docker CHECK=beaker + env: BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_setfile=fedora31-64 CHECK=beaker services: docker - rvm: 2.5.3 bundler_args: --without development release - env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=fedora31-64 BEAKER_HYPERVISOR=docker CHECK=beaker + env: BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_setfile=fedora31-64 CHECK=beaker services: docker - rvm: 2.5.3 bundler_args: --without development release - env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=ubuntu1604-64 BEAKER_HYPERVISOR=docker CHECK=beaker + env: BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_setfile=ubuntu1604-64 CHECK=beaker services: docker - rvm: 2.5.3 bundler_args: --without development release - env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=ubuntu1604-64 BEAKER_HYPERVISOR=docker CHECK=beaker + env: BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_setfile=ubuntu1604-64 CHECK=beaker services: docker - rvm: 2.5.3 bundler_args: --without development release - env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=ubuntu1804-64 BEAKER_HYPERVISOR=docker CHECK=beaker + env: BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_setfile=ubuntu1804-64 CHECK=beaker services: docker - rvm: 2.5.3 bundler_args: --without development release - env: PUPPET_INSTALL_TYPE=agent BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=ubuntu1804-64 BEAKER_HYPERVISOR=docker CHECK=beaker + env: BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_setfile=ubuntu1804-64 CHECK=beaker services: docker branches: only: diff --git a/Gemfile b/Gemfile index 11c85584..32c31146 100644 --- a/Gemfile +++ b/Gemfile @@ -24,27 +24,7 @@ group :development do end group :system_tests do - gem 'winrm', :require => false - if beaker_version = ENV['BEAKER_VERSION'] - gem 'beaker', *location_for(beaker_version) - else - gem 'beaker', '>= 4.2.0', :require => false - end - if beaker_rspec_version = ENV['BEAKER_RSPEC_VERSION'] - gem 'beaker-rspec', *location_for(beaker_rspec_version) - else - gem 'beaker-rspec', :require => false - end - gem 'serverspec', :require => false - gem 'beaker-hostgenerator', '>= 1.1.22', :require => false - gem 'beaker-docker', :require => false - gem 'beaker-puppet', :require => false - gem 'beaker-puppet_install_helper', :require => false - gem 'beaker-module_install_helper', :require => false - gem 'rbnacl', '>= 4', :require => false - gem 'rbnacl-libsodium', :require => false - gem 'bcrypt_pbkdf', :require => false - gem 'ed25519', :require => false + gem 'voxpupuli-acceptance', :require => false end group :release do diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index d2de0ebc..3a33745b 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -1,23 +1,11 @@ -require 'beaker-rspec' -require 'beaker-puppet' -require 'beaker/puppet_install_helper' -require 'beaker/module_install_helper' +require 'voxpupuli/acceptance/spec_helper_acceptance' -run_puppet_install_helper unless ENV['BEAKER_provision'] == 'no' -install_module -install_module_dependencies - -RSpec.configure do |c| - # Configure all nodes in nodeset - c.before :suite do - hosts.each do |host| - # docker image does not provide cron in all cases - case fact('os.family') - when 'Debian' - host.install_package('cron') - when 'RedHat' - host.install_package('crontabs') - end - end +configure_beaker do |host| + # docker image does not provide cron in all cases + case fact_on(host, 'os.family') + when 'Debian' + host.install_package('cron') + when 'RedHat' + host.install_package('crontabs') end end From e4edf1dda5ad1b8d6d97773447664583813b7c8c Mon Sep 17 00:00:00 2001 From: Ari Pringle Date: Fri, 15 May 2020 13:29:35 -0600 Subject: [PATCH 44/68] add manifest to install dns-route53 plugin, along with tests --- data/RedHat-family.yaml | 1 + data/os/Debian/10.yaml | 1 + data/os/Fedora.yaml | 1 + data/os/Ubuntu/18.04.yaml | 1 + manifests/certonly.pp | 9 +++ manifests/plugin/dns_route53.pp | 22 +++++++ .../letsencrypt_plugin_dns_route53_spec.rb | 40 +++++++++++++ spec/classes/plugin/dns_route53_spec.rb | 57 +++++++++++++++++++ spec/defines/letsencrypt_certonly_spec.rb | 20 +++++++ 9 files changed, 152 insertions(+) create mode 100644 manifests/plugin/dns_route53.pp create mode 100644 spec/acceptance/letsencrypt_plugin_dns_route53_spec.rb create mode 100644 spec/classes/plugin/dns_route53_spec.rb diff --git a/data/RedHat-family.yaml b/data/RedHat-family.yaml index ab6b13a0..404b411c 100644 --- a/data/RedHat-family.yaml +++ b/data/RedHat-family.yaml @@ -1,3 +1,4 @@ --- letsencrypt::configure_epel: true letsencrypt::plugin::dns_rfc2136::package_name: 'python2-certbot-dns-rfc2136' +letsencrypt::plugin::dns_route53::package_name: 'python2-certbot-dns-route53' diff --git a/data/os/Debian/10.yaml b/data/os/Debian/10.yaml index cd92a13b..d0641b25 100644 --- a/data/os/Debian/10.yaml +++ b/data/os/Debian/10.yaml @@ -1,2 +1,3 @@ --- letsencrypt::plugin::dns_rfc2136::package_name: 'python3-certbot-dns-rfc2136' +letsencrypt::plugin::dns_route53::package_name: 'python3-certbot-dns-route53' diff --git a/data/os/Fedora.yaml b/data/os/Fedora.yaml index b2bc628f..56c3cd56 100644 --- a/data/os/Fedora.yaml +++ b/data/os/Fedora.yaml @@ -1,3 +1,4 @@ --- letsencrypt::configure_epel: false letsencrypt::plugin::dns_rfc2136::package_name: 'python3-certbot-dns-rfc2136' +letsencrypt::plugin::dns_route53::package_name: 'python3-certbot-dns-route53' diff --git a/data/os/Ubuntu/18.04.yaml b/data/os/Ubuntu/18.04.yaml index cd92a13b..d0641b25 100644 --- a/data/os/Ubuntu/18.04.yaml +++ b/data/os/Ubuntu/18.04.yaml @@ -1,2 +1,3 @@ --- letsencrypt::plugin::dns_rfc2136::package_name: 'python3-certbot-dns-rfc2136' +letsencrypt::plugin::dns_route53::package_name: 'python3-certbot-dns-route53' diff --git a/manifests/certonly.pp b/manifests/certonly.pp index 9277bd93..068ff564 100644 --- a/manifests/certonly.pp +++ b/manifests/certonly.pp @@ -110,6 +110,15 @@ ] } + 'dns-route53': { + require letsencrypt::plugin::dns_route53 + $_domains = join($domains, '\' -d \'') + $plugin_args = [ + "--cert-name '${cert_name}' -d '${_domains}'", + "--dns-route53-propagation-seconds ${letsencrypt::plugin::dns_route53::propagation_seconds}", + ] + } + default: { if $ensure == 'present' { $_domains = join($domains, '\' -d \'') diff --git a/manifests/plugin/dns_route53.pp b/manifests/plugin/dns_route53.pp new file mode 100644 index 00000000..3d3d27b3 --- /dev/null +++ b/manifests/plugin/dns_route53.pp @@ -0,0 +1,22 @@ +# @summary Installs and configures the dns-route53 plugin +# +# This class installs and configures the Let's Encrypt dns-route53 plugin. +# https://certbot-dns-route53.readthedocs.io +# +# @param propagation_seconds Number of seconds to wait for the DNS server to propagate the DNS-01 challenge. +# @param manage_package Manage the plugin package. +# @param package_name The name of the package to install when $manage_package is true. +# +class letsencrypt::plugin::dns_route53 ( + String[1] $package_name, + Integer $propagation_seconds = 10, + Boolean $manage_package = true, +) { + require letsencrypt + + if $manage_package { + package { $package_name: + ensure => installed, + } + } +} diff --git a/spec/acceptance/letsencrypt_plugin_dns_route53_spec.rb b/spec/acceptance/letsencrypt_plugin_dns_route53_spec.rb new file mode 100644 index 00000000..5b268827 --- /dev/null +++ b/spec/acceptance/letsencrypt_plugin_dns_route53_spec.rb @@ -0,0 +1,40 @@ +require 'spec_helper_acceptance' + +describe 'letsencrypt::plugin::dns_route53' do + supported = case fact('os.family') + when 'Debian' + # Debian 9 has it in backports, Ubuntu started shipping in Bionic + fact('os.release.major') != '9' && fact('os.release.major') != '16.04' + when 'RedHat' + true + else + false + end + + context 'with defaults values' do + pp = <<-PUPPET + class { 'letsencrypt' : + email => 'letsregister@example.com', + config => { + 'server' => 'https://acme-staging-v02.api.letsencrypt.org/directory', + }, + } + class { 'letsencrypt::plugin::dns_route53': + } + PUPPET + + if supported + it 'installs letsencrypt and dns route53 plugin without error' do + apply_manifest(pp, catch_failures: true) + end + it 'installs letsencrypt and dns route53 idempotently' do + apply_manifest(pp, catch_changes: true) + end + + else + it 'fails to install' do + apply_manifest(pp, expect_failures: true) + end + end + end +end diff --git a/spec/classes/plugin/dns_route53_spec.rb b/spec/classes/plugin/dns_route53_spec.rb new file mode 100644 index 00000000..631fc5ad --- /dev/null +++ b/spec/classes/plugin/dns_route53_spec.rb @@ -0,0 +1,57 @@ +require 'spec_helper' + +describe 'letsencrypt::plugin::dns_route53' do + on_supported_os.each do |os, facts| + context "on #{os} based operating systems" do + let(:facts) { facts } + let(:params) { {} } + let(:pre_condition) do + <<-PUPPET + class { 'letsencrypt': + email => 'foo@example.com', + } + PUPPET + end + let(:package_name) do + osname = facts[:os]['name'] + osrelease = facts[:os]['release']['major'] + osfull = "#{osname}-#{osrelease}" + case osfull + when 'Debian-10', 'Ubuntu-18.04', 'Fedora-30', 'Fedora-31' + 'python3-certbot-dns-route53' + when 'RedHat-7', 'CentOS-7' + 'python2-certbot-dns-route53' + end + end + + context 'with required parameters' do + it do + if package_name.nil? + is_expected.not_to compile + else + is_expected.to compile.with_all_deps + end + end + + describe 'with manage_package => true' do + let(:params) { super().merge(manage_package: true) } + + it do + if package_name.nil? + is_expected.not_to compile + else + is_expected.to contain_class('letsencrypt::plugin::dns_route53').with_package_name(package_name) + is_expected.to contain_package(package_name).with_ensure('installed') + end + end + end + + describe 'with manage_package => false' do + let(:params) { super().merge(manage_package: false, package_name: 'dns-route53-package') } + + it { is_expected.not_to contain_package('dns-route53-package') } + end + end + end + end +end diff --git a/spec/defines/letsencrypt_certonly_spec.rb b/spec/defines/letsencrypt_certonly_spec.rb index c219aded..63028b71 100644 --- a/spec/defines/letsencrypt_certonly_spec.rb +++ b/spec/defines/letsencrypt_certonly_spec.rb @@ -133,6 +133,26 @@ class { 'letsencrypt::plugin::dns_rfc2136': it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a dns-rfc2136 --cert-name 'foo.example.com' -d 'foo.example.com' --dns-rfc2136-credentials /etc/letsencrypt/dns-rfc2136.ini --dns-rfc2136-propagation-seconds 10" } end + context 'with dns-route53 plugin' do + let(:title) { 'foo.example.com' } + let(:params) { { plugin: 'dns-route53', letsencrypt_command: 'letsencrypt' } } + let(:pre_condition) do + <<-PUPPET + class { 'letsencrypt': + email => 'foo@example.com', + config_dir => '/etc/letsencrypt', + } + class { 'letsencrypt::plugin::dns_route53': + package_name => 'irrelevant', + } + PUPPET + end + + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_class('letsencrypt::plugin::dns_route53') } + it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a dns-route53 --cert-name 'foo.example.com' -d 'foo.example.com' --dns-route53-propagation-seconds 10" } + end + context 'with custom plugin' do let(:title) { 'foo.example.com' } let(:params) { { plugin: 'apache' } } From 3d3d62b19e1059e751a3a39a7a00be7f356bb7db Mon Sep 17 00:00:00 2001 From: milesstoetzner Date: Thu, 25 Jun 2020 14:27:24 +0200 Subject: [PATCH 45/68] fix typo in renew example See https://github.com/voxpupuli/puppet-letsencrypt/issues/227 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index cb077ccf..8b4f9f92 100644 --- a/README.md +++ b/README.md @@ -201,7 +201,7 @@ class { 'letsencrypt': email => 'foo@example.com', server => 'https://acme-v01.api.letsencrypt.org/directory', }, - renew_cron_ensure: 'present', + renew_cron_ensure => 'present', } ``` From c18cac1e2f6872a3f3320505c21059e88f63d223 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Sat, 25 Jul 2020 14:15:45 +0200 Subject: [PATCH 46/68] modulesync 3.0.0 --- .github/SECURITY.md | 3 +++ .msync.yml | 2 +- .rubocop.yml | 3 +++ .travis.yml | 5 +++-- Gemfile | 6 +++--- 5 files changed, 13 insertions(+), 6 deletions(-) create mode 100644 .github/SECURITY.md diff --git a/.github/SECURITY.md b/.github/SECURITY.md new file mode 100644 index 00000000..cacadf22 --- /dev/null +++ b/.github/SECURITY.md @@ -0,0 +1,3 @@ +# Vox Pupuli Security Policy + +Our vulnerabilities reporting process is at https://voxpupuli.org/security/ diff --git a/.msync.yml b/.msync.yml index 8864fc09..4c7999c4 100644 --- a/.msync.yml +++ b/.msync.yml @@ -1 +1 @@ -modulesync_config_version: '2.12.0' +modulesync_config_version: '3.0.0' diff --git a/.rubocop.yml b/.rubocop.yml index c2ebc88d..316e4ec1 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -528,6 +528,9 @@ RSpec/RepeatedDescription: RSpec/NestedGroups: Enabled: False +RSpec/MultipleExpectations: + Enabled: false + # this is broken on ruby1.9 Layout/IndentHeredoc: Enabled: False diff --git a/.travis.yml b/.travis.yml index 694b2d9f..a8b0d9ff 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,4 +1,5 @@ --- +os: linux dist: bionic language: ruby cache: bundler @@ -7,7 +8,7 @@ before_install: - bundle --version script: - 'bundle exec rake $CHECK' -matrix: +jobs: fast_finish: true include: - rvm: 2.4.4 @@ -92,7 +93,7 @@ notifications: - "chat.freenode.org#voxpupuli-notifications" deploy: provider: puppetforge - user: puppet + username: puppet password: secure: "n/CVUS2upgv5DifCm/YsjBxR/11bdTRDYi1x9QK6ILa32+6ngVV2RQaIMXXJfJKYIPT8/O21tpc9C7fOBRGhRpNbl0usfvqsZS0C9UkpEx6AqT7lcRzj6pLrNn3IuChhZ0tQjNiKp9LxVTzltxr5uTFwKKCE4o534v/DLAzkzq5EAZuBWpRS1rcVHQA3o0767Gu3601yyYkZj9ySDH5RpbSdTCcNkTzwtFhr2NEvVb+2FI0RhchDSqPBfNWHV4Hn3dKuL42MNC2zjd2FYFpC8F27OXk/erUZIOZFfpZuIWypjSimfVC95a2Nb8kfQotTvQxUI1fwiB01ibUQGGkJj+mh7Utg/byBrbijpJnWRR7TT6oQ1NbIUHVXcqE1tfpbCBZ4Ws2Hqji0QoGc0fMrkt1NVlZlgbVrb9t+ctb1QcLaEPI+1Zf2a3AZhXOKA1EGx2W5DTQSWSPv57BUtFPICZENQi/ats30h+0FwtN7rjfx8Q6BIGO2D5JODI6eJC0nLNaL5UaPA0pjGRsNlZWoUzieuKG08G/rQtj/8jLq/3eLICv1cbfvj7lDPc0thPwXdrPIC9nLSisb/wdLufpqXsFku9TeBqrRHfQWImybcv7JRAeZZeHEo+tvFvZg5MSAEiPmz8zIOJOKhuMKEXlOmALmSjEhW6Ca5r7xuQ5Qwm0=" on: diff --git a/Gemfile b/Gemfile index 32c31146..8592cd61 100644 --- a/Gemfile +++ b/Gemfile @@ -11,9 +11,9 @@ def location_for(place, fake_version = nil) end group :test do - gem 'voxpupuli-test', '>= 1.0.0', :require => false - gem 'coveralls', :require => false - gem 'simplecov-console', :require => false + gem 'voxpupuli-test', '~> 2.0', :require => false + gem 'coveralls', :require => false + gem 'simplecov-console', :require => false end group :development do From eba81470db8608019b5ececbee2d496f8de5d0d3 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Sat, 25 Jul 2020 18:51:47 +0200 Subject: [PATCH 47/68] puppet-lint: autofix --- manifests/certonly.pp | 26 ++++++++++++-------------- manifests/config.pp | 3 +-- manifests/hook.pp | 6 ++---- manifests/init.pp | 5 ++--- manifests/install.pp | 1 - manifests/plugin/dns_rfc2136.pp | 3 +-- manifests/renew.pp | 11 ++++------- 7 files changed, 22 insertions(+), 33 deletions(-) diff --git a/manifests/certonly.pp b/manifests/certonly.pp index 068ff564..b639fc95 100644 --- a/manifests/certonly.pp +++ b/manifests/certonly.pp @@ -68,7 +68,6 @@ Variant[String[1], Array[String[1]]] $post_hook_commands = [], Variant[String[1], Array[String[1]]] $deploy_hook_commands = [], ) { - if $plugin == 'webroot' and empty($webroot_paths) { fail("The 'webroot_paths' parameter must be specified when using the 'webroot' plugin") } @@ -87,7 +86,6 @@ } case $plugin { - 'webroot': { $_plugin_args = zip($domains, $webroot_paths).map |$domain| { if $domain[1] { @@ -111,12 +109,12 @@ } 'dns-route53': { - require letsencrypt::plugin::dns_route53 - $_domains = join($domains, '\' -d \'') - $plugin_args = [ - "--cert-name '${cert_name}' -d '${_domains}'", - "--dns-route53-propagation-seconds ${letsencrypt::plugin::dns_route53::propagation_seconds}", - ] + require letsencrypt::plugin::dns_route53 + $_domains = join($domains, '\' -d \'') + $plugin_args = [ + "--cert-name '${cert_name}' -d '${_domains}'", + "--dns-route53-propagation-seconds ${letsencrypt::plugin::dns_route53::propagation_seconds}", + ] } default: { @@ -151,15 +149,15 @@ $live_path = "${config_dir}/live/${live_path_certname}/cert.pem" $_command = flatten([ - $letsencrypt_command, - $default_args, - $plugin_args, - $hook_args, - $additional_args, + $letsencrypt_command, + $default_args, + $plugin_args, + $hook_args, + $additional_args, ]).filter | $arg | { $arg =~ NotUndef and $arg != [] } $command = join($_command, ' ') - $execution_environment = [ "VENV_PATH=${letsencrypt::venv_path}", ] + $environment + $execution_environment = ["VENV_PATH=${letsencrypt::venv_path}",] + $environment $verify_domains = join(unique($domains), '\' \'') if $ensure == 'present' { diff --git a/manifests/config.pp b/manifests/config.pp index 9b8b17bd..1ad1a0b2 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -10,7 +10,6 @@ $unsafe_registration = $letsencrypt::unsafe_registration, $agree_tos = $letsencrypt::agree_tos, ) { - assert_private() unless $agree_tos { @@ -25,7 +24,7 @@ } if $email { - $_config = merge($config, {'email' => $email}) + $_config = merge($config, { 'email' => $email }) } else { $_config = $config } diff --git a/manifests/hook.pp b/manifests/hook.pp index d7117dff..aa2ee2b2 100644 --- a/manifests/hook.pp +++ b/manifests/hook.pp @@ -12,7 +12,6 @@ # hook.sh.epp will validate this Variant[String[1],Array[String[1]]] $commands, ) { - $validate_env = $type ? { 'deploy' => true, default => false, @@ -24,11 +23,10 @@ group => 'root', mode => '0755', content => epp('letsencrypt/hook.sh.epp', { - commands => $commands, - validate_env => $validate_env, + commands => $commands, + validate_env => $validate_env, }), # Defined in letsencrypt::config require => File['letsencrypt-renewal-hooks-puppet'], } - } diff --git a/manifests/init.pp b/manifests/init.pp index 5bb1b906..d72707b2 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -69,7 +69,7 @@ String $package_command = 'certbot', Stdlib::Unixpath $config_dir = '/etc/letsencrypt', String $config_file = "${config_dir}/cli.ini", - Hash $config = {'server' => 'https://acme-v02.api.letsencrypt.org/directory'}, + Hash $config = { 'server' => 'https://acme-v02.api.letsencrypt.org/directory' }, String $cron_scripts_path = "${facts['puppet_vardir']}/letsencrypt", String $cron_owner_group = 'root', Boolean $manage_config = true, @@ -89,7 +89,6 @@ $renew_cron_minute = fqdn_rand(60, fqdn_rand_string(10)), $renew_cron_monthday = '*', ) { - if $manage_install { contain letsencrypt::install # lint:ignore:relative_classname_inclusion Class['letsencrypt::install'] ~> Exec['initialize letsencrypt'] @@ -117,7 +116,7 @@ exec { 'initialize letsencrypt': command => "${command_init} -h", path => $facts['path'], - environment => concat([ "VENV_PATH=${venv_path}" ], $environment), + environment => concat(["VENV_PATH=${venv_path}"], $environment), refreshonly => true, } diff --git a/manifests/install.pp b/manifests/install.pp index ed7304d4..0ba33134 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -21,7 +21,6 @@ String $repo = $letsencrypt::repo, String $version = $letsencrypt::version, ) { - if $install_method == 'vcs' { if $manage_dependencies { $dependencies = ['python', 'git'] diff --git a/manifests/plugin/dns_rfc2136.pp b/manifests/plugin/dns_rfc2136.pp index ed524327..ebe5fd3e 100644 --- a/manifests/plugin/dns_rfc2136.pp +++ b/manifests/plugin/dns_rfc2136.pp @@ -46,8 +46,7 @@ group => 'root', mode => '0400', content => epp('letsencrypt/ini.epp', { - vars => { '' => $ini_vars }, + vars => { '' => $ini_vars }, }), } - } diff --git a/manifests/renew.pp b/manifests/renew.pp index 33b546b5..350b9fff 100644 --- a/manifests/renew.pp +++ b/manifests/renew.pp @@ -1,4 +1,3 @@ - # @summary Configures renewal of Let's Encrypt certificates using Certbot # # Configures renewal of Let's Encrypt certificates using the certbot renew command. @@ -38,7 +37,6 @@ Letsencrypt::Cron::Minute $cron_minute = $letsencrypt::renew_cron_minute, Letsencrypt::Cron::Monthday $cron_monthday = $letsencrypt::renew_cron_monthday, ) { - # Directory used for Puppet-managed renewal hooks. Make sure old unmanaged # hooks in this directory are purged. Leave custom hooks in the default # renewal-hooks directory alone. @@ -71,10 +69,10 @@ } $_command = flatten([ - $letsencrypt::command, - $default_args, - $hook_args, - $additional_args, + $letsencrypt::command, + $default_args, + $hook_args, + $additional_args, ]).filter | $arg | { $arg =~ NotUndef and $arg != [] } $command = join($_command, ' ') @@ -86,5 +84,4 @@ minute => $cron_minute, monthday => $cron_monthday, } - } From fe142958604d151cdbf992f58f680eb39d0ed06e Mon Sep 17 00:00:00 2001 From: Mike Salway <38225053+msalway@users.noreply.github.com> Date: Fri, 11 Sep 2020 18:34:22 +0000 Subject: [PATCH 48/68] release 6.0.0 --- CHANGELOG.md | 33 ++++++++++++++++++++++++++++++++- metadata.json | 2 +- 2 files changed, 33 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a73c97bd..0190af32 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,36 @@ All notable changes to this project will be documented in this file. Each new release typically also includes the latest modulesync defaults. These should not affect the functionality of the module. +## [v6.0.0](https://github.com/voxpupuli/puppet-letsencrypt/tree/v6.0.0) (2020-09-11) + +[Full Changelog](https://github.com/voxpupuli/puppet-letsencrypt/compare/v5.0.0...v6.0.0) + +**Breaking changes:** + +- modulesync 2.10.0 / Drop FreeBSD 10 / Add FreeBSD 12 [\#213](https://github.com/voxpupuli/puppet-letsencrypt/pull/213) ([dhoppe](https://github.com/dhoppe)) + +**Implemented enhancements:** + +- add manifest to install dns-route53 plugin, along with tests [\#225](https://github.com/voxpupuli/puppet-letsencrypt/pull/225) ([aripringle](https://github.com/aripringle)) +- Add `cert_name` parameter to `letsencrypt::certonly` [\#219](https://github.com/voxpupuli/puppet-letsencrypt/pull/219) ([saimonn](https://github.com/saimonn)) + +**Closed issues:** + +- typo in example [\#227](https://github.com/voxpupuli/puppet-letsencrypt/issues/227) +- update metadata.json [\#218](https://github.com/voxpupuli/puppet-letsencrypt/issues/218) + +**Merged pull requests:** + +- modulesync 3.0.0 & puppet-lint updates [\#229](https://github.com/voxpupuli/puppet-letsencrypt/pull/229) ([bastelfreak](https://github.com/bastelfreak)) +- fix typo in renew example [\#228](https://github.com/voxpupuli/puppet-letsencrypt/pull/228) ([milesstoetzner](https://github.com/milesstoetzner)) +- Use voxpupuli-acceptance [\#224](https://github.com/voxpupuli/puppet-letsencrypt/pull/224) ([ekohl](https://github.com/ekohl)) +- Ensure EPEL is configured before installing plugin [\#222](https://github.com/voxpupuli/puppet-letsencrypt/pull/222) ([alexjfisher](https://github.com/alexjfisher)) +- \#218 Switch to puppet-epel [\#221](https://github.com/voxpupuli/puppet-letsencrypt/pull/221) ([kallies](https://github.com/kallies)) +- Add Fedora 31, drop Fedora 29 [\#216](https://github.com/voxpupuli/puppet-letsencrypt/pull/216) ([ekohl](https://github.com/ekohl)) +- delete legacy travis directory [\#214](https://github.com/voxpupuli/puppet-letsencrypt/pull/214) ([bastelfreak](https://github.com/bastelfreak)) +- add --keep-until-expiring closer to letsencrypt command in cron [\#211](https://github.com/voxpupuli/puppet-letsencrypt/pull/211) ([pulecp](https://github.com/pulecp)) +- allow puppetlabs/inifile 4.x [\#210](https://github.com/voxpupuli/puppet-letsencrypt/pull/210) ([bastelfreak](https://github.com/bastelfreak)) + ## [v5.0.0](https://github.com/voxpupuli/puppet-letsencrypt/tree/v5.0.0) (2019-10-09) [Full Changelog](https://github.com/voxpupuli/puppet-letsencrypt/compare/v4.0.0...v5.0.0) @@ -29,10 +59,11 @@ These should not affect the functionality of the module. - python2-certbot-dns-rfc2136 doesn't exist in debian buster [\#191](https://github.com/voxpupuli/puppet-letsencrypt/issues/191) - letsencrypt failed to generate certificate [\#184](https://github.com/voxpupuli/puppet-letsencrypt/issues/184) -- `$letsencrypt::venv\_path` is undocumented [\#21](https://github.com/voxpupuli/puppet-letsencrypt/issues/21) +- `$letsencrypt::venv_path` is undocumented [\#21](https://github.com/voxpupuli/puppet-letsencrypt/issues/21) **Merged pull requests:** +- release 5.0.0 [\#208](https://github.com/voxpupuli/puppet-letsencrypt/pull/208) ([Dan33l](https://github.com/Dan33l)) - use puppet strings [\#204](https://github.com/voxpupuli/puppet-letsencrypt/pull/204) ([Dan33l](https://github.com/Dan33l)) - Raise upper bound version of stdlib & vcsrepo [\#202](https://github.com/voxpupuli/puppet-letsencrypt/pull/202) ([mfaure](https://github.com/mfaure)) - Fix type in readme: deploy\_hooks\_commands -\> deploy\_hook\_commands [\#188](https://github.com/voxpupuli/puppet-letsencrypt/pull/188) ([2ZZ](https://github.com/2ZZ)) diff --git a/metadata.json b/metadata.json index a8de6c82..33e5f598 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppet-letsencrypt", - "version": "5.0.1-rc0", + "version": "6.0.0", "author": "Vox Pupuli", "summary": "Manages lets-encrypt and certbot + related certs", "license": "Apache-2.0", From 6cde54f219c231e622cfce94a10398d0ab59fdc8 Mon Sep 17 00:00:00 2001 From: Alexander Fisher Date: Sat, 12 Sep 2020 00:47:18 +0100 Subject: [PATCH 49/68] [blacksmith] Bump version to 6.0.1-rc0 --- metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.json b/metadata.json index 33e5f598..2a00b231 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppet-letsencrypt", - "version": "6.0.0", + "version": "6.0.1-rc0", "author": "Vox Pupuli", "summary": "Manages lets-encrypt and certbot + related certs", "license": "Apache-2.0", From 13fe0b7b2056e061c3f04f17cffa255ae321b3b8 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Sat, 24 Oct 2020 19:30:35 +0200 Subject: [PATCH 50/68] modulesync 3.1.0 --- .github/CONTRIBUTING.md | 4 +- .msync.yml | 3 +- .overcommit.yml | 2 +- .rubocop.yml | 552 +----------------- .travis.yml | 143 ++--- Gemfile | 2 +- spec/acceptance/nodesets/archlinux-2-x64.yml | 13 - .../nodesets/ec2/amazonlinux-2016091.yml | 31 - .../nodesets/ec2/image_templates.yaml | 34 -- spec/acceptance/nodesets/ec2/rhel-73-x64.yml | 29 - .../nodesets/ec2/sles-12sp2-x64.yml | 29 - .../nodesets/ec2/ubuntu-1604-x64.yml | 29 - .../nodesets/ec2/windows-2016-base-x64.yml | 29 - spec/spec_helper.rb | 2 +- 14 files changed, 83 insertions(+), 819 deletions(-) delete mode 100644 spec/acceptance/nodesets/archlinux-2-x64.yml delete mode 100644 spec/acceptance/nodesets/ec2/amazonlinux-2016091.yml delete mode 100644 spec/acceptance/nodesets/ec2/image_templates.yaml delete mode 100644 spec/acceptance/nodesets/ec2/rhel-73-x64.yml delete mode 100644 spec/acceptance/nodesets/ec2/sles-12sp2-x64.yml delete mode 100644 spec/acceptance/nodesets/ec2/ubuntu-1604-x64.yml delete mode 100644 spec/acceptance/nodesets/ec2/windows-2016-base-x64.yml diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index 2240a970..cace33e6 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -33,6 +33,8 @@ By participating in this project you agree to abide by its terms. Please be prepared to repeat some of these steps as our contributors review your code. +Also consider sending in your profile code that calls this component module as an acceptance test or provide it via an issue. This helps reviewers a lot to test your use case and prevents future regressions! + ## Writing proper commits - short version * Make commits of logical units. @@ -264,7 +266,7 @@ The following strings are known to work: * ubuntu1604 * ubuntu1804 -* debian8 +* ubuntu2004 * debian9 * debian10 * centos6 diff --git a/.msync.yml b/.msync.yml index 4c7999c4..5758aced 100644 --- a/.msync.yml +++ b/.msync.yml @@ -1 +1,2 @@ -modulesync_config_version: '3.0.0' +--- +modulesync_config_version: '3.1.0' diff --git a/.overcommit.yml b/.overcommit.yml index 1b03fad7..0af0fdc0 100644 --- a/.overcommit.yml +++ b/.overcommit.yml @@ -61,4 +61,4 @@ PrePush: - 'validate' - 'test' - 'rubocop' - command: [ 'bundle', 'exec', 'rake' ] + command: ['bundle', 'exec', 'rake'] diff --git a/.rubocop.yml b/.rubocop.yml index 316e4ec1..198a3599 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -1,549 +1,3 @@ -require: rubocop-rspec -AllCops: -# Puppet Server 5 defaults to jruby 1.7 so TargetRubyVersion must stay at 1.9 until we drop support for puppet 5 - TargetRubyVersion: 1.9 - Include: - - ./**/*.rb - Exclude: - - files/**/* - - vendor/**/* - - .vendor/**/* - - pkg/**/* - - spec/fixtures/**/* - - Gemfile - - Rakefile - - Guardfile - - Vagrantfile -Lint/ConditionPosition: - Enabled: True - -Lint/ElseLayout: - Enabled: True - -Lint/UnreachableCode: - Enabled: True - -Lint/UselessComparison: - Enabled: True - -Lint/EnsureReturn: - Enabled: True - -Lint/HandleExceptions: - Enabled: True - -Lint/LiteralInCondition: - Enabled: True - -Lint/ShadowingOuterLocalVariable: - Enabled: True - -Lint/LiteralInInterpolation: - Enabled: True - -Style/HashSyntax: - Enabled: True - -Style/RedundantReturn: - Enabled: True - -Layout/EndOfLine: - Enabled: False - -Lint/AmbiguousOperator: - Enabled: True - -Lint/AssignmentInCondition: - Enabled: True - -Layout/SpaceBeforeComment: - Enabled: True - -Style/AndOr: - Enabled: True - -Style/RedundantSelf: - Enabled: True - -Metrics/BlockLength: - Enabled: False - -# Method length is not necessarily an indicator of code quality -Metrics/MethodLength: - Enabled: False - -# Module length is not necessarily an indicator of code quality -Metrics/ModuleLength: - Enabled: False - -Style/WhileUntilModifier: - Enabled: True - -Lint/AmbiguousRegexpLiteral: - Enabled: True - -Security/Eval: - Enabled: True - -Lint/BlockAlignment: - Enabled: True - -Lint/DefEndAlignment: - Enabled: True - -Lint/EndAlignment: - Enabled: True - -Lint/DeprecatedClassMethods: - Enabled: True - -Lint/Loop: - Enabled: True - -Lint/ParenthesesAsGroupedExpression: - Enabled: True - -Lint/RescueException: - Enabled: True - -Lint/StringConversionInInterpolation: - Enabled: True - -Lint/UnusedBlockArgument: - Enabled: True - -Lint/UnusedMethodArgument: - Enabled: True - -Lint/UselessAccessModifier: - Enabled: True - -Lint/UselessAssignment: - Enabled: True - -Lint/Void: - Enabled: True - -Layout/AccessModifierIndentation: - Enabled: True - -Style/AccessorMethodName: - Enabled: True - -Style/Alias: - Enabled: True - -Layout/AlignArray: - Enabled: True - -Layout/AlignHash: - Enabled: True - -Layout/AlignParameters: - Enabled: True - -Metrics/BlockNesting: - Enabled: True - -Style/AsciiComments: - Enabled: True - -Style/Attr: - Enabled: True - -Style/BracesAroundHashParameters: - Enabled: True - -Style/CaseEquality: - Enabled: True - -Layout/CaseIndentation: - Enabled: True - -Style/CharacterLiteral: - Enabled: True - -Style/ClassAndModuleCamelCase: - Enabled: True - -Style/ClassAndModuleChildren: - Enabled: False - -Style/ClassCheck: - Enabled: True - -# Class length is not necessarily an indicator of code quality -Metrics/ClassLength: - Enabled: False - -Style/ClassMethods: - Enabled: True - -Style/ClassVars: - Enabled: True - -Style/WhenThen: - Enabled: True - -Style/WordArray: - Enabled: True - -Style/UnneededPercentQ: - Enabled: True - -Layout/Tab: - Enabled: True - -Layout/SpaceBeforeSemicolon: - Enabled: True - -Layout/TrailingBlankLines: - Enabled: True - -Layout/SpaceInsideBlockBraces: - Enabled: True - -Layout/SpaceInsideBrackets: - Enabled: True - -Layout/SpaceInsideHashLiteralBraces: - Enabled: True - -Layout/SpaceInsideParens: - Enabled: True - -Layout/LeadingCommentSpace: - Enabled: True - -Layout/SpaceBeforeFirstArg: - Enabled: True - -Layout/SpaceAfterColon: - Enabled: True - -Layout/SpaceAfterComma: - Enabled: True - -Layout/SpaceAfterMethodName: - Enabled: True - -Layout/SpaceAfterNot: - Enabled: True - -Layout/SpaceAfterSemicolon: - Enabled: True - -Layout/SpaceAroundEqualsInParameterDefault: - Enabled: True - -Layout/SpaceAroundOperators: - Enabled: True - -Layout/SpaceBeforeBlockBraces: - Enabled: True - -Layout/SpaceBeforeComma: - Enabled: True - -Style/CollectionMethods: - Enabled: True - -Layout/CommentIndentation: - Enabled: True - -Style/ColonMethodCall: - Enabled: True - -Style/CommentAnnotation: - Enabled: True - -# 'Complexity' is very relative -Metrics/CyclomaticComplexity: - Enabled: False - -Style/ConstantName: - Enabled: True - -Style/Documentation: - Enabled: False - -Style/DefWithParentheses: - Enabled: True - -Style/PreferredHashMethods: - Enabled: True - -Layout/DotPosition: - EnforcedStyle: trailing - -Style/DoubleNegation: - Enabled: True - -Style/EachWithObject: - Enabled: True - -Layout/EmptyLineBetweenDefs: - Enabled: True - -Layout/IndentArray: - Enabled: True - -Layout/IndentHash: - Enabled: True - -Layout/IndentationConsistency: - Enabled: True - -Layout/IndentationWidth: - Enabled: True - -Layout/EmptyLines: - Enabled: True - -Layout/EmptyLinesAroundAccessModifier: - Enabled: True - -Style/EmptyLiteral: - Enabled: True - -# Configuration parameters: AllowURI, URISchemes. -Metrics/LineLength: - Enabled: False - -Style/MethodCallWithoutArgsParentheses: - Enabled: True - -Style/MethodDefParentheses: - Enabled: True - -Style/LineEndConcatenation: - Enabled: True - -Layout/TrailingWhitespace: - Enabled: True - -Style/StringLiterals: - Enabled: True - -Style/TrailingCommaInArguments: - Enabled: True - -Style/TrailingCommaInLiteral: - Enabled: True - -Style/GlobalVars: - Enabled: True - -Style/GuardClause: - Enabled: True - -Style/IfUnlessModifier: - Enabled: True - -Style/MultilineIfThen: - Enabled: True - -Style/NegatedIf: - Enabled: True - -Style/NegatedWhile: - Enabled: True - -Style/Next: - Enabled: True - -Style/SingleLineBlockParams: - Enabled: True - -Style/SingleLineMethods: - Enabled: True - -Style/SpecialGlobalVars: - Enabled: True - -Style/TrivialAccessors: - Enabled: True - -Style/UnlessElse: - Enabled: True - -Style/VariableInterpolation: - Enabled: True - -Style/VariableName: - Enabled: True - -Style/WhileUntilDo: - Enabled: True - -Style/EvenOdd: - Enabled: True - -Style/FileName: - Enabled: True - -Style/For: - Enabled: True - -Style/Lambda: - Enabled: True - -Style/MethodName: - Enabled: True - -Style/MultilineTernaryOperator: - Enabled: True - -Style/NestedTernaryOperator: - Enabled: True - -Style/NilComparison: - Enabled: True - -Style/FormatString: - Enabled: True - -Style/MultilineBlockChain: - Enabled: True - -Style/Semicolon: - Enabled: True - -Style/SignalException: - Enabled: True - -Style/NonNilCheck: - Enabled: True - -Style/Not: - Enabled: True - -Style/NumericLiterals: - Enabled: True - -Style/OneLineConditional: - Enabled: True - -Style/OpMethod: - Enabled: True - -Style/ParenthesesAroundCondition: - Enabled: True - -Style/PercentLiteralDelimiters: - Enabled: True - -Style/PerlBackrefs: - Enabled: True - -Style/PredicateName: - Enabled: True - -Style/RedundantException: - Enabled: True - -Style/SelfAssignment: - Enabled: True - -Style/Proc: - Enabled: True - -Style/RaiseArgs: - Enabled: True - -Style/RedundantBegin: - Enabled: True - -Style/RescueModifier: - Enabled: True - -# based on https://github.com/voxpupuli/modulesync_config/issues/168 -Style/RegexpLiteral: - EnforcedStyle: percent_r - Enabled: True - -Lint/UnderscorePrefixedVariableName: - Enabled: True - -Metrics/ParameterLists: - Enabled: False - -Lint/RequireParentheses: - Enabled: True - -Style/ModuleFunction: - Enabled: True - -Lint/Debugger: - Enabled: True - -Style/IfWithSemicolon: - Enabled: True - -Style/Encoding: - Enabled: True - -Style/BlockDelimiters: - Enabled: True - -Layout/MultilineBlockLayout: - Enabled: True - -# 'Complexity' is very relative -Metrics/AbcSize: - Enabled: False - -# 'Complexity' is very relative -Metrics/PerceivedComplexity: - Enabled: False - -Lint/UselessAssignment: - Enabled: True - -Layout/ClosingParenthesisIndentation: - Enabled: True - -# RSpec - -RSpec/BeforeAfterAll: - Exclude: - - spec/acceptance/**/* - -# We don't use rspec in this way -RSpec/DescribeClass: - Enabled: False - -# Example length is not necessarily an indicator of code quality -RSpec/ExampleLength: - Enabled: False - -RSpec/NamedSubject: - Enabled: False - -# disabled for now since they cause a lot of issues -# these issues aren't easy to fix -RSpec/RepeatedDescription: - Enabled: False - -RSpec/NestedGroups: - Enabled: False - -RSpec/MultipleExpectations: - Enabled: false - -# this is broken on ruby1.9 -Layout/IndentHeredoc: - Enabled: False - -# disable Yaml safe_load. This is needed to support ruby2.0.0 development envs -Security/YAMLLoad: - Enabled: false - -# This affects hiera interpolation, as well as some configs that we push. -Style/FormatStringToken: - Enabled: false - -# This is useful, but sometimes a little too picky about where unit tests files -# are located. -RSpec/FilePath: - Enabled: false +--- +inherit_gem: + voxpupuli-test: rubocop.yml diff --git a/.travis.yml b/.travis.yml index a8b0d9ff..ca73a2d7 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,6 +1,7 @@ --- +# yamllint disable rule:line-length rule:truthy os: linux -dist: bionic +dist: focal language: ruby cache: bundler before_install: @@ -11,78 +12,78 @@ script: jobs: fast_finish: true include: - - rvm: 2.4.4 - bundler_args: --without system_tests development release - env: PUPPET_VERSION="~> 5.0" CHECK=test - - rvm: 2.5.3 - bundler_args: --without system_tests development release - env: PUPPET_VERSION="~> 6.0" CHECK=test_with_coveralls - - rvm: 2.5.3 - bundler_args: --without system_tests development release - env: PUPPET_VERSION="~> 6.0" CHECK=rubocop - - rvm: 2.4.4 - bundler_args: --without system_tests development release - env: PUPPET_VERSION="~> 5.0" CHECK=build DEPLOY_TO_FORGE=yes - - rvm: 2.5.3 - bundler_args: --without development release - env: BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_setfile=centos7-64 CHECK=beaker - services: docker - - rvm: 2.5.3 - bundler_args: --without development release - env: BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_setfile=centos7-64 CHECK=beaker - services: docker - - rvm: 2.5.3 - bundler_args: --without development release - env: BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_setfile=debian9-64 CHECK=beaker - services: docker - - rvm: 2.5.3 - bundler_args: --without development release - env: BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_setfile=debian9-64 CHECK=beaker - services: docker - - rvm: 2.5.3 - bundler_args: --without development release - env: BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_setfile=debian10-64 CHECK=beaker - services: docker - - rvm: 2.5.3 - bundler_args: --without development release - env: BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_setfile=debian10-64 CHECK=beaker - services: docker - - rvm: 2.5.3 - bundler_args: --without development release - env: BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_setfile=fedora30-64 CHECK=beaker - services: docker - - rvm: 2.5.3 - bundler_args: --without development release - env: BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_setfile=fedora30-64 CHECK=beaker - services: docker - - rvm: 2.5.3 - bundler_args: --without development release - env: BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_setfile=fedora31-64 CHECK=beaker - services: docker - - rvm: 2.5.3 - bundler_args: --without development release - env: BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_setfile=fedora31-64 CHECK=beaker - services: docker - - rvm: 2.5.3 - bundler_args: --without development release - env: BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_setfile=ubuntu1604-64 CHECK=beaker - services: docker - - rvm: 2.5.3 - bundler_args: --without development release - env: BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_setfile=ubuntu1604-64 CHECK=beaker - services: docker - - rvm: 2.5.3 - bundler_args: --without development release - env: BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_setfile=ubuntu1804-64 CHECK=beaker - services: docker - - rvm: 2.5.3 - bundler_args: --without development release - env: BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_setfile=ubuntu1804-64 CHECK=beaker - services: docker + - rvm: 2.4.4 + bundler_args: --without system_tests development release + env: PUPPET_VERSION="~> 5.0" CHECK=test + - rvm: 2.5.3 + bundler_args: --without system_tests development release + env: PUPPET_VERSION="~> 6.0" CHECK=test_with_coveralls + - rvm: 2.5.3 + bundler_args: --without system_tests development release + env: PUPPET_VERSION="~> 6.0" CHECK=rubocop + - rvm: 2.4.4 + bundler_args: --without system_tests development release + env: PUPPET_VERSION="~> 5.0" CHECK=build DEPLOY_TO_FORGE=yes + - rvm: 2.5.3 + bundler_args: --without development release + env: BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_setfile=centos7-64 CHECK=beaker + services: docker + - rvm: 2.5.3 + bundler_args: --without development release + env: BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_setfile=centos7-64 CHECK=beaker + services: docker + - rvm: 2.5.3 + bundler_args: --without development release + env: BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_setfile=debian9-64 CHECK=beaker + services: docker + - rvm: 2.5.3 + bundler_args: --without development release + env: BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_setfile=debian9-64 CHECK=beaker + services: docker + - rvm: 2.5.3 + bundler_args: --without development release + env: BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_setfile=debian10-64 CHECK=beaker + services: docker + - rvm: 2.5.3 + bundler_args: --without development release + env: BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_setfile=debian10-64 CHECK=beaker + services: docker + - rvm: 2.5.3 + bundler_args: --without development release + env: BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_setfile=fedora30-64 CHECK=beaker + services: docker + - rvm: 2.5.3 + bundler_args: --without development release + env: BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_setfile=fedora30-64 CHECK=beaker + services: docker + - rvm: 2.5.3 + bundler_args: --without development release + env: BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_setfile=fedora31-64 CHECK=beaker + services: docker + - rvm: 2.5.3 + bundler_args: --without development release + env: BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_setfile=fedora31-64 CHECK=beaker + services: docker + - rvm: 2.5.3 + bundler_args: --without development release + env: BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_setfile=ubuntu1604-64 CHECK=beaker + services: docker + - rvm: 2.5.3 + bundler_args: --without development release + env: BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_setfile=ubuntu1604-64 CHECK=beaker + services: docker + - rvm: 2.5.3 + bundler_args: --without development release + env: BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_setfile=ubuntu1804-64 CHECK=beaker + services: docker + - rvm: 2.5.3 + bundler_args: --without development release + env: BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_setfile=ubuntu1804-64 CHECK=beaker + services: docker branches: only: - - master - - /^v\d/ + - master + - /^v\d/ notifications: email: false webhooks: https://voxpupu.li/incoming/travis diff --git a/Gemfile b/Gemfile index 8592cd61..2fce93ce 100644 --- a/Gemfile +++ b/Gemfile @@ -11,7 +11,7 @@ def location_for(place, fake_version = nil) end group :test do - gem 'voxpupuli-test', '~> 2.0', :require => false + gem 'voxpupuli-test', '~> 2.1', :require => false gem 'coveralls', :require => false gem 'simplecov-console', :require => false end diff --git a/spec/acceptance/nodesets/archlinux-2-x64.yml b/spec/acceptance/nodesets/archlinux-2-x64.yml deleted file mode 100644 index 89b63003..00000000 --- a/spec/acceptance/nodesets/archlinux-2-x64.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# This file is managed via modulesync -# https://github.com/voxpupuli/modulesync -# https://github.com/voxpupuli/modulesync_config -HOSTS: - archlinux-2-x64: - roles: - - master - platform: archlinux-2-x64 - box: archlinux/archlinux - hypervisor: vagrant -CONFIG: - type: foss diff --git a/spec/acceptance/nodesets/ec2/amazonlinux-2016091.yml b/spec/acceptance/nodesets/ec2/amazonlinux-2016091.yml deleted file mode 100644 index 19dd43ed..00000000 --- a/spec/acceptance/nodesets/ec2/amazonlinux-2016091.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# This file is managed via modulesync -# https://github.com/voxpupuli/modulesync -# https://github.com/voxpupuli/modulesync_config -# -# Additional ~/.fog config file with AWS EC2 credentials -# required. -# -# see: https://github.com/puppetlabs/beaker/blob/master/docs/how_to/hypervisors/ec2.md -# -# Amazon Linux is not a RHEL clone. -# -HOSTS: - amazonlinux-2016091-x64: - roles: - - master - platform: centos-6-x86_64 - hypervisor: ec2 - # refers to image_tempaltes.yaml AMI[vmname] entry: - vmname: amazonlinux-2016091-eu-central-1 - # refers to image_tempaltes.yaml entry inside AMI[vmname][:image]: - snapshot: aio - # t2.micro is free tier eligible (https://aws.amazon.com/en/free/): - amisize: t2.micro - # required so that beaker sanitizes sshd_config and root authorized_keys: - user: ec2-user -CONFIG: - type: aio - :ec2_yaml: spec/acceptance/nodesets/ec2/image_templates.yaml -... -# vim: syntax=yaml diff --git a/spec/acceptance/nodesets/ec2/image_templates.yaml b/spec/acceptance/nodesets/ec2/image_templates.yaml deleted file mode 100644 index e50593ee..00000000 --- a/spec/acceptance/nodesets/ec2/image_templates.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# This file is managed via modulesync -# https://github.com/voxpupuli/modulesync -# https://github.com/voxpupuli/modulesync_config -# -# see also: https://github.com/puppetlabs/beaker/blob/master/docs/how_to/hypervisors/ec2.md -# -# Hint: image IDs (ami-*) for the same image are different per location. -# -AMI: - # Amazon Linux AMI 2016.09.1 (HVM), SSD Volume Type - amazonlinux-2016091-eu-central-1: - :image: - :aio: ami-af0fc0c0 - :region: eu-central-1 - # Red Hat Enterprise Linux 7.3 (HVM), SSD Volume Type - rhel-73-eu-central-1: - :image: - :aio: ami-e4c63e8b - :region: eu-central-1 - # SUSE Linux Enterprise Server 12 SP2 (HVM), SSD Volume Type - sles-12sp2-eu-central-1: - :image: - :aio: ami-c425e4ab - :region: eu-central-1 - # Ubuntu Server 16.04 LTS (HVM), SSD Volume Type - ubuntu-1604-eu-central-1: - :image: - :aio: ami-fe408091 - :region: eu-central-1 - # Microsoft Windows Server 2016 Base - windows-2016-base-eu-central-1: - :image: - :aio: ami-88ec20e7 - :region: eu-central-1 diff --git a/spec/acceptance/nodesets/ec2/rhel-73-x64.yml b/spec/acceptance/nodesets/ec2/rhel-73-x64.yml deleted file mode 100644 index 7fac8236..00000000 --- a/spec/acceptance/nodesets/ec2/rhel-73-x64.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# This file is managed via modulesync -# https://github.com/voxpupuli/modulesync -# https://github.com/voxpupuli/modulesync_config -# -# Additional ~/.fog config file with AWS EC2 credentials -# required. -# -# see: https://github.com/puppetlabs/beaker/blob/master/docs/how_to/hypervisors/ec2.md -# -HOSTS: - rhel-73-x64: - roles: - - master - platform: el-7-x86_64 - hypervisor: ec2 - # refers to image_tempaltes.yaml AMI[vmname] entry: - vmname: rhel-73-eu-central-1 - # refers to image_tempaltes.yaml entry inside AMI[vmname][:image]: - snapshot: aio - # t2.micro is free tier eligible (https://aws.amazon.com/en/free/): - amisize: t2.micro - # required so that beaker sanitizes sshd_config and root authorized_keys: - user: ec2-user -CONFIG: - type: aio - :ec2_yaml: spec/acceptance/nodesets/ec2/image_templates.yaml -... -# vim: syntax=yaml diff --git a/spec/acceptance/nodesets/ec2/sles-12sp2-x64.yml b/spec/acceptance/nodesets/ec2/sles-12sp2-x64.yml deleted file mode 100644 index 8542154d..00000000 --- a/spec/acceptance/nodesets/ec2/sles-12sp2-x64.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# This file is managed via modulesync -# https://github.com/voxpupuli/modulesync -# https://github.com/voxpupuli/modulesync_config -# -# Additional ~/.fog config file with AWS EC2 credentials -# required. -# -# see: https://github.com/puppetlabs/beaker/blob/master/docs/how_to/hypervisors/ec2.md -# -HOSTS: - sles-12sp2-x64: - roles: - - master - platform: sles-12-x86_64 - hypervisor: ec2 - # refers to image_tempaltes.yaml AMI[vmname] entry: - vmname: sles-12sp2-eu-central-1 - # refers to image_tempaltes.yaml entry inside AMI[vmname][:image]: - snapshot: aio - # t2.micro is free tier eligible (https://aws.amazon.com/en/free/): - amisize: t2.micro - # required so that beaker sanitizes sshd_config and root authorized_keys: - user: ec2-user -CONFIG: - type: aio - :ec2_yaml: spec/acceptance/nodesets/ec2/image_templates.yaml -... -# vim: syntax=yaml diff --git a/spec/acceptance/nodesets/ec2/ubuntu-1604-x64.yml b/spec/acceptance/nodesets/ec2/ubuntu-1604-x64.yml deleted file mode 100644 index 9cf59d59..00000000 --- a/spec/acceptance/nodesets/ec2/ubuntu-1604-x64.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# This file is managed via modulesync -# https://github.com/voxpupuli/modulesync -# https://github.com/voxpupuli/modulesync_config -# -# Additional ~/.fog config file with AWS EC2 credentials -# required. -# -# see: https://github.com/puppetlabs/beaker/blob/master/docs/how_to/hypervisors/ec2.md -# -HOSTS: - ubuntu-1604-x64: - roles: - - master - platform: ubuntu-16.04-amd64 - hypervisor: ec2 - # refers to image_tempaltes.yaml AMI[vmname] entry: - vmname: ubuntu-1604-eu-central-1 - # refers to image_tempaltes.yaml entry inside AMI[vmname][:image]: - snapshot: aio - # t2.micro is free tier eligible (https://aws.amazon.com/en/free/): - amisize: t2.micro - # required so that beaker sanitizes sshd_config and root authorized_keys: - user: ubuntu -CONFIG: - type: aio - :ec2_yaml: spec/acceptance/nodesets/ec2/image_templates.yaml -... -# vim: syntax=yaml diff --git a/spec/acceptance/nodesets/ec2/windows-2016-base-x64.yml b/spec/acceptance/nodesets/ec2/windows-2016-base-x64.yml deleted file mode 100644 index 0932e29c..00000000 --- a/spec/acceptance/nodesets/ec2/windows-2016-base-x64.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# This file is managed via modulesync -# https://github.com/voxpupuli/modulesync -# https://github.com/voxpupuli/modulesync_config -# -# Additional ~/.fog config file with AWS EC2 credentials -# required. -# -# see: https://github.com/puppetlabs/beaker/blob/master/docs/how_to/hypervisors/ec2.md -# -HOSTS: - windows-2016-base-x64: - roles: - - master - platform: windows-2016-64 - hypervisor: ec2 - # refers to image_tempaltes.yaml AMI[vmname] entry: - vmname: windows-2016-base-eu-central-1 - # refers to image_tempaltes.yaml entry inside AMI[vmname][:image]: - snapshot: aio - # t2.micro is free tier eligible (https://aws.amazon.com/en/free/): - amisize: t2.micro - # required so that beaker sanitizes sshd_config and root authorized_keys: - user: ec2-user -CONFIG: - type: aio - :ec2_yaml: spec/acceptance/nodesets/ec2/image_templates.yaml -... -# vim: syntax=yaml diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index b2b27045..d266f6b4 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -9,7 +9,7 @@ require 'voxpupuli/test/spec_helper' if File.exist?(File.join(__dir__, 'default_module_facts.yml')) - facts = YAML.load(File.read(File.join(__dir__, 'default_module_facts.yml'))) + facts = YAML.safe_load(File.read(File.join(__dir__, 'default_module_facts.yml'))) if facts facts.each do |name, value| add_custom_fact name.to_sym, value From ecffac4f7312307f5ae8864fc54ee59e0a9ac1b0 Mon Sep 17 00:00:00 2001 From: Alexandre Ellert Date: Thu, 8 Aug 2019 04:21:33 +0200 Subject: [PATCH 51/68] :tada: Add certbot-dns-ovh plugin support --- manifests/certonly.pp | 13 +++++++++- manifests/plugin/dns_ovh.pp | 51 +++++++++++++++++++++++++++++++++++++ types/plugin.pp | 3 ++- 3 files changed, 65 insertions(+), 2 deletions(-) create mode 100644 manifests/plugin/dns_ovh.pp diff --git a/manifests/certonly.pp b/manifests/certonly.pp index b639fc95..82bed215 100644 --- a/manifests/certonly.pp +++ b/manifests/certonly.pp @@ -108,6 +108,17 @@ ] } + dns-ovh': { + require letsencrypt::plugin::dns_ovh + $_domains = join($domains, '\' -d \'') + $plugin_args = [ + "--cert-name '${cert_name}' -d", + "'${_domains}'", + "--dns-ovh-credentials ${letsencrypt::plugin::dns_ovh::config_file}", + "--dns-ovh-propagation-seconds ${letsencrypt::plugin::dns_ovh::propagation_seconds}", + ] + } + 'dns-route53': { require letsencrypt::plugin::dns_route53 $_domains = join($domains, '\' -d \'') @@ -216,4 +227,4 @@ monthday => $cron_monthday, } } -} +} \ No newline at end of file diff --git a/manifests/plugin/dns_ovh.pp b/manifests/plugin/dns_ovh.pp new file mode 100644 index 00000000..ad9f073d --- /dev/null +++ b/manifests/plugin/dns_ovh.pp @@ -0,0 +1,51 @@ +# @summary Installs and configures the dns-ovh plugin +# +# This class installs and configures the Let's Encrypt dns-ovh plugin. +# https://certbot-dns-ovh.readthedocs.io +# +# @param endpoint Target OVH DNS endpoint. +# @param application_key OVH application key. +# @param application_secret OVH application secret. +# @param consumer_key OVH consumer key. +# @param propagation_seconds Number of seconds to wait for the DNS server to propagate the DNS-01 challenge. +# @param manage_package Manage the plugin. +# @param package_name The name of the package to install when $manage_package is true. +# @param config_dir The path to the configuration directory. +# +class letsencrypt::plugin::dns_ovh ( + Enum['ovh-eu', 'ovh-ca'] $endpoint, + String[1] $application_key, + String[1] $application_secret, + String[1] $consumer_key, + Integer $propagation_seconds = $letsencrypt::dns_ovh_propagation_seconds, + Stdlib::Absolutepath $config_dir = $letsencrypt::config_dir, + Boolean $manage_package = $letsencrypt::dns_ovh_manage_package, + String $package_name = $letsencrypt::dns_ovh_package_name, +) { + require letsencrypt + + if $manage_package { + package { $package_name: + ensure => installed, + } + } + + $ini_vars = { + dns_ovh_endpoint => $endpoint, + dns_ovh_application_key => $application_key, + dns_ovh_application_secret => $application_secret, + dns_ovh_consumer_key => $consumer_key, + dns_ovh_propagation_seconds => $propagation_seconds, + } + + file { "${config_dir}/dns-ovh.ini": + ensure => file, + owner => 'root', + group => 'root', + mode => '0400', + content => epp('letsencrypt/ini.epp', { + vars => { '' => $ini_vars }, + }), + } + +} diff --git a/types/plugin.pp b/types/plugin.pp index 24b87b8c..b63f80ea 100644 --- a/types/plugin.pp +++ b/types/plugin.pp @@ -8,4 +8,5 @@ 'dns-google', 'dns-cloudflare', 'dns-rfc2136', -] + 'dns-ovh', +] \ No newline at end of file From e7ff0ed28b742767f089223a19d5aff5080b2b0d Mon Sep 17 00:00:00 2001 From: Alexandre Ellert Date: Thu, 8 Aug 2019 13:50:42 +0200 Subject: [PATCH 52/68] format using puppet-strings style --- manifests/plugin/dns_ovh.pp | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/manifests/plugin/dns_ovh.pp b/manifests/plugin/dns_ovh.pp index ad9f073d..b8f6156c 100644 --- a/manifests/plugin/dns_ovh.pp +++ b/manifests/plugin/dns_ovh.pp @@ -1,7 +1,18 @@ # @summary Installs and configures the dns-ovh plugin # -# This class installs and configures the Let's Encrypt dns-ovh plugin. -# https://certbot-dns-ovh.readthedocs.io +# @example Basic usage +# class { 'letsencrypt::plugin::dns_ovh': +# endpoint => 'ovh-eu', +# application_key => 'MDAwMDAwMDAwMDAw', +# application_secret => 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw', +# consumer_key => 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw', +# } +# letsencrypt::certonly { 'foo': +# domains => ['foo.example.com', 'bar.example.com'], +# plugin => 'dns-ovh', +# } +# +# @see https://certbot-dns-ovh.readthedocs.io # # @param endpoint Target OVH DNS endpoint. # @param application_key OVH application key. From 201022d6ee80a29958d7b3b0f5570580ca82d1cc Mon Sep 17 00:00:00 2001 From: Alexandre Ellert Date: Thu, 8 Aug 2019 17:06:00 +0200 Subject: [PATCH 53/68] Remove hardcoded dns-ovh.ini file name (replace $config_dir by $config_file) --- manifests/plugin/dns_ovh.pp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/manifests/plugin/dns_ovh.pp b/manifests/plugin/dns_ovh.pp index b8f6156c..25e6e905 100644 --- a/manifests/plugin/dns_ovh.pp +++ b/manifests/plugin/dns_ovh.pp @@ -28,10 +28,10 @@ String[1] $application_key, String[1] $application_secret, String[1] $consumer_key, - Integer $propagation_seconds = $letsencrypt::dns_ovh_propagation_seconds, - Stdlib::Absolutepath $config_dir = $letsencrypt::config_dir, - Boolean $manage_package = $letsencrypt::dns_ovh_manage_package, - String $package_name = $letsencrypt::dns_ovh_package_name, + Integer $propagation_seconds = $letsencrypt::dns_ovh_propagation_seconds, + Boolean $manage_package = $letsencrypt::dns_ovh_manage_package, + String $package_name = $letsencrypt::dns_ovh_package_name, + Stdlib::Absolutepath $config_file = "${letsencrypt::config_dir}/dns-ovh.ini", ) { require letsencrypt @@ -49,7 +49,7 @@ dns_ovh_propagation_seconds => $propagation_seconds, } - file { "${config_dir}/dns-ovh.ini": + file { $config_file: ensure => file, owner => 'root', group => 'root', From d1afcca6efa2a868db005102bcd3816b0bff3800 Mon Sep 17 00:00:00 2001 From: Alexandre Ellert Date: Thu, 22 Aug 2019 13:01:46 +0200 Subject: [PATCH 54/68] :white_check_mark: Add tests for dns-ovh plugin --- .../letsencrypt_plugin_dns_ovh_spec.rb | 50 +++++++++++++ spec/classes/plugin/dns_ovh_spec.rb | 74 +++++++++++++++++++ spec/defines/letsencrypt_certonly_spec.rb | 11 +++ spec/type_aliases/plugin_spec.rb | 2 +- 4 files changed, 136 insertions(+), 1 deletion(-) create mode 100644 spec/acceptance/letsencrypt_plugin_dns_ovh_spec.rb create mode 100644 spec/classes/plugin/dns_ovh_spec.rb diff --git a/spec/acceptance/letsencrypt_plugin_dns_ovh_spec.rb b/spec/acceptance/letsencrypt_plugin_dns_ovh_spec.rb new file mode 100644 index 00000000..2cb98d5d --- /dev/null +++ b/spec/acceptance/letsencrypt_plugin_dns_ovh_spec.rb @@ -0,0 +1,50 @@ +require 'spec_helper_acceptance' + +describe 'letsencrypt::plugin::dns_ovh' do + supported = case fact('os.family') + when 'Debian' + # Debian started shipping in Buster, Ubuntu started shipping in Disco + fact('os.release.major') != '10' && fact('os.release.major') != '19.04' + when 'RedHat' + true + else + false + end + + context 'with defaults values' do + pp = <<-PUPPET + class { 'letsencrypt' : + email => 'letsregister@example.com', + config => { + 'server' => 'https://acme-staging.api.letsencrypt.org/directory', + }, + } + class { 'letsencrypt::plugin::dns_ovh': + endpoint => 'ovh-eu', + application_key => 'MDAwMDAwMDAwMDAw', + application_secret => 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw', + consumer_key => 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw', + } + PUPPET + + if supported + it 'installs letsencrypt and dns ovh plugin without error' do + apply_manifest(pp, catch_failures: true) + end + it 'installs letsencrypt and dns ovh idempotently' do + apply_manifest(pp, catch_changes: true) + end + + describe file('/etc/letsencrypt/dns-ovh.ini') do + it { is_expected.to be_file } + it { is_expected.to be_owned_by 'root' } + it { is_expected.to be_grouped_into 'root' } + it { is_expected.to be_mode 400 } + end + else + it 'fails to install' do + apply_manifest(pp, expect_failures: true) + end + end + end +end diff --git a/spec/classes/plugin/dns_ovh_spec.rb b/spec/classes/plugin/dns_ovh_spec.rb new file mode 100644 index 00000000..eeb9ce23 --- /dev/null +++ b/spec/classes/plugin/dns_ovh_spec.rb @@ -0,0 +1,74 @@ +require 'spec_helper' + +describe 'letsencrypt::plugin::dns_ovh' do + on_supported_os.each do |os, facts| + context "on #{os} based operating systems" do + let(:facts) { facts } + let(:params) { {} } + let(:pre_condition) do + <<-PUPPET + class { 'letsencrypt': + email => 'foo@example.com', + } + PUPPET + end + let(:package_name) do + case facts[:osfamily] + when 'Debian' + 'python3-certbot-dns-ovh' + when 'RedHat' + facts[:operatingsystem] == 'Fedora' ? 'python3-certbot-dns-ovh' : 'python2-certbot-dns-ovh' + end + end + + context 'without required parameters' do + it { is_expected.not_to compile } + end + + context 'with required parameters' do + let(:params) do + super().merge( + endpoint: 'ovh-eu' + application_key: 'MDAwMDAwMDAwMDAw', + application_secret: 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw', + consumer_key: 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw' + ) + end + + it do + if package_name.nil? + is_expected.not_to compile + else + is_expected.to compile.with_all_deps + + is_expected.to contain_file('/etc/letsencrypt/dns-ovh.ini'). + with_ensure('file'). + with_owner('root'). + with_group('root'). + with_mode('0400'). + with_content(%r{^.*dns_ovh_endpoint.*$}) + end + end + + describe 'with manage_package => true' do + let(:params) { super().merge(manage_package: true) } + + it do + if package_name.nil? + is_expected.not_to compile + else + is_expected.to contain_class('letsencrypt::plugin::dns_ovh').with_package_name(package_name) + is_expected.to contain_package(package_name).with_ensure('installed') + end + end + end + + describe 'with manage_package => false' do + let(:params) { super().merge(manage_package: false, package_name: 'dns-ovh-package') } + + it { is_expected.not_to contain_package('dns-ovh-package') } + end + end + end + end +end diff --git a/spec/defines/letsencrypt_certonly_spec.rb b/spec/defines/letsencrypt_certonly_spec.rb index 63028b71..c3e74f7c 100644 --- a/spec/defines/letsencrypt_certonly_spec.rb +++ b/spec/defines/letsencrypt_certonly_spec.rb @@ -136,6 +136,9 @@ class { 'letsencrypt::plugin::dns_rfc2136': context 'with dns-route53 plugin' do let(:title) { 'foo.example.com' } let(:params) { { plugin: 'dns-route53', letsencrypt_command: 'letsencrypt' } } + context 'with dns-ovh plugin' do + let(:title) { 'foo.example.com' } + let(:params) { { plugin: 'dns-ovh', letsencrypt_command: 'letsencrypt' } } let(:pre_condition) do <<-PUPPET class { 'letsencrypt': @@ -144,6 +147,12 @@ class { 'letsencrypt': } class { 'letsencrypt::plugin::dns_route53': package_name => 'irrelevant', + class { 'letsencrypt::plugin::dns_ovh': + endpoint => 'ovh-eu', + application_key => 'MDAwMDAwMDAwMDAw', + application_secret => 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw', + consumer_key => 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw', + package_name => 'irrelevant', } PUPPET end @@ -151,6 +160,8 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_class('letsencrypt::plugin::dns_route53') } it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a dns-route53 --cert-name 'foo.example.com' -d 'foo.example.com' --dns-route53-propagation-seconds 10" } + it { is_expected.to contain_class('letsencrypt::plugin::dns_ovh') } + it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a dns-ovh --cert-name 'foo.example.com' -d 'foo.example.com' --dns-ovh-credentials /etc/letsencrypt/dns-ovh.ini --dns-ovh-propagation-seconds 30" } end context 'with custom plugin' do diff --git a/spec/type_aliases/plugin_spec.rb b/spec/type_aliases/plugin_spec.rb index 2a634fbe..edf3e456 100644 --- a/spec/type_aliases/plugin_spec.rb +++ b/spec/type_aliases/plugin_spec.rb @@ -1,7 +1,7 @@ require 'spec_helper' describe 'Letsencrypt::Plugin' do - it { is_expected.to allow_values('apache', 'standalone', 'webroot', 'nginx', 'dns-route53', 'dns-google', 'dns-cloudflare', 'dns-rfc2136') } + it { is_expected.to allow_values('apache', 'standalone', 'webroot', 'nginx', 'dns-route53', 'dns-google', 'dns-cloudflare', 'dns-rfc2136', 'dns-ovh') } it { is_expected.not_to allow_value(nil) } it { is_expected.not_to allow_value('foo') } it { is_expected.not_to allow_value('custom') } From f36088e476b18b8a3231b675c020cbd28f045ba7 Mon Sep 17 00:00:00 2001 From: Alexandre Ellert Date: Thu, 22 Aug 2019 13:13:55 +0200 Subject: [PATCH 55/68] :books: Add dns-ovh documentation --- README.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/README.md b/README.md index 8b4f9f92..0351fc51 100644 --- a/README.md +++ b/README.md @@ -166,6 +166,34 @@ letsencrypt::certonly { 'foo': plugin => 'dns-rfc2136', } ``` +#### dns-ovh plugin + +To request a certificate using the `dns-ovh` plugin, you will at a minimum +need to pass `endpoint`, `application_key`, `application_secret` and +`consumer_key`to the class `letsencrypt::plugin::dns_ovh`. +Ideally keys and secret should be encrypted, eg. with eyaml if using Hiera. + +Plugin documentation and it's parameters can be found here: +https://certbot-dns-ovh.readthedocs.io + +Parameter defaults: + +- `propagation_seconds` 30 (the plugin defaults to 30) + +Example: + +```puppet +class { 'letsencrypt::plugin::dns_ovh': + endpoint => 'ovh-eu', + application_key => 'MDAwMDAwMDAwMDAw', + application_secret => 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw', + consumer_key => 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw', +} +letsencrypt::certonly { 'foo': + domains => ['foo.example.com', 'bar.example.com'], + plugin => 'dns-ovh', +} +``` #### Additional arguments From 02d6a82501ef6c7154d589d619832dc922022127 Mon Sep 17 00:00:00 2001 From: Alexandre Ellert Date: Thu, 22 Aug 2019 13:21:03 +0200 Subject: [PATCH 56/68] :bug: Fix syntax error --- spec/classes/plugin/dns_ovh_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/classes/plugin/dns_ovh_spec.rb b/spec/classes/plugin/dns_ovh_spec.rb index eeb9ce23..56343ec3 100644 --- a/spec/classes/plugin/dns_ovh_spec.rb +++ b/spec/classes/plugin/dns_ovh_spec.rb @@ -28,7 +28,7 @@ class { 'letsencrypt': context 'with required parameters' do let(:params) do super().merge( - endpoint: 'ovh-eu' + endpoint: 'ovh-eu', application_key: 'MDAwMDAwMDAwMDAw', application_secret: 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw', consumer_key: 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw' From 1d204a04e2ad15e72d1b5308e131d1b36a20c135 Mon Sep 17 00:00:00 2001 From: Alexandre Ellert Date: Thu, 22 Aug 2019 15:29:07 +0200 Subject: [PATCH 57/68] :books: Add warning about Debian based distros compatibility --- README.md | 5 +++++ manifests/plugin/dns_ovh.pp | 13 +++++++++++++ 2 files changed, 18 insertions(+) diff --git a/README.md b/README.md index 0351fc51..dfe2141a 100644 --- a/README.md +++ b/README.md @@ -176,6 +176,11 @@ Ideally keys and secret should be encrypted, eg. with eyaml if using Hiera. Plugin documentation and it's parameters can be found here: https://certbot-dns-ovh.readthedocs.io +Note: + +For Debian based OS, this plugin is compatible from Debian 10 +and Ubuntu 19. Older OS are not supported. + Parameter defaults: - `propagation_seconds` 30 (the plugin defaults to 30) diff --git a/manifests/plugin/dns_ovh.pp b/manifests/plugin/dns_ovh.pp index 25e6e905..5c2eb580 100644 --- a/manifests/plugin/dns_ovh.pp +++ b/manifests/plugin/dns_ovh.pp @@ -35,6 +35,19 @@ ) { require letsencrypt + case $::operatingsystem { + 'Debian': { + if $::operatingsystemrelease < '10' { + fail("The dns-ovh plugin is not compatible with $::operatingsystem $::operatingsystemrelease. See README.") + } + } + 'Ubuntu': { + if $::operatingsystemrelease < '19' { + fail("The dns-ovh plugin is not compatible with $::operatingsystem $::operatingsystemrelease. See README.") + } + } + } + if $manage_package { package { $package_name: ensure => installed, From cc40ee939010ca2c6400bd762d4bc9aeeab12f11 Mon Sep 17 00:00:00 2001 From: Alexandre Ellert Date: Thu, 22 Aug 2019 15:37:19 +0200 Subject: [PATCH 58/68] :bug: Fix version compared as number --- manifests/plugin/dns_ovh.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/plugin/dns_ovh.pp b/manifests/plugin/dns_ovh.pp index 5c2eb580..ec8326d3 100644 --- a/manifests/plugin/dns_ovh.pp +++ b/manifests/plugin/dns_ovh.pp @@ -37,12 +37,12 @@ case $::operatingsystem { 'Debian': { - if $::operatingsystemrelease < '10' { + if versioncmp($::operatingsystemrelease, '10') < 0 { fail("The dns-ovh plugin is not compatible with $::operatingsystem $::operatingsystemrelease. See README.") } } 'Ubuntu': { - if $::operatingsystemrelease < '19' { + if versioncmp($::operatingsystemrelease, '19') < 0 { fail("The dns-ovh plugin is not compatible with $::operatingsystem $::operatingsystemrelease. See README.") } } From 42d82ece4b23ab6489c8b2381ce18666ad2777b3 Mon Sep 17 00:00:00 2001 From: Alexandre Ellert Date: Thu, 22 Aug 2019 15:55:56 +0200 Subject: [PATCH 59/68] :bug: Fix Travis CI warnings --- manifests/plugin/dns_ovh.pp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/manifests/plugin/dns_ovh.pp b/manifests/plugin/dns_ovh.pp index ec8326d3..3d93eea8 100644 --- a/manifests/plugin/dns_ovh.pp +++ b/manifests/plugin/dns_ovh.pp @@ -38,14 +38,16 @@ case $::operatingsystem { 'Debian': { if versioncmp($::operatingsystemrelease, '10') < 0 { - fail("The dns-ovh plugin is not compatible with $::operatingsystem $::operatingsystemrelease. See README.") + fail("The dns-ovh plugin is not compatible with ${::operatingsystem} ${::operatingsystemrelease}. See README.") } } 'Ubuntu': { if versioncmp($::operatingsystemrelease, '19') < 0 { - fail("The dns-ovh plugin is not compatible with $::operatingsystem $::operatingsystemrelease. See README.") + fail("The dns-ovh plugin is not compatible with ${::operatingsystem} ${::operatingsystemrelease}. See README.") } } + default: { + } } if $manage_package { From 110473c446abcef296b45645c07304ab7f8a07ad Mon Sep 17 00:00:00 2001 From: Alexandre Ellert Date: Sat, 13 Mar 2021 21:19:10 +0100 Subject: [PATCH 60/68] Fix merge conflicts --- manifests/plugin/dns_ovh.pp | 32 -------------------------------- 1 file changed, 32 deletions(-) diff --git a/manifests/plugin/dns_ovh.pp b/manifests/plugin/dns_ovh.pp index 70915f48..3d93eea8 100644 --- a/manifests/plugin/dns_ovh.pp +++ b/manifests/plugin/dns_ovh.pp @@ -1,8 +1,4 @@ -<<<<<<< HEAD # @summary Installs and configures the dns-ovh plugin -======= -# @summary This class installs and configures the Let's Encrypt dns-ovh plugin. ->>>>>>> a49673696f6c43101af8f0419634eb53cd923f1f # # @example Basic usage # class { 'letsencrypt::plugin::dns_ovh': @@ -18,7 +14,6 @@ # # @see https://certbot-dns-ovh.readthedocs.io # -<<<<<<< HEAD # @param endpoint Target OVH DNS endpoint. # @param application_key OVH application key. # @param application_secret OVH application secret. @@ -27,26 +22,6 @@ # @param manage_package Manage the plugin. # @param package_name The name of the package to install when $manage_package is true. # @param config_dir The path to the configuration directory. -======= -# === Parameters: -# -# @param endpoint -# Target OVH DNS endpoint. -# @param application_key -# OVH application key. -# @param application_secret -# DNS OVH application secret. -# @param consumer_key -# DNS OVH consumer key. -# @param propagation_seconds -# DNS OVH propagation seconds (default: 30s) -# @param manage_package -# Manage the plugin package. -# @param package_name -# The name of the package to install when $manage_package is true. -# @param config_file -# The name, with full abolute path, of the configuration file containing OVH credentials. ->>>>>>> a49673696f6c43101af8f0419634eb53cd923f1f # class letsencrypt::plugin::dns_ovh ( Enum['ovh-eu', 'ovh-ca'] $endpoint, @@ -58,10 +33,7 @@ String $package_name = $letsencrypt::dns_ovh_package_name, Stdlib::Absolutepath $config_file = "${letsencrypt::config_dir}/dns-ovh.ini", ) { -<<<<<<< HEAD require letsencrypt -======= ->>>>>>> a49673696f6c43101af8f0419634eb53cd923f1f case $::operatingsystem { 'Debian': { @@ -100,10 +72,6 @@ content => epp('letsencrypt/ini.epp', { vars => { '' => $ini_vars }, }), -<<<<<<< HEAD -======= - require => Class['letsencrypt'], ->>>>>>> a49673696f6c43101af8f0419634eb53cd923f1f } } From 6f3ecf53556acb25e4165f075b174c2e395c8ed4 Mon Sep 17 00:00:00 2001 From: Alexandre Ellert Date: Sat, 13 Mar 2021 21:38:46 +0100 Subject: [PATCH 61/68] Fix merge conflicts --- spec/defines/letsencrypt_certonly_spec.rb | 25 +++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/spec/defines/letsencrypt_certonly_spec.rb b/spec/defines/letsencrypt_certonly_spec.rb index c812b100..b10d752e 100644 --- a/spec/defines/letsencrypt_certonly_spec.rb +++ b/spec/defines/letsencrypt_certonly_spec.rb @@ -133,9 +133,6 @@ class { 'letsencrypt::plugin::dns_rfc2136': it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a dns-rfc2136 --cert-name 'foo.example.com' -d 'foo.example.com' --dns-rfc2136-credentials /etc/letsencrypt/dns-rfc2136.ini --dns-rfc2136-propagation-seconds 10" } end - context 'with dns-route53 plugin' do - let(:title) { 'foo.example.com' } - let(:params) { { plugin: 'dns-route53', letsencrypt_command: 'letsencrypt' } } context 'with dns-ovh plugin' do let(:title) { 'foo.example.com' } let(:params) { { plugin: 'dns-ovh', letsencrypt_command: 'letsencrypt' } } @@ -160,6 +157,26 @@ class { 'letsencrypt::plugin::dns_ovh': it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a dns-ovh --cert-name 'foo.example.com' -d 'foo.example.com' --dns-ovh-credentials /etc/letsencrypt/dns-ovh.ini --dns-ovh-propagation-seconds 30" } end + context 'with dns-route53 plugin' do + let(:title) { 'foo.example.com' } + let(:params) { { plugin: 'dns-route53', letsencrypt_command: 'letsencrypt' } } + let(:pre_condition) do + <<-PUPPET + class { 'letsencrypt': + email => 'foo@example.com', + config_dir => '/etc/letsencrypt', + } + class { 'letsencrypt::plugin::dns_route53': + package_name => 'irrelevant', + } + PUPPET + end + + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_class('letsencrypt::plugin::dns_route53') } + it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a dns-route53 --cert-name 'foo.example.com' -d 'foo.example.com' --dns-route53-propagation-seconds 10" } + end + context 'with custom plugin' do let(:title) { 'foo.example.com' } let(:params) { { plugin: 'apache' } } @@ -465,4 +482,4 @@ class { 'letsencrypt::plugin::dns_ovh': end end end -end +end \ No newline at end of file From 805f91d9d44c2601411b5343c9686cf84f94fa20 Mon Sep 17 00:00:00 2001 From: Alexandre Ellert Date: Sat, 13 Mar 2021 22:09:19 +0100 Subject: [PATCH 62/68] Fix travis --- .rspec | 2 +- lib/facter/letsencrypt_directory.rb | 8 +- manifests/certonly.pp | 4 +- spec/classes/letsencrypt_spec.rb | 42 ++++---- spec/classes/plugin/dns_ovh_spec.rb | 14 +-- spec/classes/plugin/dns_rfc2136_spec.rb | 14 +-- spec/default_facts.yml | 8 ++ spec/defines/letsencrypt_certonly_spec.rb | 114 ++++++++++++++++------ spec/defines/letsencrypt_hook_spec.rb | 16 +-- spec/spec_helper.rb | 75 +++++++++++--- 10 files changed, 202 insertions(+), 95 deletions(-) create mode 100644 spec/default_facts.yml diff --git a/.rspec b/.rspec index 8c18f1ab..16f9cdb0 100644 --- a/.rspec +++ b/.rspec @@ -1,2 +1,2 @@ ---format documentation --color +--format documentation diff --git a/lib/facter/letsencrypt_directory.rb b/lib/facter/letsencrypt_directory.rb index 6e7943bc..34dccf2d 100644 --- a/lib/facter/letsencrypt_directory.rb +++ b/lib/facter/letsencrypt_directory.rb @@ -2,15 +2,15 @@ require 'pathname' Facter.add(:letsencrypt_directory) do - confine kernel: %w[FreeBSD Linux OpenBSD] + confine kernel: ['FreeBSD', 'Linux', 'OpenBSD'] setcode do certs = {} # locate the certificate repository - livedir = ['/etc/letsencrypt/live', '/etc/certbot/live']. - map { |path| Pathname.new path }. - find(&:directory?) + livedir = ['/etc/letsencrypt/live', '/etc/certbot/live'] + .map { |path| Pathname.new path } + .find(&:directory?) unless livedir.nil? Pathname.new(livedir).children.select(&:directory?).each do |path| diff --git a/manifests/certonly.pp b/manifests/certonly.pp index 05e236c4..fa544578 100644 --- a/manifests/certonly.pp +++ b/manifests/certonly.pp @@ -108,7 +108,7 @@ ] } - dns-ovh': { + 'dns-ovh': { require letsencrypt::plugin::dns_ovh $_domains = join($domains, '\' -d \'') $plugin_args = [ @@ -218,4 +218,4 @@ monthday => $cron_monthday, } } -} \ No newline at end of file +} diff --git a/spec/classes/letsencrypt_spec.rb b/spec/classes/letsencrypt_spec.rb index 1a5e6154..e9e1f694 100644 --- a/spec/classes/letsencrypt_spec.rb +++ b/spec/classes/letsencrypt_spec.rb @@ -18,27 +18,27 @@ epel = facts[:osfamily] == 'RedHat' && facts[:operatingsystem] != 'Fedora' it 'contains File[/usr/local/sbin/letsencrypt-domain-validation]' do - is_expected.to contain_file('/usr/local/sbin/letsencrypt-domain-validation'). - with_ensure('file'). - with_owner('root'). - with_group('root'). - with_mode('0500'). - with_source('puppet:///modules/letsencrypt/domain-validation.sh') + is_expected.to contain_file('/usr/local/sbin/letsencrypt-domain-validation') + .with_ensure('file') + .with_owner('root') + .with_group('root') + .with_mode('0500') + .with_source('puppet:///modules/letsencrypt/domain-validation.sh') end it 'contains the correct resources' do - is_expected.to contain_class('letsencrypt::install'). - with(configure_epel: epel, + is_expected.to contain_class('letsencrypt::install') + .with(configure_epel: epel, manage_install: true, manage_dependencies: true, repo: 'https://github.com/certbot/certbot.git', - version: 'v0.39.0'). - that_notifies('Exec[initialize letsencrypt]'). - that_comes_before('Class[letsencrypt::renew]') + version: 'v0.39.0') + .that_notifies('Exec[initialize letsencrypt]') + .that_comes_before('Class[letsencrypt::renew]') is_expected.to contain_exec('initialize letsencrypt') is_expected.to contain_class('letsencrypt::config').that_comes_before('Exec[initialize letsencrypt]') - is_expected.to contain_class('letsencrypt::renew'). - with(pre_hook_commands: [], + is_expected.to contain_class('letsencrypt::renew') + .with(pre_hook_commands: [], post_hook_commands: [], deploy_hook_commands: [], additional_args: [], @@ -49,8 +49,8 @@ if facts[:osfamily] == 'FreeBSD' is_expected.to contain_ini_setting('/usr/local/etc/letsencrypt/cli.ini email foo@example.com') is_expected.to contain_ini_setting('/usr/local/etc/letsencrypt/cli.ini server https://acme-v02.api.letsencrypt.org/directory') - is_expected.to contain_file('letsencrypt-renewal-hooks-puppet'). - with(ensure: 'directory', + is_expected.to contain_file('letsencrypt-renewal-hooks-puppet') + .with(ensure: 'directory', path: '/usr/local/etc/letsencrypt/renewal-hooks-puppet', owner: 'root', group: 'root', @@ -213,8 +213,8 @@ end it do - is_expected.to contain_cron('letsencrypt-renew'). - with(ensure: 'present', + is_expected.to contain_cron('letsencrypt-renew') + .with(ensure: 'present', command: 'certbot renew -q', hour: 0, minute: 0, @@ -240,8 +240,8 @@ end it do - is_expected.to contain_cron('letsencrypt-renew'). - with(ensure: 'present', + is_expected.to contain_cron('letsencrypt-renew') + .with(ensure: 'present', command: 'certbot renew -q --pre-hook "/etc/letsencrypt/renewal-hooks-puppet/renew-pre.sh" --post-hook "/etc/letsencrypt/renewal-hooks-puppet/renew-post.sh" --deploy-hook "/etc/letsencrypt/renewal-hooks-puppet/renew-deploy.sh"') end end @@ -255,8 +255,8 @@ end it do - is_expected.to contain_cron('letsencrypt-renew'). - with(ensure: 'present', + is_expected.to contain_cron('letsencrypt-renew') + .with(ensure: 'present', command: 'certbot renew -q AdditionalBar') end end diff --git a/spec/classes/plugin/dns_ovh_spec.rb b/spec/classes/plugin/dns_ovh_spec.rb index 56343ec3..2e0f1ea4 100644 --- a/spec/classes/plugin/dns_ovh_spec.rb +++ b/spec/classes/plugin/dns_ovh_spec.rb @@ -31,7 +31,7 @@ class { 'letsencrypt': endpoint: 'ovh-eu', application_key: 'MDAwMDAwMDAwMDAw', application_secret: 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw', - consumer_key: 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw' + consumer_key: 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw', ) end @@ -41,12 +41,12 @@ class { 'letsencrypt': else is_expected.to compile.with_all_deps - is_expected.to contain_file('/etc/letsencrypt/dns-ovh.ini'). - with_ensure('file'). - with_owner('root'). - with_group('root'). - with_mode('0400'). - with_content(%r{^.*dns_ovh_endpoint.*$}) + is_expected.to contain_file('/etc/letsencrypt/dns-ovh.ini') + .with_ensure('file') + .with_owner('root') + .with_group('root') + .with_mode('0400') + .with_content(%r{^.*dns_ovh_endpoint.*$}) end end diff --git a/spec/classes/plugin/dns_rfc2136_spec.rb b/spec/classes/plugin/dns_rfc2136_spec.rb index 5b3ebbae..0f143ab1 100644 --- a/spec/classes/plugin/dns_rfc2136_spec.rb +++ b/spec/classes/plugin/dns_rfc2136_spec.rb @@ -33,7 +33,7 @@ class { 'letsencrypt': super().merge( server: '192.0.2.1', key_name: 'certbot', - key_secret: 'secret' + key_secret: 'secret', ) end @@ -43,12 +43,12 @@ class { 'letsencrypt': else is_expected.to compile.with_all_deps - is_expected.to contain_file('/etc/letsencrypt/dns-rfc2136.ini'). - with_ensure('file'). - with_owner('root'). - with_group('root'). - with_mode('0400'). - with_content(%r{^.*dns_rfc2136_server.*$}) + is_expected.to contain_file('/etc/letsencrypt/dns-rfc2136.ini') + .with_ensure('file') + .with_owner('root') + .with_group('root') + .with_mode('0400') + .with_content(%r{^.*dns_rfc2136_server.*$}) end end diff --git a/spec/default_facts.yml b/spec/default_facts.yml new file mode 100644 index 00000000..f777abfc --- /dev/null +++ b/spec/default_facts.yml @@ -0,0 +1,8 @@ +# Use default_module_facts.yml for module specific facts. +# +# Facts specified here will override the values provided by rspec-puppet-facts. +--- +ipaddress: "172.16.254.254" +ipaddress6: "FE80:0000:0000:0000:AAAA:AAAA:AAAA" +is_pe: false +macaddress: "AA:AA:AA:AA:AA:AA" diff --git a/spec/defines/letsencrypt_certonly_spec.rb b/spec/defines/letsencrypt_certonly_spec.rb index b10d752e..db934943 100644 --- a/spec/defines/letsencrypt_certonly_spec.rb +++ b/spec/defines/letsencrypt_certonly_spec.rb @@ -31,7 +31,9 @@ end it { is_expected.to contain_exec('initialize letsencrypt') } it { is_expected.to contain_exec('letsencrypt certonly foo.example.com') } - it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_unless "/usr/local/sbin/letsencrypt-domain-validation #{pathprefix}/etc/letsencrypt/live/foo.example.com/cert.pem 'foo.example.com'" } + it { + is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_unless "/usr/local/sbin/letsencrypt-domain-validation #{pathprefix}/etc/letsencrypt/live/foo.example.com/cert.pem 'foo.example.com'" + } end context 'with ensure absent' do @@ -40,7 +42,9 @@ it { is_expected.to contain_exec('letsencrypt certonly foo.example.com') } it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive delete --cert-name 'foo.example.com'" } - it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_onlyif "/usr/local/sbin/letsencrypt-domain-validation #{pathprefix}/etc/letsencrypt/live/foo.example.com/cert.pem 'foo.example.com'" } + it { + is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_onlyif "/usr/local/sbin/letsencrypt-domain-validation #{pathprefix}/etc/letsencrypt/live/foo.example.com/cert.pem 'foo.example.com'" + } end context 'with multiple domains' do @@ -48,7 +52,9 @@ let(:params) { { domains: ['foo.example.com', 'bar.example.com', '*.example.com'] } } it { is_expected.to compile.with_all_deps } - it { is_expected.to contain_exec('letsencrypt certonly foo').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo' -d 'foo.example.com' -d 'bar.example.com' -d '*.example.com'" } + it { + is_expected.to contain_exec('letsencrypt certonly foo').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo' -d 'foo.example.com' -d 'bar.example.com' -d '*.example.com'" + } end context 'with custom cert-name' do @@ -56,7 +62,9 @@ let(:params) { { cert_name: 'bar.example.com' } } it { is_expected.to compile.with_all_deps } - it { is_expected.to contain_exec('letsencrypt certonly foo').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'bar.example.com' -d 'foo'" } + it { + is_expected.to contain_exec('letsencrypt certonly foo').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'bar.example.com' -d 'foo'" + } end context 'with custom command' do @@ -64,7 +72,9 @@ let(:params) { { letsencrypt_command: '/usr/lib/letsencrypt/letsencrypt-auto' } } it { is_expected.to compile.with_all_deps } - it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command '/usr/lib/letsencrypt/letsencrypt-auto --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name \'foo.example.com\' -d \'foo.example.com\'' } + it { + is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command '/usr/lib/letsencrypt/letsencrypt-auto --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name \'foo.example.com\' -d \'foo.example.com\'' + } end context 'with webroot plugin' do @@ -75,7 +85,9 @@ end it { is_expected.to compile.with_all_deps } - it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a webroot --cert-name 'foo.example.com' --webroot-path /var/www/foo -d 'foo.example.com'" } + it { + is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a webroot --cert-name 'foo.example.com' --webroot-path /var/www/foo -d 'foo.example.com'" + } end context 'with webroot plugin and multiple domains' do @@ -87,7 +99,9 @@ end it { is_expected.to compile.with_all_deps } - it { is_expected.to contain_exec('letsencrypt certonly foo').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a webroot --cert-name 'foo' --webroot-path /var/www/foo -d 'foo.example.com' --webroot-path /var/www/bar -d 'bar.example.com'" } + it { + is_expected.to contain_exec('letsencrypt certonly foo').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a webroot --cert-name 'foo' --webroot-path /var/www/foo -d 'foo.example.com' --webroot-path /var/www/bar -d 'bar.example.com'" + } end context 'with webroot plugin, one webroot, and multiple domains' do @@ -99,7 +113,9 @@ end it { is_expected.to compile.with_all_deps } - it { is_expected.to contain_exec('letsencrypt certonly foo').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a webroot --cert-name 'foo' --webroot-path /var/www/foo -d 'foo.example.com' -d 'bar.example.com'" } + it { + is_expected.to contain_exec('letsencrypt certonly foo').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a webroot --cert-name 'foo' --webroot-path /var/www/foo -d 'foo.example.com' -d 'bar.example.com'" + } end context 'with webroot plugin and no webroot_paths' do @@ -130,7 +146,9 @@ class { 'letsencrypt::plugin::dns_rfc2136': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_class('letsencrypt::plugin::dns_rfc2136') } - it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a dns-rfc2136 --cert-name 'foo.example.com' -d 'foo.example.com' --dns-rfc2136-credentials /etc/letsencrypt/dns-rfc2136.ini --dns-rfc2136-propagation-seconds 10" } + it { + is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a dns-rfc2136 --cert-name 'foo.example.com' -d 'foo.example.com' --dns-rfc2136-credentials /etc/letsencrypt/dns-rfc2136.ini --dns-rfc2136-propagation-seconds 10" + } end context 'with dns-ovh plugin' do @@ -154,7 +172,9 @@ class { 'letsencrypt::plugin::dns_ovh': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_class('letsencrypt::plugin::dns_ovh') } - it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a dns-ovh --cert-name 'foo.example.com' -d 'foo.example.com' --dns-ovh-credentials /etc/letsencrypt/dns-ovh.ini --dns-ovh-propagation-seconds 30" } + it { + is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a dns-ovh --cert-name 'foo.example.com' -d 'foo.example.com' --dns-ovh-credentials /etc/letsencrypt/dns-ovh.ini --dns-ovh-propagation-seconds 30" + } end context 'with dns-route53 plugin' do @@ -174,7 +194,9 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_class('letsencrypt::plugin::dns_route53') } - it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a dns-route53 --cert-name 'foo.example.com' -d 'foo.example.com' --dns-route53-propagation-seconds 10" } + it { + is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a dns-route53 --cert-name 'foo.example.com' -d 'foo.example.com' --dns-route53-propagation-seconds 10" + } end context 'with custom plugin' do @@ -182,7 +204,9 @@ class { 'letsencrypt::plugin::dns_route53': let(:params) { { plugin: 'apache' } } it { is_expected.to compile.with_all_deps } - it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a apache --cert-name 'foo.example.com' -d 'foo.example.com'" } + it { + is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a apache --cert-name 'foo.example.com' -d 'foo.example.com'" + } end context 'with custom plugin and manage_cron' do @@ -196,7 +220,9 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_command('"/var/lib/puppet/letsencrypt/renew-foo.example.com.sh"').with_ensure('present') } - it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a apache --cert-name 'foo.example.com' -d 'foo.example.com'\n") } + it { + is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a apache --cert-name 'foo.example.com' -d 'foo.example.com'\n") + } end context 'with hook' do @@ -252,7 +278,9 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_hour(13).with_ensure('present') } - it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") } + it { + is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") + } end context 'with manage_cron and out of range defined cron_hour (integer)' do @@ -279,7 +307,9 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_hour('00').with_ensure('present') } - it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") } + it { + is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") + } end context 'with manage_cron and defined cron_hour (array)' do @@ -293,7 +323,9 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_hour([1, 13]).with_ensure('present') } - it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") } + it { + is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") + } end context 'with manage_cron and defined cron_minute (integer)' do @@ -307,7 +339,9 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_minute(15).with_ensure('present') } - it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") } + it { + is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") + } end context 'with manage_cron and out of range defined cron_hour (integer)' do @@ -334,7 +368,9 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_minute('15').with_ensure('present') } - it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") } + it { + is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") + } end context 'with manage_cron and defined cron_minute (array)' do @@ -348,7 +384,9 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_minute([0, 30]).with_ensure('present') } - it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") } + it { + is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") + } end context 'with manage_cron and ensure absent' do @@ -378,7 +416,9 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_file('/tmp/custom_vardir/letsencrypt').with_ensure('directory') } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_command '"/tmp/custom_vardir/letsencrypt/renew-foo.example.com.sh"' } - it { is_expected.to contain_file('/tmp/custom_vardir/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a apache --cert-name 'foo.example.com' -d 'foo.example.com'\n") } + it { + is_expected.to contain_file('/tmp/custom_vardir/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a apache --cert-name 'foo.example.com' -d 'foo.example.com'\n") + } end context 'with custom plugin and manage cron and cron_success_command' do @@ -394,14 +434,18 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_command '"/var/lib/puppet/letsencrypt/renew-foo.example.com.sh"' } - it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\n(echo before) && letsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a apache --cert-name 'foo.example.com' -d 'foo.example.com' && (echo success)\n") } + it { + is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\n(echo before) && letsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a apache --cert-name 'foo.example.com' -d 'foo.example.com' && (echo success)\n") + } end context 'without plugin' do let(:title) { 'foo.example.com' } let(:params) { { custom_plugin: true } } - it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 --cert-name 'foo.example.com' -d 'foo.example.com'" } + it { + is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 --cert-name 'foo.example.com' -d 'foo.example.com'" + } end context 'with invalid plugin' do @@ -417,7 +461,9 @@ class { 'letsencrypt::plugin::dns_route53': let(:params) { { additional_args: ['--foo bar', '--baz quux'] } } it { is_expected.to compile.with_all_deps } - it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com' --foo bar --baz quux" } + it { + is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com' --foo bar --baz quux" + } end describe 'when specifying custom environment variables' do @@ -433,7 +479,9 @@ class { 'letsencrypt::plugin::dns_route53': let(:params) { { environment: ['FOO=bar', 'FIZZ=buzz'], manage_cron: true } } it { is_expected.to compile.with_all_deps } - it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_content "#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nexport FOO=bar\nexport FIZZ=buzz\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n" } + it { + is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_content "#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nexport FOO=bar\nexport FIZZ=buzz\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n" + } end context 'with manage cron and suppress_cron_output' do\ @@ -445,7 +493,9 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_command('"/var/lib/puppet/letsencrypt/renew-foo.example.com.sh"').with_ensure('present') } - it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com' > /dev/null 2>&1\n") } + it { + is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com' > /dev/null 2>&1\n") + } end context 'with manage cron and custom day of month' do @@ -457,7 +507,9 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with(monthday: [1, 15]).with_ensure('present') } - it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") } + it { + is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") + } end context 'with custom config_dir' do @@ -466,7 +518,9 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_file('/foo/bar/baz').with_ensure('directory') } - it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_unless '/usr/local/sbin/letsencrypt-domain-validation /foo/bar/baz/live/foo.example.com/cert.pem \'foo.example.com\'' } + it { + is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_unless '/usr/local/sbin/letsencrypt-domain-validation /foo/bar/baz/live/foo.example.com/cert.pem \'foo.example.com\'' + } end context 'on FreeBSD', if: facts[:os]['name'] == 'FreeBSD' do @@ -478,8 +532,10 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to contain_ini_setting('/usr/local/etc/letsencrypt/cli.ini email foo@example.com') } it { is_expected.to contain_ini_setting('/usr/local/etc/letsencrypt/cli.ini server https://acme-v02.api.letsencrypt.org/directory') } it { is_expected.to contain_file('/usr/local/etc/letsencrypt').with_ensure('directory') } - it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_unless '/usr/local/sbin/letsencrypt-domain-validation /usr/local/etc/letsencrypt/live/foo.example.com/cert.pem \'foo.example.com\'' } + it { + is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_unless '/usr/local/sbin/letsencrypt-domain-validation /usr/local/etc/letsencrypt/live/foo.example.com/cert.pem \'foo.example.com\'' + } end end end -end \ No newline at end of file +end diff --git a/spec/defines/letsencrypt_hook_spec.rb b/spec/defines/letsencrypt_hook_spec.rb index 7ac1b4e7..27d6e38e 100644 --- a/spec/defines/letsencrypt_hook_spec.rb +++ b/spec/defines/letsencrypt_hook_spec.rb @@ -27,13 +27,13 @@ end it do - is_expected.to contain_file('/etc/letsencrypt/renewal-hooks-puppet/foo.example.com-pre.sh'). - with(ensure: 'file', + is_expected.to contain_file('/etc/letsencrypt/renewal-hooks-puppet/foo.example.com-pre.sh') + .with(ensure: 'file', owner: 'root', group: 'root', mode: '0755', - content: %r{^.*validate_env=0.*FooBar.*$}m). - that_requires('File[letsencrypt-renewal-hooks-puppet]') + content: %r{^.*validate_env=0.*FooBar.*$}m) + .that_requires('File[letsencrypt-renewal-hooks-puppet]') end end @@ -45,8 +45,8 @@ end it do - is_expected.to contain_file('/etc/letsencrypt/renewal-hooks-puppet/foo.example.com-post.sh'). - with_content(%r{^.*validate_env=0.*FooBar.*$}m) + is_expected.to contain_file('/etc/letsencrypt/renewal-hooks-puppet/foo.example.com-post.sh') + .with_content(%r{^.*validate_env=0.*FooBar.*$}m) end end @@ -58,8 +58,8 @@ end it do - is_expected.to contain_file('/etc/letsencrypt/renewal-hooks-puppet/foo.example.com-deploy.sh'). - with_content(%r{^.*validate_env=1.*FooBar.*$}m) + is_expected.to contain_file('/etc/letsencrypt/renewal-hooks-puppet/foo.example.com-deploy.sh') + .with_content(%r{^.*validate_env=1.*FooBar.*$}m) end end end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index d266f6b4..b367fded 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,18 +1,61 @@ -# This file is managed via modulesync -# https://github.com/voxpupuli/modulesync -# https://github.com/voxpupuli/modulesync_config - -# puppetlabs_spec_helper will set up coverage if the env variable is set. -# We want to do this if lib exists and it hasn't been explicitly set. -ENV['COVERAGE'] ||= 'yes' if Dir.exist?(File.expand_path('../../lib', __FILE__)) - -require 'voxpupuli/test/spec_helper' - -if File.exist?(File.join(__dir__, 'default_module_facts.yml')) - facts = YAML.safe_load(File.read(File.join(__dir__, 'default_module_facts.yml'))) - if facts - facts.each do |name, value| - add_custom_fact name.to_sym, value - end +# frozen_string_literal: true + +RSpec.configure do |c| + c.mock_with :rspec +end + +require 'puppetlabs_spec_helper/module_spec_helper' +require 'rspec-puppet-facts' + +require 'spec_helper_local' if File.file?(File.join(File.dirname(__FILE__), 'spec_helper_local.rb')) + +include RspecPuppetFacts + +default_facts = { + puppetversion: Puppet.version, + facterversion: Facter.version, +} + +default_fact_files = [ + File.expand_path(File.join(File.dirname(__FILE__), 'default_facts.yml')), + File.expand_path(File.join(File.dirname(__FILE__), 'default_module_facts.yml')), +] + +default_fact_files.each do |f| + next unless File.exist?(f) && File.readable?(f) && File.size?(f) + + begin + default_facts.merge!(YAML.safe_load(File.read(f), [], [], true)) + rescue => e + RSpec.configuration.reporter.message "WARNING: Unable to load #{f}: #{e}" end end + +# read default_facts and merge them over what is provided by facterdb +default_facts.each do |fact, value| + add_custom_fact fact, value +end + +RSpec.configure do |c| + c.default_facts = default_facts + c.before :each do + # set to strictest setting for testing + # by default Puppet runs at warning level + Puppet.settings[:strict] = :warning + Puppet.settings[:strict_variables] = true + end + c.filter_run_excluding(bolt: true) unless ENV['GEM_BOLT'] + c.after(:suite) do + end +end + +# Ensures that a module is defined +# @param module_name Name of the module +def ensure_module_defined(module_name) + module_name.split('::').reduce(Object) do |last_module, next_module| + last_module.const_set(next_module, Module.new) unless last_module.const_defined?(next_module, false) + last_module.const_get(next_module, false) + end +end + +# 'spec_overrides' from sync.yml will appear below this line From 2138e4f90ff27d046779eed412308b2ca8f0edc1 Mon Sep 17 00:00:00 2001 From: Alexandre Ellert Date: Sat, 13 Mar 2021 22:16:18 +0100 Subject: [PATCH 63/68] Revert "Fix travis" This reverts commit 805f91d9d44c2601411b5343c9686cf84f94fa20. --- .rspec | 2 +- lib/facter/letsencrypt_directory.rb | 8 +- manifests/certonly.pp | 4 +- spec/classes/letsencrypt_spec.rb | 42 ++++---- spec/classes/plugin/dns_ovh_spec.rb | 14 +-- spec/classes/plugin/dns_rfc2136_spec.rb | 14 +-- spec/default_facts.yml | 8 -- spec/defines/letsencrypt_certonly_spec.rb | 114 ++++++---------------- spec/defines/letsencrypt_hook_spec.rb | 16 +-- spec/spec_helper.rb | 75 +++----------- 10 files changed, 95 insertions(+), 202 deletions(-) delete mode 100644 spec/default_facts.yml diff --git a/.rspec b/.rspec index 16f9cdb0..8c18f1ab 100644 --- a/.rspec +++ b/.rspec @@ -1,2 +1,2 @@ ---color --format documentation +--color diff --git a/lib/facter/letsencrypt_directory.rb b/lib/facter/letsencrypt_directory.rb index 34dccf2d..6e7943bc 100644 --- a/lib/facter/letsencrypt_directory.rb +++ b/lib/facter/letsencrypt_directory.rb @@ -2,15 +2,15 @@ require 'pathname' Facter.add(:letsencrypt_directory) do - confine kernel: ['FreeBSD', 'Linux', 'OpenBSD'] + confine kernel: %w[FreeBSD Linux OpenBSD] setcode do certs = {} # locate the certificate repository - livedir = ['/etc/letsencrypt/live', '/etc/certbot/live'] - .map { |path| Pathname.new path } - .find(&:directory?) + livedir = ['/etc/letsencrypt/live', '/etc/certbot/live']. + map { |path| Pathname.new path }. + find(&:directory?) unless livedir.nil? Pathname.new(livedir).children.select(&:directory?).each do |path| diff --git a/manifests/certonly.pp b/manifests/certonly.pp index fa544578..05e236c4 100644 --- a/manifests/certonly.pp +++ b/manifests/certonly.pp @@ -108,7 +108,7 @@ ] } - 'dns-ovh': { + dns-ovh': { require letsencrypt::plugin::dns_ovh $_domains = join($domains, '\' -d \'') $plugin_args = [ @@ -218,4 +218,4 @@ monthday => $cron_monthday, } } -} +} \ No newline at end of file diff --git a/spec/classes/letsencrypt_spec.rb b/spec/classes/letsencrypt_spec.rb index e9e1f694..1a5e6154 100644 --- a/spec/classes/letsencrypt_spec.rb +++ b/spec/classes/letsencrypt_spec.rb @@ -18,27 +18,27 @@ epel = facts[:osfamily] == 'RedHat' && facts[:operatingsystem] != 'Fedora' it 'contains File[/usr/local/sbin/letsencrypt-domain-validation]' do - is_expected.to contain_file('/usr/local/sbin/letsencrypt-domain-validation') - .with_ensure('file') - .with_owner('root') - .with_group('root') - .with_mode('0500') - .with_source('puppet:///modules/letsencrypt/domain-validation.sh') + is_expected.to contain_file('/usr/local/sbin/letsencrypt-domain-validation'). + with_ensure('file'). + with_owner('root'). + with_group('root'). + with_mode('0500'). + with_source('puppet:///modules/letsencrypt/domain-validation.sh') end it 'contains the correct resources' do - is_expected.to contain_class('letsencrypt::install') - .with(configure_epel: epel, + is_expected.to contain_class('letsencrypt::install'). + with(configure_epel: epel, manage_install: true, manage_dependencies: true, repo: 'https://github.com/certbot/certbot.git', - version: 'v0.39.0') - .that_notifies('Exec[initialize letsencrypt]') - .that_comes_before('Class[letsencrypt::renew]') + version: 'v0.39.0'). + that_notifies('Exec[initialize letsencrypt]'). + that_comes_before('Class[letsencrypt::renew]') is_expected.to contain_exec('initialize letsencrypt') is_expected.to contain_class('letsencrypt::config').that_comes_before('Exec[initialize letsencrypt]') - is_expected.to contain_class('letsencrypt::renew') - .with(pre_hook_commands: [], + is_expected.to contain_class('letsencrypt::renew'). + with(pre_hook_commands: [], post_hook_commands: [], deploy_hook_commands: [], additional_args: [], @@ -49,8 +49,8 @@ if facts[:osfamily] == 'FreeBSD' is_expected.to contain_ini_setting('/usr/local/etc/letsencrypt/cli.ini email foo@example.com') is_expected.to contain_ini_setting('/usr/local/etc/letsencrypt/cli.ini server https://acme-v02.api.letsencrypt.org/directory') - is_expected.to contain_file('letsencrypt-renewal-hooks-puppet') - .with(ensure: 'directory', + is_expected.to contain_file('letsencrypt-renewal-hooks-puppet'). + with(ensure: 'directory', path: '/usr/local/etc/letsencrypt/renewal-hooks-puppet', owner: 'root', group: 'root', @@ -213,8 +213,8 @@ end it do - is_expected.to contain_cron('letsencrypt-renew') - .with(ensure: 'present', + is_expected.to contain_cron('letsencrypt-renew'). + with(ensure: 'present', command: 'certbot renew -q', hour: 0, minute: 0, @@ -240,8 +240,8 @@ end it do - is_expected.to contain_cron('letsencrypt-renew') - .with(ensure: 'present', + is_expected.to contain_cron('letsencrypt-renew'). + with(ensure: 'present', command: 'certbot renew -q --pre-hook "/etc/letsencrypt/renewal-hooks-puppet/renew-pre.sh" --post-hook "/etc/letsencrypt/renewal-hooks-puppet/renew-post.sh" --deploy-hook "/etc/letsencrypt/renewal-hooks-puppet/renew-deploy.sh"') end end @@ -255,8 +255,8 @@ end it do - is_expected.to contain_cron('letsencrypt-renew') - .with(ensure: 'present', + is_expected.to contain_cron('letsencrypt-renew'). + with(ensure: 'present', command: 'certbot renew -q AdditionalBar') end end diff --git a/spec/classes/plugin/dns_ovh_spec.rb b/spec/classes/plugin/dns_ovh_spec.rb index 2e0f1ea4..56343ec3 100644 --- a/spec/classes/plugin/dns_ovh_spec.rb +++ b/spec/classes/plugin/dns_ovh_spec.rb @@ -31,7 +31,7 @@ class { 'letsencrypt': endpoint: 'ovh-eu', application_key: 'MDAwMDAwMDAwMDAw', application_secret: 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw', - consumer_key: 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw', + consumer_key: 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw' ) end @@ -41,12 +41,12 @@ class { 'letsencrypt': else is_expected.to compile.with_all_deps - is_expected.to contain_file('/etc/letsencrypt/dns-ovh.ini') - .with_ensure('file') - .with_owner('root') - .with_group('root') - .with_mode('0400') - .with_content(%r{^.*dns_ovh_endpoint.*$}) + is_expected.to contain_file('/etc/letsencrypt/dns-ovh.ini'). + with_ensure('file'). + with_owner('root'). + with_group('root'). + with_mode('0400'). + with_content(%r{^.*dns_ovh_endpoint.*$}) end end diff --git a/spec/classes/plugin/dns_rfc2136_spec.rb b/spec/classes/plugin/dns_rfc2136_spec.rb index 0f143ab1..5b3ebbae 100644 --- a/spec/classes/plugin/dns_rfc2136_spec.rb +++ b/spec/classes/plugin/dns_rfc2136_spec.rb @@ -33,7 +33,7 @@ class { 'letsencrypt': super().merge( server: '192.0.2.1', key_name: 'certbot', - key_secret: 'secret', + key_secret: 'secret' ) end @@ -43,12 +43,12 @@ class { 'letsencrypt': else is_expected.to compile.with_all_deps - is_expected.to contain_file('/etc/letsencrypt/dns-rfc2136.ini') - .with_ensure('file') - .with_owner('root') - .with_group('root') - .with_mode('0400') - .with_content(%r{^.*dns_rfc2136_server.*$}) + is_expected.to contain_file('/etc/letsencrypt/dns-rfc2136.ini'). + with_ensure('file'). + with_owner('root'). + with_group('root'). + with_mode('0400'). + with_content(%r{^.*dns_rfc2136_server.*$}) end end diff --git a/spec/default_facts.yml b/spec/default_facts.yml deleted file mode 100644 index f777abfc..00000000 --- a/spec/default_facts.yml +++ /dev/null @@ -1,8 +0,0 @@ -# Use default_module_facts.yml for module specific facts. -# -# Facts specified here will override the values provided by rspec-puppet-facts. ---- -ipaddress: "172.16.254.254" -ipaddress6: "FE80:0000:0000:0000:AAAA:AAAA:AAAA" -is_pe: false -macaddress: "AA:AA:AA:AA:AA:AA" diff --git a/spec/defines/letsencrypt_certonly_spec.rb b/spec/defines/letsencrypt_certonly_spec.rb index db934943..b10d752e 100644 --- a/spec/defines/letsencrypt_certonly_spec.rb +++ b/spec/defines/letsencrypt_certonly_spec.rb @@ -31,9 +31,7 @@ end it { is_expected.to contain_exec('initialize letsencrypt') } it { is_expected.to contain_exec('letsencrypt certonly foo.example.com') } - it { - is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_unless "/usr/local/sbin/letsencrypt-domain-validation #{pathprefix}/etc/letsencrypt/live/foo.example.com/cert.pem 'foo.example.com'" - } + it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_unless "/usr/local/sbin/letsencrypt-domain-validation #{pathprefix}/etc/letsencrypt/live/foo.example.com/cert.pem 'foo.example.com'" } end context 'with ensure absent' do @@ -42,9 +40,7 @@ it { is_expected.to contain_exec('letsencrypt certonly foo.example.com') } it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive delete --cert-name 'foo.example.com'" } - it { - is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_onlyif "/usr/local/sbin/letsencrypt-domain-validation #{pathprefix}/etc/letsencrypt/live/foo.example.com/cert.pem 'foo.example.com'" - } + it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_onlyif "/usr/local/sbin/letsencrypt-domain-validation #{pathprefix}/etc/letsencrypt/live/foo.example.com/cert.pem 'foo.example.com'" } end context 'with multiple domains' do @@ -52,9 +48,7 @@ let(:params) { { domains: ['foo.example.com', 'bar.example.com', '*.example.com'] } } it { is_expected.to compile.with_all_deps } - it { - is_expected.to contain_exec('letsencrypt certonly foo').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo' -d 'foo.example.com' -d 'bar.example.com' -d '*.example.com'" - } + it { is_expected.to contain_exec('letsencrypt certonly foo').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo' -d 'foo.example.com' -d 'bar.example.com' -d '*.example.com'" } end context 'with custom cert-name' do @@ -62,9 +56,7 @@ let(:params) { { cert_name: 'bar.example.com' } } it { is_expected.to compile.with_all_deps } - it { - is_expected.to contain_exec('letsencrypt certonly foo').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'bar.example.com' -d 'foo'" - } + it { is_expected.to contain_exec('letsencrypt certonly foo').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'bar.example.com' -d 'foo'" } end context 'with custom command' do @@ -72,9 +64,7 @@ let(:params) { { letsencrypt_command: '/usr/lib/letsencrypt/letsencrypt-auto' } } it { is_expected.to compile.with_all_deps } - it { - is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command '/usr/lib/letsencrypt/letsencrypt-auto --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name \'foo.example.com\' -d \'foo.example.com\'' - } + it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command '/usr/lib/letsencrypt/letsencrypt-auto --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name \'foo.example.com\' -d \'foo.example.com\'' } end context 'with webroot plugin' do @@ -85,9 +75,7 @@ end it { is_expected.to compile.with_all_deps } - it { - is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a webroot --cert-name 'foo.example.com' --webroot-path /var/www/foo -d 'foo.example.com'" - } + it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a webroot --cert-name 'foo.example.com' --webroot-path /var/www/foo -d 'foo.example.com'" } end context 'with webroot plugin and multiple domains' do @@ -99,9 +87,7 @@ end it { is_expected.to compile.with_all_deps } - it { - is_expected.to contain_exec('letsencrypt certonly foo').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a webroot --cert-name 'foo' --webroot-path /var/www/foo -d 'foo.example.com' --webroot-path /var/www/bar -d 'bar.example.com'" - } + it { is_expected.to contain_exec('letsencrypt certonly foo').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a webroot --cert-name 'foo' --webroot-path /var/www/foo -d 'foo.example.com' --webroot-path /var/www/bar -d 'bar.example.com'" } end context 'with webroot plugin, one webroot, and multiple domains' do @@ -113,9 +99,7 @@ end it { is_expected.to compile.with_all_deps } - it { - is_expected.to contain_exec('letsencrypt certonly foo').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a webroot --cert-name 'foo' --webroot-path /var/www/foo -d 'foo.example.com' -d 'bar.example.com'" - } + it { is_expected.to contain_exec('letsencrypt certonly foo').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a webroot --cert-name 'foo' --webroot-path /var/www/foo -d 'foo.example.com' -d 'bar.example.com'" } end context 'with webroot plugin and no webroot_paths' do @@ -146,9 +130,7 @@ class { 'letsencrypt::plugin::dns_rfc2136': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_class('letsencrypt::plugin::dns_rfc2136') } - it { - is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a dns-rfc2136 --cert-name 'foo.example.com' -d 'foo.example.com' --dns-rfc2136-credentials /etc/letsencrypt/dns-rfc2136.ini --dns-rfc2136-propagation-seconds 10" - } + it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a dns-rfc2136 --cert-name 'foo.example.com' -d 'foo.example.com' --dns-rfc2136-credentials /etc/letsencrypt/dns-rfc2136.ini --dns-rfc2136-propagation-seconds 10" } end context 'with dns-ovh plugin' do @@ -172,9 +154,7 @@ class { 'letsencrypt::plugin::dns_ovh': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_class('letsencrypt::plugin::dns_ovh') } - it { - is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a dns-ovh --cert-name 'foo.example.com' -d 'foo.example.com' --dns-ovh-credentials /etc/letsencrypt/dns-ovh.ini --dns-ovh-propagation-seconds 30" - } + it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a dns-ovh --cert-name 'foo.example.com' -d 'foo.example.com' --dns-ovh-credentials /etc/letsencrypt/dns-ovh.ini --dns-ovh-propagation-seconds 30" } end context 'with dns-route53 plugin' do @@ -194,9 +174,7 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_class('letsencrypt::plugin::dns_route53') } - it { - is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a dns-route53 --cert-name 'foo.example.com' -d 'foo.example.com' --dns-route53-propagation-seconds 10" - } + it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a dns-route53 --cert-name 'foo.example.com' -d 'foo.example.com' --dns-route53-propagation-seconds 10" } end context 'with custom plugin' do @@ -204,9 +182,7 @@ class { 'letsencrypt::plugin::dns_route53': let(:params) { { plugin: 'apache' } } it { is_expected.to compile.with_all_deps } - it { - is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a apache --cert-name 'foo.example.com' -d 'foo.example.com'" - } + it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a apache --cert-name 'foo.example.com' -d 'foo.example.com'" } end context 'with custom plugin and manage_cron' do @@ -220,9 +196,7 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_command('"/var/lib/puppet/letsencrypt/renew-foo.example.com.sh"').with_ensure('present') } - it { - is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a apache --cert-name 'foo.example.com' -d 'foo.example.com'\n") - } + it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a apache --cert-name 'foo.example.com' -d 'foo.example.com'\n") } end context 'with hook' do @@ -278,9 +252,7 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_hour(13).with_ensure('present') } - it { - is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") - } + it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") } end context 'with manage_cron and out of range defined cron_hour (integer)' do @@ -307,9 +279,7 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_hour('00').with_ensure('present') } - it { - is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") - } + it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") } end context 'with manage_cron and defined cron_hour (array)' do @@ -323,9 +293,7 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_hour([1, 13]).with_ensure('present') } - it { - is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") - } + it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") } end context 'with manage_cron and defined cron_minute (integer)' do @@ -339,9 +307,7 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_minute(15).with_ensure('present') } - it { - is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") - } + it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") } end context 'with manage_cron and out of range defined cron_hour (integer)' do @@ -368,9 +334,7 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_minute('15').with_ensure('present') } - it { - is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") - } + it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") } end context 'with manage_cron and defined cron_minute (array)' do @@ -384,9 +348,7 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_minute([0, 30]).with_ensure('present') } - it { - is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") - } + it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") } end context 'with manage_cron and ensure absent' do @@ -416,9 +378,7 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_file('/tmp/custom_vardir/letsencrypt').with_ensure('directory') } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_command '"/tmp/custom_vardir/letsencrypt/renew-foo.example.com.sh"' } - it { - is_expected.to contain_file('/tmp/custom_vardir/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a apache --cert-name 'foo.example.com' -d 'foo.example.com'\n") - } + it { is_expected.to contain_file('/tmp/custom_vardir/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a apache --cert-name 'foo.example.com' -d 'foo.example.com'\n") } end context 'with custom plugin and manage cron and cron_success_command' do @@ -434,18 +394,14 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_command '"/var/lib/puppet/letsencrypt/renew-foo.example.com.sh"' } - it { - is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\n(echo before) && letsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a apache --cert-name 'foo.example.com' -d 'foo.example.com' && (echo success)\n") - } + it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\n(echo before) && letsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a apache --cert-name 'foo.example.com' -d 'foo.example.com' && (echo success)\n") } end context 'without plugin' do let(:title) { 'foo.example.com' } let(:params) { { custom_plugin: true } } - it { - is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 --cert-name 'foo.example.com' -d 'foo.example.com'" - } + it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 --cert-name 'foo.example.com' -d 'foo.example.com'" } end context 'with invalid plugin' do @@ -461,9 +417,7 @@ class { 'letsencrypt::plugin::dns_route53': let(:params) { { additional_args: ['--foo bar', '--baz quux'] } } it { is_expected.to compile.with_all_deps } - it { - is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com' --foo bar --baz quux" - } + it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com' --foo bar --baz quux" } end describe 'when specifying custom environment variables' do @@ -479,9 +433,7 @@ class { 'letsencrypt::plugin::dns_route53': let(:params) { { environment: ['FOO=bar', 'FIZZ=buzz'], manage_cron: true } } it { is_expected.to compile.with_all_deps } - it { - is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_content "#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nexport FOO=bar\nexport FIZZ=buzz\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n" - } + it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_content "#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nexport FOO=bar\nexport FIZZ=buzz\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n" } end context 'with manage cron and suppress_cron_output' do\ @@ -493,9 +445,7 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_command('"/var/lib/puppet/letsencrypt/renew-foo.example.com.sh"').with_ensure('present') } - it { - is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com' > /dev/null 2>&1\n") - } + it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com' > /dev/null 2>&1\n") } end context 'with manage cron and custom day of month' do @@ -507,9 +457,7 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with(monthday: [1, 15]).with_ensure('present') } - it { - is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") - } + it { is_expected.to contain_file('/var/lib/puppet/letsencrypt/renew-foo.example.com.sh').with_ensure('file').with_content("#!/bin/sh\nexport VENV_PATH=/opt/letsencrypt/.venv\nletsencrypt --keep-until-expiring --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a standalone --cert-name 'foo.example.com' -d 'foo.example.com'\n") } end context 'with custom config_dir' do @@ -518,9 +466,7 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_file('/foo/bar/baz').with_ensure('directory') } - it { - is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_unless '/usr/local/sbin/letsencrypt-domain-validation /foo/bar/baz/live/foo.example.com/cert.pem \'foo.example.com\'' - } + it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_unless '/usr/local/sbin/letsencrypt-domain-validation /foo/bar/baz/live/foo.example.com/cert.pem \'foo.example.com\'' } end context 'on FreeBSD', if: facts[:os]['name'] == 'FreeBSD' do @@ -532,10 +478,8 @@ class { 'letsencrypt::plugin::dns_route53': it { is_expected.to contain_ini_setting('/usr/local/etc/letsencrypt/cli.ini email foo@example.com') } it { is_expected.to contain_ini_setting('/usr/local/etc/letsencrypt/cli.ini server https://acme-v02.api.letsencrypt.org/directory') } it { is_expected.to contain_file('/usr/local/etc/letsencrypt').with_ensure('directory') } - it { - is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_unless '/usr/local/sbin/letsencrypt-domain-validation /usr/local/etc/letsencrypt/live/foo.example.com/cert.pem \'foo.example.com\'' - } + it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_unless '/usr/local/sbin/letsencrypt-domain-validation /usr/local/etc/letsencrypt/live/foo.example.com/cert.pem \'foo.example.com\'' } end end end -end +end \ No newline at end of file diff --git a/spec/defines/letsencrypt_hook_spec.rb b/spec/defines/letsencrypt_hook_spec.rb index 27d6e38e..7ac1b4e7 100644 --- a/spec/defines/letsencrypt_hook_spec.rb +++ b/spec/defines/letsencrypt_hook_spec.rb @@ -27,13 +27,13 @@ end it do - is_expected.to contain_file('/etc/letsencrypt/renewal-hooks-puppet/foo.example.com-pre.sh') - .with(ensure: 'file', + is_expected.to contain_file('/etc/letsencrypt/renewal-hooks-puppet/foo.example.com-pre.sh'). + with(ensure: 'file', owner: 'root', group: 'root', mode: '0755', - content: %r{^.*validate_env=0.*FooBar.*$}m) - .that_requires('File[letsencrypt-renewal-hooks-puppet]') + content: %r{^.*validate_env=0.*FooBar.*$}m). + that_requires('File[letsencrypt-renewal-hooks-puppet]') end end @@ -45,8 +45,8 @@ end it do - is_expected.to contain_file('/etc/letsencrypt/renewal-hooks-puppet/foo.example.com-post.sh') - .with_content(%r{^.*validate_env=0.*FooBar.*$}m) + is_expected.to contain_file('/etc/letsencrypt/renewal-hooks-puppet/foo.example.com-post.sh'). + with_content(%r{^.*validate_env=0.*FooBar.*$}m) end end @@ -58,8 +58,8 @@ end it do - is_expected.to contain_file('/etc/letsencrypt/renewal-hooks-puppet/foo.example.com-deploy.sh') - .with_content(%r{^.*validate_env=1.*FooBar.*$}m) + is_expected.to contain_file('/etc/letsencrypt/renewal-hooks-puppet/foo.example.com-deploy.sh'). + with_content(%r{^.*validate_env=1.*FooBar.*$}m) end end end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index b367fded..d266f6b4 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,61 +1,18 @@ -# frozen_string_literal: true - -RSpec.configure do |c| - c.mock_with :rspec -end - -require 'puppetlabs_spec_helper/module_spec_helper' -require 'rspec-puppet-facts' - -require 'spec_helper_local' if File.file?(File.join(File.dirname(__FILE__), 'spec_helper_local.rb')) - -include RspecPuppetFacts - -default_facts = { - puppetversion: Puppet.version, - facterversion: Facter.version, -} - -default_fact_files = [ - File.expand_path(File.join(File.dirname(__FILE__), 'default_facts.yml')), - File.expand_path(File.join(File.dirname(__FILE__), 'default_module_facts.yml')), -] - -default_fact_files.each do |f| - next unless File.exist?(f) && File.readable?(f) && File.size?(f) - - begin - default_facts.merge!(YAML.safe_load(File.read(f), [], [], true)) - rescue => e - RSpec.configuration.reporter.message "WARNING: Unable to load #{f}: #{e}" +# This file is managed via modulesync +# https://github.com/voxpupuli/modulesync +# https://github.com/voxpupuli/modulesync_config + +# puppetlabs_spec_helper will set up coverage if the env variable is set. +# We want to do this if lib exists and it hasn't been explicitly set. +ENV['COVERAGE'] ||= 'yes' if Dir.exist?(File.expand_path('../../lib', __FILE__)) + +require 'voxpupuli/test/spec_helper' + +if File.exist?(File.join(__dir__, 'default_module_facts.yml')) + facts = YAML.safe_load(File.read(File.join(__dir__, 'default_module_facts.yml'))) + if facts + facts.each do |name, value| + add_custom_fact name.to_sym, value + end end end - -# read default_facts and merge them over what is provided by facterdb -default_facts.each do |fact, value| - add_custom_fact fact, value -end - -RSpec.configure do |c| - c.default_facts = default_facts - c.before :each do - # set to strictest setting for testing - # by default Puppet runs at warning level - Puppet.settings[:strict] = :warning - Puppet.settings[:strict_variables] = true - end - c.filter_run_excluding(bolt: true) unless ENV['GEM_BOLT'] - c.after(:suite) do - end -end - -# Ensures that a module is defined -# @param module_name Name of the module -def ensure_module_defined(module_name) - module_name.split('::').reduce(Object) do |last_module, next_module| - last_module.const_set(next_module, Module.new) unless last_module.const_defined?(next_module, false) - last_module.const_get(next_module, false) - end -end - -# 'spec_overrides' from sync.yml will appear below this line From 80466a521bf11cd0e61de14df9992dedbf89b491 Mon Sep 17 00:00:00 2001 From: Alexandre Ellert Date: Sat, 13 Mar 2021 22:22:14 +0100 Subject: [PATCH 64/68] Fix travis --- manifests/certonly.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/certonly.pp b/manifests/certonly.pp index 05e236c4..fa544578 100644 --- a/manifests/certonly.pp +++ b/manifests/certonly.pp @@ -108,7 +108,7 @@ ] } - dns-ovh': { + 'dns-ovh': { require letsencrypt::plugin::dns_ovh $_domains = join($domains, '\' -d \'') $plugin_args = [ @@ -218,4 +218,4 @@ monthday => $cron_monthday, } } -} \ No newline at end of file +} From d23b24221ab8e630ba23a88588073e8f064c4b9c Mon Sep 17 00:00:00 2001 From: Alexandre Ellert Date: Sat, 13 Mar 2021 22:27:19 +0100 Subject: [PATCH 65/68] Fix travis --- manifests/plugin/dns_ovh.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/plugin/dns_ovh.pp b/manifests/plugin/dns_ovh.pp index 3d93eea8..dc730e5e 100644 --- a/manifests/plugin/dns_ovh.pp +++ b/manifests/plugin/dns_ovh.pp @@ -70,7 +70,7 @@ group => 'root', mode => '0400', content => epp('letsencrypt/ini.epp', { - vars => { '' => $ini_vars }, + vars => { '' => $ini_vars }, }), } From 4bc934b78b0e82ce374d524cfba10f920fc0a312 Mon Sep 17 00:00:00 2001 From: Alexandre Ellert Date: Sat, 13 Mar 2021 22:32:28 +0100 Subject: [PATCH 66/68] Fix travis --- manifests/plugin/dns_ovh.pp | 1 - spec/defines/letsencrypt_certonly_spec.rb | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/manifests/plugin/dns_ovh.pp b/manifests/plugin/dns_ovh.pp index dc730e5e..b55aa496 100644 --- a/manifests/plugin/dns_ovh.pp +++ b/manifests/plugin/dns_ovh.pp @@ -73,5 +73,4 @@ vars => { '' => $ini_vars }, }), } - } diff --git a/spec/defines/letsencrypt_certonly_spec.rb b/spec/defines/letsencrypt_certonly_spec.rb index b10d752e..5b7fd4cb 100644 --- a/spec/defines/letsencrypt_certonly_spec.rb +++ b/spec/defines/letsencrypt_certonly_spec.rb @@ -482,4 +482,4 @@ class { 'letsencrypt::plugin::dns_route53': end end end -end \ No newline at end of file +end From eea9eb53aa7e825dcd2cbc6e74e07d371580eb83 Mon Sep 17 00:00:00 2001 From: Alexandre Ellert Date: Sat, 13 Mar 2021 22:36:50 +0100 Subject: [PATCH 67/68] Fix travis --- manifests/params.pp | 95 --------------------------------------------- 1 file changed, 95 deletions(-) delete mode 100644 manifests/params.pp diff --git a/manifests/params.pp b/manifests/params.pp deleted file mode 100644 index bf8e8099..00000000 --- a/manifests/params.pp +++ /dev/null @@ -1,95 +0,0 @@ -# @summary Default parameters -# @api private -class letsencrypt::params { - $agree_tos = true - $unsafe_registration = false - $manage_config = true - $manage_install = true - $manage_dependencies = true - $package_ensure = 'installed' - $path = '/opt/letsencrypt' - $venv_path = '/opt/letsencrypt/.venv' # virtualenv path for vcs-installed letsencrypt - $repo = 'https://github.com/certbot/certbot.git' - $cron_scripts_path = "${facts['puppet_vardir']}/letsencrypt" # path for renewal scripts called by cron - $version = 'v0.30.2' - $config = { - 'server' => 'https://acme-v01.api.letsencrypt.org/directory', - } - - if $facts['osfamily'] == 'Debian' { - $install_method = 'package' - $package_name = 'certbot' - $package_command = 'certbot' - $config_dir = '/etc/letsencrypt' - $dns_rfc2136_package_name = 'python3-certbot-dns-rfc2136' - $dns_ovh_package_name = 'python3-certbot-dns-ovh' - } elsif $facts['osfamily'] == 'RedHat' { - $install_method = 'package' - $package_name = 'certbot' - $package_command = 'certbot' - $config_dir = '/etc/letsencrypt' - if $facts['operatingsystemmajrelease'] == '7' { - $dns_rfc2136_package_name = 'python2-certbot-dns-rfc2136' - $dns_ovh_package_name = 'python2-certbot-dns-ovh' - } else { - $dns_rfc2136_package_name = 'python3-certbot-dns-rfc2136' - $dns_ovh_package_name = 'python3-certbot-dns-ovh' - } - } elsif $facts['osfamily'] == 'Gentoo' { - $install_method = 'package' - $package_name = 'app-crypt/certbot' - $package_command = 'certbot' - $config_dir = '/etc/letsencrypt' - $dns_rfc2136_package_name = undef - $dns_ovh_package_name = undef - } elsif $facts['osfamily'] == 'OpenBSD' { - $install_method = 'package' - $package_name = 'certbot' - $package_command = 'certbot' - $config_dir = '/etc/letsencrypt' - $dns_rfc2136_package_name = undef - $dns_ovh_package_name = undef - } elsif $facts['osfamily'] == 'FreeBSD' { - $install_method = 'package' - $package_name = 'py27-certbot' - $package_command = 'certbot' - $config_dir = '/usr/local/etc/letsencrypt' - $dns_rfc2136_package_name = undef - $dns_ovh_package_name = undef - } else { - $install_method = 'vcs' - $package_name = 'letsencrypt' - $package_command = 'letsencrypt' - $config_dir = '/etc/letsencrypt' - $dns_rfc2136_package_name = undef - $dns_ovh_package_name = undef - } - - $config_file = "${config_dir}/cli.ini" - - $configure_epel = $facts['osfamily'] == 'RedHat' and $facts['os']['name'] != 'Fedora' - - $cron_owner_group = $facts['osfamily'] ? { - 'OpenBSD' => 'wheel', - 'FreeBSD' => 'wheel', - default => 'root', - } - - $renew_pre_hook_commands = [] - $renew_post_hook_commands = [] - $renew_deploy_hook_commands = [] - $renew_additional_args = [] - $renew_cron_ensure = 'absent' - $renew_cron_hour = fqdn_rand(24) - $renew_cron_minute = fqdn_rand(60, fqdn_rand_string(10)) - $renew_cron_monthday = '*' - - $dns_rfc2136_manage_package = true - $dns_rfc2136_port = 53 - $dns_rfc2136_algorithm = 'HMAC-SHA512' - $dns_rfc2136_propagation_seconds = 10 - - $dns_ovh_manage_package = true - $dns_ovh_propagation_seconds = 30 - -} From 62327f036558f5aad4c0129ca7bd7831f0dd5eee Mon Sep 17 00:00:00 2001 From: Alexandre Ellert Date: Sat, 13 Mar 2021 22:53:41 +0100 Subject: [PATCH 68/68] Fix travis --- manifests/plugin/dns_ovh.pp | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/manifests/plugin/dns_ovh.pp b/manifests/plugin/dns_ovh.pp index b55aa496..bc3f78fb 100644 --- a/manifests/plugin/dns_ovh.pp +++ b/manifests/plugin/dns_ovh.pp @@ -28,22 +28,22 @@ String[1] $application_key, String[1] $application_secret, String[1] $consumer_key, - Integer $propagation_seconds = $letsencrypt::dns_ovh_propagation_seconds, - Boolean $manage_package = $letsencrypt::dns_ovh_manage_package, - String $package_name = $letsencrypt::dns_ovh_package_name, + Integer $propagation_seconds = $letsencrypt::plugin::dns_ovh_propagation_seconds, + Boolean $manage_package = $letsencrypt::plugin::dns_ovh_manage_package, + String $package_name = $letsencrypt::plugin::dns_ovh_package_name, Stdlib::Absolutepath $config_file = "${letsencrypt::config_dir}/dns-ovh.ini", ) { require letsencrypt - case $::operatingsystem { + case $::facts['os']['id'] { 'Debian': { - if versioncmp($::operatingsystemrelease, '10') < 0 { - fail("The dns-ovh plugin is not compatible with ${::operatingsystem} ${::operatingsystemrelease}. See README.") + if versioncmp($::facts['os']['release']['major'], '10') < 0 { + fail("The dns-ovh plugin is not compatible with ${$::facts['os']['id']} ${$::facts['os']['release']['major']}. See README.") } } 'Ubuntu': { - if versioncmp($::operatingsystemrelease, '19') < 0 { - fail("The dns-ovh plugin is not compatible with ${::operatingsystem} ${::operatingsystemrelease}. See README.") + if versioncmp($::facts['os']['release']['major'], '19') < 0 { + fail("The dns-ovh plugin is not compatible with ${$::facts['os']['id']} ${$::facts['os']['release']['major']}. See README.") } } default: {