├── .fixtures.yml ├── .gitattributes ├── .github ├── CONTRIBUTING.md ├── ISSUE_TEMPLATE.md ├── PULL_REQUEST_TEMPLATE.md ├── SECURITY.md └── workflows │ ├── ci.yml │ ├── mend.yml │ ├── nightly.yml │ ├── release.yml │ └── release_prep.yml ├── .gitignore ├── .pdkignore ├── .puppet-lint.rc ├── .rspec ├── .rubocop.yml ├── .rubocop_todo.yml ├── .sync.yml ├── .vscode └── extensions.json ├── .yardopts ├── CHANGELOG.md ├── CODEOWNERS ├── Gemfile ├── LICENSE ├── README.md ├── REFERENCE.md ├── Rakefile ├── data └── common.yaml ├── hiera.yaml ├── manifests └── init.pp ├── metadata.json ├── pdk.yaml ├── spec ├── acceptance │ └── sslcertificate_spec.rb ├── default_facts.yml ├── defines │ └── sslcertificate_spec.rb ├── spec_helper.rb └── spec_helper_acceptance.rb └── templates ├── import.ps1.erb └── inspect.ps1.erb /.fixtures.yml: -------------------------------------------------------------------------------- 1 | fixtures: 2 | repositories: 3 | facts: 'https://github.com/puppetlabs/puppetlabs-facts.git' 4 | puppet_agent: 5 | repo: 'https://github.com/puppetlabs/puppetlabs-puppet_agent.git' 6 | ref: v4.13.0 7 | stdlib: https://github.com/puppetlabs/puppetlabs-stdlib.git 8 | powershell: https://github.com/puppetlabs/puppetlabs-powershell.git 9 | provision: 'https://github.com/puppetlabs/provision.git' 10 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | *.rb eol=lf 2 | *.erb eol=lf 3 | *.pp eol=lf 4 | *.sh eol=lf 5 | *.epp eol=lf 6 | -------------------------------------------------------------------------------- /.github/CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contribution guidelines 2 | 3 | ## Table of contents 4 | 5 | * [Contributing](#contributing) 6 | * [Writing proper commits - short version](#writing-proper-commits-short-version) 7 | * [Writing proper commits - long version](#writing-proper-commits-long-version) 8 | * [Dependencies](#dependencies) 9 | * [Note for OS X users](#note-for-os-x-users) 10 | * [The test matrix](#the-test-matrix) 11 | * [Syntax and style](#syntax-and-style) 12 | * [Running the unit tests](#running-the-unit-tests) 13 | * [Unit tests in docker](#unit-tests-in-docker) 14 | * [Integration tests](#integration-tests) 15 | 16 | This module has grown over time based on a range of contributions from 17 | people using it. If you follow these contributing guidelines your patch 18 | will likely make it into a release a little more quickly. 19 | 20 | ## Contributing 21 | 22 | Please note that this project is released with a Contributor Code of Conduct. 23 | By participating in this project you agree to abide by its terms. 24 | [Contributor Code of Conduct](https://voxpupuli.org/coc/). 25 | 26 | * Fork the repo. 27 | * Create a separate branch for your change. 28 | * We only take pull requests with passing tests, and documentation. [GitHub Actions](https://docs.github.com/en/actions) run the tests for us. You can also execute them locally. This is explained [in a later section](#the-test-matrix). 29 | * Checkout [our docs](https://voxpupuli.org/docs/reviewing_pr/) we use to review a module and the [official styleguide](https://puppet.com/docs/puppet/6.0/style_guide.html). They provide some guidance for new code that might help you before you submit a pull request. 30 | * Add a test for your change. Only refactoring and documentation changes require no new tests. If you are adding functionality or fixing a bug, please add a test. 31 | * Squash your commits down into logical components. Make sure to rebase against our current master. 32 | * Push the branch to your fork and submit a pull request. 33 | 34 | Please be prepared to repeat some of these steps as our contributors review your code. 35 | 36 | Also consider sending in your profile code that calls this component module as an acceptance test or provide it via an issue. This helps reviewers a lot to test your use case and prevents future regressions! 37 | 38 | ## Writing proper commits - short version 39 | 40 | * Make commits of logical units. 41 | * Check for unnecessary whitespace with "git diff --check" before committing. 42 | * Commit using Unix line endings (check the settings around "crlf" in git-config(1)). 43 | * Do not check in commented out code or unneeded files. 44 | * The first line of the commit message should be a short description (50 characters is the soft limit, excluding ticket number(s)), and should skip the full stop. 45 | * Associate the issue in the message. The first line should include the issue number in the form "(#XXXX) Rest of message". 46 | * The body should provide a meaningful commit message, which: 47 | *uses the imperative, present tense: `change`, not `changed` or `changes`. 48 | * includes motivation for the change, and contrasts its implementation with the previous behavior. 49 | * Make sure that you have tests for the bug you are fixing, or feature you are adding. 50 | * Make sure the test suites passes after your commit: 51 | * When introducing a new feature, make sure it is properly documented in the README.md 52 | 53 | ## Writing proper commits - long version 54 | 55 | 1. Make separate commits for logically separate changes. 56 | 57 | Please break your commits down into logically consistent units 58 | which include new or changed tests relevant to the rest of the 59 | change. The goal of doing this is to make the diff easier to 60 | read for whoever is reviewing your code. In general, the easier 61 | your diff is to read, the more likely someone will be happy to 62 | review it and get it into the code base. 63 | 64 | If you are going to refactor a piece of code, please do so as a 65 | separate commit from your feature or bug fix changes. 66 | 67 | We also really appreciate changes that include tests to make 68 | sure the bug is not re-introduced, and that the feature is not 69 | accidentally broken. 70 | 71 | Describe the technical detail of the change(s). If your 72 | description starts to get too long, that is a good sign that you 73 | probably need to split up your commit into more finely grained 74 | pieces. 75 | 76 | Commits which plainly describe the things which help 77 | reviewers check the patch and future developers understand the 78 | code are much more likely to be merged in with a minimum of 79 | bike-shedding or requested changes. Ideally, the commit message 80 | would include information, and be in a form suitable for 81 | inclusion in the release notes for the version of Puppet that 82 | includes them. 83 | 84 | Please also check that you are not introducing any trailing 85 | whitespace or other "whitespace errors". You can do this by 86 | running "git diff --check" on your changes before you commit. 87 | 88 | 2. Sending your patches 89 | 90 | To submit your changes via a GitHub pull request, we _highly_ 91 | recommend that you have them on a topic branch, instead of 92 | directly on `master`. 93 | It makes things much easier to keep track of, especially if 94 | you decide to work on another thing before your first change 95 | is merged in. 96 | 97 | GitHub has some pretty good 98 | [general documentation](http://help.github.com/) on using 99 | their site. They also have documentation on 100 | [creating pull requests](http://help.github.com/send-pull-requests/). 101 | 102 | In general, after pushing your topic branch up to your 103 | repository on GitHub, you can switch to the branch in the 104 | GitHub UI and click "Pull Request" towards the top of the page 105 | in order to open a pull request. 106 | 107 | 108 | 3. Update the related GitHub issue. 109 | 110 | If there is a GitHub issue associated with the change you 111 | submitted, then you should update the ticket to include the 112 | location of your branch, along with any other commentary you 113 | may wish to make. 114 | 115 | ## Dependencies 116 | 117 | The testing and development tools have a bunch of dependencies, 118 | all managed by [bundler](http://bundler.io/) according to the 119 | [Puppet support matrix](http://docs.puppetlabs.com/guides/platforms.html#ruby-versions). 120 | 121 | By default the tests use a baseline version of Puppet. 122 | 123 | If you have Ruby 2.x or want a specific version of Puppet, 124 | you must set an environment variable such as: 125 | 126 | ```sh 127 | export PUPPET_VERSION="~> 5.5.6" 128 | ``` 129 | 130 | You can install all needed gems for spec tests into the modules directory by 131 | running: 132 | 133 | ```sh 134 | bundle install --path .vendor/ --without development system_tests release --jobs "$(nproc)" 135 | ``` 136 | 137 | If you also want to run acceptance tests: 138 | 139 | ```sh 140 | bundle install --path .vendor/ --with system_tests --without development release --jobs "$(nproc)" 141 | ``` 142 | 143 | Our all in one solution if you don't know if you need to install or update gems: 144 | 145 | ```sh 146 | bundle install --path .vendor/ --with system_tests --without development release --jobs "$(nproc)"; bundle update; bundle clean 147 | ``` 148 | 149 | As an alternative to the `--jobs "$(nproc)` parameter, you can set an 150 | environment variable: 151 | 152 | ```sh 153 | BUNDLE_JOBS="$(nproc)" 154 | ``` 155 | 156 | ### Note for OS X users 157 | 158 | `nproc` isn't a valid command under OS x. As an alternative, you can do: 159 | 160 | ```sh 161 | --jobs "$(sysctl -n hw.ncpu)" 162 | ``` 163 | 164 | ## The test matrix 165 | 166 | ### Syntax and style 167 | 168 | The test suite will run [Puppet Lint](http://puppet-lint.com/) and 169 | [Puppet Syntax](https://github.com/gds-operations/puppet-syntax) to 170 | check various syntax and style things. You can run these locally with: 171 | 172 | ```sh 173 | bundle exec rake lint 174 | bundle exec rake validate 175 | ``` 176 | 177 | It will also run some [Rubocop](http://batsov.com/rubocop/) tests 178 | against it. You can run those locally ahead of time with: 179 | 180 | ```sh 181 | bundle exec rake rubocop 182 | ``` 183 | 184 | ### Running the unit tests 185 | 186 | The unit test suite covers most of the code, as mentioned above please 187 | add tests if you're adding new functionality. If you've not used 188 | [rspec-puppet](http://rspec-puppet.com/) before then feel free to ask 189 | about how best to test your new feature. 190 | 191 | To run the linter, the syntax checker and the unit tests: 192 | 193 | ```sh 194 | bundle exec rake test 195 | ``` 196 | 197 | To run your all the unit tests 198 | 199 | ```sh 200 | bundle exec rake spec 201 | ``` 202 | 203 | To run a specific spec test set the `SPEC` variable: 204 | 205 | ```sh 206 | bundle exec rake spec SPEC=spec/foo_spec.rb 207 | ``` 208 | 209 | #### Unit tests in docker 210 | 211 | Some people don't want to run the dependencies locally or don't want to install 212 | ruby. We ship a Dockerfile that enables you to run all unit tests and linting. 213 | You only need to run: 214 | 215 | ```sh 216 | docker build . 217 | ``` 218 | 219 | Please ensure that a docker daemon is running and that your user has the 220 | permission to talk to it. You can specify a remote docker host by setting the 221 | `DOCKER_HOST` environment variable. it will copy the content of the module into 222 | the docker image. So it will not work if a Gemfile.lock exists. 223 | 224 | ### Integration tests 225 | 226 | The unit tests just check the code runs, not that it does exactly what 227 | we want on a real machine. For that we're using 228 | [beaker](https://github.com/puppetlabs/beaker). 229 | 230 | This fires up a new virtual machine (using vagrant) and runs a series of 231 | simple tests against it after applying the module. You can run this 232 | with: 233 | 234 | ```sh 235 | BEAKER_setfile=debian10-x64 bundle exec rake beaker 236 | ``` 237 | 238 | You can replace the string `debian10` with any common operating system. 239 | The following strings are known to work: 240 | 241 | * ubuntu1604 242 | * ubuntu1804 243 | * ubuntu2004 244 | * debian9 245 | * debian10 246 | * centos7 247 | * centos8 248 | 249 | For more information and tips & tricks, see [voxpupuli-acceptance's documentation](https://github.com/voxpupuli/voxpupuli-acceptance#running-tests). 250 | 251 | The source of this file is in our [modulesync_config](https://github.com/voxpupuli/modulesync_config/blob/master/moduleroot/.github/CONTRIBUTING.md.erb) 252 | repository. 253 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | ## Affected Puppet, Ruby, OS and module versions/distributions 2 | 3 | - Puppet: 4 | - Ruby: 5 | - Distribution: 6 | - Module version: 7 | 8 | ## How to reproduce (e.g Puppet code you use) 9 | 10 | ## What are you seeing 11 | 12 | ## What behaviour did you expect instead 13 | 14 | ## Output log 15 | 16 | ## Any additional information you'd like to impart 17 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | ## Summary 2 | Provide a detailed description of all the changes present in this pull request. 3 | 4 | ## Additional Context 5 | Add any additional context about the problem here. 6 | - [ ] Root cause and the steps to reproduce. (If applicable) 7 | - [ ] Thought process behind the implementation. 8 | 9 | ## Related Issues (if any) 10 | Mention any related issues or pull requests. 11 | 12 | ## Checklist 13 | - [ ] 🟢 Spec tests. 14 | - [ ] 🟢 Acceptance tests. 15 | - [ ] Manually verified. 16 | -------------------------------------------------------------------------------- /.github/SECURITY.md: -------------------------------------------------------------------------------- 1 | # Vox Pupuli Security Policy 2 | 3 | Our vulnerabilities reporting process is at https://voxpupuli.org/security/ 4 | -------------------------------------------------------------------------------- /.github/workflows/ci.yml: -------------------------------------------------------------------------------- 1 | name: "ci" 2 | 3 | on: 4 | pull_request: 5 | branches: 6 | - "main" 7 | workflow_dispatch: 8 | 9 | jobs: 10 | Spec: 11 | uses: "puppetlabs/cat-github-actions/.github/workflows/module_ci.yml@main" 12 | secrets: "inherit" 13 | 14 | Acceptance: 15 | needs: Spec 16 | uses: "puppetlabs/cat-github-actions/.github/workflows/module_acceptance.yml@main" 17 | secrets: "inherit" 18 | -------------------------------------------------------------------------------- /.github/workflows/mend.yml: -------------------------------------------------------------------------------- 1 | name: "mend" 2 | 3 | on: 4 | pull_request: 5 | branches: 6 | - "main" 7 | schedule: 8 | - cron: "0 0 * * *" 9 | workflow_dispatch: 10 | 11 | jobs: 12 | 13 | mend: 14 | uses: "puppetlabs/cat-github-actions/.github/workflows/mend_ruby.yml@main" 15 | secrets: "inherit" 16 | -------------------------------------------------------------------------------- /.github/workflows/nightly.yml: -------------------------------------------------------------------------------- 1 | name: "nightly" 2 | 3 | on: 4 | schedule: 5 | - cron: "0 0 * * *" 6 | workflow_dispatch: 7 | 8 | jobs: 9 | Spec: 10 | uses: "puppetlabs/cat-github-actions/.github/workflows/module_ci.yml@main" 11 | secrets: "inherit" 12 | 13 | Acceptance: 14 | needs: Spec 15 | uses: "puppetlabs/cat-github-actions/.github/workflows/module_acceptance.yml@main" 16 | secrets: "inherit" 17 | -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | name: "Publish module" 2 | 3 | on: 4 | workflow_dispatch: 5 | 6 | jobs: 7 | release: 8 | uses: "puppetlabs/cat-github-actions/.github/workflows/module_release.yml@main" 9 | secrets: "inherit" 10 | -------------------------------------------------------------------------------- /.github/workflows/release_prep.yml: -------------------------------------------------------------------------------- 1 | name: "Release Prep" 2 | 3 | on: 4 | workflow_dispatch: 5 | inputs: 6 | version: 7 | description: "Module version to be released. Must be a valid semver string. (1.2.3)" 8 | required: true 9 | 10 | jobs: 11 | release_prep: 12 | uses: "puppetlabs/cat-github-actions/.github/workflows/module_release_prep.yml@main" 13 | with: 14 | version: "${{ github.event.inputs.version }}" 15 | secrets: "inherit" 16 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .git/ 2 | .*.sw[op] 3 | .metadata 4 | .yardoc 5 | .yardwarns 6 | *.iml 7 | /.bundle/ 8 | /.idea/ 9 | /.vagrant/ 10 | /coverage/ 11 | /bin/ 12 | /doc/ 13 | /Gemfile.local 14 | /Gemfile.lock 15 | /junit/ 16 | /log/ 17 | /pkg/ 18 | /spec/fixtures/manifests/ 19 | /spec/fixtures/modules/* 20 | /tmp/ 21 | /vendor/ 22 | /.vendor/ 23 | /convert_report.txt 24 | /update_report.txt 25 | .DS_Store 26 | .project 27 | .envrc 28 | /inventory.yaml 29 | /spec/fixtures/litmus_inventory.yaml 30 | .resource_types 31 | .modules 32 | .task_cache.json 33 | .plan_cache.json 34 | .rerun.json 35 | bolt-debug.log 36 | -------------------------------------------------------------------------------- /.pdkignore: -------------------------------------------------------------------------------- 1 | .git/ 2 | .*.sw[op] 3 | .metadata 4 | .yardoc 5 | .yardwarns 6 | *.iml 7 | /.bundle/ 8 | /.idea/ 9 | /.vagrant/ 10 | /coverage/ 11 | /bin/ 12 | /doc/ 13 | /Gemfile.local 14 | /Gemfile.lock 15 | /junit/ 16 | /log/ 17 | /pkg/ 18 | /spec/fixtures/manifests/ 19 | /spec/fixtures/modules/* 20 | /tmp/ 21 | /vendor/ 22 | /.vendor/ 23 | /convert_report.txt 24 | /update_report.txt 25 | .DS_Store 26 | .project 27 | .envrc 28 | /inventory.yaml 29 | /spec/fixtures/litmus_inventory.yaml 30 | .resource_types 31 | .modules 32 | .task_cache.json 33 | .plan_cache.json 34 | .rerun.json 35 | bolt-debug.log 36 | /.fixtures.yml 37 | /Gemfile 38 | /.gitattributes 39 | /.github/ 40 | /.gitignore 41 | /.pdkignore 42 | /.puppet-lint.rc 43 | /Rakefile 44 | /rakelib/ 45 | /.rspec 46 | /..yml 47 | /.yardopts 48 | /spec/ 49 | /.vscode/ 50 | /.sync.yml 51 | /.devcontainer/ 52 | -------------------------------------------------------------------------------- /.puppet-lint.rc: -------------------------------------------------------------------------------- 1 | --relative 2 | -------------------------------------------------------------------------------- /.rspec: -------------------------------------------------------------------------------- 1 | --color 2 | --format documentation 3 | -------------------------------------------------------------------------------- /.rubocop.yml: -------------------------------------------------------------------------------- 1 | --- 2 | inherit_from: .rubocop_todo.yml 3 | 4 | require: 5 | - rubocop-performance 6 | - rubocop-rspec 7 | AllCops: 8 | NewCops: enable 9 | DisplayCopNames: true 10 | TargetRubyVersion: '2.7' 11 | Include: 12 | - "**/*.rb" 13 | Exclude: 14 | - bin/* 15 | - ".vendor/**/*" 16 | - "**/Gemfile" 17 | - "**/Rakefile" 18 | - pkg/**/* 19 | - spec/fixtures/**/* 20 | - vendor/**/* 21 | - "**/Puppetfile" 22 | - "**/Vagrantfile" 23 | - "**/Guardfile" 24 | Layout/LineLength: 25 | Description: People have wide screens, use them. 26 | Max: 200 27 | RSpec/BeforeAfterAll: 28 | Description: Beware of using after(:all) as it may cause state to leak between tests. 29 | A necessary evil in acceptance testing. 30 | Exclude: 31 | - spec/acceptance/**/*.rb 32 | RSpec/HookArgument: 33 | Description: Prefer explicit :each argument, matching existing module's style 34 | EnforcedStyle: each 35 | RSpec/DescribeSymbol: 36 | Exclude: 37 | - spec/unit/facter/**/*.rb 38 | Style/BlockDelimiters: 39 | Description: Prefer braces for chaining. Mostly an aesthetical choice. Better to 40 | be consistent then. 41 | EnforcedStyle: braces_for_chaining 42 | Style/ClassAndModuleChildren: 43 | Description: Compact style reduces the required amount of indentation. 44 | EnforcedStyle: compact 45 | Style/EmptyElse: 46 | Description: Enforce against empty else clauses, but allow `nil` for clarity. 47 | EnforcedStyle: empty 48 | Style/FormatString: 49 | Description: Following the main puppet project's style, prefer the % format format. 50 | EnforcedStyle: percent 51 | Style/FormatStringToken: 52 | Description: Following the main puppet project's style, prefer the simpler template 53 | tokens over annotated ones. 54 | EnforcedStyle: template 55 | Style/Lambda: 56 | Description: Prefer the keyword for easier discoverability. 57 | EnforcedStyle: literal 58 | Style/RegexpLiteral: 59 | Description: Community preference. See https://github.com/voxpupuli/modulesync_config/issues/168 60 | EnforcedStyle: percent_r 61 | Style/TernaryParentheses: 62 | Description: Checks for use of parentheses around ternary conditions. Enforce parentheses 63 | on complex expressions for better readability, but seriously consider breaking 64 | it up. 65 | EnforcedStyle: require_parentheses_when_complex 66 | Style/TrailingCommaInArguments: 67 | Description: Prefer always trailing comma on multiline argument lists. This makes 68 | diffs, and re-ordering nicer. 69 | EnforcedStyleForMultiline: comma 70 | Style/TrailingCommaInArrayLiteral: 71 | Description: Prefer always trailing comma on multiline literals. This makes diffs, 72 | and re-ordering nicer. 73 | EnforcedStyleForMultiline: comma 74 | Style/SymbolArray: 75 | Description: Using percent style obscures symbolic intent of array's contents. 76 | EnforcedStyle: brackets 77 | RSpec/MessageSpies: 78 | EnforcedStyle: receive 79 | Style/Documentation: 80 | Exclude: 81 | - lib/puppet/parser/functions/**/* 82 | - spec/**/* 83 | Style/WordArray: 84 | EnforcedStyle: brackets 85 | Performance/AncestorsInclude: 86 | Enabled: true 87 | Performance/BigDecimalWithNumericArgument: 88 | Enabled: true 89 | Performance/BlockGivenWithExplicitBlock: 90 | Enabled: true 91 | Performance/CaseWhenSplat: 92 | Enabled: true 93 | Performance/ConstantRegexp: 94 | Enabled: true 95 | Performance/MethodObjectAsBlock: 96 | Enabled: true 97 | Performance/RedundantSortBlock: 98 | Enabled: true 99 | Performance/RedundantStringChars: 100 | Enabled: true 101 | Performance/ReverseFirst: 102 | Enabled: true 103 | Performance/SortReverse: 104 | Enabled: true 105 | Performance/Squeeze: 106 | Enabled: true 107 | Performance/StringInclude: 108 | Enabled: true 109 | Performance/Sum: 110 | Enabled: true 111 | Style/CollectionMethods: 112 | Enabled: true 113 | Style/MethodCalledOnDoEndBlock: 114 | Enabled: true 115 | Style/StringMethods: 116 | Enabled: true 117 | Bundler/GemFilename: 118 | Enabled: false 119 | Bundler/InsecureProtocolSource: 120 | Enabled: false 121 | Capybara/CurrentPathExpectation: 122 | Enabled: false 123 | Capybara/VisibilityMatcher: 124 | Enabled: false 125 | Gemspec/DuplicatedAssignment: 126 | Enabled: false 127 | Gemspec/OrderedDependencies: 128 | Enabled: false 129 | Gemspec/RequiredRubyVersion: 130 | Enabled: false 131 | Gemspec/RubyVersionGlobalsUsage: 132 | Enabled: false 133 | Layout/ArgumentAlignment: 134 | Enabled: false 135 | Layout/BeginEndAlignment: 136 | Enabled: false 137 | Layout/ClosingHeredocIndentation: 138 | Enabled: false 139 | Layout/EmptyComment: 140 | Enabled: false 141 | Layout/EmptyLineAfterGuardClause: 142 | Enabled: false 143 | Layout/EmptyLinesAroundArguments: 144 | Enabled: false 145 | Layout/EmptyLinesAroundAttributeAccessor: 146 | Enabled: false 147 | Layout/EndOfLine: 148 | Enabled: false 149 | Layout/FirstArgumentIndentation: 150 | Enabled: false 151 | Layout/HashAlignment: 152 | Enabled: false 153 | Layout/HeredocIndentation: 154 | Enabled: false 155 | Layout/LeadingEmptyLines: 156 | Enabled: false 157 | Layout/SpaceAroundMethodCallOperator: 158 | Enabled: false 159 | Layout/SpaceInsideArrayLiteralBrackets: 160 | Enabled: false 161 | Layout/SpaceInsideReferenceBrackets: 162 | Enabled: false 163 | Lint/BigDecimalNew: 164 | Enabled: false 165 | Lint/BooleanSymbol: 166 | Enabled: false 167 | Lint/ConstantDefinitionInBlock: 168 | Enabled: false 169 | Lint/DeprecatedOpenSSLConstant: 170 | Enabled: false 171 | Lint/DisjunctiveAssignmentInConstructor: 172 | Enabled: false 173 | Lint/DuplicateElsifCondition: 174 | Enabled: false 175 | Lint/DuplicateRequire: 176 | Enabled: false 177 | Lint/DuplicateRescueException: 178 | Enabled: false 179 | Lint/EmptyConditionalBody: 180 | Enabled: false 181 | Lint/EmptyFile: 182 | Enabled: false 183 | Lint/ErbNewArguments: 184 | Enabled: false 185 | Lint/FloatComparison: 186 | Enabled: false 187 | Lint/HashCompareByIdentity: 188 | Enabled: false 189 | Lint/IdentityComparison: 190 | Enabled: false 191 | Lint/InterpolationCheck: 192 | Enabled: false 193 | Lint/MissingCopEnableDirective: 194 | Enabled: false 195 | Lint/MixedRegexpCaptureTypes: 196 | Enabled: false 197 | Lint/NestedPercentLiteral: 198 | Enabled: false 199 | Lint/NonDeterministicRequireOrder: 200 | Enabled: false 201 | Lint/OrderedMagicComments: 202 | Enabled: false 203 | Lint/OutOfRangeRegexpRef: 204 | Enabled: false 205 | Lint/RaiseException: 206 | Enabled: false 207 | Lint/RedundantCopEnableDirective: 208 | Enabled: false 209 | Lint/RedundantRequireStatement: 210 | Enabled: false 211 | Lint/RedundantSafeNavigation: 212 | Enabled: false 213 | Lint/RedundantWithIndex: 214 | Enabled: false 215 | Lint/RedundantWithObject: 216 | Enabled: false 217 | Lint/RegexpAsCondition: 218 | Enabled: false 219 | Lint/ReturnInVoidContext: 220 | Enabled: false 221 | Lint/SafeNavigationConsistency: 222 | Enabled: false 223 | Lint/SafeNavigationWithEmpty: 224 | Enabled: false 225 | Lint/SelfAssignment: 226 | Enabled: false 227 | Lint/SendWithMixinArgument: 228 | Enabled: false 229 | Lint/ShadowedArgument: 230 | Enabled: false 231 | Lint/StructNewOverride: 232 | Enabled: false 233 | Lint/ToJSON: 234 | Enabled: false 235 | Lint/TopLevelReturnWithArgument: 236 | Enabled: false 237 | Lint/TrailingCommaInAttributeDeclaration: 238 | Enabled: false 239 | Lint/UnreachableLoop: 240 | Enabled: false 241 | Lint/UriEscapeUnescape: 242 | Enabled: false 243 | Lint/UriRegexp: 244 | Enabled: false 245 | Lint/UselessMethodDefinition: 246 | Enabled: false 247 | Lint/UselessTimes: 248 | Enabled: false 249 | Metrics/AbcSize: 250 | Enabled: false 251 | Metrics/BlockLength: 252 | Enabled: false 253 | Metrics/BlockNesting: 254 | Enabled: false 255 | Metrics/ClassLength: 256 | Enabled: false 257 | Metrics/CyclomaticComplexity: 258 | Enabled: false 259 | Metrics/MethodLength: 260 | Enabled: false 261 | Metrics/ModuleLength: 262 | Enabled: false 263 | Metrics/ParameterLists: 264 | Enabled: false 265 | Metrics/PerceivedComplexity: 266 | Enabled: false 267 | Migration/DepartmentName: 268 | Enabled: false 269 | Naming/AccessorMethodName: 270 | Enabled: false 271 | Naming/BlockParameterName: 272 | Enabled: false 273 | Naming/HeredocDelimiterCase: 274 | Enabled: false 275 | Naming/HeredocDelimiterNaming: 276 | Enabled: false 277 | Naming/MemoizedInstanceVariableName: 278 | Enabled: false 279 | Naming/MethodParameterName: 280 | Enabled: false 281 | Naming/RescuedExceptionsVariableName: 282 | Enabled: false 283 | Naming/VariableNumber: 284 | Enabled: false 285 | Performance/BindCall: 286 | Enabled: false 287 | Performance/DeletePrefix: 288 | Enabled: false 289 | Performance/DeleteSuffix: 290 | Enabled: false 291 | Performance/InefficientHashSearch: 292 | Enabled: false 293 | Performance/UnfreezeString: 294 | Enabled: false 295 | Performance/UriDefaultParser: 296 | Enabled: false 297 | RSpec/Be: 298 | Enabled: false 299 | RSpec/Capybara/FeatureMethods: 300 | Enabled: false 301 | RSpec/ContainExactly: 302 | Enabled: false 303 | RSpec/ContextMethod: 304 | Enabled: false 305 | RSpec/ContextWording: 306 | Enabled: false 307 | RSpec/DescribeClass: 308 | Enabled: false 309 | RSpec/EmptyHook: 310 | Enabled: false 311 | RSpec/EmptyLineAfterExample: 312 | Enabled: false 313 | RSpec/EmptyLineAfterExampleGroup: 314 | Enabled: false 315 | RSpec/EmptyLineAfterHook: 316 | Enabled: false 317 | RSpec/ExampleLength: 318 | Enabled: false 319 | RSpec/ExampleWithoutDescription: 320 | Enabled: false 321 | RSpec/ExpectChange: 322 | Enabled: false 323 | RSpec/ExpectInHook: 324 | Enabled: false 325 | RSpec/FactoryBot/AttributeDefinedStatically: 326 | Enabled: false 327 | RSpec/FactoryBot/CreateList: 328 | Enabled: false 329 | RSpec/FactoryBot/FactoryClassName: 330 | Enabled: false 331 | RSpec/HooksBeforeExamples: 332 | Enabled: false 333 | RSpec/ImplicitBlockExpectation: 334 | Enabled: false 335 | RSpec/ImplicitSubject: 336 | Enabled: false 337 | RSpec/LeakyConstantDeclaration: 338 | Enabled: false 339 | RSpec/LetBeforeExamples: 340 | Enabled: false 341 | RSpec/MatchArray: 342 | Enabled: false 343 | RSpec/MissingExampleGroupArgument: 344 | Enabled: false 345 | RSpec/MultipleExpectations: 346 | Enabled: false 347 | RSpec/MultipleMemoizedHelpers: 348 | Enabled: false 349 | RSpec/MultipleSubjects: 350 | Enabled: false 351 | RSpec/NestedGroups: 352 | Enabled: false 353 | RSpec/PredicateMatcher: 354 | Enabled: false 355 | RSpec/ReceiveCounts: 356 | Enabled: false 357 | RSpec/ReceiveNever: 358 | Enabled: false 359 | RSpec/RepeatedExampleGroupBody: 360 | Enabled: false 361 | RSpec/RepeatedExampleGroupDescription: 362 | Enabled: false 363 | RSpec/RepeatedIncludeExample: 364 | Enabled: false 365 | RSpec/ReturnFromStub: 366 | Enabled: false 367 | RSpec/SharedExamples: 368 | Enabled: false 369 | RSpec/StubbedMock: 370 | Enabled: false 371 | RSpec/UnspecifiedException: 372 | Enabled: false 373 | RSpec/VariableDefinition: 374 | Enabled: false 375 | RSpec/VoidExpect: 376 | Enabled: false 377 | RSpec/Yield: 378 | Enabled: false 379 | Security/Open: 380 | Enabled: false 381 | Style/AccessModifierDeclarations: 382 | Enabled: false 383 | Style/AccessorGrouping: 384 | Enabled: false 385 | Style/BisectedAttrAccessor: 386 | Enabled: false 387 | Style/CaseLikeIf: 388 | Enabled: false 389 | Style/ClassEqualityComparison: 390 | Enabled: false 391 | Style/ColonMethodDefinition: 392 | Enabled: false 393 | Style/CombinableLoops: 394 | Enabled: false 395 | Style/CommentedKeyword: 396 | Enabled: false 397 | Style/Dir: 398 | Enabled: false 399 | Style/DoubleCopDisableDirective: 400 | Enabled: false 401 | Style/EmptyBlockParameter: 402 | Enabled: false 403 | Style/EmptyLambdaParameter: 404 | Enabled: false 405 | Style/Encoding: 406 | Enabled: false 407 | Style/EvalWithLocation: 408 | Enabled: false 409 | Style/ExpandPathArguments: 410 | Enabled: false 411 | Style/ExplicitBlockArgument: 412 | Enabled: false 413 | Style/ExponentialNotation: 414 | Enabled: false 415 | Style/FloatDivision: 416 | Enabled: false 417 | Style/FrozenStringLiteralComment: 418 | Enabled: false 419 | Style/GlobalStdStream: 420 | Enabled: false 421 | Style/HashAsLastArrayItem: 422 | Enabled: false 423 | Style/HashLikeCase: 424 | Enabled: false 425 | Style/HashTransformKeys: 426 | Enabled: false 427 | Style/HashTransformValues: 428 | Enabled: false 429 | Style/IfUnlessModifier: 430 | Enabled: false 431 | Style/KeywordParametersOrder: 432 | Enabled: false 433 | Style/MinMax: 434 | Enabled: false 435 | Style/MixinUsage: 436 | Enabled: false 437 | Style/MultilineWhenThen: 438 | Enabled: false 439 | Style/NegatedUnless: 440 | Enabled: false 441 | Style/NumericPredicate: 442 | Enabled: false 443 | Style/OptionalBooleanParameter: 444 | Enabled: false 445 | Style/OrAssignment: 446 | Enabled: false 447 | Style/RandomWithOffset: 448 | Enabled: false 449 | Style/RedundantAssignment: 450 | Enabled: false 451 | Style/RedundantCondition: 452 | Enabled: false 453 | Style/RedundantConditional: 454 | Enabled: false 455 | Style/RedundantFetchBlock: 456 | Enabled: false 457 | Style/RedundantFileExtensionInRequire: 458 | Enabled: false 459 | Style/RedundantRegexpCharacterClass: 460 | Enabled: false 461 | Style/RedundantRegexpEscape: 462 | Enabled: false 463 | Style/RedundantSelfAssignment: 464 | Enabled: false 465 | Style/RedundantSort: 466 | Enabled: false 467 | Style/RescueStandardError: 468 | Enabled: false 469 | Style/SingleArgumentDig: 470 | Enabled: false 471 | Style/SlicingWithRange: 472 | Enabled: false 473 | Style/SoleNestedConditional: 474 | Enabled: false 475 | Style/StderrPuts: 476 | Enabled: false 477 | Style/StringConcatenation: 478 | Enabled: false 479 | Style/Strip: 480 | Enabled: false 481 | Style/SymbolProc: 482 | Enabled: false 483 | Style/TrailingBodyOnClass: 484 | Enabled: false 485 | Style/TrailingBodyOnMethodDefinition: 486 | Enabled: false 487 | Style/TrailingBodyOnModule: 488 | Enabled: false 489 | Style/TrailingCommaInHashLiteral: 490 | Enabled: false 491 | Style/TrailingMethodEndStatement: 492 | Enabled: false 493 | Style/UnpackFirst: 494 | Enabled: false 495 | Capybara/MatchStyle: 496 | Enabled: false 497 | Capybara/NegationMatcher: 498 | Enabled: false 499 | Capybara/SpecificActions: 500 | Enabled: false 501 | Capybara/SpecificFinders: 502 | Enabled: false 503 | Capybara/SpecificMatcher: 504 | Enabled: false 505 | Gemspec/DeprecatedAttributeAssignment: 506 | Enabled: false 507 | Gemspec/DevelopmentDependencies: 508 | Enabled: false 509 | Gemspec/RequireMFA: 510 | Enabled: false 511 | Layout/LineContinuationLeadingSpace: 512 | Enabled: false 513 | Layout/LineContinuationSpacing: 514 | Enabled: false 515 | Layout/LineEndStringConcatenationIndentation: 516 | Enabled: false 517 | Layout/SpaceBeforeBrackets: 518 | Enabled: false 519 | Lint/AmbiguousAssignment: 520 | Enabled: false 521 | Lint/AmbiguousOperatorPrecedence: 522 | Enabled: false 523 | Lint/AmbiguousRange: 524 | Enabled: false 525 | Lint/ConstantOverwrittenInRescue: 526 | Enabled: false 527 | Lint/DeprecatedConstants: 528 | Enabled: false 529 | Lint/DuplicateBranch: 530 | Enabled: false 531 | Lint/DuplicateMagicComment: 532 | Enabled: false 533 | Lint/DuplicateMatchPattern: 534 | Enabled: false 535 | Lint/DuplicateRegexpCharacterClassElement: 536 | Enabled: false 537 | Lint/EmptyBlock: 538 | Enabled: false 539 | Lint/EmptyClass: 540 | Enabled: false 541 | Lint/EmptyInPattern: 542 | Enabled: false 543 | Lint/IncompatibleIoSelectWithFiberScheduler: 544 | Enabled: false 545 | Lint/LambdaWithoutLiteralBlock: 546 | Enabled: false 547 | Lint/NoReturnInBeginEndBlocks: 548 | Enabled: false 549 | Lint/NonAtomicFileOperation: 550 | Enabled: false 551 | Lint/NumberedParameterAssignment: 552 | Enabled: false 553 | Lint/OrAssignmentToConstant: 554 | Enabled: false 555 | Lint/RedundantDirGlobSort: 556 | Enabled: false 557 | Lint/RefinementImportMethods: 558 | Enabled: false 559 | Lint/RequireRangeParentheses: 560 | Enabled: false 561 | Lint/RequireRelativeSelfPath: 562 | Enabled: false 563 | Lint/SymbolConversion: 564 | Enabled: false 565 | Lint/ToEnumArguments: 566 | Enabled: false 567 | Lint/TripleQuotes: 568 | Enabled: false 569 | Lint/UnexpectedBlockArity: 570 | Enabled: false 571 | Lint/UnmodifiedReduceAccumulator: 572 | Enabled: false 573 | Lint/UselessRescue: 574 | Enabled: false 575 | Lint/UselessRuby2Keywords: 576 | Enabled: false 577 | Metrics/CollectionLiteralLength: 578 | Enabled: false 579 | Naming/BlockForwarding: 580 | Enabled: false 581 | Performance/CollectionLiteralInLoop: 582 | Enabled: false 583 | Performance/ConcurrentMonotonicTime: 584 | Enabled: false 585 | Performance/MapCompact: 586 | Enabled: false 587 | Performance/RedundantEqualityComparisonBlock: 588 | Enabled: false 589 | Performance/RedundantSplitRegexpArgument: 590 | Enabled: false 591 | Performance/StringIdentifierArgument: 592 | Enabled: false 593 | RSpec/BeEq: 594 | Enabled: false 595 | RSpec/BeNil: 596 | Enabled: false 597 | RSpec/ChangeByZero: 598 | Enabled: false 599 | RSpec/ClassCheck: 600 | Enabled: false 601 | RSpec/DuplicatedMetadata: 602 | Enabled: false 603 | RSpec/ExcessiveDocstringSpacing: 604 | Enabled: false 605 | RSpec/FactoryBot/ConsistentParenthesesStyle: 606 | Enabled: false 607 | RSpec/FactoryBot/FactoryNameStyle: 608 | Enabled: false 609 | RSpec/FactoryBot/SyntaxMethods: 610 | Enabled: false 611 | RSpec/IdenticalEqualityAssertion: 612 | Enabled: false 613 | RSpec/NoExpectationExample: 614 | Enabled: false 615 | RSpec/PendingWithoutReason: 616 | Enabled: false 617 | RSpec/Rails/AvoidSetupHook: 618 | Enabled: false 619 | RSpec/Rails/HaveHttpStatus: 620 | Enabled: false 621 | RSpec/Rails/InferredSpecType: 622 | Enabled: false 623 | RSpec/Rails/MinitestAssertions: 624 | Enabled: false 625 | RSpec/Rails/TravelAround: 626 | Enabled: false 627 | RSpec/RedundantAround: 628 | Enabled: false 629 | RSpec/SkipBlockInsideExample: 630 | Enabled: false 631 | RSpec/SortMetadata: 632 | Enabled: false 633 | RSpec/SubjectDeclaration: 634 | Enabled: false 635 | RSpec/VerifiedDoubleReference: 636 | Enabled: false 637 | Security/CompoundHash: 638 | Enabled: false 639 | Security/IoMethods: 640 | Enabled: false 641 | Style/ArgumentsForwarding: 642 | Enabled: false 643 | Style/ArrayIntersect: 644 | Enabled: false 645 | Style/CollectionCompact: 646 | Enabled: false 647 | Style/ComparableClamp: 648 | Enabled: false 649 | Style/ConcatArrayLiterals: 650 | Enabled: false 651 | Style/DataInheritance: 652 | Enabled: false 653 | Style/DirEmpty: 654 | Enabled: false 655 | Style/DocumentDynamicEvalDefinition: 656 | Enabled: false 657 | Style/EmptyHeredoc: 658 | Enabled: false 659 | Style/EndlessMethod: 660 | Enabled: false 661 | Style/EnvHome: 662 | Enabled: false 663 | Style/FetchEnvVar: 664 | Enabled: false 665 | Style/FileEmpty: 666 | Enabled: false 667 | Style/FileRead: 668 | Enabled: false 669 | Style/FileWrite: 670 | Enabled: false 671 | Style/HashConversion: 672 | Enabled: false 673 | Style/HashExcept: 674 | Enabled: false 675 | Style/IfWithBooleanLiteralBranches: 676 | Enabled: false 677 | Style/InPatternThen: 678 | Enabled: false 679 | Style/MagicCommentFormat: 680 | Enabled: false 681 | Style/MapCompactWithConditionalBlock: 682 | Enabled: false 683 | Style/MapToHash: 684 | Enabled: false 685 | Style/MapToSet: 686 | Enabled: false 687 | Style/MinMaxComparison: 688 | Enabled: false 689 | Style/MultilineInPatternThen: 690 | Enabled: false 691 | Style/NegatedIfElseCondition: 692 | Enabled: false 693 | Style/NestedFileDirname: 694 | Enabled: false 695 | Style/NilLambda: 696 | Enabled: false 697 | Style/NumberedParameters: 698 | Enabled: false 699 | Style/NumberedParametersLimit: 700 | Enabled: false 701 | Style/ObjectThen: 702 | Enabled: false 703 | Style/OpenStructUse: 704 | Enabled: false 705 | Style/OperatorMethodCall: 706 | Enabled: false 707 | Style/QuotedSymbols: 708 | Enabled: false 709 | Style/RedundantArgument: 710 | Enabled: false 711 | Style/RedundantConstantBase: 712 | Enabled: false 713 | Style/RedundantDoubleSplatHashBraces: 714 | Enabled: false 715 | Style/RedundantEach: 716 | Enabled: false 717 | Style/RedundantHeredocDelimiterQuotes: 718 | Enabled: false 719 | Style/RedundantInitialize: 720 | Enabled: false 721 | Style/RedundantLineContinuation: 722 | Enabled: false 723 | Style/RedundantSelfAssignmentBranch: 724 | Enabled: false 725 | Style/RedundantStringEscape: 726 | Enabled: false 727 | Style/SelectByRegexp: 728 | Enabled: false 729 | Style/StringChars: 730 | Enabled: false 731 | Style/SwapValues: 732 | Enabled: false 733 | -------------------------------------------------------------------------------- /.rubocop_todo.yml: -------------------------------------------------------------------------------- 1 | # This configuration was generated by 2 | # `rubocop --auto-gen-config` 3 | # on 2024-01-18 06:45:21 UTC using RuboCop version 1.50.0. 4 | # The point is for the user to remove these configuration records 5 | # one by one as the offenses are removed from the code base. 6 | # Note that changes in the inspected code, or installation of new 7 | # versions of RuboCop, may require this file to be generated again. 8 | 9 | # Offense count: 3 10 | # Configuration parameters: EnforcedStyle, IgnoreSharedExamples. 11 | # SupportedStyles: always, named_only 12 | RSpec/NamedSubject: 13 | Exclude: 14 | - 'spec/defines/sslcertificate_spec.rb' 15 | -------------------------------------------------------------------------------- /.sync.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ".gitlab-ci.yml": 3 | delete: true 4 | appveyor.yml: 5 | delete: true 6 | rubocop.yml: 7 | include_todos: true 8 | 9 | 10 | spec/spec_helper.rb: 11 | mock_with: ":rspec" 12 | coverage_report: true 13 | spec_overrides: 14 | - def regexp_matches(available_parameters) 15 | - " match(available_parameters)" 16 | - end 17 | .gitpod.Dockerfile: 18 | unmanaged: false 19 | .gitpod.yml: 20 | unmanaged: false 21 | .github/workflows/auto_release.yml: 22 | unmanaged: false 23 | .github/workflows/ci.yml: 24 | unmanaged: true 25 | .github/workflows/nightly.yml: 26 | unmanaged: true 27 | .github/workflows/release.yml: 28 | unmanaged: false 29 | .travis.yml: 30 | delete: true 31 | -------------------------------------------------------------------------------- /.vscode/extensions.json: -------------------------------------------------------------------------------- 1 | { 2 | "recommendations": [ 3 | "puppet.puppet-vscode", 4 | "Shopify.ruby-lsp" 5 | ] 6 | } 7 | -------------------------------------------------------------------------------- /.yardopts: -------------------------------------------------------------------------------- 1 | --markup markdown 2 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | 2 | # Changelog 3 | 4 | All notable changes to this project will be documented in this file. 5 | 6 | The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). 7 | 8 | ## [v5.0.1](https://github.com/puppetlabs/puppetlabs-sslcertificate/tree/v5.0.1) - 2024-12-17 9 | 10 | [Full Changelog](https://github.com/puppetlabs/puppetlabs-sslcertificate/compare/v5.0.0...v5.0.1) 11 | 12 | ### Fixed 13 | 14 | - (CAT-2180) Upgrade rexml to address CVE-2024-49761 [#138](https://github.com/puppetlabs/puppetlabs-sslcertificate/pull/138) ([amitkarsale](https://github.com/amitkarsale)) 15 | 16 | ## [v5.0.0](https://github.com/puppetlabs/puppetlabs-sslcertificate/tree/v5.0.0) - 2023-08-17 17 | 18 | [Full Changelog](https://github.com/puppetlabs/puppetlabs-sslcertificate/compare/v4.1.0...v5.0.0) 19 | 20 | ### Changed 21 | 22 | - Drop Puppet 6 support [#119](https://github.com/puppetlabs/puppetlabs-sslcertificate/pull/119) ([bastelfreak](https://github.com/bastelfreak)) 23 | 24 | ### Added 25 | 26 | - Allow stdlib 8.0.0 [#112](https://github.com/puppetlabs/puppetlabs-sslcertificate/pull/112) ([smortex](https://github.com/smortex)) 27 | 28 | ## [v4.1.0](https://github.com/puppetlabs/puppetlabs-sslcertificate/tree/v4.1.0) - 2020-01-14 29 | 30 | [Full Changelog](https://github.com/puppetlabs/puppetlabs-sslcertificate/compare/v4.0.0...v4.1.0) 31 | 32 | ### Added 33 | 34 | - Allow `puppetlabs/stdlib` 6.x [#93](https://github.com/puppetlabs/puppetlabs-sslcertificate/pull/93) ([cubiclelord](https://github.com/cubiclelord)) 35 | 36 | ### Fixed 37 | 38 | - ISSUE-99: Add note explaining redoubled backslashes. [#100](https://github.com/puppetlabs/puppetlabs-sslcertificate/pull/100) ([pillarsdotnet](https://github.com/pillarsdotnet)) 39 | 40 | ## [v4.0.0](https://github.com/puppetlabs/puppetlabs-sslcertificate/tree/v4.0.0) - 2019-05-02 41 | 42 | [Full Changelog](https://github.com/puppetlabs/puppetlabs-sslcertificate/compare/v3.4.0...v4.0.0) 43 | 44 | ### Changed 45 | 46 | - modulesync 2.5.1 & drop Puppet 4 [#88](https://github.com/puppetlabs/puppetlabs-sslcertificate/pull/88) ([bastelfreak](https://github.com/bastelfreak)) 47 | 48 | ### Added 49 | 50 | - modulesync 2.2.0 and allow puppet 6.x [#85](https://github.com/puppetlabs/puppetlabs-sslcertificate/pull/85) ([bastelfreak](https://github.com/bastelfreak)) 51 | - Add wildcard & bypass Intermediate Store support [#84](https://github.com/puppetlabs/puppetlabs-sslcertificate/pull/84) ([arthurbarton](https://github.com/arthurbarton)) 52 | 53 | ### Fixed 54 | 55 | - Checks if the certificate is installed without creating an object [#70](https://github.com/puppetlabs/puppetlabs-sslcertificate/pull/70) ([cmezzetti](https://github.com/cmezzetti)) 56 | 57 | ## [v3.4.0](https://github.com/puppetlabs/puppetlabs-sslcertificate/tree/v3.4.0) - 2018-09-07 58 | 59 | [Full Changelog](https://github.com/puppetlabs/puppetlabs-sslcertificate/compare/v3.3.0...v3.4.0) 60 | 61 | ### Added 62 | 63 | - allow puppetlabs/stdlib 5.x [#80](https://github.com/puppetlabs/puppetlabs-sslcertificate/pull/80) ([bastelfreak](https://github.com/bastelfreak)) 64 | 65 | ## [v3.3.0](https://github.com/puppetlabs/puppetlabs-sslcertificate/tree/v3.3.0) - 2018-02-13 66 | 67 | [Full Changelog](https://github.com/puppetlabs/puppetlabs-sslcertificate/compare/v3.2.0...v3.3.0) 68 | 69 | ### Added 70 | 71 | - Don't store the PS1 scripts [#66](https://github.com/puppetlabs/puppetlabs-sslcertificate/pull/66) ([natemccurdy](https://github.com/natemccurdy)) 72 | - Make the password parameter optional [#65](https://github.com/puppetlabs/puppetlabs-sslcertificate/pull/65) ([rnelson0](https://github.com/rnelson0)) 73 | 74 | ## [v3.2.0](https://github.com/puppetlabs/puppetlabs-sslcertificate/tree/v3.2.0) - 2017-11-20 75 | 76 | [Full Changelog](https://github.com/puppetlabs/puppetlabs-sslcertificate/compare/v3.1.0...v3.2.0) 77 | 78 | ### Added 79 | 80 | - bump puppet version dependency to >= 4.7.1 < 6.0.0 [#59](https://github.com/puppetlabs/puppetlabs-sslcertificate/pull/59) ([bastelfreak](https://github.com/bastelfreak)) 81 | 82 | ## [v3.1.0](https://github.com/puppetlabs/puppetlabs-sslcertificate/tree/v3.1.0) - 2017-09-17 83 | 84 | [Full Changelog](https://github.com/puppetlabs/puppetlabs-sslcertificate/compare/v3.0.0...v3.1.0) 85 | 86 | ## [v3.0.0](https://github.com/puppetlabs/puppetlabs-sslcertificate/tree/v3.0.0) - 2017-06-26 87 | 88 | [Full Changelog](https://github.com/puppetlabs/puppetlabs-sslcertificate/compare/v2.2.0...v3.0.0) 89 | 90 | ### Added 91 | 92 | - Set mode to 0600 on sensitive scripts [#54](https://github.com/puppetlabs/puppetlabs-sslcertificate/pull/54) ([roidelapluie](https://github.com/roidelapluie)) 93 | - New argument to set exportability of the certificate [#46](https://github.com/puppetlabs/puppetlabs-sslcertificate/pull/46) ([ricardogaspar2](https://github.com/ricardogaspar2)) 94 | 95 | ### Fixed 96 | 97 | - Fixing typo [#50](https://github.com/puppetlabs/puppetlabs-sslcertificate/pull/50) ([thirumoorthir](https://github.com/thirumoorthir)) 98 | 99 | ## [v2.2.0](https://github.com/puppetlabs/puppetlabs-sslcertificate/tree/v2.2.0) - 2017-02-11 100 | 101 | [Full Changelog](https://github.com/puppetlabs/puppetlabs-sslcertificate/compare/v2.1.1...v2.2.0) 102 | 103 | ### Fixed 104 | 105 | - Fix references to `sslcert` [#30](https://github.com/puppetlabs/puppetlabs-sslcertificate/pull/30) ([alexjfisher](https://github.com/alexjfisher)) 106 | 107 | ## [v2.1.1](https://github.com/puppetlabs/puppetlabs-sslcertificate/tree/v2.1.1) - 2015-03-24 108 | 109 | [Full Changelog](https://github.com/puppetlabs/puppetlabs-sslcertificate/compare/v2.0.2...v2.1.1) 110 | 111 | ## [v2.0.2](https://github.com/puppetlabs/puppetlabs-sslcertificate/tree/v2.0.2) - 2014-10-13 112 | 113 | [Full Changelog](https://github.com/puppetlabs/puppetlabs-sslcertificate/compare/v2.0.1...v2.0.2) 114 | 115 | ## [v2.0.1](https://github.com/puppetlabs/puppetlabs-sslcertificate/tree/v2.0.1) - 2014-10-13 116 | 117 | [Full Changelog](https://github.com/puppetlabs/puppetlabs-sslcertificate/compare/v1.0.1...v2.0.1) 118 | 119 | ## [v1.0.1](https://github.com/puppetlabs/puppetlabs-sslcertificate/tree/v1.0.1) - 2014-10-13 120 | 121 | [Full Changelog](https://github.com/puppetlabs/puppetlabs-sslcertificate/compare/v2.1.0...v1.0.1) 122 | 123 | ## [v2.1.0](https://github.com/puppetlabs/puppetlabs-sslcertificate/tree/v2.1.0) - 2014-10-13 124 | 125 | [Full Changelog](https://github.com/puppetlabs/puppetlabs-sslcertificate/compare/v2.0.0...v2.1.0) 126 | 127 | ## [v2.0.0](https://github.com/puppetlabs/puppetlabs-sslcertificate/tree/v2.0.0) - 2014-04-16 128 | 129 | [Full Changelog](https://github.com/puppetlabs/puppetlabs-sslcertificate/compare/v1.0.0...v2.0.0) 130 | 131 | ## [v1.0.0](https://github.com/puppetlabs/puppetlabs-sslcertificate/tree/v1.0.0) - 2014-03-12 132 | 133 | [Full Changelog](https://github.com/puppetlabs/puppetlabs-sslcertificate/compare/67919d208e50ac9156ecda32e09c4efc5ca6fca8...v1.0.0) 134 | -------------------------------------------------------------------------------- /CODEOWNERS: -------------------------------------------------------------------------------- 1 | # Setting ownership to the modules team 2 | * @puppetlabs/modules 3 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | source ENV['GEM_SOURCE'] || 'https://rubygems.org' 2 | 3 | def location_for(place_or_version, fake_version = nil) 4 | git_url_regex = %r{\A(?(https?|git)[:@][^#]*)(#(?.*))?} 5 | file_url_regex = %r{\Afile:\/\/(?.*)} 6 | 7 | if place_or_version && (git_url = place_or_version.match(git_url_regex)) 8 | [fake_version, { git: git_url[:url], branch: git_url[:branch], require: false }].compact 9 | elsif place_or_version && (file_url = place_or_version.match(file_url_regex)) 10 | ['>= 0', { path: File.expand_path(file_url[:path]), require: false }] 11 | else 12 | [place_or_version, { require: false }] 13 | end 14 | end 15 | 16 | group :development do 17 | gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) 18 | gem "json", '= 2.3.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) 19 | gem "json", '= 2.5.1', require: false if Gem::Requirement.create(['>= 3.0.0', '< 3.0.5']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) 20 | gem "json", '= 2.6.1', require: false if Gem::Requirement.create(['>= 3.1.0', '< 3.1.3']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) 21 | gem "json", '= 2.6.3', require: false if Gem::Requirement.create(['>= 3.2.0', '< 4.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) 22 | gem "racc", '~> 1.4.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) 23 | gem "deep_merge", '~> 1.2.2', require: false 24 | gem "voxpupuli-puppet-lint-plugins", '~> 5.0', require: false 25 | gem "facterdb", '~> 2.1', require: false 26 | gem "metadata-json-lint", '~> 4.0', require: false 27 | gem "rspec-puppet-facts", '~> 4.0', require: false 28 | gem "dependency_checker", '~> 1.0.0', require: false 29 | gem "parallel_tests", '= 3.12.1', require: false 30 | gem "pry", '~> 0.10', require: false 31 | gem "simplecov-console", '~> 0.9', require: false 32 | gem "puppet-debugger", '~> 1.0', require: false 33 | gem "rubocop", '~> 1.50.0', require: false 34 | gem "rubocop-performance", '= 1.16.0', require: false 35 | gem "rubocop-rspec", '= 2.19.0', require: false 36 | gem "rb-readline", '= 0.5.5', require: false, platforms: [:mswin, :mingw, :x64_mingw] 37 | gem "rexml", '>= 3.3.9', require: false 38 | end 39 | group :development, :release_prep do 40 | gem "puppet-strings", '~> 4.0', require: false 41 | gem "puppetlabs_spec_helper", '~> 7.0', require: false 42 | end 43 | group :system_tests do 44 | gem "puppet_litmus", '~> 1.0', require: false, platforms: [:ruby, :x64_mingw] 45 | gem "CFPropertyList", '< 3.0.7', require: false, platforms: [:mswin, :mingw, :x64_mingw] 46 | gem "serverspec", '~> 2.41', require: false 47 | end 48 | 49 | puppet_version = ENV['PUPPET_GEM_VERSION'] 50 | facter_version = ENV['FACTER_GEM_VERSION'] 51 | hiera_version = ENV['HIERA_GEM_VERSION'] 52 | 53 | gems = {} 54 | 55 | gems['puppet'] = location_for(puppet_version) 56 | 57 | # If facter or hiera versions have been specified via the environment 58 | # variables 59 | 60 | gems['facter'] = location_for(facter_version) if facter_version 61 | gems['hiera'] = location_for(hiera_version) if hiera_version 62 | 63 | gems.each do |gem_name, gem_params| 64 | gem gem_name, *gem_params 65 | end 66 | 67 | # Evaluate Gemfile.local and ~/.gemfile if they exist 68 | extra_gemfiles = [ 69 | "#{__FILE__}.local", 70 | File.join(Dir.home, '.gemfile'), 71 | ] 72 | 73 | extra_gemfiles.each do |gemfile| 74 | if File.file?(gemfile) && File.readable?(gemfile) 75 | eval(File.read(gemfile), binding) 76 | end 77 | end 78 | # vim: syntax=ruby 79 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2014 OpenTable, Inc. 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining 4 | a copy of this software and associated documentation files (the 5 | "Software"), to deal in the Software without restriction, including 6 | without limitation the rights to use, copy, modify, merge, publish, 7 | distribute, sublicense, and/or sell copies of the Software, and to 8 | permit persons to whom the Software is furnished to do so, subject to 9 | the following conditions: 10 | 11 | The above copyright notice and this permission notice shall be 12 | included in all copies or substantial portions of the Software. 13 | 14 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 15 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 16 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 17 | IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 18 | CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 19 | TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 20 | SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 21 | 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # SSL Certificate module for Puppet 2 | 3 | [![Donated by Vox Pupuli](https://img.shields.io/badge/donated%20by-Vox%20Pupuli-fb7047.svg)](#transfer-notice) 4 | 5 | #### Table of Contents 6 | 7 | 1. [Overview](#overview) 8 | 1. [Module Description - What the module does and why it is useful](#module-description) 9 | 1. [Setup - The basics of getting started with sslcertificate](#setup) 10 | * [What sslcertificate affects](#what-sslcertificate-affects) 11 | * [Beginning with sslcertificate](#beginning-with-sslcertificate) 12 | 1. [Usage - Configuration options and additional functionality](#usage) 13 | 1. [Reference - An under-the-hood peek at what the module is doing and how](#reference) 14 | 1. [Limitations - OS compatibility, etc.](#limitations) 15 | 1. [License](#license) 16 | 1. [Development - Guide for contributing to the module](#development) 17 | 18 | ## Overview 19 | 20 | Small defined type that will allow you to manage Windows certificates. 21 | 22 | ## Module Description 23 | 24 | A module that will allow you to install your certificates on Windows 25 | machines. It will manage pfx, cer, der, p7b, sst certificates. 26 | 27 | ## Setup 28 | 29 | ### What sslcertificate affects 30 | 31 | * Installs certificates into your Windows key stores 32 | 33 | ### Beginning with sslcertificate 34 | 35 | To install a certificate in the My directory of the LocalMachine root store: 36 | 37 | ```puppet 38 | sslcertificate { "Install-PFX-Certificate" : 39 | name => 'mycert.pfx', 40 | password => 'password123', 41 | location => 'C:\', 42 | thumbprint => '07E5C1AF7F5223CB975CC29B5455642F5570798B' 43 | } 44 | ``` 45 | 46 | To install a certificate in an alternative directory: 47 | 48 | ```puppet 49 | sslcertificate { "Install-Intermediate-Certificate" : 50 | name => 'go_daddy_intermediate.p7b', 51 | location => 'C:\', 52 | store_dir => 'CA', 53 | root_store => 'LocalMachine', 54 | thumbprint => '07E5C1AF7F5223CB975CC29B5455642F5570798B' 55 | } 56 | ``` 57 | 58 | To install a certificate in the My directory of the LocalMachine root store and set the key as not exportable: 59 | ```puppet 60 | sslcertificate { "Install-PFX-Certificate" : 61 | name => 'mycert.pfx', 62 | password => 'password123', 63 | location => 'C:', 64 | thumbprint => '07E5C1AF7F5223CB975CC29B5455642F5570798B', 65 | exportable => false 66 | } 67 | ``` 68 | 69 | For more details on the different options available with certificate management 70 | directories, see [Windows Dev Center](http://msdn.microsoft.com/en-us/library/windows/desktop/aa388136(v=vs.85).aspx). 71 | 72 | ## Usage 73 | 74 | ### Classes and Defined Types 75 | 76 | #### Defined Type: `sslcertificate` 77 | 78 | The primary definition of the sslcertificate module. This definition will install the 79 | certificates into your keystore(s). 80 | 81 | **Parameters within `sslcertificate`:** 82 | 83 | ##### `password` 84 | 85 | The password for the given certificate 86 | 87 | ##### `location` 88 | 89 | The location where the file certificate is. 90 | Do not end the string with any forward or backslash. 91 | Note that in puppet manifests, double-backslashes must be re-doubled, even in single-quoted strings, e.g. 92 | 93 | ```puppet 94 | sslcertificate { "Install-PFX-Certificate from UNC path" : 95 | name => 'mycert.pfx', 96 | password => 'password123', 97 | location => '\\\\StorageServer\Fileshare', 98 | thumbprint => '07E5C1AF7F5223CB975CC29B5455642F5570798B' 99 | } 100 | ``` 101 | 102 | ##### `thumbprint` 103 | 104 | The thumbprint used to verify the certificate 105 | 106 | ##### `store_dir` 107 | 108 | The certifcate store where the certificate will be installed to 109 | 110 | ##### `root_store` 111 | 112 | The store location for the given certification store. Either LocalMachine or CurrentUser 113 | 114 | ##### `scripts_dir` 115 | 116 | This parameter has been deprecated and isn't used anymore. The scripts aren't saved to disk anymore. 117 | 118 | ##### `exportable` 119 | 120 | Flag to set the key as exportable. `true` == exportable; `false` == not exportable. By default is set to `true`. 121 | 122 | ##### `wildcard` 123 | 124 | Flag to set the MachineKeySet flag in import, used for importing wildcard certificates. Defaults to `false` 125 | 126 | ##### `interstore` 127 | 128 | If this is set to `true`, any intermediate certificates included will be imported in the same store_dir, not the intermediate store. 129 | Defaults to `false` 130 | 131 | ## Reference 132 | 133 | ### Definition 134 | 135 | #### Public Definition 136 | 137 | * [`sslcertificate`](#define-sslcertificate): Guides the installation of certificates 138 | 139 | ## Limitations 140 | 141 | This module is tested on the following platforms: 142 | 143 | * Windows 2008 R2 144 | 145 | It is tested with the OSS version of Puppet only. 146 | 147 | ## License 148 | 149 | This codebase is licensed under the Apache2.0 licensing, however due to the nature of the codebase the open source dependencies may also use a combination of [AGPL](https://opensource.org/license/agpl-v3/), [BSD-2](https://opensource.org/license/bsd-2-clause/), [BSD-3](https://opensource.org/license/bsd-3-clause/), [GPL2.0](https://opensource.org/license/gpl-2-0/), [LGPL](https://opensource.org/license/lgpl-3-0/), [MIT](https://opensource.org/license/mit/) and [MPL](https://opensource.org/license/mpl-2-0/) Licensing. 150 | 151 | ## Development 152 | 153 | ### Contributing 154 | 155 | Please read CONTRIBUTING.md for full details on contributing to this project. 156 | 157 | ## Transfer notice 158 | 159 | This module was previously maintained by Vox Pupuli. It was migrated to Puppet/Perforce in 2023. 160 | -------------------------------------------------------------------------------- /REFERENCE.md: -------------------------------------------------------------------------------- 1 | # Reference 2 | 3 | 4 | 5 | ## Table of Contents 6 | 7 | ### Defined types 8 | 9 | * [`sslcertificate`](#sslcertificate): Author:: Paul Stack (mailto:pstack@opentable.com) Copyright:: Copyright (c) 2013 OpenTable Inc License:: MIT == Define: sslcertificate 10 | 11 | ## Defined types 12 | 13 | ### `sslcertificate` 14 | 15 | Author:: Paul Stack (mailto:pstack@opentable.com) 16 | Copyright:: Copyright (c) 2013 OpenTable Inc 17 | License:: MIT 18 | == Define: sslcertificate 19 | 20 | This defined type will install SSL Certs on windows 21 | 22 | === Requirements/Dependencies 23 | 24 | Currently reequires the puppetlabs/stdlib module on the Puppet Forge in 25 | order to validate much of the the provided configuration. 26 | 27 | === Parameters 28 | 29 | [*password*] 30 | The password for the given certificate 31 | By default is undef 32 | 33 | [*location*] 34 | The location to store intermediate certificates. 35 | Do not end the string with any forward or backslash. 36 | 37 | [*thumbprint*] 38 | The thumbprint used to verify the certificate 39 | 40 | [*store_dir*] 41 | The certificate store where the certificate will be installed to 42 | 43 | [*root_store*] 44 | The store location for the given certification store. Either LocalMachine or CurrentUser 45 | 46 | [*scripts_dir*] 47 | This parameter has been deprecated and is no longer used. 48 | 49 | [*exportable*] 50 | This parameter determines whether the certificate key is exportable or not. 51 | 52 | [*wildcard*] 53 | This parameter determines whether the certificate is a wildcard certificate or not. 54 | 55 | [*interstore*] 56 | This parameter determines whether the certificate is an intermediate certificate or not. 57 | 58 | 59 | === Examples 60 | 61 | To install a certificate in the My directory of the LocalMachine root store: 62 | 63 | sslcertificate { "Install-PFX-Certificate" : 64 | name => 'mycert.pfx', 65 | password => 'password123', 66 | location => 'C:', 67 | thumbprint => '07E5C1AF7F5223CB975CC29B5455642F5570798B' 68 | } 69 | 70 | To install a certifcate in an alternative directory: 71 | 72 | sslcertificate { "Install-Intermediate-Certificate" : 73 | name => 'go_daddy_intermediate.p7b', 74 | location => 'C:', 75 | store_dir => 'CA', 76 | root_store => 'LocalMachine', 77 | thumbprint => '07E5C1AF7F5223CB975CC29B5455642F5570798B' 78 | } 79 | 80 | To install a certificate in the My directory of the LocalMachine root store 81 | and set the key as not exportable: 82 | 83 | sslcertificate { "Install-PFX-Certificate" : 84 | name => 'mycert.pfx', 85 | password => 'password123', 86 | location => 'C:', 87 | thumbprint => '07E5C1AF7F5223CB975CC29B5455642F5570798B', 88 | exportable => false 89 | } 90 | 91 | #### Parameters 92 | 93 | The following parameters are available in the `sslcertificate` defined type: 94 | 95 | * [`location`](#-sslcertificate--location) 96 | * [`thumbprint`](#-sslcertificate--thumbprint) 97 | * [`password`](#-sslcertificate--password) 98 | * [`root_store`](#-sslcertificate--root_store) 99 | * [`store_dir`](#-sslcertificate--store_dir) 100 | * [`scripts_dir`](#-sslcertificate--scripts_dir) 101 | * [`exportable`](#-sslcertificate--exportable) 102 | * [`wildcard`](#-sslcertificate--wildcard) 103 | * [`interstore`](#-sslcertificate--interstore) 104 | 105 | ##### `location` 106 | 107 | Data type: `String[1]` 108 | 109 | 110 | 111 | ##### `thumbprint` 112 | 113 | Data type: `String[1]` 114 | 115 | 116 | 117 | ##### `password` 118 | 119 | Data type: `Optional[String[1]]` 120 | 121 | 122 | 123 | Default value: `undef` 124 | 125 | ##### `root_store` 126 | 127 | Data type: `String[1]` 128 | 129 | 130 | 131 | Default value: `'LocalMachine'` 132 | 133 | ##### `store_dir` 134 | 135 | Data type: `String[1]` 136 | 137 | 138 | 139 | Default value: `'My'` 140 | 141 | ##### `scripts_dir` 142 | 143 | Data type: `Stdlib::Windowspath` 144 | 145 | 146 | 147 | Default value: `'C:\temp'` 148 | 149 | ##### `exportable` 150 | 151 | Data type: `Boolean` 152 | 153 | 154 | 155 | Default value: `true` 156 | 157 | ##### `wildcard` 158 | 159 | Data type: `Boolean` 160 | 161 | 162 | 163 | Default value: `false` 164 | 165 | ##### `interstore` 166 | 167 | Data type: `Boolean` 168 | 169 | 170 | 171 | Default value: `false` 172 | 173 | -------------------------------------------------------------------------------- /Rakefile: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'bundler' 4 | require 'puppet_litmus/rake_tasks' if Gem.loaded_specs.key? 'puppet_litmus' 5 | require 'puppetlabs_spec_helper/rake_tasks' 6 | require 'puppet-syntax/tasks/puppet-syntax' 7 | require 'puppet-strings/tasks' if Gem.loaded_specs.key? 'puppet-strings' 8 | 9 | PuppetLint.configuration.send('disable_relative') 10 | -------------------------------------------------------------------------------- /data/common.yaml: -------------------------------------------------------------------------------- 1 | --- {} 2 | -------------------------------------------------------------------------------- /hiera.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | version: 5 3 | 4 | defaults: # Used for any hierarchy level that omits these keys. 5 | datadir: data # This path is relative to hiera.yaml's directory. 6 | data_hash: yaml_data # Use the built-in YAML backend. 7 | 8 | hierarchy: 9 | - name: "osfamily/major release" 10 | paths: 11 | # Used to distinguish between Debian and Ubuntu 12 | - "os/%{facts.os.name}/%{facts.os.release.major}.yaml" 13 | - "os/%{facts.os.family}/%{facts.os.release.major}.yaml" 14 | # Used for Solaris 15 | - "os/%{facts.os.family}/%{facts.kernelrelease}.yaml" 16 | - name: "osfamily" 17 | paths: 18 | - "os/%{facts.os.name}.yaml" 19 | - "os/%{facts.os.family}.yaml" 20 | - name: 'common' 21 | path: 'common.yaml' 22 | -------------------------------------------------------------------------------- /manifests/init.pp: -------------------------------------------------------------------------------- 1 | # Author:: Paul Stack (mailto:pstack@opentable.com) 2 | # Copyright:: Copyright (c) 2013 OpenTable Inc 3 | # License:: MIT 4 | # == Define: sslcertificate 5 | # 6 | # This defined type will install SSL Certs on windows 7 | # 8 | # === Requirements/Dependencies 9 | # 10 | # Currently reequires the puppetlabs/stdlib module on the Puppet Forge in 11 | # order to validate much of the the provided configuration. 12 | # 13 | # === Parameters 14 | # 15 | # [*password*] 16 | # The password for the given certificate 17 | # By default is undef 18 | # 19 | # [*location*] 20 | # The location to store intermediate certificates. 21 | # Do not end the string with any forward or backslash. 22 | # 23 | # [*thumbprint*] 24 | # The thumbprint used to verify the certificate 25 | # 26 | # [*store_dir*] 27 | # The certificate store where the certificate will be installed to 28 | # 29 | # [*root_store*] 30 | # The store location for the given certification store. Either LocalMachine or CurrentUser 31 | # 32 | # [*scripts_dir*] 33 | # This parameter has been deprecated and is no longer used. 34 | # 35 | # [*exportable*] 36 | # This parameter determines whether the certificate key is exportable or not. 37 | # 38 | # [*wildcard*] 39 | # This parameter determines whether the certificate is a wildcard certificate or not. 40 | # 41 | # [*interstore*] 42 | # This parameter determines whether the certificate is an intermediate certificate or not. 43 | # 44 | # 45 | # === Examples 46 | # 47 | # To install a certificate in the My directory of the LocalMachine root store: 48 | # 49 | # sslcertificate { "Install-PFX-Certificate" : 50 | # name => 'mycert.pfx', 51 | # password => 'password123', 52 | # location => 'C:', 53 | # thumbprint => '07E5C1AF7F5223CB975CC29B5455642F5570798B' 54 | # } 55 | # 56 | # To install a certifcate in an alternative directory: 57 | # 58 | # sslcertificate { "Install-Intermediate-Certificate" : 59 | # name => 'go_daddy_intermediate.p7b', 60 | # location => 'C:', 61 | # store_dir => 'CA', 62 | # root_store => 'LocalMachine', 63 | # thumbprint => '07E5C1AF7F5223CB975CC29B5455642F5570798B' 64 | # } 65 | # 66 | # To install a certificate in the My directory of the LocalMachine root store 67 | # and set the key as not exportable: 68 | # 69 | # sslcertificate { "Install-PFX-Certificate" : 70 | # name => 'mycert.pfx', 71 | # password => 'password123', 72 | # location => 'C:', 73 | # thumbprint => '07E5C1AF7F5223CB975CC29B5455642F5570798B', 74 | # exportable => false 75 | # } 76 | # 77 | define sslcertificate ( 78 | String[1] $location, 79 | String[1] $thumbprint, 80 | Optional[String[1]] $password = undef, 81 | String[1] $root_store = 'LocalMachine', 82 | String[1] $store_dir = 'My', 83 | Stdlib::Windowspath $scripts_dir = 'C:\temp', 84 | Boolean $exportable = true, 85 | Boolean $wildcard = false, 86 | Boolean $interstore = false 87 | ) { 88 | if $exportable { 89 | if $wildcard { 90 | $key_storage_flags = 'MachineKeySet,Exportable,PersistKeySet' 91 | } else { 92 | $key_storage_flags = 'Exportable,PersistKeySet' 93 | } 94 | } else { 95 | $key_storage_flags = 'PersistKeySet' 96 | } 97 | 98 | exec { "Install-${name}-SSLCert": 99 | provider => powershell, 100 | command => template('sslcertificate/import.ps1.erb'), 101 | onlyif => template('sslcertificate/inspect.ps1.erb'), 102 | logoutput => true, 103 | } 104 | } 105 | -------------------------------------------------------------------------------- /metadata.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "puppetlabs-sslcertificate", 3 | "version": "5.0.1", 4 | "author": "puppetlabs", 5 | "summary": "Module to manage SSL Certificates on Windows Server 2008 and upwards", 6 | "license": "MIT", 7 | "source": "https://github.com/puppetlabs/puppetlabs-sslcertificate", 8 | "project_page": "https://github.com/puppetlabs/puppetlabs-sslcertificate", 9 | "issues_url": "https://github.com/puppetlabs/puppetlabs-sslcertificate/issues", 10 | "dependencies": [ 11 | { 12 | "name": "puppetlabs/stdlib", 13 | "version_requirement": ">= 4.13.1 < 10.0.0" 14 | }, 15 | { 16 | "name": "puppetlabs/powershell", 17 | "version_requirement": ">= 1.1.1 < 7.0.0" 18 | } 19 | ], 20 | "operatingsystem_support": [ 21 | { 22 | "operatingsystem": "Windows", 23 | "operatingsystemrelease": [ 24 | "2016", 25 | "2019", 26 | "2022" 27 | ] 28 | } 29 | ], 30 | "requirements": [ 31 | { 32 | "name": "puppet", 33 | "version_requirement": ">= 7.0.0 < 9.0.0" 34 | } 35 | ], 36 | "pdk-version": "3.2.0", 37 | "template-url": "https://github.com/puppetlabs/pdk-templates.git#main", 38 | "template-ref": "tags/3.2.0.4-0-g5d17ec1" 39 | } 40 | -------------------------------------------------------------------------------- /pdk.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | ignore: [] 3 | -------------------------------------------------------------------------------- /spec/acceptance/sslcertificate_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper_acceptance' 4 | 5 | RSpec.configure do |c| 6 | c.before(:suite) do 7 | pp = <<~PP 8 | sslcertificate { "Install-PFX-Certificate" : 9 | name => 'mycert.pfx', 10 | password => 'password123', 11 | location => 'C:', 12 | thumbprint => '07E5C1AF7F5223CB975CC29B5455642F5570798B' 13 | } 14 | 15 | sslcertificate { "Install-Intermediate-Certificate" : 16 | name => 'go_daddy_intermediate.p7b', 17 | location => 'C:', 18 | store_dir => 'CA', 19 | root_store => 'LocalMachine', 20 | thumbprint => '07E5C1AF7F5223CB975CC29B5455642F5570798B' 21 | } 22 | PP 23 | Helper.instance.apply_manifest(pp, catch_failures: true) 24 | end 25 | end 26 | -------------------------------------------------------------------------------- /spec/default_facts.yml: -------------------------------------------------------------------------------- 1 | # Use default_module_facts.yml for module specific facts. 2 | # 3 | # Facts specified here will override the values provided by rspec-puppet-facts. 4 | --- 5 | networking: 6 | ip: "172.16.254.254" 7 | ip6: "FE80:0000:0000:0000:AAAA:AAAA:AAAA" 8 | mac: "AA:AA:AA:AA:AA:AA" 9 | is_pe: false 10 | -------------------------------------------------------------------------------- /spec/defines/sslcertificate_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'spec_helper' 4 | 5 | describe 'sslcertificate', type: :define do 6 | describe 'when managing a ssl certificate' do 7 | let(:title) { 'certificate-testCert' } 8 | let(:params) do 9 | { 10 | name: 'testCert', 11 | password: 'testPass', 12 | location: 'C:\SslCertificates', 13 | thumbprint: '07E5C1AF7F5223CB975CC29B5455642F5570798B', 14 | root_store: 'LocalMachine', 15 | store_dir: 'My' 16 | } 17 | end 18 | 19 | it do 20 | expect(subject).to contain_exec('Install-testCert-SSLCert').with( 21 | 'provider' => 'powershell', 22 | ) 23 | .with_command(%r{\$cert = gi "C:\\SslCertificates\\testCert"}) 24 | .with_onlyif(%r{\$certificate = gi "C:\\SslCertificates\\testCert"}) 25 | end 26 | end 27 | 28 | describe 'when managing a ssl certificate and set the key as not exportable' do 29 | let(:title) { 'certificate-testCert' } 30 | let(:params) do 31 | { 32 | name: 'testCert', 33 | password: 'testPass', 34 | location: 'C:\SslCertificates', 35 | thumbprint: '07E5C1AF7F5223CB975CC29B5455642F5570798B', 36 | root_store: 'LocalMachine', 37 | store_dir: 'My', 38 | exportable: false 39 | } 40 | end 41 | 42 | it do 43 | expect(subject).to contain_exec('Install-testCert-SSLCert').with( 44 | 'provider' => 'powershell', 45 | ) 46 | .with_command(%r{\$cert = gi "C:\\SslCertificates\\testCert"}) 47 | .with_onlyif(%r{\$certificate = gi "C:\\SslCertificates\\testCert"}) 48 | end 49 | end 50 | 51 | describe 'when no certificate password is provided' do 52 | let(:title) { 'certificate-testCert' } 53 | let(:params) do 54 | { 55 | name: 'testCert', 56 | location: 'C:\SslCertificates', 57 | thumbprint: '07E5C1AF7F5223CB975CC29B5455642F5570798B', 58 | root_store: 'LocalMachine', 59 | store_dir: 'My' 60 | } 61 | end 62 | 63 | it { is_expected.to contain_exec('Install-testCert-SSLCert') } 64 | end 65 | 66 | describe 'when managing a wildcard certificate and interstore is enabled' do 67 | let(:title) { 'certificate-testCert' } 68 | let(:params) do 69 | { 70 | name: 'testCert', 71 | password: 'testPass', 72 | location: 'C:\SslCertificates', 73 | thumbprint: '07E5C1AF7F5223CB975CC29B5455642F5570798B', 74 | root_store: 'LocalMachine', 75 | store_dir: 'My', 76 | wildcard: true, 77 | exportable: true, 78 | interstore: true 79 | } 80 | end 81 | 82 | it do 83 | expect(subject).to contain_exec('Install-testCert-SSLCert').with( 84 | 'provider' => 'powershell', 85 | ) 86 | .with_command(%r{\$cert = gi "C:\\SslCertificates\\testCert"}) 87 | .with_onlyif(%r{\$certificate = gi "C:\\SslCertificates\\testCert"}) 88 | end 89 | end 90 | end 91 | -------------------------------------------------------------------------------- /spec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | RSpec.configure do |c| 4 | c.mock_with :rspec 5 | end 6 | 7 | require 'puppetlabs_spec_helper/module_spec_helper' 8 | require 'rspec-puppet-facts' 9 | 10 | require 'spec_helper_local' if File.file?(File.join(File.dirname(__FILE__), 'spec_helper_local.rb')) 11 | 12 | include RspecPuppetFacts 13 | 14 | default_facts = { 15 | puppetversion: Puppet.version, 16 | facterversion: Facter.version, 17 | } 18 | 19 | default_fact_files = [ 20 | File.expand_path(File.join(File.dirname(__FILE__), 'default_facts.yml')), 21 | File.expand_path(File.join(File.dirname(__FILE__), 'default_module_facts.yml')), 22 | ] 23 | 24 | default_fact_files.each do |f| 25 | next unless File.exist?(f) && File.readable?(f) && File.size?(f) 26 | 27 | begin 28 | require 'deep_merge' 29 | default_facts.deep_merge!(YAML.safe_load(File.read(f), permitted_classes: [], permitted_symbols: [], aliases: true)) 30 | rescue StandardError => e 31 | RSpec.configuration.reporter.message "WARNING: Unable to load #{f}: #{e}" 32 | end 33 | end 34 | 35 | # read default_facts and merge them over what is provided by facterdb 36 | default_facts.each do |fact, value| 37 | add_custom_fact fact, value, merge_facts: true 38 | end 39 | 40 | RSpec.configure do |c| 41 | c.default_facts = default_facts 42 | c.before :each do 43 | # set to strictest setting for testing 44 | # by default Puppet runs at warning level 45 | Puppet.settings[:strict] = :warning 46 | Puppet.settings[:strict_variables] = true 47 | end 48 | c.filter_run_excluding(bolt: true) unless ENV['GEM_BOLT'] 49 | c.after(:suite) do 50 | RSpec::Puppet::Coverage.report!(0) 51 | end 52 | 53 | # Filter backtrace noise 54 | backtrace_exclusion_patterns = [ 55 | %r{spec_helper}, 56 | %r{gems}, 57 | ] 58 | 59 | if c.respond_to?(:backtrace_exclusion_patterns) 60 | c.backtrace_exclusion_patterns = backtrace_exclusion_patterns 61 | elsif c.respond_to?(:backtrace_clean_patterns) 62 | c.backtrace_clean_patterns = backtrace_exclusion_patterns 63 | end 64 | end 65 | 66 | # Ensures that a module is defined 67 | # @param module_name Name of the module 68 | def ensure_module_defined(module_name) 69 | module_name.split('::').reduce(Object) do |last_module, next_module| 70 | last_module.const_set(next_module, Module.new) unless last_module.const_defined?(next_module, false) 71 | last_module.const_get(next_module, false) 72 | end 73 | end 74 | 75 | # 'spec_overrides' from sync.yml will appear below this line 76 | def regexp_matches(available_parameters) 77 | match(available_parameters) 78 | end 79 | -------------------------------------------------------------------------------- /spec/spec_helper_acceptance.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require 'puppet_litmus' 4 | require 'singleton' 5 | require 'spec_helper_acceptance_local' if File.file?(File.join(File.dirname(__FILE__), 6 | 'spec_helper_acceptance_local.rb')) 7 | 8 | class Helper 9 | include Singleton 10 | include PuppetLitmus 11 | end 12 | 13 | PuppetLitmus.configure! 14 | -------------------------------------------------------------------------------- /templates/import.ps1.erb: -------------------------------------------------------------------------------- 1 | $pfx = new-object System.Security.Cryptography.X509Certificates.X509Certificate2 2 | 3 | $cert = gi "<%= @location %>\<%= @name %>" 4 | 5 | switch -regex ($cert.Extension.ToUpper()) { 6 | ".CER|.DER|.P12" { 7 | $pfx.Import("<%= @location %>\<%= @name %>","<%= @password %>","<%= @key_storage_flags %>") 8 | } 9 | ".CRT" { 10 | $pfx.Import([System.IO.File]::ReadAllBytes("<%= @location %>\<%= @name %>")) 11 | } 12 | ".P7B|.SST" { 13 | $pfx = new-object System.Security.Cryptography.X509Certificates.X509Certificate2Collection 14 | $pfx.Import([System.IO.File]::ReadAllBytes("<%= @location %>\<%= @name %>")) 15 | } 16 | ".PFX|.P12" { 17 | $pfx = new-object System.Security.Cryptography.X509Certificates.X509Certificate2Collection 18 | $pfx.import("<%= @location %>\<%= @name %>","<%= @password %>","<%= @key_storage_flags %>") 19 | } 20 | } 21 | 22 | $store = new-object System.Security.Cryptography.X509Certificates.X509Store("<%= @store_dir %>","<%= @root_store %>") 23 | $store.open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite) 24 | 25 | $intermediatestore = new-object System.Security.Cryptography.X509Certificates.X509Store("CA","<%= @root_store %>") 26 | $intermediatestore.open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite) 27 | 28 | <% if @interstore == true %> 29 | foreach($cert in $pfx) { 30 | $store.Add($cert) 31 | } 32 | <% else %> 33 | foreach($cert in $pfx) { 34 | if($cert.Thumbprint -ne "<%= @thumbprint %>") { 35 | $intermediatestore.Add($cert) 36 | } else { 37 | $store.Add($cert) 38 | } 39 | } 40 | <% end %> 41 | 42 | $intermediatestore.close() 43 | $store.close() 44 | -------------------------------------------------------------------------------- /templates/inspect.ps1.erb: -------------------------------------------------------------------------------- 1 | $is_already_installed = Get-ChildItem -Path cert:\<%= @root_store %>\<%= @store_dir %> -Recurse | select thumbprint | where { $_.thumbprint -eq '<%= @thumbprint %>' } 2 | 3 | if ([string]::IsNullOrEmpty($is_already_installed) -eq $False) { 4 | exit 1 5 | } 6 | 7 | $pfx = new-object System.Security.Cryptography.X509Certificates.X509Certificate2 8 | 9 | $certificate = gi "<%= @location %>\<%= @name %>" 10 | switch -regex ($certificate.Extension.ToUpper()) { 11 | ".CER|.DER|.P12" { 12 | $pfx.Import("<%= @location %>\<%= @name %>","<%= @password %>","<%= @key_storage_flags %>") 13 | } 14 | ".CRT" { 15 | $pfx.Import([System.IO.File]::ReadAllBytes("<%= @location %>\<%= @name %>")) 16 | } 17 | ".P7B|.SST" { 18 | $pfx = new-object System.Security.Cryptography.X509Certificates.X509Certificate2Collection 19 | $pfx.Import([System.IO.File]::ReadAllBytes("<%= @location %>\<%= @name %>")) 20 | } 21 | ".PFX" { 22 | $pfx = new-object System.Security.Cryptography.X509Certificates.X509Certificate2Collection 23 | $pfx.import("<%= @location %>\<%= @name %>","<%= @password %>","<%= @key_storage_flags %>") 24 | } 25 | } 26 | 27 | 28 | $installedCerts = @(Get-ChildItem -R cert:\<%= @root_store %>\<%= @store_dir %>) 29 | $intermediateCerts = @(Get-ChildItem -R cert:\<%= @root_store %>\CA) 30 | 31 | $installedCertCount = 0 32 | $installedIntermediateCount = 0 33 | 34 | 35 | if (($pfx -ne $null) -and ($installedCerts -ne $null) -and ($intermediateCerts -ne $null)) { 36 | foreach($cert in $pfx) 37 | { 38 | if($cert.Thumbprint -ne "<%= @thumbprint %>") { 39 | foreach ($intermediate in $intermediateCerts) { 40 | if($intermediate.Thumbprint -eq $cert.Thumbprint) { 41 | $installedIntermediateCount ++ 42 | } 43 | } 44 | } 45 | else { 46 | foreach ($installedCert in $installedCerts) { 47 | if($installedCert.Thumbprint -eq $cert.Thumbprint) { 48 | $installedCertCount ++ 49 | } 50 | } 51 | } 52 | } 53 | 54 | # When $pfx.Count is $null, $pfx is an instance of X509Certificate2, not X509Certificate2Collection, so 55 | # ensure that only a single certificate has been installed. 56 | if (($pfx.Count -eq $null) -and ($installedCertCount -eq 1) -and ($installedIntermediateCount -eq 0)) { 57 | exit 1 58 | } 59 | elseif (($installedCertCount + $installedIntermediateCount) -eq $pfx.Count) { 60 | exit 1 61 | } 62 | } 63 | 64 | exit 0 65 | --------------------------------------------------------------------------------