Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refactor to Puppet 4 types #159

Merged
merged 1 commit into from
Aug 21, 2017
Merged

Refactor to Puppet 4 types #159

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 4 additions & 8 deletions manifests/foreman_proxy_content.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,22 +4,18 @@
#
# $parent_fqdn:: FQDN of the parent node. Does not usually
# need to be set.
# type:Optional[String]
#
# $foreman_proxy_fqdn:: FQDN of the foreman proxy
# type:String
#
# $foreman_proxy_cname:: additional names of the foreman proxy
# type:Array
#
# $certs_tar:: Path to tar file with certs to generate
# type:Optional[String]
#
class certs::foreman_proxy_content (
$parent_fqdn = $::fqdn,
$foreman_proxy_fqdn = $::certs::params::node_fqdn,
$foreman_proxy_cname = $::certs::params::cname,
$certs_tar = $::certs::params::certs_tar,
Optional[String] $parent_fqdn = $::fqdn,
String $foreman_proxy_fqdn = $::certs::params::node_fqdn,
Array[String] $foreman_proxy_cname = $::certs::params::cname,
Optional[String] $certs_tar = $::certs::params::certs_tar,
) inherits certs::params {

# until we support again pushing the cert rpms to the Katello,
Expand Down
84 changes: 25 additions & 59 deletions manifests/init.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,128 +8,94 @@
#
# $node_fqdn:: The fqdn of the host the generated certificates
# should be for
# type:String
#
# $cname:: The alternative names of the host the generated certificates
# should be for
# type:array
#
# $server_ca_cert:: Path to the CA that issued the ssl certificates for https
# if not specified, the default CA will be used
# type:Optional[Stdlib::Absolutepath]
#
# $server_cert:: Path to the ssl certificate for https
# if not specified, the default CA will generate one
# type:Optional[Stdlib::Absolutepath]
#
# $server_key:: Path to the ssl key for https
# if not specified, the default CA will generate one
# type:Optional[Stdlib::Absolutepath]
#
# $server_cert_req:: Path to the ssl certificate request for https
# if not specified, the default CA will generate one
# type:Optional[Stdlib::Absolutepath]
#
# === Advanced parameters:
#
# $log_dir:: Where the log files should go
# type:Stdlib::Absolutepath
#
# $generate:: Should the generation of the certs be part of the
# configuration
# type:Boolean
#
# $regenerate:: Force regeneration of the certificates (excluding
# ca certificates)
# type:Boolean
#
# $regenerate_ca:: Force regeneration of the ca certificate
# type:Boolean
#
# $deploy:: Deploy the certs on the configured system. False means
# we want apply it on a different system
# type:Boolean
#
# $ca_common_name:: Common name for the generated CA certificate
# type:String
#
# $country:: Country attribute for managed certificates
# type:String[2]
#
# $state:: State attribute for managed certificates
# type:String
#
# $city:: City attribute for managed certificates
# type:String
#
# $org:: Org attribute for managed certificates
# type:String
#
# $org_unit:: Org unit attribute for managed certificates
# type:String
#
# $expiration:: Expiration attribute for managed certificates
# type:String
#
# $ca_expiration:: CA expiration attribute for managed certificates
# type:String
#
# $pki_dir:: The PKI directory under which to place certs
# type:Stdlib::Absolutepath
#
# $ssl_build_dir:: The directory where SSL keys, certs and RPMs will be generated
# type:Stdlib::Absolutepath
#
# $user:: The system user name who should own the certs
# type:String
#
# $group:: The group who should own the certs
# type:String
#
# $default_ca_name:: The name of the default CA
# type:String
#
# $server_ca_name:: The name of the server CA (used for https)
# type:String
#
class certs (
$log_dir = $::certs::params::log_dir,
$node_fqdn = $::certs::params::node_fqdn,
$cname = $::certs::params::cname,
$generate = $::certs::params::generate,
$regenerate = $::certs::params::regenerate,
$regenerate_ca = $::certs::params::regenerate_ca,
$deploy = $::certs::params::deploy,
$ca_common_name = $::certs::params::ca_common_name,
$country = $::certs::params::country,
$state = $::certs::params::state,
$city = $::certs::params::city,
$org = $::certs::params::org,
$org_unit = $::certs::params::org_unit,

$expiration = $::certs::params::expiration,
$ca_expiration = $::certs::params::ca_expiration,

$server_cert = $::certs::params::server_cert,
$server_key = $::certs::params::server_key,
$server_cert_req = $::certs::params::server_cert_req,
$server_ca_cert = $::certs::params::server_ca_cert,

$pki_dir = $::certs::params::pki_dir,
$ssl_build_dir = $::certs::params::ssl_build_dir,

$user = $::certs::params::user,
$group = $::certs::params::group,

$default_ca_name = $::certs::params::default_ca_name,
$server_ca_name = $::certs::params::server_ca_name,
Stdlib::Absolutepath $log_dir = $::certs::params::log_dir,
String $node_fqdn = $::certs::params::node_fqdn,
Array[String] $cname = $::certs::params::cname,
Boolean $generate = $::certs::params::generate,
Boolean $regenerate = $::certs::params::regenerate,
Boolean $regenerate_ca = $::certs::params::regenerate_ca,
Boolean $deploy = $::certs::params::deploy,
String $ca_common_name = $::certs::params::ca_common_name,
String[2,2] $country = $::certs::params::country,
String $state = $::certs::params::state,
String $city = $::certs::params::city,
String $org = $::certs::params::org,
String $org_unit = $::certs::params::org_unit,
String $expiration = $::certs::params::expiration,
String $ca_expiration = $::certs::params::ca_expiration,
Optional[Stdlib::Absolutepath] $server_cert = $::certs::params::server_cert,
Optional[Stdlib::Absolutepath] $server_key = $::certs::params::server_key,
Optional[Stdlib::Absolutepath] $server_cert_req = $::certs::params::server_cert_req,
Optional[Stdlib::Absolutepath] $server_ca_cert = $::certs::params::server_ca_cert,
Stdlib::Absolutepath $pki_dir = $::certs::params::pki_dir,
Stdlib::Absolutepath $ssl_build_dir = $::certs::params::ssl_build_dir,
String $user = $::certs::params::user,
String $group = $::certs::params::group,
String $default_ca_name = $::certs::params::default_ca_name,
String $server_ca_name = $::certs::params::server_ca_name,
) inherits certs::params {

if $server_cert {
validate_absolute_path($server_cert)
validate_absolute_path($server_cert_req)
validate_absolute_path($server_key)
validate_absolute_path($server_ca_cert)
validate_file_exists($server_cert, $server_cert_req, $server_key, $server_ca_cert)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unrelated, but this is the only reason we still need puppet-common. I'm wondering if we can get rid of it somehow.

}

Expand Down