From 10fe9542c8c35f62db965b9a72689bb8c58c39f4 Mon Sep 17 00:00:00 2001 From: Hugo Haakseth Date: Wed, 5 Jun 2024 21:03:33 +0200 Subject: [PATCH] Support proxy when downloading remote certificates --- REFERENCE.md | 44 +++++++++++++++++++++++++++++++------------- manifests/ca.pp | 24 +++++++++++++++++------- 2 files changed, 48 insertions(+), 20 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index 827c686..0639f0a 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -220,11 +220,13 @@ ca_cert::ca { 'globalsign_org_intermediate': The following parameters are available in the `ca_cert::ca` defined type: * [`ensure`](#-ca_cert--ca--ensure) -* [`content`](#-ca_cert--ca--content) -* [`source`](#-ca_cert--ca--source) * [`allow_insecure_source`](#-ca_cert--ca--allow_insecure_source) +* [`source`](#-ca_cert--ca--source) +* [`content`](#-ca_cert--ca--content) * [`checksum`](#-ca_cert--ca--checksum) * [`checksum_type`](#-ca_cert--ca--checksum_type) +* [`proxy_server`](#-ca_cert--ca--proxy_server) +* [`proxy_type`](#-ca_cert--ca--proxy_type) ##### `ensure` @@ -236,14 +238,13 @@ Whether or not the CA certificate should be on a system or not. Default value: `'present'` -##### `content` +##### `allow_insecure_source` -Data type: `Optional[String[1]]` +Data type: `Boolean` -PEM formatted certificate content -This attribute is mutually exclusive with `source` +Whether to allow insecure download or not. -Default value: `undef` +Default value: `false` ##### `source` @@ -255,19 +256,20 @@ Uri support, see puppet-archive. Default value: `undef` -##### `allow_insecure_source` +##### `content` -Data type: `Boolean` +Data type: `Optional[String[1]]` -Wether to allow insecure download or not. +PEM formatted certificate content +This attribute is mutually exclusive with `source` -Default value: `false` +Default value: `undef` ##### `checksum` Data type: `Optional[String[1]]` -The checksum of the file. (defaults to undef) +The checksum of the file. Default value: `undef` @@ -275,7 +277,23 @@ Default value: `undef` Data type: `Optional[String[1]]` -The type of file checksum. (defauts to undef) +The type of file checksum. + +Default value: `undef` + +##### `proxy_server` + +Data type: `Optional[String[1]]` + +Proxy address to use when accessing source + +Default value: `undef` + +##### `proxy_type` + +Data type: `Optional[String[1]]` + +Proxy type ( See `archive::proxy_type ) Default value: `undef` diff --git a/manifests/ca.pp b/manifests/ca.pp index a8fe87f..83697a6 100644 --- a/manifests/ca.pp +++ b/manifests/ca.pp @@ -11,23 +11,29 @@ # - `present`/`absent` is used to manage local/none default CAs. # - `trusted`/`distrusted` is used to manage system CAs. # -# @param content -# PEM formatted certificate content -# This attribute is mutually exclusive with `source` +# @param allow_insecure_source +# Whether to allow insecure download or not. # # @param source # A source certificate, which will be copied into place on the local system. # This attribute is mutually exclusive with `content` # Uri support, see puppet-archive. # -# @param allow_insecure_source -# Wether to allow insecure download or not. +# @param content +# PEM formatted certificate content +# This attribute is mutually exclusive with `source` # # @param checksum -# The checksum of the file. (defaults to undef) +# The checksum of the file. # # @param checksum_type -# The type of file checksum. (defauts to undef) +# The type of file checksum. +# +# @param proxy_server +# Proxy address to use when accessing source +# +# @param proxy_type +# Proxy type ( See `archive::proxy_type ) # define ca_cert::ca ( Enum['present', 'absent', 'trusted', 'distrusted'] $ensure = 'present', @@ -36,6 +42,8 @@ Optional[String[1]] $content = undef, Optional[String[1]] $checksum = undef, Optional[String[1]] $checksum_type = undef, + Optional[String[1]] $proxy_server = undef, + Optional[String[1]] $proxy_type = undef, ) { include ca_cert @@ -80,6 +88,8 @@ checksum => $checksum, checksum_type => $checksum_type, allow_insecure => $allow_insecure_source, + proxy_server => $proxy_server, + proxy_type => $proxy_type, notify => Exec['ca_cert_update'], } -> file { $ca_cert: