Skip to content
This repository has been archived by the owner on Jun 30, 2023. It is now read-only.

Commit

Permalink
Rewrite service notifications (#36)
Browse files Browse the repository at this point in the history
  • Loading branch information
Riccardo Calixte authored Jul 26, 2018
1 parent aa4fa4f commit 48d4a0b
Show file tree
Hide file tree
Showing 7 changed files with 105 additions and 241 deletions.
6 changes: 6 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,9 @@
## Release 2.4.0 (July 26, 2018)

### Summary
* Add support for an array of services in `service` parameter #16
* Rewrite `service` parameter entirely - proper values are now Array[String], Boolean, or String

## Release 2.3.2 (July 24, 2018)

### Summary
Expand Down
14 changes: 7 additions & 7 deletions Gemfile.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,22 +28,22 @@ GEM
thor (~> 0.15)
locale (2.1.2)
metaclass (0.0.4)
metadata-json-lint (2.1.0)
metadata-json-lint (2.2.0)
json-schema (~> 2.8)
spdx-licenses (~> 1.0)
minitar (0.6.1)
mocha (1.5.0)
mocha (1.6.0)
metaclass (~> 0.0.1)
multi_json (1.13.1)
multipart-post (2.0.0)
public_suffix (3.0.2)
puppet (5.5.1)
puppet (5.5.3)
facter (> 2.0.1, < 4)
fast_gettext (~> 1.1.2)
hiera (>= 3.2.1, < 4)
locale (~> 2.1)
multi_json (~> 1.10)
puppet-lint (2.3.5)
puppet-lint (2.3.6)
puppet-syntax (2.4.1)
rake
puppet_forge (2.2.9)
Expand All @@ -52,7 +52,7 @@ GEM
gettext-setup (~> 0.11)
minitar
semantic_puppet (~> 1.0)
puppetlabs_spec_helper (2.9.0)
puppetlabs_spec_helper (2.9.1)
mocha (~> 1.0)
puppet-lint (~> 2.0)
puppet-syntax (~> 2.0)
Expand All @@ -71,7 +71,7 @@ GEM
rspec-mocks (3.7.0)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.7.0)
rspec-puppet (2.6.12)
rspec-puppet (2.6.14)
rspec
rspec-puppet-utils (3.4.0)
mocha
Expand Down Expand Up @@ -104,4 +104,4 @@ DEPENDENCIES
rspec-puppet-utils

BUNDLED WITH
1.16.1
1.16.2
4 changes: 2 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -357,9 +357,9 @@ Name of the owner of the certificates.
Optional value. **Default: 'root'**.

##### `service`
Name of the server service to notify when certificates are updated.
Name of the server service(s) to notify when certificates are updated.

Setting to `null` will disable service notifications.
Setting to false (or any Boolean) will disable service notifications.

Optional value. Defaults:
- **RedHat**: `httpd`
Expand Down
51 changes: 26 additions & 25 deletions manifests/init.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,6 @@
# The certs class provides a single define, certs::site, configurable
# within Hiera as well.
#
# === Authors
#
# Riccardo Calixte <rcalixte@broadinstitute.org>
# Andrew Teixeira <teixeira@broadinstitute.org>
#
# === Parameters
#
# [*ca_cert*]
Expand Down Expand Up @@ -107,6 +102,11 @@
# - 'root' for Redhat-based, Debian-based, and Suse-based systems
# - 'wheel' for FreeBSD and Gentoo-based systems
#
# [*key_content*]
# A string representing the contents of the key file. This can only be
# provided if $source_path is undefined or an error will occur.
# Optional value. Default: undef.
#
# [*key_dir_mode*]
# Permissions of the private keys directory.
# This sets the default globally for use by all certs::site resources.
Expand Down Expand Up @@ -137,8 +137,8 @@
# Optional value. Default: 'root'.
#
# [*service*]
# Name of the server service to notify when certificates are updated.
# Setting to `null` will disable service notifications.
# Name of the server service(s) to notify when certificates are updated.
# Setting to false (or any Boolean) will disable service notifications.
# This sets the default globally for use by all certs::site resources.
# Optional value. Defaults:
# - 'httpd' for RedHat-based systems
Expand Down Expand Up @@ -175,24 +175,25 @@
String $key_ext,
String $key_mode,
String $owner,
Optional[String] $service = undef,
Optional[String] $source_path = undef,
Optional[String] $ca_content = undef,
Optional[String] $ca_name = undef,
Optional[String] $ca_source_path = $source_path,
Optional[String] $cert_content = undef,
Optional[String] $chain_content = undef,
Optional[String] $chain_name = undef,
Optional[String] $chain_source_path = $source_path,
String $ca_ext = lookup('certs::cert_ext'),
Stdlib::Absolutepath $ca_path = lookup('certs::cert_path'),
String $chain_ext = lookup('certs::cert_ext'),
Stdlib::Absolutepath $chain_path = lookup('certs::cert_path'),
Boolean $ca_cert = false,
Boolean $cert_chain = false,
Boolean $supported_os = false,
Boolean $validate_x509 = false,
Hash $sites = {}
Optional[String] $key_content = undef,
Optional[Variant[Array[String],Boolean,String]] $service = lookup('certs::service'),
Optional[String] $source_path = undef,
Optional[String] $ca_content = undef,
Optional[String] $ca_name = undef,
Optional[String] $ca_source_path = $source_path,
Optional[String] $cert_content = undef,
Optional[String] $chain_content = undef,
Optional[String] $chain_name = undef,
Optional[String] $chain_source_path = $source_path,
String $ca_ext = lookup('certs::cert_ext'),
Stdlib::Absolutepath $ca_path = lookup('certs::cert_path'),
String $chain_ext = lookup('certs::cert_ext'),
Stdlib::Absolutepath $chain_path = lookup('certs::cert_path'),
Boolean $ca_cert = false,
Boolean $cert_chain = false,
Boolean $supported_os = false,
Boolean $validate_x509 = false,
Hash $sites = {}
) {
unless $supported_os {
fail("Class['certs']: Unsupported osfamily: ${facts['osfamily']}")
Expand Down
127 changes: 56 additions & 71 deletions manifests/site.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -158,8 +158,8 @@
# Optional value. Default: 'root'.
#
# [*service*]
# Name of the server service to notify when certificates are updated.
# Setting to `null` will disable service notifications.
# Name of the server service(s) to notify when certificates are updated.
# Setting to false (or any Boolean) will disable service notifications.
# Optional value. Defaults:
# - 'httpd' for RedHat-based systems
# - 'apache2' for Debian-based, Suse-based, and Gentoo-based systems
Expand Down Expand Up @@ -207,49 +207,44 @@
# ---
# Certs::Site<| |> -> Apache::Vhost<| |>
#
# === Authors
#
# Riccardo Calixte <rcalixte@broadinstitute.org>
# Andrew Teixeira <teixeira@broadinstitute.org>
#
define certs::site(
Enum['present','absent'] $ensure = 'present',
Optional[String] $source_path = $::certs::source_path,
Stdlib::Absolutepath $cert_path = $::certs::cert_path,
String $cert_dir_mode = $::certs::cert_dir_mode,
String $cert_ext = $::certs::cert_ext,
String $cert_mode = $::certs::cert_mode,
Optional[String] $cert_content = $::certs::cert_content,
Stdlib::Absolutepath $key_path = $::certs::key_path,
String $key_dir_mode = $::certs::key_dir_mode,
String $key_ext = $::certs::key_ext,
String $key_mode = $::certs::key_mode,
Boolean $merge_key = false,
Optional[String] $key_content = undef,
Boolean $ca_cert = $::certs::ca_cert,
Optional[String] $ca_name = $::certs::ca_name,
Optional[String] $ca_source_path = pick_default($::certs::ca_source_path, $source_path),
Stdlib::Absolutepath $ca_path = $::certs::ca_path,
String $ca_ext = $::certs::ca_ext,
Optional[String] $ca_content = $::certs::ca_content,
Boolean $cert_chain = $::certs::cert_chain,
Optional[String] $chain_name = $::certs::chain_name,
Stdlib::Absolutepath $chain_path = $::certs::chain_path,
String $chain_ext = $::certs::chain_ext,
Optional[String] $chain_source_path = pick_default($::certs::chain_source_path, $source_path),
Optional[String] $chain_content = $::certs::chain_content,
Boolean $merge_chain = false,
Boolean $dhparam = false,
Optional[String] $dhparam_content = undef,
String $dhparam_file = $::certs::dhparam_file,
Boolean $merge_dhparam = false,
Optional[String] $service = undef,
String $owner = $::certs::owner,
String $group = $::certs::group,
Boolean $validate_x509 = $::certs::validate_x509,
Enum['present','absent'] $ensure = 'present',
Optional[String] $source_path = $::certs::source_path,
Stdlib::Absolutepath $cert_path = $::certs::cert_path,
String $cert_dir_mode = $::certs::cert_dir_mode,
String $cert_ext = $::certs::cert_ext,
String $cert_mode = $::certs::cert_mode,
Optional[String] $cert_content = $::certs::cert_content,
Stdlib::Absolutepath $key_path = $::certs::key_path,
String $key_dir_mode = $::certs::key_dir_mode,
String $key_ext = $::certs::key_ext,
String $key_mode = $::certs::key_mode,
Boolean $merge_key = false,
Optional[String] $key_content = $::certs::key_content,
Boolean $ca_cert = $::certs::ca_cert,
Optional[String] $ca_name = $::certs::ca_name,
Optional[String] $ca_source_path = pick_default($::certs::ca_source_path, $source_path),
Stdlib::Absolutepath $ca_path = $::certs::ca_path,
String $ca_ext = $::certs::ca_ext,
Optional[String] $ca_content = $::certs::ca_content,
Boolean $cert_chain = $::certs::cert_chain,
Optional[String] $chain_name = $::certs::chain_name,
Stdlib::Absolutepath $chain_path = $::certs::chain_path,
String $chain_ext = $::certs::chain_ext,
Optional[String] $chain_source_path = pick_default($::certs::chain_source_path, $source_path),
Optional[String] $chain_content = $::certs::chain_content,
Boolean $merge_chain = false,
Boolean $dhparam = false,
Optional[String] $dhparam_content = undef,
String $dhparam_file = $::certs::dhparam_file,
Boolean $merge_dhparam = false,
Optional[Variant[Array[String],Boolean,String]] $service = $::certs::service,
String $owner = $::certs::owner,
String $group = $::certs::group,
Boolean $validate_x509 = $::certs::validate_x509,
) {
# The base class must be included first because it is used by parameter defaults
unless defined(Class['certs']) {
unless (defined(Class['certs'])) {
fail('You must include the certs base class before using any certs defined resources')
}

Expand All @@ -261,7 +256,7 @@
fail('You can only provide $source_path or $cert_content/$key_content, not both.')
}

unless $source_path {
unless ($source_path) {
unless($cert_content and $key_content) {
fail('If source_path is not set, $cert_content and $key_content must both be set.')
}
Expand All @@ -270,7 +265,7 @@
$cert = "${name}${cert_ext}"
$key = "${name}${key_ext}"

if $validate_x509 {
if ($validate_x509) {
validate_x509_rsa_key_pair("${cert_path}/${cert}", "${key_path}/${key}")
}

Expand All @@ -290,13 +285,13 @@
default => undef,
}

if $cert_chain {
if ($cert_chain) {
if ($chain_name == undef) {
fail('You must provide a chain_name value for the cert chain to certs::site.')
}
$chain = "${chain_name}${chain_ext}"

if $chain_content == undef {
if ($chain_content == undef) {
if ($chain_source_path == undef) {
fail('You must provide a chain_source_path for the SSL files to certs::site.')
}
Expand All @@ -315,13 +310,13 @@
}
}

if $ca_cert {
if ($ca_cert) {
if ($ca_name == undef) {
fail('You must provide a ca_name value for the CA cert to certs::site.')
}
$ca = "${ca_name}${ca_ext}"

if $ca_content == undef {
if ($ca_content == undef) {
if ($ca_source_path == undef) {
fail('You must provide a ca_source_path for the SSL files to certs::site.')
}
Expand All @@ -332,23 +327,13 @@
}
}

if $service {
case $service {
undef: {
$service_notify = undef
}
default: {
$service_notify = Service[$service]
}
}
} else {
case $::certs::service {
undef: {
$service_notify = undef
}
default: {
$service_notify = Service[$service]
}
if ($service =~ String) {
$service_notify = Service[$service]
} elsif ($service =~ Boolean) {
$service_notify = undef
} elsif ($service =~ Array[String]) {
$service_notify = $service.map |$serv| {
"Service[${serv}]"
}
}

Expand All @@ -368,7 +353,7 @@
mode => $key_dir_mode,
})

if $merge_chain or $merge_key or $merge_dhparam {
if ($merge_chain or $merge_key or $merge_dhparam) {
concat { "${name}_cert_merged":
ensure => $ensure,
ensure_newline => true,
Expand All @@ -388,7 +373,7 @@
order => '01',
}

if $merge_key {
if ($merge_key) {
concat::fragment { "${cert}_key":
target => "${name}_cert_merged",
source => $key_source,
Expand All @@ -397,16 +382,16 @@
}
}

if $merge_chain {
if $cert_chain {
if ($merge_chain) {
if ($cert_chain) {
concat::fragment { "${cert}_chain":
target => "${name}_cert_merged",
source => $chain_source,
content => $chain_content,
order => '50',
}
}
if $ca_cert {
if ($ca_cert) {
concat::fragment { "${cert}_ca":
target => "${name}_cert_merged",
source => $ca_source,
Expand All @@ -416,7 +401,7 @@
}
}

if $dhparam and $merge_dhparam {
if ($dhparam and $merge_dhparam) {
concat::fragment { "${cert}_dhparam":
target => "${name}_cert_merged",
source => $dhparam_source,
Expand Down
2 changes: 1 addition & 1 deletion metadata.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "broadinstitute-certs",
"version": "2.3.2",
"version": "2.4.0",
"author": "Riccardo Calixte <rcalixte@broadinstitute.org>",
"description": "Module for SSL certificate configuration",
"summary": "Configures and manages SSL certificate deployments, restarting services as configured.",
Expand Down
Loading

0 comments on commit 48d4a0b

Please sign in to comment.