Skip to content

Commit

Permalink
Merge pull request #76 from GreatFruitOmsk/master
Browse files Browse the repository at this point in the history
Add support for the client-cert-not-required parameter.
  • Loading branch information
luxflux committed Jun 4, 2014
2 parents 8b861e0 + 8d604a2 commit 831eb7f
Show file tree
Hide file tree
Showing 6 changed files with 22 additions and 0 deletions.
8 changes: 8 additions & 0 deletions manifests/client.pp
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,13 @@
# Default: infinite
# Options: Integer or infinite
#
# [*auth_retry*]
# String. Controls how OpenVPN responds to username/password verification errors such
# as the client-side response to an AUTH_FAILED message from the server or verification
# failure of the private key password.
# Default: none
# Options: 'none' or 'nointeract' or 'interact'
#
# [*verb*]
# Integer. Level of logging verbosity
# Default: 3
Expand Down Expand Up @@ -119,6 +126,7 @@
$proto = 'tcp',
$remote_host = $::fqdn,
$resolv_retry = 'infinite',
$auth_retry = 'none',
$verb = '3',
$pam = false,
$authuserpass = false,
Expand Down
5 changes: 5 additions & 0 deletions manifests/server.pp
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,10 @@
# Boolean. If true then set username-as-common-name
# Default: false
#
# [*client_cert_not_required*]
# Boolean. If true then set client-cert-not-required
# Default: false
#
# [*ldap_enabled*]
# Boolean. If ldap is enabled, do stuff
# Default: false
Expand Down Expand Up @@ -310,6 +314,7 @@
$up = '',
$down = '',
$username_as_common_name = false,
$client_cert_not_required = false,
$ldap_enabled = false,
$ldap_server = '',
$ldap_binddn = '',
Expand Down
3 changes: 3 additions & 0 deletions spec/defines/openvpn_client_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@
it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^ns\-cert\-type\s+server$/)}
it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^verb\s+3$/)}
it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^mute\s+20$/)}
it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^auth-retry\s+none$/)}
end

context "setting all of the parameters" do
Expand All @@ -73,6 +74,7 @@
'proto' => 'udp',
'remote_host' => 'somewhere',
'resolv_retry' => '2m',
'auth_retry' => 'interact',
'verb' => '1'
} }
let(:facts) { {
Expand All @@ -94,6 +96,7 @@
it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^resolv-retry\s+2m$/)}
it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^verb\s+1$/)}
it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^mute\s+10$/)}
it { should contain_file('/etc/openvpn/test_server/download-configs/test_client/test_client.conf').with_content(/^auth-retry\s+interact$/)}
end

end
2 changes: 2 additions & 0 deletions spec/defines/openvpn_server_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -294,6 +294,7 @@
'email' => 'testemail@example.org',

'username_as_common_name' => true,
'client_cert_not_required' => true,

'ldap_enabled' => true,
'ldap_server' => 'ldaps://ldap.example.org:636',
Expand Down Expand Up @@ -334,6 +335,7 @@

it { should contain_file('/etc/openvpn/test_server.conf').with_content(%r{^plugin /usr/lib/openvpn/openvpn-auth-ldap.so "/etc/openvpn/test_server/auth/ldap.conf"$}) }
it { should contain_file('/etc/openvpn/test_server.conf').with_content(%r{^username-as-common-name$}) }
it { should contain_file('/etc/openvpn/test_server.conf').with_content(%r{^client-cert-not-required$}) }

end

Expand Down
1 change: 1 addition & 0 deletions templates/client.erb
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ remote <%= scope.lookupvar('remote_host') %> <%= scope.lookupvar('port') %>
<%= scope.lookupvar('compression') %>
<% end -%>
resolv-retry <%= scope.lookupvar('resolv_retry') %>
auth-retry <%= scope.lookupvar('auth_retry') %>
<% if scope.lookupvar('nobind') -%>
nobind
<% end -%>
Expand Down
3 changes: 3 additions & 0 deletions templates/server.erb
Original file line number Diff line number Diff line change
Expand Up @@ -93,3 +93,6 @@ username-as-common-name
<% if scope.lookupvar('ldap_enabled') == true -%>
plugin <%= scope.lookupvar('::openvpn::params::ldap_auth_plugin_location') %> "/etc/openvpn/<%= name %>/auth/ldap.conf"
<% end -%>
<% if scope.lookupvar('client_cert_not_required') -%>
client-cert-not-required
<% end -%>

0 comments on commit 831eb7f

Please sign in to comment.