From 0291686e76cd530db81f116fc5c58fd4d7d9f1a1 Mon Sep 17 00:00:00 2001 From: Lennart Betz Date: Fri, 22 Dec 2023 10:02:44 +0100 Subject: [PATCH] Replace icinga2::cert function wirh icinga::cert::files from icinga module --- REFERENCE.md | 55 -------------------- functions/cert.pp | 82 ------------------------------ manifests/feature/elasticsearch.pp | 3 +- manifests/feature/gelf.pp | 3 +- manifests/feature/icingadb.pp | 3 +- manifests/feature/idomysql.pp | 3 +- manifests/feature/idopgsql.pp | 3 +- manifests/feature/influxdb.pp | 3 +- manifests/feature/influxdb2.pp | 3 +- spec/functions/cert_spec.rb | 65 ----------------------- 10 files changed, 14 insertions(+), 209 deletions(-) delete mode 100644 functions/cert.pp delete mode 100644 spec/functions/cert_spec.rb diff --git a/REFERENCE.md b/REFERENCE.md index 7673b9b2..7b9e01ba 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -74,7 +74,6 @@ start on boot and will be restarted if stopped. ### Functions -* [`icinga2::cert`](#icinga2--cert): Choose the path of tls key, cert and ca file. * [`icinga2::icinga2_attributes`](#icinga2--icinga2_attributes): Calls the simple parser to decide what to quote. For more information, see lib/puppet_x/icinga2/utils.rb. * [`icinga2::icinga2_ticket_id`](#icinga2--icinga2_ticket_id): Summarise what the function does here @@ -5531,60 +5530,6 @@ Default value: `[]` ## Functions -### `icinga2::cert` - -Type: Puppet Language - -Choose the path of tls key, cert and ca file. - -#### `icinga2::cert(String $name, Optional[Stdlib::Absolutepath] $key_file = undef, Optional[Stdlib::Absolutepath] $cert_file = undef, Optional[Stdlib::Absolutepath] $cacert_file = undef, Optional[Variant[String, Sensitive[String]]] $key = undef, Optional[String] $cert = undef, Optional[String] $cacert = undef)` - -The icinga2::cert function. - -Returns: `Hash` Returned hash includes all paths and the key, cert and cacert. - -##### `name` - -Data type: `String` - - - -##### `key_file` - -Data type: `Optional[Stdlib::Absolutepath]` - - - -##### `cert_file` - -Data type: `Optional[Stdlib::Absolutepath]` - - - -##### `cacert_file` - -Data type: `Optional[Stdlib::Absolutepath]` - - - -##### `key` - -Data type: `Optional[Variant[String, Sensitive[String]]]` - - - -##### `cert` - -Data type: `Optional[String]` - - - -##### `cacert` - -Data type: `Optional[String]` - - - ### `icinga2::icinga2_attributes` Type: Ruby 4.x API diff --git a/functions/cert.pp b/functions/cert.pp deleted file mode 100644 index 495f5b96..00000000 --- a/functions/cert.pp +++ /dev/null @@ -1,82 +0,0 @@ -# @summary -# Choose the path of tls key, cert and ca file. -# -# @return -# Returned hash includes all paths and the key, cert and cacert. -# -function icinga2::cert( - String $name, - Optional[Stdlib::Absolutepath] $key_file = undef, - Optional[Stdlib::Absolutepath] $cert_file = undef, - Optional[Stdlib::Absolutepath] $cacert_file = undef, - Optional[Variant[String, Sensitive[String]]] $key = undef, - Optional[String] $cert = undef, - Optional[String] $cacert = undef, -) >> Hash { - # @param name - # The base name of certicate, key and ca file. - # - # @param tls_cert_path - # Location of the certificate. - # - # @param tls_cacert_path - # Location of the CA certificate. - # - # @param tls_crl_path - # Location of the Certicicate Revocation List. - # - # @param tls_key - # The private key in a base64 encoded string to store in spicified tls_key_path file. - # - # @param tls_cert - # The certificate in a base64 encoded string to store in spicified tls_cert_path file. - # - # @param tls_cacert - # The CA root certificate in a base64 encoded string to store in spicified tls_cacert_path file. - # - # @param tls_capath - # Trusted CA certificates in PEM format directory path. - # - $default_dir = $icinga2::globals::cert_dir - - $result = { - 'key' => if $key =~ Sensitive { - $key - } elsif $key =~ String { - Sensitive($key) - } else { - undef - }, - 'key_file' => if $key { - if $key_file { - $key_file - } else { - "${default_dir}/${name}.key" - } - } else { - $key_file - }, - 'cert' => $cert, - 'cert_file' => if $cert { - if $cert_file { - $cert_file - } else { - "${default_dir}/${name}.crt" - } - } else { - $cert_file - }, - 'cacert' => $cacert, - 'cacert_file' => if $cacert { - if $cacert_file { - $cacert_file - } else { - "${default_dir}/${name}_ca.crt" - } - } else { - $cacert_file - }, - } - - $result -} diff --git a/manifests/feature/elasticsearch.pp b/manifests/feature/elasticsearch.pp index 856da2c3..8bc99d09 100644 --- a/manifests/feature/elasticsearch.pp +++ b/manifests/feature/elasticsearch.pp @@ -109,8 +109,9 @@ } if $enable_ssl { - $cert = icinga2::cert( + $cert = icinga::cert::files( 'ElasticsearchWriter_elasticsearch', + $ssl_dir, $ssl_key_path, $ssl_cert_path, $ssl_cacert_path, diff --git a/manifests/feature/gelf.pp b/manifests/feature/gelf.pp index e0d2ed66..c99d093f 100644 --- a/manifests/feature/gelf.pp +++ b/manifests/feature/gelf.pp @@ -79,8 +79,9 @@ } if $enable_ssl { - $cert = icinga2::cert( + $cert = icinga::cert::files( 'GelfWriter_gelf', + $ssl_dir, $ssl_key_path, $ssl_cert_path, $ssl_cacert_path, diff --git a/manifests/feature/icingadb.pp b/manifests/feature/icingadb.pp index e89da664..62a65076 100644 --- a/manifests/feature/icingadb.pp +++ b/manifests/feature/icingadb.pp @@ -124,8 +124,9 @@ } if $enable_tls { - $cert = icinga2::cert( + $cert = icinga::cert::files( 'IcingaDB-icingadb', + $ssl_dir, $tls_key_file, $tls_cert_file, $tls_cacert_file, diff --git a/manifests/feature/idomysql.pp b/manifests/feature/idomysql.pp index 116a6a54..77a3b8f0 100644 --- a/manifests/feature/idomysql.pp +++ b/manifests/feature/idomysql.pp @@ -148,8 +148,9 @@ } if $enable_ssl { - $cert = icinga2::cert( + $cert = icinga::cert::files( 'IdoMysqlConnection_ido-mysql', + $ssl_dir, $ssl_key_path, $ssl_cert_path, $ssl_cacert_path, diff --git a/manifests/feature/idopgsql.pp b/manifests/feature/idopgsql.pp index 7fd1723f..fc0301c8 100644 --- a/manifests/feature/idopgsql.pp +++ b/manifests/feature/idopgsql.pp @@ -134,8 +134,9 @@ } if $enable_ssl { - $cert = icinga2::cert( + $cert = icinga::cert::files( 'IdoPgsqlConnection_ido-pgsql', + $ssl_dir, $ssl_key_path, $ssl_cert_path, $ssl_cacert_path, diff --git a/manifests/feature/influxdb.pp b/manifests/feature/influxdb.pp index 5c5c7874..9a15be29 100644 --- a/manifests/feature/influxdb.pp +++ b/manifests/feature/influxdb.pp @@ -148,8 +148,9 @@ $service_template = { measurement => $service_measurement, tags => $service_tags } if $enable_ssl { - $cert = icinga2::cert( + $cert = icinga::cert::files( 'InfluxdbWriter_influxdb', + $ssl_dir, $ssl_key_path, $ssl_cert_path, $ssl_cacert_path, diff --git a/manifests/feature/influxdb2.pp b/manifests/feature/influxdb2.pp index 0649e5b8..d357fdc5 100644 --- a/manifests/feature/influxdb2.pp +++ b/manifests/feature/influxdb2.pp @@ -126,8 +126,9 @@ $service_template = { measurement => $service_measurement, tags => $service_tags } if $enable_ssl { - $cert = icinga2::cert( + $cert = icinga::cert::files( 'Influxdb2Writer_influxdb2', + $ssl_dir, $ssl_key_path, $ssl_cert_path, $ssl_cacert_path, diff --git a/spec/functions/cert_spec.rb b/spec/functions/cert_spec.rb deleted file mode 100644 index 3e9faa90..00000000 --- a/spec/functions/cert_spec.rb +++ /dev/null @@ -1,65 +0,0 @@ -require 'spec_helper' - -describe 'icinga2::cert' do - let(:pre_condition) do - [ - "class { 'icinga2': }", - ] - end - - let(:facts) do - { - kernel: 'Linux', - os: { - family: 'Debian', - name: 'Debian', - }, - } - end - - it { is_expected.not_to eq(nil) } - - it 'with just a name' do - is_expected.to run.with_params( - 'foo', - ).and_return({ 'key' => nil, 'key_file' => nil, 'cert' => nil, 'cert_file' => nil, 'cacert' => nil, 'cacert_file' => nil }) - end - - it 'with key, cert and cacert' do - is_expected.to run.with_params( - 'foo', - nil, - nil, - nil, - 'key', - 'cert', - 'cacert', - ).and_return({ 'key' => sensitive('key'), 'key_file' => '/var/lib/icinga2/certs/foo.key', - 'cert' => 'cert', 'cert_file' => '/var/lib/icinga2/certs/foo.crt', - 'cacert' => 'cacert', 'cacert_file' => '/var/lib/icinga2/certs/foo_ca.crt' }) - end - - it 'with file paths only' do - is_expected.to run.with_params( - 'foo', - '/foo.key', - '/foo.crt', - '/ca.crt', - nil, - nil, - nil, - ).and_return({ 'key' => nil, 'key_file' => '/foo.key', 'cert' => nil, 'cert_file' => '/foo.crt', 'cacert' => nil, 'cacert_file' => '/ca.crt' }) - end - - it 'with all params' do - is_expected.to run.with_params( - 'foo', - '/foo.key', - '/foo.crt', - '/ca.crt', - 'key', - 'cert', - 'cacert', - ).and_return({ 'key' => sensitive('key'), 'key_file' => '/foo.key', 'cert' => 'cert', 'cert_file' => '/foo.crt', 'cacert' => 'cacert', 'cacert_file' => '/ca.crt' }) - end -end