A new version of dig was introduced in Puppet 4.5.0 that
isn't compatible with the stdlib version of dig. To maintain
backwards compatibility and ensure that tests for stdlib aren't
broken, this patch renames dig to dig44 and adds a deprecation
warning to the stdlib dig function.
This value will be returned if the is no file
to load or a file could not be parsed.
It's similar to the "parseyaml" function's
default value.
Add the "loadjson" function too
New function "ensure_resources()" to support passing hash as parameter OR from hiera backend
This new function is extension of ensure_resource() which will now support to pass multiple values as hash/array OR from hiera backend variables in title argument with additional parameters needed.
It will
process multiple values for a resource type from the passed argument & pass each entry (type, title, params) to ensure_resource() in required format for further processing.
Now user can have duplicate resource check functionality extended to multiple entries with this new function.
Use:
For multiple resources using
hash:
ensure_resources('user', {'dan' => { gid => 'mygroup', uid =>'600' } , 'alex' => { gid => 'mygroup' }}, {'ensure' =>'present'})
From Hiera Backend:
userlist:
dan:
gid: 'mygroup'
uid: '600'
alex:
gid: 'mygroup'
Call:
ensure_resources('user',hiera_hash('userlist'), {'ensure' => 'present'})
ensure_packages()
Modified to also support Hash type argument for packages
This modification will call newly added ensure_resources() for processing Hash as second argument.
The original functionality remains same for Array type arguments.
Use:
hiera:
packagelist:
ksh:
ensure: latest
mlocate: {}
myrpm:
provider: rpm
source: "/tmp/myrpm-1.0.0.x86_64.rpm"
install_options:
--prefix:
/users/home
openssl:
provider: rpm
source: "/tmp/openssl-1.0.1e-42.el7.x86_64.rpm"
Call:
ensure_packages($packagelist)
Copy a function from puppetlabs/apache, created by Benedikt Bock by
55cc3b4e8f4bc859a1255cb57be2c7923005d822 .
This function enclose IPv6 addresses in square brackets.
It takes an array of ip addresses and encloses the ipv6 addresses with
square brackets.
Co-Authored-By: Benedikt Bock <benedikt_bock@web.de>
Add a function to validate an x509 RSA certificate and key pair, as
commonly used for TLS certificates.
The rationale behind this is that we store our TLS certificates and
private keys in Hiera YAML files, and poor indentation or formatting in
the YAML file could cause a valid certificate to be considered invalid.
Will cause the Puppet run to fail if:
- an invalid certificate is detected
- an invalid RSA key is detected
- the certificate does not match the key, i.e. the certificate
has not been signed by the supplied key
The test certificates I've used in the spec tests were generated using
the Go standard library:
$ go run $GOROOT/src/crypto/tls/generate_cert.go -host localhost
Example output:
==> cache-1.router: Error: Not a valid RSA key: Neither PUB key nor PRIV key:: nested asn1 error at /var/govuk/puppet/modules/nginx/manifests/config/ssl.pp:30 on node cache-1.router.dev.gov.uk
Some modules or module versions don't have a metadata.json file, but we
might still want to use the load_module_metadata function on them. The
lack of a file can still give us important information. For example, it
might tell us that the version of the module installed is "very old"
even if we can't read the version number directly. This patch adds a
parameter to let the user specify if an empty file is acceptable. To
preserve backwards compatibility it does not change the current default
behavior, which is to raise an error if metadata.json does not exist.
The data type system is very hard to understand. Many people don't
understand why
type_of([1,2,3]) == Array
will fail, but
type_of([1,2,3]) <= Array
passes. This does a simpler validation that doesn't rely on explicit
data types. Instead, use
$foo = [1,2,3]
if $foo.is_a(Array) {
notify { 'This is an array': }
}
This is based on code by Ben Ford <ben.ford@puppetlabs.com>.
* Added acceptance tests
* Added dispatch
* Improved unit tests
* Added docs to README
* previously the str2bool function did not accept 'TRUE' as a bool
type. This causes the function to now accept TRUE, FALSE strings
as a boolean type in order to be converted to a proper boolean.
* This would also cause Y,N, YES, NO to be accepted as boolean types
as well.
