Add a function to validate an x509 RSA certificate and key pair, as
commonly used for TLS certificates.
The rationale behind this is that we store our TLS certificates and
private keys in Hiera YAML files, and poor indentation or formatting in
the YAML file could cause a valid certificate to be considered invalid.
Will cause the Puppet run to fail if:
- an invalid certificate is detected
- an invalid RSA key is detected
- the certificate does not match the key, i.e. the certificate
has not been signed by the supplied key
The test certificates I've used in the spec tests were generated using
the Go standard library:
$ go run $GOROOT/src/crypto/tls/generate_cert.go -host localhost
Example output:
==> cache-1.router: Error: Not a valid RSA key: Neither PUB key nor PRIV key:: nested asn1 error at /var/govuk/puppet/modules/nginx/manifests/config/ssl.pp:30 on node cache-1.router.dev.gov.uk
The -C (capital C) flag to lsuser is incorrect. It should be -c
(lowercase).
this commit updates the aix root_home fact to use `lsuser -c`, rather
than `lsuser -C`.
Some modules or module versions don't have a metadata.json file, but we
might still want to use the load_module_metadata function on them. The
lack of a file can still give us important information. For example, it
might tell us that the version of the module installed is "very old"
even if we can't read the version number directly. This patch adds a
parameter to let the user specify if an empty file is acceptable. To
preserve backwards compatibility it does not change the current default
behavior, which is to raise an error if metadata.json does not exist.
This is to improve speed on Facter resolution of service_provider fact
that was just introduced in PR# 506. The improvements go from 280ms
resolution time approx. down to 2ms resolution time approx. by adding
requires statements.
This adds a package_provider fact for situations where we need to be
able to know the client's package provider in a simple way. Situations
such as: package { 'name': install_options => [] } As those tend to be
package provider specific options.
Maintain the old behavior in the case where the optional second
parameter isn't passed. Also, adding arity is backwards incompatible since
stdlib still supports 2.7, so remove that.
The data type system is very hard to understand. Many people don't
understand why
type_of([1,2,3]) == Array
will fail, but
type_of([1,2,3]) <= Array
passes. This does a simpler validation that doesn't rely on explicit
data types. Instead, use
$foo = [1,2,3]
if $foo.is_a(Array) {
notify { 'This is an array': }
}
This is based on code by Ben Ford <ben.ford@puppetlabs.com>.
* Added acceptance tests
* Added dispatch
* Improved unit tests
* Added docs to README
