diff --git a/REFERENCE.md b/REFERENCE.md
index 8dbf81a..88f584b 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -35,9 +35,27 @@ folder the module also manages distrusting system default CA certificates.
```puppet
class { 'ca_cert': }
+```
+
+##### Purge unmanaged user CAs
+```puppet
class { 'ca_cert':
- manage_all_user_CAs => true,
+ purge_unmanaged_CAs => true,
+}
+```
+
+##### Custom certificates handling
+
+```puppet
+class { 'ca_cert':
+ update_cmd => '/usr/bin/c_rehash',
+ trusted_cert_dir => '/var/ssl/certs,
+ cert_dir_group => 'system',
+ cert_dir_mode => '0755',
+ ca_file_group => 'system',
+ ca_file_mode => '0644',
+ ca_file_extension => 'pem',
}
```
@@ -78,7 +96,7 @@ Default value: `$ca_cert::params::update_cmd`
##### `trusted_cert_dir`
-Data type: `String[1]`
+Data type: `Stdlib::Absolutepath`
Absolute directory path to the folder containing trusted certificates.
@@ -86,7 +104,7 @@ Default value: `$ca_cert::params::trusted_cert_dir`
##### `distrusted_cert_dir`
-Data type: `Optional[String[1]]`
+Data type: `Optional[Stdlib::Absolutepath]`
Absolute directory path to the folder containing distrusted certificates.
@@ -98,14 +116,12 @@ Data type: `String[1]`
The installed trusted certificate's POSIX group permissions. This uses
the same syntax as Puppet's native file resource's "group" parameter.
-It defaults to 'system' on AIX, to 'sys' on Solaris, to 'staff' on
-Ubuntu/Debian, and to 'root' in other cases.
Default value: `$ca_cert::params::cert_dir_group`
##### `cert_dir_mode`
-Data type: `String[1]`
+Data type: `Stdlib::Filemode`
The installed trusted certificate's POSIX filesystem permissions. This uses
the same syntax as Puppet's native file resource's "mode" parameter.
@@ -119,13 +135,12 @@ Data type: `String[1]`
The installed CA certificate's POSIX group permissions. This uses
the same syntax as Puppet's native file resource's "group" parameter.
-(defaults to 'root' with the exeption of AIX which defaults to 'system')
Default value: `$ca_cert::params::ca_file_group`
##### `ca_file_mode`
-Data type: `String[1]`
+Data type: `Stdlib::Filemode`
The installed CA certificate's POSIX filesystem permissions. This uses
the same syntax as Puppet's native file resource's "mode" parameter.
@@ -143,7 +158,7 @@ Default value: `$ca_cert::params::ca_file_extension`
##### `package_ensure`
-Data type: `String[1]`
+Data type: `Stdlib::Ensure::Package`
The ensure parameter to pass to the package resource.
@@ -237,7 +252,7 @@ Default value: `'text'`
##### `ensure`
-Data type: `String`
+Data type: `Enum['present', 'trusted', 'distrusted', 'absent']`
Whether or not the CA certificate should be on a system or not. Valid
values are trusted, present, distrusted, and absent. Note: untrusted is
diff --git a/manifests/ca.pp b/manifests/ca.pp
index ddfbdfa..2fbaa9a 100644
--- a/manifests/ca.pp
+++ b/manifests/ca.pp
@@ -33,11 +33,11 @@
# The type of file checksum. (defauts to undef)
#
define ca_cert::ca (
- String $ensure = 'trusted',
- String $source = 'text',
- Boolean $verify_https_cert = true,
- Optional[String] $ca_text = undef,
- Optional[String] $checksum = undef,
+ Enum['present', 'trusted', 'distrusted', 'absent'] $ensure = 'trusted',
+ String $source = 'text',
+ Boolean $verify_https_cert = true,
+ Optional[String] $ca_text = undef,
+ Optional[String] $checksum = undef,
Optional[String[1]] $checksum_type = undef,
) {
include ca_cert
diff --git a/manifests/init.pp b/manifests/init.pp
index c746df1..095a1a0 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -6,8 +6,20 @@
# @example Basic usage
# class { 'ca_cert': }
#
+# @example Purge unmanaged user CAs
# class { 'ca_cert':
-# manage_all_user_CAs => true,
+# purge_unmanaged_CAs => true,
+# }
+#
+# @example Custom certificates handling
+# class { 'ca_cert':
+# update_cmd => '/usr/bin/c_rehash',
+# trusted_cert_dir => '/var/ssl/certs,
+# cert_dir_group => 'system',
+# cert_dir_mode => '0755',
+# ca_file_group => 'system',
+# ca_file_mode => '0644',
+# ca_file_extension => 'pem',
# }
#
# @param package_name
@@ -25,8 +37,6 @@
# @param cert_dir_group
# The installed trusted certificate's POSIX group permissions. This uses
# the same syntax as Puppet's native file resource's "group" parameter.
-# It defaults to 'system' on AIX, to 'sys' on Solaris, to 'staff' on
-# Ubuntu/Debian, and to 'root' in other cases.
#
# @param cert_dir_mode
# The installed trusted certificate's POSIX filesystem permissions. This uses
@@ -36,7 +46,6 @@
# @param ca_file_group
# The installed CA certificate's POSIX group permissions. This uses
# the same syntax as Puppet's native file resource's "group" parameter.
-# (defaults to 'root' with the exeption of AIX which defaults to 'system')
#
# @param ca_file_mode
# The installed CA certificate's POSIX filesystem permissions. This uses
@@ -71,14 +80,14 @@
class ca_cert (
String[1] $package_name = $ca_cert::params::package_name,
String[1] $update_cmd = $ca_cert::params::update_cmd,
- String[1] $trusted_cert_dir = $ca_cert::params::trusted_cert_dir,
- Optional[String[1]] $distrusted_cert_dir = $ca_cert::params::distrusted_cert_dir,
+ Stdlib::Absolutepath $trusted_cert_dir = $ca_cert::params::trusted_cert_dir,
+ Optional[Stdlib::Absolutepath] $distrusted_cert_dir = $ca_cert::params::distrusted_cert_dir,
String[1] $cert_dir_group = $ca_cert::params::cert_dir_group,
String[1] $ca_file_group = $ca_cert::params::ca_file_group,
- String[1] $cert_dir_mode = $ca_cert::params::cert_dir_mode,
- String[1] $ca_file_mode = $ca_cert::params::ca_file_mode,
+ Stdlib::Filemode $cert_dir_mode = $ca_cert::params::cert_dir_mode,
+ Stdlib::Filemode $ca_file_mode = $ca_cert::params::ca_file_mode,
String[1] $ca_file_extension = $ca_cert::params::ca_file_extension,
- String[1] $package_ensure = 'installed',
+ Stdlib::Ensure::Package $package_ensure = 'installed',
Boolean $always_update_certs = false,
Boolean $purge_unmanaged_CAs = false, # lint:ignore:variable_contains_upcase lint:ignore:variable_is_lowercase
Boolean $install_package = true,
diff --git a/manifests/params.pp b/manifests/params.pp
index d925df8..316f89f 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -22,7 +22,7 @@
$cert_dir_mode = '2665'
}
default: {
- fail("Unsupported operatingsystem (${facts['os']['name']})")
+ $cert_dir_mode = '0755'
}
}
}
@@ -68,35 +68,6 @@
$ca_file_group = 'root'
$ca_file_mode = '0644'
}
- 'AIX': {
- $trusted_cert_dir = '/var/ssl/certs'
- $distrusted_cert_dir = undef
- $update_cmd = '/usr/bin/c_rehash'
- $cert_dir_group = 'system'
- $cert_dir_mode = '0755'
- $ca_file_group = 'system'
- $ca_file_mode = '0644'
- $ca_file_extension = 'crt'
- $package_name = 'ca-certificates'
- }
- 'Solaris': {
- if versioncmp($facts['os']['release']['major'], '11') >= 0 {
- $trusted_cert_dir = '/etc/certs/CA/'
- $distrusted_cert_dir = undef
- $update_cmd = '/usr/sbin/svcadm restart /system/ca-certificates'
- $cert_dir_group = 'sys'
- $cert_dir_mode = '0755'
- $ca_file_group = 'root'
- $ca_file_mode = '0444'
- $ca_file_extension = 'pem'
- $package_name = 'ca-certificates'
- }
- else {
- fail("Unsupported OS Major release (${facts['os']['release']['major']})")
- }
- }
- default: {
- fail("Unsupported osfamily (${facts['os']['family']})")
- }
+ default: {}
}
}
diff --git a/metadata.json b/metadata.json
index 37a5be3..5344a79 100644
--- a/metadata.json
+++ b/metadata.json
@@ -67,13 +67,6 @@
},
{
"operatingsystem": "Archlinux"
- },
- {
- "operatingsystem": "AIX",
- "operatingsystemrelease": [
- "7.2",
- "7.3"
- ]
}
],
"requirements": [
diff --git a/spec/classes/ca_cert_spec.rb b/spec/classes/ca_cert_spec.rb
index 8dbb6ee..81f7fe4 100644
--- a/spec/classes/ca_cert_spec.rb
+++ b/spec/classes/ca_cert_spec.rb
@@ -102,16 +102,4 @@
end
end
end
-
- context 'on an unsupported operating system' do
- let :facts do
- {
- 'os' => {
- 'family' => 'WeirdOS',
- },
- }
- end
-
- it { expect { catalogue }.to raise_error Puppet::Error, %r{Unsupported osfamily} }
- end
end
diff --git a/spec/classes/params_spec.rb b/spec/classes/params_spec.rb
index 18c53c7..fc077c5 100644
--- a/spec/classes/params_spec.rb
+++ b/spec/classes/params_spec.rb
@@ -47,16 +47,4 @@
end
end
end
-
- context 'on an unsupported operating system' do
- let :facts do
- {
- 'os' => {
- 'family' => 'WeirdOS',
- },
- }
- end
-
- it { expect { catalogue }.to raise_error Puppet::Error, %r{Unsupported osfamily} }
- end
end