-
-
Notifications
You must be signed in to change notification settings - Fork 51
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #99 from StatensPensjonskasse/params-file-should-o…
…nly-contain-params Move and use params only in ca_certs class
- Loading branch information
Showing
4 changed files
with
387 additions
and
95 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,273 @@ | ||
| # Reference | ||
|
|
||
| <!-- DO NOT EDIT: This document was generated by Puppet Strings --> | ||
|
|
||
| ## Table of Contents | ||
|
|
||
| ### Classes | ||
|
|
||
| #### Public Classes | ||
|
|
||
| * [`ca_cert`](#ca_cert): This module manages the user defined certificate authority (CA) | ||
| certificates on the server. On OSes that support a distrusted | ||
| folder the module also manages distrusting system default CA certificates. | ||
|
|
||
| #### Private Classes | ||
|
|
||
| * `ca_cert::params`: OS dependent parameter defaults | ||
|
|
||
| ### Defined types | ||
|
|
||
| * [`ca_cert::ca`](#ca_cert--ca): Manage a user defined CA Certificate on a system. | ||
| On OSes that support distrusting pre-installed CAs this can be managed as well. | ||
|
|
||
| ## Classes | ||
|
|
||
| ### <a name="ca_cert"></a>`ca_cert` | ||
|
|
||
| This module manages the user defined certificate authority (CA) | ||
| certificates on the server. On OSes that support a distrusted | ||
| folder the module also manages distrusting system default CA certificates. | ||
|
|
||
| #### Examples | ||
|
|
||
| ##### Basic usage | ||
|
|
||
| ```puppet | ||
| class { 'ca_cert': } | ||
| class { 'ca_cert': | ||
| manage_all_user_CAs => true, | ||
| } | ||
| ``` | ||
|
|
||
| #### Parameters | ||
|
|
||
| The following parameters are available in the `ca_cert` class: | ||
|
|
||
| * [`package_name`](#-ca_cert--package_name) | ||
| * [`update_cmd`](#-ca_cert--update_cmd) | ||
| * [`trusted_cert_dir`](#-ca_cert--trusted_cert_dir) | ||
| * [`distrusted_cert_dir`](#-ca_cert--distrusted_cert_dir) | ||
| * [`cert_dir_group`](#-ca_cert--cert_dir_group) | ||
| * [`cert_dir_mode`](#-ca_cert--cert_dir_mode) | ||
| * [`ca_file_group`](#-ca_cert--ca_file_group) | ||
| * [`ca_file_mode`](#-ca_cert--ca_file_mode) | ||
| * [`ca_file_extension`](#-ca_cert--ca_file_extension) | ||
| * [`package_ensure`](#-ca_cert--package_ensure) | ||
| * [`always_update_certs`](#-ca_cert--always_update_certs) | ||
| * [`purge_unmanaged_CAs`](#-ca_cert--purge_unmanaged_CAs) | ||
| * [`install_package`](#-ca_cert--install_package) | ||
| * [`ca_certs`](#-ca_cert--ca_certs) | ||
|
|
||
| ##### <a name="-ca_cert--package_name"></a>`package_name` | ||
|
|
||
| Data type: `String[1]` | ||
|
|
||
| The name of the package(s) to be installed. | ||
|
|
||
| Default value: `$ca_cert::params::package_name` | ||
|
|
||
| ##### <a name="-ca_cert--update_cmd"></a>`update_cmd` | ||
|
|
||
| Data type: `String[1]` | ||
|
|
||
| Command to be used to update CA certificates. | ||
|
|
||
| Default value: `$ca_cert::params::update_cmd` | ||
|
|
||
| ##### <a name="-ca_cert--trusted_cert_dir"></a>`trusted_cert_dir` | ||
|
|
||
| Data type: `String[1]` | ||
|
|
||
| Absolute directory path to the folder containing trusted certificates. | ||
|
|
||
| Default value: `$ca_cert::params::trusted_cert_dir` | ||
|
|
||
| ##### <a name="-ca_cert--distrusted_cert_dir"></a>`distrusted_cert_dir` | ||
|
|
||
| Data type: `Optional[String[1]]` | ||
|
|
||
| Absolute directory path to the folder containing distrusted certificates. | ||
|
|
||
| Default value: `$ca_cert::params::distrusted_cert_dir` | ||
|
|
||
| ##### <a name="-ca_cert--cert_dir_group"></a>`cert_dir_group` | ||
|
|
||
| Data type: `String[1]` | ||
|
|
||
| The installed trusted certificate's POSIX group permissions. This uses | ||
| the same syntax as Puppet's native file resource's "group" parameter. | ||
| It defaults to 'system' on AIX, to 'sys' on Solaris, to 'staff' on | ||
| Ubuntu/Debian, and to 'root' in other cases. | ||
|
|
||
| Default value: `$ca_cert::params::cert_dir_group` | ||
|
|
||
| ##### <a name="-ca_cert--cert_dir_mode"></a>`cert_dir_mode` | ||
|
|
||
| Data type: `String[1]` | ||
|
|
||
| The installed trusted certificate's POSIX filesystem permissions. This uses | ||
| the same syntax as Puppet's native file resource's "mode" parameter. | ||
| It defaults to '2665' on Debian, and to '0755' on other cases. | ||
|
|
||
| Default value: `$ca_cert::params::cert_dir_mode` | ||
|
|
||
| ##### <a name="-ca_cert--ca_file_group"></a>`ca_file_group` | ||
|
|
||
| Data type: `String[1]` | ||
|
|
||
| The installed CA certificate's POSIX group permissions. This uses | ||
| the same syntax as Puppet's native file resource's "group" parameter. | ||
| (defaults to 'root' with the exeption of AIX which defaults to 'system') | ||
|
|
||
| Default value: `$ca_cert::params::ca_file_group` | ||
|
|
||
| ##### <a name="-ca_cert--ca_file_mode"></a>`ca_file_mode` | ||
|
|
||
| Data type: `String[1]` | ||
|
|
||
| The installed CA certificate's POSIX filesystem permissions. This uses | ||
| the same syntax as Puppet's native file resource's "mode" parameter. | ||
| (defaults to '0444', i.e. world-readable) | ||
|
|
||
| Default value: `$ca_cert::params::ca_file_mode` | ||
|
|
||
| ##### <a name="-ca_cert--ca_file_extension"></a>`ca_file_extension` | ||
|
|
||
| Data type: `String[1]` | ||
|
|
||
| File extenstion for the certificate. | ||
|
|
||
| Default value: `$ca_cert::params::ca_file_extension` | ||
|
|
||
| ##### <a name="-ca_cert--package_ensure"></a>`package_ensure` | ||
|
|
||
| Data type: `String[1]` | ||
|
|
||
| The ensure parameter to pass to the package resource. | ||
|
|
||
| Default value: `'installed'` | ||
|
|
||
| ##### <a name="-ca_cert--always_update_certs"></a>`always_update_certs` | ||
|
|
||
| Data type: `Boolean` | ||
|
|
||
| Run the appropriate update CA certificates command for your operating | ||
| system on every Puppet run whether it is needed or not. | ||
|
|
||
| Default value: `false` | ||
|
|
||
| ##### <a name="-ca_cert--purge_unmanaged_CAs"></a>`purge_unmanaged_CAs` | ||
|
|
||
| Data type: `Boolean` | ||
|
|
||
| When set to true (default: false), user installed CA | ||
| certificates (in the appropriate directories) not managed by this | ||
| module will be purged. | ||
|
|
||
| Default value: `false` | ||
|
|
||
| ##### <a name="-ca_cert--install_package"></a>`install_package` | ||
|
|
||
| Data type: `Boolean` | ||
|
|
||
| Whether or not this module should install the ca_certificates package. | ||
| The package contains the system default (typically Mozilla) CA | ||
| certificates, as well as the tools required for managing other installed | ||
| CA certificates. | ||
|
|
||
| Default value: `true` | ||
|
|
||
| ##### <a name="-ca_cert--ca_certs"></a>`ca_certs` | ||
|
|
||
| Data type: `Hash` | ||
|
|
||
| A hash of CA certificates that should be installed as part of the class | ||
| declaration. | ||
|
|
||
| Default value: `{}` | ||
|
|
||
| ## Defined types | ||
|
|
||
| ### <a name="ca_cert--ca"></a>`ca_cert::ca` | ||
|
|
||
| Manage a user defined CA Certificate on a system. | ||
| On OSes that support distrusting pre-installed CAs this can be managed as well. | ||
|
|
||
| #### Examples | ||
|
|
||
| ##### | ||
|
|
||
| ```puppet | ||
| ca_cert::ca { 'globalsign_org_intermediate': | ||
| source => 'http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt', | ||
| } | ||
| ``` | ||
|
|
||
| #### Parameters | ||
|
|
||
| The following parameters are available in the `ca_cert::ca` defined type: | ||
|
|
||
| * [`ca_text`](#-ca_cert--ca--ca_text) | ||
| * [`source`](#-ca_cert--ca--source) | ||
| * [`ensure`](#-ca_cert--ca--ensure) | ||
| * [`verify_https_cert`](#-ca_cert--ca--verify_https_cert) | ||
| * [`checksum`](#-ca_cert--ca--checksum) | ||
| * [`checksum_type`](#-ca_cert--ca--checksum_type) | ||
|
|
||
| ##### <a name="-ca_cert--ca--ca_text"></a>`ca_text` | ||
|
|
||
| Data type: `Optional[String]` | ||
|
|
||
| The text of the CA certificate to install. Required if text is the source | ||
| (default). If a different source is specified this parameter is ignored. | ||
|
|
||
| Default value: `undef` | ||
|
|
||
| ##### <a name="-ca_cert--ca--source"></a>`source` | ||
|
|
||
| Data type: `String` | ||
|
|
||
| Where the CA certificate should be retrieved from. text, http, https, ftp, | ||
| file, and puppet protocols/sources are supported. If text, then the ca_text parameter | ||
| is also required. Defaults to text. | ||
|
|
||
| Default value: `'text'` | ||
|
|
||
| ##### <a name="-ca_cert--ca--ensure"></a>`ensure` | ||
|
|
||
| Data type: `String` | ||
|
|
||
| Whether or not the CA certificate should be on a system or not. Valid | ||
| values are trusted, present, distrusted, and absent. Note: untrusted is | ||
| not supported on Debian based systems - using it will log a warning | ||
| and treat it the same as absent. (defaults to trusted) | ||
|
|
||
| Default value: `'trusted'` | ||
|
|
||
| ##### <a name="-ca_cert--ca--verify_https_cert"></a>`verify_https_cert` | ||
|
|
||
| Data type: `Boolean` | ||
|
|
||
| When retrieving a certificate whether or not to validate the CA of the | ||
| source. (defaults to true) | ||
|
|
||
| Default value: `true` | ||
|
|
||
| ##### <a name="-ca_cert--ca--checksum"></a>`checksum` | ||
|
|
||
| Data type: `Optional[String]` | ||
|
|
||
| The checksum of the file. (defaults to undef) | ||
|
|
||
| Default value: `undef` | ||
|
|
||
| ##### <a name="-ca_cert--ca--checksum_type"></a>`checksum_type` | ||
|
|
||
| Data type: `Optional[String[1]]` | ||
|
|
||
| The type of file checksum. (defauts to undef) | ||
|
|
||
| Default value: `undef` | ||
|
|
Oops, something went wrong.