From d2cde05ce0145cc89fd69a128b1fc1abec69baa4 Mon Sep 17 00:00:00 2001 From: Lennart Betz Date: Thu, 15 Aug 2024 16:10:24 +0200 Subject: [PATCH] Restrict pramas to non-empty strings --- REFERENCE.md | 158 ++++++++++++++-------------- functions/cert/files.pp | 16 +-- functions/db/connect.pp | 8 +- functions/prepare_web.pp | 2 +- manifests/agent.pp | 8 +- manifests/agentless.pp | 6 +- manifests/cert.pp | 4 +- manifests/database.pp | 10 +- manifests/db.pp | 6 +- manifests/db/database.pp | 4 +- manifests/ido.pp | 4 +- manifests/ido/database.pp | 4 +- manifests/init.pp | 10 +- manifests/server.pp | 12 +-- manifests/web.pp | 8 +- manifests/web/database.pp | 4 +- manifests/web/director.pp | 8 +- manifests/web/director/database.pp | 4 +- manifests/web/icingadb.pp | 30 +++--- manifests/web/monitoring.pp | 4 +- manifests/web/reporting.pp | 6 +- manifests/web/reporting/database.pp | 4 +- manifests/web/vspheredb.pp | 4 +- manifests/web/vspheredb/database.pp | 4 +- manifests/web/x509.pp | 4 +- manifests/web/x509/database.pp | 4 +- manifests/worker.pp | 12 +-- types/certificate.pp | 6 +- types/secret.pp | 2 +- 29 files changed, 178 insertions(+), 178 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index ccd63f1..ba402a0 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -91,7 +91,7 @@ The CA to send the certificate request to. ##### `parent_zone` -Data type: `String` +Data type: `String[1]` Name of the parent Icinga zone. @@ -99,13 +99,13 @@ Default value: `'main'` ##### `parent_endpoints` -Data type: `Hash[String, Hash]` +Data type: `Hash[String[1], Hash]` Configures these endpoints of the parent zone. ##### `global_zones` -Data type: `Array[String]` +Data type: `Array[String[1]]` List of global zones to configure. @@ -125,7 +125,7 @@ Set the log level. ##### `zone` -Data type: `String` +Data type: `String[1]` Set a dedicated zone name. @@ -156,7 +156,7 @@ The following parameters are available in the `icinga::agentless` class: ##### `user` -Data type: `String` +Data type: `String[1]` User name to login. @@ -174,13 +174,13 @@ SSH key type. ##### `ssh_public_key` -Data type: `String` +Data type: `String[1]` Public SSH key of ´ssh_key_type´ for ´user´. ##### `extra_packages` -Data type: `Array[String]` +Data type: `Array[String[1]]` Install extra packages such as plugins. @@ -225,7 +225,7 @@ Default value: `'localhost'` ##### `db_port` -Data type: `Optional[Stdlib::Port::Unprivileged]` +Data type: `Optional[Stdlib::Port]` Port to connect the database. @@ -233,7 +233,7 @@ Default value: `undef` ##### `db_name` -Data type: `String` +Data type: `String[1]` The IcingaDB database. @@ -241,7 +241,7 @@ Default value: `'icingadb'` ##### `db_user` -Data type: `String` +Data type: `String[1]` User to connect the database. @@ -355,7 +355,7 @@ Password to connect the database. ##### `db_name` -Data type: `String` +Data type: `String[1]` Name of the database. @@ -363,7 +363,7 @@ Default value: `'icingadb'` ##### `db_user` -Data type: `String` +Data type: `String[1]` Database user name. @@ -432,7 +432,7 @@ Default value: `undef` ##### `db_name` -Data type: `String` +Data type: `String[1]` Name of the database. @@ -440,7 +440,7 @@ Default value: `'icinga2'` ##### `db_user` -Data type: `String` +Data type: `String[1]` Database user name. @@ -498,7 +498,7 @@ Password to connect the database. ##### `db_name` -Data type: `String` +Data type: `String[1]` Name of the database. @@ -506,7 +506,7 @@ Default value: `'icinga2'` ##### `db_user` -Data type: `String` +Data type: `String[1]` Database user name. @@ -670,7 +670,7 @@ Default value: `false` ##### `zone` -Data type: `String` +Data type: `String[1]` Name of the Icinga zone. @@ -678,7 +678,7 @@ Default value: `'main'` ##### `colocation_endpoints` -Data type: `Hash[String,Hash]` +Data type: `Hash[String[1], Hash]` When the zone includes more than one endpoint, set here the additional endpoint(s). Icinga supports two endpoints per zone only. @@ -687,7 +687,7 @@ Default value: `{}` ##### `workers` -Data type: `Hash[String,Hash]` +Data type: `Hash[String[1], Hash]` All worker zones with key 'endpoints' for endpoint objects. @@ -695,7 +695,7 @@ Default value: `{}` ##### `global_zones` -Data type: `Array[String]` +Data type: `Array[String[1]]` List of global zones to configure. @@ -719,7 +719,7 @@ Default value: `undef` ##### `web_api_user` -Data type: `String` +Data type: `String[1]` Icinga API user to connect Icinga 2. Notice: user is only created if a password is set. @@ -735,7 +735,7 @@ Default value: `undef` ##### `director_api_user` -Data type: `String` +Data type: `String[1]` Icinga API director user to connect Icinga 2. Notice: user is only created if a password is set. @@ -813,7 +813,7 @@ The following parameters are available in the `icinga::web` class: ##### `default_admin_user` -Data type: `String` +Data type: `String[1]` Set the initial name of the admin user. @@ -883,7 +883,7 @@ Default value: `undef` ##### `db_name` -Data type: `String` +Data type: `String[1]` Name of the database. @@ -891,7 +891,7 @@ Default value: `'icingaweb2'` ##### `db_user` -Data type: `String` +Data type: `String[1]` Database user name. @@ -915,7 +915,7 @@ Default value: `'localhost'` ##### `api_user` -Data type: `String` +Data type: `String[1]` Icinga 2 API user. @@ -962,7 +962,7 @@ Password to connect the database. ##### `db_name` -Data type: `String` +Data type: `String[1]` Name of the database. @@ -970,7 +970,7 @@ Default value: `'icingaweb2'` ##### `db_user` -Data type: `String` +Data type: `String[1]` Database user name. @@ -1054,7 +1054,7 @@ Default value: `undef` ##### `db_name` -Data type: `String` +Data type: `String[1]` Name of the database. @@ -1062,7 +1062,7 @@ Default value: `'director'` ##### `db_user` -Data type: `String` +Data type: `String[1]` Username for DB connection. @@ -1076,7 +1076,7 @@ Password for DB connection. ##### `endpoint` -Data type: `String` +Data type: `String[1]` Endpoint object name of Icinga 2 API. @@ -1098,7 +1098,7 @@ Default value: `'localhost'` ##### `api_user` -Data type: `String` +Data type: `String[1]` Icinga 2 API username. @@ -1146,7 +1146,7 @@ Password to connect the database. ##### `db_name` -Data type: `String` +Data type: `String[1]` Name of the database. @@ -1154,7 +1154,7 @@ Default value: `'director'` ##### `db_user` -Data type: `String` +Data type: `String[1]` Database user name. @@ -1214,7 +1214,7 @@ Default value: `'localhost'` ##### `db_port` -Data type: `Optional[Stdlib::Port::Unprivileged]` +Data type: `Optional[Stdlib::Port]` Port to connect the backend. @@ -1222,7 +1222,7 @@ Default value: `undef` ##### `db_name` -Data type: `String` +Data type: `String[1]` Name of the database backend. @@ -1230,7 +1230,7 @@ Default value: `'icingadb'` ##### `db_user` -Data type: `String` +Data type: `String[1]` Database backend user name. @@ -1355,7 +1355,7 @@ Default value: `undef` ##### `db_name` -Data type: `String` +Data type: `String[1]` Name of the IDO database backend. @@ -1363,7 +1363,7 @@ Default value: `'icinga2'` ##### `db_user` -Data type: `String` +Data type: `String[1]` IDO database backend user name. @@ -1434,7 +1434,7 @@ Default value: `undef` ##### `db_name` -Data type: `String` +Data type: `String[1]` Name of the database. @@ -1442,7 +1442,7 @@ Default value: `'reporting'` ##### `db_user` -Data type: `String` +Data type: `String[1]` Username for DB connection. @@ -1464,7 +1464,7 @@ Default value: `false` ##### `mail` -Data type: `Optional[String]` +Data type: `Optional[String[1]]` Mails are sent with this sender address. @@ -1506,7 +1506,7 @@ Password to connect the database. ##### `db_name` -Data type: `String` +Data type: `String[1]` Name of the database. @@ -1514,7 +1514,7 @@ Default value: `'reporting'` ##### `db_user` -Data type: `String` +Data type: `String[1]` Database user name. @@ -1594,7 +1594,7 @@ Default value: `undef` ##### `db_name` -Data type: `String` +Data type: `String[1]` Name of the database. @@ -1602,7 +1602,7 @@ Default value: `'vspheredb'` ##### `db_user` -Data type: `String` +Data type: `String[1]` Username for DB connection. @@ -1657,7 +1657,7 @@ Password to connect the database. ##### `db_name` -Data type: `String` +Data type: `String[1]` Name of the database. @@ -1665,7 +1665,7 @@ Default value: `'vspheredb'` ##### `db_user` -Data type: `String` +Data type: `String[1]` Database user name. @@ -1743,7 +1743,7 @@ Default value: `undef` ##### `db_name` -Data type: `String` +Data type: `String[1]` Name of the database. @@ -1751,7 +1751,7 @@ Default value: `'x509'` ##### `db_user` -Data type: `String` +Data type: `String[1]` Username for DB connection. @@ -1807,7 +1807,7 @@ Password to connect the database. ##### `db_name` -Data type: `String` +Data type: `String[1]` Name of the database. @@ -1815,7 +1815,7 @@ Default value: `'x509'` ##### `db_user` -Data type: `String` +Data type: `String[1]` Database user name. @@ -1864,13 +1864,13 @@ The CA to send the certificate request to. ##### `zone` -Data type: `String` +Data type: `String[1]` Name of the Icinga zone. ##### `parent_zone` -Data type: `String` +Data type: `String[1]` Name of the parent Icinga zone. @@ -1878,13 +1878,13 @@ Default value: `'main'` ##### `parent_endpoints` -Data type: `Hash[String, Hash]` +Data type: `Hash[String[1], Hash]` Configures these endpoints of the parent zone. ##### `colocation_endpoints` -Data type: `Hash[String, Hash]` +Data type: `Hash[String[1], Hash]` When the zone includes more than one endpoint, set here the additional endpoint(s). Icinga supports two endpoints per zone only. @@ -1893,7 +1893,7 @@ Default value: `{}` ##### `workers` -Data type: `Hash[String, Hash]` +Data type: `Hash[String[1], Hash]` All cascading worker zones with key 'endpoints' for endpoint objects. @@ -1901,7 +1901,7 @@ Default value: `{}` ##### `global_zones` -Data type: `Array[String]` +Data type: `Array[String[1]]` List of global zones to configure. @@ -1967,13 +1967,13 @@ key_file, cert_file, cacert_file, key, cert and cacert ##### `owner` -Data type: `String` +Data type: `String[1]` Owner of the files. ##### `group` -Data type: `String` +Data type: `String[1]` Group membership of all files. @@ -1985,7 +1985,7 @@ Type: Puppet Language Choose the path of tls key, cert and ca file. -#### `icinga::cert::files(String $name, Optional[Stdlib::Absolutepath] $default_dir, Optional[Stdlib::Absolutepath] $key_file = undef, Optional[Stdlib::Absolutepath] $cert_file = undef, Optional[Stdlib::Absolutepath] $cacert_file = undef, Optional[Variant[String, Sensitive]] $key = undef, Optional[String] $cert = undef, Optional[String] $cacert = undef)` +#### `icinga::cert::files(String[1] $name, Optional[Stdlib::Absolutepath] $default_dir, Optional[Stdlib::Absolutepath] $key_file = undef, Optional[Stdlib::Absolutepath] $cert_file = undef, Optional[Stdlib::Absolutepath] $cacert_file = undef, Optional[Icinga::Secret] $key = undef, Optional[String[1]] $cert = undef, Optional[String[1]] $cacert = undef)` The icinga::cert::files function. @@ -1993,7 +1993,7 @@ Returns: `Hash` Returned hash includes all paths and the key, cert and cacert. ##### `name` -Data type: `String` +Data type: `String[1]` @@ -2023,19 +2023,19 @@ Data type: `Optional[Stdlib::Absolutepath]` ##### `key` -Data type: `Optional[Variant[String, Sensitive]]` +Data type: `Optional[Icinga::Secret]` ##### `cert` -Data type: `Optional[String]` +Data type: `Optional[String[1]]` ##### `cacert` -Data type: `Optional[String]` +Data type: `Optional[String[1]]` @@ -2050,10 +2050,10 @@ with or without TLS information. type => Enum['pgsql','mysql','mariadb'], host => Stdlib::Host, port => Optional[Stdlib::Port], - database => String, - username => String, - password => Optional[Variant[String, Sensitive[String]]], - }] $db, Hash[String, Any] $tls, Optional[Boolean] $use_tls = undef, Optional[Enum['verify-full', 'verify-ca']] $ssl_mode = undef)` + database => String[1], + username => String[1], + password => Optional[Icinga::Secret], + }] $db, Hash[String[1], Any] $tls, Optional[Boolean] $use_tls = undef, Optional[Enum['verify-full', 'verify-ca']] $ssl_mode = undef)` The icinga::db::connect function. @@ -2068,9 +2068,9 @@ Struct[{ type => Enum['pgsql','mysql','mariadb'], host => Stdlib::Host, port => Optional[Stdlib::Port], - database => String, - username => String, - password => Optional[Variant[String, Sensitive[String]]], + database => String[1], + username => String[1], + password => Optional[Icinga::Secret], }] ``` @@ -2078,7 +2078,7 @@ Data hash with database information. ##### `tls` -Data type: `Hash[String, Any]` +Data type: `Hash[String[1], Any]` Data hash with TLS connection information. @@ -2118,7 +2118,7 @@ Type: Puppet Language This funktion checks for web preparation and display a warning if fails -#### `icinga::prepare_web(String $icingamod)` +#### `icinga::prepare_web(String[1] $icingamod)` The icinga::prepare_web function. @@ -2126,7 +2126,7 @@ Returns: `Any` Nothing, statement function. ##### `icingamod` -Data type: `String` +Data type: `String[1]` @@ -2140,9 +2140,9 @@ Alias of ```puppet Struct[{ - cert => Optional[String], - key => Optional[Variant[String, Sensitive[String]]], - cacert => Optional[String], + cert => Optional[String[1]], + key => Optional[Icinga::Secret], + cacert => Optional[String[1]], insecure => Optional[Boolean], cert_file => Optional[Stdlib::Absolutepath], key_file => Optional[Stdlib::Absolutepath], @@ -2160,5 +2160,5 @@ Alias of `Enum['debug', 'information', 'notice', 'warning', 'critical']` A strict type for the secrets like passwords or keys -Alias of `Variant[String, Sensitive[String]]` +Alias of `Variant[String[1], Sensitive[String[1]]]` diff --git a/functions/cert/files.pp b/functions/cert/files.pp index 9529653..4562fff 100644 --- a/functions/cert/files.pp +++ b/functions/cert/files.pp @@ -5,14 +5,14 @@ # Returned hash includes all paths and the key, cert and cacert. # function icinga::cert::files( - String $name, - Optional[Stdlib::Absolutepath] $default_dir, - Optional[Stdlib::Absolutepath] $key_file = undef, - Optional[Stdlib::Absolutepath] $cert_file = undef, - Optional[Stdlib::Absolutepath] $cacert_file = undef, - Optional[Variant[String, Sensitive]] $key = undef, - Optional[String] $cert = undef, - Optional[String] $cacert = undef, + String[1] $name, + Optional[Stdlib::Absolutepath] $default_dir, + Optional[Stdlib::Absolutepath] $key_file = undef, + Optional[Stdlib::Absolutepath] $cert_file = undef, + Optional[Stdlib::Absolutepath] $cacert_file = undef, + Optional[Icinga::Secret] $key = undef, + Optional[String[1]] $cert = undef, + Optional[String[1]] $cacert = undef, ) >> Hash { # @param name # The base name of certicate, key and ca file, diff --git a/functions/db/connect.pp b/functions/db/connect.pp index ff4c95a..d0c81a8 100644 --- a/functions/db/connect.pp +++ b/functions/db/connect.pp @@ -22,11 +22,11 @@ function icinga::db::connect( type => Enum['pgsql','mysql','mariadb'], host => Stdlib::Host, port => Optional[Stdlib::Port], - database => String, - username => String, - password => Optional[Variant[String, Sensitive[String]]], + database => String[1], + username => String[1], + password => Optional[Icinga::Secret], }] $db, - Hash[String, Any] $tls, + Hash[String[1], Any] $tls, Optional[Boolean] $use_tls = undef, Optional[Enum['verify-full', 'verify-ca']] $ssl_mode = undef, ) >> String { diff --git a/functions/prepare_web.pp b/functions/prepare_web.pp index 08821fc..469060e 100644 --- a/functions/prepare_web.pp +++ b/functions/prepare_web.pp @@ -4,7 +4,7 @@ # @return # Nothing, statement function. # -function icinga::prepare_web(String $icingamod) { +function icinga::prepare_web(String[1] $icingamod) { # @param module # The module that should be printed in the warning # diff --git a/manifests/agent.pp b/manifests/agent.pp index 637219d..c3c7693 100644 --- a/manifests/agent.pp +++ b/manifests/agent.pp @@ -28,12 +28,12 @@ # class icinga::agent ( Stdlib::Host $ca_server, - Hash[String, Hash] $parent_endpoints, + Hash[String[1], Hash] $parent_endpoints, Icinga::LogLevel $logging_level, Enum['file', 'syslog', 'eventlog'] $logging_type, - String $parent_zone = 'main', - Array[String] $global_zones = [], - String $zone = 'NodeName', + String[1] $parent_zone = 'main', + Array[String[1]] $global_zones = [], + String[1] $zone = 'NodeName', Boolean $run_web = false, ) { class { 'icinga': diff --git a/manifests/agentless.pp b/manifests/agentless.pp index 206f621..306acfe 100644 --- a/manifests/agentless.pp +++ b/manifests/agentless.pp @@ -17,11 +17,11 @@ # Install extra packages such as plugins. # class icinga::agentless ( - String $user, + String[1] $user, Boolean $manage_user, Enum['ecdsa','ed25519','rsa'] $ssh_key_type, - String $ssh_public_key, - Array[String] $extra_packages = [], + String[1] $ssh_public_key, + Array[String[1]] $extra_packages = [], ) { if defined(Class['icinga']) { if $user != $icinga2::globals::user { diff --git a/manifests/cert.pp b/manifests/cert.pp index 01e7cec..008e89d 100644 --- a/manifests/cert.pp +++ b/manifests/cert.pp @@ -13,8 +13,8 @@ # define icinga::cert ( Icinga::Certificate $args, - String $owner, - String $group, + String[1] $owner, + String[1] $group, ) { if $facts['os']['family'] == 'windows' { $key_mode = undef diff --git a/manifests/database.pp b/manifests/database.pp index 9d90cf8..fe7fb45 100644 --- a/manifests/database.pp +++ b/manifests/database.pp @@ -7,13 +7,13 @@ Enum['mysql','pgsql'] $db_type, Array[Stdlib::Host] $access_instances, Icinga::Secret $db_pass, - String $db_name, - String $db_user, - Array[String] $mysql_privileges, + String[1] $db_name, + String[1] $db_user, + Array[String[1]] $mysql_privileges, Variant[Boolean, Enum['password','cert']] $tls = false, - Optional[String] $encoding = undef, - Optional[String] $collation = undef, + Optional[String[1]] $encoding = undef, + Optional[String[1]] $collation = undef, ) { assert_private() diff --git a/manifests/db.pp b/manifests/db.pp index f8e4421..fd31b90 100644 --- a/manifests/db.pp +++ b/manifests/db.pp @@ -47,9 +47,9 @@ Icinga::Secret $db_pass, Enum['mysql', 'pgsql'] $db_type, Stdlib::Host $db_host = 'localhost', - Optional[Stdlib::Port::Unprivileged] $db_port = undef, - String $db_name = 'icingadb', - String $db_user = 'icingadb', + Optional[Stdlib::Port] $db_port = undef, + String[1] $db_name = 'icingadb', + String[1] $db_user = 'icingadb', Boolean $manage_database = false, Array[Stdlib::Host] $db_accesses = [], Stdlib::Host $redis_host = 'localhost', diff --git a/manifests/db/database.pp b/manifests/db/database.pp index d7bb5e7..1b911cc 100644 --- a/manifests/db/database.pp +++ b/manifests/db/database.pp @@ -24,8 +24,8 @@ Enum['mysql','pgsql'] $db_type, Array[Stdlib::Host] $access_instances, Icinga::Secret $db_pass, - String $db_name = 'icingadb', - String $db_user = 'icingadb', + String[1] $db_name = 'icingadb', + String[1] $db_user = 'icingadb', Variant[Boolean, Enum['password','cert']] $tls = false, ) { diff --git a/manifests/ido.pp b/manifests/ido.pp index 13d1490..9e6f3a9 100644 --- a/manifests/ido.pp +++ b/manifests/ido.pp @@ -30,8 +30,8 @@ Enum['mysql','pgsql'] $db_type = 'mysql', Stdlib::Host $db_host = 'localhost', Optional[Stdlib::Port] $db_port = undef, - String $db_name = 'icinga2', - String $db_user = 'icinga2', + String[1] $db_name = 'icinga2', + String[1] $db_user = 'icinga2', Boolean $manage_database = false, Boolean $enable_ha = false, ) { diff --git a/manifests/ido/database.pp b/manifests/ido/database.pp index a9e2ee7..3c564a3 100644 --- a/manifests/ido/database.pp +++ b/manifests/ido/database.pp @@ -25,8 +25,8 @@ Enum['mysql','pgsql'] $db_type, Array[Stdlib::Host] $ido_instances, Icinga::Secret $db_pass, - String $db_name = 'icinga2', - String $db_user = 'icinga2', + String[1] $db_name = 'icinga2', + String[1] $db_user = 'icinga2', Variant[Boolean, Enum['password','cert']] $tls = false, ) { diff --git a/manifests/init.pp b/manifests/init.pp index 6079751..658c158 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -48,18 +48,18 @@ # class icinga ( Boolean $ca, - String $this_zone, - Hash[String, Hash] $zones, - String $cert_name, + String[1] $this_zone, + Hash[String[1], Hash] $zones, + String[1] $cert_name, Optional[Stdlib::Host] $ca_server = undef, Optional[Icinga::Secret] $ticket_salt = undef, - Array[String] $extra_packages = [], + Array[String[1]] $extra_packages = [], Enum['file', 'syslog', 'eventlog'] $logging_type = 'file', Optional[Icinga::LogLevel] $logging_level = undef, Optional[Icinga::Secret] $ssh_private_key = undef, Optional[Enum['ecdsa','ed25519','rsa']] $ssh_key_type = undef, Boolean $prepare_web = false, - Variant[Boolean, String] $confd = false, + Variant[Boolean, String[1]] $confd = false, ) { assert_private() diff --git a/manifests/server.pp b/manifests/server.pp index 51770b0..1752b49 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -59,15 +59,15 @@ Icinga::LogLevel $logging_level, Boolean $ca = false, Boolean $config_server = false, - String $zone = 'main', - Hash[String,Hash] $colocation_endpoints = {}, - Hash[String,Hash] $workers = {}, - Array[String] $global_zones = [], + String[1] $zone = 'main', + Hash[String[1], Hash] $colocation_endpoints = {}, + Hash[String[1], Hash] $workers = {}, + Array[String[1]] $global_zones = [], Optional[Stdlib::Host] $ca_server = undef, Optional[Icinga::Secret] $ticket_salt = undef, - String $web_api_user = 'icingaweb2', + String[1] $web_api_user = 'icingaweb2', Optional[Icinga::Secret] $web_api_pass = undef, - String $director_api_user = 'director', + String[1] $director_api_user = 'director', Optional[Icinga::Secret] $director_api_pass = undef, Boolean $run_web = false, Enum['ecdsa','ed25519','rsa'] $ssh_key_type = rsa, diff --git a/manifests/web.pp b/manifests/web.pp index e28b424..8b979d4 100644 --- a/manifests/web.pp +++ b/manifests/web.pp @@ -53,16 +53,16 @@ Icinga::Secret $db_pass, Icinga::Secret $api_pass, Boolean $apache_cgi_pass_auth, - String $default_admin_user = 'icingaadmin', + String[1] $default_admin_user = 'icingaadmin', Icinga::Secret $default_admin_pass = 'icingaadmin', Enum['mysql', 'pgsql'] $db_type = 'mysql', Stdlib::Host $db_host = 'localhost', Optional[Stdlib::Port::Unprivileged] $db_port = undef, - String $db_name = 'icingaweb2', - String $db_user = 'icingaweb2', + String[1] $db_name = 'icingaweb2', + String[1] $db_user = 'icingaweb2', Boolean $manage_database = false, Variant[Stdlib::Host, Array[Stdlib::Host]] $api_host = 'localhost', - String $api_user = 'icingaweb2', + String[1] $api_user = 'icingaweb2', Array[String[1]] $apache_extra_mods = [], Boolean $apache_config = true, ) { diff --git a/manifests/web/database.pp b/manifests/web/database.pp index eb5caa0..d926484 100644 --- a/manifests/web/database.pp +++ b/manifests/web/database.pp @@ -24,8 +24,8 @@ Enum['mysql','pgsql'] $db_type, Array[Stdlib::Host] $web_instances, Icinga::Secret $db_pass, - String $db_name = 'icingaweb2', - String $db_user = 'icingaweb2', + String[1] $db_name = 'icingaweb2', + String[1] $db_user = 'icingaweb2', Variant[Boolean, Enum['password','cert']] $tls = false, ) { diff --git a/manifests/web/director.pp b/manifests/web/director.pp index 1740696..b51e900 100644 --- a/manifests/web/director.pp +++ b/manifests/web/director.pp @@ -43,17 +43,17 @@ class icinga::web::director ( Icinga::Secret $db_pass, Icinga::Secret $api_pass, - String $endpoint, + String[1] $endpoint, Stdlib::Ensure::Service $service_ensure = 'running', Boolean $service_enable = true, Enum['mysql', 'pgsql'] $db_type = 'mysql', Stdlib::Host $db_host = 'localhost', Optional[Stdlib::Port] $db_port = undef, - String $db_name = 'director', - String $db_user = 'director', + String[1] $db_name = 'director', + String[1] $db_user = 'director', Boolean $manage_database = false, Stdlib::Host $api_host = 'localhost', - String $api_user = 'director', + String[1] $api_user = 'director', ) { icinga::prepare_web('Director') diff --git a/manifests/web/director/database.pp b/manifests/web/director/database.pp index c0a81e1..6c103e0 100644 --- a/manifests/web/director/database.pp +++ b/manifests/web/director/database.pp @@ -25,8 +25,8 @@ Enum['mysql','pgsql'] $db_type, Array[Stdlib::Host] $web_instances, Icinga::Secret $db_pass, - String $db_user = 'director', - String $db_name = 'director', + String[1] $db_user = 'director', + String[1] $db_name = 'director', Variant[Boolean, Enum['password','cert']] $tls = false, ) { diff --git a/manifests/web/icingadb.pp b/manifests/web/icingadb.pp index 1ebca88..1e745f4 100644 --- a/manifests/web/icingadb.pp +++ b/manifests/web/icingadb.pp @@ -47,21 +47,21 @@ # Password for the second Redis server. # class icinga::web::icingadb ( - Icinga::Secret $db_pass, - Enum['mysql', 'pgsql'] $db_type, - Stdlib::Host $db_host = 'localhost', - Optional[Stdlib::Port::Unprivileged] $db_port = undef, - String $db_name = 'icingadb', - String $db_user = 'icingadb', - Stdlib::Host $redis_host = 'localhost', - Optional[Stdlib::Port] $redis_port = undef, - Optional[Icinga::Secret] $redis_pass = undef, - Stdlib::Host $redis_primary_host = $redis_host, - Optional[Stdlib::Port] $redis_primary_port = $redis_port, - Optional[Icinga::Secret] $redis_primary_pass = $redis_pass, - Optional[Stdlib::Host] $redis_secondary_host = undef, - Optional[Stdlib::Port] $redis_secondary_port = undef, - Optional[Icinga::Secret] $redis_secondary_pass = undef, + Icinga::Secret $db_pass, + Enum['mysql', 'pgsql'] $db_type, + Stdlib::Host $db_host = 'localhost', + Optional[Stdlib::Port] $db_port = undef, + String[1] $db_name = 'icingadb', + String[1] $db_user = 'icingadb', + Stdlib::Host $redis_host = 'localhost', + Optional[Stdlib::Port] $redis_port = undef, + Optional[Icinga::Secret] $redis_pass = undef, + Stdlib::Host $redis_primary_host = $redis_host, + Optional[Stdlib::Port] $redis_primary_port = $redis_port, + Optional[Icinga::Secret] $redis_primary_pass = $redis_pass, + Optional[Stdlib::Host] $redis_secondary_host = undef, + Optional[Stdlib::Port] $redis_secondary_port = undef, + Optional[Icinga::Secret] $redis_secondary_pass = undef, ) { require icinga::web diff --git a/manifests/web/monitoring.pp b/manifests/web/monitoring.pp index c4e89dc..adaa1ea 100644 --- a/manifests/web/monitoring.pp +++ b/manifests/web/monitoring.pp @@ -24,8 +24,8 @@ Enum['mysql', 'pgsql'] $db_type = 'mysql', Stdlib::Host $db_host = 'localhost', Optional[Stdlib::Port::Unprivileged] $db_port = undef, - String $db_name = 'icinga2', - String $db_user = 'icinga2', + String[1] $db_name = 'icinga2', + String[1] $db_user = 'icinga2', ) { require icinga::web diff --git a/manifests/web/reporting.pp b/manifests/web/reporting.pp index 72aa227..d95d4ce 100644 --- a/manifests/web/reporting.pp +++ b/manifests/web/reporting.pp @@ -38,10 +38,10 @@ Boolean $service_enable = true, Stdlib::Host $db_host = 'localhost', Optional[Stdlib::Port] $db_port = undef, - String $db_name = 'reporting', - String $db_user = 'reporting', + String[1] $db_name = 'reporting', + String[1] $db_user = 'reporting', Boolean $manage_database = false, - Optional[String] $mail = undef, + Optional[String[1]] $mail = undef, ) { unless defined(Class['icinga::web::icingadb']) or defined(Class['icinga::web::monitoring']) { fail('Class icinga::web::icingadb or icinga::web::monitoring has to be declared before!') diff --git a/manifests/web/reporting/database.pp b/manifests/web/reporting/database.pp index 04497a8..8a0c815 100644 --- a/manifests/web/reporting/database.pp +++ b/manifests/web/reporting/database.pp @@ -25,8 +25,8 @@ Enum['mysql','pgsql'] $db_type, Array[Stdlib::Host] $web_instances, Icinga::Secret $db_pass, - String $db_user = 'reporting', - String $db_name = 'reporting', + String[1] $db_user = 'reporting', + String[1] $db_name = 'reporting', Variant[Boolean, Enum['password','cert']] $tls = false, ) { diff --git a/manifests/web/vspheredb.pp b/manifests/web/vspheredb.pp index 9e0a9b4..95f8308 100644 --- a/manifests/web/vspheredb.pp +++ b/manifests/web/vspheredb.pp @@ -35,8 +35,8 @@ Enum['mysql'] $db_type = 'mysql', Stdlib::Host $db_host = 'localhost', Optional[Stdlib::Port] $db_port = undef, - String $db_name = 'vspheredb', - String $db_user = 'vspheredb', + String[1] $db_name = 'vspheredb', + String[1] $db_user = 'vspheredb', Boolean $manage_database = false, ) { icinga::prepare_web('VSphereDB') diff --git a/manifests/web/vspheredb/database.pp b/manifests/web/vspheredb/database.pp index 66fe4a9..1898f0c 100644 --- a/manifests/web/vspheredb/database.pp +++ b/manifests/web/vspheredb/database.pp @@ -24,8 +24,8 @@ Enum['mysql'] $db_type, Array[Stdlib::Host] $web_instances, Icinga::Secret $db_pass, - String $db_name = 'vspheredb', - String $db_user = 'vspheredb', + String[1] $db_name = 'vspheredb', + String[1] $db_user = 'vspheredb', Variant[Boolean, Enum['password','cert']] $tls = false, ) { diff --git a/manifests/web/x509.pp b/manifests/web/x509.pp index f16cea6..8b79835 100644 --- a/manifests/web/x509.pp +++ b/manifests/web/x509.pp @@ -35,8 +35,8 @@ Boolean $service_enable = true, Stdlib::Host $db_host = 'localhost', Optional[Stdlib::Port] $db_port = undef, - String $db_name = 'x509', - String $db_user = 'x509', + String[1] $db_name = 'x509', + String[1] $db_user = 'x509', Boolean $manage_database = false, ) { unless defined(Class['icinga::web::icingadb']) or defined(Class['icinga::web::monitoring']) { diff --git a/manifests/web/x509/database.pp b/manifests/web/x509/database.pp index 943829f..ca809e8 100644 --- a/manifests/web/x509/database.pp +++ b/manifests/web/x509/database.pp @@ -25,8 +25,8 @@ Enum['mysql','pgsql'] $db_type, Array[Stdlib::Host] $web_instances, Icinga::Secret $db_pass, - String $db_user = 'x509', - String $db_name = 'x509', + String[1] $db_user = 'x509', + String[1] $db_name = 'x509', Variant[Boolean, Enum['password','cert']] $tls = false, ) { diff --git a/manifests/worker.pp b/manifests/worker.pp index 2a9c326..178f5c4 100644 --- a/manifests/worker.pp +++ b/manifests/worker.pp @@ -41,14 +41,14 @@ # class icinga::worker ( Stdlib::Host $ca_server, - String $zone, - Hash[String, Hash] $parent_endpoints, + String[1] $zone, + Hash[String[1], Hash] $parent_endpoints, Enum['file', 'syslog', 'eventlog'] $logging_type, Icinga::LogLevel $logging_level, - String $parent_zone = 'main', - Hash[String, Hash] $colocation_endpoints = {}, - Hash[String, Hash] $workers = {}, - Array[String] $global_zones = [], + String[1] $parent_zone = 'main', + Hash[String[1], Hash] $colocation_endpoints = {}, + Hash[String[1], Hash] $workers = {}, + Array[String[1]] $global_zones = [], Boolean $run_web = false, Optional[Icinga::Secret] $ssh_private_key = undef, Enum['ecdsa','ed25519','rsa'] $ssh_key_type = rsa, diff --git a/types/certificate.pp b/types/certificate.pp index 7d6dd68..e230e93 100644 --- a/types/certificate.pp +++ b/types/certificate.pp @@ -1,8 +1,8 @@ # A strict type for a certificate type Icinga::Certificate = Struct[{ - cert => Optional[String], - key => Optional[Variant[String, Sensitive[String]]], - cacert => Optional[String], + cert => Optional[String[1]], + key => Optional[Icinga::Secret], + cacert => Optional[String[1]], insecure => Optional[Boolean], cert_file => Optional[Stdlib::Absolutepath], key_file => Optional[Stdlib::Absolutepath], diff --git a/types/secret.pp b/types/secret.pp index 61ca7c1..ba75ac1 100644 --- a/types/secret.pp +++ b/types/secret.pp @@ -1,2 +1,2 @@ # A strict type for the secrets like passwords or keys -type Icinga::Secret = Variant[String, Sensitive[String]] +type Icinga::Secret = Variant[String[1], Sensitive[String[1]]]