diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 064443f..8424781 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,65 +1,65 @@ name: "release" on: push: branches: - 'release' jobs: LitmusAcceptancePuppet5: env: HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 HONEYCOMB_DATASET: litmus tests runs-on: self-hosted strategy: matrix: ruby_version: [2.5.x] puppet_gem_version: [~> 6.0] platform: [release_checks_5] agent_family: ['puppet5'] steps: - uses: actions/checkout@v1 - name: Litmus Parallel - uses: puppetlabs/action-litmus_parallel@master + uses: puppetlabs/action-litmus_parallel@main with: platform: ${{ matrix.platform }} agent_family: ${{ matrix.agent_family }} LitmusAcceptancePuppet6: env: HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 HONEYCOMB_DATASET: litmus tests runs-on: self-hosted strategy: matrix: ruby_version: [2.5.x] puppet_gem_version: [~> 6.0] platform: [release_checks_6] agent_family: ['puppet6'] steps: - uses: actions/checkout@v1 - name: Litmus Parallel - uses: puppetlabs/action-litmus_parallel@master + uses: puppetlabs/action-litmus_parallel@main with: platform: ${{ matrix.platform }} agent_family: ${{ matrix.agent_family }} Spec: runs-on: self-hosted strategy: matrix: check: [parallel_spec, 'syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop'] ruby_version: [2.5.x] puppet_gem_version: [~> 5.0, ~> 6.0] exclude: - puppet_gem_version: ~> 5.0 check: 'syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop' - ruby_version: 2.5.x puppet_gem_version: ~> 5.0 steps: - uses: actions/checkout@v1 - name: Spec Tests - uses: puppetlabs/action-litmus_spec@master + uses: puppetlabs/action-litmus_spec@main with: puppet_gem_version: ${{ matrix.puppet_gem_version }} check: ${{ matrix.check }} diff --git a/.github/workflows/weekly.yml b/.github/workflows/weekly.yml index 8fc3767..08983b7 100644 --- a/.github/workflows/weekly.yml +++ b/.github/workflows/weekly.yml @@ -1,64 +1,64 @@ name: "weekly" on: schedule: - cron: '0 7 * * 5' jobs: LitmusAcceptancePuppet5: env: HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 HONEYCOMB_DATASET: litmus tests runs-on: self-hosted strategy: matrix: ruby_version: [2.5.x] puppet_gem_version: [~> 6.0] platform: [release_checks_5] agent_family: ['puppet5'] steps: - uses: actions/checkout@v1 - name: Litmus Parallel - uses: puppetlabs/action-litmus_parallel@master + uses: puppetlabs/action-litmus_parallel@main with: platform: ${{ matrix.platform }} agent_family: ${{ matrix.agent_family }} LitmusAcceptancePuppet6: env: HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 HONEYCOMB_DATASET: litmus tests runs-on: self-hosted strategy: matrix: ruby_version: [2.5.x] puppet_gem_version: [~> 6.0] platform: [release_checks_6] agent_family: ['puppet6'] steps: - uses: actions/checkout@v1 - name: Litmus Parallel - uses: puppetlabs/action-litmus_parallel@master + uses: puppetlabs/action-litmus_parallel@main with: platform: ${{ matrix.platform }} agent_family: ${{ matrix.agent_family }} Spec: runs-on: self-hosted strategy: matrix: check: [parallel_spec, 'syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop'] ruby_version: [2.5.x] puppet_gem_version: [~> 5.0, ~> 6.0] exclude: - puppet_gem_version: ~> 5.0 check: 'syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop' - ruby_version: 2.5.x puppet_gem_version: ~> 5.0 steps: - uses: actions/checkout@v1 - name: Spec Tests - uses: puppetlabs/action-litmus_spec@master + uses: puppetlabs/action-litmus_spec@main with: puppet_gem_version: ${{ matrix.puppet_gem_version }} check: ${{ matrix.check }} diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 1a9fb3a..9c171f9 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,271 +1,271 @@ # Contributing to Puppet modules So you want to contribute to a Puppet module: Great! Below are some instructions to get you started doing that very thing while setting expectations around code quality as well as a few tips for making the process as easy as possible. ### Table of Contents 1. [Getting Started](#getting-started) 1. [Commit Checklist](#commit-checklist) 1. [Submission](#submission) 1. [More about commits](#more-about-commits) 1. [Testing](#testing) - [Running Tests](#running-tests) - [Writing Tests](#writing-tests) 1. [Get Help](#get-help) ## Getting Started - Fork the module repository on GitHub and clone to your workspace - Make your changes! ## Commit Checklist ### The Basics - [x] my commit is a single logical unit of work - [x] I have checked for unnecessary whitespace with "git diff --check" - [x] my commit does not include commented out code or unneeded files ### The Content - [x] my commit includes tests for the bug I fixed or feature I added - [x] my commit includes appropriate documentation changes if it is introducing a new feature or changing existing functionality - [x] my code passes existing test suites ### The Commit Message - [x] the first line of my commit message includes: - [x] an issue number (if applicable), e.g. "(MODULES-xxxx) This is the first line" - [x] a short description (50 characters is the soft limit, excluding ticket number(s)) - [x] the body of my commit message: - [x] is meaningful - [x] uses the imperative, present tense: "change", not "changed" or "changes" - [x] includes motivation for the change, and contrasts its implementation with the previous behavior ## Submission ### Pre-requisites - Make sure you have a [GitHub account](https://github.com/join) - [Create a ticket](https://tickets.puppet.com/secure/CreateIssue!default.jspa), or [watch the ticket](https://tickets.puppet.com/browse/) you are patching for. ### Push and PR - Push your changes to your fork - [Open a Pull Request](https://help.github.com/articles/creating-a-pull-request-from-a-fork/) against the repository in the puppetlabs organization ## More about commits 1. Make separate commits for logically separate changes. Please break your commits down into logically consistent units which include new or changed tests relevant to the rest of the change. The goal of doing this is to make the diff easier to read for whoever is reviewing your code. In general, the easier your diff is to read, the more likely someone will be happy to review it and get it into the code base. If you are going to refactor a piece of code, please do so as a separate commit from your feature or bug fix changes. We also really appreciate changes that include tests to make sure the bug is not re-introduced, and that the feature is not accidentally broken. Describe the technical detail of the change(s). If your description starts to get too long, that is a good sign that you probably need to split up your commit into more finely grained pieces. Commits which plainly describe the things which help reviewers check the patch and future developers understand the code are much more likely to be merged in with a minimum of bike-shedding or requested changes. Ideally, the commit message would include information, and be in a form suitable for inclusion in the release notes for the version of Puppet that includes them. Please also check that you are not introducing any trailing whitespace or other "whitespace errors". You can do this by running "git diff --check" on your changes before you commit. 2. Sending your patches To submit your changes via a GitHub pull request, we _highly_ recommend that you have them on a topic branch, instead of - directly on "master". + directly on "main". It makes things much easier to keep track of, especially if you decide to work on another thing before your first change is merged in. GitHub has some pretty good [general documentation](http://help.github.com/) on using their site. They also have documentation on [creating pull requests](https://help.github.com/articles/creating-a-pull-request-from-a-fork/). In general, after pushing your topic branch up to your repository on GitHub, you can switch to the branch in the GitHub UI and click "Pull Request" towards the top of the page in order to open a pull request. 3. Update the related JIRA issue. If there is a JIRA issue associated with the change you submitted, then you should update the ticket to include the location of your branch, along with any other commentary you may wish to make. # Testing ## Getting Started Our Puppet modules provide [`Gemfile`](./Gemfile)s, which can tell a Ruby package manager such as [bundler](http://bundler.io/) what Ruby packages, or Gems, are required to build, develop, and test this software. Please make sure you have [bundler installed](http://bundler.io/#getting-started) on your system, and then use it to install all dependencies needed for this project in the project root by running ```shell % bundle install --path .bundle/gems Fetching gem metadata from https://rubygems.org/........ Fetching gem metadata from https://rubygems.org/.. Using rake (10.1.0) Using builder (3.2.2) -- 8><-- many more --><8 -- Using rspec-system-puppet (2.2.0) Using serverspec (0.6.3) Using rspec-system-serverspec (1.0.0) Using bundler (1.3.5) Your bundle is complete! Use `bundle show [gemname]` to see where a bundled gem is installed. ``` NOTE: some systems may require you to run this command with sudo. If you already have those gems installed, make sure they are up-to-date: ```shell % bundle update ``` ## Running Tests With all dependencies in place and up-to-date, run the tests: ### Unit Tests ```shell % bundle exec rake spec ``` This executes all the [rspec tests](http://rspec-puppet.com/) in the directories defined [here](https://github.com/puppetlabs/puppetlabs_spec_helper/blob/699d9fbca1d2489bff1736bb254bb7b7edb32c74/lib/puppetlabs_spec_helper/rake_tasks.rb#L17) and so on. rspec tests may have the same kind of dependencies as the module they are testing. Although the module defines these dependencies in its [metadata.json](./metadata.json), rspec tests define them in [.fixtures.yml](./fixtures.yml). ### Acceptance Tests Some Puppet modules also come with acceptance tests, which use [beaker][]. These tests spin up a virtual machine under [VirtualBox](https://www.virtualbox.org/), controlled with [Vagrant](http://www.vagrantup.com/), to simulate scripted test scenarios. In order to run these, you need both Virtualbox and Vagrant installed on your system. Run the tests by issuing the following command ```shell % bundle exec rake spec_clean % bundle exec rspec spec/acceptance ``` This will now download a pre-fabricated image configured in the [default node-set](./spec/acceptance/nodesets/default.yml), install Puppet, copy this module, and install its dependencies per [spec/spec_helper_acceptance.rb](./spec/spec_helper_acceptance.rb) and then run all the tests under [spec/acceptance](./spec/acceptance). ## Writing Tests ### Unit Tests When writing unit tests for Puppet, [rspec-puppet][] is your best friend. It provides tons of helper methods for testing your manifests against a catalog (e.g. contain_file, contain_package, with_params, etc). It would be ridiculous to try and top rspec-puppet's [documentation][rspec-puppet_docs] but here's a tiny sample: Sample manifest: ```puppet file { "a test file": ensure => present, path => "/etc/sample", } ``` Sample test: ```ruby it 'does a thing' do expect(subject).to contain_file("a test file").with({:path => "/etc/sample"}) end ``` ### Acceptance Tests Writing acceptance tests for Puppet involves [beaker][] and its cousin [beaker-rspec][]. A common pattern for acceptance tests is to create a test manifest, apply it twice to check for idempotency or errors, then run expectations. ```ruby it 'does an end-to-end thing' do pp = <<-EOF file { 'a test file': ensure => present, path => "/etc/sample", content => "test string", } apply_manifest(pp, :catch_failures => true) apply_manifest(pp, :catch_changes => true) end describe file("/etc/sample") do it { is_expected.to contain "test string" } end ``` # If you have commit access to the repository Even if you have commit access to the repository, you still need to go through the process above, and have someone else review and merge in your changes. The rule is that **all changes must be reviewed by a project developer that did not write the code to ensure that all changes go through a code review process.** The record of someone performing the merge is the record that they performed the code review. Again, this should be someone other than the author of the topic branch. # Get Help ### On the web * [Puppet help messageboard](http://puppet.com/community/get-help) * [Writing tests](https://docs.puppet.com/guides/module_guides/bgtm.html#step-three-module-testing) * [General GitHub documentation](http://help.github.com/) * [GitHub pull request documentation](http://help.github.com/send-pull-requests/) ### On chat * Slack (slack.puppet.com) #forge-modules, #puppet-dev, #windows, #voxpupuli * IRC (freenode) #puppet-dev, #voxpupuli [rspec-puppet]: http://rspec-puppet.com/ [rspec-puppet_docs]: http://rspec-puppet.com/documentation/ [beaker]: https://github.com/puppetlabs/beaker [beaker-rspec]: https://github.com/puppetlabs/beaker-rspec diff --git a/README.md b/README.md index 874146c..c45db27 100644 --- a/README.md +++ b/README.md @@ -1,107 +1,107 @@ # java_ks -[![Build Status](https://travis-ci.org/puppetlabs/puppetlabs-java_ks.png?branch=master)](https://travis-ci.org/puppetlabs/puppetlabs-java_ks) +[![Build Status](https://travis-ci.org/puppetlabs/puppetlabs-java_ks.png?branch=main)](https://travis-ci.org/puppetlabs/puppetlabs-java_ks) #### Table of Contents 1. [Overview](#overview) 2. [Module Description](#module-description) * [Beginning with the module](#beginning-with-the-module) 3. [Setup](#setup) 4. [Usage](#usage) * [Certificates](#certificates) * [Namevars](#namevars) * [Windows task](#windows-task) 5. [Reference](#reference) 6. [Limitations](#limitations) 7. [Development](#development) ## Overview The java_ks module uses a combination of keytool and openssl to manage entries in a Java keystore. ## Module Description The java_ks module contains a type called `java_ks` and a single provider named `keytool`. Their purpose is to enable importation of arbitrary, already generated and signed certificates into a Java keystore for use by various applications. ## Setup ### Beginning with the module To get started with java_ks, declare each `java_ks` resource you need. ```puppet java_ks { 'puppetca:truststore': ensure => latest, certificate => '/etc/puppet/ssl/certs/ca.pem', target => '/etc/activemq/broker.ts', password => 'puppet', trustcacerts => true, } ``` ## Usage You must specify a target in some way. You can specify `target` after the colon in the title or by using the target attribute in the resource. If you declare both, it will prefer the attribute. ```puppet java_ks { 'puppetca:keystore': ensure => latest, certificate => '/etc/puppet/ssl/certs/ca.pem', target => '/etc/activemq/broker.ks', password => 'puppet', trustcacerts => true, } java_ks { 'broker.example.com:/etc/activemq/broker.ks': ensure => latest, certificate => '/etc/puppet/ssl/certs/broker.example.com.pe-internal-broker.pem', private_key => '/etc/puppet/ssl/private_keys/broker.example.com.pe-internal-broker.pem', password => 'albatros', password_fail_reset => true, } ``` You can also use Hiera by passing params to the java_ks::config class: ```yaml java_ks::config::params: 'broker.example.com:/etc/activemq/broker.ks': ensure: latest certificate: '/etc/puppet/ssl/certs/broker.example.com.pe-internal-broker.pem' private_key: '/etc/puppet/ssl/private_keys/broker.example.com.pe-internal-broker.pem' password: true ``` ### Certificates To have a Java application server use a specific certificate for incoming connections, use the certificate parameter. You will need to simultaneously import the private key accompanying the signed certificate you want to use. As long as you provide the path to the key and the certificate, the provider will do the conversion for you. ### Namevars The java_ks module supports multiple certificates with different keystores but the same alias by implementing Puppet's composite namevar functionality. Titles map to namevars via `$alias:$target` (alias of certificate, colon, on-disk path to the keystore). If you create dependencies on these resources you need to remember to use the same title syntax outlined for generating the composite namevars. *Note about composite namevars:* The way composite namevars currently work, you must have the colon in the title. This is true *even if you define name and target parameters.* The title can be `foo:bar`, but the name and target parameters must be `broker.example.com` and `/etc/activemq/broker.ks`. If you follow convention, it will do as you expect and correctly create an entry in the broker.ks keystore with the alias of broker.example.com. ## Reference -For information on the classes and types, see the [REFERENCE.md](https://github.com/puppetlabs/puppetlabs-java_ks/blob/master/REFERENCE.md). +For information on the classes and types, see the [REFERENCE.md](https://github.com/puppetlabs/puppetlabs-java_ks/blob/main/REFERENCE.md). ## Limitations The java_ks module uses the `keytool` and `openssl` commands. It should work on all systems with these commands. Java 7 is supported as of 1.0.0. Developed against IBM Java 6 on AIX. Other versions may be unsupported. -For an extensive list of supported operating systems, see [metadata.json](https://github.com/puppetlabs/puppetlabs-java_ks/blob/master/metadata.json) +For an extensive list of supported operating systems, see [metadata.json](https://github.com/puppetlabs/puppetlabs-java_ks/blob/main/metadata.json) ## Development Puppet modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad hardware, software, and deployment configurations that Puppet is intended to serve. We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things. For more information, see our [module contribution guide.](https://puppet.com/docs/puppet/latest/contributing.html) diff --git a/metadata.json b/metadata.json index 737fec5..dc18b64 100644 --- a/metadata.json +++ b/metadata.json @@ -1,109 +1,109 @@ { "name": "puppetlabs-java_ks", "version": "3.2.0", "author": "puppetlabs", "summary": "Manage arbitrary Java keystore files", "license": "Apache-2.0", "source": "https://github.com/puppetlabs/puppetlabs-java_ks", "project_page": "https://github.com/puppetlabs/puppetlabs-java_ks", "issues_url": "https://tickets.puppetlabs.com/browse/MODULES", "dependencies": [ ], "operatingsystem_support": [ { "operatingsystem": "RedHat", "operatingsystemrelease": [ "5", "6", "7", "8" ] }, { "operatingsystem": "CentOS", "operatingsystemrelease": [ "5", "6", "7", "8" ] }, { "operatingsystem": "OracleLinux", "operatingsystemrelease": [ "5", "6", "7" ] }, { "operatingsystem": "Scientific", "operatingsystemrelease": [ "6", "7" ] }, { "operatingsystem": "SLES", "operatingsystemrelease": [ "11 SP1", "12", "15" ] }, { "operatingsystem": "Debian", "operatingsystemrelease": [ "8", "9", "10" ] }, { "operatingsystem": "Ubuntu", "operatingsystemrelease": [ "14.04", "16.04", "18.04", "20.04" ] }, { "operatingsystem": "Solaris", "operatingsystemrelease": [ "10", "11" ] }, { "operatingsystem": "AIX", "operatingsystemrelease": [ "7.1" ] }, { "operatingsystem": "Windows", "operatingsystemrelease": [ "2008 R2", "2012", "2012 R2", "2016", "2019", "7", "8.1", "10" ] } ], "requirements": [ { "name": "puppet", "version_requirement": ">= 5.5.10 < 7.0.0" } ], "description": "Uses a combination of keytool and Ruby openssl library to manage entries in a Java keystore.", - "template-url": "https://github.com/puppetlabs/pdk-templates#master", - "template-ref": "heads/master-0-gd610ead", + "template-url": "https://github.com/puppetlabs/pdk-templates#main", + "template-ref": "heads/main-0-gd610ead", "pdk-version": "1.18.1" }