From 20d2cb3d09e3e8a134bf6cdc7bea0cb86d68b74a Mon Sep 17 00:00:00 2001 From: Frank Wall Date: Mon, 7 Aug 2023 17:15:56 +0200 Subject: [PATCH] release 4.1.0 --- CHANGELOG.md | 12 +++- REFERENCE.md | 159 ++++++++++++++++++++++++++++++++------------------ metadata.json | 2 +- 3 files changed, 115 insertions(+), 58 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index eb2231b..a2f7bf8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,15 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). +## [4.1.0] - 2023-08-07 + +### Changed +* Update module dependencies +* Update PDK to 3.0.0 + +### Fixed +* Fix GitHub Actions + ## [4.0.1] - 2023-07-11 ### Changed @@ -159,7 +168,8 @@ This new major release is an effort to modernize the module. It fixes some long- ## [1.0.0] - 2917-04-16 Initial release (fork of bzed-letsencrypt). -[Unreleased]: https://github.com/fraenki/puppet-acme/compare/4.0.1...HEAD +[Unreleased]: https://github.com/fraenki/puppet-acme/compare/4.1.0...HEAD +[4.1.0]: https://github.com/fraenki/puppet-acme/compare/4.0.1...4.1.0 [4.0.1]: https://github.com/fraenki/puppet-acme/compare/4.0.0...4.0.1 [4.0.0]: https://github.com/fraenki/puppet-acme/compare/3.0.0...4.0.0 [3.0.0]: https://github.com/fraenki/puppet-acme/compare/2.3.0...3.0.0 diff --git a/REFERENCE.md b/REFERENCE.md index 7624f27..38cab01 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -20,7 +20,7 @@ #### Public Defined types -* [`acme::certificate`](#acmecertificate): Request a certificate. +* [`acme::certificate`](#acme--certificate): Request a certificate. #### Private Defined types @@ -37,48 +37,85 @@ ## Classes -### `acme` +### `acme` Install and configure acme.sh to manage SSL certificates #### Parameters -The following parameters are available in the `acme` class. - -##### `accounts` +The following parameters are available in the `acme` class: + +* [`accounts`](#-acme--accounts) +* [`acct_dir`](#-acme--acct_dir) +* [`acme_dir`](#-acme--acme_dir) +* [`acme_git_url`](#-acme--acme_git_url) +* [`acme_git_force`](#-acme--acme_git_force) +* [`acme_host`](#-acme--acme_host) +* [`acme_install_dir`](#-acme--acme_install_dir) +* [`acme_revision`](#-acme--acme_revision) +* [`acmecmd`](#-acme--acmecmd) +* [`acmelog`](#-acme--acmelog) +* [`base_dir`](#-acme--base_dir) +* [`ca_whitelist`](#-acme--ca_whitelist) +* [`certificates`](#-acme--certificates) +* [`cfg_dir`](#-acme--cfg_dir) +* [`crt_dir`](#-acme--crt_dir) +* [`csr_dir`](#-acme--csr_dir) +* [`date_expression`](#-acme--date_expression) +* [`default_ca`](#-acme--default_ca) +* [`dh_param_size`](#-acme--dh_param_size) +* [`dnssleep`](#-acme--dnssleep) +* [`exec_timeout`](#-acme--exec_timeout) +* [`group`](#-acme--group) +* [`key_dir`](#-acme--key_dir) +* [`log_dir`](#-acme--log_dir) +* [`manage_packages`](#-acme--manage_packages) +* [`ocsp_must_staple`](#-acme--ocsp_must_staple) +* [`ocsp_request`](#-acme--ocsp_request) +* [`path`](#-acme--path) +* [`posthook_cmd`](#-acme--posthook_cmd) +* [`profiles`](#-acme--profiles) +* [`proxy`](#-acme--proxy) +* [`renew_days`](#-acme--renew_days) +* [`results_dir`](#-acme--results_dir) +* [`shell`](#-acme--shell) +* [`stat_expression`](#-acme--stat_expression) +* [`user`](#-acme--user) + +##### `accounts` Data type: `Array` An array of e-mail addresses that acme.sh may use during the ACME account registration. Should only be defined on $acme_host. -##### `acct_dir` +##### `acct_dir` Data type: `Stdlib::Absolutepath` The directory for acme.sh accounts. -##### `acme_dir` +##### `acme_dir` Data type: `Stdlib::Absolutepath` The working directory for acme.sh. -##### `acme_git_url` +##### `acme_git_url` Data type: `String` URL to the acme.sh GIT repository. Defaults to the official GitHub project. Feel free to use a local mirror or fork. -##### `acme_git_force` +##### `acme_git_force` Data type: `Boolean` Force repository creation, destroying any files on the path in the process. Useful when the repo URL has changed. -##### `acme_host` +##### `acme_host` Data type: `String` @@ -86,38 +123,38 @@ The host you want to run acme.sh on. For now it needs to be a puppetmaster, as it needs direct access to the certificates using functions in Puppet. -##### `acme_install_dir` +##### `acme_install_dir` Data type: `Stdlib::Absolutepath` The installation directory for acme.sh. -##### `acme_revision` +##### `acme_revision` Data type: `String` The GIT revision of the acme.sh repository. Defaults to `master` which should contain a stable version of acme.sh. -##### `acmecmd` +##### `acmecmd` Data type: `String` The binary path to acme.sh. -##### `acmelog` +##### `acmelog` Data type: `Stdlib::Absolutepath` The log file. -##### `base_dir` +##### `base_dir` Data type: `Stdlib::Absolutepath` The configuration base directory for acme.sh. -##### `ca_whitelist` +##### `ca_whitelist` Data type: `Array` @@ -125,7 +162,7 @@ Specifies the CAs that may be used on `$acme_host`. The module will register any account specified in `$accounts` with all specified CAs. This ensure that these accounts are ready for use. -##### `certificates` +##### `certificates` Data type: `Hash` @@ -133,31 +170,31 @@ Array of full qualified domain names you want to request a certificate for. For SAN certificates you need to pass space seperated strings, for example ['foo.example.com fuzz.example.com', 'blub.example.com'] -##### `cfg_dir` +##### `cfg_dir` Data type: `Stdlib::Absolutepath` The directory for acme.sh configs. -##### `crt_dir` +##### `crt_dir` Data type: `Stdlib::Absolutepath` The directory for acme.sh certificates. -##### `csr_dir` +##### `csr_dir` Data type: `Stdlib::Absolutepath` The directory for acme.sh CSRs. -##### `date_expression` +##### `date_expression` Data type: `String` The command used to calculate renewal dates for existing certificates. -##### `default_ca` +##### `default_ca` Data type: `Enum['buypass', 'buypass_test', 'letsencrypt', 'letsencrypt_test', 'sslcom', 'zerossl']` @@ -166,13 +203,13 @@ different value for `$ca` for the certificate. Previous versions of acme.sh used to have Let's Encrypt as their default CA, hence this is the default value for this Puppet module. -##### `dh_param_size` +##### `dh_param_size` Data type: `Integer` Specifies the DH parameter size, defaults to `2048`. -##### `dnssleep` +##### `dnssleep` Data type: `Integer` @@ -180,7 +217,7 @@ The time in seconds acme.sh should wait for all DNS changes to take effect. Settings this to `0` disables the sleep mechanism and lets acme.sh poll DNS status automatically by using DNS over HTTPS. -##### `exec_timeout` +##### `exec_timeout` Data type: `Integer` @@ -188,56 +225,56 @@ Specifies the time in seconds that any acme.sh operation can take before it is aborted by Puppet. This should usually be set to a higher value than `$dnssleep`. -##### `group` +##### `group` Data type: `String` The group for acme.sh. -##### `key_dir` +##### `key_dir` Data type: `Stdlib::Absolutepath` The directory for acme.sh keys. -##### `log_dir` +##### `log_dir` Data type: `Stdlib::Absolutepath` The log directory for acme.sh. -##### `manage_packages` +##### `manage_packages` Data type: `Boolean` Whether the module should install necessary packages, mainly git. Set to `false` to disable package management. -##### `ocsp_must_staple` +##### `ocsp_must_staple` Data type: `Boolean` Whether to request certificates with OCSP Must-Staple extension, defaults to `true`. -##### `ocsp_request` +##### `ocsp_request` Data type: `Stdlib::Absolutepath` The script used by acme.sh to get OCSP data. -##### `path` +##### `path` Data type: `String` The content of the PATH env variable when running Exec resources. -##### `posthook_cmd` +##### `posthook_cmd` Data type: `String` Specifies a optional command to run after a certificate has been changed. -##### `profiles` +##### `profiles` Data type: `Optional[Hash]` @@ -246,41 +283,41 @@ certificates. A profile defines not only the challenge type, but also all required parameters and credentials used by acme.sh to sign the certificate. Should only be defined on $acme_host. -Default value: ``undef`` +Default value: `undef` -##### `proxy` +##### `proxy` Data type: `Optional[String]` Proxy server to use to connect to the ACME CA, for example `proxy.example.com:3128` -Default value: ``undef`` +Default value: `undef` -##### `renew_days` +##### `renew_days` Data type: `Integer` Specifies the interval at which certs should be renewed automatically. Defaults to `60`. -##### `results_dir` +##### `results_dir` Data type: `Stdlib::Absolutepath` The output directory for acme.sh. -##### `shell` +##### `shell` Data type: `String` The shell for the acme.sh user account. -##### `stat_expression` +##### `stat_expression` Data type: `String` The command used to get the modification time of a file. -##### `user` +##### `user` Data type: `String` @@ -288,15 +325,25 @@ The user for acme.sh. ## Defined types -### `acme::certificate` +### `acme::certificate` Request a certificate. #### Parameters -The following parameters are available in the `acme::certificate` defined type. +The following parameters are available in the `acme::certificate` defined type: + +* [`acme_host`](#-acme--certificate--acme_host) +* [`ca`](#-acme--certificate--ca) +* [`dh_param_size`](#-acme--certificate--dh_param_size) +* [`domain`](#-acme--certificate--domain) +* [`ocsp_must_staple`](#-acme--certificate--ocsp_must_staple) +* [`posthook_cmd`](#-acme--certificate--posthook_cmd) +* [`renew_days`](#-acme--certificate--renew_days) +* [`use_account`](#-acme--certificate--use_account) +* [`use_profile`](#-acme--certificate--use_profile) -##### `acme_host` +##### `acme_host` Data type: `String` @@ -305,16 +352,16 @@ Defaults to `$acme::acme_host`. Default value: `$acme::acme_host` -##### `ca` +##### `ca` Data type: `Optional[Enum['buypass', 'buypass_test', 'letsencrypt', 'letsencrypt_test', 'sslcom', 'zerossl']]` The ACME CA that should be used. Used to overwrite the default CA that is configured on `$acme_host`. -Default value: ``undef`` +Default value: `undef` -##### `dh_param_size` +##### `dh_param_size` Data type: `Integer` @@ -322,7 +369,7 @@ dh parameter size, defaults to $::acme::dh_param_size Default value: `$acme::dh_param_size` -##### `domain` +##### `domain` Data type: `Variant[String, Array[String], Undef]` @@ -333,9 +380,9 @@ for example 'foo.example.com fuzz.example.com', or an array of names. If no domain is specified, the resource name will be parsed as a list of domains, and the first domain will be used as certificate name. -Default value: ``undef`` +Default value: `undef` -##### `ocsp_must_staple` +##### `ocsp_must_staple` Data type: `Boolean` @@ -343,7 +390,7 @@ request certificate with OCSP Must-Staple exctension, defaults to $::acme::ocsp_ Default value: `$acme::ocsp_must_staple` -##### `posthook_cmd` +##### `posthook_cmd` Data type: `String` @@ -351,7 +398,7 @@ Specifies a optional command to run after a certificate has been changed. Default value: `$acme::posthook_cmd` -##### `renew_days` +##### `renew_days` Data type: `Integer` @@ -359,14 +406,14 @@ Specifies the interval at which certs should be renewed automatically. Defaults Default value: `$acme::renew_days` -##### `use_account` +##### `use_account` Data type: `String` The ACME account that should be used (or registered). This account must exist in `$accounts` on your `$acme_host`. -##### `use_profile` +##### `use_profile` Data type: `String` @@ -375,7 +422,7 @@ This profile must exist in `$profiles` on your `$acme_host`. ## Functions -### `file_or_empty_string` +### `file_or_empty_string` Type: Ruby 3.x API diff --git a/metadata.json b/metadata.json index 972398e..73e98ed 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "markt-acme", - "version": "4.0.1", + "version": "4.1.0", "author": "markt.de", "summary": "Centralized SSL certificate management using Let's Encrypt and the lightweight acme.sh", "license": "Apache-2.0",