From de30daa972bf2b774a8f45e59e11d77cf824ee3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20De=20Wilde?= Date: Fri, 26 Aug 2022 10:07:16 +0200 Subject: [PATCH 01/21] Adding feature support for the Certbot plugin Gandi --- REFERENCE.md | 47 +++++++++++++- data/Debian-family.yaml | 1 + data/FreeBSD-family.yaml | 1 + data/RedHat-family.yaml | 1 + data/os/CentOS/7.yaml | 1 + data/os/Fedora.yaml | 1 + data/os/RedHat/7.yaml | 1 + manifests/certonly.pp | 11 ++++ manifests/plugin/dns_gandi.pp | 46 ++++++++++++++ .../letsencrypt_plugin_dns_gandi_spec.rb | 23 +++++++ spec/classes/plugin/dns_gandi_spec.rb | 61 +++++++++++++++++++ spec/defines/letsencrypt_certonly_spec.rb | 39 ++++++++++++ spec/type_aliases/plugin_spec.rb | 2 +- types/plugin.pp | 1 + 14 files changed, 234 insertions(+), 2 deletions(-) create mode 100644 manifests/plugin/dns_gandi.pp create mode 100644 spec/acceptance/letsencrypt_plugin_dns_gandi_spec.rb create mode 100644 spec/classes/plugin/dns_gandi_spec.rb diff --git a/REFERENCE.md b/REFERENCE.md index bc62d95e..005114af 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -11,6 +11,7 @@ * [`letsencrypt`](#letsencrypt): Install and configure Certbot, the LetsEncrypt client * [`letsencrypt::install`](#letsencryptinstall): Installs the Let's Encrypt client. * [`letsencrypt::plugin::dns_cloudflare`](#letsencryptplugindns_cloudflare): Installs and configures the dns-cloudflare plugin +* [`letsencrypt::plugin::dns_gandi`](#letsencryptplugindns_gandi): Installs and configures the dns-gandi plugin * [`letsencrypt::plugin::dns_rfc2136`](#letsencryptplugindns_rfc2136): Installs and configures the dns-rfc2136 plugin * [`letsencrypt::plugin::dns_route53`](#letsencryptplugindns_route53): Installs and configures the dns-route53 plugin * [`letsencrypt::plugin::nginx`](#letsencryptpluginnginx): install and configure the Let's Encrypt nginx plugin @@ -408,6 +409,50 @@ Data type: `Stdlib::Absolutepath` Default value: `"${letsencrypt::config_dir}/dns-cloudflare.ini"` +### `letsencrypt::plugin::dns_gandi` + +This class installs and configures the Let's Encrypt dns-gandi plugin. +https://pypi.org/project/certbot-plugin-gandi/ + +#### Parameters + +The following parameters are available in the `letsencrypt::plugin::dns_gandi` class: + +* [`api_key`](#api_key) +* [`package_name`](#package_name) +* [`config_file`](#config_file) +* [`manage_package`](#manage_package) + +##### `api_key` + +Data type: `String[1]` + +Gandi production api key secret. You can get it in you security tab of your account + +##### `package_name` + +Data type: `Optional[String[1]]` + +The name of the package to install when $manage_package is true. + +Default value: ``undef`` + +##### `config_file` + +Data type: `Stdlib::Absolutepath` + +The path to the configuration file. + +Default value: `"${letsencrypt::config_dir}/dns-gandi.ini"` + +##### `manage_package` + +Data type: `Boolean` + +Manage the plugin package. + +Default value: ``true`` + ### `letsencrypt::plugin::dns_rfc2136` This class installs and configures the Let's Encrypt dns-rfc2136 plugin. @@ -1059,6 +1104,6 @@ List of accepted plugins Alias of ```puppet -Enum['apache', 'standalone', 'webroot', 'nginx', 'dns-route53', 'dns-google', 'dns-cloudflare', 'dns-rfc2136'] +Enum['apache', 'standalone', 'webroot', 'nginx', 'dns-route53', 'dns-google', 'dns-cloudflare', 'dns-rfc2136', 'dns-gandi'] ``` diff --git a/data/Debian-family.yaml b/data/Debian-family.yaml index c52a03b6..e83b3c62 100644 --- a/data/Debian-family.yaml +++ b/data/Debian-family.yaml @@ -2,3 +2,4 @@ letsencrypt::plugin::dns_rfc2136::package_name: 'python3-certbot-dns-rfc2136' letsencrypt::plugin::dns_route53::package_name: 'python3-certbot-dns-route53' letsencrypt::plugin::dns_cloudflare::package_name: 'python3-certbot-dns-cloudflare' +letsencrypt::plugin::dns_gandi::package_name: 'python3-certbot-dns-gandi' diff --git a/data/FreeBSD-family.yaml b/data/FreeBSD-family.yaml index c1f6af2f..8b6d80b6 100644 --- a/data/FreeBSD-family.yaml +++ b/data/FreeBSD-family.yaml @@ -5,3 +5,4 @@ letsencrypt::cron_owner_group: 'wheel' letsencrypt::plugin::dns_rfc2136::package_name: 'py38-certbot-dns-rfc2136' letsencrypt::plugin::dns_route53::package_name: 'py38-certbot-dns-route53' letsencrypt::plugin::dns_cloudflare::package_name: 'py38-certbot-dns-cloudflare' +letsencrypt::plugin::dns_gandi::package_name: 'py38-certbot-dns-gandi' diff --git a/data/RedHat-family.yaml b/data/RedHat-family.yaml index 35f52041..370b18b2 100644 --- a/data/RedHat-family.yaml +++ b/data/RedHat-family.yaml @@ -3,3 +3,4 @@ letsencrypt::configure_epel: true letsencrypt::plugin::dns_rfc2136::package_name: 'python3-certbot-dns-rfc2136' letsencrypt::plugin::dns_route53::package_name: 'python3-certbot-dns-route53' letsencrypt::plugin::dns_cloudflare::package_name: 'python3-certbot-dns-cloudflare' +letsencrypt::plugin::dns_gandi::package_name: 'python3-certbot-dns-gandi' diff --git a/data/os/CentOS/7.yaml b/data/os/CentOS/7.yaml index 3920067f..7ef7c4a2 100644 --- a/data/os/CentOS/7.yaml +++ b/data/os/CentOS/7.yaml @@ -2,4 +2,5 @@ letsencrypt::plugin::dns_rfc2136::package_name: 'python2-certbot-dns-rfc2136' letsencrypt::plugin::dns_route53::package_name: 'python2-certbot-dns-route53' letsencrypt::plugin::dns_cloudflare::package_name: 'python2-certbot-dns-cloudflare' +letsencrypt::plugin::dns_gandi::package_name: 'python2-certbot-dns-gandi' letsencrypt::plugin::nginx::package_name: 'python2-certbot-nginx' diff --git a/data/os/Fedora.yaml b/data/os/Fedora.yaml index 56c3cd56..eb8fef95 100644 --- a/data/os/Fedora.yaml +++ b/data/os/Fedora.yaml @@ -2,3 +2,4 @@ letsencrypt::configure_epel: false letsencrypt::plugin::dns_rfc2136::package_name: 'python3-certbot-dns-rfc2136' letsencrypt::plugin::dns_route53::package_name: 'python3-certbot-dns-route53' +letsencrypt::plugin::dns_gandi::package_name: 'python3-certbot-dns-gandi' diff --git a/data/os/RedHat/7.yaml b/data/os/RedHat/7.yaml index 3920067f..7ef7c4a2 100644 --- a/data/os/RedHat/7.yaml +++ b/data/os/RedHat/7.yaml @@ -2,4 +2,5 @@ letsencrypt::plugin::dns_rfc2136::package_name: 'python2-certbot-dns-rfc2136' letsencrypt::plugin::dns_route53::package_name: 'python2-certbot-dns-route53' letsencrypt::plugin::dns_cloudflare::package_name: 'python2-certbot-dns-cloudflare' +letsencrypt::plugin::dns_gandi::package_name: 'python2-certbot-dns-gandi' letsencrypt::plugin::nginx::package_name: 'python2-certbot-nginx' diff --git a/manifests/certonly.pp b/manifests/certonly.pp index ccf75ca7..a95d9924 100644 --- a/manifests/certonly.pp +++ b/manifests/certonly.pp @@ -210,6 +210,17 @@ } } + 'dns-gandi': { + require letsencrypt::plugin::dns_gandi + $_domains = join($domains, '\' -d \'') + $plugin_args = [ + "--cert-name '${cert_name}' -d", + "'${_domains}'", + '-a certbot-plugin-gandi:dns', + "--certbot-plugin-gandi:dns-credentials ${letsencrypt::config_dir}/dns-gandi.ini", + ] + } + default: { if $ensure == 'present' { $_domains = join($domains, '\' -d \'') diff --git a/manifests/plugin/dns_gandi.pp b/manifests/plugin/dns_gandi.pp new file mode 100644 index 00000000..ec36de15 --- /dev/null +++ b/manifests/plugin/dns_gandi.pp @@ -0,0 +1,46 @@ +# @summary Installs and configures the dns-gandi plugin +# +# This class installs and configures the Let's Encrypt dns-gandi plugin. +# https://pypi.org/project/certbot-plugin-gandi/ +# +# @param api_key Gandi production api key secret. You can get it in you security tab of your account +# @param package_name The name of the package to install when $manage_package is true. +# @param config_file The path to the configuration file. +# @param manage_package Manage the plugin package. +# +class letsencrypt::plugin::dns_gandi ( + String[1] $api_key, + Optional[String[1]] $package_name = undef, + Stdlib::Absolutepath $config_file = "${letsencrypt::config_dir}/dns-gandi.ini", + Boolean $manage_package = true, +) { + require letsencrypt + + if $manage_package { + if ! $package_name { + fail('No package name provided for certbot dns gandi plugin.') + } + + package { $package_name: + ensure => installed, + } + } + + if $api_key { + $ini_vars = { + 'certbot_plugin_gandi:dns_api_key' => $api_key, + } + } else { + fail('api_key not provided for certbot dns gandi plugin.') + } + + file { $config_file: + ensure => file, + owner => 'root', + group => 'root', + mode => '0400', + content => epp('letsencrypt/ini.epp', { + vars => { '' => $ini_vars }, + }), + } +} diff --git a/spec/acceptance/letsencrypt_plugin_dns_gandi_spec.rb b/spec/acceptance/letsencrypt_plugin_dns_gandi_spec.rb new file mode 100644 index 00000000..f4f32e0c --- /dev/null +++ b/spec/acceptance/letsencrypt_plugin_dns_gandi_spec.rb @@ -0,0 +1,23 @@ +# frozen_string_literal: true + +require 'spec_helper_acceptance' + +describe 'letsencrypt::plugin::dns_gandi' do + it_behaves_like 'an idempotent resource' do + let(:manifest) do + <<-PUPPET + include letsencrypt + class { 'letsencrypt::plugin::dns_gandi': + api_key => 'dummy-gandi-api-token', + } + PUPPET + end + end + + describe file('/etc/letsencrypt/dns-gandi.ini') do + it { is_expected.to be_file } + it { is_expected.to be_owned_by 'root' } + it { is_expected.to be_grouped_into 'root' } + it { is_expected.to be_mode 400 } + end +end diff --git a/spec/classes/plugin/dns_gandi_spec.rb b/spec/classes/plugin/dns_gandi_spec.rb new file mode 100644 index 00000000..06375a4d --- /dev/null +++ b/spec/classes/plugin/dns_gandi_spec.rb @@ -0,0 +1,61 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'letsencrypt::plugin::dns_gandi' do + on_supported_os.each do |os, facts| + context "on #{os} based operating systems" do + let(:facts) { facts } + let(:params) { { 'api_key' => 'dummy-gandi-api-token' } } + let(:pre_condition) do + <<-PUPPET + class { 'letsencrypt': + email => 'foo@example.com', + } + PUPPET + end + let(:package_name) do + osname = facts[:os]['name'] + osrelease = facts[:os]['release']['major'] + osfull = "#{osname}-#{osrelease}" + case osfull + when 'Debian-10', 'Debian-11', 'AlmaLinux-8', 'RedHat-8', 'Ubuntu-20.04', 'Ubuntu-18.04', 'Fedora-32' + 'python3-certbot-dns-gandi' + when 'RedHat-7', 'CentOS-7' + 'python2-certbot-dns-gandi' + when 'FreeBSD-12', 'FreeBSD-13' + 'py38-certbot-dns-gandi' + end + end + + context 'with required parameters' do + it do + if package_name.nil? + is_expected.not_to compile + else + is_expected.to compile.with_all_deps + end + end + + describe 'with manage_package => true' do + let(:params) { super().merge(manage_package: true) } + + it do + if package_name.nil? + is_expected.not_to compile + else + is_expected.to contain_class('letsencrypt::plugin::dns_gandi').with_package_name(package_name) + is_expected.to contain_package(package_name).with_ensure('installed') + end + end + end + + describe 'with manage_package => false' do + let(:params) { super().merge(manage_package: false, package_name: 'dns-gandi-package') } + + it { is_expected.not_to contain_package('dns-gandi-package') } + end + end + end + end +end diff --git a/spec/defines/letsencrypt_certonly_spec.rb b/spec/defines/letsencrypt_certonly_spec.rb index e64ccf17..bd37d308 100644 --- a/spec/defines/letsencrypt_certonly_spec.rb +++ b/spec/defines/letsencrypt_certonly_spec.rb @@ -207,6 +207,45 @@ class { 'letsencrypt::plugin::dns_cloudflare': it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a dns-cloudflare --cert-name 'foo.example.com' -d 'foo.example.com' --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/dns-cloudflare.ini --dns-cloudflare-propagation-seconds 10" } end + context 'with dns-gandi plugin' do + let(:title) { 'foo.example.com' } + let(:params) { { plugin: 'dns-gandi', letsencrypt_command: 'letsencrypt' } } + let(:pre_condition) do + <<-PUPPET + class { 'letsencrypt': + email => 'foo@example.com', + config_dir => '/etc/letsencrypt', + } + class { 'letsencrypt::plugin::dns_gandi': + package_name => 'irrelevant', + api_key => 'dummy-gandi-api-token', + } + PUPPET + end + + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_class('letsencrypt::plugin::dns_gandi') } + it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a dns-gandi --cert-name 'foo.example.com' -d 'foo.example.com' -a certbot-plugin-gandi:dns --certbot-plugin-gandi:dns-credentials /etc/letsencrypt/dns-gandi.ini" } + end + + context 'with dns-gandi plugin without apy_key' do + let(:title) { 'foo.example.com' } + let(:params) { { plugin: 'dns-gandi', letsencrypt_command: 'letsencrypt' } } + let(:pre_condition) do + <<-PUPPET + class { 'letsencrypt': + email => 'foo@example.com', + config_dir => '/etc/letsencrypt', + } + class { 'letsencrypt::plugin::dns_gandi': + package_name => 'irrelevant', + } + PUPPET + end + + it { is_expected.not_to compile.with_all_deps } + end + context 'with custom plugin' do let(:title) { 'foo.example.com' } let(:params) { { plugin: 'apache' } } diff --git a/spec/type_aliases/plugin_spec.rb b/spec/type_aliases/plugin_spec.rb index 1ba036af..3c3b5264 100644 --- a/spec/type_aliases/plugin_spec.rb +++ b/spec/type_aliases/plugin_spec.rb @@ -3,7 +3,7 @@ require 'spec_helper' describe 'Letsencrypt::Plugin' do - it { is_expected.to allow_values('apache', 'standalone', 'webroot', 'nginx', 'dns-route53', 'dns-google', 'dns-cloudflare', 'dns-rfc2136') } + it { is_expected.to allow_values('apache', 'standalone', 'webroot', 'nginx', 'dns-route53', 'dns-google', 'dns-cloudflare', 'dns-rfc2136', 'dns-gandi') } it { is_expected.not_to allow_value(nil) } it { is_expected.not_to allow_value('foo') } it { is_expected.not_to allow_value('custom') } diff --git a/types/plugin.pp b/types/plugin.pp index 24b87b8c..deb5107f 100644 --- a/types/plugin.pp +++ b/types/plugin.pp @@ -8,4 +8,5 @@ 'dns-google', 'dns-cloudflare', 'dns-rfc2136', + 'dns-gandi', ] From bf81b49d328ff74d9ea9b6dede153a7d13670f0c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20De=20Wilde?= Date: Mon, 29 Aug 2022 11:02:22 +0200 Subject: [PATCH 02/21] Use pip to install certbot-plugin-gandi by default but use package if available --- data/Debian-family.yaml | 2 +- data/FreeBSD-family.yaml | 2 +- data/RedHat-family.yaml | 2 +- data/os/CentOS/7.yaml | 1 - data/os/Debian/11.yaml | 3 +++ data/os/Fedora.yaml | 1 - data/os/RedHat/7.yaml | 1 - data/os/Ubuntu/20.04.yaml | 3 +++ manifests/plugin/dns_gandi.pp | 8 +++++--- spec/classes/plugin/dns_gandi_spec.rb | 8 +++----- 10 files changed, 17 insertions(+), 14 deletions(-) create mode 100644 data/os/Debian/11.yaml create mode 100644 data/os/Ubuntu/20.04.yaml diff --git a/data/Debian-family.yaml b/data/Debian-family.yaml index e83b3c62..c97a8da7 100644 --- a/data/Debian-family.yaml +++ b/data/Debian-family.yaml @@ -2,4 +2,4 @@ letsencrypt::plugin::dns_rfc2136::package_name: 'python3-certbot-dns-rfc2136' letsencrypt::plugin::dns_route53::package_name: 'python3-certbot-dns-route53' letsencrypt::plugin::dns_cloudflare::package_name: 'python3-certbot-dns-cloudflare' -letsencrypt::plugin::dns_gandi::package_name: 'python3-certbot-dns-gandi' +letsencrypt::plugin::dns_gandi::package_name: 'certbot-plugin-gandi' diff --git a/data/FreeBSD-family.yaml b/data/FreeBSD-family.yaml index 8b6d80b6..a0cd5510 100644 --- a/data/FreeBSD-family.yaml +++ b/data/FreeBSD-family.yaml @@ -5,4 +5,4 @@ letsencrypt::cron_owner_group: 'wheel' letsencrypt::plugin::dns_rfc2136::package_name: 'py38-certbot-dns-rfc2136' letsencrypt::plugin::dns_route53::package_name: 'py38-certbot-dns-route53' letsencrypt::plugin::dns_cloudflare::package_name: 'py38-certbot-dns-cloudflare' -letsencrypt::plugin::dns_gandi::package_name: 'py38-certbot-dns-gandi' +letsencrypt::plugin::dns_gandi::package_name: 'certbot-plugin-gandi' diff --git a/data/RedHat-family.yaml b/data/RedHat-family.yaml index 370b18b2..d0463e1c 100644 --- a/data/RedHat-family.yaml +++ b/data/RedHat-family.yaml @@ -3,4 +3,4 @@ letsencrypt::configure_epel: true letsencrypt::plugin::dns_rfc2136::package_name: 'python3-certbot-dns-rfc2136' letsencrypt::plugin::dns_route53::package_name: 'python3-certbot-dns-route53' letsencrypt::plugin::dns_cloudflare::package_name: 'python3-certbot-dns-cloudflare' -letsencrypt::plugin::dns_gandi::package_name: 'python3-certbot-dns-gandi' +letsencrypt::plugin::dns_gandi::package_name: 'certbot-plugin-gandi' diff --git a/data/os/CentOS/7.yaml b/data/os/CentOS/7.yaml index 7ef7c4a2..3920067f 100644 --- a/data/os/CentOS/7.yaml +++ b/data/os/CentOS/7.yaml @@ -2,5 +2,4 @@ letsencrypt::plugin::dns_rfc2136::package_name: 'python2-certbot-dns-rfc2136' letsencrypt::plugin::dns_route53::package_name: 'python2-certbot-dns-route53' letsencrypt::plugin::dns_cloudflare::package_name: 'python2-certbot-dns-cloudflare' -letsencrypt::plugin::dns_gandi::package_name: 'python2-certbot-dns-gandi' letsencrypt::plugin::nginx::package_name: 'python2-certbot-nginx' diff --git a/data/os/Debian/11.yaml b/data/os/Debian/11.yaml new file mode 100644 index 00000000..9075d197 --- /dev/null +++ b/data/os/Debian/11.yaml @@ -0,0 +1,3 @@ +--- +letsencrypt::plugin::dns_gandi::package_provider: apt +letsencrypt::plugin::dns_gandi::package_name: python3-certbot-dns-gandi diff --git a/data/os/Fedora.yaml b/data/os/Fedora.yaml index eb8fef95..56c3cd56 100644 --- a/data/os/Fedora.yaml +++ b/data/os/Fedora.yaml @@ -2,4 +2,3 @@ letsencrypt::configure_epel: false letsencrypt::plugin::dns_rfc2136::package_name: 'python3-certbot-dns-rfc2136' letsencrypt::plugin::dns_route53::package_name: 'python3-certbot-dns-route53' -letsencrypt::plugin::dns_gandi::package_name: 'python3-certbot-dns-gandi' diff --git a/data/os/RedHat/7.yaml b/data/os/RedHat/7.yaml index 7ef7c4a2..3920067f 100644 --- a/data/os/RedHat/7.yaml +++ b/data/os/RedHat/7.yaml @@ -2,5 +2,4 @@ letsencrypt::plugin::dns_rfc2136::package_name: 'python2-certbot-dns-rfc2136' letsencrypt::plugin::dns_route53::package_name: 'python2-certbot-dns-route53' letsencrypt::plugin::dns_cloudflare::package_name: 'python2-certbot-dns-cloudflare' -letsencrypt::plugin::dns_gandi::package_name: 'python2-certbot-dns-gandi' letsencrypt::plugin::nginx::package_name: 'python2-certbot-nginx' diff --git a/data/os/Ubuntu/20.04.yaml b/data/os/Ubuntu/20.04.yaml new file mode 100644 index 00000000..12a81469 --- /dev/null +++ b/data/os/Ubuntu/20.04.yaml @@ -0,0 +1,3 @@ +--- +letsencrypt::plugin::dns_gandi::package_name: python3-certbot-dns-gandi +letsencrypt::plugin::dns_gandi::package_provider: apt diff --git a/manifests/plugin/dns_gandi.pp b/manifests/plugin/dns_gandi.pp index ec36de15..13653b1e 100644 --- a/manifests/plugin/dns_gandi.pp +++ b/manifests/plugin/dns_gandi.pp @@ -10,9 +10,10 @@ # class letsencrypt::plugin::dns_gandi ( String[1] $api_key, - Optional[String[1]] $package_name = undef, - Stdlib::Absolutepath $config_file = "${letsencrypt::config_dir}/dns-gandi.ini", - Boolean $manage_package = true, + String[1] $package_provider = 'pip', + Optional[String[1]] $package_name = undef, + Stdlib::Absolutepath $config_file = "${letsencrypt::config_dir}/dns-gandi.ini", + Boolean $manage_package = true, ) { require letsencrypt @@ -23,6 +24,7 @@ package { $package_name: ensure => installed, + provider => $package_provider, } } diff --git a/spec/classes/plugin/dns_gandi_spec.rb b/spec/classes/plugin/dns_gandi_spec.rb index 06375a4d..525d9b57 100644 --- a/spec/classes/plugin/dns_gandi_spec.rb +++ b/spec/classes/plugin/dns_gandi_spec.rb @@ -19,12 +19,10 @@ class { 'letsencrypt': osrelease = facts[:os]['release']['major'] osfull = "#{osname}-#{osrelease}" case osfull - when 'Debian-10', 'Debian-11', 'AlmaLinux-8', 'RedHat-8', 'Ubuntu-20.04', 'Ubuntu-18.04', 'Fedora-32' + when 'Debian-10', 'AlmaLinux-8', 'RedHat-8', 'Ubuntu-18.04', 'Fedora-32', 'RedHat-7', 'CentOS-7', 'FreeBSD-12', 'FreeBSD-13' + 'certbot-plugin-gandi' + when 'Debian-11', 'Ubuntu-20.04' 'python3-certbot-dns-gandi' - when 'RedHat-7', 'CentOS-7' - 'python2-certbot-dns-gandi' - when 'FreeBSD-12', 'FreeBSD-13' - 'py38-certbot-dns-gandi' end end From 863985a565e92ae444e7545d34b0dc00983b9e0c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Mon, 29 Aug 2022 08:21:16 -1000 Subject: [PATCH 03/21] Merge #296 --- data/FreeBSD-family.yaml | 10 +++++----- spec/classes/letsencrypt_spec.rb | 4 ++-- spec/classes/plugin/dns_cloudflare_spec.rb | 2 +- spec/classes/plugin/dns_rfc2136_spec.rb | 2 +- spec/classes/plugin/dns_route53_spec.rb | 2 +- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/data/FreeBSD-family.yaml b/data/FreeBSD-family.yaml index a0cd5510..6066c3d7 100644 --- a/data/FreeBSD-family.yaml +++ b/data/FreeBSD-family.yaml @@ -1,8 +1,8 @@ --- -letsencrypt::package_name: 'py38-certbot' +letsencrypt::package_name: 'py39-certbot' letsencrypt::config_dir: '/usr/local/etc/letsencrypt' letsencrypt::cron_owner_group: 'wheel' -letsencrypt::plugin::dns_rfc2136::package_name: 'py38-certbot-dns-rfc2136' -letsencrypt::plugin::dns_route53::package_name: 'py38-certbot-dns-route53' -letsencrypt::plugin::dns_cloudflare::package_name: 'py38-certbot-dns-cloudflare' -letsencrypt::plugin::dns_gandi::package_name: 'certbot-plugin-gandi' +letsencrypt::plugin::dns_rfc2136::package_name: 'py39-certbot-dns-rfc2136' +letsencrypt::plugin::dns_route53::package_name: 'py39-certbot-dns-route53' +letsencrypt::plugin::dns_cloudflare::package_name: 'py39-certbot-dns-cloudflare' +letsencrypt::plugin::dns_gandi::package_name: 'py39-certbot-plugin-gandi' diff --git a/spec/classes/letsencrypt_spec.rb b/spec/classes/letsencrypt_spec.rb index c69e530a..9d849d64 100644 --- a/spec/classes/letsencrypt_spec.rb +++ b/spec/classes/letsencrypt_spec.rb @@ -76,9 +76,9 @@ is_expected.to contain_package('letsencrypt').with(name: 'certbot') is_expected.to contain_file('/etc/letsencrypt').with(ensure: 'directory') elsif facts[:operatingsystem] == 'FreeBSD' - is_expected.to contain_class('letsencrypt::install').with(package_name: 'py38-certbot') + is_expected.to contain_class('letsencrypt::install').with(package_name: 'py39-certbot') is_expected.to contain_class('letsencrypt').with(package_command: 'certbot') - is_expected.to contain_package('letsencrypt').with(name: 'py38-certbot') + is_expected.to contain_package('letsencrypt').with(name: 'py39-certbot') is_expected.to contain_file('/usr/local/etc/letsencrypt').with(ensure: 'directory') else is_expected.to contain_class('letsencrypt::install') diff --git a/spec/classes/plugin/dns_cloudflare_spec.rb b/spec/classes/plugin/dns_cloudflare_spec.rb index 5eba736e..72ec9a68 100644 --- a/spec/classes/plugin/dns_cloudflare_spec.rb +++ b/spec/classes/plugin/dns_cloudflare_spec.rb @@ -23,7 +23,7 @@ class { 'letsencrypt': elsif %w[Debian RedHat].include?(facts[:os]['family']) 'python3-certbot-dns-cloudflare' elsif %w[FreeBSD].include?(facts[:os]['family']) - 'py38-certbot-dns-cloudflare' + 'py39-certbot-dns-cloudflare' end end diff --git a/spec/classes/plugin/dns_rfc2136_spec.rb b/spec/classes/plugin/dns_rfc2136_spec.rb index 7379738f..7deacdc1 100644 --- a/spec/classes/plugin/dns_rfc2136_spec.rb +++ b/spec/classes/plugin/dns_rfc2136_spec.rb @@ -24,7 +24,7 @@ class { 'letsencrypt': when 'RedHat-7', 'CentOS-7' 'python2-certbot-dns-rfc2136' when 'FreeBSD-12', 'FreeBSD-13' - 'py38-certbot-dns-rfc2136' + 'py39-certbot-dns-rfc2136' end end diff --git a/spec/classes/plugin/dns_route53_spec.rb b/spec/classes/plugin/dns_route53_spec.rb index 11927a1e..3d52a560 100644 --- a/spec/classes/plugin/dns_route53_spec.rb +++ b/spec/classes/plugin/dns_route53_spec.rb @@ -24,7 +24,7 @@ class { 'letsencrypt': when 'RedHat-7', 'CentOS-7' 'python2-certbot-dns-route53' when 'FreeBSD-12', 'FreeBSD-13' - 'py38-certbot-dns-route53' + 'py39-certbot-dns-route53' end end From 471c64e885e443608b8ffe29bb936f9dad21e44a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20De=20Wilde?= Date: Tue, 30 Aug 2022 16:55:23 +0200 Subject: [PATCH 04/21] Make the provideroptional --- data/FreeBSD-family.yaml | 2 +- manifests/plugin/dns_gandi.pp | 15 +++++++++++---- spec/classes/plugin/dns_gandi_spec.rb | 4 +++- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/data/FreeBSD-family.yaml b/data/FreeBSD-family.yaml index 6066c3d7..9ab5f76b 100644 --- a/data/FreeBSD-family.yaml +++ b/data/FreeBSD-family.yaml @@ -5,4 +5,4 @@ letsencrypt::cron_owner_group: 'wheel' letsencrypt::plugin::dns_rfc2136::package_name: 'py39-certbot-dns-rfc2136' letsencrypt::plugin::dns_route53::package_name: 'py39-certbot-dns-route53' letsencrypt::plugin::dns_cloudflare::package_name: 'py39-certbot-dns-cloudflare' -letsencrypt::plugin::dns_gandi::package_name: 'py39-certbot-plugin-gandi' +letsencrypt::plugin::dns_gandi::package_name: 'py39-certbot-dns-gandi' diff --git a/manifests/plugin/dns_gandi.pp b/manifests/plugin/dns_gandi.pp index 13653b1e..10ff6dbd 100644 --- a/manifests/plugin/dns_gandi.pp +++ b/manifests/plugin/dns_gandi.pp @@ -10,7 +10,7 @@ # class letsencrypt::plugin::dns_gandi ( String[1] $api_key, - String[1] $package_provider = 'pip', + Optional[String[1]] $package_provider = undef, Optional[String[1]] $package_name = undef, Stdlib::Absolutepath $config_file = "${letsencrypt::config_dir}/dns-gandi.ini", Boolean $manage_package = true, @@ -22,9 +22,16 @@ fail('No package name provided for certbot dns gandi plugin.') } - package { $package_name: - ensure => installed, - provider => $package_provider, + if $package_provider { + package { $package_name: + ensure => installed, + provider => $package_provider, + } + } + else { + package { $package_name: + ensure => installed, + } } } diff --git a/spec/classes/plugin/dns_gandi_spec.rb b/spec/classes/plugin/dns_gandi_spec.rb index 525d9b57..f6380db8 100644 --- a/spec/classes/plugin/dns_gandi_spec.rb +++ b/spec/classes/plugin/dns_gandi_spec.rb @@ -19,8 +19,10 @@ class { 'letsencrypt': osrelease = facts[:os]['release']['major'] osfull = "#{osname}-#{osrelease}" case osfull - when 'Debian-10', 'AlmaLinux-8', 'RedHat-8', 'Ubuntu-18.04', 'Fedora-32', 'RedHat-7', 'CentOS-7', 'FreeBSD-12', 'FreeBSD-13' + when 'Debian-10', 'AlmaLinux-8', 'RedHat-8', 'Ubuntu-18.04', 'Fedora-32', 'RedHat-7', 'CentOS-7' 'certbot-plugin-gandi' + when 'FreeBSD-12', 'FreeBSD-13' + 'py39-certbot-dns-gandi' when 'Debian-11', 'Ubuntu-20.04' 'python3-certbot-dns-gandi' end From f062f57267877b07ad7ea7be531b1cdcc1f9d225 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20De=20Wilde?= Date: Wed, 31 Aug 2022 13:20:30 +0200 Subject: [PATCH 05/21] Remove package_name if non existent --- data/Debian-family.yaml | 1 - data/FreeBSD-family.yaml | 1 - data/RedHat-family.yaml | 1 - manifests/plugin/dns_gandi.pp | 22 +++++----------------- spec/classes/plugin/dns_gandi_spec.rb | 4 ---- 5 files changed, 5 insertions(+), 24 deletions(-) diff --git a/data/Debian-family.yaml b/data/Debian-family.yaml index c97a8da7..c52a03b6 100644 --- a/data/Debian-family.yaml +++ b/data/Debian-family.yaml @@ -2,4 +2,3 @@ letsencrypt::plugin::dns_rfc2136::package_name: 'python3-certbot-dns-rfc2136' letsencrypt::plugin::dns_route53::package_name: 'python3-certbot-dns-route53' letsencrypt::plugin::dns_cloudflare::package_name: 'python3-certbot-dns-cloudflare' -letsencrypt::plugin::dns_gandi::package_name: 'certbot-plugin-gandi' diff --git a/data/FreeBSD-family.yaml b/data/FreeBSD-family.yaml index 6d563f06..ba1ac097 100644 --- a/data/FreeBSD-family.yaml +++ b/data/FreeBSD-family.yaml @@ -5,4 +5,3 @@ letsencrypt::cron_owner_group: 'wheel' letsencrypt::plugin::dns_rfc2136::package_name: 'py39-certbot-dns-rfc2136' letsencrypt::plugin::dns_route53::package_name: 'py39-certbot-dns-route53' letsencrypt::plugin::dns_cloudflare::package_name: 'py39-certbot-dns-cloudflare' -letsencrypt::plugin::dns_gandi::package_name: 'py39-certbot-dns-gandi' \ No newline at end of file diff --git a/data/RedHat-family.yaml b/data/RedHat-family.yaml index d0463e1c..35f52041 100644 --- a/data/RedHat-family.yaml +++ b/data/RedHat-family.yaml @@ -3,4 +3,3 @@ letsencrypt::configure_epel: true letsencrypt::plugin::dns_rfc2136::package_name: 'python3-certbot-dns-rfc2136' letsencrypt::plugin::dns_route53::package_name: 'python3-certbot-dns-route53' letsencrypt::plugin::dns_cloudflare::package_name: 'python3-certbot-dns-cloudflare' -letsencrypt::plugin::dns_gandi::package_name: 'certbot-plugin-gandi' diff --git a/manifests/plugin/dns_gandi.pp b/manifests/plugin/dns_gandi.pp index 10ff6dbd..749fad4a 100644 --- a/manifests/plugin/dns_gandi.pp +++ b/manifests/plugin/dns_gandi.pp @@ -10,8 +10,8 @@ # class letsencrypt::plugin::dns_gandi ( String[1] $api_key, + String[1] $package_name, Optional[String[1]] $package_provider = undef, - Optional[String[1]] $package_name = undef, Stdlib::Absolutepath $config_file = "${letsencrypt::config_dir}/dns-gandi.ini", Boolean $manage_package = true, ) { @@ -22,25 +22,13 @@ fail('No package name provided for certbot dns gandi plugin.') } - if $package_provider { - package { $package_name: - ensure => installed, - provider => $package_provider, - } - } - else { - package { $package_name: - ensure => installed, - } + package { $package_name: + ensure => installed, } } - if $api_key { - $ini_vars = { - 'certbot_plugin_gandi:dns_api_key' => $api_key, - } - } else { - fail('api_key not provided for certbot dns gandi plugin.') + $ini_vars = { + 'certbot_plugin_gandi:dns_api_key' => $api_key, } file { $config_file: diff --git a/spec/classes/plugin/dns_gandi_spec.rb b/spec/classes/plugin/dns_gandi_spec.rb index f6380db8..1804a447 100644 --- a/spec/classes/plugin/dns_gandi_spec.rb +++ b/spec/classes/plugin/dns_gandi_spec.rb @@ -19,10 +19,6 @@ class { 'letsencrypt': osrelease = facts[:os]['release']['major'] osfull = "#{osname}-#{osrelease}" case osfull - when 'Debian-10', 'AlmaLinux-8', 'RedHat-8', 'Ubuntu-18.04', 'Fedora-32', 'RedHat-7', 'CentOS-7' - 'certbot-plugin-gandi' - when 'FreeBSD-12', 'FreeBSD-13' - 'py39-certbot-dns-gandi' when 'Debian-11', 'Ubuntu-20.04' 'python3-certbot-dns-gandi' end From b51de96d6b5525afe6d7ad86b3a0060fd6bc1611 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20De=20Wilde?= Date: Wed, 31 Aug 2022 16:09:22 +0200 Subject: [PATCH 06/21] Only test on debian-11 & ubuntu 20.04 --- spec/classes/plugin/dns_gandi_spec.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/spec/classes/plugin/dns_gandi_spec.rb b/spec/classes/plugin/dns_gandi_spec.rb index 1804a447..ab23e310 100644 --- a/spec/classes/plugin/dns_gandi_spec.rb +++ b/spec/classes/plugin/dns_gandi_spec.rb @@ -4,6 +4,8 @@ describe 'letsencrypt::plugin::dns_gandi' do on_supported_os.each do |os, facts| + next unless (facts[:os]['name'] == 'Debian' && facts[:os]['release']['major'] == '11') || (facts[:os]['name'] == 'Ubuntu' && facts[:os]['release']['major'] == '20.04') + context "on #{os} based operating systems" do let(:facts) { facts } let(:params) { { 'api_key' => 'dummy-gandi-api-token' } } From d62ea76209ff3d7d39eb1cb5e18dbd8147f012fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20De=20Wilde?= Date: Wed, 14 Sep 2022 14:19:41 +0200 Subject: [PATCH 07/21] Add function to check if platform is supported by gandi plugin --- spec/acceptance/letsencrypt_plugin_dns_gandi_spec.rb | 2 +- spec/classes/plugin/dns_gandi_spec.rb | 2 +- spec/spec_helper.rb | 1 + spec/spec_helper_acceptance.rb | 1 + spec/spec_helper_local.rb | 6 ++++++ 5 files changed, 10 insertions(+), 2 deletions(-) create mode 100644 spec/spec_helper_local.rb diff --git a/spec/acceptance/letsencrypt_plugin_dns_gandi_spec.rb b/spec/acceptance/letsencrypt_plugin_dns_gandi_spec.rb index f4f32e0c..8f026857 100644 --- a/spec/acceptance/letsencrypt_plugin_dns_gandi_spec.rb +++ b/spec/acceptance/letsencrypt_plugin_dns_gandi_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper_acceptance' -describe 'letsencrypt::plugin::dns_gandi' do +describe 'letsencrypt::plugin::dns_gandi', if: supported_os_gandi(fact('os')) do it_behaves_like 'an idempotent resource' do let(:manifest) do <<-PUPPET diff --git a/spec/classes/plugin/dns_gandi_spec.rb b/spec/classes/plugin/dns_gandi_spec.rb index ab23e310..dfb269d2 100644 --- a/spec/classes/plugin/dns_gandi_spec.rb +++ b/spec/classes/plugin/dns_gandi_spec.rb @@ -4,7 +4,7 @@ describe 'letsencrypt::plugin::dns_gandi' do on_supported_os.each do |os, facts| - next unless (facts[:os]['name'] == 'Debian' && facts[:os]['release']['major'] == '11') || (facts[:os]['name'] == 'Ubuntu' && facts[:os]['release']['major'] == '20.04') + next if supported_os_gandi(facts[:os]) context "on #{os} based operating systems" do let(:facts) { facts } diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 4d617f39..91c539be 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -8,6 +8,7 @@ ENV['COVERAGE'] ||= 'yes' if Dir.exist?(File.expand_path('../lib', __dir__)) require 'voxpupuli/test/spec_helper' +require 'spec_helper_local' if File.exist?(File.join(__dir__, 'default_module_facts.yml')) facts = YAML.safe_load(File.read(File.join(__dir__, 'default_module_facts.yml'))) diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index b4f352d4..6421f5ba 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -1,6 +1,7 @@ # frozen_string_literal: true require 'voxpupuli/acceptance/spec_helper_acceptance' +require 'spec_helper_local' configure_beaker do |host| # docker image does not provide cron in all cases diff --git a/spec/spec_helper_local.rb b/spec/spec_helper_local.rb new file mode 100644 index 00000000..ae675a9b --- /dev/null +++ b/spec/spec_helper_local.rb @@ -0,0 +1,6 @@ +# frozen_string_literal: true + +def supported_os_gandi(os) + # Gandi plugin is only supported on debian 11 and ubuntu 20.04 and superiors + (os['name'] == 'Debian' && os['release']['major'].to_i >= 11) || (os['name'] == 'Ubuntu' && os['release']['major'].to_i >= 20) +end From 09ba2f72b2e6060baea52fe155246d80580500ff Mon Sep 17 00:00:00 2001 From: cible Date: Mon, 21 Nov 2022 16:03:29 +0100 Subject: [PATCH 08/21] Apply suggestions from code review Co-authored-by: Ewoud Kohl van Wijngaarden --- manifests/plugin/dns_gandi.pp | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/manifests/plugin/dns_gandi.pp b/manifests/plugin/dns_gandi.pp index 749fad4a..2ac87262 100644 --- a/manifests/plugin/dns_gandi.pp +++ b/manifests/plugin/dns_gandi.pp @@ -18,12 +18,9 @@ require letsencrypt if $manage_package { - if ! $package_name { - fail('No package name provided for certbot dns gandi plugin.') - } - package { $package_name: - ensure => installed, + ensure => installed, + before => File[$config_file], } } From e0109683304e65eaa96c00d2759c280373713b51 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20De=20Wilde?= Date: Tue, 22 Nov 2022 10:37:35 +0100 Subject: [PATCH 09/21] Add support for ubuntu 22.04 --- data/os/Ubuntu/22.04.yaml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 data/os/Ubuntu/22.04.yaml diff --git a/data/os/Ubuntu/22.04.yaml b/data/os/Ubuntu/22.04.yaml new file mode 100644 index 00000000..78ee20ed --- /dev/null +++ b/data/os/Ubuntu/22.04.yaml @@ -0,0 +1,2 @@ +--- +letsencrypt::plugin::dns_gandi::package_name: python3-certbot-dns-gandi From 9323fb25e79c03daf6c6caf841769801b2eac9b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20De=20Wilde?= Date: Tue, 22 Nov 2022 10:46:22 +0100 Subject: [PATCH 10/21] Remove now useless $package_provider --- data/os/Debian/11.yaml | 1 - data/os/Ubuntu/20.04.yaml | 1 - manifests/plugin/dns_gandi.pp | 5 ++--- 3 files changed, 2 insertions(+), 5 deletions(-) diff --git a/data/os/Debian/11.yaml b/data/os/Debian/11.yaml index 9075d197..78ee20ed 100644 --- a/data/os/Debian/11.yaml +++ b/data/os/Debian/11.yaml @@ -1,3 +1,2 @@ --- -letsencrypt::plugin::dns_gandi::package_provider: apt letsencrypt::plugin::dns_gandi::package_name: python3-certbot-dns-gandi diff --git a/data/os/Ubuntu/20.04.yaml b/data/os/Ubuntu/20.04.yaml index 12a81469..78ee20ed 100644 --- a/data/os/Ubuntu/20.04.yaml +++ b/data/os/Ubuntu/20.04.yaml @@ -1,3 +1,2 @@ --- letsencrypt::plugin::dns_gandi::package_name: python3-certbot-dns-gandi -letsencrypt::plugin::dns_gandi::package_provider: apt diff --git a/manifests/plugin/dns_gandi.pp b/manifests/plugin/dns_gandi.pp index 2ac87262..fef5a470 100644 --- a/manifests/plugin/dns_gandi.pp +++ b/manifests/plugin/dns_gandi.pp @@ -11,9 +11,8 @@ class letsencrypt::plugin::dns_gandi ( String[1] $api_key, String[1] $package_name, - Optional[String[1]] $package_provider = undef, - Stdlib::Absolutepath $config_file = "${letsencrypt::config_dir}/dns-gandi.ini", - Boolean $manage_package = true, + Stdlib::Absolutepath $config_file = "${letsencrypt::config_dir}/dns-gandi.ini", + Boolean $manage_package = true, ) { require letsencrypt From b2fe5ce8d5add6b833a4e87667ff0b2394a4abe2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20De=20Wilde?= Date: Tue, 22 Nov 2022 11:24:44 +0100 Subject: [PATCH 11/21] Better tests for handling unsupported platforms --- spec/classes/plugin/dns_gandi_spec.rb | 2 +- spec/defines/letsencrypt_certonly_spec.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/classes/plugin/dns_gandi_spec.rb b/spec/classes/plugin/dns_gandi_spec.rb index dfb269d2..280a09d4 100644 --- a/spec/classes/plugin/dns_gandi_spec.rb +++ b/spec/classes/plugin/dns_gandi_spec.rb @@ -40,7 +40,7 @@ class { 'letsencrypt': it do if package_name.nil? - is_expected.not_to compile + is_expected.to compile.and_raise_error(/expects a value for parameter 'package_name'/) else is_expected.to contain_class('letsencrypt::plugin::dns_gandi').with_package_name(package_name) is_expected.to contain_package(package_name).with_ensure('installed') diff --git a/spec/defines/letsencrypt_certonly_spec.rb b/spec/defines/letsencrypt_certonly_spec.rb index e6dbf527..5a00b41d 100644 --- a/spec/defines/letsencrypt_certonly_spec.rb +++ b/spec/defines/letsencrypt_certonly_spec.rb @@ -243,7 +243,7 @@ class { 'letsencrypt::plugin::dns_gandi': PUPPET end - it { is_expected.not_to compile.with_all_deps } + it { is_expected.to compile.and_raise_error(/expects a value for parameter 'package_name'/) } end context 'with custom plugin' do From 6c82c1a6604f75c918567b96ca40afb671b41cf9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20De=20Wilde?= Date: Tue, 22 Nov 2022 11:45:04 +0100 Subject: [PATCH 12/21] Syntax fix --- spec/classes/plugin/dns_gandi_spec.rb | 2 +- spec/defines/letsencrypt_certonly_spec.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/classes/plugin/dns_gandi_spec.rb b/spec/classes/plugin/dns_gandi_spec.rb index 280a09d4..97b1cd0d 100644 --- a/spec/classes/plugin/dns_gandi_spec.rb +++ b/spec/classes/plugin/dns_gandi_spec.rb @@ -40,7 +40,7 @@ class { 'letsencrypt': it do if package_name.nil? - is_expected.to compile.and_raise_error(/expects a value for parameter 'package_name'/) + is_expected.to compile.and_raise_error(%r{/expects a value for parameter 'package_name'/}) else is_expected.to contain_class('letsencrypt::plugin::dns_gandi').with_package_name(package_name) is_expected.to contain_package(package_name).with_ensure('installed') diff --git a/spec/defines/letsencrypt_certonly_spec.rb b/spec/defines/letsencrypt_certonly_spec.rb index 5a00b41d..b94e79c9 100644 --- a/spec/defines/letsencrypt_certonly_spec.rb +++ b/spec/defines/letsencrypt_certonly_spec.rb @@ -243,7 +243,7 @@ class { 'letsencrypt::plugin::dns_gandi': PUPPET end - it { is_expected.to compile.and_raise_error(/expects a value for parameter 'package_name'/) } + it { is_expected.to compile.and_raise_error(%r{/expects a value for parameter 'package_name'/}) } end context 'with custom plugin' do From ed0cfca1c56b419c3332e5bab61b1688c846259f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20De=20Wilde?= Date: Tue, 22 Nov 2022 11:51:11 +0100 Subject: [PATCH 13/21] Fix variable name --- spec/defines/letsencrypt_certonly_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/defines/letsencrypt_certonly_spec.rb b/spec/defines/letsencrypt_certonly_spec.rb index b94e79c9..811875e8 100644 --- a/spec/defines/letsencrypt_certonly_spec.rb +++ b/spec/defines/letsencrypt_certonly_spec.rb @@ -228,7 +228,7 @@ class { 'letsencrypt::plugin::dns_gandi': it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a dns-gandi --cert-name 'foo.example.com' -d 'foo.example.com' -a certbot-plugin-gandi:dns --certbot-plugin-gandi:dns-credentials /etc/letsencrypt/dns-gandi.ini" } end - context 'with dns-gandi plugin without apy_key' do + context 'with dns-gandi plugin without api_key' do let(:title) { 'foo.example.com' } let(:params) { { plugin: 'dns-gandi', letsencrypt_command: 'letsencrypt' } } let(:pre_condition) do @@ -243,7 +243,7 @@ class { 'letsencrypt::plugin::dns_gandi': PUPPET end - it { is_expected.to compile.and_raise_error(%r{/expects a value for parameter 'package_name'/}) } + it { is_expected.to compile.and_raise_error(%r{/expects a value for parameter 'api_key'/}) } end context 'with custom plugin' do From f8457b7690a1396427bb9ed8f90317d09718e85b Mon Sep 17 00:00:00 2001 From: cible Date: Tue, 22 Nov 2022 13:19:11 +0100 Subject: [PATCH 14/21] Update spec/classes/plugin/dns_gandi_spec.rb Co-authored-by: Ewoud Kohl van Wijngaarden --- spec/classes/plugin/dns_gandi_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/classes/plugin/dns_gandi_spec.rb b/spec/classes/plugin/dns_gandi_spec.rb index 97b1cd0d..185c337e 100644 --- a/spec/classes/plugin/dns_gandi_spec.rb +++ b/spec/classes/plugin/dns_gandi_spec.rb @@ -4,7 +4,7 @@ describe 'letsencrypt::plugin::dns_gandi' do on_supported_os.each do |os, facts| - next if supported_os_gandi(facts[:os]) + next unless supported_os_gandi(facts[:os]) context "on #{os} based operating systems" do let(:facts) { facts } From 17c1b6143016af7cc72cd16a0395874a19d50417 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20De=20Wilde?= Date: Tue, 22 Nov 2022 13:20:39 +0100 Subject: [PATCH 15/21] Fix alignment --- manifests/plugin/dns_gandi.pp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/manifests/plugin/dns_gandi.pp b/manifests/plugin/dns_gandi.pp index fef5a470..c920993d 100644 --- a/manifests/plugin/dns_gandi.pp +++ b/manifests/plugin/dns_gandi.pp @@ -9,10 +9,10 @@ # @param manage_package Manage the plugin package. # class letsencrypt::plugin::dns_gandi ( - String[1] $api_key, - String[1] $package_name, - Stdlib::Absolutepath $config_file = "${letsencrypt::config_dir}/dns-gandi.ini", - Boolean $manage_package = true, + String[1] $api_key, + String[1] $package_name, + Stdlib::Absolutepath $config_file = "${letsencrypt::config_dir}/dns-gandi.ini", + Boolean $manage_package = true, ) { require letsencrypt From 47824f610fc92a89a4418737287f2562c54d7281 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20De=20Wilde?= Date: Tue, 22 Nov 2022 14:09:15 +0100 Subject: [PATCH 16/21] Remove now useless code --- spec/classes/plugin/dns_gandi_spec.rb | 9 --------- 1 file changed, 9 deletions(-) diff --git a/spec/classes/plugin/dns_gandi_spec.rb b/spec/classes/plugin/dns_gandi_spec.rb index 185c337e..2cb8229f 100644 --- a/spec/classes/plugin/dns_gandi_spec.rb +++ b/spec/classes/plugin/dns_gandi_spec.rb @@ -16,15 +16,6 @@ class { 'letsencrypt': } PUPPET end - let(:package_name) do - osname = facts[:os]['name'] - osrelease = facts[:os]['release']['major'] - osfull = "#{osname}-#{osrelease}" - case osfull - when 'Debian-11', 'Ubuntu-20.04' - 'python3-certbot-dns-gandi' - end - end context 'with required parameters' do it do From ef0d4f5733f6c358183987cedcd68d74cd277940 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20De=20Wilde?= Date: Tue, 22 Nov 2022 14:54:52 +0100 Subject: [PATCH 17/21] Fix regexps --- spec/classes/plugin/dns_gandi_spec.rb | 2 +- spec/defines/letsencrypt_certonly_spec.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/classes/plugin/dns_gandi_spec.rb b/spec/classes/plugin/dns_gandi_spec.rb index 2cb8229f..7b7bf3a0 100644 --- a/spec/classes/plugin/dns_gandi_spec.rb +++ b/spec/classes/plugin/dns_gandi_spec.rb @@ -31,7 +31,7 @@ class { 'letsencrypt': it do if package_name.nil? - is_expected.to compile.and_raise_error(%r{/expects a value for parameter 'package_name'/}) + is_expected.to compile.and_raise_error(%r{expects a value for parameter 'package_name'}) else is_expected.to contain_class('letsencrypt::plugin::dns_gandi').with_package_name(package_name) is_expected.to contain_package(package_name).with_ensure('installed') diff --git a/spec/defines/letsencrypt_certonly_spec.rb b/spec/defines/letsencrypt_certonly_spec.rb index 811875e8..d6107aa1 100644 --- a/spec/defines/letsencrypt_certonly_spec.rb +++ b/spec/defines/letsencrypt_certonly_spec.rb @@ -243,7 +243,7 @@ class { 'letsencrypt::plugin::dns_gandi': PUPPET end - it { is_expected.to compile.and_raise_error(%r{/expects a value for parameter 'api_key'/}) } + it { is_expected.to compile.and_raise_error(%r{expects a value for parameter 'api_key'}) } end context 'with custom plugin' do From a513b572303a24e2d74cf8fe34b32ae6a987ef4f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20De=20Wilde?= Date: Wed, 23 Nov 2022 13:20:44 +0100 Subject: [PATCH 18/21] Fix tests --- spec/classes/plugin/dns_gandi_spec.rb | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/spec/classes/plugin/dns_gandi_spec.rb b/spec/classes/plugin/dns_gandi_spec.rb index 7b7bf3a0..67d38eed 100644 --- a/spec/classes/plugin/dns_gandi_spec.rb +++ b/spec/classes/plugin/dns_gandi_spec.rb @@ -16,26 +16,21 @@ class { 'letsencrypt': } PUPPET end + let(:package_name) do + 'python3-certbot-dns-gandi' + end context 'with required parameters' do it do - if package_name.nil? - is_expected.not_to compile - else is_expected.to compile.with_all_deps - end end describe 'with manage_package => true' do let(:params) { super().merge(manage_package: true) } it do - if package_name.nil? - is_expected.to compile.and_raise_error(%r{expects a value for parameter 'package_name'}) - else - is_expected.to contain_class('letsencrypt::plugin::dns_gandi').with_package_name(package_name) - is_expected.to contain_package(package_name).with_ensure('installed') - end + is_expected.to contain_class('letsencrypt::plugin::dns_gandi').with_package_name(package_name) + is_expected.to contain_package(package_name).with_ensure('installed') end end From 1e65a10d4334d29a90c2f8f87b49f70196987ce5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20De=20Wilde?= Date: Wed, 23 Nov 2022 13:40:38 +0100 Subject: [PATCH 19/21] Fix indent --- spec/classes/plugin/dns_gandi_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/classes/plugin/dns_gandi_spec.rb b/spec/classes/plugin/dns_gandi_spec.rb index 67d38eed..6f87ceec 100644 --- a/spec/classes/plugin/dns_gandi_spec.rb +++ b/spec/classes/plugin/dns_gandi_spec.rb @@ -22,7 +22,7 @@ class { 'letsencrypt': context 'with required parameters' do it do - is_expected.to compile.with_all_deps + is_expected.to compile.with_all_deps end describe 'with manage_package => true' do From 136b8d3d4b077dc4e3ec2c17b798fb7559077307 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20De=20Wilde?= Date: Tue, 21 Jan 2025 16:59:28 +0100 Subject: [PATCH 20/21] Add Gandi personnal access token support --- REFERENCE.md | 99 ++++++++++++----------- manifests/certonly.pp | 3 +- manifests/plugin/dns_gandi.pp | 20 +++-- spec/classes/plugin/dns_gandi_spec.rb | 2 +- spec/defines/letsencrypt_certonly_spec.rb | 29 ++++++- 5 files changed, 95 insertions(+), 58 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index 14c9c36c..56195a4b 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -406,6 +406,59 @@ Number of seconds to wait for the DNS server to propagate the DNS-01 challenge. Default value: `10` +### `letsencrypt::plugin::dns_gandi` + +This class installs and configures the Let's Encrypt dns-gandi plugin. +https://pypi.org/project/certbot-plugin-gandi/ + +#### Parameters + +The following parameters are available in the `letsencrypt::plugin::dns_gandi` class: + +* [`api_key`](#-letsencrypt--plugin--dns_gandi--api_key) +* [`personnal_access_token`](#-letsencrypt--plugin--dns_gandi--personnal_access_token) +* [`package_name`](#-letsencrypt--plugin--dns_gandi--package_name) +* [`config_file`](#-letsencrypt--plugin--dns_gandi--config_file) +* [`manage_package`](#-letsencrypt--plugin--dns_gandi--manage_package) + +##### `api_key` + +Data type: `Optional[String[1]]` + +Gandi production api key secret. You can get it in you security tab of your account + +Default value: `undef` + +##### `personnal_access_token` + +Data type: `Optional[String[1]]` + +Gandi personnal access token(PAT). You can get it in you security tab of your account + +Default value: `undef` + +##### `package_name` + +Data type: `String[1]` + +The name of the package to install when $manage_package is true. + +##### `config_file` + +Data type: `Stdlib::Absolutepath` + +The path to the configuration file. + +Default value: `"${letsencrypt::config_dir}/dns-gandi.ini"` + +##### `manage_package` + +Data type: `Boolean` + +Manage the plugin package. + +Default value: `true` + ### `letsencrypt::plugin::dns_linode` This class installs and configures the Let's Encrypt dns-linode plugin. @@ -468,50 +521,6 @@ Number of seconds to wait for the DNS server to propagate the DNS-01 challenge. Default value: `120` -### `letsencrypt::plugin::dns_gandi` - -This class installs and configures the Let's Encrypt dns-gandi plugin. -https://pypi.org/project/certbot-plugin-gandi/ - -#### Parameters - -The following parameters are available in the `letsencrypt::plugin::dns_gandi` class: - -* [`api_key`](#api_key) -* [`package_name`](#package_name) -* [`config_file`](#config_file) -* [`manage_package`](#manage_package) - -##### `api_key` - -Data type: `String[1]` - -Gandi production api key secret. You can get it in you security tab of your account - -##### `package_name` - -Data type: `Optional[String[1]]` - -The name of the package to install when $manage_package is true. - -Default value: ``undef`` - -##### `config_file` - -Data type: `Stdlib::Absolutepath` - -The path to the configuration file. - -Default value: `"${letsencrypt::config_dir}/dns-gandi.ini"` - -##### `manage_package` - -Data type: `Boolean` - -Manage the plugin package. - -Default value: ``true`` - ### `letsencrypt::plugin::dns_rfc2136` This class installs and configures the Let's Encrypt dns-rfc2136 plugin. @@ -1173,7 +1182,5 @@ Variant[Integer[0,31], String[1], Array[ List of accepted plugins - Alias of `Enum['apache', 'standalone', 'webroot', 'nginx', 'dns-azure', 'dns-route53', 'dns-google', 'dns-cloudflare', 'dns-linode', 'dns-rfc2136', 'dns-gandi', 'manual']` - diff --git a/manifests/certonly.pp b/manifests/certonly.pp index 7ee3f21d..9ba2882a 100644 --- a/manifests/certonly.pp +++ b/manifests/certonly.pp @@ -233,8 +233,7 @@ $plugin_args = [ "--cert-name '${cert_name}' -d", "'${_domains}'", - '-a certbot-plugin-gandi:dns', - "--certbot-plugin-gandi:dns-credentials ${letsencrypt::config_dir}/dns-gandi.ini", + "--dns-gandi-credentials ${letsencrypt::config_dir}/dns-gandi.ini", ] } diff --git a/manifests/plugin/dns_gandi.pp b/manifests/plugin/dns_gandi.pp index c920993d..5ce1c6ce 100644 --- a/manifests/plugin/dns_gandi.pp +++ b/manifests/plugin/dns_gandi.pp @@ -4,15 +4,17 @@ # https://pypi.org/project/certbot-plugin-gandi/ # # @param api_key Gandi production api key secret. You can get it in you security tab of your account +# @param personnal_access_token Gandi personnal access token(PAT). You can get it in you security tab of your account # @param package_name The name of the package to install when $manage_package is true. # @param config_file The path to the configuration file. # @param manage_package Manage the plugin package. # class letsencrypt::plugin::dns_gandi ( - String[1] $api_key, String[1] $package_name, - Stdlib::Absolutepath $config_file = "${letsencrypt::config_dir}/dns-gandi.ini", - Boolean $manage_package = true, + Optional[String[1]] $api_key = undef, + Optional[String[1]] $personnal_access_token = undef, + Stdlib::Absolutepath $config_file = "${letsencrypt::config_dir}/dns-gandi.ini", + Boolean $manage_package = true, ) { require letsencrypt @@ -23,8 +25,16 @@ } } - $ini_vars = { - 'certbot_plugin_gandi:dns_api_key' => $api_key, + if $api_key != undef { + $ini_vars = { + 'dns_gandi_api_key' => $api_key, + } + } elsif $personnal_access_token != undef { + $ini_vars = { + 'dns_gandi_token' => $personnal_access_token, + } + } else { + fail("expects a value for parameter 'api_key' or 'personnal_access_token'") } file { $config_file: diff --git a/spec/classes/plugin/dns_gandi_spec.rb b/spec/classes/plugin/dns_gandi_spec.rb index 6f87ceec..701e57c4 100644 --- a/spec/classes/plugin/dns_gandi_spec.rb +++ b/spec/classes/plugin/dns_gandi_spec.rb @@ -4,7 +4,7 @@ describe 'letsencrypt::plugin::dns_gandi' do on_supported_os.each do |os, facts| - next unless supported_os_gandi(facts[:os]) + next unless supported_os_gandi(os) context "on #{os} based operating systems" do let(:facts) { facts } diff --git a/spec/defines/letsencrypt_certonly_spec.rb b/spec/defines/letsencrypt_certonly_spec.rb index d08a0d9c..d55e657a 100644 --- a/spec/defines/letsencrypt_certonly_spec.rb +++ b/spec/defines/letsencrypt_certonly_spec.rb @@ -227,7 +227,7 @@ class { 'letsencrypt::plugin::dns_linode': it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a dns-linode --cert-name 'foo.example.com' -d 'foo.example.com' --dns-linode --dns-linode-credentials /etc/letsencrypt/dns-linode.ini --dns-linode-propagation-seconds 120" } end - context 'with dns-gandi plugin' do + context 'with dns-gandi plugin with api_key' do let(:title) { 'foo.example.com' } let(:params) { { plugin: 'dns-gandi', letsencrypt_command: 'letsencrypt' } } let(:pre_condition) do @@ -245,10 +245,31 @@ class { 'letsencrypt::plugin::dns_gandi': it { is_expected.to compile.with_all_deps } it { is_expected.to contain_class('letsencrypt::plugin::dns_gandi') } - it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a dns-gandi --cert-name 'foo.example.com' -d 'foo.example.com' -a certbot-plugin-gandi:dns --certbot-plugin-gandi:dns-credentials /etc/letsencrypt/dns-gandi.ini" } + it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a dns-gandi --cert-name 'foo.example.com' -d 'foo.example.com' --dns-gandi-credentials /etc/letsencrypt/dns-gandi.ini" } end - context 'with dns-gandi plugin without api_key' do + context 'with dns-gandi plugin with personnal_access_token' do + let(:title) { 'foo.example.com' } + let(:params) { { plugin: 'dns-gandi', letsencrypt_command: 'letsencrypt' } } + let(:pre_condition) do + <<-PUPPET + class { 'letsencrypt': + email => 'foo@example.com', + config_dir => '/etc/letsencrypt', + } + class { 'letsencrypt::plugin::dns_gandi': + package_name => 'irrelevant', + personnal_access_token => 'dummy-pat', + } + PUPPET + end + + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_class('letsencrypt::plugin::dns_gandi') } + it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a dns-gandi --cert-name 'foo.example.com' -d 'foo.example.com' --dns-gandi-credentials /etc/letsencrypt/dns-gandi.ini" } + end + + context 'with dns-gandi plugin without api_key or personnal_access_token' do let(:title) { 'foo.example.com' } let(:params) { { plugin: 'dns-gandi', letsencrypt_command: 'letsencrypt' } } let(:pre_condition) do @@ -263,7 +284,7 @@ class { 'letsencrypt::plugin::dns_gandi': PUPPET end - it { is_expected.to compile.and_raise_error(%r{expects a value for parameter 'api_key'}) } + it { is_expected.to compile.and_raise_error(%r{expects a value for parameter 'api_key' or 'personnal_access_token'}) } end context 'with custom plugin' do From 8b984895d38dc371decbac969f714979a1d45b2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20De=20Wilde?= Date: Wed, 22 Jan 2025 09:34:10 +0100 Subject: [PATCH 21/21] Fix REFERENCE.md --- REFERENCE.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/REFERENCE.md b/REFERENCE.md index 56195a4b..8ae80a5c 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -20,6 +20,7 @@ #### Private Classes * `letsencrypt::config`: Configures the Let's Encrypt client. +* `letsencrypt::install`: Installs the Let's Encrypt client. * `letsencrypt::scripts`: Deploy helper scripts scripts ### Defined types @@ -46,7 +47,7 @@ Install and configure Certbot, the LetsEncrypt client #### Examples -##### +##### ```puppet class { 'letsencrypt' : @@ -86,6 +87,10 @@ The following parameters are available in the `letsencrypt` class: * [`renew_cron_hour`](#-letsencrypt--renew_cron_hour) * [`renew_cron_minute`](#-letsencrypt--renew_cron_minute) * [`renew_cron_monthday`](#-letsencrypt--renew_cron_monthday) +* [`renew_cron_environment`](#-letsencrypt--renew_cron_environment) +* [`certonly_pre_hook_commands`](#-letsencrypt--certonly_pre_hook_commands) +* [`certonly_post_hook_commands`](#-letsencrypt--certonly_post_hook_commands) +* [`certonly_deploy_hook_commands`](#-letsencrypt--certonly_deploy_hook_commands) ##### `email` @@ -182,6 +187,8 @@ Data type: `Boolean` A feature flag to include the 'epel' class and depend on it for package installation. +Default value: `false` + ##### `agree_tos` Data type: `Boolean`