From 432cb7d87393e6e87f8ccd06544c12a8be7a1823 Mon Sep 17 00:00:00 2001 From: Hugo Haakseth Date: Thu, 6 Jun 2024 00:50:30 +0200 Subject: [PATCH 1/3] Cleanup Readme; Add Licence --- LICENSE | 201 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ README.md | 125 +++++++++++++++++---------------- 2 files changed, 269 insertions(+), 57 deletions(-) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..404e08a --- /dev/null +++ b/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright © [2012-2014] [Sergey Stankevich] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/README.md b/README.md index d24e2d1..76d53b7 100644 --- a/README.md +++ b/README.md @@ -1,83 +1,94 @@ -ca_cert -======= +# ca_cert puppet module -[![Build Status](https://travis-ci.org/pcfens/puppet-ca_cert.png?branch=master)](https://travis-ci.org/pcfens/puppet-ca_cert) +[![Build Status](https://github.com/voxpupuli/puppet-ca_cert/workflows/CI/badge.svg)](https://github.com/voxpupuli/puppet-ca_cert/actions?query=workflow%3ACI) +[![Release](https://github.com/voxpupuli/puppet-ca_cert/actions/workflows/release.yml/badge.svg)](https://github.com/voxpupuli/puppet-ca_cert/actions/workflows/release.yml) +[![Puppet Forge](https://img.shields.io/puppetforge/v/puppet/ca_cert.svg)](https://forge.puppetlabs.com/puppet/ca_cert) +[![Puppet Forge - downloads](https://img.shields.io/puppetforge/dt/puppet/ca_cert.svg)](https://forge.puppetlabs.com/puppet/ca_cert) +[![Puppet Forge - endorsement](https://img.shields.io/puppetforge/e/puppet/ca_cert.svg)](https://forge.puppetlabs.com/puppet/ca_cert) +[![Puppet Forge - scores](https://img.shields.io/puppetforge/f/puppet/ca_cert.svg)](https://forge.puppetlabs.com/puppet/ca_cert) +[![License](https://img.shields.io/github/license/voxpupuli/puppet-ca_cert.svg)](https://github.com/voxpupuli/puppet-ca_cert/blob/master/LICENSE) -Overview --------- +#### Table of Contents + +1. [Description - What does the module do?](#description) +2. [Setup - The basics of getting started with mongodb](#setup) +3. [Usage - Configuration options and additional functionality](#usage) +4. [Limitations - OS compatibility, etc.](#limitations) +5. [Development - Guide for contributing to the module](#development) + +## Description The ca_cert module tries to provide a simple way to manage Certificate Authority (CA) -certificates on a Linux system. (Patches are welcome to help support other -operating sytems) +certificates on a Linux system. -Usage ------ +## Usage -After the `ca_cert` module has been declared add CA certificates with the ca_cert::ca -definition. +On supported OSes custom and OS default CAs can be managed by using the defined type [ca_cert::ca](manifests/ca.pp). +The [ca_cert](manifests/init.pp) class could be realized to costomize how this module manages the certificates. -### ca_cert +### Install a custom CA + +```puppet +ca_cert::ca { 'myorg_ca': + source => 'https://ca.myorg.com/myorg_ca.pem', +} +``` -`ca_cert` ensures that the locations and tools needed to manage the CAs are present on -your system. +### Manage custom CAs with hiera -Optional parameters: - * `always_update_certs`: Run your system's update CA command even when there are no - updates needed. (defaults to false) - * `purge_unmanaged_CAs`: Purge non-OS default CAs from the system. This will only - remove CAs that might be installed using your OS's default - management method. (defaults to false) - * `install_package`: Whether or not this module should install the ca_certificates - package. The package contains the default trusted (typically - Mozilla) CA certificates, as well as the tools required for this - module to manage other installed CA certificates. (defaults to true) - * `ca_certs`: A hash of certificates you would like added. These may also be defined - by declaring `ca_cert::ca` once for each certificate. +```yaml +--- +ca_cert::ca_certs: + 'myorg_ca': + source: 'https://ca.myorg.com/myorg_ca.pem' +``` +```puppet +include ca_cert +``` -### ca_cert::ca +### Distrust a OS default CA -CAs can be added as URLs, text, or a puppet managed file +Distrusting OS default CAs is handled differently by different OS families. +On Debian/Ubuntu like OSes that support distrusting by using a configuration file +the certificate content is not needed. +Simply use ```puppet -ca_cert::ca { 'GlobalSign-OrgSSL-Intermediate': - ensure => 'trusted', - source => 'http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt', +ca_cert::ca { 'DigiCert_Global_Root_G3': + ensure => 'distrusted', } ``` +On RedHat like OSes that use a folder to manage distrusted default CAs, the certificate +source or content has to be provided as well + ```puppet -ca_cert::ca { 'GlobalSign-OrgSSL-Intermediate': - ensure => 'trusted', - source => 'puppet:///modules/profiles/CAs/InCommon.crt', +ca_cert::ca { 'DigiCert_Global_Root_G3': + ensure => 'distrusted', + source => 'https://cacerts.digicert.com/DigiCertGlobalRootG3.crt.pem', } ``` +### Ensuring only puppet managed custom CAs are present + +```puppet -`ca_cert::ca`: +class { 'ca_cert': + purge_unmanaged_CAs => true, + ca_certs => { + .... + } +} +``` - * `ca_text`: The text of the CA certificate to install. Required if text is the source - (default). If a different source is specified this parameter is ignored. - * `source`: Where the CA certificate should be retrieved from. text, http, https, ftp, - file, and puppet protocols/sources are supported. If text, then the ca_text parameter - is also required. Defaults to text. +## Limitations - **Warning**: certificates delivered via http, https, or ftp won't be - updated if the upstream source changes. +This module has been tested on operating systems in [metadata.json](metadata.json) - **SLES 11 Specific Detail**: Cert File must be in `.pem` format +## Development - * `ensure`: Whether or not the CA certificate should be on the system or not. Valid - values are trusted, present, distrusted, and absent. Trusted is the same - as present. On Debian systems untrusted is the same as absent. On RedHat - based systems untrusted certificates are placed in a different path before - calling the update command. (defaults to trusted) - * `verify_https_cert`: If a certificate is retrieved over HTTPS, whether or not the - server's certificate should be validated against the fetching - machine's trusted CA list or not. (defaults to true) - * `checksum`: The file will be downloaded if the checksum does not match this value. - See the `checksum` parameter at [lwf/puppet-remote_file](https://github.com/lwf/puppet-remote_file) - for details. +This module is maintained by [Vox Pupuli](https://voxpupuli.org/). Voxpupuli +welcomes new contributions to this module, especially those that include +documentation and rspec tests. We are happy to provide guidance if necessary. -Supported Platforms -------------------- -This module has been tested on operating systems in [metadata.json](metadata.json) +Please see [CONTRIBUTING](.github/CONTRIBUTING.md) for more details. From 64fa3ed13ebdc67f7a63fb2cd6fc8aca76ddfd61 Mon Sep 17 00:00:00 2001 From: Hugo Haakseth Date: Thu, 6 Jun 2024 00:52:16 +0200 Subject: [PATCH 2/3] Remove unneeded examples folder --- examples/ca.pp | 5 ----- examples/init.pp | 1 - 2 files changed, 6 deletions(-) delete mode 100644 examples/ca.pp delete mode 100644 examples/init.pp diff --git a/examples/ca.pp b/examples/ca.pp deleted file mode 100644 index 2cbac94..0000000 --- a/examples/ca.pp +++ /dev/null @@ -1,5 +0,0 @@ -class { 'ca_cert': } - -ca_cert::ca { 'globalsign_org_intermediate': - source => 'http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt', -} diff --git a/examples/init.pp b/examples/init.pp deleted file mode 100644 index 780cff6..0000000 --- a/examples/init.pp +++ /dev/null @@ -1 +0,0 @@ -class { 'ca_cert': } From 951e7f5993cfd49b296131ddc1aae592aa42643b Mon Sep 17 00:00:00 2001 From: Hugo Haakseth Date: Thu, 6 Jun 2024 08:49:22 +0200 Subject: [PATCH 3/3] Add transfer notice; Transfer metadata to Vox Pupuli --- README.md | 9 +++++++++ metadata.json | 12 ++++++------ 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 76d53b7..69cc53f 100644 --- a/README.md +++ b/README.md @@ -7,6 +7,7 @@ [![Puppet Forge - endorsement](https://img.shields.io/puppetforge/e/puppet/ca_cert.svg)](https://forge.puppetlabs.com/puppet/ca_cert) [![Puppet Forge - scores](https://img.shields.io/puppetforge/f/puppet/ca_cert.svg)](https://forge.puppetlabs.com/puppet/ca_cert) [![License](https://img.shields.io/github/license/voxpupuli/puppet-ca_cert.svg)](https://github.com/voxpupuli/puppet-ca_cert/blob/master/LICENSE) +[![Donated by Phil Fenstermacher](https://img.shields.io/badge/donated%20by-Phil%20Fenstermacher-fb7047.svg)](#transfer-notice) #### Table of Contents @@ -92,3 +93,11 @@ welcomes new contributions to this module, especially those that include documentation and rspec tests. We are happy to provide guidance if necessary. Please see [CONTRIBUTING](.github/CONTRIBUTING.md) for more details. + +## Transfer Notice + +This module was originally authored by [Phil Fenstermacher](). +The maintainer preferred that Puppet Community take ownership of the module for future improvement and maintenance. +Existing pull requests and issues were transferred over, please fork and continue to contribute here instead. + +Previously: diff --git a/metadata.json b/metadata.json index 3ab2dbd..3dd1fee 100644 --- a/metadata.json +++ b/metadata.json @@ -1,12 +1,12 @@ { - "name": "pcfens-ca_cert", - "version": "2.5.0", - "author": "pcfens", + "name": "puppet-ca_cert", + "version": "2.5.1-rc0", + "author": "Vox Pupuli", "summary": "Manage system CA certificates", "license": "Apache-2.0", - "source": "https://github.com/pcfens/puppet-ca_cert", - "project_page": "https://github.com/pcfens/puppet-ca_cert", - "issues_url": "https://github.com/pcfens/puppet-ca_cert/issues", + "source": "https://github.com/voxpupuli/puppet-ca_cert", + "project_page": "https://github.com/voxpupuli/puppet-ca_cert", + "issues_url": "https://github.com/voxpupuli/puppet-ca_cert/issues", "dependencies": [ { "name": "puppetlabs/stdlib",