From a6053be8085fa1e2b8ce06d5c7e6137606f7b2c6 Mon Sep 17 00:00:00 2001 From: Mitchell Chambers Date: Mon, 27 May 2024 10:49:56 +1000 Subject: [PATCH 01/32] set data type for port params --- manifests/init.pp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index af32b4ed..054f7c95 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -347,11 +347,11 @@ # class puppetdb ( $listen_address = $puppetdb::params::listen_address, - $listen_port = $puppetdb::params::listen_port, + Stdlib::Port $listen_port = $puppetdb::params::listen_port, $disable_cleartext = $puppetdb::params::disable_cleartext, $open_listen_port = $puppetdb::params::open_listen_port, $ssl_listen_address = $puppetdb::params::ssl_listen_address, - $ssl_listen_port = $puppetdb::params::ssl_listen_port, + Stdlib::Port $ssl_listen_port = $puppetdb::params::ssl_listen_port, $disable_ssl = $puppetdb::params::disable_ssl, $open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port, $ssl_dir = $puppetdb::params::ssl_dir, @@ -377,7 +377,7 @@ $manage_package_repo = $puppetdb::params::manage_pg_repo, $postgres_version = $puppetdb::params::postgres_version, $database_host = $puppetdb::params::database_host, - $database_port = $puppetdb::params::database_port, + Stdlib::Port $database_port = $puppetdb::params::database_port, $database_username = $puppetdb::params::database_username, Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, $database_name = $puppetdb::params::database_name, @@ -400,7 +400,7 @@ $puppetdb_group = $puppetdb::params::puppetdb_group, $puppetdb_server = $puppetdb::params::puppetdb_server, $read_database_host = $puppetdb::params::read_database_host, - $read_database_port = $puppetdb::params::read_database_port, + Stdlib::Port $read_database_port = $puppetdb::params::read_database_port, $read_database_username = $puppetdb::params::read_database_username, Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, $read_database_name = $puppetdb::params::read_database_name, From a660089a06da093e44bbe29383a0c3a4914ad578 Mon Sep 17 00:00:00 2001 From: Mitchell Chambers Date: Mon, 27 May 2024 14:27:56 +1000 Subject: [PATCH 02/32] convert string port values to integer --- manifests/params.pp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index 5f19dfd0..9f32fad9 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -3,11 +3,11 @@ # @api private class puppetdb::params inherits puppetdb::globals { $listen_address = 'localhost' - $listen_port = '8080' + $listen_port = 8080 $disable_cleartext = false $open_listen_port = false $ssl_listen_address = '0.0.0.0' - $ssl_listen_port = '8081' + $ssl_listen_port = 8081 $ssl_protocols = undef $disable_ssl = false $cipher_suites = undef @@ -33,7 +33,7 @@ } $database_host = 'localhost' - $database_port = '5432' + $database_port = 5432 $database_name = 'puppetdb' $database_username = 'puppetdb' $database_password = 'puppetdb' @@ -62,7 +62,7 @@ # These settings are for the read database $read_database_host = undef - $read_database_port = '5432' + $read_database_port = 5432 $read_database_name = 'puppetdb' $read_database_username = 'puppetdb-read' $read_database_password = 'puppetdb-read' From 89fe4034955b99ee990da3387f0827153be5c556 Mon Sep 17 00:00:00 2001 From: Mitchell Chambers Date: Mon, 27 May 2024 14:37:55 +1000 Subject: [PATCH 03/32] remove `port` variable as database_port is an integer --- manifests/database/postgresql.pp | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/manifests/database/postgresql.pp b/manifests/database/postgresql.pp index 825b3fe7..36691433 100644 --- a/manifests/database/postgresql.pp +++ b/manifests/database/postgresql.pp @@ -91,7 +91,6 @@ Boolean $password_sensitive = false, Postgresql::Pg_password_encryption $password_encryption = $puppetdb::params::password_encryption, ) inherits puppetdb::params { - $port = scanf($database_port, '%i')[0] if $manage_server { class { 'postgresql::globals': @@ -102,7 +101,7 @@ class { 'postgresql::server': ip_mask_allow_all_users => '0.0.0.0/0', listen_addresses => $listen_addresses, - port => $port, + port => $database_port, password_encryption => $password_encryption, } @@ -139,7 +138,7 @@ postgresql::server::extension { 'pg_trgm': database => $database_name, require => Postgresql::Server::Db[$database_name], - port => $port, + port => $database_port, } } } @@ -152,12 +151,12 @@ encoding => 'UTF8', locale => 'en_US.UTF-8', grant => 'all', - port => $port, + port => $database_port, } -> postgresql_psql { 'revoke all access on public schema': db => $database_name, - port => $port, + port => $database_port, command => 'REVOKE CREATE ON SCHEMA public FROM public', unless => "SELECT * FROM (SELECT has_schema_privilege('public', 'public', 'create') can_create) privs @@ -166,7 +165,7 @@ -> postgresql_psql { "grant all permissions to ${database_username}": db => $database_name, - port => $port, + port => $database_port, command => "GRANT CREATE ON SCHEMA public TO \"${database_username}\"", unless => "SELECT * FROM (SELECT has_schema_privilege('${database_username}', 'public', 'create') can_create) privs @@ -179,13 +178,13 @@ password_hash => postgresql::postgresql_password( $read_database_username, $read_database_password, $password_sensitive, $password_encryption), database_owner => $database_username, - database_port => $port, + database_port => $database_port, password_encryption => $password_encryption, } -> postgresql_psql { "grant ${read_database_username} role to ${database_username}": db => $database_name, - port => $port, + port => $database_port, command => "GRANT \"${read_database_username}\" TO \"${database_username}\"", unless => "SELECT oid, rolname FROM pg_roles WHERE pg_has_role( '${database_username}', oid, 'member') and rolname = '${read_database_username}'"; From dcaa0567f3bc51d0b14f8e45232282fc5fd26104 Mon Sep 17 00:00:00 2001 From: Mitchell Chambers Date: Mon, 27 May 2024 14:40:35 +1000 Subject: [PATCH 04/32] set param database_port as integer --- spec/unit/classes/database/postgresql_spec.rb | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/spec/unit/classes/database/postgresql_spec.rb b/spec/unit/classes/database/postgresql_spec.rb index 74fd63b9..c4a0be54 100644 --- a/spec/unit/classes/database/postgresql_spec.rb +++ b/spec/unit/classes/database/postgresql_spec.rb @@ -51,7 +51,7 @@ database_password: 'puppetdb', read_database_username: 'puppetdb-read', read_database_password: 'puppetdb-read', - database_port: '5432', + database_port: 5432, } end @@ -61,7 +61,7 @@ user: params[:database_username], password: params[:database_password], grant: 'all', - port: params[:database_port].to_i, + port: params[:database_port], encoding: 'UTF8', locale: 'en_US.UTF-8', ) @@ -72,7 +72,7 @@ .that_requires("Postgresql::Server::Db[#{params[:database_name]}]") .with( db: params[:database_name], - port: params[:database_port].to_i, + port: params[:database_port], command: 'REVOKE CREATE ON SCHEMA public FROM public', unless: "SELECT * FROM (SELECT has_schema_privilege('public', 'public', 'create') can_create) privs @@ -86,7 +86,7 @@ .that_comes_before("Puppetdb::Database::Read_only_user[#{params[:read_database_username]}]") .with( db: params[:database_name], - port: params[:database_port].to_i, + port: params[:database_port], command: "GRANT CREATE ON SCHEMA public TO \"#{params[:database_username]}\"", unless: "SELECT * FROM (SELECT has_schema_privilege('#{params[:database_username]}', 'public', 'create') can_create) privs @@ -102,7 +102,7 @@ database_name: params[:database_name], password_hash: %r{^(md5|SCRAM)}, # TODO: mock properly database_owner: params[:database_username], - database_port: params[:database_port].to_i, + database_port: params[:database_port], } end end @@ -112,7 +112,7 @@ .that_requires("Puppetdb::Database::Read_only_user[#{params[:read_database_username]}]") .with( db: params[:database_name], - port: params[:database_port].to_i, + port: params[:database_port], command: "GRANT \"#{params[:read_database_username]}\" TO \"#{params[:database_username]}\"", unless: "SELECT oid, rolname FROM pg_roles WHERE pg_has_role( '#{params[:database_username]}', oid, 'member') and rolname = '#{params[:read_database_username]}'", From 8708434f9e54d5e15e8b4c040dc90dca0eb35b19 Mon Sep 17 00:00:00 2001 From: Mitchell Chambers Date: Mon, 27 May 2024 16:25:28 +1000 Subject: [PATCH 05/32] set boolean data type validation for puppetdb params --- manifests/init.pp | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 054f7c95..067ef2f0 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -348,43 +348,43 @@ class puppetdb ( $listen_address = $puppetdb::params::listen_address, Stdlib::Port $listen_port = $puppetdb::params::listen_port, - $disable_cleartext = $puppetdb::params::disable_cleartext, - $open_listen_port = $puppetdb::params::open_listen_port, + Boolean $disable_cleartext = $puppetdb::params::disable_cleartext, + Boolean $open_listen_port = $puppetdb::params::open_listen_port, $ssl_listen_address = $puppetdb::params::ssl_listen_address, Stdlib::Port $ssl_listen_port = $puppetdb::params::ssl_listen_port, - $disable_ssl = $puppetdb::params::disable_ssl, - $open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port, + Boolean $disable_ssl = $puppetdb::params::disable_ssl, + Optional[Boolean] $open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port, $ssl_dir = $puppetdb::params::ssl_dir, - $ssl_set_cert_paths = $puppetdb::params::ssl_set_cert_paths, + Boolean $ssl_set_cert_paths = $puppetdb::params::ssl_set_cert_paths, $ssl_cert_path = $puppetdb::params::ssl_cert_path, $ssl_key_path = $puppetdb::params::ssl_key_path, $ssl_key_pk8_path = $puppetdb::params::ssl_key_pk8_path, $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path, - $ssl_deploy_certs = $puppetdb::params::ssl_deploy_certs, + Boolean $ssl_deploy_certs = $puppetdb::params::ssl_deploy_certs, $ssl_key = $puppetdb::params::ssl_key, $ssl_cert = $puppetdb::params::ssl_cert, $ssl_ca_cert = $puppetdb::params::ssl_ca_cert, $ssl_protocols = $puppetdb::params::ssl_protocols, - $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, + Boolean $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, $postgresql_ssl_folder = $puppetdb::params::postgresql_ssl_folder, $postgresql_ssl_cert_path = $puppetdb::params::postgresql_ssl_cert_path, $postgresql_ssl_key_path = $puppetdb::params::postgresql_ssl_key_path, $postgresql_ssl_ca_cert_path = $puppetdb::params::postgresql_ssl_ca_cert_path, $cipher_suites = $puppetdb::params::cipher_suites, - $migrate = $puppetdb::params::migrate, - $manage_dbserver = $puppetdb::params::manage_dbserver, - $manage_database = $puppetdb::params::manage_database, - $manage_package_repo = $puppetdb::params::manage_pg_repo, + Boolean $migrate = $puppetdb::params::migrate, + Boolean $manage_dbserver = $puppetdb::params::manage_dbserver, + Boolean $manage_database = $puppetdb::params::manage_database, + Boolean $manage_package_repo = $puppetdb::params::manage_pg_repo, $postgres_version = $puppetdb::params::postgres_version, $database_host = $puppetdb::params::database_host, Stdlib::Port $database_port = $puppetdb::params::database_port, $database_username = $puppetdb::params::database_username, Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, $database_name = $puppetdb::params::database_name, - $manage_db_password = $puppetdb::params::manage_db_password, + Boolean $manage_db_password = $puppetdb::params::manage_db_password, $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, $database_listen_address = $puppetdb::params::postgres_listen_addresses, - $database_validate = $puppetdb::params::database_validate, + Boolean $database_validate = $puppetdb::params::database_validate, $node_ttl = $puppetdb::params::node_ttl, $node_purge_ttl = $puppetdb::params::node_purge_ttl, $report_ttl = $puppetdb::params::report_ttl, @@ -404,16 +404,16 @@ $read_database_username = $puppetdb::params::read_database_username, Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, $read_database_name = $puppetdb::params::read_database_name, - $manage_read_db_password = $puppetdb::params::manage_read_db_password, + Boolean $manage_read_db_password = $puppetdb::params::manage_read_db_password, $read_database_jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties, - $read_database_validate = $puppetdb::params::read_database_validate, + Boolean $read_database_validate = $puppetdb::params::read_database_validate, $read_conn_max_age = $puppetdb::params::read_conn_max_age, $read_conn_lifetime = $puppetdb::params::read_conn_lifetime, $confdir = $puppetdb::params::confdir, $vardir = $puppetdb::params::vardir, - $manage_firewall = $puppetdb::params::manage_firewall, + Boolean $manage_firewall = $puppetdb::params::manage_firewall, $java_args = $puppetdb::params::java_args, - $merge_default_java_args = $puppetdb::params::merge_default_java_args, + Boolean $merge_default_java_args = $puppetdb::params::merge_default_java_args, $max_threads = $puppetdb::params::max_threads, $command_threads = $puppetdb::params::command_threads, $concurrent_writes = $puppetdb::params::concurrent_writes, From 0498e87dad8e17d4f59d03fcc3292acb89480c3a Mon Sep 17 00:00:00 2001 From: Mitchell Chambers Date: Mon, 27 May 2024 17:54:02 +1000 Subject: [PATCH 06/32] set absolutepath validation for file path params --- manifests/init.pp | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 067ef2f0..5d81ab6a 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -354,23 +354,23 @@ Stdlib::Port $ssl_listen_port = $puppetdb::params::ssl_listen_port, Boolean $disable_ssl = $puppetdb::params::disable_ssl, Optional[Boolean] $open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port, - $ssl_dir = $puppetdb::params::ssl_dir, + Stdlib::Absolutepath $ssl_dir = $puppetdb::params::ssl_dir, Boolean $ssl_set_cert_paths = $puppetdb::params::ssl_set_cert_paths, - $ssl_cert_path = $puppetdb::params::ssl_cert_path, - $ssl_key_path = $puppetdb::params::ssl_key_path, - $ssl_key_pk8_path = $puppetdb::params::ssl_key_pk8_path, - $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path, + Stdlib::Absolutepath $ssl_cert_path = $puppetdb::params::ssl_cert_path, + Stdlib::Absolutepath $ssl_key_path = $puppetdb::params::ssl_key_path, + Stdlib::Absolutepath $ssl_key_pk8_path = $puppetdb::params::ssl_key_pk8_path, + Stdlib::Absolutepath $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path, Boolean $ssl_deploy_certs = $puppetdb::params::ssl_deploy_certs, $ssl_key = $puppetdb::params::ssl_key, $ssl_cert = $puppetdb::params::ssl_cert, $ssl_ca_cert = $puppetdb::params::ssl_ca_cert, - $ssl_protocols = $puppetdb::params::ssl_protocols, + $ssl_protocols = $puppetdb::params::ssl_protocols, Boolean $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, - $postgresql_ssl_folder = $puppetdb::params::postgresql_ssl_folder, - $postgresql_ssl_cert_path = $puppetdb::params::postgresql_ssl_cert_path, - $postgresql_ssl_key_path = $puppetdb::params::postgresql_ssl_key_path, - $postgresql_ssl_ca_cert_path = $puppetdb::params::postgresql_ssl_ca_cert_path, - $cipher_suites = $puppetdb::params::cipher_suites, + Stdlib::Absolutepath $postgresql_ssl_folder = $puppetdb::params::postgresql_ssl_folder, + Stdlib::Absolutepath $postgresql_ssl_cert_path = $puppetdb::params::postgresql_ssl_cert_path, + Stdlib::Absolutepath $postgresql_ssl_key_path = $puppetdb::params::postgresql_ssl_key_path, + Stdlib::Absolutepath $postgresql_ssl_ca_cert_path = $puppetdb::params::postgresql_ssl_ca_cert_path, + $cipher_suites = $puppetdb::params::cipher_suites, Boolean $migrate = $puppetdb::params::migrate, Boolean $manage_dbserver = $puppetdb::params::manage_dbserver, Boolean $manage_database = $puppetdb::params::manage_database, @@ -409,8 +409,8 @@ Boolean $read_database_validate = $puppetdb::params::read_database_validate, $read_conn_max_age = $puppetdb::params::read_conn_max_age, $read_conn_lifetime = $puppetdb::params::read_conn_lifetime, - $confdir = $puppetdb::params::confdir, - $vardir = $puppetdb::params::vardir, + Stdlib::Absolutepath $confdir = $puppetdb::params::confdir, + Stdlib::Absolutepath $vardir = $puppetdb::params::vardir, Boolean $manage_firewall = $puppetdb::params::manage_firewall, $java_args = $puppetdb::params::java_args, Boolean $merge_default_java_args = $puppetdb::params::merge_default_java_args, @@ -420,7 +420,7 @@ $store_usage = $puppetdb::params::store_usage, $temp_usage = $puppetdb::params::temp_usage, $disable_update_checking = $puppetdb::params::disable_update_checking, - $certificate_whitelist_file = $puppetdb::params::certificate_whitelist_file, + Stdlib::Absolutepath $certificate_whitelist_file = $puppetdb::params::certificate_whitelist_file, $certificate_whitelist = $puppetdb::params::certificate_whitelist, $database_max_pool_size = $puppetdb::params::database_max_pool_size, $read_database_max_pool_size = $puppetdb::params::read_database_max_pool_size, From d100da20a7dcbb987d2e6dbcf15c75004f8ef819 Mon Sep 17 00:00:00 2001 From: Mitchell Chambers Date: Mon, 27 May 2024 17:54:37 +1000 Subject: [PATCH 07/32] style: remove newline --- manifests/database/postgresql.pp | 1 - 1 file changed, 1 deletion(-) diff --git a/manifests/database/postgresql.pp b/manifests/database/postgresql.pp index 36691433..a271633a 100644 --- a/manifests/database/postgresql.pp +++ b/manifests/database/postgresql.pp @@ -91,7 +91,6 @@ Boolean $password_sensitive = false, Postgresql::Pg_password_encryption $password_encryption = $puppetdb::params::password_encryption, ) inherits puppetdb::params { - if $manage_server { class { 'postgresql::globals': manage_package_repo => $manage_package_repo, From 7d024df6997a51a0da487ba54cdc6209dedff986 Mon Sep 17 00:00:00 2001 From: Mitchell Chambers Date: Tue, 28 May 2024 10:38:10 +1000 Subject: [PATCH 08/32] set integer data validation and update string params to integer --- manifests/init.pp | 16 ++++++++-------- manifests/params.pp | 12 ++++++------ 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 5d81ab6a..eaef8314 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -364,13 +364,13 @@ $ssl_key = $puppetdb::params::ssl_key, $ssl_cert = $puppetdb::params::ssl_cert, $ssl_ca_cert = $puppetdb::params::ssl_ca_cert, - $ssl_protocols = $puppetdb::params::ssl_protocols, + $ssl_protocols = $puppetdb::params::ssl_protocols, Boolean $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, Stdlib::Absolutepath $postgresql_ssl_folder = $puppetdb::params::postgresql_ssl_folder, Stdlib::Absolutepath $postgresql_ssl_cert_path = $puppetdb::params::postgresql_ssl_cert_path, Stdlib::Absolutepath $postgresql_ssl_key_path = $puppetdb::params::postgresql_ssl_key_path, Stdlib::Absolutepath $postgresql_ssl_ca_cert_path = $puppetdb::params::postgresql_ssl_ca_cert_path, - $cipher_suites = $puppetdb::params::cipher_suites, + $cipher_suites = $puppetdb::params::cipher_suites, Boolean $migrate = $puppetdb::params::migrate, Boolean $manage_dbserver = $puppetdb::params::manage_dbserver, Boolean $manage_database = $puppetdb::params::manage_database, @@ -389,10 +389,10 @@ $node_purge_ttl = $puppetdb::params::node_purge_ttl, $report_ttl = $puppetdb::params::report_ttl, Optional[Array] $facts_blacklist = $puppetdb::params::facts_blacklist, - $gc_interval = $puppetdb::params::gc_interval, - $node_purge_gc_batch_limit = $puppetdb::params::node_purge_gc_batch_limit, - $conn_max_age = $puppetdb::params::conn_max_age, - $conn_lifetime = $puppetdb::params::conn_lifetime, + Integer $gc_interval = $puppetdb::params::gc_interval, + Integer $node_purge_gc_batch_limit = $puppetdb::params::node_purge_gc_batch_limit, + Integer $conn_max_age = $puppetdb::params::conn_max_age, + Integer $conn_lifetime = $puppetdb::params::conn_lifetime, $puppetdb_package = $puppetdb::params::puppetdb_package, $puppetdb_service = $puppetdb::params::puppetdb_service, $puppetdb_service_status = $puppetdb::params::puppetdb_service_status, @@ -407,8 +407,8 @@ Boolean $manage_read_db_password = $puppetdb::params::manage_read_db_password, $read_database_jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties, Boolean $read_database_validate = $puppetdb::params::read_database_validate, - $read_conn_max_age = $puppetdb::params::read_conn_max_age, - $read_conn_lifetime = $puppetdb::params::read_conn_lifetime, + Integer $read_conn_max_age = $puppetdb::params::read_conn_max_age, + Integer $read_conn_lifetime = $puppetdb::params::read_conn_lifetime, Stdlib::Absolutepath $confdir = $puppetdb::params::confdir, Stdlib::Absolutepath $vardir = $puppetdb::params::vardir, Boolean $manage_firewall = $puppetdb::params::manage_firewall, diff --git a/manifests/params.pp b/manifests/params.pp index 9f32fad9..a035ce7a 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -51,11 +51,11 @@ $facts_blacklist = undef - $gc_interval = '60' - $node_purge_gc_batch_limit = '25' + $gc_interval = 60 + $node_purge_gc_batch_limit = 25 - $conn_max_age = '60' - $conn_lifetime = '0' + $conn_max_age = 60 + $conn_lifetime = 0 $max_threads = undef $migrate = true @@ -69,8 +69,8 @@ $manage_read_db_password = true $read_database_jdbc_ssl_properties = '' $read_database_validate = true - $read_conn_max_age = '60' - $read_conn_lifetime = '0' + $read_conn_max_age = 60 + $read_conn_lifetime = 0 $read_database_max_pool_size = undef $manage_firewall = true From 93a4a3db2026a8f93a79d13b9b119880e4963a07 Mon Sep 17 00:00:00 2001 From: Mitchell Chambers Date: Tue, 28 May 2024 10:48:48 +1000 Subject: [PATCH 09/32] set hash and array data validation for params --- manifests/init.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index eaef8314..abdfd85c 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -412,7 +412,7 @@ Stdlib::Absolutepath $confdir = $puppetdb::params::confdir, Stdlib::Absolutepath $vardir = $puppetdb::params::vardir, Boolean $manage_firewall = $puppetdb::params::manage_firewall, - $java_args = $puppetdb::params::java_args, + Hash $java_args = $puppetdb::params::java_args, Boolean $merge_default_java_args = $puppetdb::params::merge_default_java_args, $max_threads = $puppetdb::params::max_threads, $command_threads = $puppetdb::params::command_threads, @@ -421,7 +421,7 @@ $temp_usage = $puppetdb::params::temp_usage, $disable_update_checking = $puppetdb::params::disable_update_checking, Stdlib::Absolutepath $certificate_whitelist_file = $puppetdb::params::certificate_whitelist_file, - $certificate_whitelist = $puppetdb::params::certificate_whitelist, + Array $certificate_whitelist = $puppetdb::params::certificate_whitelist, $database_max_pool_size = $puppetdb::params::database_max_pool_size, $read_database_max_pool_size = $puppetdb::params::read_database_max_pool_size, Boolean $automatic_dlo_cleanup = $puppetdb::params::automatic_dlo_cleanup, From 33be72e50d3fced319b0514b38a444feaba935e7 Mon Sep 17 00:00:00 2001 From: Mitchell Chambers Date: Tue, 28 May 2024 12:04:16 +1000 Subject: [PATCH 10/32] set String data validation for params --- manifests/init.pp | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index abdfd85c..b6f67657 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -376,14 +376,14 @@ Boolean $manage_database = $puppetdb::params::manage_database, Boolean $manage_package_repo = $puppetdb::params::manage_pg_repo, $postgres_version = $puppetdb::params::postgres_version, - $database_host = $puppetdb::params::database_host, + String[1] $database_host = $puppetdb::params::database_host, Stdlib::Port $database_port = $puppetdb::params::database_port, - $database_username = $puppetdb::params::database_username, + String[1] $database_username = $puppetdb::params::database_username, Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, - $database_name = $puppetdb::params::database_name, + String[1] $database_name = $puppetdb::params::database_name, Boolean $manage_db_password = $puppetdb::params::manage_db_password, - $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, - $database_listen_address = $puppetdb::params::postgres_listen_addresses, + String $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, + String[1] $database_listen_address = $puppetdb::params::postgres_listen_addresses, Boolean $database_validate = $puppetdb::params::database_validate, $node_ttl = $puppetdb::params::node_ttl, $node_purge_ttl = $puppetdb::params::node_purge_ttl, @@ -393,19 +393,19 @@ Integer $node_purge_gc_batch_limit = $puppetdb::params::node_purge_gc_batch_limit, Integer $conn_max_age = $puppetdb::params::conn_max_age, Integer $conn_lifetime = $puppetdb::params::conn_lifetime, - $puppetdb_package = $puppetdb::params::puppetdb_package, - $puppetdb_service = $puppetdb::params::puppetdb_service, + String[1] $puppetdb_package = $puppetdb::params::puppetdb_package, + String[1] $puppetdb_service = $puppetdb::params::puppetdb_service, $puppetdb_service_status = $puppetdb::params::puppetdb_service_status, - $puppetdb_user = $puppetdb::params::puppetdb_user, - $puppetdb_group = $puppetdb::params::puppetdb_group, - $puppetdb_server = $puppetdb::params::puppetdb_server, + String[1] $puppetdb_user = $puppetdb::params::puppetdb_user, + String[1] $puppetdb_group = $puppetdb::params::puppetdb_group, + String[1] $puppetdb_server = $puppetdb::params::puppetdb_server, $read_database_host = $puppetdb::params::read_database_host, Stdlib::Port $read_database_port = $puppetdb::params::read_database_port, - $read_database_username = $puppetdb::params::read_database_username, + String[1] $read_database_username = $puppetdb::params::read_database_username, Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, - $read_database_name = $puppetdb::params::read_database_name, + String[1] $read_database_name = $puppetdb::params::read_database_name, Boolean $manage_read_db_password = $puppetdb::params::manage_read_db_password, - $read_database_jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties, + String $read_database_jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties, Boolean $read_database_validate = $puppetdb::params::read_database_validate, Integer $read_conn_max_age = $puppetdb::params::read_conn_max_age, Integer $read_conn_lifetime = $puppetdb::params::read_conn_lifetime, From 6386cdec362a56270f5c331b52d34b0b4cce9b51 Mon Sep 17 00:00:00 2001 From: Mitchell Chambers Date: Wed, 29 May 2024 14:45:05 +1000 Subject: [PATCH 11/32] set string, enum and optional data types --- manifests/init.pp | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index b6f67657..625a72c5 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -346,11 +346,11 @@ # PostgreSQL password authentication method, either `md5` or `scram-sha-256` # class puppetdb ( - $listen_address = $puppetdb::params::listen_address, + String[1] $listen_address = $puppetdb::params::listen_address, Stdlib::Port $listen_port = $puppetdb::params::listen_port, Boolean $disable_cleartext = $puppetdb::params::disable_cleartext, Boolean $open_listen_port = $puppetdb::params::open_listen_port, - $ssl_listen_address = $puppetdb::params::ssl_listen_address, + Variant[Stdlib::Ip::Address, String[1]] $ssl_listen_address = $puppetdb::params::ssl_listen_address, Stdlib::Port $ssl_listen_port = $puppetdb::params::ssl_listen_port, Boolean $disable_ssl = $puppetdb::params::disable_ssl, Optional[Boolean] $open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port, @@ -361,21 +361,21 @@ Stdlib::Absolutepath $ssl_key_pk8_path = $puppetdb::params::ssl_key_pk8_path, Stdlib::Absolutepath $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path, Boolean $ssl_deploy_certs = $puppetdb::params::ssl_deploy_certs, - $ssl_key = $puppetdb::params::ssl_key, - $ssl_cert = $puppetdb::params::ssl_cert, - $ssl_ca_cert = $puppetdb::params::ssl_ca_cert, - $ssl_protocols = $puppetdb::params::ssl_protocols, + Optional $ssl_key = $puppetdb::params::ssl_key, + Optional $ssl_cert = $puppetdb::params::ssl_cert, + Optional $ssl_ca_cert = $puppetdb::params::ssl_ca_cert, + Optional $ssl_protocols = $puppetdb::params::ssl_protocols, Boolean $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, Stdlib::Absolutepath $postgresql_ssl_folder = $puppetdb::params::postgresql_ssl_folder, Stdlib::Absolutepath $postgresql_ssl_cert_path = $puppetdb::params::postgresql_ssl_cert_path, Stdlib::Absolutepath $postgresql_ssl_key_path = $puppetdb::params::postgresql_ssl_key_path, Stdlib::Absolutepath $postgresql_ssl_ca_cert_path = $puppetdb::params::postgresql_ssl_ca_cert_path, - $cipher_suites = $puppetdb::params::cipher_suites, + Optional $cipher_suites = $puppetdb::params::cipher_suites, Boolean $migrate = $puppetdb::params::migrate, Boolean $manage_dbserver = $puppetdb::params::manage_dbserver, Boolean $manage_database = $puppetdb::params::manage_database, Boolean $manage_package_repo = $puppetdb::params::manage_pg_repo, - $postgres_version = $puppetdb::params::postgres_version, + String[2,3] $postgres_version = $puppetdb::params::postgres_version, String[1] $database_host = $puppetdb::params::database_host, Stdlib::Port $database_port = $puppetdb::params::database_port, String[1] $database_username = $puppetdb::params::database_username, @@ -395,11 +395,11 @@ Integer $conn_lifetime = $puppetdb::params::conn_lifetime, String[1] $puppetdb_package = $puppetdb::params::puppetdb_package, String[1] $puppetdb_service = $puppetdb::params::puppetdb_service, - $puppetdb_service_status = $puppetdb::params::puppetdb_service_status, + Enum['running', 'true', 'stopped', 'false'] $puppetdb_service_status = $puppetdb::params::puppetdb_service_status, String[1] $puppetdb_user = $puppetdb::params::puppetdb_user, String[1] $puppetdb_group = $puppetdb::params::puppetdb_group, String[1] $puppetdb_server = $puppetdb::params::puppetdb_server, - $read_database_host = $puppetdb::params::read_database_host, + Optional[String[1]] $read_database_host = $puppetdb::params::read_database_host, Stdlib::Port $read_database_port = $puppetdb::params::read_database_port, String[1] $read_database_username = $puppetdb::params::read_database_username, Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, @@ -414,16 +414,16 @@ Boolean $manage_firewall = $puppetdb::params::manage_firewall, Hash $java_args = $puppetdb::params::java_args, Boolean $merge_default_java_args = $puppetdb::params::merge_default_java_args, - $max_threads = $puppetdb::params::max_threads, - $command_threads = $puppetdb::params::command_threads, - $concurrent_writes = $puppetdb::params::concurrent_writes, - $store_usage = $puppetdb::params::store_usage, - $temp_usage = $puppetdb::params::temp_usage, - $disable_update_checking = $puppetdb::params::disable_update_checking, + Optional $max_threads = $puppetdb::params::max_threads, + Optional $command_threads = $puppetdb::params::command_threads, + Optional $concurrent_writes = $puppetdb::params::concurrent_writes, + Optional $store_usage = $puppetdb::params::store_usage, + Optional $temp_usage = $puppetdb::params::temp_usage, + Optional $disable_update_checking = $puppetdb::params::disable_update_checking, Stdlib::Absolutepath $certificate_whitelist_file = $puppetdb::params::certificate_whitelist_file, Array $certificate_whitelist = $puppetdb::params::certificate_whitelist, - $database_max_pool_size = $puppetdb::params::database_max_pool_size, - $read_database_max_pool_size = $puppetdb::params::read_database_max_pool_size, + Optional $database_max_pool_size = $puppetdb::params::database_max_pool_size, + Optional $read_database_max_pool_size = $puppetdb::params::read_database_max_pool_size, Boolean $automatic_dlo_cleanup = $puppetdb::params::automatic_dlo_cleanup, String[1] $cleanup_timer_interval = $puppetdb::params::cleanup_timer_interval, Integer[1] $dlo_max_age = $puppetdb::params::dlo_max_age, From d8abfca237888b5ca42229a889d999ef72ec7356 Mon Sep 17 00:00:00 2001 From: Mitchell Chambers Date: Wed, 29 May 2024 18:16:28 +1000 Subject: [PATCH 12/32] add variant patterns for integers and port values as strings to support default param values --- manifests/database/postgresql.pp | 19 +++++++++++------- manifests/init.pp | 34 ++++++++++++++++---------------- 2 files changed, 29 insertions(+), 24 deletions(-) diff --git a/manifests/database/postgresql.pp b/manifests/database/postgresql.pp index a271633a..b613c828 100644 --- a/manifests/database/postgresql.pp +++ b/manifests/database/postgresql.pp @@ -91,6 +91,11 @@ Boolean $password_sensitive = false, Postgresql::Pg_password_encryption $password_encryption = $puppetdb::params::password_encryption, ) inherits puppetdb::params { + $port = case $database_port.is_a(String) { + true: { scanf($database_port, '%i')[0] } + default: { $database_port } + } + if $manage_server { class { 'postgresql::globals': manage_package_repo => $manage_package_repo, @@ -100,7 +105,7 @@ class { 'postgresql::server': ip_mask_allow_all_users => '0.0.0.0/0', listen_addresses => $listen_addresses, - port => $database_port, + port => $port, password_encryption => $password_encryption, } @@ -137,7 +142,7 @@ postgresql::server::extension { 'pg_trgm': database => $database_name, require => Postgresql::Server::Db[$database_name], - port => $database_port, + port => $port, } } } @@ -150,12 +155,12 @@ encoding => 'UTF8', locale => 'en_US.UTF-8', grant => 'all', - port => $database_port, + port => $port, } -> postgresql_psql { 'revoke all access on public schema': db => $database_name, - port => $database_port, + port => $port, command => 'REVOKE CREATE ON SCHEMA public FROM public', unless => "SELECT * FROM (SELECT has_schema_privilege('public', 'public', 'create') can_create) privs @@ -164,7 +169,7 @@ -> postgresql_psql { "grant all permissions to ${database_username}": db => $database_name, - port => $database_port, + port => $port, command => "GRANT CREATE ON SCHEMA public TO \"${database_username}\"", unless => "SELECT * FROM (SELECT has_schema_privilege('${database_username}', 'public', 'create') can_create) privs @@ -177,13 +182,13 @@ password_hash => postgresql::postgresql_password( $read_database_username, $read_database_password, $password_sensitive, $password_encryption), database_owner => $database_username, - database_port => $database_port, + database_port => $port, password_encryption => $password_encryption, } -> postgresql_psql { "grant ${read_database_username} role to ${database_username}": db => $database_name, - port => $database_port, + port => $port, command => "GRANT \"${read_database_username}\" TO \"${database_username}\"", unless => "SELECT oid, rolname FROM pg_roles WHERE pg_has_role( '${database_username}', oid, 'member') and rolname = '${read_database_username}'"; diff --git a/manifests/init.pp b/manifests/init.pp index 625a72c5..2e31cc27 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -346,12 +346,12 @@ # PostgreSQL password authentication method, either `md5` or `scram-sha-256` # class puppetdb ( - String[1] $listen_address = $puppetdb::params::listen_address, - Stdlib::Port $listen_port = $puppetdb::params::listen_port, + Stdlib::Host $listen_address = $puppetdb::params::listen_address, + Variant[Stdlib::Port, Pattern[/\A[0-9]+\Z/]] $listen_port = $puppetdb::params::listen_port, Boolean $disable_cleartext = $puppetdb::params::disable_cleartext, Boolean $open_listen_port = $puppetdb::params::open_listen_port, - Variant[Stdlib::Ip::Address, String[1]] $ssl_listen_address = $puppetdb::params::ssl_listen_address, - Stdlib::Port $ssl_listen_port = $puppetdb::params::ssl_listen_port, + Stdlib::Host $ssl_listen_address = $puppetdb::params::ssl_listen_address, + Variant[Stdlib::Port, Pattern[/\A[0-9]+\Z/]] $ssl_listen_port = $puppetdb::params::ssl_listen_port, Boolean $disable_ssl = $puppetdb::params::disable_ssl, Optional[Boolean] $open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port, Stdlib::Absolutepath $ssl_dir = $puppetdb::params::ssl_dir, @@ -376,8 +376,8 @@ Boolean $manage_database = $puppetdb::params::manage_database, Boolean $manage_package_repo = $puppetdb::params::manage_pg_repo, String[2,3] $postgres_version = $puppetdb::params::postgres_version, - String[1] $database_host = $puppetdb::params::database_host, - Stdlib::Port $database_port = $puppetdb::params::database_port, + Stdlib::Host $database_host = $puppetdb::params::database_host, + Variant[Stdlib::Port, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port, String[1] $database_username = $puppetdb::params::database_username, Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, String[1] $database_name = $puppetdb::params::database_name, @@ -385,30 +385,30 @@ String $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, String[1] $database_listen_address = $puppetdb::params::postgres_listen_addresses, Boolean $database_validate = $puppetdb::params::database_validate, - $node_ttl = $puppetdb::params::node_ttl, - $node_purge_ttl = $puppetdb::params::node_purge_ttl, - $report_ttl = $puppetdb::params::report_ttl, + Pattern[/\A[0-9dhms]+\Z/] $node_ttl = $puppetdb::params::node_ttl, + Pattern[/\A[0-9dhms]+\Z/] $node_purge_ttl = $puppetdb::params::node_purge_ttl, + Pattern[/\A[0-9dhms]+\Z/] $report_ttl = $puppetdb::params::report_ttl, Optional[Array] $facts_blacklist = $puppetdb::params::facts_blacklist, - Integer $gc_interval = $puppetdb::params::gc_interval, - Integer $node_purge_gc_batch_limit = $puppetdb::params::node_purge_gc_batch_limit, - Integer $conn_max_age = $puppetdb::params::conn_max_age, - Integer $conn_lifetime = $puppetdb::params::conn_lifetime, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $gc_interval = $puppetdb::params::gc_interval, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $node_purge_gc_batch_limit = $puppetdb::params::node_purge_gc_batch_limit, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_max_age = $puppetdb::params::conn_max_age, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_lifetime = $puppetdb::params::conn_lifetime, String[1] $puppetdb_package = $puppetdb::params::puppetdb_package, String[1] $puppetdb_service = $puppetdb::params::puppetdb_service, Enum['running', 'true', 'stopped', 'false'] $puppetdb_service_status = $puppetdb::params::puppetdb_service_status, String[1] $puppetdb_user = $puppetdb::params::puppetdb_user, String[1] $puppetdb_group = $puppetdb::params::puppetdb_group, String[1] $puppetdb_server = $puppetdb::params::puppetdb_server, - Optional[String[1]] $read_database_host = $puppetdb::params::read_database_host, - Stdlib::Port $read_database_port = $puppetdb::params::read_database_port, + Optional[Stdlib::Host] $read_database_host = $puppetdb::params::read_database_host, + Variant[Stdlib::Port, Pattern[/\A[0-9]+\Z/]] $read_database_port = $puppetdb::params::read_database_port, String[1] $read_database_username = $puppetdb::params::read_database_username, Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, String[1] $read_database_name = $puppetdb::params::read_database_name, Boolean $manage_read_db_password = $puppetdb::params::manage_read_db_password, String $read_database_jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties, Boolean $read_database_validate = $puppetdb::params::read_database_validate, - Integer $read_conn_max_age = $puppetdb::params::read_conn_max_age, - Integer $read_conn_lifetime = $puppetdb::params::read_conn_lifetime, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $read_conn_max_age = $puppetdb::params::read_conn_max_age, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $read_conn_lifetime = $puppetdb::params::read_conn_lifetime, Stdlib::Absolutepath $confdir = $puppetdb::params::confdir, Stdlib::Absolutepath $vardir = $puppetdb::params::vardir, Boolean $manage_firewall = $puppetdb::params::manage_firewall, From d289f2820a4a828e1fd9b5716556165fd8c4d2cb Mon Sep 17 00:00:00 2001 From: Mitchell Chambers Date: Wed, 29 May 2024 18:16:56 +1000 Subject: [PATCH 13/32] restore original params values --- manifests/params.pp | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index a035ce7a..5f19dfd0 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -3,11 +3,11 @@ # @api private class puppetdb::params inherits puppetdb::globals { $listen_address = 'localhost' - $listen_port = 8080 + $listen_port = '8080' $disable_cleartext = false $open_listen_port = false $ssl_listen_address = '0.0.0.0' - $ssl_listen_port = 8081 + $ssl_listen_port = '8081' $ssl_protocols = undef $disable_ssl = false $cipher_suites = undef @@ -33,7 +33,7 @@ } $database_host = 'localhost' - $database_port = 5432 + $database_port = '5432' $database_name = 'puppetdb' $database_username = 'puppetdb' $database_password = 'puppetdb' @@ -51,26 +51,26 @@ $facts_blacklist = undef - $gc_interval = 60 - $node_purge_gc_batch_limit = 25 + $gc_interval = '60' + $node_purge_gc_batch_limit = '25' - $conn_max_age = 60 - $conn_lifetime = 0 + $conn_max_age = '60' + $conn_lifetime = '0' $max_threads = undef $migrate = true # These settings are for the read database $read_database_host = undef - $read_database_port = 5432 + $read_database_port = '5432' $read_database_name = 'puppetdb' $read_database_username = 'puppetdb-read' $read_database_password = 'puppetdb-read' $manage_read_db_password = true $read_database_jdbc_ssl_properties = '' $read_database_validate = true - $read_conn_max_age = 60 - $read_conn_lifetime = 0 + $read_conn_max_age = '60' + $read_conn_lifetime = '0' $read_database_max_pool_size = undef $manage_firewall = true From 02a4abd798de71ad97fc9a594cc565dc69378c6c Mon Sep 17 00:00:00 2001 From: Mitchell Chambers Date: Wed, 29 May 2024 18:31:20 +1000 Subject: [PATCH 14/32] restore original postgresql_spec params --- spec/unit/classes/database/postgresql_spec.rb | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/spec/unit/classes/database/postgresql_spec.rb b/spec/unit/classes/database/postgresql_spec.rb index c4a0be54..74fd63b9 100644 --- a/spec/unit/classes/database/postgresql_spec.rb +++ b/spec/unit/classes/database/postgresql_spec.rb @@ -51,7 +51,7 @@ database_password: 'puppetdb', read_database_username: 'puppetdb-read', read_database_password: 'puppetdb-read', - database_port: 5432, + database_port: '5432', } end @@ -61,7 +61,7 @@ user: params[:database_username], password: params[:database_password], grant: 'all', - port: params[:database_port], + port: params[:database_port].to_i, encoding: 'UTF8', locale: 'en_US.UTF-8', ) @@ -72,7 +72,7 @@ .that_requires("Postgresql::Server::Db[#{params[:database_name]}]") .with( db: params[:database_name], - port: params[:database_port], + port: params[:database_port].to_i, command: 'REVOKE CREATE ON SCHEMA public FROM public', unless: "SELECT * FROM (SELECT has_schema_privilege('public', 'public', 'create') can_create) privs @@ -86,7 +86,7 @@ .that_comes_before("Puppetdb::Database::Read_only_user[#{params[:read_database_username]}]") .with( db: params[:database_name], - port: params[:database_port], + port: params[:database_port].to_i, command: "GRANT CREATE ON SCHEMA public TO \"#{params[:database_username]}\"", unless: "SELECT * FROM (SELECT has_schema_privilege('#{params[:database_username]}', 'public', 'create') can_create) privs @@ -102,7 +102,7 @@ database_name: params[:database_name], password_hash: %r{^(md5|SCRAM)}, # TODO: mock properly database_owner: params[:database_username], - database_port: params[:database_port], + database_port: params[:database_port].to_i, } end end @@ -112,7 +112,7 @@ .that_requires("Puppetdb::Database::Read_only_user[#{params[:read_database_username]}]") .with( db: params[:database_name], - port: params[:database_port], + port: params[:database_port].to_i, command: "GRANT \"#{params[:read_database_username]}\" TO \"#{params[:database_username]}\"", unless: "SELECT oid, rolname FROM pg_roles WHERE pg_has_role( '#{params[:database_username]}', oid, 'member') and rolname = '#{params[:read_database_username]}'", From b2d78418dc62aec81507d77809a18780ddac186b Mon Sep 17 00:00:00 2001 From: Mitchell Chambers Date: Thu, 30 May 2024 15:33:19 +1000 Subject: [PATCH 15/32] confine ports to unprivileged values --- manifests/init.pp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 2e31cc27..abb7c740 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -347,11 +347,11 @@ # class puppetdb ( Stdlib::Host $listen_address = $puppetdb::params::listen_address, - Variant[Stdlib::Port, Pattern[/\A[0-9]+\Z/]] $listen_port = $puppetdb::params::listen_port, + Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $listen_port = $puppetdb::params::listen_port, Boolean $disable_cleartext = $puppetdb::params::disable_cleartext, Boolean $open_listen_port = $puppetdb::params::open_listen_port, Stdlib::Host $ssl_listen_address = $puppetdb::params::ssl_listen_address, - Variant[Stdlib::Port, Pattern[/\A[0-9]+\Z/]] $ssl_listen_port = $puppetdb::params::ssl_listen_port, + Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $ssl_listen_port = $puppetdb::params::ssl_listen_port, Boolean $disable_ssl = $puppetdb::params::disable_ssl, Optional[Boolean] $open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port, Stdlib::Absolutepath $ssl_dir = $puppetdb::params::ssl_dir, @@ -377,7 +377,7 @@ Boolean $manage_package_repo = $puppetdb::params::manage_pg_repo, String[2,3] $postgres_version = $puppetdb::params::postgres_version, Stdlib::Host $database_host = $puppetdb::params::database_host, - Variant[Stdlib::Port, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port, + Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port, String[1] $database_username = $puppetdb::params::database_username, Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, String[1] $database_name = $puppetdb::params::database_name, @@ -400,7 +400,7 @@ String[1] $puppetdb_group = $puppetdb::params::puppetdb_group, String[1] $puppetdb_server = $puppetdb::params::puppetdb_server, Optional[Stdlib::Host] $read_database_host = $puppetdb::params::read_database_host, - Variant[Stdlib::Port, Pattern[/\A[0-9]+\Z/]] $read_database_port = $puppetdb::params::read_database_port, + Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $read_database_port = $puppetdb::params::read_database_port, String[1] $read_database_username = $puppetdb::params::read_database_username, Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, String[1] $read_database_name = $puppetdb::params::read_database_name, From 84b2d7944777baa4282370d1af4d0231b9bb872c Mon Sep 17 00:00:00 2001 From: Mitchell Chambers Date: Fri, 31 May 2024 11:14:52 +1000 Subject: [PATCH 16/32] set data type assertions for server params --- manifests/server.pp | 146 ++++++++++++++++++++++---------------------- 1 file changed, 73 insertions(+), 73 deletions(-) diff --git a/manifests/server.pp b/manifests/server.pp index e6a708d3..90974ab7 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -311,79 +311,79 @@ # java binary path for PuppetDB. If undef, default will be used. # class puppetdb::server ( - $listen_address = $puppetdb::params::listen_address, - $listen_port = $puppetdb::params::listen_port, - $disable_cleartext = $puppetdb::params::disable_cleartext, - $open_listen_port = $puppetdb::params::open_listen_port, - $ssl_listen_address = $puppetdb::params::ssl_listen_address, - $ssl_listen_port = $puppetdb::params::ssl_listen_port, - $disable_ssl = $puppetdb::params::disable_ssl, - $open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port, - Stdlib::Absolutepath $ssl_dir = $puppetdb::params::ssl_dir, - Boolean $ssl_set_cert_paths = $puppetdb::params::ssl_set_cert_paths, - Stdlib::Absolutepath $ssl_cert_path = $puppetdb::params::ssl_cert_path, - Stdlib::Absolutepath $ssl_key_path = $puppetdb::params::ssl_key_path, - Stdlib::Absolutepath $ssl_key_pk8_path = $puppetdb::params::ssl_key_pk8_path, - Stdlib::Absolutepath $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path, - Boolean $ssl_deploy_certs = $puppetdb::params::ssl_deploy_certs, - $ssl_key = $puppetdb::params::ssl_key, - $ssl_cert = $puppetdb::params::ssl_cert, - $ssl_ca_cert = $puppetdb::params::ssl_ca_cert, - $ssl_protocols = $puppetdb::params::ssl_protocols, - $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, - $cipher_suites = $puppetdb::params::cipher_suites, - $migrate = $puppetdb::params::migrate, - $database_host = $puppetdb::params::database_host, - $database_port = $puppetdb::params::database_port, - $database_username = $puppetdb::params::database_username, - Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, - $database_name = $puppetdb::params::database_name, - $manage_db_password = $puppetdb::params::manage_db_password, - $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, - $database_validate = $puppetdb::params::database_validate, - $node_ttl = $puppetdb::params::node_ttl, - $node_purge_ttl = $puppetdb::params::node_purge_ttl, - $report_ttl = $puppetdb::params::report_ttl, - Optional[Array] $facts_blacklist = $puppetdb::params::facts_blacklist, - $gc_interval = $puppetdb::params::gc_interval, - $node_purge_gc_batch_limit = $puppetdb::params::node_purge_gc_batch_limit, - $conn_max_age = $puppetdb::params::conn_max_age, - $conn_lifetime = $puppetdb::params::conn_lifetime, - $puppetdb_package = $puppetdb::params::puppetdb_package, - $puppetdb_service = $puppetdb::params::puppetdb_service, - $puppetdb_service_status = $puppetdb::params::puppetdb_service_status, - $puppetdb_user = $puppetdb::params::puppetdb_user, - $puppetdb_group = $puppetdb::params::puppetdb_group, - $read_database_host = $puppetdb::params::read_database_host, - $read_database_port = $puppetdb::params::read_database_port, - $read_database_username = $puppetdb::params::read_database_username, - Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, - $read_database_name = $puppetdb::params::read_database_name, - $manage_read_db_password = $puppetdb::params::manage_read_db_password, - $read_database_jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties, - $read_database_validate = $puppetdb::params::read_database_validate, - $read_conn_max_age = $puppetdb::params::read_conn_max_age, - $read_conn_lifetime = $puppetdb::params::read_conn_lifetime, - $confdir = $puppetdb::params::confdir, - $vardir = $puppetdb::params::vardir, - $manage_firewall = $puppetdb::params::manage_firewall, - $manage_database = $puppetdb::params::manage_database, - $java_args = $puppetdb::params::java_args, - $merge_default_java_args = $puppetdb::params::merge_default_java_args, - $max_threads = $puppetdb::params::max_threads, - $command_threads = $puppetdb::params::command_threads, - $concurrent_writes = $puppetdb::params::concurrent_writes, - $store_usage = $puppetdb::params::store_usage, - $temp_usage = $puppetdb::params::temp_usage, - $disable_update_checking = $puppetdb::params::disable_update_checking, - $certificate_whitelist_file = $puppetdb::params::certificate_whitelist_file, - $certificate_whitelist = $puppetdb::params::certificate_whitelist, - $database_max_pool_size = $puppetdb::params::database_max_pool_size, - $read_database_max_pool_size = $puppetdb::params::read_database_max_pool_size, - Boolean $automatic_dlo_cleanup = $puppetdb::params::automatic_dlo_cleanup, - String[1] $cleanup_timer_interval = $puppetdb::params::cleanup_timer_interval, - Integer[1] $dlo_max_age = $puppetdb::params::dlo_max_age, - Optional[Stdlib::Absolutepath] $java_bin = $puppetdb::params::java_bin, + Stdlib::Host $listen_address = $puppetdb::params::listen_address, + Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $listen_port = $puppetdb::params::listen_port, + Boolean $disable_cleartext = $puppetdb::params::disable_cleartext, + Boolean $open_listen_port = $puppetdb::params::open_listen_port, + Stdlib::Host $ssl_listen_address = $puppetdb::params::ssl_listen_address, + Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $ssl_listen_port = $puppetdb::params::ssl_listen_port, + Boolean $disable_ssl = $puppetdb::params::disable_ssl, + Optional[Boolean] $open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port, + Stdlib::Absolutepath $ssl_dir = $puppetdb::params::ssl_dir, + Boolean $ssl_set_cert_paths = $puppetdb::params::ssl_set_cert_paths, + Stdlib::Absolutepath $ssl_cert_path = $puppetdb::params::ssl_cert_path, + Stdlib::Absolutepath $ssl_key_path = $puppetdb::params::ssl_key_path, + Stdlib::Absolutepath $ssl_key_pk8_path = $puppetdb::params::ssl_key_pk8_path, + Stdlib::Absolutepath $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path, + Boolean $ssl_deploy_certs = $puppetdb::params::ssl_deploy_certs, + Optional $ssl_key = $puppetdb::params::ssl_key, + Optional $ssl_cert = $puppetdb::params::ssl_cert, + Optional $ssl_ca_cert = $puppetdb::params::ssl_ca_cert, + Optional $ssl_protocols = $puppetdb::params::ssl_protocols, + Boolean $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, + Optional $cipher_suites = $puppetdb::params::cipher_suites, + Boolean $migrate = $puppetdb::params::migrate, + Stdlib::Host $database_host = $puppetdb::params::database_host, + Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port, + String[1] $database_username = $puppetdb::params::database_username, + Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, + String[1] $database_name = $puppetdb::params::database_name, + Boolean $manage_db_password = $puppetdb::params::manage_db_password, + String $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, + Boolean $database_validate = $puppetdb::params::database_validate, + Pattern[/\A[0-9dhms]+\Z/] $node_ttl = $puppetdb::params::node_ttl, + Pattern[/\A[0-9dhms]+\Z/] $node_purge_ttl = $puppetdb::params::node_purge_ttl, + Pattern[/\A[0-9dhms]+\Z/] $report_ttl = $puppetdb::params::report_ttl, + Optional[Array] $facts_blacklist = $puppetdb::params::facts_blacklist, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $gc_interval = $puppetdb::params::gc_interval, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $node_purge_gc_batch_limit = $puppetdb::params::node_purge_gc_batch_limit, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_max_age = $puppetdb::params::conn_max_age, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_lifetime = $puppetdb::params::conn_lifetime, + String[1] $puppetdb_package = $puppetdb::params::puppetdb_package, + String[1] $puppetdb_service = $puppetdb::params::puppetdb_service, + Enum['running', 'true', 'stopped', 'false'] $puppetdb_service_status = $puppetdb::params::puppetdb_service_status, + String[1] $puppetdb_user = $puppetdb::params::puppetdb_user, + String[1] $puppetdb_group = $puppetdb::params::puppetdb_group, + Optional[Stdlib::Host] $read_database_host = $puppetdb::params::read_database_host, + Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $read_database_port = $puppetdb::params::read_database_port, + String[1] $read_database_username = $puppetdb::params::read_database_username, + Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, + String[1] $read_database_name = $puppetdb::params::read_database_name, + Boolean $manage_read_db_password = $puppetdb::params::manage_read_db_password, + String $read_database_jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties, + Boolean $read_database_validate = $puppetdb::params::read_database_validate, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $read_conn_max_age = $puppetdb::params::read_conn_max_age, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $read_conn_lifetime = $puppetdb::params::read_conn_lifetime, + Stdlib::Absolutepath $confdir = $puppetdb::params::confdir, + Stdlib::Absolutepath $vardir = $puppetdb::params::vardir, + Boolean $manage_firewall = $puppetdb::params::manage_firewall, + Boolean $manage_database = $puppetdb::params::manage_database, + Hash $java_args = $puppetdb::params::java_args, + Boolean $merge_default_java_args = $puppetdb::params::merge_default_java_args, + Optional $max_threads = $puppetdb::params::max_threads, + Optional $command_threads = $puppetdb::params::command_threads, + Optional $concurrent_writes = $puppetdb::params::concurrent_writes, + Optional $store_usage = $puppetdb::params::store_usage, + Optional $temp_usage = $puppetdb::params::temp_usage, + Optional $disable_update_checking = $puppetdb::params::disable_update_checking, + Stdlib::Absolutepath $certificate_whitelist_file = $puppetdb::params::certificate_whitelist_file, + Array $certificate_whitelist = $puppetdb::params::certificate_whitelist, + Optional $database_max_pool_size = $puppetdb::params::database_max_pool_size, + Optional $read_database_max_pool_size = $puppetdb::params::read_database_max_pool_size, + Boolean $automatic_dlo_cleanup = $puppetdb::params::automatic_dlo_cleanup, + String[1] $cleanup_timer_interval = $puppetdb::params::cleanup_timer_interval, + Integer[1] $dlo_max_age = $puppetdb::params::dlo_max_age, + Optional[Stdlib::Absolutepath] $java_bin = $puppetdb::params::java_bin, ) inherits puppetdb::params { # Apply necessary suffix if zero is specified. # Can we drop this in the next major release? From 94fd6348ad859ce2f7955e321ea4c77ae8e6ccc5 Mon Sep 17 00:00:00 2001 From: Mitchell Chambers Date: Fri, 31 May 2024 11:23:35 +1000 Subject: [PATCH 17/32] style: align parameters --- manifests/init.pp | 166 ++++++++++++++++++++++---------------------- manifests/server.pp | 146 +++++++++++++++++++------------------- 2 files changed, 156 insertions(+), 156 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index abb7c740..b969c7b1 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -346,89 +346,89 @@ # PostgreSQL password authentication method, either `md5` or `scram-sha-256` # class puppetdb ( - Stdlib::Host $listen_address = $puppetdb::params::listen_address, - Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $listen_port = $puppetdb::params::listen_port, - Boolean $disable_cleartext = $puppetdb::params::disable_cleartext, - Boolean $open_listen_port = $puppetdb::params::open_listen_port, - Stdlib::Host $ssl_listen_address = $puppetdb::params::ssl_listen_address, - Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $ssl_listen_port = $puppetdb::params::ssl_listen_port, - Boolean $disable_ssl = $puppetdb::params::disable_ssl, - Optional[Boolean] $open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port, - Stdlib::Absolutepath $ssl_dir = $puppetdb::params::ssl_dir, - Boolean $ssl_set_cert_paths = $puppetdb::params::ssl_set_cert_paths, - Stdlib::Absolutepath $ssl_cert_path = $puppetdb::params::ssl_cert_path, - Stdlib::Absolutepath $ssl_key_path = $puppetdb::params::ssl_key_path, - Stdlib::Absolutepath $ssl_key_pk8_path = $puppetdb::params::ssl_key_pk8_path, - Stdlib::Absolutepath $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path, - Boolean $ssl_deploy_certs = $puppetdb::params::ssl_deploy_certs, - Optional $ssl_key = $puppetdb::params::ssl_key, - Optional $ssl_cert = $puppetdb::params::ssl_cert, - Optional $ssl_ca_cert = $puppetdb::params::ssl_ca_cert, - Optional $ssl_protocols = $puppetdb::params::ssl_protocols, - Boolean $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, - Stdlib::Absolutepath $postgresql_ssl_folder = $puppetdb::params::postgresql_ssl_folder, - Stdlib::Absolutepath $postgresql_ssl_cert_path = $puppetdb::params::postgresql_ssl_cert_path, - Stdlib::Absolutepath $postgresql_ssl_key_path = $puppetdb::params::postgresql_ssl_key_path, - Stdlib::Absolutepath $postgresql_ssl_ca_cert_path = $puppetdb::params::postgresql_ssl_ca_cert_path, - Optional $cipher_suites = $puppetdb::params::cipher_suites, - Boolean $migrate = $puppetdb::params::migrate, - Boolean $manage_dbserver = $puppetdb::params::manage_dbserver, - Boolean $manage_database = $puppetdb::params::manage_database, - Boolean $manage_package_repo = $puppetdb::params::manage_pg_repo, - String[2,3] $postgres_version = $puppetdb::params::postgres_version, - Stdlib::Host $database_host = $puppetdb::params::database_host, - Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port, - String[1] $database_username = $puppetdb::params::database_username, - Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, - String[1] $database_name = $puppetdb::params::database_name, - Boolean $manage_db_password = $puppetdb::params::manage_db_password, - String $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, - String[1] $database_listen_address = $puppetdb::params::postgres_listen_addresses, - Boolean $database_validate = $puppetdb::params::database_validate, - Pattern[/\A[0-9dhms]+\Z/] $node_ttl = $puppetdb::params::node_ttl, - Pattern[/\A[0-9dhms]+\Z/] $node_purge_ttl = $puppetdb::params::node_purge_ttl, - Pattern[/\A[0-9dhms]+\Z/] $report_ttl = $puppetdb::params::report_ttl, - Optional[Array] $facts_blacklist = $puppetdb::params::facts_blacklist, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $gc_interval = $puppetdb::params::gc_interval, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $node_purge_gc_batch_limit = $puppetdb::params::node_purge_gc_batch_limit, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_max_age = $puppetdb::params::conn_max_age, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_lifetime = $puppetdb::params::conn_lifetime, - String[1] $puppetdb_package = $puppetdb::params::puppetdb_package, - String[1] $puppetdb_service = $puppetdb::params::puppetdb_service, - Enum['running', 'true', 'stopped', 'false'] $puppetdb_service_status = $puppetdb::params::puppetdb_service_status, - String[1] $puppetdb_user = $puppetdb::params::puppetdb_user, - String[1] $puppetdb_group = $puppetdb::params::puppetdb_group, - String[1] $puppetdb_server = $puppetdb::params::puppetdb_server, - Optional[Stdlib::Host] $read_database_host = $puppetdb::params::read_database_host, - Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $read_database_port = $puppetdb::params::read_database_port, - String[1] $read_database_username = $puppetdb::params::read_database_username, - Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, - String[1] $read_database_name = $puppetdb::params::read_database_name, - Boolean $manage_read_db_password = $puppetdb::params::manage_read_db_password, - String $read_database_jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties, - Boolean $read_database_validate = $puppetdb::params::read_database_validate, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $read_conn_max_age = $puppetdb::params::read_conn_max_age, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $read_conn_lifetime = $puppetdb::params::read_conn_lifetime, - Stdlib::Absolutepath $confdir = $puppetdb::params::confdir, - Stdlib::Absolutepath $vardir = $puppetdb::params::vardir, - Boolean $manage_firewall = $puppetdb::params::manage_firewall, - Hash $java_args = $puppetdb::params::java_args, - Boolean $merge_default_java_args = $puppetdb::params::merge_default_java_args, - Optional $max_threads = $puppetdb::params::max_threads, - Optional $command_threads = $puppetdb::params::command_threads, - Optional $concurrent_writes = $puppetdb::params::concurrent_writes, - Optional $store_usage = $puppetdb::params::store_usage, - Optional $temp_usage = $puppetdb::params::temp_usage, - Optional $disable_update_checking = $puppetdb::params::disable_update_checking, - Stdlib::Absolutepath $certificate_whitelist_file = $puppetdb::params::certificate_whitelist_file, - Array $certificate_whitelist = $puppetdb::params::certificate_whitelist, - Optional $database_max_pool_size = $puppetdb::params::database_max_pool_size, - Optional $read_database_max_pool_size = $puppetdb::params::read_database_max_pool_size, - Boolean $automatic_dlo_cleanup = $puppetdb::params::automatic_dlo_cleanup, - String[1] $cleanup_timer_interval = $puppetdb::params::cleanup_timer_interval, - Integer[1] $dlo_max_age = $puppetdb::params::dlo_max_age, - Postgresql::Pg_password_encryption $postgresql_password_encryption = $puppetdb::params::password_encryption, - Optional[Stdlib::Absolutepath] $java_bin = $puppetdb::params::java_bin, + Stdlib::Host $listen_address = $puppetdb::params::listen_address, + Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $listen_port = $puppetdb::params::listen_port, + Boolean $disable_cleartext = $puppetdb::params::disable_cleartext, + Boolean $open_listen_port = $puppetdb::params::open_listen_port, + Stdlib::Host $ssl_listen_address = $puppetdb::params::ssl_listen_address, + Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $ssl_listen_port = $puppetdb::params::ssl_listen_port, + Boolean $disable_ssl = $puppetdb::params::disable_ssl, + Optional[Boolean] $open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port, + Stdlib::Absolutepath $ssl_dir = $puppetdb::params::ssl_dir, + Boolean $ssl_set_cert_paths = $puppetdb::params::ssl_set_cert_paths, + Stdlib::Absolutepath $ssl_cert_path = $puppetdb::params::ssl_cert_path, + Stdlib::Absolutepath $ssl_key_path = $puppetdb::params::ssl_key_path, + Stdlib::Absolutepath $ssl_key_pk8_path = $puppetdb::params::ssl_key_pk8_path, + Stdlib::Absolutepath $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path, + Boolean $ssl_deploy_certs = $puppetdb::params::ssl_deploy_certs, + Optional $ssl_key = $puppetdb::params::ssl_key, + Optional $ssl_cert = $puppetdb::params::ssl_cert, + Optional $ssl_ca_cert = $puppetdb::params::ssl_ca_cert, + Optional $ssl_protocols = $puppetdb::params::ssl_protocols, + Boolean $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, + Stdlib::Absolutepath $postgresql_ssl_folder = $puppetdb::params::postgresql_ssl_folder, + Stdlib::Absolutepath $postgresql_ssl_cert_path = $puppetdb::params::postgresql_ssl_cert_path, + Stdlib::Absolutepath $postgresql_ssl_key_path = $puppetdb::params::postgresql_ssl_key_path, + Stdlib::Absolutepath $postgresql_ssl_ca_cert_path = $puppetdb::params::postgresql_ssl_ca_cert_path, + Optional $cipher_suites = $puppetdb::params::cipher_suites, + Boolean $migrate = $puppetdb::params::migrate, + Boolean $manage_dbserver = $puppetdb::params::manage_dbserver, + Boolean $manage_database = $puppetdb::params::manage_database, + Boolean $manage_package_repo = $puppetdb::params::manage_pg_repo, + String[2,3] $postgres_version = $puppetdb::params::postgres_version, + Stdlib::Host $database_host = $puppetdb::params::database_host, + Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port, + String[1] $database_username = $puppetdb::params::database_username, + Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, + String[1] $database_name = $puppetdb::params::database_name, + Boolean $manage_db_password = $puppetdb::params::manage_db_password, + String $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, + String[1] $database_listen_address = $puppetdb::params::postgres_listen_addresses, + Boolean $database_validate = $puppetdb::params::database_validate, + Pattern[/\A[0-9dhms]+\Z/] $node_ttl = $puppetdb::params::node_ttl, + Pattern[/\A[0-9dhms]+\Z/] $node_purge_ttl = $puppetdb::params::node_purge_ttl, + Pattern[/\A[0-9dhms]+\Z/] $report_ttl = $puppetdb::params::report_ttl, + Optional[Array] $facts_blacklist = $puppetdb::params::facts_blacklist, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $gc_interval = $puppetdb::params::gc_interval, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $node_purge_gc_batch_limit = $puppetdb::params::node_purge_gc_batch_limit, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_max_age = $puppetdb::params::conn_max_age, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_lifetime = $puppetdb::params::conn_lifetime, + String[1] $puppetdb_package = $puppetdb::params::puppetdb_package, + String[1] $puppetdb_service = $puppetdb::params::puppetdb_service, + Enum['running', 'true', 'stopped', 'false'] $puppetdb_service_status = $puppetdb::params::puppetdb_service_status, + String[1] $puppetdb_user = $puppetdb::params::puppetdb_user, + String[1] $puppetdb_group = $puppetdb::params::puppetdb_group, + String[1] $puppetdb_server = $puppetdb::params::puppetdb_server, + Optional[Stdlib::Host] $read_database_host = $puppetdb::params::read_database_host, + Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $read_database_port = $puppetdb::params::read_database_port, + String[1] $read_database_username = $puppetdb::params::read_database_username, + Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, + String[1] $read_database_name = $puppetdb::params::read_database_name, + Boolean $manage_read_db_password = $puppetdb::params::manage_read_db_password, + String $read_database_jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties, + Boolean $read_database_validate = $puppetdb::params::read_database_validate, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $read_conn_max_age = $puppetdb::params::read_conn_max_age, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $read_conn_lifetime = $puppetdb::params::read_conn_lifetime, + Stdlib::Absolutepath $confdir = $puppetdb::params::confdir, + Stdlib::Absolutepath $vardir = $puppetdb::params::vardir, + Boolean $manage_firewall = $puppetdb::params::manage_firewall, + Hash $java_args = $puppetdb::params::java_args, + Boolean $merge_default_java_args = $puppetdb::params::merge_default_java_args, + Optional $max_threads = $puppetdb::params::max_threads, + Optional $command_threads = $puppetdb::params::command_threads, + Optional $concurrent_writes = $puppetdb::params::concurrent_writes, + Optional $store_usage = $puppetdb::params::store_usage, + Optional $temp_usage = $puppetdb::params::temp_usage, + Optional $disable_update_checking = $puppetdb::params::disable_update_checking, + Stdlib::Absolutepath $certificate_whitelist_file = $puppetdb::params::certificate_whitelist_file, + Array $certificate_whitelist = $puppetdb::params::certificate_whitelist, + Optional $database_max_pool_size = $puppetdb::params::database_max_pool_size, + Optional $read_database_max_pool_size = $puppetdb::params::read_database_max_pool_size, + Boolean $automatic_dlo_cleanup = $puppetdb::params::automatic_dlo_cleanup, + String[1] $cleanup_timer_interval = $puppetdb::params::cleanup_timer_interval, + Integer[1] $dlo_max_age = $puppetdb::params::dlo_max_age, + Postgresql::Pg_password_encryption $postgresql_password_encryption = $puppetdb::params::password_encryption, + Optional[Stdlib::Absolutepath] $java_bin = $puppetdb::params::java_bin, ) inherits puppetdb::params { class { 'puppetdb::server': listen_address => $listen_address, diff --git a/manifests/server.pp b/manifests/server.pp index 90974ab7..bf49fe68 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -311,79 +311,79 @@ # java binary path for PuppetDB. If undef, default will be used. # class puppetdb::server ( - Stdlib::Host $listen_address = $puppetdb::params::listen_address, - Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $listen_port = $puppetdb::params::listen_port, - Boolean $disable_cleartext = $puppetdb::params::disable_cleartext, - Boolean $open_listen_port = $puppetdb::params::open_listen_port, - Stdlib::Host $ssl_listen_address = $puppetdb::params::ssl_listen_address, - Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $ssl_listen_port = $puppetdb::params::ssl_listen_port, - Boolean $disable_ssl = $puppetdb::params::disable_ssl, - Optional[Boolean] $open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port, - Stdlib::Absolutepath $ssl_dir = $puppetdb::params::ssl_dir, - Boolean $ssl_set_cert_paths = $puppetdb::params::ssl_set_cert_paths, - Stdlib::Absolutepath $ssl_cert_path = $puppetdb::params::ssl_cert_path, - Stdlib::Absolutepath $ssl_key_path = $puppetdb::params::ssl_key_path, - Stdlib::Absolutepath $ssl_key_pk8_path = $puppetdb::params::ssl_key_pk8_path, - Stdlib::Absolutepath $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path, - Boolean $ssl_deploy_certs = $puppetdb::params::ssl_deploy_certs, - Optional $ssl_key = $puppetdb::params::ssl_key, - Optional $ssl_cert = $puppetdb::params::ssl_cert, - Optional $ssl_ca_cert = $puppetdb::params::ssl_ca_cert, - Optional $ssl_protocols = $puppetdb::params::ssl_protocols, - Boolean $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, - Optional $cipher_suites = $puppetdb::params::cipher_suites, - Boolean $migrate = $puppetdb::params::migrate, - Stdlib::Host $database_host = $puppetdb::params::database_host, - Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port, - String[1] $database_username = $puppetdb::params::database_username, - Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, - String[1] $database_name = $puppetdb::params::database_name, - Boolean $manage_db_password = $puppetdb::params::manage_db_password, - String $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, - Boolean $database_validate = $puppetdb::params::database_validate, - Pattern[/\A[0-9dhms]+\Z/] $node_ttl = $puppetdb::params::node_ttl, - Pattern[/\A[0-9dhms]+\Z/] $node_purge_ttl = $puppetdb::params::node_purge_ttl, - Pattern[/\A[0-9dhms]+\Z/] $report_ttl = $puppetdb::params::report_ttl, - Optional[Array] $facts_blacklist = $puppetdb::params::facts_blacklist, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $gc_interval = $puppetdb::params::gc_interval, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $node_purge_gc_batch_limit = $puppetdb::params::node_purge_gc_batch_limit, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_max_age = $puppetdb::params::conn_max_age, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_lifetime = $puppetdb::params::conn_lifetime, - String[1] $puppetdb_package = $puppetdb::params::puppetdb_package, - String[1] $puppetdb_service = $puppetdb::params::puppetdb_service, - Enum['running', 'true', 'stopped', 'false'] $puppetdb_service_status = $puppetdb::params::puppetdb_service_status, - String[1] $puppetdb_user = $puppetdb::params::puppetdb_user, - String[1] $puppetdb_group = $puppetdb::params::puppetdb_group, - Optional[Stdlib::Host] $read_database_host = $puppetdb::params::read_database_host, - Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $read_database_port = $puppetdb::params::read_database_port, - String[1] $read_database_username = $puppetdb::params::read_database_username, - Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, - String[1] $read_database_name = $puppetdb::params::read_database_name, - Boolean $manage_read_db_password = $puppetdb::params::manage_read_db_password, - String $read_database_jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties, - Boolean $read_database_validate = $puppetdb::params::read_database_validate, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $read_conn_max_age = $puppetdb::params::read_conn_max_age, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $read_conn_lifetime = $puppetdb::params::read_conn_lifetime, - Stdlib::Absolutepath $confdir = $puppetdb::params::confdir, - Stdlib::Absolutepath $vardir = $puppetdb::params::vardir, - Boolean $manage_firewall = $puppetdb::params::manage_firewall, - Boolean $manage_database = $puppetdb::params::manage_database, - Hash $java_args = $puppetdb::params::java_args, - Boolean $merge_default_java_args = $puppetdb::params::merge_default_java_args, - Optional $max_threads = $puppetdb::params::max_threads, - Optional $command_threads = $puppetdb::params::command_threads, - Optional $concurrent_writes = $puppetdb::params::concurrent_writes, - Optional $store_usage = $puppetdb::params::store_usage, - Optional $temp_usage = $puppetdb::params::temp_usage, - Optional $disable_update_checking = $puppetdb::params::disable_update_checking, - Stdlib::Absolutepath $certificate_whitelist_file = $puppetdb::params::certificate_whitelist_file, - Array $certificate_whitelist = $puppetdb::params::certificate_whitelist, - Optional $database_max_pool_size = $puppetdb::params::database_max_pool_size, - Optional $read_database_max_pool_size = $puppetdb::params::read_database_max_pool_size, - Boolean $automatic_dlo_cleanup = $puppetdb::params::automatic_dlo_cleanup, - String[1] $cleanup_timer_interval = $puppetdb::params::cleanup_timer_interval, - Integer[1] $dlo_max_age = $puppetdb::params::dlo_max_age, - Optional[Stdlib::Absolutepath] $java_bin = $puppetdb::params::java_bin, + Stdlib::Host $listen_address = $puppetdb::params::listen_address, + Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $listen_port = $puppetdb::params::listen_port, + Boolean $disable_cleartext = $puppetdb::params::disable_cleartext, + Boolean $open_listen_port = $puppetdb::params::open_listen_port, + Stdlib::Host $ssl_listen_address = $puppetdb::params::ssl_listen_address, + Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $ssl_listen_port = $puppetdb::params::ssl_listen_port, + Boolean $disable_ssl = $puppetdb::params::disable_ssl, + Optional[Boolean] $open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port, + Stdlib::Absolutepath $ssl_dir = $puppetdb::params::ssl_dir, + Boolean $ssl_set_cert_paths = $puppetdb::params::ssl_set_cert_paths, + Stdlib::Absolutepath $ssl_cert_path = $puppetdb::params::ssl_cert_path, + Stdlib::Absolutepath $ssl_key_path = $puppetdb::params::ssl_key_path, + Stdlib::Absolutepath $ssl_key_pk8_path = $puppetdb::params::ssl_key_pk8_path, + Stdlib::Absolutepath $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path, + Boolean $ssl_deploy_certs = $puppetdb::params::ssl_deploy_certs, + Optional $ssl_key = $puppetdb::params::ssl_key, + Optional $ssl_cert = $puppetdb::params::ssl_cert, + Optional $ssl_ca_cert = $puppetdb::params::ssl_ca_cert, + Optional $ssl_protocols = $puppetdb::params::ssl_protocols, + Boolean $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, + Optional $cipher_suites = $puppetdb::params::cipher_suites, + Boolean $migrate = $puppetdb::params::migrate, + Stdlib::Host $database_host = $puppetdb::params::database_host, + Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port, + String[1] $database_username = $puppetdb::params::database_username, + Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, + String[1] $database_name = $puppetdb::params::database_name, + Boolean $manage_db_password = $puppetdb::params::manage_db_password, + String $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, + Boolean $database_validate = $puppetdb::params::database_validate, + Pattern[/\A[0-9dhms]+\Z/] $node_ttl = $puppetdb::params::node_ttl, + Pattern[/\A[0-9dhms]+\Z/] $node_purge_ttl = $puppetdb::params::node_purge_ttl, + Pattern[/\A[0-9dhms]+\Z/] $report_ttl = $puppetdb::params::report_ttl, + Optional[Array] $facts_blacklist = $puppetdb::params::facts_blacklist, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $gc_interval = $puppetdb::params::gc_interval, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $node_purge_gc_batch_limit = $puppetdb::params::node_purge_gc_batch_limit, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_max_age = $puppetdb::params::conn_max_age, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_lifetime = $puppetdb::params::conn_lifetime, + String[1] $puppetdb_package = $puppetdb::params::puppetdb_package, + String[1] $puppetdb_service = $puppetdb::params::puppetdb_service, + Enum['running', 'true', 'stopped', 'false'] $puppetdb_service_status = $puppetdb::params::puppetdb_service_status, + String[1] $puppetdb_user = $puppetdb::params::puppetdb_user, + String[1] $puppetdb_group = $puppetdb::params::puppetdb_group, + Optional[Stdlib::Host] $read_database_host = $puppetdb::params::read_database_host, + Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $read_database_port = $puppetdb::params::read_database_port, + String[1] $read_database_username = $puppetdb::params::read_database_username, + Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, + String[1] $read_database_name = $puppetdb::params::read_database_name, + Boolean $manage_read_db_password = $puppetdb::params::manage_read_db_password, + String $read_database_jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties, + Boolean $read_database_validate = $puppetdb::params::read_database_validate, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $read_conn_max_age = $puppetdb::params::read_conn_max_age, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $read_conn_lifetime = $puppetdb::params::read_conn_lifetime, + Stdlib::Absolutepath $confdir = $puppetdb::params::confdir, + Stdlib::Absolutepath $vardir = $puppetdb::params::vardir, + Boolean $manage_firewall = $puppetdb::params::manage_firewall, + Boolean $manage_database = $puppetdb::params::manage_database, + Hash $java_args = $puppetdb::params::java_args, + Boolean $merge_default_java_args = $puppetdb::params::merge_default_java_args, + Optional $max_threads = $puppetdb::params::max_threads, + Optional $command_threads = $puppetdb::params::command_threads, + Optional $concurrent_writes = $puppetdb::params::concurrent_writes, + Optional $store_usage = $puppetdb::params::store_usage, + Optional $temp_usage = $puppetdb::params::temp_usage, + Optional $disable_update_checking = $puppetdb::params::disable_update_checking, + Stdlib::Absolutepath $certificate_whitelist_file = $puppetdb::params::certificate_whitelist_file, + Array $certificate_whitelist = $puppetdb::params::certificate_whitelist, + Optional $database_max_pool_size = $puppetdb::params::database_max_pool_size, + Optional $read_database_max_pool_size = $puppetdb::params::read_database_max_pool_size, + Boolean $automatic_dlo_cleanup = $puppetdb::params::automatic_dlo_cleanup, + String[1] $cleanup_timer_interval = $puppetdb::params::cleanup_timer_interval, + Integer[1] $dlo_max_age = $puppetdb::params::dlo_max_age, + Optional[Stdlib::Absolutepath] $java_bin = $puppetdb::params::java_bin, ) inherits puppetdb::params { # Apply necessary suffix if zero is specified. # Can we drop this in the next major release? From 0371ea991134ef614d1eea4c6f163a7e1fe6f47a Mon Sep 17 00:00:00 2001 From: Mitchell Chambers Date: Fri, 31 May 2024 12:47:27 +1000 Subject: [PATCH 18/32] set data type assertions for globals params --- manifests/globals.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/globals.pp b/manifests/globals.pp index 581b1673..08653bd8 100644 --- a/manifests/globals.pp +++ b/manifests/globals.pp @@ -8,7 +8,7 @@ # Puppet's config directory. Defaults to `/etc/puppetlabs/puppet`. # class puppetdb::globals ( - $version = 'present', + String[1] $version = 'present', Stdlib::Absolutepath $puppet_confdir = $settings::confdir, ) { if !(fact('os.family') in ['RedHat', 'Suse', 'Archlinux', 'Debian', 'OpenBSD', 'FreeBSD']) { From 0b9fc4e38a78c3e6382f0ecc3bf722995cfedaa5 Mon Sep 17 00:00:00 2001 From: Mitchell Chambers Date: Thu, 6 Jun 2024 14:35:51 +1000 Subject: [PATCH 19/32] set jdbc ssl properties to accept string and boolean values --- manifests/init.pp | 2 +- manifests/server.pp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index b969c7b1..911b9e91 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -382,7 +382,7 @@ Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, String[1] $database_name = $puppetdb::params::database_name, Boolean $manage_db_password = $puppetdb::params::manage_db_password, - String $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, + Variant[String, Boolean] $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, String[1] $database_listen_address = $puppetdb::params::postgres_listen_addresses, Boolean $database_validate = $puppetdb::params::database_validate, Pattern[/\A[0-9dhms]+\Z/] $node_ttl = $puppetdb::params::node_ttl, diff --git a/manifests/server.pp b/manifests/server.pp index bf49fe68..bc82de86 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -339,7 +339,7 @@ Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, String[1] $database_name = $puppetdb::params::database_name, Boolean $manage_db_password = $puppetdb::params::manage_db_password, - String $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, + Variant[String, Boolean] $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, Boolean $database_validate = $puppetdb::params::database_validate, Pattern[/\A[0-9dhms]+\Z/] $node_ttl = $puppetdb::params::node_ttl, Pattern[/\A[0-9dhms]+\Z/] $node_purge_ttl = $puppetdb::params::node_purge_ttl, From 5e672902b646bcead0be494d42f88a6afa332e6b Mon Sep 17 00:00:00 2001 From: Mitchell Chambers Date: Thu, 6 Jun 2024 14:36:21 +1000 Subject: [PATCH 20/32] set data validation to align with init params --- manifests/database/postgresql.pp | 38 ++++++++++++++++---------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/manifests/database/postgresql.pp b/manifests/database/postgresql.pp index b613c828..31c961cf 100644 --- a/manifests/database/postgresql.pp +++ b/manifests/database/postgresql.pp @@ -71,25 +71,25 @@ # PostgreSQL password authentication method, either `md5` or `scram-sha-256` # class puppetdb::database::postgresql ( - $listen_addresses = $puppetdb::params::database_host, - $puppetdb_server = $puppetdb::params::puppetdb_server, - $database_name = $puppetdb::params::database_name, - $database_username = $puppetdb::params::database_username, - Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, - $database_port = $puppetdb::params::database_port, - $manage_database = $puppetdb::params::manage_database, - $manage_server = $puppetdb::params::manage_dbserver, - $manage_package_repo = $puppetdb::params::manage_pg_repo, - $postgres_version = $puppetdb::params::postgres_version, - $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, - $postgresql_ssl_key_path = $puppetdb::params::postgresql_ssl_key_path, - $postgresql_ssl_cert_path = $puppetdb::params::postgresql_ssl_cert_path, - $postgresql_ssl_ca_cert_path = $puppetdb::params::postgresql_ssl_ca_cert_path, - $read_database_username = $puppetdb::params::read_database_username, - Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, - $read_database_host = $puppetdb::params::read_database_host, - Boolean $password_sensitive = false, - Postgresql::Pg_password_encryption $password_encryption = $puppetdb::params::password_encryption, + Stdlib::Host $listen_addresses = $puppetdb::params::database_host, + String[1] $puppetdb_server = $puppetdb::params::puppetdb_server, + String[1] $database_name = $puppetdb::params::database_name, + String[1] $database_username = $puppetdb::params::database_username, + Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, + Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port, + Boolean $manage_database = $puppetdb::params::manage_database, + Boolean $manage_server = $puppetdb::params::manage_dbserver, + Boolean $manage_package_repo = $puppetdb::params::manage_pg_repo, + String[2,3] $postgres_version = $puppetdb::params::postgres_version, + Boolean $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, + Stdlib::Absolutepath $postgresql_ssl_key_path = $puppetdb::params::postgresql_ssl_key_path, + Stdlib::Absolutepath $postgresql_ssl_cert_path = $puppetdb::params::postgresql_ssl_cert_path, + Stdlib::Absolutepath $postgresql_ssl_ca_cert_path = $puppetdb::params::postgresql_ssl_ca_cert_path, + String[1] $read_database_username = $puppetdb::params::read_database_username, + Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, + Optional[Stdlib::Host] $read_database_host = $puppetdb::params::read_database_host, + Boolean $password_sensitive = false, + Postgresql::Pg_password_encryption $password_encryption = $puppetdb::params::password_encryption, ) inherits puppetdb::params { $port = case $database_port.is_a(String) { true: { scanf($database_port, '%i')[0] } From 059a1913c5de59614c591a16fad1601e49602ad5 Mon Sep 17 00:00:00 2001 From: Mitchell Chambers Date: Thu, 6 Jun 2024 14:52:28 +1000 Subject: [PATCH 21/32] set data validation for defined types --- manifests/database/default_read_grant.pp | 8 ++++---- manifests/database/postgresql_ssl_rules.pp | 6 +++--- manifests/database/read_grant.pp | 6 +++--- manifests/database/read_only_user.pp | 12 ++++++------ 4 files changed, 16 insertions(+), 16 deletions(-) diff --git a/manifests/database/default_read_grant.pp b/manifests/database/default_read_grant.pp index 5c5fcb84..fb2a385d 100644 --- a/manifests/database/default_read_grant.pp +++ b/manifests/database/default_read_grant.pp @@ -2,10 +2,10 @@ # # @api private define puppetdb::database::default_read_grant ( - String $database_name, - String $schema, - String $database_username, - String $database_read_only_username, + String[1] $database_name, + String $schema, + String[1] $database_username, + String[1] $database_read_only_username, Optional[Stdlib::Port] $database_port = undef, ) { postgresql_psql { "grant default select permission for ${database_read_only_username}": diff --git a/manifests/database/postgresql_ssl_rules.pp b/manifests/database/postgresql_ssl_rules.pp index bd1e61d2..c9f17f8b 100644 --- a/manifests/database/postgresql_ssl_rules.pp +++ b/manifests/database/postgresql_ssl_rules.pp @@ -2,10 +2,10 @@ # # @api private define puppetdb::database::postgresql_ssl_rules ( - String $database_name, - String $database_username, + String $database_name, + String $database_username, String[2,3] $postgres_version, - String $puppetdb_server, + String $puppetdb_server, ) { $identity_map_key = "${database_name}-${database_username}-map" diff --git a/manifests/database/read_grant.pp b/manifests/database/read_grant.pp index e81ce8fc..f66d5e90 100644 --- a/manifests/database/read_grant.pp +++ b/manifests/database/read_grant.pp @@ -2,9 +2,9 @@ # # @api private define puppetdb::database::read_grant ( - String $database_name, - String $schema, - String $database_read_only_username, + String $database_name, + String $schema, + String $database_read_only_username, Optional[Stdlib::Port] $database_port = undef, ) { postgresql_psql { "grant select permission for ${database_read_only_username}": diff --git a/manifests/database/read_only_user.pp b/manifests/database/read_only_user.pp index 9b73ea31..7a18f63a 100644 --- a/manifests/database/read_only_user.pp +++ b/manifests/database/read_only_user.pp @@ -18,12 +18,12 @@ # # @api private define puppetdb::database::read_only_user ( - String $read_database_username, - String $database_name, - String $database_owner, - Variant[String[1], Boolean, Sensitive[String[1]]] $password_hash = false, - Optional[Stdlib::Port] $database_port = undef, - Optional[Postgresql::Pg_password_encryption] $password_encryption = undef, + String[1] $read_database_username, + String[1] $database_name, + String[1] $database_owner, + Variant[String[1], Boolean, Sensitive[String[1]]] $password_hash = false, + Optional[Stdlib::Port] $database_port = undef, + Optional[Postgresql::Pg_password_encryption] $password_encryption = undef, ) { postgresql::server::role { $read_database_username: password_hash => $password_hash, From 3ebfe40b1805c0aca317a8b42fa12f2695eccc80 Mon Sep 17 00:00:00 2001 From: Mitchell Chambers Date: Thu, 6 Jun 2024 14:54:19 +1000 Subject: [PATCH 22/32] set data validation for database ssl configuration --- manifests/database/ssl_configuration.pp | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/manifests/database/ssl_configuration.pp b/manifests/database/ssl_configuration.pp index 1e8e6c0b..024e43ac 100644 --- a/manifests/database/ssl_configuration.pp +++ b/manifests/database/ssl_configuration.pp @@ -2,16 +2,16 @@ # # @api private class puppetdb::database::ssl_configuration ( - $database_name = $puppetdb::params::database_name, - $database_username = $puppetdb::params::database_username, - $read_database_username = $puppetdb::params::read_database_username, - $read_database_host = $puppetdb::params::read_database_host, - $puppetdb_server = $puppetdb::params::puppetdb_server, - $postgresql_ssl_key_path = $puppetdb::params::postgresql_ssl_key_path, - $postgresql_ssl_cert_path = $puppetdb::params::postgresql_ssl_cert_path, - $postgresql_ssl_ca_cert_path = $puppetdb::params::postgresql_ssl_ca_cert_path, - $postgres_version = $puppetdb::params::postgres_version, - $create_read_user_rule = false, + String[1] $database_name = $puppetdb::params::database_name, + String[1] $database_username = $puppetdb::params::database_username, + String[1] $read_database_username = $puppetdb::params::read_database_username, + Optional[Stdlib::Host] $read_database_host = $puppetdb::params::read_database_host, + String[1] $puppetdb_server = $puppetdb::params::puppetdb_server, + Stdlib::Absolutepath $postgresql_ssl_key_path = $puppetdb::params::postgresql_ssl_key_path, + Stdlib::Absolutepath $postgresql_ssl_cert_path = $puppetdb::params::postgresql_ssl_cert_path, + Stdlib::Absolutepath $postgresql_ssl_ca_cert_path = $puppetdb::params::postgresql_ssl_ca_cert_path, + String[2,3] $postgres_version = $puppetdb::params::postgres_version, + Boolean $create_read_user_rule = false, ) inherits puppetdb::params { File { ensure => present, From 148243e4eff45c178aa6321f6040d6ed3cd7be4e Mon Sep 17 00:00:00 2001 From: Mitchell Chambers Date: Thu, 6 Jun 2024 16:09:50 +1000 Subject: [PATCH 23/32] set puppetdb_server type to stdlib::host, update test to use fqdn or localhost --- manifests/database/postgresql.pp | 2 +- manifests/init.pp | 2 +- manifests/master/config.pp | 40 ++++++++++++++++---------------- spec/unit/classes/init_spec.rb | 4 ++-- 4 files changed, 24 insertions(+), 24 deletions(-) diff --git a/manifests/database/postgresql.pp b/manifests/database/postgresql.pp index 31c961cf..e2c1eda3 100644 --- a/manifests/database/postgresql.pp +++ b/manifests/database/postgresql.pp @@ -72,7 +72,7 @@ # class puppetdb::database::postgresql ( Stdlib::Host $listen_addresses = $puppetdb::params::database_host, - String[1] $puppetdb_server = $puppetdb::params::puppetdb_server, + Stdlib::Host $puppetdb_server = $puppetdb::params::puppetdb_server, String[1] $database_name = $puppetdb::params::database_name, String[1] $database_username = $puppetdb::params::database_username, Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, diff --git a/manifests/init.pp b/manifests/init.pp index 911b9e91..8a529375 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -398,7 +398,7 @@ Enum['running', 'true', 'stopped', 'false'] $puppetdb_service_status = $puppetdb::params::puppetdb_service_status, String[1] $puppetdb_user = $puppetdb::params::puppetdb_user, String[1] $puppetdb_group = $puppetdb::params::puppetdb_group, - String[1] $puppetdb_server = $puppetdb::params::puppetdb_server, + Stdlib::Host $puppetdb_server = $puppetdb::params::puppetdb_server, Optional[Stdlib::Host] $read_database_host = $puppetdb::params::read_database_host, Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $read_database_port = $puppetdb::params::read_database_port, String[1] $read_database_username = $puppetdb::params::read_database_username, diff --git a/manifests/master/config.pp b/manifests/master/config.pp index d29f83f4..2832c2b9 100644 --- a/manifests/master/config.pp +++ b/manifests/master/config.pp @@ -90,35 +90,35 @@ # files (other than `puppet.conf`). # class puppetdb::master::config ( - $puppetdb_server = fact('networking.fqdn'), - $puppetdb_port = defined(Class['puppetdb']) ? { + Stdlib::Host $puppetdb_server = fact('networking.fqdn'), + Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $puppetdb_port = defined(Class['puppetdb']) ? { true => $puppetdb::disable_ssl ? { true => 8080, default => 8081, }, default => 8081, }, - $puppetdb_disable_ssl = defined(Class['puppetdb']) ? { + Boolean $puppetdb_disable_ssl = defined(Class['puppetdb']) ? { true => $puppetdb::disable_ssl, default => false, }, - $masterless = $puppetdb::params::masterless, - $puppetdb_soft_write_failure = false, - $manage_routes = true, - $manage_storeconfigs = true, - $enable_storeconfigs = true, - $manage_report_processor = false, - $manage_config = true, - $create_puppet_service_resource = true, - $strict_validation = true, - $enable_reports = false, - $puppet_confdir = $puppetdb::params::puppet_confdir, - $puppet_conf = $puppetdb::params::puppet_conf, - $terminus_package = $puppetdb::params::terminus_package, - $puppet_service_name = $puppetdb::params::puppet_service_name, - $puppetdb_startup_timeout = $puppetdb::params::puppetdb_startup_timeout, - $test_url = $puppetdb::params::test_url, - $restart_puppet = true, + Boolean $masterless = $puppetdb::params::masterless, + Boolean $puppetdb_soft_write_failure = false, + Boolean $manage_routes = true, + Boolean $manage_storeconfigs = true, + Boolean $enable_storeconfigs = true, + Boolean $manage_report_processor = false, + Boolean $manage_config = true, + Boolean $create_puppet_service_resource = true, + Boolean $strict_validation = true, + Boolean $enable_reports = false, + Stdlib::Absolutepath $puppet_confdir = $puppetdb::params::puppet_confdir, + Stdlib::Absolutepath $puppet_conf = $puppetdb::params::puppet_conf, + String[1] $terminus_package = $puppetdb::params::terminus_package, + String[1] $puppet_service_name = $puppetdb::params::puppet_service_name, + Integer $puppetdb_startup_timeout = $puppetdb::params::puppetdb_startup_timeout, + String[1] $test_url = $puppetdb::params::test_url, + Boolean $restart_puppet = true, ) inherits puppetdb::params { # **WARNING**: Ugly hack to work around a yum bug with metadata parsing. This # should not be copied, replicated or even looked at. In short, never rename diff --git a/spec/unit/classes/init_spec.rb b/spec/unit/classes/init_spec.rb index 423b97af..f6ce41cd 100644 --- a/spec/unit/classes/init_spec.rb +++ b/spec/unit/classes/init_spec.rb @@ -87,7 +87,7 @@ class { 'postgresql::server': let(:params) do { postgresql_ssl_on: true, - puppetdb_server: 'puppetdb_host', + puppetdb_server: 'puppetdb.example.com', } end @@ -96,7 +96,7 @@ class { 'postgresql::server': is_expected.to contain_class('puppetdb::database::postgresql') .with( 'postgresql_ssl_on' => true, - 'puppetdb_server' => 'puppetdb_host', + 'puppetdb_server' => 'puppetdb.example.com', ) } end From 31eab60592c2c03526bc5ccba91e71fdc25b04da Mon Sep 17 00:00:00 2001 From: Mitchell Chambers Date: Thu, 6 Jun 2024 16:10:42 +1000 Subject: [PATCH 24/32] set type validation for master sub classes --- manifests/master/puppetdb_conf.pp | 10 +++++----- manifests/master/report_processor.pp | 6 +++--- manifests/master/routes.pp | 6 +++--- manifests/master/storeconfigs.pp | 6 +++--- 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/manifests/master/puppetdb_conf.pp b/manifests/master/puppetdb_conf.pp index 999529e4..b65aa11c 100644 --- a/manifests/master/puppetdb_conf.pp +++ b/manifests/master/puppetdb_conf.pp @@ -2,14 +2,14 @@ # # @api private class puppetdb::master::puppetdb_conf ( - $server = 'localhost', - $port = '8081', - $soft_write_failure = $puppetdb::disable_ssl ? { + Stdlib::Host $server = 'localhost', + Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $port = '8081', + Boolean $soft_write_failure = $puppetdb::disable_ssl ? { true => true, default => false, }, - $puppet_confdir = $puppetdb::params::puppet_confdir, - $legacy_terminus = $puppetdb::params::terminus_package ? { + Stdlib::Absolutepath $puppet_confdir = $puppetdb::params::puppet_confdir, + Boolean $legacy_terminus = $puppetdb::params::terminus_package ? { /(puppetdb-terminus)/ => true, default => false, }, diff --git a/manifests/master/report_processor.pp b/manifests/master/report_processor.pp index c715c109..b49a553c 100644 --- a/manifests/master/report_processor.pp +++ b/manifests/master/report_processor.pp @@ -2,9 +2,9 @@ # # @api private class puppetdb::master::report_processor ( - $puppet_conf = $puppetdb::params::puppet_conf, - $masterless = $puppetdb::params::masterless, - $enable = false + Stdlib::Absolutepath $puppet_conf = $puppetdb::params::puppet_conf, + Boolean $masterless = $puppetdb::params::masterless, + Boolean $enable = false ) inherits puppetdb::params { if $masterless { $puppet_conf_section = 'main' diff --git a/manifests/master/routes.pp b/manifests/master/routes.pp index 4fd5eeb5..e71af317 100644 --- a/manifests/master/routes.pp +++ b/manifests/master/routes.pp @@ -2,9 +2,9 @@ # # @api private class puppetdb::master::routes ( - $puppet_confdir = $puppetdb::params::puppet_confdir, - $masterless = $puppetdb::params::masterless, - $routes = undef, + Stdlib::Absolutepath $puppet_confdir = $puppetdb::params::puppet_confdir, + Boolean $masterless = $puppetdb::params::masterless, + Optional[Hash] $routes = undef, ) inherits puppetdb::params { if $masterless { $routes_real = { diff --git a/manifests/master/storeconfigs.pp b/manifests/master/storeconfigs.pp index b22f24be..9f4b0a18 100644 --- a/manifests/master/storeconfigs.pp +++ b/manifests/master/storeconfigs.pp @@ -2,9 +2,9 @@ # # @api private class puppetdb::master::storeconfigs ( - $puppet_conf = $puppetdb::params::puppet_conf, - $masterless = $puppetdb::params::masterless, - $enable = true, + Stdlib::Absolutepath $puppet_conf = $puppetdb::params::puppet_conf, + Boolean $masterless = $puppetdb::params::masterless, + Boolean $enable = true, ) inherits puppetdb::params { if $masterless { $puppet_conf_section = 'main' From 723693fe57d60f9245f52128d6e393075dc7a21f Mon Sep 17 00:00:00 2001 From: Mitchell Chambers Date: Thu, 6 Jun 2024 16:56:03 +1000 Subject: [PATCH 25/32] set data type validation for server sub classes --- manifests/server/command_processing.pp | 10 ++++---- manifests/server/firewall.pp | 8 +++--- manifests/server/global.pp | 6 ++--- manifests/server/jetty.pp | 30 +++++++++++------------ manifests/server/puppetdb.pp | 10 ++++---- manifests/server/read_database.pp | 34 +++++++++++++------------- manifests/server/validate_db.pp | 12 ++++----- manifests/server/validate_read_db.pp | 12 ++++----- 8 files changed, 61 insertions(+), 61 deletions(-) diff --git a/manifests/server/command_processing.pp b/manifests/server/command_processing.pp index 9b4d0137..98116b57 100644 --- a/manifests/server/command_processing.pp +++ b/manifests/server/command_processing.pp @@ -2,11 +2,11 @@ # # @api private class puppetdb::server::command_processing ( - $command_threads = $puppetdb::params::command_threads, - $concurrent_writes = $puppetdb::params::concurrent_writes, - $store_usage = $puppetdb::params::store_usage, - $temp_usage = $puppetdb::params::temp_usage, - $confdir = $puppetdb::params::confdir, + Stdlib::Absolutepath $confdir = $puppetdb::params::confdir, + Optional[Integer] $command_threads = $puppetdb::params::command_threads, + Optional[Integer] $concurrent_writes = $puppetdb::params::concurrent_writes, + Optional[Integer] $store_usage = $puppetdb::params::store_usage, + Optional[Integer] $temp_usage = $puppetdb::params::temp_usage, ) inherits puppetdb::params { $config_ini = "${confdir}/config.ini" diff --git a/manifests/server/firewall.pp b/manifests/server/firewall.pp index 4330e053..ae2b93bf 100644 --- a/manifests/server/firewall.pp +++ b/manifests/server/firewall.pp @@ -2,10 +2,10 @@ # # @api private class puppetdb::server::firewall ( - $http_port = $puppetdb::params::listen_port, - $open_http_port = $puppetdb::params::open_listen_port, - $ssl_port = $puppetdb::params::ssl_listen_port, - $open_ssl_port = $puppetdb::params::open_ssl_listen_port, + Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $http_port = $puppetdb::params::listen_port, + Boolean $open_http_port = $puppetdb::params::open_listen_port, + Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $ssl_port = $puppetdb::params::ssl_listen_port, + Optional[Boolean] $open_ssl_port = $puppetdb::params::open_ssl_listen_port, ) inherits puppetdb::params { include firewall diff --git a/manifests/server/global.pp b/manifests/server/global.pp index 9e7cb2ca..f8d34202 100644 --- a/manifests/server/global.pp +++ b/manifests/server/global.pp @@ -2,9 +2,9 @@ # # @api private class puppetdb::server::global ( - $vardir = $puppetdb::params::vardir, - $confdir = $puppetdb::params::confdir, - $puppetdb_group = $puppetdb::params::puppetdb_group, + Stdlib::Absolutepath $vardir = $puppetdb::params::vardir, + Stdlib::Absolutepath $confdir = $puppetdb::params::confdir, + String[1] $puppetdb_group = $puppetdb::params::puppetdb_group, ) inherits puppetdb::params { $config_ini = "${confdir}/config.ini" diff --git a/manifests/server/jetty.pp b/manifests/server/jetty.pp index 9a4bbb47..86b844ba 100644 --- a/manifests/server/jetty.pp +++ b/manifests/server/jetty.pp @@ -2,21 +2,21 @@ # # @api private class puppetdb::server::jetty ( - $listen_address = $puppetdb::params::listen_address, - $listen_port = $puppetdb::params::listen_port, - $disable_cleartext = $puppetdb::params::disable_cleartext, - $ssl_listen_address = $puppetdb::params::ssl_listen_address, - $ssl_listen_port = $puppetdb::params::ssl_listen_port, - $disable_ssl = $puppetdb::params::disable_ssl, - Boolean $ssl_set_cert_paths = $puppetdb::params::ssl_set_cert_paths, - $ssl_cert_path = $puppetdb::params::ssl_cert_path, - $ssl_key_path = $puppetdb::params::ssl_key_path, - $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path, - Optional[String] $ssl_protocols = $puppetdb::params::ssl_protocols, - Optional[String] $cipher_suites = $puppetdb::params::cipher_suites, - $confdir = $puppetdb::params::confdir, - $max_threads = $puppetdb::params::max_threads, - $puppetdb_group = $puppetdb::params::puppetdb_group, + Stdlib::Host $listen_address = $puppetdb::params::listen_address, + Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $listen_port = $puppetdb::params::listen_port, + Boolean $disable_cleartext = $puppetdb::params::disable_cleartext, + Stdlib::Host $ssl_listen_address = $puppetdb::params::ssl_listen_address, + Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $ssl_listen_port = $puppetdb::params::ssl_listen_port, + Boolean $disable_ssl = $puppetdb::params::disable_ssl, + Boolean $ssl_set_cert_paths = $puppetdb::params::ssl_set_cert_paths, + Stdlib::Absolutepath $ssl_cert_path = $puppetdb::params::ssl_cert_path, + Stdlib::Absolutepath $ssl_key_path = $puppetdb::params::ssl_key_path, + Stdlib::Absolutepath $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path, + Optional[String] $ssl_protocols = $puppetdb::params::ssl_protocols, + Optional[String] $cipher_suites = $puppetdb::params::cipher_suites, + Stdlib::Absolutepath $confdir = $puppetdb::params::confdir, + Optional[Integer] $max_threads = $puppetdb::params::max_threads, + String[1] $puppetdb_group = $puppetdb::params::puppetdb_group, ) inherits puppetdb::params { $jetty_ini = "${confdir}/jetty.ini" diff --git a/manifests/server/puppetdb.pp b/manifests/server/puppetdb.pp index 001547df..54f7d003 100644 --- a/manifests/server/puppetdb.pp +++ b/manifests/server/puppetdb.pp @@ -2,11 +2,11 @@ # # @api private class puppetdb::server::puppetdb ( - $certificate_whitelist_file = $puppetdb::params::certificate_whitelist_file, - $certificate_whitelist = $puppetdb::params::certificate_whitelist, - $disable_update_checking = $puppetdb::params::disable_update_checking, - $confdir = $puppetdb::params::confdir, - $puppetdb_group = $puppetdb::params::puppetdb_group, + Stdlib::Absolutepath $certificate_whitelist_file = $puppetdb::params::certificate_whitelist_file, + Array $certificate_whitelist = $puppetdb::params::certificate_whitelist, + Optional[Boolean] $disable_update_checking = $puppetdb::params::disable_update_checking, + Stdlib::Absolutepath $confdir = $puppetdb::params::confdir, + String[1] $puppetdb_group = $puppetdb::params::puppetdb_group, ) inherits puppetdb::params { $puppetdb_ini = "${confdir}/puppetdb.ini" diff --git a/manifests/server/read_database.pp b/manifests/server/read_database.pp index 24a4cb8f..4f785a1b 100644 --- a/manifests/server/read_database.pp +++ b/manifests/server/read_database.pp @@ -2,23 +2,23 @@ # # @api private class puppetdb::server::read_database ( - $read_database_host = $puppetdb::params::read_database_host, - $read_database_port = $puppetdb::params::read_database_port, - $read_database_username = $puppetdb::params::read_database_username, - Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, - $read_database_name = $puppetdb::params::read_database_name, - $manage_db_password = $puppetdb::params::manage_read_db_password, - $jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties, - $database_validate = $puppetdb::params::read_database_validate, - $conn_max_age = $puppetdb::params::read_conn_max_age, - $conn_lifetime = $puppetdb::params::read_conn_lifetime, - $confdir = $puppetdb::params::confdir, - $puppetdb_group = $puppetdb::params::puppetdb_group, - $database_max_pool_size = $puppetdb::params::read_database_max_pool_size, - $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, - $ssl_cert_path = $puppetdb::params::ssl_cert_path, - $ssl_key_pk8_path = $puppetdb::params::ssl_key_pk8_path, - $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path + Optional[Stdlib::Host] $read_database_host = $puppetdb::params::read_database_host, + Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $read_database_port = $puppetdb::params::read_database_port, + String[1] $read_database_username = $puppetdb::params::read_database_username, + Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, + String[1] $read_database_name = $puppetdb::params::read_database_name, + Boolean $manage_db_password = $puppetdb::params::manage_read_db_password, + Variant[String, Boolean] $jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties, + Boolean $database_validate = $puppetdb::params::read_database_validate, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_max_age = $puppetdb::params::read_conn_max_age, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_lifetime = $puppetdb::params::read_conn_lifetime, + Stdlib::Absolutepath $confdir = $puppetdb::params::confdir, + String[1] $puppetdb_group = $puppetdb::params::puppetdb_group, + Optional[Variant[Integer, Enum['absent']]] $database_max_pool_size = $puppetdb::params::read_database_max_pool_size, + Boolean $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, + Stdlib::Absolutepath $ssl_cert_path = $puppetdb::params::ssl_cert_path, + Stdlib::Absolutepath $ssl_key_pk8_path = $puppetdb::params::ssl_key_pk8_path, + Stdlib::Absolutepath $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path ) inherits puppetdb::params { if $read_database_host != undef { if str2bool($database_validate) { diff --git a/manifests/server/validate_db.pp b/manifests/server/validate_db.pp index 62cda9dc..d37634e8 100644 --- a/manifests/server/validate_db.pp +++ b/manifests/server/validate_db.pp @@ -2,12 +2,12 @@ # # @api private class puppetdb::server::validate_db ( - $database_host = $puppetdb::params::database_host, - $database_port = $puppetdb::params::database_port, - $database_username = $puppetdb::params::database_username, - Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, - $database_name = $puppetdb::params::database_name, - $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, + Stdlib::Host $database_host = $puppetdb::params::database_host, + Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port, + String[1] $database_username = $puppetdb::params::database_username, + Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, + String[1] $database_name = $puppetdb::params::database_name, + Variant[String, Boolean] $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, ) inherits puppetdb::params { if ($database_password != undef and $jdbc_ssl_properties == false) { postgresql_conn_validator { 'validate puppetdb postgres connection': diff --git a/manifests/server/validate_read_db.pp b/manifests/server/validate_read_db.pp index ef319e90..4f6dab8b 100644 --- a/manifests/server/validate_read_db.pp +++ b/manifests/server/validate_read_db.pp @@ -2,12 +2,12 @@ # # @api private class puppetdb::server::validate_read_db ( - $database_host = $puppetdb::params::database_host, - $database_port = $puppetdb::params::database_port, - $database_username = $puppetdb::params::database_username, - Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, - $database_name = $puppetdb::params::database_name, - $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, + Stdlib::Host $database_host = $puppetdb::params::database_host, + Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port, + String[1] $database_username = $puppetdb::params::database_username, + Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, + String[1] $database_name = $puppetdb::params::database_name, + Variant[String, Boolean] $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, ) inherits puppetdb::params { if ($database_password != undef and $jdbc_ssl_properties == false) { postgresql_conn_validator { 'validate puppetdb postgres (read) connection': From 1f9d70bea8551913031895409d71d759b3cc479d Mon Sep 17 00:00:00 2001 From: Mitchell Chambers Date: Thu, 6 Jun 2024 16:56:51 +1000 Subject: [PATCH 26/32] set date type validation for server and server database classes --- manifests/server.pp | 16 ++++++------ manifests/server/database.pp | 48 ++++++++++++++++++------------------ 2 files changed, 32 insertions(+), 32 deletions(-) diff --git a/manifests/server.pp b/manifests/server.pp index bc82de86..3ad18de9 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -370,16 +370,16 @@ Boolean $manage_database = $puppetdb::params::manage_database, Hash $java_args = $puppetdb::params::java_args, Boolean $merge_default_java_args = $puppetdb::params::merge_default_java_args, - Optional $max_threads = $puppetdb::params::max_threads, - Optional $command_threads = $puppetdb::params::command_threads, - Optional $concurrent_writes = $puppetdb::params::concurrent_writes, - Optional $store_usage = $puppetdb::params::store_usage, - Optional $temp_usage = $puppetdb::params::temp_usage, - Optional $disable_update_checking = $puppetdb::params::disable_update_checking, + Optional[Integer] $max_threads = $puppetdb::params::max_threads, + Optional[Integer] $command_threads = $puppetdb::params::command_threads, + Optional[Integer] $concurrent_writes = $puppetdb::params::concurrent_writes, + Optional[Integer] $store_usage = $puppetdb::params::store_usage, + Optional[Integer] $temp_usage = $puppetdb::params::temp_usage, + Optional[Boolean] $disable_update_checking = $puppetdb::params::disable_update_checking, Stdlib::Absolutepath $certificate_whitelist_file = $puppetdb::params::certificate_whitelist_file, Array $certificate_whitelist = $puppetdb::params::certificate_whitelist, - Optional $database_max_pool_size = $puppetdb::params::database_max_pool_size, - Optional $read_database_max_pool_size = $puppetdb::params::read_database_max_pool_size, + Optional[Variant[Integer, Enum['absent']]] $database_max_pool_size = $puppetdb::params::database_max_pool_size, + Optional[Variant[Integer, Enum['absent']]] $read_database_max_pool_size = $puppetdb::params::read_database_max_pool_size, Boolean $automatic_dlo_cleanup = $puppetdb::params::automatic_dlo_cleanup, String[1] $cleanup_timer_interval = $puppetdb::params::cleanup_timer_interval, Integer[1] $dlo_max_age = $puppetdb::params::dlo_max_age, diff --git a/manifests/server/database.pp b/manifests/server/database.pp index 2b8e19ef..d28aba73 100644 --- a/manifests/server/database.pp +++ b/manifests/server/database.pp @@ -2,30 +2,30 @@ # # @api private class puppetdb::server::database ( - $database_host = $puppetdb::params::database_host, - $database_port = $puppetdb::params::database_port, - $database_username = $puppetdb::params::database_username, - Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, - $database_name = $puppetdb::params::database_name, - $manage_db_password = $puppetdb::params::manage_db_password, - $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, - $database_validate = $puppetdb::params::database_validate, - $node_ttl = $puppetdb::params::node_ttl, - $node_purge_ttl = $puppetdb::params::node_purge_ttl, - $report_ttl = $puppetdb::params::report_ttl, - $facts_blacklist = $puppetdb::params::facts_blacklist, - $gc_interval = $puppetdb::params::gc_interval, - $node_purge_gc_batch_limit = $puppetdb::params::node_purge_gc_batch_limit, - $conn_max_age = $puppetdb::params::conn_max_age, - $conn_lifetime = $puppetdb::params::conn_lifetime, - $confdir = $puppetdb::params::confdir, - $puppetdb_group = $puppetdb::params::puppetdb_group, - $database_max_pool_size = $puppetdb::params::database_max_pool_size, - $migrate = $puppetdb::params::migrate, - $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, - $ssl_cert_path = $puppetdb::params::ssl_cert_path, - $ssl_key_pk8_path = $puppetdb::params::ssl_key_pk8_path, - $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path + Stdlib::Host $database_host = $puppetdb::params::database_host, + Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port, + String[1] $database_username = $puppetdb::params::database_username, + Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, + String[1] $database_name = $puppetdb::params::database_name, + Boolean $manage_db_password = $puppetdb::params::manage_db_password, + Variant[String, Boolean] $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, + Boolean $database_validate = $puppetdb::params::database_validate, + Pattern[/\A[0-9dhms]+\Z/] $node_ttl = $puppetdb::params::node_ttl, + Pattern[/\A[0-9dhms]+\Z/] $node_purge_ttl = $puppetdb::params::node_purge_ttl, + Pattern[/\A[0-9dhms]+\Z/] $report_ttl = $puppetdb::params::report_ttl, + Optional[Array] $facts_blacklist = $puppetdb::params::facts_blacklist, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $gc_interval = $puppetdb::params::gc_interval, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $node_purge_gc_batch_limit = $puppetdb::params::node_purge_gc_batch_limit, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_max_age = $puppetdb::params::conn_max_age, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_lifetime = $puppetdb::params::conn_lifetime, + Stdlib::Absolutepath $confdir = $puppetdb::params::confdir, + String[1] $puppetdb_group = $puppetdb::params::puppetdb_group, + Optional[Variant[Integer, Enum['absent']]] $database_max_pool_size = $puppetdb::params::database_max_pool_size, + Boolean $migrate = $puppetdb::params::migrate, + Boolean $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, + Stdlib::Absolutepath $ssl_cert_path = $puppetdb::params::ssl_cert_path, + Stdlib::Absolutepath $ssl_key_pk8_path = $puppetdb::params::ssl_key_pk8_path, + Stdlib::Absolutepath $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path ) inherits puppetdb::params { if str2bool($database_validate) { # Validate the database connection. If we can't connect, we want to fail From 79b824827cfbd61f4d28eae743ffc15ed737852d Mon Sep 17 00:00:00 2001 From: Mitchell Chambers Date: Thu, 6 Jun 2024 16:57:10 +1000 Subject: [PATCH 27/32] set data type validation for optional params --- manifests/init.pp | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 8a529375..4ccb9fa3 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -361,10 +361,10 @@ Stdlib::Absolutepath $ssl_key_pk8_path = $puppetdb::params::ssl_key_pk8_path, Stdlib::Absolutepath $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path, Boolean $ssl_deploy_certs = $puppetdb::params::ssl_deploy_certs, - Optional $ssl_key = $puppetdb::params::ssl_key, - Optional $ssl_cert = $puppetdb::params::ssl_cert, - Optional $ssl_ca_cert = $puppetdb::params::ssl_ca_cert, - Optional $ssl_protocols = $puppetdb::params::ssl_protocols, + Optional[String] $ssl_key = $puppetdb::params::ssl_key, + Optional[String] $ssl_cert = $puppetdb::params::ssl_cert, + Optional[String] $ssl_ca_cert = $puppetdb::params::ssl_ca_cert, + Optional[String] $ssl_protocols = $puppetdb::params::ssl_protocols, Boolean $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, Stdlib::Absolutepath $postgresql_ssl_folder = $puppetdb::params::postgresql_ssl_folder, Stdlib::Absolutepath $postgresql_ssl_cert_path = $puppetdb::params::postgresql_ssl_cert_path, @@ -414,12 +414,12 @@ Boolean $manage_firewall = $puppetdb::params::manage_firewall, Hash $java_args = $puppetdb::params::java_args, Boolean $merge_default_java_args = $puppetdb::params::merge_default_java_args, - Optional $max_threads = $puppetdb::params::max_threads, - Optional $command_threads = $puppetdb::params::command_threads, - Optional $concurrent_writes = $puppetdb::params::concurrent_writes, - Optional $store_usage = $puppetdb::params::store_usage, - Optional $temp_usage = $puppetdb::params::temp_usage, - Optional $disable_update_checking = $puppetdb::params::disable_update_checking, + Optional[Integer] $max_threads = $puppetdb::params::max_threads, + Optional[Integer] $command_threads = $puppetdb::params::command_threads, + Optional[Integer] $concurrent_writes = $puppetdb::params::concurrent_writes, + Optional[Integer] $store_usage = $puppetdb::params::store_usage, + Optional[Integer] $temp_usage = $puppetdb::params::temp_usage, + Optional[Boolean] $disable_update_checking = $puppetdb::params::disable_update_checking, Stdlib::Absolutepath $certificate_whitelist_file = $puppetdb::params::certificate_whitelist_file, Array $certificate_whitelist = $puppetdb::params::certificate_whitelist, Optional $database_max_pool_size = $puppetdb::params::database_max_pool_size, From 2f017f4532a1fe8f73583ea6cc58892d532a663e Mon Sep 17 00:00:00 2001 From: Mitchell Chambers Date: Thu, 6 Jun 2024 17:21:07 +1000 Subject: [PATCH 28/32] add pattern variant for integer as strings for acceptance test --- manifests/init.pp | 166 +++++++++++++++--------------- manifests/server.pp | 146 +++++++++++++------------- manifests/server/database.pp | 48 ++++----- manifests/server/read_database.pp | 34 +++--- 4 files changed, 197 insertions(+), 197 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 4ccb9fa3..e469601d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -346,89 +346,89 @@ # PostgreSQL password authentication method, either `md5` or `scram-sha-256` # class puppetdb ( - Stdlib::Host $listen_address = $puppetdb::params::listen_address, - Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $listen_port = $puppetdb::params::listen_port, - Boolean $disable_cleartext = $puppetdb::params::disable_cleartext, - Boolean $open_listen_port = $puppetdb::params::open_listen_port, - Stdlib::Host $ssl_listen_address = $puppetdb::params::ssl_listen_address, - Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $ssl_listen_port = $puppetdb::params::ssl_listen_port, - Boolean $disable_ssl = $puppetdb::params::disable_ssl, - Optional[Boolean] $open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port, - Stdlib::Absolutepath $ssl_dir = $puppetdb::params::ssl_dir, - Boolean $ssl_set_cert_paths = $puppetdb::params::ssl_set_cert_paths, - Stdlib::Absolutepath $ssl_cert_path = $puppetdb::params::ssl_cert_path, - Stdlib::Absolutepath $ssl_key_path = $puppetdb::params::ssl_key_path, - Stdlib::Absolutepath $ssl_key_pk8_path = $puppetdb::params::ssl_key_pk8_path, - Stdlib::Absolutepath $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path, - Boolean $ssl_deploy_certs = $puppetdb::params::ssl_deploy_certs, - Optional[String] $ssl_key = $puppetdb::params::ssl_key, - Optional[String] $ssl_cert = $puppetdb::params::ssl_cert, - Optional[String] $ssl_ca_cert = $puppetdb::params::ssl_ca_cert, - Optional[String] $ssl_protocols = $puppetdb::params::ssl_protocols, - Boolean $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, - Stdlib::Absolutepath $postgresql_ssl_folder = $puppetdb::params::postgresql_ssl_folder, - Stdlib::Absolutepath $postgresql_ssl_cert_path = $puppetdb::params::postgresql_ssl_cert_path, - Stdlib::Absolutepath $postgresql_ssl_key_path = $puppetdb::params::postgresql_ssl_key_path, - Stdlib::Absolutepath $postgresql_ssl_ca_cert_path = $puppetdb::params::postgresql_ssl_ca_cert_path, - Optional $cipher_suites = $puppetdb::params::cipher_suites, - Boolean $migrate = $puppetdb::params::migrate, - Boolean $manage_dbserver = $puppetdb::params::manage_dbserver, - Boolean $manage_database = $puppetdb::params::manage_database, - Boolean $manage_package_repo = $puppetdb::params::manage_pg_repo, - String[2,3] $postgres_version = $puppetdb::params::postgres_version, - Stdlib::Host $database_host = $puppetdb::params::database_host, - Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port, - String[1] $database_username = $puppetdb::params::database_username, - Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, - String[1] $database_name = $puppetdb::params::database_name, - Boolean $manage_db_password = $puppetdb::params::manage_db_password, - Variant[String, Boolean] $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, - String[1] $database_listen_address = $puppetdb::params::postgres_listen_addresses, - Boolean $database_validate = $puppetdb::params::database_validate, - Pattern[/\A[0-9dhms]+\Z/] $node_ttl = $puppetdb::params::node_ttl, - Pattern[/\A[0-9dhms]+\Z/] $node_purge_ttl = $puppetdb::params::node_purge_ttl, - Pattern[/\A[0-9dhms]+\Z/] $report_ttl = $puppetdb::params::report_ttl, - Optional[Array] $facts_blacklist = $puppetdb::params::facts_blacklist, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $gc_interval = $puppetdb::params::gc_interval, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $node_purge_gc_batch_limit = $puppetdb::params::node_purge_gc_batch_limit, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_max_age = $puppetdb::params::conn_max_age, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_lifetime = $puppetdb::params::conn_lifetime, - String[1] $puppetdb_package = $puppetdb::params::puppetdb_package, - String[1] $puppetdb_service = $puppetdb::params::puppetdb_service, - Enum['running', 'true', 'stopped', 'false'] $puppetdb_service_status = $puppetdb::params::puppetdb_service_status, - String[1] $puppetdb_user = $puppetdb::params::puppetdb_user, - String[1] $puppetdb_group = $puppetdb::params::puppetdb_group, - Stdlib::Host $puppetdb_server = $puppetdb::params::puppetdb_server, - Optional[Stdlib::Host] $read_database_host = $puppetdb::params::read_database_host, - Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $read_database_port = $puppetdb::params::read_database_port, - String[1] $read_database_username = $puppetdb::params::read_database_username, - Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, - String[1] $read_database_name = $puppetdb::params::read_database_name, - Boolean $manage_read_db_password = $puppetdb::params::manage_read_db_password, - String $read_database_jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties, - Boolean $read_database_validate = $puppetdb::params::read_database_validate, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $read_conn_max_age = $puppetdb::params::read_conn_max_age, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $read_conn_lifetime = $puppetdb::params::read_conn_lifetime, - Stdlib::Absolutepath $confdir = $puppetdb::params::confdir, - Stdlib::Absolutepath $vardir = $puppetdb::params::vardir, - Boolean $manage_firewall = $puppetdb::params::manage_firewall, - Hash $java_args = $puppetdb::params::java_args, - Boolean $merge_default_java_args = $puppetdb::params::merge_default_java_args, - Optional[Integer] $max_threads = $puppetdb::params::max_threads, - Optional[Integer] $command_threads = $puppetdb::params::command_threads, - Optional[Integer] $concurrent_writes = $puppetdb::params::concurrent_writes, - Optional[Integer] $store_usage = $puppetdb::params::store_usage, - Optional[Integer] $temp_usage = $puppetdb::params::temp_usage, - Optional[Boolean] $disable_update_checking = $puppetdb::params::disable_update_checking, - Stdlib::Absolutepath $certificate_whitelist_file = $puppetdb::params::certificate_whitelist_file, - Array $certificate_whitelist = $puppetdb::params::certificate_whitelist, - Optional $database_max_pool_size = $puppetdb::params::database_max_pool_size, - Optional $read_database_max_pool_size = $puppetdb::params::read_database_max_pool_size, - Boolean $automatic_dlo_cleanup = $puppetdb::params::automatic_dlo_cleanup, - String[1] $cleanup_timer_interval = $puppetdb::params::cleanup_timer_interval, - Integer[1] $dlo_max_age = $puppetdb::params::dlo_max_age, - Postgresql::Pg_password_encryption $postgresql_password_encryption = $puppetdb::params::password_encryption, - Optional[Stdlib::Absolutepath] $java_bin = $puppetdb::params::java_bin, + Stdlib::Host $listen_address = $puppetdb::params::listen_address, + Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $listen_port = $puppetdb::params::listen_port, + Boolean $disable_cleartext = $puppetdb::params::disable_cleartext, + Boolean $open_listen_port = $puppetdb::params::open_listen_port, + Stdlib::Host $ssl_listen_address = $puppetdb::params::ssl_listen_address, + Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $ssl_listen_port = $puppetdb::params::ssl_listen_port, + Boolean $disable_ssl = $puppetdb::params::disable_ssl, + Optional[Boolean] $open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port, + Stdlib::Absolutepath $ssl_dir = $puppetdb::params::ssl_dir, + Boolean $ssl_set_cert_paths = $puppetdb::params::ssl_set_cert_paths, + Stdlib::Absolutepath $ssl_cert_path = $puppetdb::params::ssl_cert_path, + Stdlib::Absolutepath $ssl_key_path = $puppetdb::params::ssl_key_path, + Stdlib::Absolutepath $ssl_key_pk8_path = $puppetdb::params::ssl_key_pk8_path, + Stdlib::Absolutepath $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path, + Boolean $ssl_deploy_certs = $puppetdb::params::ssl_deploy_certs, + Optional[String] $ssl_key = $puppetdb::params::ssl_key, + Optional[String] $ssl_cert = $puppetdb::params::ssl_cert, + Optional[String] $ssl_ca_cert = $puppetdb::params::ssl_ca_cert, + Optional[String] $ssl_protocols = $puppetdb::params::ssl_protocols, + Boolean $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, + Stdlib::Absolutepath $postgresql_ssl_folder = $puppetdb::params::postgresql_ssl_folder, + Stdlib::Absolutepath $postgresql_ssl_cert_path = $puppetdb::params::postgresql_ssl_cert_path, + Stdlib::Absolutepath $postgresql_ssl_key_path = $puppetdb::params::postgresql_ssl_key_path, + Stdlib::Absolutepath $postgresql_ssl_ca_cert_path = $puppetdb::params::postgresql_ssl_ca_cert_path, + Optional $cipher_suites = $puppetdb::params::cipher_suites, + Boolean $migrate = $puppetdb::params::migrate, + Boolean $manage_dbserver = $puppetdb::params::manage_dbserver, + Boolean $manage_database = $puppetdb::params::manage_database, + Boolean $manage_package_repo = $puppetdb::params::manage_pg_repo, + String[2,3] $postgres_version = $puppetdb::params::postgres_version, + Stdlib::Host $database_host = $puppetdb::params::database_host, + Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port, + String[1] $database_username = $puppetdb::params::database_username, + Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, + String[1] $database_name = $puppetdb::params::database_name, + Boolean $manage_db_password = $puppetdb::params::manage_db_password, + Variant[String, Boolean] $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, + String[1] $database_listen_address = $puppetdb::params::postgres_listen_addresses, + Boolean $database_validate = $puppetdb::params::database_validate, + Pattern[/\A[0-9dhms]+\Z/] $node_ttl = $puppetdb::params::node_ttl, + Pattern[/\A[0-9dhms]+\Z/] $node_purge_ttl = $puppetdb::params::node_purge_ttl, + Pattern[/\A[0-9dhms]+\Z/] $report_ttl = $puppetdb::params::report_ttl, + Optional[Array] $facts_blacklist = $puppetdb::params::facts_blacklist, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $gc_interval = $puppetdb::params::gc_interval, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $node_purge_gc_batch_limit = $puppetdb::params::node_purge_gc_batch_limit, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_max_age = $puppetdb::params::conn_max_age, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_lifetime = $puppetdb::params::conn_lifetime, + String[1] $puppetdb_package = $puppetdb::params::puppetdb_package, + String[1] $puppetdb_service = $puppetdb::params::puppetdb_service, + Enum['running', 'true', 'stopped', 'false'] $puppetdb_service_status = $puppetdb::params::puppetdb_service_status, + String[1] $puppetdb_user = $puppetdb::params::puppetdb_user, + String[1] $puppetdb_group = $puppetdb::params::puppetdb_group, + Stdlib::Host $puppetdb_server = $puppetdb::params::puppetdb_server, + Optional[Stdlib::Host] $read_database_host = $puppetdb::params::read_database_host, + Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $read_database_port = $puppetdb::params::read_database_port, + String[1] $read_database_username = $puppetdb::params::read_database_username, + Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, + String[1] $read_database_name = $puppetdb::params::read_database_name, + Boolean $manage_read_db_password = $puppetdb::params::manage_read_db_password, + String $read_database_jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties, + Boolean $read_database_validate = $puppetdb::params::read_database_validate, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $read_conn_max_age = $puppetdb::params::read_conn_max_age, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $read_conn_lifetime = $puppetdb::params::read_conn_lifetime, + Stdlib::Absolutepath $confdir = $puppetdb::params::confdir, + Stdlib::Absolutepath $vardir = $puppetdb::params::vardir, + Boolean $manage_firewall = $puppetdb::params::manage_firewall, + Hash $java_args = $puppetdb::params::java_args, + Boolean $merge_default_java_args = $puppetdb::params::merge_default_java_args, + Optional[Integer] $max_threads = $puppetdb::params::max_threads, + Optional[Integer] $command_threads = $puppetdb::params::command_threads, + Optional[Integer] $concurrent_writes = $puppetdb::params::concurrent_writes, + Optional[Integer] $store_usage = $puppetdb::params::store_usage, + Optional[Integer] $temp_usage = $puppetdb::params::temp_usage, + Optional[Boolean] $disable_update_checking = $puppetdb::params::disable_update_checking, + Stdlib::Absolutepath $certificate_whitelist_file = $puppetdb::params::certificate_whitelist_file, + Array $certificate_whitelist = $puppetdb::params::certificate_whitelist, + Optional[Variant[Integer, Enum['absent'], Pattern[/\A[0-9]+\Z/]]] $database_max_pool_size = $puppetdb::params::database_max_pool_size, + Optional[Variant[Integer, Enum['absent'], Pattern[/\A[0-9]+\Z/]]] $read_database_max_pool_size = $puppetdb::params::read_database_max_pool_size, + Boolean $automatic_dlo_cleanup = $puppetdb::params::automatic_dlo_cleanup, + String[1] $cleanup_timer_interval = $puppetdb::params::cleanup_timer_interval, + Integer[1] $dlo_max_age = $puppetdb::params::dlo_max_age, + Postgresql::Pg_password_encryption $postgresql_password_encryption = $puppetdb::params::password_encryption, + Optional[Stdlib::Absolutepath] $java_bin = $puppetdb::params::java_bin, ) inherits puppetdb::params { class { 'puppetdb::server': listen_address => $listen_address, diff --git a/manifests/server.pp b/manifests/server.pp index 3ad18de9..a7a1316c 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -311,79 +311,79 @@ # java binary path for PuppetDB. If undef, default will be used. # class puppetdb::server ( - Stdlib::Host $listen_address = $puppetdb::params::listen_address, - Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $listen_port = $puppetdb::params::listen_port, - Boolean $disable_cleartext = $puppetdb::params::disable_cleartext, - Boolean $open_listen_port = $puppetdb::params::open_listen_port, - Stdlib::Host $ssl_listen_address = $puppetdb::params::ssl_listen_address, - Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $ssl_listen_port = $puppetdb::params::ssl_listen_port, - Boolean $disable_ssl = $puppetdb::params::disable_ssl, - Optional[Boolean] $open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port, - Stdlib::Absolutepath $ssl_dir = $puppetdb::params::ssl_dir, - Boolean $ssl_set_cert_paths = $puppetdb::params::ssl_set_cert_paths, - Stdlib::Absolutepath $ssl_cert_path = $puppetdb::params::ssl_cert_path, - Stdlib::Absolutepath $ssl_key_path = $puppetdb::params::ssl_key_path, - Stdlib::Absolutepath $ssl_key_pk8_path = $puppetdb::params::ssl_key_pk8_path, - Stdlib::Absolutepath $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path, - Boolean $ssl_deploy_certs = $puppetdb::params::ssl_deploy_certs, - Optional $ssl_key = $puppetdb::params::ssl_key, - Optional $ssl_cert = $puppetdb::params::ssl_cert, - Optional $ssl_ca_cert = $puppetdb::params::ssl_ca_cert, - Optional $ssl_protocols = $puppetdb::params::ssl_protocols, - Boolean $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, - Optional $cipher_suites = $puppetdb::params::cipher_suites, - Boolean $migrate = $puppetdb::params::migrate, - Stdlib::Host $database_host = $puppetdb::params::database_host, - Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port, - String[1] $database_username = $puppetdb::params::database_username, - Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, - String[1] $database_name = $puppetdb::params::database_name, - Boolean $manage_db_password = $puppetdb::params::manage_db_password, - Variant[String, Boolean] $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, - Boolean $database_validate = $puppetdb::params::database_validate, - Pattern[/\A[0-9dhms]+\Z/] $node_ttl = $puppetdb::params::node_ttl, - Pattern[/\A[0-9dhms]+\Z/] $node_purge_ttl = $puppetdb::params::node_purge_ttl, - Pattern[/\A[0-9dhms]+\Z/] $report_ttl = $puppetdb::params::report_ttl, - Optional[Array] $facts_blacklist = $puppetdb::params::facts_blacklist, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $gc_interval = $puppetdb::params::gc_interval, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $node_purge_gc_batch_limit = $puppetdb::params::node_purge_gc_batch_limit, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_max_age = $puppetdb::params::conn_max_age, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_lifetime = $puppetdb::params::conn_lifetime, - String[1] $puppetdb_package = $puppetdb::params::puppetdb_package, - String[1] $puppetdb_service = $puppetdb::params::puppetdb_service, - Enum['running', 'true', 'stopped', 'false'] $puppetdb_service_status = $puppetdb::params::puppetdb_service_status, - String[1] $puppetdb_user = $puppetdb::params::puppetdb_user, - String[1] $puppetdb_group = $puppetdb::params::puppetdb_group, - Optional[Stdlib::Host] $read_database_host = $puppetdb::params::read_database_host, - Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $read_database_port = $puppetdb::params::read_database_port, - String[1] $read_database_username = $puppetdb::params::read_database_username, - Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, - String[1] $read_database_name = $puppetdb::params::read_database_name, - Boolean $manage_read_db_password = $puppetdb::params::manage_read_db_password, - String $read_database_jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties, - Boolean $read_database_validate = $puppetdb::params::read_database_validate, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $read_conn_max_age = $puppetdb::params::read_conn_max_age, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $read_conn_lifetime = $puppetdb::params::read_conn_lifetime, - Stdlib::Absolutepath $confdir = $puppetdb::params::confdir, - Stdlib::Absolutepath $vardir = $puppetdb::params::vardir, - Boolean $manage_firewall = $puppetdb::params::manage_firewall, - Boolean $manage_database = $puppetdb::params::manage_database, - Hash $java_args = $puppetdb::params::java_args, - Boolean $merge_default_java_args = $puppetdb::params::merge_default_java_args, - Optional[Integer] $max_threads = $puppetdb::params::max_threads, - Optional[Integer] $command_threads = $puppetdb::params::command_threads, - Optional[Integer] $concurrent_writes = $puppetdb::params::concurrent_writes, - Optional[Integer] $store_usage = $puppetdb::params::store_usage, - Optional[Integer] $temp_usage = $puppetdb::params::temp_usage, - Optional[Boolean] $disable_update_checking = $puppetdb::params::disable_update_checking, - Stdlib::Absolutepath $certificate_whitelist_file = $puppetdb::params::certificate_whitelist_file, - Array $certificate_whitelist = $puppetdb::params::certificate_whitelist, - Optional[Variant[Integer, Enum['absent']]] $database_max_pool_size = $puppetdb::params::database_max_pool_size, - Optional[Variant[Integer, Enum['absent']]] $read_database_max_pool_size = $puppetdb::params::read_database_max_pool_size, - Boolean $automatic_dlo_cleanup = $puppetdb::params::automatic_dlo_cleanup, - String[1] $cleanup_timer_interval = $puppetdb::params::cleanup_timer_interval, - Integer[1] $dlo_max_age = $puppetdb::params::dlo_max_age, - Optional[Stdlib::Absolutepath] $java_bin = $puppetdb::params::java_bin, + Stdlib::Host $listen_address = $puppetdb::params::listen_address, + Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $listen_port = $puppetdb::params::listen_port, + Boolean $disable_cleartext = $puppetdb::params::disable_cleartext, + Boolean $open_listen_port = $puppetdb::params::open_listen_port, + Stdlib::Host $ssl_listen_address = $puppetdb::params::ssl_listen_address, + Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $ssl_listen_port = $puppetdb::params::ssl_listen_port, + Boolean $disable_ssl = $puppetdb::params::disable_ssl, + Optional[Boolean] $open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port, + Stdlib::Absolutepath $ssl_dir = $puppetdb::params::ssl_dir, + Boolean $ssl_set_cert_paths = $puppetdb::params::ssl_set_cert_paths, + Stdlib::Absolutepath $ssl_cert_path = $puppetdb::params::ssl_cert_path, + Stdlib::Absolutepath $ssl_key_path = $puppetdb::params::ssl_key_path, + Stdlib::Absolutepath $ssl_key_pk8_path = $puppetdb::params::ssl_key_pk8_path, + Stdlib::Absolutepath $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path, + Boolean $ssl_deploy_certs = $puppetdb::params::ssl_deploy_certs, + Optional $ssl_key = $puppetdb::params::ssl_key, + Optional $ssl_cert = $puppetdb::params::ssl_cert, + Optional $ssl_ca_cert = $puppetdb::params::ssl_ca_cert, + Optional $ssl_protocols = $puppetdb::params::ssl_protocols, + Boolean $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, + Optional $cipher_suites = $puppetdb::params::cipher_suites, + Boolean $migrate = $puppetdb::params::migrate, + Stdlib::Host $database_host = $puppetdb::params::database_host, + Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port, + String[1] $database_username = $puppetdb::params::database_username, + Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, + String[1] $database_name = $puppetdb::params::database_name, + Boolean $manage_db_password = $puppetdb::params::manage_db_password, + Variant[String, Boolean] $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, + Boolean $database_validate = $puppetdb::params::database_validate, + Pattern[/\A[0-9dhms]+\Z/] $node_ttl = $puppetdb::params::node_ttl, + Pattern[/\A[0-9dhms]+\Z/] $node_purge_ttl = $puppetdb::params::node_purge_ttl, + Pattern[/\A[0-9dhms]+\Z/] $report_ttl = $puppetdb::params::report_ttl, + Optional[Array] $facts_blacklist = $puppetdb::params::facts_blacklist, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $gc_interval = $puppetdb::params::gc_interval, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $node_purge_gc_batch_limit = $puppetdb::params::node_purge_gc_batch_limit, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_max_age = $puppetdb::params::conn_max_age, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_lifetime = $puppetdb::params::conn_lifetime, + String[1] $puppetdb_package = $puppetdb::params::puppetdb_package, + String[1] $puppetdb_service = $puppetdb::params::puppetdb_service, + Enum['running', 'true', 'stopped', 'false'] $puppetdb_service_status = $puppetdb::params::puppetdb_service_status, + String[1] $puppetdb_user = $puppetdb::params::puppetdb_user, + String[1] $puppetdb_group = $puppetdb::params::puppetdb_group, + Optional[Stdlib::Host] $read_database_host = $puppetdb::params::read_database_host, + Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $read_database_port = $puppetdb::params::read_database_port, + String[1] $read_database_username = $puppetdb::params::read_database_username, + Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, + String[1] $read_database_name = $puppetdb::params::read_database_name, + Boolean $manage_read_db_password = $puppetdb::params::manage_read_db_password, + String $read_database_jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties, + Boolean $read_database_validate = $puppetdb::params::read_database_validate, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $read_conn_max_age = $puppetdb::params::read_conn_max_age, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $read_conn_lifetime = $puppetdb::params::read_conn_lifetime, + Stdlib::Absolutepath $confdir = $puppetdb::params::confdir, + Stdlib::Absolutepath $vardir = $puppetdb::params::vardir, + Boolean $manage_firewall = $puppetdb::params::manage_firewall, + Boolean $manage_database = $puppetdb::params::manage_database, + Hash $java_args = $puppetdb::params::java_args, + Boolean $merge_default_java_args = $puppetdb::params::merge_default_java_args, + Optional[Integer] $max_threads = $puppetdb::params::max_threads, + Optional[Integer] $command_threads = $puppetdb::params::command_threads, + Optional[Integer] $concurrent_writes = $puppetdb::params::concurrent_writes, + Optional[Integer] $store_usage = $puppetdb::params::store_usage, + Optional[Integer] $temp_usage = $puppetdb::params::temp_usage, + Optional[Boolean] $disable_update_checking = $puppetdb::params::disable_update_checking, + Stdlib::Absolutepath $certificate_whitelist_file = $puppetdb::params::certificate_whitelist_file, + Array $certificate_whitelist = $puppetdb::params::certificate_whitelist, + Optional[Variant[Integer, Enum['absent'], Pattern[/\A[0-9]+\Z/]]] $database_max_pool_size = $puppetdb::params::database_max_pool_size, + Optional[Variant[Integer, Enum['absent'], Pattern[/\A[0-9]+\Z/]]] $read_database_max_pool_size = $puppetdb::params::read_database_max_pool_size, + Boolean $automatic_dlo_cleanup = $puppetdb::params::automatic_dlo_cleanup, + String[1] $cleanup_timer_interval = $puppetdb::params::cleanup_timer_interval, + Integer[1] $dlo_max_age = $puppetdb::params::dlo_max_age, + Optional[Stdlib::Absolutepath] $java_bin = $puppetdb::params::java_bin, ) inherits puppetdb::params { # Apply necessary suffix if zero is specified. # Can we drop this in the next major release? diff --git a/manifests/server/database.pp b/manifests/server/database.pp index d28aba73..7bce5b9b 100644 --- a/manifests/server/database.pp +++ b/manifests/server/database.pp @@ -2,30 +2,30 @@ # # @api private class puppetdb::server::database ( - Stdlib::Host $database_host = $puppetdb::params::database_host, - Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port, - String[1] $database_username = $puppetdb::params::database_username, - Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, - String[1] $database_name = $puppetdb::params::database_name, - Boolean $manage_db_password = $puppetdb::params::manage_db_password, - Variant[String, Boolean] $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, - Boolean $database_validate = $puppetdb::params::database_validate, - Pattern[/\A[0-9dhms]+\Z/] $node_ttl = $puppetdb::params::node_ttl, - Pattern[/\A[0-9dhms]+\Z/] $node_purge_ttl = $puppetdb::params::node_purge_ttl, - Pattern[/\A[0-9dhms]+\Z/] $report_ttl = $puppetdb::params::report_ttl, - Optional[Array] $facts_blacklist = $puppetdb::params::facts_blacklist, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $gc_interval = $puppetdb::params::gc_interval, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $node_purge_gc_batch_limit = $puppetdb::params::node_purge_gc_batch_limit, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_max_age = $puppetdb::params::conn_max_age, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_lifetime = $puppetdb::params::conn_lifetime, - Stdlib::Absolutepath $confdir = $puppetdb::params::confdir, - String[1] $puppetdb_group = $puppetdb::params::puppetdb_group, - Optional[Variant[Integer, Enum['absent']]] $database_max_pool_size = $puppetdb::params::database_max_pool_size, - Boolean $migrate = $puppetdb::params::migrate, - Boolean $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, - Stdlib::Absolutepath $ssl_cert_path = $puppetdb::params::ssl_cert_path, - Stdlib::Absolutepath $ssl_key_pk8_path = $puppetdb::params::ssl_key_pk8_path, - Stdlib::Absolutepath $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path + Stdlib::Host $database_host = $puppetdb::params::database_host, + Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port, + String[1] $database_username = $puppetdb::params::database_username, + Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, + String[1] $database_name = $puppetdb::params::database_name, + Boolean $manage_db_password = $puppetdb::params::manage_db_password, + Variant[String, Boolean] $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, + Boolean $database_validate = $puppetdb::params::database_validate, + Pattern[/\A[0-9dhms]+\Z/] $node_ttl = $puppetdb::params::node_ttl, + Pattern[/\A[0-9dhms]+\Z/] $node_purge_ttl = $puppetdb::params::node_purge_ttl, + Pattern[/\A[0-9dhms]+\Z/] $report_ttl = $puppetdb::params::report_ttl, + Optional[Array] $facts_blacklist = $puppetdb::params::facts_blacklist, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $gc_interval = $puppetdb::params::gc_interval, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $node_purge_gc_batch_limit = $puppetdb::params::node_purge_gc_batch_limit, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_max_age = $puppetdb::params::conn_max_age, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_lifetime = $puppetdb::params::conn_lifetime, + Stdlib::Absolutepath $confdir = $puppetdb::params::confdir, + String[1] $puppetdb_group = $puppetdb::params::puppetdb_group, + Optional[Variant[Integer, Enum['absent'], Pattern[/\A[0-9]+\Z/]]] $database_max_pool_size = $puppetdb::params::database_max_pool_size, + Boolean $migrate = $puppetdb::params::migrate, + Boolean $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, + Stdlib::Absolutepath $ssl_cert_path = $puppetdb::params::ssl_cert_path, + Stdlib::Absolutepath $ssl_key_pk8_path = $puppetdb::params::ssl_key_pk8_path, + Stdlib::Absolutepath $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path ) inherits puppetdb::params { if str2bool($database_validate) { # Validate the database connection. If we can't connect, we want to fail diff --git a/manifests/server/read_database.pp b/manifests/server/read_database.pp index 4f785a1b..61d172e5 100644 --- a/manifests/server/read_database.pp +++ b/manifests/server/read_database.pp @@ -2,23 +2,23 @@ # # @api private class puppetdb::server::read_database ( - Optional[Stdlib::Host] $read_database_host = $puppetdb::params::read_database_host, - Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $read_database_port = $puppetdb::params::read_database_port, - String[1] $read_database_username = $puppetdb::params::read_database_username, - Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, - String[1] $read_database_name = $puppetdb::params::read_database_name, - Boolean $manage_db_password = $puppetdb::params::manage_read_db_password, - Variant[String, Boolean] $jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties, - Boolean $database_validate = $puppetdb::params::read_database_validate, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_max_age = $puppetdb::params::read_conn_max_age, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_lifetime = $puppetdb::params::read_conn_lifetime, - Stdlib::Absolutepath $confdir = $puppetdb::params::confdir, - String[1] $puppetdb_group = $puppetdb::params::puppetdb_group, - Optional[Variant[Integer, Enum['absent']]] $database_max_pool_size = $puppetdb::params::read_database_max_pool_size, - Boolean $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, - Stdlib::Absolutepath $ssl_cert_path = $puppetdb::params::ssl_cert_path, - Stdlib::Absolutepath $ssl_key_pk8_path = $puppetdb::params::ssl_key_pk8_path, - Stdlib::Absolutepath $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path + Optional[Stdlib::Host] $read_database_host = $puppetdb::params::read_database_host, + Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $read_database_port = $puppetdb::params::read_database_port, + String[1] $read_database_username = $puppetdb::params::read_database_username, + Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, + String[1] $read_database_name = $puppetdb::params::read_database_name, + Boolean $manage_db_password = $puppetdb::params::manage_read_db_password, + Variant[String, Boolean] $jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties, + Boolean $database_validate = $puppetdb::params::read_database_validate, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_max_age = $puppetdb::params::read_conn_max_age, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_lifetime = $puppetdb::params::read_conn_lifetime, + Stdlib::Absolutepath $confdir = $puppetdb::params::confdir, + String[1] $puppetdb_group = $puppetdb::params::puppetdb_group, + Optional[Variant[Integer, Enum['absent'], Pattern[/\A[0-9]+\Z/]]] $database_max_pool_size = $puppetdb::params::read_database_max_pool_size, + Boolean $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, + Stdlib::Absolutepath $ssl_cert_path = $puppetdb::params::ssl_cert_path, + Stdlib::Absolutepath $ssl_key_pk8_path = $puppetdb::params::ssl_key_pk8_path, + Stdlib::Absolutepath $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path ) inherits puppetdb::params { if $read_database_host != undef { if str2bool($database_validate) { From 4b76eb7f99f6d651a2044d95fe039d10a9f39c9f Mon Sep 17 00:00:00 2001 From: Mitchell Chambers Date: Fri, 7 Jun 2024 11:02:55 +1000 Subject: [PATCH 29/32] refine port validation to user ports 1024-49151 --- manifests/database/postgresql.pp | 38 +++++++++++++------------- manifests/init.pp | 8 +++--- manifests/master/config.pp | 40 ++++++++++++++-------------- manifests/master/puppetdb_conf.pp | 10 +++---- manifests/server.pp | 8 +++--- manifests/server/database.pp | 2 +- manifests/server/firewall.pp | 8 +++--- manifests/server/jetty.pp | 30 ++++++++++----------- manifests/server/read_database.pp | 2 +- manifests/server/validate_db.pp | 12 ++++----- manifests/server/validate_read_db.pp | 12 ++++----- 11 files changed, 85 insertions(+), 85 deletions(-) diff --git a/manifests/database/postgresql.pp b/manifests/database/postgresql.pp index e2c1eda3..f0a9f2bd 100644 --- a/manifests/database/postgresql.pp +++ b/manifests/database/postgresql.pp @@ -71,25 +71,25 @@ # PostgreSQL password authentication method, either `md5` or `scram-sha-256` # class puppetdb::database::postgresql ( - Stdlib::Host $listen_addresses = $puppetdb::params::database_host, - Stdlib::Host $puppetdb_server = $puppetdb::params::puppetdb_server, - String[1] $database_name = $puppetdb::params::database_name, - String[1] $database_username = $puppetdb::params::database_username, - Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, - Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port, - Boolean $manage_database = $puppetdb::params::manage_database, - Boolean $manage_server = $puppetdb::params::manage_dbserver, - Boolean $manage_package_repo = $puppetdb::params::manage_pg_repo, - String[2,3] $postgres_version = $puppetdb::params::postgres_version, - Boolean $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, - Stdlib::Absolutepath $postgresql_ssl_key_path = $puppetdb::params::postgresql_ssl_key_path, - Stdlib::Absolutepath $postgresql_ssl_cert_path = $puppetdb::params::postgresql_ssl_cert_path, - Stdlib::Absolutepath $postgresql_ssl_ca_cert_path = $puppetdb::params::postgresql_ssl_ca_cert_path, - String[1] $read_database_username = $puppetdb::params::read_database_username, - Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, - Optional[Stdlib::Host] $read_database_host = $puppetdb::params::read_database_host, - Boolean $password_sensitive = false, - Postgresql::Pg_password_encryption $password_encryption = $puppetdb::params::password_encryption, + Stdlib::Host $listen_addresses = $puppetdb::params::database_host, + Stdlib::Host $puppetdb_server = $puppetdb::params::puppetdb_server, + String[1] $database_name = $puppetdb::params::database_name, + String[1] $database_username = $puppetdb::params::database_username, + Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, + Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port, + Boolean $manage_database = $puppetdb::params::manage_database, + Boolean $manage_server = $puppetdb::params::manage_dbserver, + Boolean $manage_package_repo = $puppetdb::params::manage_pg_repo, + String[2,3] $postgres_version = $puppetdb::params::postgres_version, + Boolean $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, + Stdlib::Absolutepath $postgresql_ssl_key_path = $puppetdb::params::postgresql_ssl_key_path, + Stdlib::Absolutepath $postgresql_ssl_cert_path = $puppetdb::params::postgresql_ssl_cert_path, + Stdlib::Absolutepath $postgresql_ssl_ca_cert_path = $puppetdb::params::postgresql_ssl_ca_cert_path, + String[1] $read_database_username = $puppetdb::params::read_database_username, + Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, + Optional[Stdlib::Host] $read_database_host = $puppetdb::params::read_database_host, + Boolean $password_sensitive = false, + Postgresql::Pg_password_encryption $password_encryption = $puppetdb::params::password_encryption, ) inherits puppetdb::params { $port = case $database_port.is_a(String) { true: { scanf($database_port, '%i')[0] } diff --git a/manifests/init.pp b/manifests/init.pp index e469601d..5bf25dc7 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -347,11 +347,11 @@ # class puppetdb ( Stdlib::Host $listen_address = $puppetdb::params::listen_address, - Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $listen_port = $puppetdb::params::listen_port, + Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $listen_port = $puppetdb::params::listen_port, Boolean $disable_cleartext = $puppetdb::params::disable_cleartext, Boolean $open_listen_port = $puppetdb::params::open_listen_port, Stdlib::Host $ssl_listen_address = $puppetdb::params::ssl_listen_address, - Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $ssl_listen_port = $puppetdb::params::ssl_listen_port, + Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $ssl_listen_port = $puppetdb::params::ssl_listen_port, Boolean $disable_ssl = $puppetdb::params::disable_ssl, Optional[Boolean] $open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port, Stdlib::Absolutepath $ssl_dir = $puppetdb::params::ssl_dir, @@ -377,7 +377,7 @@ Boolean $manage_package_repo = $puppetdb::params::manage_pg_repo, String[2,3] $postgres_version = $puppetdb::params::postgres_version, Stdlib::Host $database_host = $puppetdb::params::database_host, - Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port, + Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port, String[1] $database_username = $puppetdb::params::database_username, Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, String[1] $database_name = $puppetdb::params::database_name, @@ -400,7 +400,7 @@ String[1] $puppetdb_group = $puppetdb::params::puppetdb_group, Stdlib::Host $puppetdb_server = $puppetdb::params::puppetdb_server, Optional[Stdlib::Host] $read_database_host = $puppetdb::params::read_database_host, - Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $read_database_port = $puppetdb::params::read_database_port, + Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $read_database_port = $puppetdb::params::read_database_port, String[1] $read_database_username = $puppetdb::params::read_database_username, Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, String[1] $read_database_name = $puppetdb::params::read_database_name, diff --git a/manifests/master/config.pp b/manifests/master/config.pp index 2832c2b9..d949fb25 100644 --- a/manifests/master/config.pp +++ b/manifests/master/config.pp @@ -90,35 +90,35 @@ # files (other than `puppet.conf`). # class puppetdb::master::config ( - Stdlib::Host $puppetdb_server = fact('networking.fqdn'), - Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $puppetdb_port = defined(Class['puppetdb']) ? { + Stdlib::Host $puppetdb_server = fact('networking.fqdn'), + Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $puppetdb_port = defined(Class['puppetdb']) ? { true => $puppetdb::disable_ssl ? { true => 8080, default => 8081, }, default => 8081, }, - Boolean $puppetdb_disable_ssl = defined(Class['puppetdb']) ? { + Boolean $puppetdb_disable_ssl = defined(Class['puppetdb']) ? { true => $puppetdb::disable_ssl, default => false, }, - Boolean $masterless = $puppetdb::params::masterless, - Boolean $puppetdb_soft_write_failure = false, - Boolean $manage_routes = true, - Boolean $manage_storeconfigs = true, - Boolean $enable_storeconfigs = true, - Boolean $manage_report_processor = false, - Boolean $manage_config = true, - Boolean $create_puppet_service_resource = true, - Boolean $strict_validation = true, - Boolean $enable_reports = false, - Stdlib::Absolutepath $puppet_confdir = $puppetdb::params::puppet_confdir, - Stdlib::Absolutepath $puppet_conf = $puppetdb::params::puppet_conf, - String[1] $terminus_package = $puppetdb::params::terminus_package, - String[1] $puppet_service_name = $puppetdb::params::puppet_service_name, - Integer $puppetdb_startup_timeout = $puppetdb::params::puppetdb_startup_timeout, - String[1] $test_url = $puppetdb::params::test_url, - Boolean $restart_puppet = true, + Boolean $masterless = $puppetdb::params::masterless, + Boolean $puppetdb_soft_write_failure = false, + Boolean $manage_routes = true, + Boolean $manage_storeconfigs = true, + Boolean $enable_storeconfigs = true, + Boolean $manage_report_processor = false, + Boolean $manage_config = true, + Boolean $create_puppet_service_resource = true, + Boolean $strict_validation = true, + Boolean $enable_reports = false, + Stdlib::Absolutepath $puppet_confdir = $puppetdb::params::puppet_confdir, + Stdlib::Absolutepath $puppet_conf = $puppetdb::params::puppet_conf, + String[1] $terminus_package = $puppetdb::params::terminus_package, + String[1] $puppet_service_name = $puppetdb::params::puppet_service_name, + Integer $puppetdb_startup_timeout = $puppetdb::params::puppetdb_startup_timeout, + String[1] $test_url = $puppetdb::params::test_url, + Boolean $restart_puppet = true, ) inherits puppetdb::params { # **WARNING**: Ugly hack to work around a yum bug with metadata parsing. This # should not be copied, replicated or even looked at. In short, never rename diff --git a/manifests/master/puppetdb_conf.pp b/manifests/master/puppetdb_conf.pp index b65aa11c..76baa221 100644 --- a/manifests/master/puppetdb_conf.pp +++ b/manifests/master/puppetdb_conf.pp @@ -2,14 +2,14 @@ # # @api private class puppetdb::master::puppetdb_conf ( - Stdlib::Host $server = 'localhost', - Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $port = '8081', - Boolean $soft_write_failure = $puppetdb::disable_ssl ? { + Stdlib::Host $server = 'localhost', + Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $port = '8081', + Stdlib::Absolutepath $puppet_confdir = $puppetdb::params::puppet_confdir, + Boolean $soft_write_failure = $puppetdb::disable_ssl ? { true => true, default => false, }, - Stdlib::Absolutepath $puppet_confdir = $puppetdb::params::puppet_confdir, - Boolean $legacy_terminus = $puppetdb::params::terminus_package ? { + Boolean $legacy_terminus = $puppetdb::params::terminus_package ? { /(puppetdb-terminus)/ => true, default => false, }, diff --git a/manifests/server.pp b/manifests/server.pp index a7a1316c..a2000b85 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -312,11 +312,11 @@ # class puppetdb::server ( Stdlib::Host $listen_address = $puppetdb::params::listen_address, - Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $listen_port = $puppetdb::params::listen_port, + Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $listen_port = $puppetdb::params::listen_port, Boolean $disable_cleartext = $puppetdb::params::disable_cleartext, Boolean $open_listen_port = $puppetdb::params::open_listen_port, Stdlib::Host $ssl_listen_address = $puppetdb::params::ssl_listen_address, - Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $ssl_listen_port = $puppetdb::params::ssl_listen_port, + Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $ssl_listen_port = $puppetdb::params::ssl_listen_port, Boolean $disable_ssl = $puppetdb::params::disable_ssl, Optional[Boolean] $open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port, Stdlib::Absolutepath $ssl_dir = $puppetdb::params::ssl_dir, @@ -334,7 +334,7 @@ Optional $cipher_suites = $puppetdb::params::cipher_suites, Boolean $migrate = $puppetdb::params::migrate, Stdlib::Host $database_host = $puppetdb::params::database_host, - Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port, + Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port, String[1] $database_username = $puppetdb::params::database_username, Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, String[1] $database_name = $puppetdb::params::database_name, @@ -355,7 +355,7 @@ String[1] $puppetdb_user = $puppetdb::params::puppetdb_user, String[1] $puppetdb_group = $puppetdb::params::puppetdb_group, Optional[Stdlib::Host] $read_database_host = $puppetdb::params::read_database_host, - Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $read_database_port = $puppetdb::params::read_database_port, + Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $read_database_port = $puppetdb::params::read_database_port, String[1] $read_database_username = $puppetdb::params::read_database_username, Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, String[1] $read_database_name = $puppetdb::params::read_database_name, diff --git a/manifests/server/database.pp b/manifests/server/database.pp index 7bce5b9b..ea58fb7d 100644 --- a/manifests/server/database.pp +++ b/manifests/server/database.pp @@ -3,7 +3,7 @@ # @api private class puppetdb::server::database ( Stdlib::Host $database_host = $puppetdb::params::database_host, - Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port, + Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port, String[1] $database_username = $puppetdb::params::database_username, Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, String[1] $database_name = $puppetdb::params::database_name, diff --git a/manifests/server/firewall.pp b/manifests/server/firewall.pp index ae2b93bf..d0008bf7 100644 --- a/manifests/server/firewall.pp +++ b/manifests/server/firewall.pp @@ -2,10 +2,10 @@ # # @api private class puppetdb::server::firewall ( - Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $http_port = $puppetdb::params::listen_port, - Boolean $open_http_port = $puppetdb::params::open_listen_port, - Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $ssl_port = $puppetdb::params::ssl_listen_port, - Optional[Boolean] $open_ssl_port = $puppetdb::params::open_ssl_listen_port, + Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $http_port = $puppetdb::params::listen_port, + Boolean $open_http_port = $puppetdb::params::open_listen_port, + Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $ssl_port = $puppetdb::params::ssl_listen_port, + Optional[Boolean] $open_ssl_port = $puppetdb::params::open_ssl_listen_port, ) inherits puppetdb::params { include firewall diff --git a/manifests/server/jetty.pp b/manifests/server/jetty.pp index 86b844ba..b81d0fbc 100644 --- a/manifests/server/jetty.pp +++ b/manifests/server/jetty.pp @@ -2,21 +2,21 @@ # # @api private class puppetdb::server::jetty ( - Stdlib::Host $listen_address = $puppetdb::params::listen_address, - Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $listen_port = $puppetdb::params::listen_port, - Boolean $disable_cleartext = $puppetdb::params::disable_cleartext, - Stdlib::Host $ssl_listen_address = $puppetdb::params::ssl_listen_address, - Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $ssl_listen_port = $puppetdb::params::ssl_listen_port, - Boolean $disable_ssl = $puppetdb::params::disable_ssl, - Boolean $ssl_set_cert_paths = $puppetdb::params::ssl_set_cert_paths, - Stdlib::Absolutepath $ssl_cert_path = $puppetdb::params::ssl_cert_path, - Stdlib::Absolutepath $ssl_key_path = $puppetdb::params::ssl_key_path, - Stdlib::Absolutepath $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path, - Optional[String] $ssl_protocols = $puppetdb::params::ssl_protocols, - Optional[String] $cipher_suites = $puppetdb::params::cipher_suites, - Stdlib::Absolutepath $confdir = $puppetdb::params::confdir, - Optional[Integer] $max_threads = $puppetdb::params::max_threads, - String[1] $puppetdb_group = $puppetdb::params::puppetdb_group, + Stdlib::Host $listen_address = $puppetdb::params::listen_address, + Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $listen_port = $puppetdb::params::listen_port, + Boolean $disable_cleartext = $puppetdb::params::disable_cleartext, + Stdlib::Host $ssl_listen_address = $puppetdb::params::ssl_listen_address, + Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $ssl_listen_port = $puppetdb::params::ssl_listen_port, + Boolean $disable_ssl = $puppetdb::params::disable_ssl, + Boolean $ssl_set_cert_paths = $puppetdb::params::ssl_set_cert_paths, + Stdlib::Absolutepath $ssl_cert_path = $puppetdb::params::ssl_cert_path, + Stdlib::Absolutepath $ssl_key_path = $puppetdb::params::ssl_key_path, + Stdlib::Absolutepath $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path, + Optional[String] $ssl_protocols = $puppetdb::params::ssl_protocols, + Optional[String] $cipher_suites = $puppetdb::params::cipher_suites, + Stdlib::Absolutepath $confdir = $puppetdb::params::confdir, + Optional[Integer] $max_threads = $puppetdb::params::max_threads, + String[1] $puppetdb_group = $puppetdb::params::puppetdb_group, ) inherits puppetdb::params { $jetty_ini = "${confdir}/jetty.ini" diff --git a/manifests/server/read_database.pp b/manifests/server/read_database.pp index 61d172e5..748100fe 100644 --- a/manifests/server/read_database.pp +++ b/manifests/server/read_database.pp @@ -3,7 +3,7 @@ # @api private class puppetdb::server::read_database ( Optional[Stdlib::Host] $read_database_host = $puppetdb::params::read_database_host, - Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $read_database_port = $puppetdb::params::read_database_port, + Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $read_database_port = $puppetdb::params::read_database_port, String[1] $read_database_username = $puppetdb::params::read_database_username, Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, String[1] $read_database_name = $puppetdb::params::read_database_name, diff --git a/manifests/server/validate_db.pp b/manifests/server/validate_db.pp index d37634e8..2741035a 100644 --- a/manifests/server/validate_db.pp +++ b/manifests/server/validate_db.pp @@ -2,12 +2,12 @@ # # @api private class puppetdb::server::validate_db ( - Stdlib::Host $database_host = $puppetdb::params::database_host, - Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port, - String[1] $database_username = $puppetdb::params::database_username, - Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, - String[1] $database_name = $puppetdb::params::database_name, - Variant[String, Boolean] $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, + Stdlib::Host $database_host = $puppetdb::params::database_host, + Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port, + String[1] $database_username = $puppetdb::params::database_username, + Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, + String[1] $database_name = $puppetdb::params::database_name, + Variant[String, Boolean] $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, ) inherits puppetdb::params { if ($database_password != undef and $jdbc_ssl_properties == false) { postgresql_conn_validator { 'validate puppetdb postgres connection': diff --git a/manifests/server/validate_read_db.pp b/manifests/server/validate_read_db.pp index 4f6dab8b..acdeba21 100644 --- a/manifests/server/validate_read_db.pp +++ b/manifests/server/validate_read_db.pp @@ -2,12 +2,12 @@ # # @api private class puppetdb::server::validate_read_db ( - Stdlib::Host $database_host = $puppetdb::params::database_host, - Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port, - String[1] $database_username = $puppetdb::params::database_username, - Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, - String[1] $database_name = $puppetdb::params::database_name, - Variant[String, Boolean] $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, + Stdlib::Host $database_host = $puppetdb::params::database_host, + Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port, + String[1] $database_username = $puppetdb::params::database_username, + Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, + String[1] $database_name = $puppetdb::params::database_name, + Variant[String, Boolean] $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, ) inherits puppetdb::params { if ($database_password != undef and $jdbc_ssl_properties == false) { postgresql_conn_validator { 'validate puppetdb postgres (read) connection': From 62ae1ef0c4c28a395fbcff40565f49be3acc5760 Mon Sep 17 00:00:00 2001 From: Mitchell Chambers Date: Tue, 11 Jun 2024 13:06:28 +1000 Subject: [PATCH 30/32] set lower bounds for string and integer to negate empty or negative values --- manifests/database/default_read_grant.pp | 2 +- manifests/database/postgresql_ssl_rules.pp | 6 +- manifests/database/read_grant.pp | 6 +- manifests/init.pp | 166 ++++++++++----------- manifests/master/config.pp | 4 +- manifests/server.pp | 146 +++++++++--------- manifests/server/command_processing.pp | 8 +- manifests/server/database.pp | 48 +++--- manifests/server/jetty.pp | 6 +- manifests/server/read_database.pp | 34 ++--- manifests/server/validate_db.pp | 2 +- manifests/server/validate_read_db.pp | 2 +- 12 files changed, 215 insertions(+), 215 deletions(-) diff --git a/manifests/database/default_read_grant.pp b/manifests/database/default_read_grant.pp index fb2a385d..373d56c7 100644 --- a/manifests/database/default_read_grant.pp +++ b/manifests/database/default_read_grant.pp @@ -3,7 +3,7 @@ # @api private define puppetdb::database::default_read_grant ( String[1] $database_name, - String $schema, + String[1] $schema, String[1] $database_username, String[1] $database_read_only_username, Optional[Stdlib::Port] $database_port = undef, diff --git a/manifests/database/postgresql_ssl_rules.pp b/manifests/database/postgresql_ssl_rules.pp index c9f17f8b..fb347731 100644 --- a/manifests/database/postgresql_ssl_rules.pp +++ b/manifests/database/postgresql_ssl_rules.pp @@ -2,10 +2,10 @@ # # @api private define puppetdb::database::postgresql_ssl_rules ( - String $database_name, - String $database_username, + String[1] $database_name, + String[1] $database_username, String[2,3] $postgres_version, - String $puppetdb_server, + String[1] $puppetdb_server, ) { $identity_map_key = "${database_name}-${database_username}-map" diff --git a/manifests/database/read_grant.pp b/manifests/database/read_grant.pp index f66d5e90..ec57ba88 100644 --- a/manifests/database/read_grant.pp +++ b/manifests/database/read_grant.pp @@ -2,9 +2,9 @@ # # @api private define puppetdb::database::read_grant ( - String $database_name, - String $schema, - String $database_read_only_username, + String[1] $database_name, + String[1] $schema, + String[1] $database_read_only_username, Optional[Stdlib::Port] $database_port = undef, ) { postgresql_psql { "grant select permission for ${database_read_only_username}": diff --git a/manifests/init.pp b/manifests/init.pp index 5bf25dc7..f73625f5 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -346,89 +346,89 @@ # PostgreSQL password authentication method, either `md5` or `scram-sha-256` # class puppetdb ( - Stdlib::Host $listen_address = $puppetdb::params::listen_address, - Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $listen_port = $puppetdb::params::listen_port, - Boolean $disable_cleartext = $puppetdb::params::disable_cleartext, - Boolean $open_listen_port = $puppetdb::params::open_listen_port, - Stdlib::Host $ssl_listen_address = $puppetdb::params::ssl_listen_address, - Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $ssl_listen_port = $puppetdb::params::ssl_listen_port, - Boolean $disable_ssl = $puppetdb::params::disable_ssl, - Optional[Boolean] $open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port, - Stdlib::Absolutepath $ssl_dir = $puppetdb::params::ssl_dir, - Boolean $ssl_set_cert_paths = $puppetdb::params::ssl_set_cert_paths, - Stdlib::Absolutepath $ssl_cert_path = $puppetdb::params::ssl_cert_path, - Stdlib::Absolutepath $ssl_key_path = $puppetdb::params::ssl_key_path, - Stdlib::Absolutepath $ssl_key_pk8_path = $puppetdb::params::ssl_key_pk8_path, - Stdlib::Absolutepath $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path, - Boolean $ssl_deploy_certs = $puppetdb::params::ssl_deploy_certs, - Optional[String] $ssl_key = $puppetdb::params::ssl_key, - Optional[String] $ssl_cert = $puppetdb::params::ssl_cert, - Optional[String] $ssl_ca_cert = $puppetdb::params::ssl_ca_cert, - Optional[String] $ssl_protocols = $puppetdb::params::ssl_protocols, - Boolean $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, - Stdlib::Absolutepath $postgresql_ssl_folder = $puppetdb::params::postgresql_ssl_folder, - Stdlib::Absolutepath $postgresql_ssl_cert_path = $puppetdb::params::postgresql_ssl_cert_path, - Stdlib::Absolutepath $postgresql_ssl_key_path = $puppetdb::params::postgresql_ssl_key_path, - Stdlib::Absolutepath $postgresql_ssl_ca_cert_path = $puppetdb::params::postgresql_ssl_ca_cert_path, - Optional $cipher_suites = $puppetdb::params::cipher_suites, - Boolean $migrate = $puppetdb::params::migrate, - Boolean $manage_dbserver = $puppetdb::params::manage_dbserver, - Boolean $manage_database = $puppetdb::params::manage_database, - Boolean $manage_package_repo = $puppetdb::params::manage_pg_repo, - String[2,3] $postgres_version = $puppetdb::params::postgres_version, - Stdlib::Host $database_host = $puppetdb::params::database_host, - Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port, - String[1] $database_username = $puppetdb::params::database_username, - Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, - String[1] $database_name = $puppetdb::params::database_name, - Boolean $manage_db_password = $puppetdb::params::manage_db_password, - Variant[String, Boolean] $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, - String[1] $database_listen_address = $puppetdb::params::postgres_listen_addresses, - Boolean $database_validate = $puppetdb::params::database_validate, - Pattern[/\A[0-9dhms]+\Z/] $node_ttl = $puppetdb::params::node_ttl, - Pattern[/\A[0-9dhms]+\Z/] $node_purge_ttl = $puppetdb::params::node_purge_ttl, - Pattern[/\A[0-9dhms]+\Z/] $report_ttl = $puppetdb::params::report_ttl, - Optional[Array] $facts_blacklist = $puppetdb::params::facts_blacklist, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $gc_interval = $puppetdb::params::gc_interval, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $node_purge_gc_batch_limit = $puppetdb::params::node_purge_gc_batch_limit, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_max_age = $puppetdb::params::conn_max_age, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_lifetime = $puppetdb::params::conn_lifetime, - String[1] $puppetdb_package = $puppetdb::params::puppetdb_package, - String[1] $puppetdb_service = $puppetdb::params::puppetdb_service, - Enum['running', 'true', 'stopped', 'false'] $puppetdb_service_status = $puppetdb::params::puppetdb_service_status, - String[1] $puppetdb_user = $puppetdb::params::puppetdb_user, - String[1] $puppetdb_group = $puppetdb::params::puppetdb_group, - Stdlib::Host $puppetdb_server = $puppetdb::params::puppetdb_server, - Optional[Stdlib::Host] $read_database_host = $puppetdb::params::read_database_host, - Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $read_database_port = $puppetdb::params::read_database_port, - String[1] $read_database_username = $puppetdb::params::read_database_username, - Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, - String[1] $read_database_name = $puppetdb::params::read_database_name, - Boolean $manage_read_db_password = $puppetdb::params::manage_read_db_password, - String $read_database_jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties, - Boolean $read_database_validate = $puppetdb::params::read_database_validate, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $read_conn_max_age = $puppetdb::params::read_conn_max_age, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $read_conn_lifetime = $puppetdb::params::read_conn_lifetime, - Stdlib::Absolutepath $confdir = $puppetdb::params::confdir, - Stdlib::Absolutepath $vardir = $puppetdb::params::vardir, - Boolean $manage_firewall = $puppetdb::params::manage_firewall, - Hash $java_args = $puppetdb::params::java_args, - Boolean $merge_default_java_args = $puppetdb::params::merge_default_java_args, - Optional[Integer] $max_threads = $puppetdb::params::max_threads, - Optional[Integer] $command_threads = $puppetdb::params::command_threads, - Optional[Integer] $concurrent_writes = $puppetdb::params::concurrent_writes, - Optional[Integer] $store_usage = $puppetdb::params::store_usage, - Optional[Integer] $temp_usage = $puppetdb::params::temp_usage, - Optional[Boolean] $disable_update_checking = $puppetdb::params::disable_update_checking, - Stdlib::Absolutepath $certificate_whitelist_file = $puppetdb::params::certificate_whitelist_file, - Array $certificate_whitelist = $puppetdb::params::certificate_whitelist, - Optional[Variant[Integer, Enum['absent'], Pattern[/\A[0-9]+\Z/]]] $database_max_pool_size = $puppetdb::params::database_max_pool_size, - Optional[Variant[Integer, Enum['absent'], Pattern[/\A[0-9]+\Z/]]] $read_database_max_pool_size = $puppetdb::params::read_database_max_pool_size, - Boolean $automatic_dlo_cleanup = $puppetdb::params::automatic_dlo_cleanup, - String[1] $cleanup_timer_interval = $puppetdb::params::cleanup_timer_interval, - Integer[1] $dlo_max_age = $puppetdb::params::dlo_max_age, - Postgresql::Pg_password_encryption $postgresql_password_encryption = $puppetdb::params::password_encryption, - Optional[Stdlib::Absolutepath] $java_bin = $puppetdb::params::java_bin, + Stdlib::Host $listen_address = $puppetdb::params::listen_address, + Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $listen_port = $puppetdb::params::listen_port, + Boolean $disable_cleartext = $puppetdb::params::disable_cleartext, + Boolean $open_listen_port = $puppetdb::params::open_listen_port, + Stdlib::Host $ssl_listen_address = $puppetdb::params::ssl_listen_address, + Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $ssl_listen_port = $puppetdb::params::ssl_listen_port, + Boolean $disable_ssl = $puppetdb::params::disable_ssl, + Optional[Boolean] $open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port, + Stdlib::Absolutepath $ssl_dir = $puppetdb::params::ssl_dir, + Boolean $ssl_set_cert_paths = $puppetdb::params::ssl_set_cert_paths, + Stdlib::Absolutepath $ssl_cert_path = $puppetdb::params::ssl_cert_path, + Stdlib::Absolutepath $ssl_key_path = $puppetdb::params::ssl_key_path, + Stdlib::Absolutepath $ssl_key_pk8_path = $puppetdb::params::ssl_key_pk8_path, + Stdlib::Absolutepath $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path, + Boolean $ssl_deploy_certs = $puppetdb::params::ssl_deploy_certs, + Optional[String[1]] $ssl_key = $puppetdb::params::ssl_key, + Optional[String[1]] $ssl_cert = $puppetdb::params::ssl_cert, + Optional[String[1]] $ssl_ca_cert = $puppetdb::params::ssl_ca_cert, + Optional[String[1]] $ssl_protocols = $puppetdb::params::ssl_protocols, + Boolean $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, + Stdlib::Absolutepath $postgresql_ssl_folder = $puppetdb::params::postgresql_ssl_folder, + Stdlib::Absolutepath $postgresql_ssl_cert_path = $puppetdb::params::postgresql_ssl_cert_path, + Stdlib::Absolutepath $postgresql_ssl_key_path = $puppetdb::params::postgresql_ssl_key_path, + Stdlib::Absolutepath $postgresql_ssl_ca_cert_path = $puppetdb::params::postgresql_ssl_ca_cert_path, + Optional[String[1]] $cipher_suites = $puppetdb::params::cipher_suites, + Boolean $migrate = $puppetdb::params::migrate, + Boolean $manage_dbserver = $puppetdb::params::manage_dbserver, + Boolean $manage_database = $puppetdb::params::manage_database, + Boolean $manage_package_repo = $puppetdb::params::manage_pg_repo, + String[2,3] $postgres_version = $puppetdb::params::postgres_version, + Stdlib::Host $database_host = $puppetdb::params::database_host, + Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port, + String[1] $database_username = $puppetdb::params::database_username, + Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, + String[1] $database_name = $puppetdb::params::database_name, + Boolean $manage_db_password = $puppetdb::params::manage_db_password, + Variant[String[0], Boolean[false]] $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, + String[1] $database_listen_address = $puppetdb::params::postgres_listen_addresses, + Boolean $database_validate = $puppetdb::params::database_validate, + Pattern[/\A[0-9dhms]+\Z/] $node_ttl = $puppetdb::params::node_ttl, + Pattern[/\A[0-9dhms]+\Z/] $node_purge_ttl = $puppetdb::params::node_purge_ttl, + Pattern[/\A[0-9dhms]+\Z/] $report_ttl = $puppetdb::params::report_ttl, + Optional[Array] $facts_blacklist = $puppetdb::params::facts_blacklist, + Variant[Integer[0], Pattern[/\A[0-9]+\Z/]] $gc_interval = $puppetdb::params::gc_interval, + Variant[Integer[0], Pattern[/\A[0-9]+\Z/]] $node_purge_gc_batch_limit = $puppetdb::params::node_purge_gc_batch_limit, + Variant[Integer[0], Pattern[/\A[0-9]+\Z/]] $conn_max_age = $puppetdb::params::conn_max_age, + Variant[Integer[0], Pattern[/\A[0-9]+\Z/]] $conn_lifetime = $puppetdb::params::conn_lifetime, + String[1] $puppetdb_package = $puppetdb::params::puppetdb_package, + String[1] $puppetdb_service = $puppetdb::params::puppetdb_service, + Enum['running', 'true', 'stopped', 'false'] $puppetdb_service_status = $puppetdb::params::puppetdb_service_status, + String[1] $puppetdb_user = $puppetdb::params::puppetdb_user, + String[1] $puppetdb_group = $puppetdb::params::puppetdb_group, + Stdlib::Host $puppetdb_server = $puppetdb::params::puppetdb_server, + Optional[Stdlib::Host] $read_database_host = $puppetdb::params::read_database_host, + Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $read_database_port = $puppetdb::params::read_database_port, + String[1] $read_database_username = $puppetdb::params::read_database_username, + Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, + String[1] $read_database_name = $puppetdb::params::read_database_name, + Boolean $manage_read_db_password = $puppetdb::params::manage_read_db_password, + Variant[String[0], Boolean[false]] $read_database_jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties, + Boolean $read_database_validate = $puppetdb::params::read_database_validate, + Variant[Integer[0], Pattern[/\A[0-9]+\Z/]] $read_conn_max_age = $puppetdb::params::read_conn_max_age, + Variant[Integer[0], Pattern[/\A[0-9]+\Z/]] $read_conn_lifetime = $puppetdb::params::read_conn_lifetime, + Stdlib::Absolutepath $confdir = $puppetdb::params::confdir, + Stdlib::Absolutepath $vardir = $puppetdb::params::vardir, + Boolean $manage_firewall = $puppetdb::params::manage_firewall, + Hash $java_args = $puppetdb::params::java_args, + Boolean $merge_default_java_args = $puppetdb::params::merge_default_java_args, + Optional[Integer[0]] $max_threads = $puppetdb::params::max_threads, + Optional[Integer[0]] $command_threads = $puppetdb::params::command_threads, + Optional[Integer[0]] $concurrent_writes = $puppetdb::params::concurrent_writes, + Optional[Integer[0]] $store_usage = $puppetdb::params::store_usage, + Optional[Integer[0]] $temp_usage = $puppetdb::params::temp_usage, + Optional[Boolean] $disable_update_checking = $puppetdb::params::disable_update_checking, + Stdlib::Absolutepath $certificate_whitelist_file = $puppetdb::params::certificate_whitelist_file, + Array $certificate_whitelist = $puppetdb::params::certificate_whitelist, + Optional[Variant[Integer[0], Enum['absent'], Pattern[/\A[0-9]+\Z/]]] $database_max_pool_size = $puppetdb::params::database_max_pool_size, + Optional[Variant[Integer[0], Enum['absent'], Pattern[/\A[0-9]+\Z/]]] $read_database_max_pool_size = $puppetdb::params::read_database_max_pool_size, + Boolean $automatic_dlo_cleanup = $puppetdb::params::automatic_dlo_cleanup, + String[1] $cleanup_timer_interval = $puppetdb::params::cleanup_timer_interval, + Integer[1] $dlo_max_age = $puppetdb::params::dlo_max_age, + Postgresql::Pg_password_encryption $postgresql_password_encryption = $puppetdb::params::password_encryption, + Optional[Stdlib::Absolutepath] $java_bin = $puppetdb::params::java_bin, ) inherits puppetdb::params { class { 'puppetdb::server': listen_address => $listen_address, diff --git a/manifests/master/config.pp b/manifests/master/config.pp index d949fb25..2483448f 100644 --- a/manifests/master/config.pp +++ b/manifests/master/config.pp @@ -77,7 +77,7 @@ # # @param puppetdb_startup_timeout # The maximum amount of time that the module should wait for PuppetDB to start up. -# This is most important during the initial install of PuppetDB (defaults to 15 +# This is most important during the initial install of PuppetDB (defaults to 120 # seconds). # # @param test_url @@ -116,7 +116,7 @@ Stdlib::Absolutepath $puppet_conf = $puppetdb::params::puppet_conf, String[1] $terminus_package = $puppetdb::params::terminus_package, String[1] $puppet_service_name = $puppetdb::params::puppet_service_name, - Integer $puppetdb_startup_timeout = $puppetdb::params::puppetdb_startup_timeout, + Integer[0] $puppetdb_startup_timeout = $puppetdb::params::puppetdb_startup_timeout, String[1] $test_url = $puppetdb::params::test_url, Boolean $restart_puppet = true, ) inherits puppetdb::params { diff --git a/manifests/server.pp b/manifests/server.pp index a2000b85..f2d28af2 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -311,79 +311,79 @@ # java binary path for PuppetDB. If undef, default will be used. # class puppetdb::server ( - Stdlib::Host $listen_address = $puppetdb::params::listen_address, - Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $listen_port = $puppetdb::params::listen_port, - Boolean $disable_cleartext = $puppetdb::params::disable_cleartext, - Boolean $open_listen_port = $puppetdb::params::open_listen_port, - Stdlib::Host $ssl_listen_address = $puppetdb::params::ssl_listen_address, - Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $ssl_listen_port = $puppetdb::params::ssl_listen_port, - Boolean $disable_ssl = $puppetdb::params::disable_ssl, - Optional[Boolean] $open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port, - Stdlib::Absolutepath $ssl_dir = $puppetdb::params::ssl_dir, - Boolean $ssl_set_cert_paths = $puppetdb::params::ssl_set_cert_paths, - Stdlib::Absolutepath $ssl_cert_path = $puppetdb::params::ssl_cert_path, - Stdlib::Absolutepath $ssl_key_path = $puppetdb::params::ssl_key_path, - Stdlib::Absolutepath $ssl_key_pk8_path = $puppetdb::params::ssl_key_pk8_path, - Stdlib::Absolutepath $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path, - Boolean $ssl_deploy_certs = $puppetdb::params::ssl_deploy_certs, - Optional $ssl_key = $puppetdb::params::ssl_key, - Optional $ssl_cert = $puppetdb::params::ssl_cert, - Optional $ssl_ca_cert = $puppetdb::params::ssl_ca_cert, - Optional $ssl_protocols = $puppetdb::params::ssl_protocols, - Boolean $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, - Optional $cipher_suites = $puppetdb::params::cipher_suites, - Boolean $migrate = $puppetdb::params::migrate, - Stdlib::Host $database_host = $puppetdb::params::database_host, - Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port, - String[1] $database_username = $puppetdb::params::database_username, - Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, - String[1] $database_name = $puppetdb::params::database_name, - Boolean $manage_db_password = $puppetdb::params::manage_db_password, - Variant[String, Boolean] $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, - Boolean $database_validate = $puppetdb::params::database_validate, - Pattern[/\A[0-9dhms]+\Z/] $node_ttl = $puppetdb::params::node_ttl, - Pattern[/\A[0-9dhms]+\Z/] $node_purge_ttl = $puppetdb::params::node_purge_ttl, - Pattern[/\A[0-9dhms]+\Z/] $report_ttl = $puppetdb::params::report_ttl, - Optional[Array] $facts_blacklist = $puppetdb::params::facts_blacklist, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $gc_interval = $puppetdb::params::gc_interval, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $node_purge_gc_batch_limit = $puppetdb::params::node_purge_gc_batch_limit, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_max_age = $puppetdb::params::conn_max_age, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_lifetime = $puppetdb::params::conn_lifetime, - String[1] $puppetdb_package = $puppetdb::params::puppetdb_package, - String[1] $puppetdb_service = $puppetdb::params::puppetdb_service, - Enum['running', 'true', 'stopped', 'false'] $puppetdb_service_status = $puppetdb::params::puppetdb_service_status, - String[1] $puppetdb_user = $puppetdb::params::puppetdb_user, - String[1] $puppetdb_group = $puppetdb::params::puppetdb_group, - Optional[Stdlib::Host] $read_database_host = $puppetdb::params::read_database_host, - Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $read_database_port = $puppetdb::params::read_database_port, - String[1] $read_database_username = $puppetdb::params::read_database_username, - Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, - String[1] $read_database_name = $puppetdb::params::read_database_name, - Boolean $manage_read_db_password = $puppetdb::params::manage_read_db_password, - String $read_database_jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties, - Boolean $read_database_validate = $puppetdb::params::read_database_validate, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $read_conn_max_age = $puppetdb::params::read_conn_max_age, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $read_conn_lifetime = $puppetdb::params::read_conn_lifetime, - Stdlib::Absolutepath $confdir = $puppetdb::params::confdir, - Stdlib::Absolutepath $vardir = $puppetdb::params::vardir, - Boolean $manage_firewall = $puppetdb::params::manage_firewall, - Boolean $manage_database = $puppetdb::params::manage_database, - Hash $java_args = $puppetdb::params::java_args, - Boolean $merge_default_java_args = $puppetdb::params::merge_default_java_args, - Optional[Integer] $max_threads = $puppetdb::params::max_threads, - Optional[Integer] $command_threads = $puppetdb::params::command_threads, - Optional[Integer] $concurrent_writes = $puppetdb::params::concurrent_writes, - Optional[Integer] $store_usage = $puppetdb::params::store_usage, - Optional[Integer] $temp_usage = $puppetdb::params::temp_usage, - Optional[Boolean] $disable_update_checking = $puppetdb::params::disable_update_checking, - Stdlib::Absolutepath $certificate_whitelist_file = $puppetdb::params::certificate_whitelist_file, - Array $certificate_whitelist = $puppetdb::params::certificate_whitelist, - Optional[Variant[Integer, Enum['absent'], Pattern[/\A[0-9]+\Z/]]] $database_max_pool_size = $puppetdb::params::database_max_pool_size, - Optional[Variant[Integer, Enum['absent'], Pattern[/\A[0-9]+\Z/]]] $read_database_max_pool_size = $puppetdb::params::read_database_max_pool_size, - Boolean $automatic_dlo_cleanup = $puppetdb::params::automatic_dlo_cleanup, - String[1] $cleanup_timer_interval = $puppetdb::params::cleanup_timer_interval, - Integer[1] $dlo_max_age = $puppetdb::params::dlo_max_age, - Optional[Stdlib::Absolutepath] $java_bin = $puppetdb::params::java_bin, + Stdlib::Host $listen_address = $puppetdb::params::listen_address, + Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $listen_port = $puppetdb::params::listen_port, + Boolean $disable_cleartext = $puppetdb::params::disable_cleartext, + Boolean $open_listen_port = $puppetdb::params::open_listen_port, + Stdlib::Host $ssl_listen_address = $puppetdb::params::ssl_listen_address, + Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $ssl_listen_port = $puppetdb::params::ssl_listen_port, + Boolean $disable_ssl = $puppetdb::params::disable_ssl, + Optional[Boolean] $open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port, + Stdlib::Absolutepath $ssl_dir = $puppetdb::params::ssl_dir, + Boolean $ssl_set_cert_paths = $puppetdb::params::ssl_set_cert_paths, + Stdlib::Absolutepath $ssl_cert_path = $puppetdb::params::ssl_cert_path, + Stdlib::Absolutepath $ssl_key_path = $puppetdb::params::ssl_key_path, + Stdlib::Absolutepath $ssl_key_pk8_path = $puppetdb::params::ssl_key_pk8_path, + Stdlib::Absolutepath $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path, + Boolean $ssl_deploy_certs = $puppetdb::params::ssl_deploy_certs, + Optional[String[1]] $ssl_key = $puppetdb::params::ssl_key, + Optional[String[1]] $ssl_cert = $puppetdb::params::ssl_cert, + Optional[String[1]] $ssl_ca_cert = $puppetdb::params::ssl_ca_cert, + Optional[String[1]] $ssl_protocols = $puppetdb::params::ssl_protocols, + Boolean $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, + Optional[String[1]] $cipher_suites = $puppetdb::params::cipher_suites, + Boolean $migrate = $puppetdb::params::migrate, + Stdlib::Host $database_host = $puppetdb::params::database_host, + Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port, + String[1] $database_username = $puppetdb::params::database_username, + Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, + String[1] $database_name = $puppetdb::params::database_name, + Boolean $manage_db_password = $puppetdb::params::manage_db_password, + Variant[String[0], Boolean[false]] $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, + Boolean $database_validate = $puppetdb::params::database_validate, + Pattern[/\A[0-9dhms]+\Z/] $node_ttl = $puppetdb::params::node_ttl, + Pattern[/\A[0-9dhms]+\Z/] $node_purge_ttl = $puppetdb::params::node_purge_ttl, + Pattern[/\A[0-9dhms]+\Z/] $report_ttl = $puppetdb::params::report_ttl, + Optional[Array] $facts_blacklist = $puppetdb::params::facts_blacklist, + Variant[Integer[0], Pattern[/\A[0-9]+\Z/]] $gc_interval = $puppetdb::params::gc_interval, + Variant[Integer[0], Pattern[/\A[0-9]+\Z/]] $node_purge_gc_batch_limit = $puppetdb::params::node_purge_gc_batch_limit, + Variant[Integer[0], Pattern[/\A[0-9]+\Z/]] $conn_max_age = $puppetdb::params::conn_max_age, + Variant[Integer[0], Pattern[/\A[0-9]+\Z/]] $conn_lifetime = $puppetdb::params::conn_lifetime, + String[1] $puppetdb_package = $puppetdb::params::puppetdb_package, + String[1] $puppetdb_service = $puppetdb::params::puppetdb_service, + Enum['running', 'true', 'stopped', 'false'] $puppetdb_service_status = $puppetdb::params::puppetdb_service_status, + String[1] $puppetdb_user = $puppetdb::params::puppetdb_user, + String[1] $puppetdb_group = $puppetdb::params::puppetdb_group, + Optional[Stdlib::Host] $read_database_host = $puppetdb::params::read_database_host, + Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $read_database_port = $puppetdb::params::read_database_port, + String[1] $read_database_username = $puppetdb::params::read_database_username, + Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, + String[1] $read_database_name = $puppetdb::params::read_database_name, + Boolean $manage_read_db_password = $puppetdb::params::manage_read_db_password, + Variant[String[0], Boolean[false]] $read_database_jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties, + Boolean $read_database_validate = $puppetdb::params::read_database_validate, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $read_conn_max_age = $puppetdb::params::read_conn_max_age, + Variant[Integer, Pattern[/\A[0-9]+\Z/]] $read_conn_lifetime = $puppetdb::params::read_conn_lifetime, + Stdlib::Absolutepath $confdir = $puppetdb::params::confdir, + Stdlib::Absolutepath $vardir = $puppetdb::params::vardir, + Boolean $manage_firewall = $puppetdb::params::manage_firewall, + Boolean $manage_database = $puppetdb::params::manage_database, + Hash $java_args = $puppetdb::params::java_args, + Boolean $merge_default_java_args = $puppetdb::params::merge_default_java_args, + Optional[Integer[0]] $max_threads = $puppetdb::params::max_threads, + Optional[Integer[0]] $command_threads = $puppetdb::params::command_threads, + Optional[Integer[0]] $concurrent_writes = $puppetdb::params::concurrent_writes, + Optional[Integer[0]] $store_usage = $puppetdb::params::store_usage, + Optional[Integer[0]] $temp_usage = $puppetdb::params::temp_usage, + Optional[Boolean] $disable_update_checking = $puppetdb::params::disable_update_checking, + Stdlib::Absolutepath $certificate_whitelist_file = $puppetdb::params::certificate_whitelist_file, + Array $certificate_whitelist = $puppetdb::params::certificate_whitelist, + Optional[Variant[Integer[0], Enum['absent'], Pattern[/\A[0-9]+\Z/]]] $database_max_pool_size = $puppetdb::params::database_max_pool_size, + Optional[Variant[Integer[0], Enum['absent'], Pattern[/\A[0-9]+\Z/]]] $read_database_max_pool_size = $puppetdb::params::read_database_max_pool_size, + Boolean $automatic_dlo_cleanup = $puppetdb::params::automatic_dlo_cleanup, + String[1] $cleanup_timer_interval = $puppetdb::params::cleanup_timer_interval, + Integer[1] $dlo_max_age = $puppetdb::params::dlo_max_age, + Optional[Stdlib::Absolutepath] $java_bin = $puppetdb::params::java_bin, ) inherits puppetdb::params { # Apply necessary suffix if zero is specified. # Can we drop this in the next major release? diff --git a/manifests/server/command_processing.pp b/manifests/server/command_processing.pp index 98116b57..8643dbf3 100644 --- a/manifests/server/command_processing.pp +++ b/manifests/server/command_processing.pp @@ -3,10 +3,10 @@ # @api private class puppetdb::server::command_processing ( Stdlib::Absolutepath $confdir = $puppetdb::params::confdir, - Optional[Integer] $command_threads = $puppetdb::params::command_threads, - Optional[Integer] $concurrent_writes = $puppetdb::params::concurrent_writes, - Optional[Integer] $store_usage = $puppetdb::params::store_usage, - Optional[Integer] $temp_usage = $puppetdb::params::temp_usage, + Optional[Integer[0]] $command_threads = $puppetdb::params::command_threads, + Optional[Integer[0]] $concurrent_writes = $puppetdb::params::concurrent_writes, + Optional[Integer[0]] $store_usage = $puppetdb::params::store_usage, + Optional[Integer[0]] $temp_usage = $puppetdb::params::temp_usage, ) inherits puppetdb::params { $config_ini = "${confdir}/config.ini" diff --git a/manifests/server/database.pp b/manifests/server/database.pp index ea58fb7d..dab941ec 100644 --- a/manifests/server/database.pp +++ b/manifests/server/database.pp @@ -2,30 +2,30 @@ # # @api private class puppetdb::server::database ( - Stdlib::Host $database_host = $puppetdb::params::database_host, - Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port, - String[1] $database_username = $puppetdb::params::database_username, - Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, - String[1] $database_name = $puppetdb::params::database_name, - Boolean $manage_db_password = $puppetdb::params::manage_db_password, - Variant[String, Boolean] $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, - Boolean $database_validate = $puppetdb::params::database_validate, - Pattern[/\A[0-9dhms]+\Z/] $node_ttl = $puppetdb::params::node_ttl, - Pattern[/\A[0-9dhms]+\Z/] $node_purge_ttl = $puppetdb::params::node_purge_ttl, - Pattern[/\A[0-9dhms]+\Z/] $report_ttl = $puppetdb::params::report_ttl, - Optional[Array] $facts_blacklist = $puppetdb::params::facts_blacklist, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $gc_interval = $puppetdb::params::gc_interval, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $node_purge_gc_batch_limit = $puppetdb::params::node_purge_gc_batch_limit, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_max_age = $puppetdb::params::conn_max_age, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_lifetime = $puppetdb::params::conn_lifetime, - Stdlib::Absolutepath $confdir = $puppetdb::params::confdir, - String[1] $puppetdb_group = $puppetdb::params::puppetdb_group, - Optional[Variant[Integer, Enum['absent'], Pattern[/\A[0-9]+\Z/]]] $database_max_pool_size = $puppetdb::params::database_max_pool_size, - Boolean $migrate = $puppetdb::params::migrate, - Boolean $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, - Stdlib::Absolutepath $ssl_cert_path = $puppetdb::params::ssl_cert_path, - Stdlib::Absolutepath $ssl_key_pk8_path = $puppetdb::params::ssl_key_pk8_path, - Stdlib::Absolutepath $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path + Stdlib::Host $database_host = $puppetdb::params::database_host, + Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port, + String[1] $database_username = $puppetdb::params::database_username, + Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, + String[1] $database_name = $puppetdb::params::database_name, + Boolean $manage_db_password = $puppetdb::params::manage_db_password, + Variant[String[0], Boolean[false]] $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, + Boolean $database_validate = $puppetdb::params::database_validate, + Pattern[/\A[0-9dhms]+\Z/] $node_ttl = $puppetdb::params::node_ttl, + Pattern[/\A[0-9dhms]+\Z/] $node_purge_ttl = $puppetdb::params::node_purge_ttl, + Pattern[/\A[0-9dhms]+\Z/] $report_ttl = $puppetdb::params::report_ttl, + Optional[Array] $facts_blacklist = $puppetdb::params::facts_blacklist, + Variant[Integer[0], Pattern[/\A[0-9]+\Z/]] $gc_interval = $puppetdb::params::gc_interval, + Variant[Integer[0], Pattern[/\A[0-9]+\Z/]] $node_purge_gc_batch_limit = $puppetdb::params::node_purge_gc_batch_limit, + Variant[Integer[0], Pattern[/\A[0-9]+\Z/]] $conn_max_age = $puppetdb::params::conn_max_age, + Variant[Integer[0], Pattern[/\A[0-9]+\Z/]] $conn_lifetime = $puppetdb::params::conn_lifetime, + Stdlib::Absolutepath $confdir = $puppetdb::params::confdir, + String[1] $puppetdb_group = $puppetdb::params::puppetdb_group, + Optional[Variant[Integer[0], Enum['absent'], Pattern[/\A[0-9]+\Z/]]] $database_max_pool_size = $puppetdb::params::database_max_pool_size, + Boolean $migrate = $puppetdb::params::migrate, + Boolean $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, + Stdlib::Absolutepath $ssl_cert_path = $puppetdb::params::ssl_cert_path, + Stdlib::Absolutepath $ssl_key_pk8_path = $puppetdb::params::ssl_key_pk8_path, + Stdlib::Absolutepath $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path ) inherits puppetdb::params { if str2bool($database_validate) { # Validate the database connection. If we can't connect, we want to fail diff --git a/manifests/server/jetty.pp b/manifests/server/jetty.pp index b81d0fbc..b1e5a856 100644 --- a/manifests/server/jetty.pp +++ b/manifests/server/jetty.pp @@ -12,10 +12,10 @@ Stdlib::Absolutepath $ssl_cert_path = $puppetdb::params::ssl_cert_path, Stdlib::Absolutepath $ssl_key_path = $puppetdb::params::ssl_key_path, Stdlib::Absolutepath $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path, - Optional[String] $ssl_protocols = $puppetdb::params::ssl_protocols, - Optional[String] $cipher_suites = $puppetdb::params::cipher_suites, + Optional[String[1]] $ssl_protocols = $puppetdb::params::ssl_protocols, + Optional[String[1]] $cipher_suites = $puppetdb::params::cipher_suites, Stdlib::Absolutepath $confdir = $puppetdb::params::confdir, - Optional[Integer] $max_threads = $puppetdb::params::max_threads, + Optional[Integer[0]] $max_threads = $puppetdb::params::max_threads, String[1] $puppetdb_group = $puppetdb::params::puppetdb_group, ) inherits puppetdb::params { $jetty_ini = "${confdir}/jetty.ini" diff --git a/manifests/server/read_database.pp b/manifests/server/read_database.pp index 748100fe..999fe061 100644 --- a/manifests/server/read_database.pp +++ b/manifests/server/read_database.pp @@ -2,23 +2,23 @@ # # @api private class puppetdb::server::read_database ( - Optional[Stdlib::Host] $read_database_host = $puppetdb::params::read_database_host, - Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $read_database_port = $puppetdb::params::read_database_port, - String[1] $read_database_username = $puppetdb::params::read_database_username, - Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, - String[1] $read_database_name = $puppetdb::params::read_database_name, - Boolean $manage_db_password = $puppetdb::params::manage_read_db_password, - Variant[String, Boolean] $jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties, - Boolean $database_validate = $puppetdb::params::read_database_validate, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_max_age = $puppetdb::params::read_conn_max_age, - Variant[Integer, Pattern[/\A[0-9]+\Z/]] $conn_lifetime = $puppetdb::params::read_conn_lifetime, - Stdlib::Absolutepath $confdir = $puppetdb::params::confdir, - String[1] $puppetdb_group = $puppetdb::params::puppetdb_group, - Optional[Variant[Integer, Enum['absent'], Pattern[/\A[0-9]+\Z/]]] $database_max_pool_size = $puppetdb::params::read_database_max_pool_size, - Boolean $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, - Stdlib::Absolutepath $ssl_cert_path = $puppetdb::params::ssl_cert_path, - Stdlib::Absolutepath $ssl_key_pk8_path = $puppetdb::params::ssl_key_pk8_path, - Stdlib::Absolutepath $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path + Optional[Stdlib::Host] $read_database_host = $puppetdb::params::read_database_host, + Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $read_database_port = $puppetdb::params::read_database_port, + String[1] $read_database_username = $puppetdb::params::read_database_username, + Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, + String[1] $read_database_name = $puppetdb::params::read_database_name, + Boolean $manage_db_password = $puppetdb::params::manage_read_db_password, + Variant[String[0], Boolean[false]] $jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties, + Boolean $database_validate = $puppetdb::params::read_database_validate, + Variant[Integer[0], Pattern[/\A[0-9]+\Z/]] $conn_max_age = $puppetdb::params::read_conn_max_age, + Variant[Integer[0], Pattern[/\A[0-9]+\Z/]] $conn_lifetime = $puppetdb::params::read_conn_lifetime, + Stdlib::Absolutepath $confdir = $puppetdb::params::confdir, + String[1] $puppetdb_group = $puppetdb::params::puppetdb_group, + Optional[Variant[Integer[0], Enum['absent'], Pattern[/\A[0-9]+\Z/]]] $database_max_pool_size = $puppetdb::params::read_database_max_pool_size, + Boolean $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, + Stdlib::Absolutepath $ssl_cert_path = $puppetdb::params::ssl_cert_path, + Stdlib::Absolutepath $ssl_key_pk8_path = $puppetdb::params::ssl_key_pk8_path, + Stdlib::Absolutepath $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path ) inherits puppetdb::params { if $read_database_host != undef { if str2bool($database_validate) { diff --git a/manifests/server/validate_db.pp b/manifests/server/validate_db.pp index 2741035a..466511ec 100644 --- a/manifests/server/validate_db.pp +++ b/manifests/server/validate_db.pp @@ -7,7 +7,7 @@ String[1] $database_username = $puppetdb::params::database_username, Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, String[1] $database_name = $puppetdb::params::database_name, - Variant[String, Boolean] $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, + Variant[String[0], Boolean[false]] $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, ) inherits puppetdb::params { if ($database_password != undef and $jdbc_ssl_properties == false) { postgresql_conn_validator { 'validate puppetdb postgres connection': diff --git a/manifests/server/validate_read_db.pp b/manifests/server/validate_read_db.pp index acdeba21..ef54e7cc 100644 --- a/manifests/server/validate_read_db.pp +++ b/manifests/server/validate_read_db.pp @@ -7,7 +7,7 @@ String[1] $database_username = $puppetdb::params::database_username, Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, String[1] $database_name = $puppetdb::params::database_name, - Variant[String, Boolean] $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, + Variant[String[0], Boolean[false]] $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, ) inherits puppetdb::params { if ($database_password != undef and $jdbc_ssl_properties == false) { postgresql_conn_validator { 'validate puppetdb postgres (read) connection': From bb980c1159e23a00214f0dad4de28e408c1e0f95 Mon Sep 17 00:00:00 2001 From: Mitchell Chambers Date: Mon, 1 Jul 2024 11:43:50 +1000 Subject: [PATCH 31/32] set open_ssl_port to default false instead of undef --- manifests/init.pp | 2 +- manifests/params.pp | 2 +- manifests/server.pp | 2 +- manifests/server/firewall.pp | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index f73625f5..35e9aafa 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -353,7 +353,7 @@ Stdlib::Host $ssl_listen_address = $puppetdb::params::ssl_listen_address, Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $ssl_listen_port = $puppetdb::params::ssl_listen_port, Boolean $disable_ssl = $puppetdb::params::disable_ssl, - Optional[Boolean] $open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port, + Boolean $open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port, Stdlib::Absolutepath $ssl_dir = $puppetdb::params::ssl_dir, Boolean $ssl_set_cert_paths = $puppetdb::params::ssl_set_cert_paths, Stdlib::Absolutepath $ssl_cert_path = $puppetdb::params::ssl_cert_path, diff --git a/manifests/params.pp b/manifests/params.pp index 5f19dfd0..d0cc271f 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -11,7 +11,7 @@ $ssl_protocols = undef $disable_ssl = false $cipher_suites = undef - $open_ssl_listen_port = undef + $open_ssl_listen_port = false $postgres_listen_addresses = 'localhost' $puppetdb_version = $puppetdb::globals::version diff --git a/manifests/server.pp b/manifests/server.pp index f2d28af2..877b65f8 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -318,7 +318,7 @@ Stdlib::Host $ssl_listen_address = $puppetdb::params::ssl_listen_address, Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $ssl_listen_port = $puppetdb::params::ssl_listen_port, Boolean $disable_ssl = $puppetdb::params::disable_ssl, - Optional[Boolean] $open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port, + Boolean $open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port, Stdlib::Absolutepath $ssl_dir = $puppetdb::params::ssl_dir, Boolean $ssl_set_cert_paths = $puppetdb::params::ssl_set_cert_paths, Stdlib::Absolutepath $ssl_cert_path = $puppetdb::params::ssl_cert_path, diff --git a/manifests/server/firewall.pp b/manifests/server/firewall.pp index d0008bf7..982452e8 100644 --- a/manifests/server/firewall.pp +++ b/manifests/server/firewall.pp @@ -5,7 +5,7 @@ Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $http_port = $puppetdb::params::listen_port, Boolean $open_http_port = $puppetdb::params::open_listen_port, Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $ssl_port = $puppetdb::params::ssl_listen_port, - Optional[Boolean] $open_ssl_port = $puppetdb::params::open_ssl_listen_port, + Boolean $open_ssl_port = $puppetdb::params::open_ssl_listen_port, ) inherits puppetdb::params { include firewall From afecff89818151de92dde986dfef250b062b082c Mon Sep 17 00:00:00 2001 From: Mitchell Chambers Date: Mon, 1 Jul 2024 13:55:11 +1000 Subject: [PATCH 32/32] set open_ssl_port to false instead of nil for unit test shared examples --- spec/support/unit/shared/server.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/support/unit/shared/server.rb b/spec/support/unit/shared/server.rb index d15b4986..58db4509 100644 --- a/spec/support/unit/shared/server.rb +++ b/spec/support/unit/shared/server.rb @@ -6,7 +6,7 @@ http_port: '8080', open_http_port: false, ssl_port: '8081', - open_ssl_port: nil, + open_ssl_port: false, } end