Add support for the Certbot Gandi plugin #295
Conversation
data/FreeBSD-family.yaml
Outdated
| @@ -5,3 +5,4 @@ letsencrypt::cron_owner_group: 'wheel' | |||
| letsencrypt::plugin::dns_rfc2136::package_name: 'py38-certbot-dns-rfc2136' | |||
| letsencrypt::plugin::dns_route53::package_name: 'py38-certbot-dns-route53' | |||
| letsencrypt::plugin::dns_cloudflare::package_name: 'py38-certbot-dns-cloudflare' | |||
| letsencrypt::plugin::dns_gandi::package_name: 'certbot-plugin-gandi' | |||
There was a problem hiding this comment.
There are currently no FreeBSD port for this :-/
The name would probably be py38-certbot-dns-gandi if there was, and in fact py39-certbot-dns-gandi because the default version of Python changed recently on FreeBSD.
There was a problem hiding this comment.
I opened #296 to adjust the FreeBSD version.
There was a problem hiding this comment.
Do you think it's a good idea to install the package with pip? I'm not sure on how to install them on freebsd and centos. I will ask help to a colleague
There was a problem hiding this comment.
As a FreeBSD user, I would prefer to use a package rather installing using pip. Anybody can submit ports to FreeBSD, and they are ultimately available as packages. My guess is that if the port does not exist, nobody needed it so much they did a port for it, and maybe it is not worth it?
I would personally not set a package_name for FreeBSD in Hiera and make $letsencrypt::plugin::dns_gandi::package_name mandatory so that it fails hard if someone attempt to use it on FreeBSD.
data/os/Debian/11.yaml
Outdated
| @@ -0,0 +1,3 @@ | |||
| --- | |||
| letsencrypt::plugin::dns_gandi::package_provider: apt | |||
There was a problem hiding this comment.
Why do you need to set the package provider? That's rarely needed.
There was a problem hiding this comment.
You're right, I will remove it
manifests/plugin/dns_gandi.pp
Outdated
| if $package_provider { | ||
| package { $package_name: | ||
| ensure => installed, | ||
| provider => $package_provider, | ||
| } | ||
| } | ||
| else { | ||
| package { $package_name: | ||
| ensure => installed, | ||
| } | ||
| } |
There was a problem hiding this comment.
You can just pass undef along:
| if $package_provider { | |
| package { $package_name: | |
| ensure => installed, | |
| provider => $package_provider, | |
| } | |
| } | |
| else { | |
| package { $package_name: | |
| ensure => installed, | |
| } | |
| } | |
| package { $package_name: | |
| ensure => installed, | |
| provider => $package_provider, | |
| } |
manifests/plugin/dns_gandi.pp
Outdated
| if $api_key { | ||
| $ini_vars = { | ||
| 'certbot_plugin_gandi:dns_api_key' => $api_key, | ||
| } | ||
| } else { | ||
| fail('api_key not provided for certbot dns gandi plugin.') | ||
| } |
There was a problem hiding this comment.
The data type guarantees it's set
| if $api_key { | |
| $ini_vars = { | |
| 'certbot_plugin_gandi:dns_api_key' => $api_key, | |
| } | |
| } else { | |
| fail('api_key not provided for certbot dns gandi plugin.') | |
| } | |
| $ini_vars = { | |
| 'certbot_plugin_gandi:dns_api_key' => $api_key, | |
| } |
data/RedHat-family.yaml
Outdated
| @@ -3,3 +3,4 @@ letsencrypt::configure_epel: true | |||
| letsencrypt::plugin::dns_rfc2136::package_name: 'python3-certbot-dns-rfc2136' | |||
| letsencrypt::plugin::dns_route53::package_name: 'python3-certbot-dns-route53' | |||
| letsencrypt::plugin::dns_cloudflare::package_name: 'python3-certbot-dns-cloudflare' | |||
| letsencrypt::plugin::dns_gandi::package_name: 'certbot-plugin-gandi' | |||
|
@cible Is this ready for review? The pull request is currently marked as a draft. |
manifests/plugin/dns_gandi.pp
Outdated
| class letsencrypt::plugin::dns_gandi ( | ||
| String[1] $api_key, | ||
| String[1] $package_name, | ||
| Optional[String[1]] $package_provider = undef, |
There was a problem hiding this comment.
This is an unused parameter. Shouldn't it be passed to the package resource?
Co-authored-by: Ewoud Kohl van Wijngaarden <[email protected]>
|
|
||
| it do | ||
| if package_name.nil? | ||
| is_expected.not_to compile |
There was a problem hiding this comment.
A better way is to test for the error:
| is_expected.not_to compile | |
| is_expected.to compile.and_raise_error(/A Matcher For The Error/) |
| PUPPET | ||
| end | ||
|
|
||
| it { is_expected.not_to compile.with_all_deps } |
There was a problem hiding this comment.
Here too it's better to compile and test for a specific error
There was a problem hiding this comment.
For this one, the module won't work with an empty api_key and I don't know how to handle the error:
13) letsencrypt::certonly on fedora-36-x86_64 based operating systems with dns-gandi plugin without api_key is expected to fail to compile and raise an error matching /\/expects a value for parameter 'api_key'\//
Failure/Error: it { is_expected.to compile.and_raise_error(%r{/expects a value for parameter 'api_key'/}) }
error during compilation: Evaluation Error: Error while evaluating a Resource Statement, Class[Letsencrypt::Plugin::Dns_gandi]: expects a value for parameter 'api_key' (line: 6, column: 11
it { is_expected.to compile.and_raise_error(%r{/expects a value for parameter 'api_key'/}) } is not correct?
There was a problem hiding this comment.
The / is redundant. In Ruby you can define a regex as /my regex/ or %r{my regex} but %r{/my regex/} means you expect / in the output. This is useful if you want to test /var/lib is empty is in the error. Compare %r{/var/lib is empty} to /\/var\/lib is empty/.
Co-authored-by: Ewoud Kohl van Wijngaarden <[email protected]>
|
It seem ok for me. Sorry for being so slow and bad with ruby. Did I have to do something else? rebase? |
|
@cible yes, this needs a rebase. I think we can merge if afterwards 👍 |
kenyon
changed the title
Pull Request (PR) description
Adding feature support for the certbot-plugin-gandi created by @obynio
The plugin use the Production API key.
This Pull Request (PR) fixes the following issues
N/A