-
Notifications
You must be signed in to change notification settings - Fork 136
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add certbot-dns-ovh plugin support #195
Open
aellert
wants to merge
91
commits into
voxpupuli:master
Choose a base branch
from
aellert:master
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from 9 commits
Commits
Show all changes
91 commits
Select commit
Hold shift + click to select a range
5fa826a
enable acceptance with debian10
Dan33l accaa4b
:tada: Add certbot-dns-ovh plugin support
aellert 1175fcc
format using puppet-strings style
aellert 6858d7b
Remove hardcoded dns-ovh.ini file name (replace $config_dir by $confi…
aellert ebafaaf
:white_check_mark: Add tests for dns-ovh plugin
aellert 584f525
:books: Add dns-ovh documentation
aellert 837a6c9
:bug: Fix syntax error
aellert dec410b
:books: Add warning about Debian based distros compatibility
aellert 4f72803
:bug: Fix version compared as number
aellert a496736
:bug: Fix Travis CI warnings
aellert 780ebec
limit tests with puppet6 on debian10
Dan33l de788f5
Merge pull request #194 from Dan33l/acceptance_debian10
bastelfreak c81c410
fix modulesync config file
bastelfreak 7b809d3
Merge pull request #201 from bastelfreak/bugfix
bastelfreak ab69094
Raise upper bound version of stdlib & vcsrepo
mfaure 4a687e2
Merge pull request #202 from mfaure/Raise_upper_bound_dependencies_ve…
ekohl d974790
use puppet strings
Dan33l faf8f9a
Merge pull request #204 from Dan33l/puppet-strings
bastelfreak 4a7ff77
use ACME API v2
Dan33l c3a43cb
Merge pull request #206 from Dan33l/defaults_to_apiv2
Dan33l 7b295cf
remove params.pp
Dan33l 07e1d55
fix Datatype for package_name
bastelfreak 2a3fe69
fix package_name entry in hiera for Debian family
bastelfreak d57a798
fix datatype for configure_epel
bastelfreak d48ccbb
mock facts in rspec tests
bastelfreak c3f53e2
update REFERENCE.md
Dan33l 8fd5300
update hierarchy and update plugin dns_rfc2136 tests
Dan33l c8f9f60
Merge pull request #205 from Dan33l/params_pp
Dan33l dcb0a12
update version shiped with vcs method to 0.39.0
Dan33l 1b09d8e
Merge pull request #207 from Dan33l/update_vcs_shiped_version
Dan33l 70e097f
release 5.0.0
Dan33l 6488357
Merge pull request #208 from Dan33l/release_5.0.0
Dan33l 9705a11
[blacksmith] Bump version to 5.0.1-rc0
Dan33l 6f0faca
allow puppetlabs/inifile 4.x
bastelfreak ef86ad2
Merge pull request #210 from bastelfreak/inifile
igalic d7392da
add --keep-until-expiring closer to letsencrypt command in cron
pulecp 3e4f86e
Merge pull request #211 from pulecp/master
Dan33l d4ed5a8
modulesync 2.9.0
dhoppe 4b2842d
Fix build jobs for Debian 10
dhoppe a51b3b1
Remove obsolete check
dhoppe 53b8ae3
Fix Travis CI pipeline
dhoppe 5976b4e
modulesync 2.10.0
bastelfreak b996e6c
drop FreeBSD 10 / Add FreeBSD 12
bastelfreak da899e0
fix facter version for local Puppet 6 tests
bastelfreak 55c4ab4
pin facterdb to get latest fedora fact sets
bastelfreak d9d7e94
Merge pull request #213 from voxpupuli/modulesync
bastelfreak 56b636f
delete legacy travis directory
bastelfreak e6ba89b
Merge pull request #214 from bastelfreak/travis
bastelfreak ec0d0f5
Allow setting parameters on the OS level
ekohl cbf92e3
Add Fedora 31, drop Fedora 29
ekohl ba8fff9
Ensure EPEL is configured before installing plugin
alexjfisher 7519fc6
Merge pull request #222 from alexjfisher/missing_dependency
alexjfisher 1ba9341
stahnma-epel has been transfered to voxpupuli
kallies eccdbe3
Merge pull request #221 from kallies/218_add_puppet-epel
alexjfisher eaa8050
allow to override --cert-name
saimonn a29bb84
Merge pull request #216 from ekohl/fedora
ekohl 77fba52
modulesync 2.12.0
bastelfreak 9ce7c89
Merge pull request #223 from voxpupuli/modulesync
bastelfreak 4834332
Use voxpupuli-acceptance
ekohl aeffa57
Merge pull request #224 from voxpupuli/rewrite-acceptance-tests
bastelfreak e4edf1d
add manifest to install dns-route53 plugin, along with tests
aripringle 76b300a
Merge pull request #225 from aripringle/install-route53-plugin
ekohl 3d3d62b
fix typo in renew example
milesstoetzner c16fe95
Merge pull request #228 from milesstoetzner/patch-1
ekohl c18cac1
modulesync 3.0.0
bastelfreak eba8147
puppet-lint: autofix
bastelfreak f9e346e
Merge pull request #229 from voxpupuli/modulesync
bastelfreak fe14295
release 6.0.0
msalway e12fb11
Merge pull request #233 from msalway/release_6.0.0
alexjfisher 6cde54f
[blacksmith] Bump version to 6.0.1-rc0
alexjfisher 13fe0b7
modulesync 3.1.0
bastelfreak 5a6cb1a
Merge pull request #234 from voxpupuli/modulesync
bastelfreak ecffac4
:tada: Add certbot-dns-ovh plugin support
aellert e7ff0ed
format using puppet-strings style
aellert 201022d
Remove hardcoded dns-ovh.ini file name (replace $config_dir by $confi…
aellert d1afcca
:white_check_mark: Add tests for dns-ovh plugin
aellert f36088e
:books: Add dns-ovh documentation
aellert 02d6a82
:bug: Fix syntax error
aellert 1d204a0
:books: Add warning about Debian based distros compatibility
aellert cc40ee9
:bug: Fix version compared as number
aellert 42d82ec
:bug: Fix Travis CI warnings
aellert 67ae204
Fix merge conflicts
aellert 110473c
Fix merge conflicts
aellert 6f3ecf5
Fix merge conflicts
aellert 805f91d
Fix travis
aellert 2138e4f
Revert "Fix travis"
aellert 80466a5
Fix travis
aellert d23b242
Fix travis
aellert 4bc934b
Fix travis
aellert eea9eb5
Fix travis
aellert 62327f0
Fix travis
aellert File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change | ||
---|---|---|---|---|
@@ -0,0 +1,87 @@ | ||||
# @summary This class installs and configures the Let's Encrypt dns-ovh plugin. | ||||
# | ||||
# @example Basic usage | ||||
# class { 'letsencrypt::plugin::dns_ovh': | ||||
# endpoint => 'ovh-eu', | ||||
# application_key => 'MDAwMDAwMDAwMDAw', | ||||
# application_secret => 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw', | ||||
# consumer_key => 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw', | ||||
# } | ||||
# letsencrypt::certonly { 'foo': | ||||
# domains => ['foo.example.com', 'bar.example.com'], | ||||
# plugin => 'dns-ovh', | ||||
# } | ||||
# | ||||
# @see https://certbot-dns-ovh.readthedocs.io | ||||
# | ||||
# === Parameters: | ||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is no longer needed with puppet-strings.
Suggested change
|
||||
# | ||||
# @param endpoint | ||||
# Target OVH DNS endpoint. | ||||
# @param application_key | ||||
# OVH application key. | ||||
# @param application_secret | ||||
# DNS OVH application secret. | ||||
# @param consumer_key | ||||
# DNS OVH consumer key. | ||||
# @param propagation_seconds | ||||
# DNS OVH propagation seconds (default: 30s) | ||||
# @param manage_package | ||||
# Manage the plugin package. | ||||
# @param package_name | ||||
# The name of the package to install when $manage_package is true. | ||||
# @param config_file | ||||
# The name, with full abolute path, of the configuration file containing OVH credentials. | ||||
# | ||||
class letsencrypt::plugin::dns_ovh ( | ||||
Enum['ovh-eu', 'ovh-ca'] $endpoint, | ||||
String[1] $application_key, | ||||
String[1] $application_secret, | ||||
String[1] $consumer_key, | ||||
Integer $propagation_seconds = $letsencrypt::dns_ovh_propagation_seconds, | ||||
Boolean $manage_package = $letsencrypt::dns_ovh_manage_package, | ||||
String $package_name = $letsencrypt::dns_ovh_package_name, | ||||
Stdlib::Absolutepath $config_file = "${letsencrypt::config_dir}/dns-ovh.ini", | ||||
) { | ||||
|
||||
case $::operatingsystem { | ||||
'Debian': { | ||||
if versioncmp($::operatingsystemrelease, '10') < 0 { | ||||
fail("The dns-ovh plugin is not compatible with ${::operatingsystem} ${::operatingsystemrelease}. See README.") | ||||
} | ||||
} | ||||
'Ubuntu': { | ||||
if versioncmp($::operatingsystemrelease, '19') < 0 { | ||||
fail("The dns-ovh plugin is not compatible with ${::operatingsystem} ${::operatingsystemrelease}. See README.") | ||||
} | ||||
} | ||||
default: { | ||||
} | ||||
} | ||||
|
||||
if $manage_package { | ||||
package { $package_name: | ||||
ensure => installed, | ||||
} | ||||
} | ||||
|
||||
$ini_vars = { | ||||
dns_ovh_endpoint => $endpoint, | ||||
dns_ovh_application_key => $application_key, | ||||
dns_ovh_application_secret => $application_secret, | ||||
dns_ovh_consumer_key => $consumer_key, | ||||
dns_ovh_propagation_seconds => $propagation_seconds, | ||||
} | ||||
|
||||
file { $config_file: | ||||
ensure => file, | ||||
owner => 'root', | ||||
group => 'root', | ||||
mode => '0400', | ||||
content => epp('letsencrypt/ini.epp', { | ||||
vars => { '' => $ini_vars }, | ||||
}), | ||||
require => Class['letsencrypt'], | ||||
} | ||||
|
||||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
require 'spec_helper_acceptance' | ||
|
||
describe 'letsencrypt::plugin::dns_ovh' do | ||
supported = case fact('os.family') | ||
when 'Debian' | ||
# Debian started shipping in Buster, Ubuntu started shipping in Disco | ||
fact('os.release.major') != '10' && fact('os.release.major') != '19.04' | ||
when 'RedHat' | ||
true | ||
else | ||
false | ||
end | ||
|
||
context 'with defaults values' do | ||
pp = <<-PUPPET | ||
class { 'letsencrypt' : | ||
email => '[email protected]', | ||
config => { | ||
'server' => 'https://acme-staging.api.letsencrypt.org/directory', | ||
}, | ||
} | ||
class { 'letsencrypt::plugin::dns_ovh': | ||
endpoint => 'ovh-eu', | ||
application_key => 'MDAwMDAwMDAwMDAw', | ||
application_secret => 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw', | ||
consumer_key => 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw', | ||
} | ||
PUPPET | ||
|
||
if supported | ||
it 'installs letsencrypt and dns ovh plugin without error' do | ||
apply_manifest(pp, catch_failures: true) | ||
end | ||
it 'installs letsencrypt and dns ovh idempotently' do | ||
apply_manifest(pp, catch_changes: true) | ||
end | ||
|
||
describe file('/etc/letsencrypt/dns-ovh.ini') do | ||
it { is_expected.to be_file } | ||
it { is_expected.to be_owned_by 'root' } | ||
it { is_expected.to be_grouped_into 'root' } | ||
it { is_expected.to be_mode 400 } | ||
end | ||
else | ||
it 'fails to install' do | ||
apply_manifest(pp, expect_failures: true) | ||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
require 'spec_helper' | ||
|
||
describe 'letsencrypt::plugin::dns_ovh' do | ||
on_supported_os.each do |os, facts| | ||
context "on #{os} based operating systems" do | ||
let(:facts) { facts } | ||
let(:params) { {} } | ||
let(:pre_condition) do | ||
<<-PUPPET | ||
class { 'letsencrypt': | ||
email => '[email protected]', | ||
} | ||
PUPPET | ||
end | ||
let(:package_name) do | ||
case facts[:osfamily] | ||
when 'Debian' | ||
'python3-certbot-dns-ovh' | ||
when 'RedHat' | ||
facts[:operatingsystem] == 'Fedora' ? 'python3-certbot-dns-ovh' : 'python2-certbot-dns-ovh' | ||
end | ||
end | ||
|
||
context 'without required parameters' do | ||
it { is_expected.not_to compile } | ||
end | ||
|
||
context 'with required parameters' do | ||
let(:params) do | ||
super().merge( | ||
endpoint: 'ovh-eu', | ||
application_key: 'MDAwMDAwMDAwMDAw', | ||
application_secret: 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw', | ||
consumer_key: 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw' | ||
) | ||
end | ||
|
||
it do | ||
if package_name.nil? | ||
is_expected.not_to compile | ||
else | ||
is_expected.to compile.with_all_deps | ||
|
||
is_expected.to contain_file('/etc/letsencrypt/dns-ovh.ini'). | ||
with_ensure('file'). | ||
with_owner('root'). | ||
with_group('root'). | ||
with_mode('0400'). | ||
with_content(%r{^.*dns_ovh_endpoint.*$}) | ||
end | ||
end | ||
|
||
describe 'with manage_package => true' do | ||
let(:params) { super().merge(manage_package: true) } | ||
|
||
it do | ||
if package_name.nil? | ||
is_expected.not_to compile | ||
else | ||
is_expected.to contain_class('letsencrypt::plugin::dns_ovh').with_package_name(package_name) | ||
is_expected.to contain_package(package_name).with_ensure('installed') | ||
end | ||
end | ||
end | ||
|
||
describe 'with manage_package => false' do | ||
let(:params) { super().merge(manage_package: false, package_name: 'dns-ovh-package') } | ||
|
||
it { is_expected.not_to contain_package('dns-ovh-package') } | ||
end | ||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -126,6 +126,30 @@ class { 'letsencrypt::plugin::dns_rfc2136': | |
it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a dns-rfc2136 --cert-name 'foo.example.com' -d 'foo.example.com' --dns-rfc2136-credentials /etc/letsencrypt/dns-rfc2136.ini --dns-rfc2136-propagation-seconds 10" } | ||
end | ||
|
||
context 'with dns-ovh plugin' do | ||
let(:title) { 'foo.example.com' } | ||
let(:params) { { plugin: 'dns-ovh', letsencrypt_command: 'letsencrypt' } } | ||
let(:pre_condition) do | ||
<<-PUPPET | ||
class { 'letsencrypt': | ||
email => '[email protected]', | ||
config_dir => '/etc/letsencrypt', | ||
} | ||
class { 'letsencrypt::plugin::dns_ovh': | ||
endpoint => 'ovh-eu', | ||
application_key => 'MDAwMDAwMDAwMDAw', | ||
application_secret => 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw', | ||
consumer_key => 'MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw', | ||
package_name => 'irrelevant', | ||
} | ||
PUPPET | ||
end | ||
|
||
it { is_expected.to compile.with_all_deps } | ||
it { is_expected.to contain_class('letsencrypt::plugin::dns_ovh') } | ||
it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command "letsencrypt --text --agree-tos --non-interactive certonly --rsa-key-size 4096 -a dns-ovh --cert-name 'foo.example.com' -d 'foo.example.com' --dns-ovh-credentials /etc/letsencrypt/dns-ovh.ini --dns-ovh-propagation-seconds 30" } | ||
end | ||
|
||
context 'with custom plugin' do | ||
let(:title) { 'foo.example.com' } | ||
let(:params) { { plugin: 'apache' } } | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
type Letsencrypt::Plugin = Enum['apache', 'standalone', 'webroot', 'nginx', 'dns-route53', 'dns-google', 'dns-cloudflare', 'dns-rfc2136'] | ||
type Letsencrypt::Plugin = Enum['apache', 'standalone', 'webroot', 'nginx', 'dns-route53', 'dns-google', 'dns-cloudflare', 'dns-rfc2136', 'dns-ovh'] |
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is it not supported? If there are no packages, would it be better to set the package name to undef on those and add a check in the class that if
manage_package
is true, the package must be set?