diff --git a/CHANGELOG b/CHANGELOG index 51f0324..6650ef2 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +* Wed Jul 03 2024 Steven Pritchard - 7.7.2 +- Clean up legacy fact usage to support puppet 8 + * Wed Jan 17 2024 Richard Gardner - 7.7.1 - Updated hiera.yaml facts to support puppet 8 diff --git a/README.md b/README.md index 5eaa4dd..a186b00 100644 --- a/README.md +++ b/README.md @@ -8,18 +8,26 @@ #### Table of Contents -1. [Module Description - What the module does and why it is useful](#module-description) -2. [Setup - The basics of getting started with Krb5](#setup) - * [What Krb5 affects](#what-krb5-affects) - * [Setup requirements](#setup-requirements) - * [Beginning with Krb5](#beginning-with-krb5) -3. [Usage - Configuration options and additional functionality](#usage) - * [Automatic Management](#automatically-manage-the-kdc-and-keytabs-on-clients) - * [Manual Configuration](#manual-configuration-and-expansion) -4. [Integration with SIMP NFS Module](#integration-with-simp-nfs-module) -5. [Limitations - OS compatibility, etc.](#limitations) -6. [Development - Guide for contributing to the module](#development) -7. [Acceptance Tests](#acceptance-tests) +- [Krb5](#krb5) + - [Table of Contents](#table-of-contents) + - [Module Description](#module-description) + - [Setup](#setup) + - [What krb5 affects](#what-krb5-affects) + - [Setup Requirements](#setup-requirements) + - [Beginning with krb5](#beginning-with-krb5) + - [Usage](#usage) + - [Automatically manage the KDC and keytabs on clients](#automatically-manage-the-kdc-and-keytabs-on-clients) + - [Keytab Propagation](#keytab-propagation) + - [Manual Configuration and Expansion](#manual-configuration-and-expansion) + - [Creating Admin Principals](#creating-admin-principals) + - [ACL Configuration](#acl-configuration) + - [Create Your Admin Principal](#create-your-admin-principal) + - [Creating Host Principals](#creating-host-principals) + - [Create Your Keytabs](#create-your-keytabs) + - [Integration with SIMP NFS Module](#integration-with-simp-nfs-module) + - [Limitations](#limitations) + - [Development](#development) + - [Acceptance tests](#acceptance-tests) ## Module Description @@ -163,8 +171,8 @@ is **probably** appropriate for your organization. ```ruby - krb5_acl{ "${::domain}_admin": - principal => "*/admin@${::domain}", + krb5_acl{ "${facts['networking']['domain']}_admin": + principal => "*/admin@${facts['networking']['domain']}", operation_mask => '*' } ``` diff --git a/REFERENCE.md b/REFERENCE.md index 717cdec..78d0414 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -1487,7 +1487,7 @@ Default value: `true` The realms under which the hosts should be generated -Default value: `Facter.value(:domain)` +Default value: `Facter.value(:networking)['domain']` ##### `user` diff --git a/lib/puppet/type/krb5kdc_auto_keytabs.rb b/lib/puppet/type/krb5kdc_auto_keytabs.rb index c3d4cad..f8cece4 100644 --- a/lib/puppet/type/krb5kdc_auto_keytabs.rb +++ b/lib/puppet/type/krb5kdc_auto_keytabs.rb @@ -150,7 +150,7 @@ The realms under which the hosts should be generated DESC - defaultto(Facter.value(:domain)) + defaultto(Facter.value(:networking)['domain']) validate do |value| unless (value.is_a?(String) || value.is_a?(Array)) || Array(value).count { |x| !x.is_a?(String) }.zero? diff --git a/metadata.json b/metadata.json index 09581d8..6f9f9d3 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "simp-krb5", - "version": "7.7.1", + "version": "7.7.2", "author": "SIMP Team", "summary": "Puppet management of the MIT kerberos stack", "license": "Apache-2.0", diff --git a/spec/classes/client_spec.rb b/spec/classes/client_spec.rb index e025355..bea7a8b 100644 --- a/spec/classes/client_spec.rb +++ b/spec/classes/client_spec.rb @@ -21,7 +21,7 @@ it_behaves_like 'common config' # Based on the Hiera default.yaml - it { is_expected.to create_krb5__setting__realm(facts[:domain]).with_admin_server(facts[:fqdn]) } + it { is_expected.to create_krb5__setting__realm(facts[:networking][:domain]).with_admin_server(facts[:networking][:fqdn]) } end context 'with krb5::kdc declared' do @@ -32,7 +32,7 @@ it_behaves_like 'common config' # Based on the Hiera default.yaml - it { is_expected.to create_krb5__setting__realm(facts[:domain]).with_admin_server(facts[:fqdn]) } + it { is_expected.to create_krb5__setting__realm(facts[:networking][:domain]).with_admin_server(facts[:networking][:fqdn]) } end context 'when passed a custom set of realms' do @@ -53,7 +53,7 @@ it_behaves_like 'common config' # Based on the Hiera default.yaml - it { is_expected.not_to create_krb5__setting__realm(facts[:domain]).with_admin_server(facts[:fqdn]) } + it { is_expected.not_to create_krb5__setting__realm(facts[:networking][:domain]).with_admin_server(facts[:networking][:fqdn]) } it { is_expected.to create_krb5__setting__realm('realm.one').with_admin_server('admin.server.one') } diff --git a/spec/classes/kdc_spec.rb b/spec/classes/kdc_spec.rb index c05abe4..6c8465f 100644 --- a/spec/classes/kdc_spec.rb +++ b/spec/classes/kdc_spec.rb @@ -9,8 +9,8 @@ it { is_expected.to create_class('krb5::kdc::install') } it { is_expected.to create_class('krb5::kdc::config') } it { is_expected.to create_class('krb5::kdc::service') } - it { is_expected.to create_krb5__kdc__realm(facts[:domain]) } - it { is_expected.to create_krb5__setting__realm(facts[:domain]) } + it { is_expected.to create_krb5__kdc__realm(facts[:networking][:domain]) } + it { is_expected.to create_krb5__setting__realm(facts[:networking][:domain]) } it { is_expected.to contain_class('krb5::kdc::auto_keytabs') } it_behaves_like 'auto_keytab' @@ -31,7 +31,7 @@ end shared_examples_for 'auto_keytab' do - it { is_expected.to create_krb5kdc_auto_keytabs('__default__').with(:realms => facts[:domain]) } + it { is_expected.to create_krb5kdc_auto_keytabs('__default__').with(:realms => facts[:networking][:domain]) } end shared_examples_for 'selinux hotfix' do @@ -62,7 +62,7 @@ it { is_expected.not_to contain_package('krb5-server-ldap') } it { is_expected.not_to contain_class('krb5::kdc::firewall') } - if os_facts[:selinux] + unless os_facts.dig(:os, 'selinux').nil? it { is_expected.to contain_class('krb5::kdc::selinux_hotfix') } end end @@ -71,7 +71,7 @@ let(:params) { { :firewall => true, :haveged => true, :ldap => true } } it_behaves_like 'common kdc config' - if os_facts[:selinux] + unless os_facts.dig(:os, 'selinux').nil? it_behaves_like 'selinux hotfix' end it { is_expected.to contain_class('haveged') } @@ -87,7 +87,7 @@ end it_behaves_like 'common kdc config' - if os_facts[:selinux] + unless os_facts.dig(:os, 'selinux').nil? it_behaves_like 'selinux hotfix' end end diff --git a/spec/defines/setting/realm_spec.rb b/spec/defines/setting/realm_spec.rb index e762934..c69f3fb 100644 --- a/spec/defines/setting/realm_spec.rb +++ b/spec/defines/setting/realm_spec.rb @@ -18,7 +18,7 @@ let(:params) do { - :admin_server => facts[:hostname] + :admin_server => facts[:networking][:hostname] } end diff --git a/spec/fixtures/hieradata/default.yaml b/spec/fixtures/hieradata/default.yaml index a977e81..ab86ad3 100644 --- a/spec/fixtures/hieradata/default.yaml +++ b/spec/fixtures/hieradata/default.yaml @@ -1,4 +1,4 @@ --- -simp_options::puppet::server: "%{facts.fqdn}" +simp_options::puppet::server: "%{facts.networking.fqdn}" simp_options::trusted_nets: - '1.2.3.4/32'