These few changes sprung up as a result of major changes in our
changelog generator usage. It no longer behaves as it previously did and,
therefore, there is no more need for this gem nor the tag option.
Since c0b8640fc6a7c3381877863960e02da3fa1fe640, we use the namespaced
version of `stdlib::ensure_packages`, which appeared in version 9.0.0 of
the stdlib module.
Ben Ford [Tue, 30 May 2023 21:30:00 +0000 (14:30 -0700)]
Update CODEOWNERS
Adding Trusted Contributors to the CODEOWNERS will allow them to meet our branch protection rules and merge pull requests. If you would rather keep that privilege for your own team, then you can decline this PR.
Kenyon Ralph [Sat, 22 Apr 2023 18:51:29 +0000 (11:51 -0700)]
(MODULES-10831) key is expired if all subkeys are expired
Previously, subkeys were not considered at all in the determination of
whether a key was expired. Now this looks at all of the subkeys, and if
they are all expired, considers the whole key expired.
Gavin Patton [Wed, 22 Mar 2023 06:22:27 +0000 (06:22 +0000)]
"This change pins the puppetlabs-puppet_agent module to v4.12.1. Previosuly the fixutre was configured to pull from main. Given the recent changes when moving towards puppet8 main is unsafe."
Prior to this commit, one of our updates (https://github.com/puppetlabs/puppetlabs-apt/pull/1052)
implemented a regex validation for ppa packages that were to be
installed. However, this validation did not account for resource
names that were dotted.
This commit aims to fix this bug in our validation process so that it
works as intended.
Paula Muir [Tue, 20 Dec 2022 11:54:57 +0000 (11:54 +0000)]
(bugfix) - Declare minimum Puppet version 6.24.0
In codebase hardening efforts the commands are passed as an array, but this feature was only introduced in Puppet 6.24.01. This raises the minimum version to match, since it's no longer possible to use the module on anything older.
jordanbreen28 [Thu, 13 Oct 2022 12:10:57 +0000 (13:10 +0100)]
(CONT-173) - Updating deprecated facter instances
Prior to this PR, this module contained instances of Facter::Util::Resolution.exec and Facter::Util::Resolution.which, which are deprecated.
This PR aims to replace these exec helpers with their supported Facter::Core::Execution counterparts.
This PR:
- Replaced all Facter::Util::Resolution instances with corresponding Facter::Core::Execution exec helpers
Fix rubucop linting error
This commit corrects an error identified by rubocop in spec testing.
Prior to this commit, ppa_spec.rb did not test the recently implemented
validation for resource names.
This commit aims to implement some test cases to make sure that valid
resource names are allowed while invalid or malicious resource names do
not work.
Prior to this commit, one of our recent module updates introduced a
regex validation step for the resource names in our ppa.pp manifest
which would raise an issue if a valid resource name contained a dot (.).
This commit aims to slightly adjust the regex validation so that it
allows for dotted resource names. This PR should fix issue #1057.
david22swan [Wed, 24 Aug 2022 10:59:05 +0000 (11:59 +0100)]
(GH-cat-9) Update module to match current syntax standard
Module is now in compliance with the following rules:
- optional_default
- strict_indent
- unquoted_string_in_case
- parameter_documentation
- relative_classname_inclusion
- no-top_scope_facts-check
- no-top_scope_variable-check
- variable_scope
The below exception has been left in place:
- disable_anchor_resource
Craig Gumbley [Mon, 22 Aug 2022 10:23:56 +0000 (10:23 +0000)]
(GH-1055) Fix hardcoded cache path
Prior to this commit the cache path used to create the script file resource
was hardcoded to /opt/puppetlabs/puppet/cache.
This commit fixes that by using the `puppet_vardir` fact provided by stdlib so
that we will always get the correct path for the OS that is executing the code.
Additionally, if for some reason the `puppet_vardir` fact is not available we
will fall back to `tmp`.
Craig Gumbley [Thu, 11 Aug 2022 15:20:36 +0000 (15:20 +0000)]
Harden PPA defined type
Prior to this commit there was a possibility that malformed strings
could be passed as the resources name. This could lead to unsafe
executions on a remote system.
This was also a possibility for the options parameter as it was
constrained to a string.
In addition, commands were not properly broken out in to arrays of
arguments when passed to the exec resource.
This commit fixes the above by adding validation to the resource name
ensuring that the given ppa name conforms to expectation. Also, commands
are now broken down in to arrays of arguments appropriately. This ensures
safer execution on the remote system.
Given that the options parameter, passed as a raw string, could lead to
unsafe code execution it was reasonable to change the accepted type to
an `Optional[Array[String]]. This means that an array of options can now
be passed to the exec resource inside the original command.