Merge pull request #750 from Icinga/enhancement/replace-tls-client

Replace icinga2::tls::client with icinga::cert

REFERENCE.md

@@ -70,7 +70,6 @@ start on boot and will be restarted if stopped.
 
 * `icinga2::feature`: Private define resource to used by this module only.
 * `icinga2::object`: Define resource to used by this module only.
-* `icinga2::tls::client`: A class to generate tls key, cert and cacert paths.
 
 ### Functions
 

manifests/feature/elasticsearch.pp

@@ -85,7 +85,7 @@
     fail('You must include the icinga2 base class before using any icinga2 feature class!')
   }
 
-  $user          = $icinga2::globals::user
+  $owner         = $icinga2::globals::user
   $group         = $icinga2::globals::group
   $conf_dir      = $icinga2::globals::conf_dir
   $ssl_dir       = $icinga2::globals::cert_dir
@@ -104,7 +104,7 @@
   }
 
   File {
-    owner   => $user,
+    owner   => $owner,
     group   => $group,
   }
 
@@ -128,9 +128,21 @@
       'key_path'              => $cert['key_file'],
     }
 
-    icinga2::tls::client { 'ElasticsearchWriter_elasticsearch':
-      args   => $cert,
-      notify => $_notify,
+    # Workaround, icinga::cert doesn't accept undef values for owner and group!
+    if $facts['os']['family'] != 'windows' {
+      icinga::cert { 'ElasticsearchWriter_elasticsearch':
+        args   => $cert,
+        owner  => $owner,
+        group  => $group,
+        notify => $_notify,
+      }
+    } else {
+      icinga::cert { 'ElasticsearchWriter_elasticsearch':
+        args   => $cert,
+        owner  => 'foo',
+        group  => 'bar',
+        notify => $_notify,
+      }
     }
   } else {
     $attrs_ssl = {

manifests/feature/gelf.pp

@@ -98,9 +98,21 @@
       'key_path'          => $cert['key_file'],
     }
 
-    icinga2::tls::client { 'GelfWriter_gelf':
-      args   => $cert,
-      notify => $_notify,
+    # Workaround, icinga::cert doesn't accept undef values for owner and group!
+    if $facts['os']['family'] != 'windows' {
+      icinga::cert { 'GelfWriter_gelf':
+        args   => $cert,
+        owner  => $owner,
+        group  => $group,
+        notify => $_notify,
+      }
+    } else {
+      icinga::cert { 'GelfWriter_gelf':
+        args   => $cert,
+        owner  => 'foo',
+        group  => 'bar',
+        notify => $_notify,
+      }
     }
   } else {
     $attrs_ssl = {

manifests/feature/icingadb.pp

@@ -89,11 +89,11 @@
     fail('You must include the icinga2 base class before using any icinga2 feature class!')
   }
 
-  $owner         = $icinga2::globals::user
-  $group         = $icinga2::globals::group
-  $conf_dir      = $icinga2::globals::conf_dir
-  $data_dir      = $icinga2::globals::data_dir
-  $ssl_dir       = $icinga2::globals::cert_dir
+  $conf_dir = $icinga2::globals::conf_dir
+  $data_dir = $icinga2::globals::data_dir
+  $cert_dir = $icinga2::globals::cert_dir
+  $owner    = $icinga2::globals::user
+  $group    = $icinga2::globals::group
 
   $_password = if $password =~ Sensitive {
     $password
@@ -103,7 +103,7 @@
     undef
   }
 
-  $_notify       = $ensure ? {
+  $_notify = $ensure ? {
     'present' => Class['icinga2::service'],
     default   => undef,
   }
@@ -126,7 +126,7 @@
   if $enable_tls {
     $cert = icinga::cert::files(
       'IcingaDB-icingadb',
-      $ssl_dir,
+      $cert_dir,
       $tls_key_file,
       $tls_cert_file,
       $tls_cacert_file,
@@ -146,9 +146,21 @@
       'tls_protocolmin'   => $tls_protocolmin,
     }
 
-    icinga2::tls::client { 'IcingaDB-icingadb':
-      args   => $cert,
-      notify => $_notify,
+    # Workaround, icinga::cert doesn't accept undef values for owner and group!
+    if $facts['os']['family'] != 'windows' {
+      icinga::cert { 'IcingaDB-icingadb':
+        args   => $cert,
+        owner  => $owner,
+        group  => $group,
+        notify => $_notify,
+      }
+    } else {
+      icinga::cert { 'IcingaDB-icingadb':
+        args   => $cert,
+        owner  => 'foo',
+        group  => 'bar',
+        notify => $_notify,
+      }
     }
   } # enable_tls
   else {

manifests/feature/idomysql.pp

@@ -168,9 +168,21 @@
       'ssl_cipher' => $ssl_cipher,
     }
 
-    icinga2::tls::client { 'IdoMysqlConnection_ido-mysql':
-      args   => $cert,
-      notify => $_notify,
+    # Workaround, icinga::cert doesn't accept undef values for owner and group!
+    if $facts['os']['family'] != 'windows' {
+      icinga::cert { 'IdoMysqlConnection_ido-mysql':
+        args   => $cert,
+        owner  => $owner,
+        group  => $group,
+        notify => $_notify,
+      }
+    } else {
+      icinga::cert { 'IdoMysqlConnection_ido-mysql':
+        args   => $cert,
+        owner  => 'foo',
+        group  => 'bar',
+        notify => $_notify,
+      }
     }
   } else {
     $attrs_ssl = {

manifests/feature/idopgsql.pp

@@ -152,9 +152,21 @@
       'ssl_key'  => $cert['key_file'],
     }
 
-    icinga2::tls::client { 'IdoPgsqlConnection_ido-pgsql':
-      args   => $cert,
-      notify => $_notify,
+    # Workaround, icinga::cert doesn't accept undef values for owner and group!
+    if $facts['os']['family'] != 'windows' {
+      icinga::cert { 'IdoPgsqlConnection_ido-pgsql':
+        args   => $cert,
+        owner  => $owner,
+        group  => $group,
+        notify => $_notify,
+      }
+    } else {
+      icinga::cert { 'IdoPgsqlConnection_ido-pgsql':
+        args   => $cert,
+        owner  => 'foo',
+        group  => 'bar',
+        notify => $_notify,
+      }
     }
   } else {
     $attrs_ssl = {

manifests/feature/influxdb.pp

@@ -111,7 +111,7 @@
     fail('You must include the icinga2 base class before using any icinga2 feature class!')
   }
 
-  $user     = $icinga2::globals::user
+  $owner    = $icinga2::globals::user
   $group    = $icinga2::globals::group
   $conf_dir = $icinga2::globals::conf_dir
   $ssl_dir  = $icinga2::globals::cert_dir
@@ -140,7 +140,7 @@
   }
 
   File {
-    owner   => $user,
+    owner   => $owner,
     group   => $group,
   }
 
@@ -167,9 +167,21 @@
       'ssl_key'               => $cert['key_file'],
     }
 
-    icinga2::tls::client { 'InfluxdbWriter_influxdb':
-      args   => $cert,
-      notify => $_notify,
+    # Workaround, icinga::cert doesn't accept undef values for owner and group!
+    if $facts['os']['family'] != 'windows' {
+      icinga::cert { 'InfluxdbWriter_influxdb':
+        args   => $cert,
+        owner  => $owner,
+        group  => $group,
+        notify => $_notify,
+      }
+    } else {
+      icinga::cert { 'InfluxdbWriter_influxdb':
+        args   => $cert,
+        owner  => 'foo',
+        group  => 'bar',
+        notify => $_notify,
+      }
     }
   } else {
     $attrs_ssl = {

manifests/feature/influxdb2.pp

@@ -107,7 +107,7 @@
     fail('You must include the icinga2 base class before using any icinga2 feature class!')
   }
 
-  $user     = $icinga2::globals::user
+  $owner    = $icinga2::globals::user
   $group    = $icinga2::globals::group
   $conf_dir = $icinga2::globals::conf_dir
   $ssl_dir  = $icinga2::globals::cert_dir
@@ -118,7 +118,7 @@
   }
 
   File {
-    owner   => $user,
+    owner   => $owner,
     group   => $group,
   }
 
@@ -145,9 +145,21 @@
       'ssl_key'               => $cert['key_file'],
     }
 
-    icinga2::tls::client { 'Influxdb2Writer_influxdb2':
-      args   => $cert,
-      notify => $_notify,
+    # Workaround, icinga::cert doesn't accept undef values for owner and group!
+    if $facts['os']['family'] != 'windows' {
+      icinga::cert { 'Influxdb2Writer_influxdb2':
+        args   => $cert,
+        owner  => $owner,
+        group  => $group,
+        notify => $_notify,
+      }
+    } else {
+      icinga::cert { 'Influxdb2Writer_influxdb2':
+        args   => $cert,
+        owner  => 'foo',
+        group  => 'bar',
+        notify => $_notify,
+      }
     }
   } else {
     $attrs_ssl = {