Browse Source

hurr... more building... about to get to the good stuff though.

master
Aaron Hicks 6 years ago
parent
commit
434043dc46
5 changed files with 116 additions and 14 deletions
  1. 43
    1
      manifests/key.pp
  2. 36
    5
      manifests/keymaster/setup.pp
  3. 12
    0
      manifests/namecheck.pp
  4. 6
    6
      manifests/params.pp
  5. 19
    2
      spec/classes/keymaster_spec.rb

+ 43
- 1
manifests/key.pp View File

@@ -1,5 +1,47 @@
define gpg::key (

$ensure = 'present',
$force = false,
$keytype = 'rsa',
$keylength = 4096,
$expiry = 0,
$maxdays = undef,
$mindate = undef,
$warn_expiry = 21,
$subkeytype = 'rsa',
$subkeylength = '4096',
$email = 'puppet@localhost',
$password = '',
$armour = true,
){

include gpg::params

# Validate the key title
gpg::namecheck{"${title}-title":
parm => 'title',
value => $title
}

# apply defaults
$_keylength = $keytype ? {
'rsa' => $keylength,
'dsa' => 1024
}

@gpg::setup{$title:
ensure => $ensure,
force => $force,
keytype => $keytype,
keylength => $_keylength,
subkeytype => $subkeytype,
subkeylength => $subkeylength,
email => $email,
password => $password,
armour => $armour,
expiry => $expiry,
mindate => $mindate,
maxdays => $maxdays,
warn_expiry => $warn_expiry
}

}

+ 36
- 5
manifests/keymaster/setup.pp View File

@@ -12,9 +12,13 @@ define gpg::keymaster::setup(
$email,
$password,
$armour,
$expiry
$expiry,
$maxdays,
$mindate,
$warn_expiry
){
include gpg::params

Exec{ path => ['/usr/bin','/usr/sbin','/bin','/sbin']}

File{
@@ -23,11 +27,38 @@ define gpg::keymaster::setup(
mode => 600,
}

$key_gen_file = "${gpg::params::keymaster_ring_dir}/${title}/gpg_gen.txt"
$secret_key_file = "${gpg::params::keymaster_ring_dir}/${title}/${title}_secret.gpg"
$public_key_file = "${gpg::params::keymaster_ring_dir}/${title}/${title}_public.gpg"
$key_dir = "${gpg::params::ring_dir}/${title}"
$keygen_file = "${key_dir}/keygen.txt"
$secret_file = "${key_dir}/${title}_secret.gpg"
$public_file = "${key_dir}/${title}_public.gpg"

if $ensure = 'present' {
# Remove existing key pair, if;
# $force is true, or
# $maxdays or $mindate criteria isn't met (if set)

if $force {
$reason = 'force is true'
}

if !$reason and $mindate and generate("/usr/bin/find", $secret_file, "!", "-newermt", "${mindate}") {
$reason = "created before ${mindate}"
}

if !$reason and $maxdays and generate("/usr/bin/find", $secret_file, "-mtime", "+${maxdays}") {
$reason = "older than ${maxdays} days"
}

if $reason {
Exec{"Revoke previous GPG key ${title}: ${reason}":
command => "rm ${secret_file} ${public_file} ${keygen_file}",
before => Exec["Create GPG keygen file for ${title}","Create GPG key pair for ${title}"]
}
}

# Create the GPG key gen file for using gpg in batch mode

case $ensure {
# Create the GPG key pair

}
}

+ 12
- 0
manifests/namecheck.pp View File

@@ -0,0 +1,12 @@
# Check a name (e.g. key title or filename) for the allowed form
define gpg::namecheck (
$parm,
$value
){
if $value !~ /^[A-Za-z0-9]/ {
fail("sshkeys::key: $parm '$value' not allowed: must begin with a letter or digit")
}
if $value !~ /^[A-Za-z0-9_.:@-]+$/ {
fail("sshkeys::key: $parm '$value' not allowed: may only contain the characters A-Za-z0-9_.:@-")
}
}

+ 6
- 6
manifests/params.pp View File

@@ -2,12 +2,12 @@ class gpg::params {

case $::osfamily {
'Debian', 'RedHat':{
$package = 'gnupg'
$gpgme_package = 'gpgme'
$gpgme_provider = 'gem'
$keymaster_ring_dir = '/var/lib/puppet-gpg'
$keymaster_keyring = "${keymaster_ring_dir}/gpg_keymaster.pgp"
}
$package = 'gnupg'
$gpgme_package = 'gpgme'
$gpgme_provider = 'gem'
$ring_dir = '/var/lib/puppet-keymaster/gpg'
$ring_file = "${keymaster_ring_dir}/gpg_keyring.pgp"
}s
default: {
fail("The operating system family ${::osfamily} is not supported by the puppet-gpg module on ${::fqdn}")
}

+ 19
- 2
spec/classes/keymaster_spec.rb View File

@@ -1,7 +1,24 @@
require 'spec_helper'

describe 'gpg', :type => :class do
context "on a Debian OS" do
let :facts do
{
:osfamily => 'Debian'
}
end
it { should include_class("gpg::params")}
it { should contain_file("/var/lib/puppet-gpg")}
it { should contain_file("/var/lib/puppet-gpg/gpg_keymaster.gpg")}
it { should contain_file("/var/lib/puppet-keymaster/gpg")}
it { should contain_file("/var/lib/puppet-keymaster/gpg/gpg_keyring.gpg")}
end
context "on a RedHat OS" do
let :facts do
{
:osfamily => 'RedHat'
}
end
it { should include_class("gpg::params")}
it { should contain_file("/var/lib/puppet-keymaster/gpg")}
it { should contain_file("/var/lib/puppet-keymaster/gpg/gpg_keyring.gpg")}
end
end

Loading…
Cancel
Save