-
Notifications
You must be signed in to change notification settings - Fork 136
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for the Certbot Gandi plugin #295
base: master
Are you sure you want to change the base?
Conversation
data/FreeBSD-family.yaml
Outdated
@@ -5,3 +5,4 @@ letsencrypt::cron_owner_group: 'wheel' | |||
letsencrypt::plugin::dns_rfc2136::package_name: 'py38-certbot-dns-rfc2136' | |||
letsencrypt::plugin::dns_route53::package_name: 'py38-certbot-dns-route53' | |||
letsencrypt::plugin::dns_cloudflare::package_name: 'py38-certbot-dns-cloudflare' | |||
letsencrypt::plugin::dns_gandi::package_name: 'certbot-plugin-gandi' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are currently no FreeBSD port for this :-/
The name would probably be py38-certbot-dns-gandi
if there was, and in fact py39-certbot-dns-gandi
because the default version of Python changed recently on FreeBSD.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I opened #296 to adjust the FreeBSD version.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you think it's a good idea to install the package with pip? I'm not sure on how to install them on freebsd and centos. I will ask help to a colleague
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As a FreeBSD user, I would prefer to use a package rather installing using pip. Anybody can submit ports to FreeBSD, and they are ultimately available as packages. My guess is that if the port does not exist, nobody needed it so much they did a port for it, and maybe it is not worth it?
I would personally not set a package_name
for FreeBSD in Hiera and make $letsencrypt::plugin::dns_gandi::package_name
mandatory so that it fails hard if someone attempt to use it on FreeBSD.
data/os/Debian/11.yaml
Outdated
@@ -0,0 +1,3 @@ | |||
--- | |||
letsencrypt::plugin::dns_gandi::package_provider: apt |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do you need to set the package provider? That's rarely needed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're right, I will remove it
manifests/plugin/dns_gandi.pp
Outdated
if $package_provider { | ||
package { $package_name: | ||
ensure => installed, | ||
provider => $package_provider, | ||
} | ||
} | ||
else { | ||
package { $package_name: | ||
ensure => installed, | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can just pass undef
along:
if $package_provider { | |
package { $package_name: | |
ensure => installed, | |
provider => $package_provider, | |
} | |
} | |
else { | |
package { $package_name: | |
ensure => installed, | |
} | |
} | |
package { $package_name: | |
ensure => installed, | |
provider => $package_provider, | |
} |
manifests/plugin/dns_gandi.pp
Outdated
if $api_key { | ||
$ini_vars = { | ||
'certbot_plugin_gandi:dns_api_key' => $api_key, | ||
} | ||
} else { | ||
fail('api_key not provided for certbot dns gandi plugin.') | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The data type guarantees it's set
if $api_key { | |
$ini_vars = { | |
'certbot_plugin_gandi:dns_api_key' => $api_key, | |
} | |
} else { | |
fail('api_key not provided for certbot dns gandi plugin.') | |
} | |
$ini_vars = { | |
'certbot_plugin_gandi:dns_api_key' => $api_key, | |
} |
data/RedHat-family.yaml
Outdated
@@ -3,3 +3,4 @@ letsencrypt::configure_epel: true | |||
letsencrypt::plugin::dns_rfc2136::package_name: 'python3-certbot-dns-rfc2136' | |||
letsencrypt::plugin::dns_route53::package_name: 'python3-certbot-dns-route53' | |||
letsencrypt::plugin::dns_cloudflare::package_name: 'python3-certbot-dns-cloudflare' | |||
letsencrypt::plugin::dns_gandi::package_name: 'certbot-plugin-gandi' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This doesn't look correct.
@cible Is this ready for review? The pull request is currently marked as a draft. |
manifests/plugin/dns_gandi.pp
Outdated
class letsencrypt::plugin::dns_gandi ( | ||
String[1] $api_key, | ||
String[1] $package_name, | ||
Optional[String[1]] $package_provider = undef, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is an unused parameter. Shouldn't it be passed to the package
resource?
Co-authored-by: Ewoud Kohl van Wijngaarden <ewoud@kohlvanwijngaarden.nl>
|
||
it do | ||
if package_name.nil? | ||
is_expected.not_to compile |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A better way is to test for the error:
is_expected.not_to compile | |
is_expected.to compile.and_raise_error(/A Matcher For The Error/) |
PUPPET | ||
end | ||
|
||
it { is_expected.not_to compile.with_all_deps } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here too it's better to compile and test for a specific error
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For this one, the module won't work with an empty api_key and I don't know how to handle the error:
13) letsencrypt::certonly on fedora-36-x86_64 based operating systems with dns-gandi plugin without api_key is expected to fail to compile and raise an error matching /\/expects a value for parameter 'api_key'\//
Failure/Error: it { is_expected.to compile.and_raise_error(%r{/expects a value for parameter 'api_key'/}) }
error during compilation: Evaluation Error: Error while evaluating a Resource Statement, Class[Letsencrypt::Plugin::Dns_gandi]: expects a value for parameter 'api_key' (line: 6, column: 11
it { is_expected.to compile.and_raise_error(%r{/expects a value for parameter 'api_key'/}) }
is not correct?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The /
is redundant. In Ruby you can define a regex as /my regex/
or %r{my regex}
but %r{/my regex/}
means you expect /
in the output. This is useful if you want to test /var/lib is empty
is in the error. Compare %r{/var/lib is empty}
to /\/var\/lib is empty/
.
Co-authored-by: Ewoud Kohl van Wijngaarden <ewoud@kohlvanwijngaarden.nl>
It seem ok for me. Sorry for being so slow and bad with ruby. Did I have to do something else? rebase? |
@cible yes, this needs a rebase. I think we can merge if afterwards 👍 |
Pull Request (PR) description
Adding feature support for the certbot-plugin-gandi created by @obynio
The plugin use the Production API key.
This Pull Request (PR) fixes the following issues
N/A