diff --git a/Gemfile b/Gemfile
index adda36f..984dfc4 100644
--- a/Gemfile
+++ b/Gemfile
@@ -30,9 +30,9 @@ group :development do
gem "pry", '~> 0.10', require: false
gem "simplecov-console", '~> 0.5', require: false
gem "puppet-debugger", '~> 1.0', require: false
- gem "rubocop", '~> 1.48.1', require: false
- gem "rubocop-performance", '~> 1.16', require: false
- gem "rubocop-rspec", '~> 2.19', require: false
+ gem "rubocop", '= 1.48.1', require: false
+ gem "rubocop-performance", '= 1.16.0', require: false
+ gem "rubocop-rspec", '= 2.19.0', require: false
gem "rb-readline", '= 0.5.5', require: false, platforms: [:mswin, :mingw, :x64_mingw]
end
group :system_tests do
diff --git a/README.md b/README.md
index 71c15a9..99c59fa 100644
--- a/README.md
+++ b/README.md
@@ -96,14 +96,6 @@ built secret server. See [docs](https://puppet.com/docs/puppet/latest/integratio
* `node_encrypt::certificates`
* This class will synchronize certificates to all compile servers.
* Generally not needed, unless the `clientcert_pem` fact fails for some reason.
-* `node_encrypt::file`
- * Legacy type for backwards code compatibility.
- * It just invokes the deferred functions for you so that your old code will
- continue to compile. This means that it now requires Puppet 6.x+. You should
- migrate to the deferred function as soon as possible, as this type will be
- removed in the next major version.
- * This is a defined type that wraps a standard file resource, but allows you
- to encrypt the content in the catalog and reports.
The simplest usage is like the example shown in the [Overview](#overview). This
defined type accepts most of the standard file parameters and simply encrypts the
@@ -297,7 +289,6 @@ functions:
returns: '-----BEGIN PKCS7----- MOCKED_DATA'
```
-(Note, the text of the mock return is important for users of the `node_encrypt::file` defined type.)
## Limitations
diff --git a/REFERENCE.md b/REFERENCE.md
index 0f3e75e..9e704fd 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -8,16 +8,12 @@
* [`node_encrypt::certificates`](#node_encrypt--certificates): Class: node_encrypt::certificates This class distributes public certificates from your CA node to all compile server configurations. It is r
-### Defined types
-
-* [`node_encrypt::file`](#node_encrypt--file): Notice: This defined type is deprecated and only used for backward code compatibility. This uses the modern deferred function under the hood
-
### Functions
* [`node_decrypt`](#node_decrypt): Decrypt data with node_encrypt. This is intended to be used as a Deferred function on the _agent_ via the node_encrypted::secret wrapper.
* [`node_encrypt`](#node_encrypt): Encrypt data with node_encrypt.
* [`node_encrypt`](#node_encrypt): This function simply encrypts the String or Sensitive passed to it using the certificate belonging to the client the catalog is being compile
-* [`node_encrypt::secret`](#node_encrypt--secret)
+* [`node_encrypt::secret`](#node_encrypt--secret): This function encrypts a string on the server, and then decrypts it on the agent during catalog application.
* [`redact`](#redact): This function will modify the catalog during compilation to remove the named parameter from the class from which it was called. For example,
## Classes
@@ -73,215 +69,6 @@ Data type: `Integer`
Default value: `300`
-## Defined types
-
-### `node_encrypt::file`
-
-Notice:
-This defined type is deprecated and only used for backward code compatibility.
-This uses the modern deferred function under the hood and will be removed in
-the next major release. That means that this module now REQUIRES Puppet 6.x+.
-
-Parameters:
-[*ensure*]
- Specifies the desired state of the file. Valid values are 'absent', 'present', or 'file'.
-
-[*path*]
- The path to the file.
-
-[*backup*]
- (Optional) Whether to create backups of the file when it changes.
-
-[*checksum*]
- (Optional) The checksum type to use for file content validation.
-
-[*content*]
- (Optional) The content of the file. This will be encrypted with node_encrypt() and passed to
- an instance of the node_encrypted_file type, which will provide the content to the file.
-
-[*encrypted_content*]
- (Optional) The encrypted content of the file. If specified, it will be decrypted and used as
- the content of the file.
-
-[*force*]
- (Optional) Whether to force file updates even if the file is managed by another system.
-
-[*group*]
- (Optional) The group ownership of the file.
-
-[*owner*]
- (Optional) The owner of the file.
-
-[*mode*]
- (Optional) The file mode or permission settings.
-
-[*replace*]
- (Optional) Whether to replace the file if it already exists.
-
-[*selinux_ignore_defaults*]
- (Optional) Whether to ignore SELinux defaults when managing the file.
-
-[*selrange*]
- (Optional) The SELinux range for the file.
-
-[*selrole*]
- (Optional) The SELinux role for the file.
-
-[*seltype*]
- (Optional) The SELinux type for the file.
-
-[*seluser*]
- (Optional) The SELinux user for the file.
-
-#### Parameters
-
-The following parameters are available in the `node_encrypt::file` defined type:
-
-* [`ensure`](#-node_encrypt--file--ensure)
-* [`path`](#-node_encrypt--file--path)
-* [`backup`](#-node_encrypt--file--backup)
-* [`checksum`](#-node_encrypt--file--checksum)
-* [`content`](#-node_encrypt--file--content)
-* [`encrypted_content`](#-node_encrypt--file--encrypted_content)
-* [`force`](#-node_encrypt--file--force)
-* [`group`](#-node_encrypt--file--group)
-* [`owner`](#-node_encrypt--file--owner)
-* [`mode`](#-node_encrypt--file--mode)
-* [`replace`](#-node_encrypt--file--replace)
-* [`selinux_ignore_defaults`](#-node_encrypt--file--selinux_ignore_defaults)
-* [`selrange`](#-node_encrypt--file--selrange)
-* [`selrole`](#-node_encrypt--file--selrole)
-* [`seltype`](#-node_encrypt--file--seltype)
-* [`seluser`](#-node_encrypt--file--seluser)
-
-##### `ensure`
-
-Data type: `Enum['absent', 'present', 'file']`
-
-
-
-Default value: `'file'`
-
-##### `path`
-
-Data type: `String[1]`
-
-
-
-Default value: `$title`
-
-##### `backup`
-
-Data type: `Optional[Boolean]`
-
-
-
-Default value: `undef`
-
-##### `checksum`
-
-Data type: `Optional[String[1]]`
-
-
-
-Default value: `undef`
-
-##### `content`
-
-Data type: `Optional[String[1]]`
-
-
-
-Default value: `undef`
-
-##### `encrypted_content`
-
-Data type: `Optional[String[1]]`
-
-
-
-Default value: `undef`
-
-##### `force`
-
-Data type: `Optional[Boolean]`
-
-
-
-Default value: `undef`
-
-##### `group`
-
-Data type: `Optional[String[1]]`
-
-
-
-Default value: `undef`
-
-##### `owner`
-
-Data type: `Optional[String[1]]`
-
-
-
-Default value: `undef`
-
-##### `mode`
-
-Data type: `Optional[Stdlib::Filemode]`
-
-
-
-Default value: `undef`
-
-##### `replace`
-
-Data type: `Optional[Boolean]`
-
-
-
-Default value: `undef`
-
-##### `selinux_ignore_defaults`
-
-Data type: `Optional[Boolean]`
-
-
-
-Default value: `undef`
-
-##### `selrange`
-
-Data type: `Optional[String[1]]`
-
-
-
-Default value: `undef`
-
-##### `selrole`
-
-Data type: `Optional[String[1]]`
-
-
-
-Default value: `undef`
-
-##### `seltype`
-
-Data type: `Optional[String[1]]`
-
-
-
-Default value: `undef`
-
-##### `seluser`
-
-Data type: `Optional[String[1]]`
-
-
-
-Default value: `undef`
-
## Functions
### `node_decrypt`
@@ -352,11 +139,11 @@ Returns: `Any`
Type: Puppet Language
-The node_encrypt::secret function.
+This function encrypts a string on the server, and then decrypts it on the agent during catalog application.
#### `node_encrypt::secret(Variant[String, Sensitive[String]] $data)`
-The node_encrypt::secret function.
+This function encrypts a string on the server, and then decrypts it on the agent during catalog application.
Returns: `Deferred`
diff --git a/functions/secret.pp b/functions/secret.pp
index da5f866..4f13e39 100644
--- a/functions/secret.pp
+++ b/functions/secret.pp
@@ -1,3 +1,4 @@
+# This function encrypts a string on the server, and then decrypts it on the agent during catalog application.
function node_encrypt::secret(Variant[String, Sensitive[String]] $data) >> Deferred {
Deferred('node_decrypt', [node_encrypt($data)])
}
diff --git a/manifests/file.pp b/manifests/file.pp
deleted file mode 100644
index 010e19e..0000000
--- a/manifests/file.pp
+++ /dev/null
@@ -1,113 +0,0 @@
-# Notice:
-# This defined type is deprecated and only used for backward code compatibility.
-# This uses the modern deferred function under the hood and will be removed in
-# the next major release. That means that this module now REQUIRES Puppet 6.x+.
-#
-# Parameters:
-# [*ensure*]
-# Specifies the desired state of the file. Valid values are 'absent', 'present', or 'file'.
-#
-# [*path*]
-# The path to the file.
-#
-# [*backup*]
-# (Optional) Whether to create backups of the file when it changes.
-#
-# [*checksum*]
-# (Optional) The checksum type to use for file content validation.
-#
-# [*content*]
-# (Optional) The content of the file. This will be encrypted with node_encrypt() and passed to
-# an instance of the node_encrypted_file type, which will provide the content to the file.
-#
-# [*encrypted_content*]
-# (Optional) The encrypted content of the file. If specified, it will be decrypted and used as
-# the content of the file.
-#
-# [*force*]
-# (Optional) Whether to force file updates even if the file is managed by another system.
-#
-# [*group*]
-# (Optional) The group ownership of the file.
-#
-# [*owner*]
-# (Optional) The owner of the file.
-#
-# [*mode*]
-# (Optional) The file mode or permission settings.
-#
-# [*replace*]
-# (Optional) Whether to replace the file if it already exists.
-#
-# [*selinux_ignore_defaults*]
-# (Optional) Whether to ignore SELinux defaults when managing the file.
-#
-# [*selrange*]
-# (Optional) The SELinux range for the file.
-#
-# [*selrole*]
-# (Optional) The SELinux role for the file.
-#
-# [*seltype*]
-# (Optional) The SELinux type for the file.
-#
-# [*seluser*]
-# (Optional) The SELinux user for the file.
-#
-define node_encrypt::file (
- Enum['absent', 'present', 'file'] $ensure = 'file',
- String[1] $path = $title,
- Optional[Boolean] $backup = undef,
- Optional[String[1]] $checksum = undef,
- Optional[String[1]] $content = undef,
- Optional[String[1]] $encrypted_content = undef,
- Optional[Boolean] $force = undef,
- Optional[String[1]] $group = undef,
- Optional[String[1]] $owner = undef,
- Optional[Stdlib::Filemode] $mode = undef,
- Optional[Boolean] $replace = undef,
- Optional[Boolean] $selinux_ignore_defaults = undef,
- Optional[String[1]] $selrange = undef,
- Optional[String[1]] $selrole = undef,
- Optional[String[1]] $seltype = undef,
- Optional[String[1]] $seluser = undef,
-) {
- warning('This defined type is deprecated and will be removed in the next major release. Use the node_encrypt::secret function instead.')
- notify { 'This defined type is deprecated and will be removed in the next major release.Use the node_encrypt::secret function instead.': }
-
- unless $ensure in ['absent', 'present', 'file'] {
- fail("Node_encrypt::File[${title}] invalid value for ensure")
- }
-
- if $content and $encrypted_content {
- fail("Node_encrypt::File[${title}] pass only one of content and encrypted_content")
- }
-
- if $ensure == 'absent' {
- $real_content = undef
- }
- else {
- $real_content = $content ? {
- undef => Deferred('node_decrypt', [$encrypted_content]),
- default => $content.node_encrypt::secret,
- }
- }
-
- file { $title:
- ensure => $ensure,
- path => $path,
- backup => $backup,
- checksum => $checksum,
- content => $real_content,
- force => $force,
- group => $group,
- mode => $mode,
- owner => $owner,
- replace => $replace,
- selinux_ignore_defaults => $selinux_ignore_defaults,
- selrange => $selrange,
- selrole => $selrole,
- seltype => $seltype,
- seluser => $seluser,
- }
-}
diff --git a/spec/defines/file_spec.rb b/spec/defines/file_spec.rb
deleted file mode 100644
index 08eb20b..0000000
--- a/spec/defines/file_spec.rb
+++ /dev/null
@@ -1,79 +0,0 @@
-# frozen_string_literal: true
-
-require 'spec_helper'
-require 'puppet_x/node_encrypt'
-
-describe 'node_encrypt::file' do
- context 'when ensuring present' do
- let(:node) { 'testhost.example.com' }
- let(:title) { '/tmp/test' }
- let(:params) do
- {
- ensure: 'file',
- owner: 'root',
- mode: '0644',
- content: 'foobar'
- }
- end
-
- let(:pre_condition) do
- 'function node_encrypt::secret($data) { return "encrypted" }'
- end
-
- it { is_expected.to have_notify_resource_count(1) }
-
- it {
- expect(subject).to contain_file('/tmp/test').with(
- {
- ensure: 'file',
- owner: 'root',
- mode: '0644',
- content: 'encrypted'
- },
- )
- }
- end
-
- context 'with pre-encrypted content',
- skip: 'skipping due to difference in behaviour between mocha stub and rspec allow on ruby 2.x, and the defined type node_encrypt::file is to be removed in a seperate PR' do
- let(:node) { 'testhost.example.com' }
- let(:title) { '/tmp/test' }
- let(:params) do
- {
- ensure: 'file',
- owner: 'root',
- mode: '0644',
- encrypted_content: 'encrypted'
- }
- end
-
- before(:each) do
- allow(PuppetX::NodeEncrypt).to receive(:decrypt).with('encrypted').and_return('decrypted')
- end
-
- it {
- expect(subject).to have_notify_resource_count(1)
- }
-
- it { is_expected.to have_notify_resource_count(1) }
-
- it {
- expect(subject).to contain_file('/tmp/test').with(
- {
- ensure: 'file',
- owner: 'root',
- mode: '0644',
- content: sensitive('decrypted')
- },
- )
- }
- end
-
- context 'when ensure absent' do
- let(:title) { '/tmp/test' }
- let(:params) { { ensure: 'absent' } }
-
- it { is_expected.to have_notify_resource_count(1) }
- it { is_expected.to contain_file('/tmp/test').with_ensure('absent') }
- end
-end