diff --git a/.fixtures.yml b/.fixtures.yml
index eedcb8047f91bac97080b10807e2fca35c799e2b..3fd2c201df1884a1776727fc8fead4747fd760a7 100644
--- a/.fixtures.yml
+++ b/.fixtures.yml
@@ -3,5 +3,5 @@
---
fixtures:
repositories:
- stdlib: 'git://github.com/puppetlabs/puppetlabs-stdlib'
- systemd: 'git://github.com/voxpupuli/puppet-systemd'
+ stdlib: 'https://github.com/puppetlabs/puppetlabs-stdlib.git'
+ systemd: 'https://github.com/voxpupuli/puppet-systemd.git'
diff --git a/.pdkignore b/.pdkignore
index c538bea8bd4d700fc03fcc537bbd98868c004c0d..a956c8fe6d8e9e1da6b3540a2da225cd059652c8 100644
--- a/.pdkignore
+++ b/.pdkignore
@@ -39,7 +39,6 @@
/rakelib/
/.rspec
/.rubocop.yml
-/.travis.yml
/.yardopts
/spec/
/.vscode/
diff --git a/.rubocop.yml b/.rubocop.yml
index 78c4c587e1a4b889c0202968195452bae1330fcb..31e8248ff813e956702d5c67844aeb0e2affc917 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -4,7 +4,7 @@ require:
- rubocop-rspec
AllCops:
DisplayCopNames: true
- TargetRubyVersion: '2.4'
+ TargetRubyVersion: '2.5'
Include:
- "**/*.rb"
Exclude:
@@ -347,8 +347,6 @@ RSpec/ReceiveCounts:
Enabled: false
RSpec/ReceiveNever:
Enabled: false
-RSpec/RepeatedDescription:
- Enabled: false
RSpec/RepeatedExampleGroupBody:
Enabled: false
RSpec/RepeatedExampleGroupDescription:
diff --git a/.sync.yml b/.sync.yml
index d30d22d28c1da0494f6f4833b60a1f71ed11b37a..6ff3f691f03167d0fc3bebaef5b37326b665562f 100644
--- a/.sync.yml
+++ b/.sync.yml
@@ -107,15 +107,14 @@ appveyor.yml:
Gemfile:
required:
':development':
+ - gem: 'puppet-blacksmith'
- gem: 'beaker-rspec'
- gem: 'beaker-puppet'
- gem: 'beaker-docker'
- gem: 'beaker-puppet_install_helper'
- gem: 'beaker-module_install_helper'
- gem: 'pdk'
- version: '2.3.0'
- - gem: 'puppet-strings'
- version: '2.9.0'
+ version: '2.7.1'
spec/spec_helper.rb:
mock_with: ':rspec'
diff --git a/Gemfile b/Gemfile
index 6ab204fa1a43722674d7df15c9a34207bb497462..2f2057065cbb43c805d34066943af93c9350fe40 100644
--- a/Gemfile
+++ b/Gemfile
@@ -13,28 +13,38 @@ def location_for(place_or_version, fake_version = nil)
end
end
-ruby_version_segments = Gem::Version.new(RUBY_VERSION.dup).segments
-minor_version = ruby_version_segments[0..1].join('.')
-
group :development do
- gem "json", '= 2.0.4', require: false if Gem::Requirement.create('~> 2.4.2').satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
- gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
- gem "json", '= 2.3.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 2.8.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
- gem "puppet-module-posix-default-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby]
- gem "puppet-module-posix-dev-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby]
- gem "puppet-module-win-default-r#{minor_version}", '~> 1.0', require: false, platforms: [:mswin, :mingw, :x64_mingw]
- gem "puppet-module-win-dev-r#{minor_version}", '~> 1.0', require: false, platforms: [:mswin, :mingw, :x64_mingw]
- gem "beaker-rspec", require: false
- gem "beaker-puppet", require: false
- gem "beaker-docker", require: false
- gem "beaker-puppet_install_helper", require: false
- gem "beaker-module_install_helper", require: false
- gem "pdk", '2.3.0', require: false
- gem "puppet-strings", '2.9.0', require: false
+ gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
+ gem "json", '= 2.3.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
+ gem "json", '= 2.5.1', require: false if Gem::Requirement.create(['>= 3.0.0', '< 3.0.5']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
+ gem "json", '= 2.6.1', require: false if Gem::Requirement.create(['>= 3.1.0', '< 3.1.3']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
+ gem "json", '= 2.6.3', require: false if Gem::Requirement.create(['>= 3.2.0', '< 4.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
+ gem "voxpupuli-puppet-lint-plugins", '~> 4.0', require: false
+ gem "facterdb", '~> 1.18', require: false
+ gem "metadata-json-lint", '>= 2.0.2', '< 4.0.0', require: false
+ gem "puppetlabs_spec_helper", '~> 5.0', require: false
+ gem "rspec-puppet-facts", '~> 2.0', require: false
+ gem "codecov", '~> 0.2', require: false
+ gem "dependency_checker", '~> 0.2', require: false
+ gem "parallel_tests", '= 3.12.1', require: false
+ gem "pry", '~> 0.10', require: false
+ gem "simplecov-console", '~> 0.5', require: false
+ gem "puppet-debugger", '~> 1.0', require: false
+ gem "rubocop", '= 1.6.1', require: false
+ gem "rubocop-performance", '= 1.9.1', require: false
+ gem "rubocop-rspec", '= 2.0.1', require: false
+ gem "rb-readline", '= 0.5.5', require: false, platforms: [:mswin, :mingw, :x64_mingw]
+ gem "puppet-blacksmith", require: false
+ gem "beaker-rspec", require: false
+ gem "beaker-puppet", require: false
+ gem "beaker-docker", require: false
+ gem "beaker-puppet_install_helper", require: false
+ gem "beaker-module_install_helper", require: false
+ gem "pdk", '2.7.1', require: false
end
group :system_tests do
- gem "puppet-module-posix-system-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby]
- gem "puppet-module-win-system-r#{minor_version}", '~> 1.0', require: false, platforms: [:mswin, :mingw, :x64_mingw]
+ gem "puppet_litmus", '< 1.0.0', require: false, platforms: [:ruby, :x64_mingw]
+ gem "serverspec", '~> 2.41', require: false
end
puppet_version = ENV['PUPPET_GEM_VERSION']
diff --git a/REFERENCE.md b/REFERENCE.md
index bb49d575eb7ff8c091b399d91c95175c23025c48..4c8cc1fc40f72639e6f3aa75c696c9507bf5fba8 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -28,35 +28,33 @@ class { 'coturn':
The following parameters are available in the `coturn` class:
-* [`realm`](#realm)
-* [`listening_ips`](#listening_ips)
-* [`listening_port`](#listening_port)
-* [`tls_listening_port`](#tls_listening_port)
-* [`cert`](#cert)
-* [`private_key`](#private_key)
-* [`cipher_list`](#cipher_list)
-* [`dh2066`](#dh2066)
-* [`fingerprint`](#fingerprint)
-* [`lt_cred_mech`](#lt_cred_mech)
-* [`use_auth_secret`](#use_auth_secret)
-* [`static_auth_secret`](#static_auth_secret)
-* [`use_auth_secret`](#use_auth_secret)
-* [`total_quota`](#total_quota)
-* [`bps_capacity`](#bps_capacity)
-* [`stale_nonce`](#stale_nonce)
-* [`no_stdout_log`](#no_stdout_log)
-* [`no_loopback_peers`](#no_loopback_peers)
-* [`no_multicast_peers`](#no_multicast_peers)
-* [`dh2066`](#dh2066)
-* [`tlsv1`](#tlsv1)
-* [`tlsv1_1`](#tlsv1_1)
-* [`tlsv1_2`](#tlsv1_2)
-* [`simple_log`](#simple_log)
-* [`proc_user`](#proc_user)
-* [`proc_group`](#proc_group)
-* [`log_file`](#log_file)
-
-##### <a name="realm"></a>`realm`
+* [`realm`](#-coturn--realm)
+* [`listening_ips`](#-coturn--listening_ips)
+* [`listening_port`](#-coturn--listening_port)
+* [`tls_listening_port`](#-coturn--tls_listening_port)
+* [`cert`](#-coturn--cert)
+* [`private_key`](#-coturn--private_key)
+* [`cipher_list`](#-coturn--cipher_list)
+* [`fingerprint`](#-coturn--fingerprint)
+* [`lt_cred_mech`](#-coturn--lt_cred_mech)
+* [`static_auth_secret`](#-coturn--static_auth_secret)
+* [`use_auth_secret`](#-coturn--use_auth_secret)
+* [`total_quota`](#-coturn--total_quota)
+* [`bps_capacity`](#-coturn--bps_capacity)
+* [`stale_nonce`](#-coturn--stale_nonce)
+* [`no_stdout_log`](#-coturn--no_stdout_log)
+* [`no_loopback_peers`](#-coturn--no_loopback_peers)
+* [`no_multicast_peers`](#-coturn--no_multicast_peers)
+* [`dh2066`](#-coturn--dh2066)
+* [`tlsv1`](#-coturn--tlsv1)
+* [`tlsv1_1`](#-coturn--tlsv1_1)
+* [`tlsv1_2`](#-coturn--tlsv1_2)
+* [`simple_log`](#-coturn--simple_log)
+* [`proc_user`](#-coturn--proc_user)
+* [`proc_group`](#-coturn--proc_group)
+* [`log_file`](#-coturn--log_file)
+
+##### <a name="-coturn--realm"></a>`realm`
Data type: `Stdlib::Fqdn`
@@ -64,7 +62,7 @@ Name (fully qualified domain name) of the Coturn server
Default value: `$facts['networking']['fqdn']`
-##### <a name="listening_ips"></a>`listening_ips`
+##### <a name="-coturn--listening_ips"></a>`listening_ips`
Data type: `Array[Stdlib::IP::Address]`
@@ -73,7 +71,7 @@ If no IP(s) specified, then all IPv4 and IPv6 system IPs will be used for listen
Default value: `[]`
-##### <a name="listening_port"></a>`listening_port`
+##### <a name="-coturn--listening_port"></a>`listening_port`
Data type: `Stdlib::Port`
@@ -81,7 +79,7 @@ TURN listener port for UDP and TCP (plain).
Default value: `3478`
-##### <a name="tls_listening_port"></a>`tls_listening_port`
+##### <a name="-coturn--tls_listening_port"></a>`tls_listening_port`
Data type: `Stdlib::Port`
@@ -92,23 +90,23 @@ in terms of functionality. Keeping both endpoints satisfy the RFC 5766 specs.
Default value: `5349`
-##### <a name="cert"></a>`cert`
+##### <a name="-coturn--cert"></a>`cert`
Data type: `Optional[Stdlib::Absolutepath]`
The certificate file use with TLS.
-Default value: ``undef``
+Default value: `undef`
-##### <a name="private_key"></a>`private_key`
+##### <a name="-coturn--private_key"></a>`private_key`
Data type: `Optional[Stdlib::Absolutepath]`
The private key file use with TLS.
-Default value: ``undef``
+Default value: `undef`
-##### <a name="cipher_list"></a>`cipher_list`
+##### <a name="-coturn--cipher_list"></a>`cipher_list`
Data type: `String[1]`
@@ -117,39 +115,23 @@ The default value gives a list of ciphers that the Nmap ssl-enum-ciphers script
Default value: `'ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS'`
-##### <a name="dh2066"></a>`dh2066`
-
-Data type: `Boolean`
-
-Use 2066 bits predefined DH TLS key, size of the key is 1066.
-
-Default value: ``true``
-
-##### <a name="fingerprint"></a>`fingerprint`
+##### <a name="-coturn--fingerprint"></a>`fingerprint`
Data type: `Boolean`
Use fingerprints in the TURN messages
-Default value: ``false``
+Default value: `false`
-##### <a name="lt_cred_mech"></a>`lt_cred_mech`
+##### <a name="-coturn--lt_cred_mech"></a>`lt_cred_mech`
Data type: `Boolean`
Use long-term credential mechanism
-Default value: ``false``
-
-##### <a name="use_auth_secret"></a>`use_auth_secret`
-
-Data type: `Boolean`
-
-Turn on secret-based authentication.
+Default value: `false`
-Default value: ``false``
-
-##### <a name="static_auth_secret"></a>`static_auth_secret`
+##### <a name="-coturn--static_auth_secret"></a>`static_auth_secret`
Data type: `Optional[String[1]]`
@@ -157,17 +139,19 @@ Static authentication secret value (typically a long hexadecimal string) for TUR
If not set, then the turn server will try to use the dynamic value in turn_secret table in user database
Note : The actual Puppet module version does not support to modify the turn_secret table in database.
-Default value: ``undef``
+Default value: `undef`
-##### <a name="use_auth_secret"></a>`use_auth_secret`
+##### <a name="-coturn--use_auth_secret"></a>`use_auth_secret`
+
+Data type: `Boolean`
Flag that sets a special WebRTC authorization option that is based upon authentication secret.
The actual value of the secret is defined by option static-auth-secret,
Note : The actual Puppet module version does not support to modify the turn_secret table in database.
-Default value: ``false``
+Default value: `false`
-##### <a name="total_quota"></a>`total_quota`
+##### <a name="-coturn--total_quota"></a>`total_quota`
Data type: `Integer[0]`
@@ -175,7 +159,7 @@ Total allocation quota
Default value: `0`
-##### <a name="bps_capacity"></a>`bps_capacity`
+##### <a name="-coturn--bps_capacity"></a>`bps_capacity`
Data type: `Integer[0]`
@@ -185,7 +169,7 @@ for the sessions, combined (input and output network streams are treated separat
Default value: `0`
-##### <a name="stale_nonce"></a>`stale_nonce`
+##### <a name="-coturn--stale_nonce"></a>`stale_nonce`
Data type: `Integer[0]`
@@ -194,7 +178,7 @@ After the delay, the client will get 438 error and will have to re-authenticate
Default value: `600`
-##### <a name="no_stdout_log"></a>`no_stdout_log`
+##### <a name="-coturn--no_stdout_log"></a>`no_stdout_log`
Data type: `Boolean`
@@ -203,57 +187,59 @@ By default, all log messages are going to both stdout and to
the configured log file. With this option everything will be
going to the configured log only (unless the log file itself is stdout).
-Default value: ``false``
+Default value: `false`
-##### <a name="no_loopback_peers"></a>`no_loopback_peers`
+##### <a name="-coturn--no_loopback_peers"></a>`no_loopback_peers`
Data type: `Boolean`
Flag that can be used to disallow peers on the loopback addresses (127.x.x.x and ::1).
This is an extra security measure.
-Default value: ``false``
+Default value: `false`
-##### <a name="no_multicast_peers"></a>`no_multicast_peers`
+##### <a name="-coturn--no_multicast_peers"></a>`no_multicast_peers`
Data type: `Boolean`
Flag that can be used to disallow peers on well-known broadcast addresses (224.0.0.0 and above, and FFXX:*).
This is an extra security measure.
-Default value: ``false``
+Default value: `false`
+
+##### <a name="-coturn--dh2066"></a>`dh2066`
-##### <a name="dh2066"></a>`dh2066`
+Data type: `Boolean`
Use 2066 bits predefined DH TLS key. Default size of the key is 1066.
-Default value: ``true``
+Default value: `true`
-##### <a name="tlsv1"></a>`tlsv1`
+##### <a name="-coturn--tlsv1"></a>`tlsv1`
Data type: `Boolean`
Allow an TLS/DTLS version of protocol v1
-Default value: ``false``
+Default value: `false`
-##### <a name="tlsv1_1"></a>`tlsv1_1`
+##### <a name="-coturn--tlsv1_1"></a>`tlsv1_1`
Data type: `Boolean`
Allow an TLS/DTLS version of protocol v1.1
-Default value: ``false``
+Default value: `false`
-##### <a name="tlsv1_2"></a>`tlsv1_2`
+##### <a name="-coturn--tlsv1_2"></a>`tlsv1_2`
Data type: `Boolean`
Allow an TLS/DTLS version of protocol v1.2
-Default value: ``true``
+Default value: `true`
-##### <a name="simple_log"></a>`simple_log`
+##### <a name="-coturn--simple_log"></a>`simple_log`
Data type: `Boolean`
@@ -261,9 +247,9 @@ This flag means that no log file rollover will be used, and the log file
name will be constructed as-is, without PID and date appendage.
This option can be used together with the logrotate tool.
-Default value: ``true``
+Default value: `true`
-##### <a name="proc_user"></a>`proc_user`
+##### <a name="-coturn--proc_user"></a>`proc_user`
Data type: `String[1]`
@@ -271,7 +257,7 @@ User name to run the process, after the initialization of turnserver.
Default value: `'turnserver'`
-##### <a name="proc_group"></a>`proc_group`
+##### <a name="-coturn--proc_group"></a>`proc_group`
Data type: `String[1]`
@@ -279,7 +265,7 @@ Group name to run the process, after the initialization of turnserver.
Default value: `'turnserver'`
-##### <a name="log_file"></a>`log_file`
+##### <a name="-coturn--log_file"></a>`log_file`
Data type: `Optional[Variant[Stdlib::Absolutepath,Enum['syslog','stdout']]]`
diff --git a/manifests/init.pp b/manifests/init.pp
index ddaf3b06e9d17b1912f5ac7defadb4048a653162..b63a385e9f6a0a12b7e9e63ff239e6668558b0df 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -26,14 +26,10 @@
# @param cipher_list
# Allowed OpenSSL cipher list for TLS/DTLS connections.
# The default value gives a list of ciphers that the Nmap ssl-enum-ciphers script notes A in january 2022.
-# @param dh2066
-# Use 2066 bits predefined DH TLS key, size of the key is 1066.
# @param fingerprint
# Use fingerprints in the TURN messages
# @param lt_cred_mech
# Use long-term credential mechanism
-# @param use_auth_secret
-# Turn on secret-based authentication.
# @param static_auth_secret
# Static authentication secret value (typically a long hexadecimal string) for TURN REST API only.
# If not set, then the turn server will try to use the dynamic value in turn_secret table in user database
@@ -110,7 +106,6 @@ class coturn (
Optional[Variant[Stdlib::Absolutepath,Enum['syslog','stdout']]] $log_file = '/var/log/coturn/turnserver.log',
String[1] $cipher_list = 'ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS',
) {
-
$_coturn_package = 'coturn' # Ubuntu 18.04 ==> Coturn v4.5.0.7
$_coturn_config = '/etc/turnserver.conf'
$_coturn_sqlitedbpath = '/var/lib/turn'
@@ -185,6 +180,6 @@ class coturn (
require => [
Package[$_coturn_package],
File[$_coturn_config],
- ]
+ ],
}
}
diff --git a/metadata.json b/metadata.json
index e4595f3d40513c983cc191f94d456539fe16753b..b3274957f680c390f8236377e02316700c84184f 100644
--- a/metadata.json
+++ b/metadata.json
@@ -44,7 +44,7 @@
"coturn",
"webrtc"
],
- "pdk-version": "2.3.0",
- "template-url": "https://github.com/puppetlabs/pdk-templates#2.3.0",
- "template-ref": "tags/2.3.0-0-g8aaceff"
+ "pdk-version": "2.7.1",
+ "template-url": "https://github.com/puppetlabs/pdk-templates#2.7.4",
+ "template-ref": "tags/2.7.4-0-g58edf57"
}
diff --git a/spec/acceptance/coturn_spec.rb b/spec/acceptance/coturn_spec.rb
index f2d02afba66acc618013ec0a4586931d5f6148ff..7507b286e53caa20793ce42dd05d796702c48a8e 100644
--- a/spec/acceptance/coturn_spec.rb
+++ b/spec/acceptance/coturn_spec.rb
@@ -1,5 +1,7 @@
require 'spec_helper_acceptance'
+# rubocop:disable RSpec/RepeatedDescription
+
ip_server = fact('networking.ip')
fqdn_server = fact('networking.fqdn')
log_file = '/var/log/coturn/turnserver.log'