diff --git a/REFERENCE.md b/REFERENCE.md
index 1855db4971a9a99a299e9bda22c23e1be7b08f28..5a54f62e1013e28cb7ad74c3a436bb4ec507dbae 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -54,7 +54,7 @@ The following parameters are available in the `freeipa` class.
##### `domain`
-Data type: `String`
+Data type: `Stdlib::Fqdn`
The name of the IPA domain to create or join.
@@ -246,15 +246,15 @@ Default value: `true`
##### `ip_address`
-Data type: `String`
+Data type: `Stdlib::IP::Address::V4`
IP address to pass to the IPA installer.
-Default value: ''
+Default value: '0.0.0.0'
##### `ipa_server_fqdn`
-Data type: `String`
+Data type: `Stdlib::Fqdn`
Actual fqdn of the IPA server or client.
@@ -278,11 +278,11 @@ Default value: $::osfamily
##### `ipa_master_fqdn`
-Data type: `String`
+Data type: `Stdlib::Fqdn`
FQDN of the server to use for a client or replica domain join.
-Default value: ''
+Default value: 'default'
##### `manage_host_entry`
@@ -310,11 +310,11 @@ Default value: `false`
##### `realm`
-Data type: `String`
+Data type: `Stdlib::Fqdn`
The name of the IPA realm to create or join.
-Default value: ''
+Default value: 'default'
##### `server_install_ldaputils`
@@ -366,7 +366,7 @@ Default value: `false`
##### `webui_proxy_external_fqdn`
-Data type: `String`
+Data type: `Stdlib::Fqdn`
The public or external FQDN used to access the IPA Web UI behind the reverse proxy.
diff --git a/manifests/init.pp b/manifests/init.pp
index 6b7062d9386a4f6734b4203c381b20b490f746a8..567c542c1179c6d98c4ace2ac8cde930543e5dc2 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -58,60 +58,60 @@
#
#
class freeipa (
- String $domain = 'default',
- String $ipa_role = 'default',
- String $admin_password = '',
- String $directory_services_password = '',
- String $autofs_package_name = 'autofs',
- Boolean $client_install_ldaputils = false,
- Boolean $configure_dns_server = true,
- Boolean $configure_ntp = true,
- Array[String] $custom_dns_forwarders = [],
- String $domain_join_principal = '',
- String $domain_join_password = '',
- Boolean $enable_hostname = true,
- Boolean $enable_ip_address = false,
- Boolean $fixed_primary = false,
- Integer $idstart = 10000,
- Boolean $install_autofs = false,
- Boolean $install_epel = true,
- Boolean $install_kstart = true,
- Boolean $install_sssdtools = true,
- String $ipa_client_package_name = $::osfamily ? {
+ Stdlib::Fqdn $domain = 'default',
+ String $ipa_role = 'default',
+ String $admin_password = '',
+ String $directory_services_password = '',
+ String $autofs_package_name = 'autofs',
+ Boolean $client_install_ldaputils = false,
+ Boolean $configure_dns_server = true,
+ Boolean $configure_ntp = true,
+ Array[String] $custom_dns_forwarders = [],
+ String $domain_join_principal = '',
+ String $domain_join_password = '',
+ Boolean $enable_hostname = true,
+ Boolean $enable_ip_address = false,
+ Boolean $fixed_primary = false,
+ Integer $idstart = 10000,
+ Boolean $install_autofs = false,
+ Boolean $install_epel = true,
+ Boolean $install_kstart = true,
+ Boolean $install_sssdtools = true,
+ String $ipa_client_package_name = $::osfamily ? {
'Debian' => 'freeipa-client',
default => 'ipa-client',
},
- String $ipa_server_package_name = 'ipa-server',
- Boolean $install_ipa_client = true,
- Boolean $install_ipa_server = true,
- Boolean $install_sssd = true,
- String $ip_address = '',
- String $ipa_server_fqdn = $::fqdn,
- String $kstart_package_name = 'kstart',
- String $ldaputils_package_name = $::osfamily ? {
+ String $ipa_server_package_name = 'ipa-server',
+ Boolean $install_ipa_client = true,
+ Boolean $install_ipa_server = true,
+ Boolean $install_sssd = true,
+ Stdlib::IP::Address::V4 $ip_address = '0.0.0.0',
+ Stdlib::Fqdn $ipa_server_fqdn = $::fqdn,
+ String $kstart_package_name = 'kstart',
+ String $ldaputils_package_name = $::osfamily ? {
'Debian' => 'ldap-utils',
default => 'openldap-clients',
},
- String $ipa_master_fqdn = '',
- Boolean $manage_host_entry = false,
- Boolean $mkhomedir = true,
- Boolean $no_ui_redirect = false,
- String $realm = '',
- Boolean $server_install_ldaputils = true,
- String $sssd_package_name = 'sssd-common',
- String $sssdtools_package_name = 'sssd-tools',
- Boolean $webui_disable_kerberos = false,
- Boolean $webui_enable_proxy = false,
- Boolean $webui_force_https = false,
- String $webui_proxy_external_fqdn = 'localhost',
- String $webui_proxy_https_port = '8440',
+ Stdlib::Fqdn $ipa_master_fqdn = 'default',
+ Boolean $manage_host_entry = false,
+ Boolean $mkhomedir = true,
+ Boolean $no_ui_redirect = false,
+ Stdlib::Fqdn $realm = 'default',
+ Boolean $server_install_ldaputils = true,
+ String $sssd_package_name = 'sssd-common',
+ String $sssdtools_package_name = 'sssd-tools',
+ Boolean $webui_disable_kerberos = false,
+ Boolean $webui_enable_proxy = false,
+ Boolean $webui_force_https = false,
+ Stdlib::Fqdn $webui_proxy_external_fqdn = 'localhost',
+ String $webui_proxy_https_port = '8440',
) {
if $facts['kernel'] != 'Linux' or $facts['osfamily'] == 'Windows' {
fail('This module is only supported on Linux.')
}
- if $realm != '' {
+ if $realm != 'default'{
$final_realm = $realm
} else {
$final_realm = upcase($domain)
diff --git a/manifests/validate_params.pp b/manifests/validate_params.pp
index bd8e25b16ec671235f6992eea7101b75d2574257..fb1b0f5462e3e768add0ce558281e90930b56aec 100644
--- a/manifests/validate_params.pp
+++ b/manifests/validate_params.pp
@@ -14,33 +14,17 @@ class freeipa::validate_params {
default: {fail('The parameter ipa_role must be set to client, master, or replica.')}
}
- if $freeipa::ip_address != '' {
- # TODO: validate_legacy
- if !is_ipv4_address($freeipa::ip_address) {
- fail('The parameter ip_address must pass validation as an IPv4 address.')
- }
- }
-
if $freeipa::manage_host_entry {
- if $freeipa::ip_address == '' {
+ if $freeipa::ip_address == '0.0.0.0' {
fail('When using the parameter manage_host_entry, the parameter ip_address is mandatory.')
}
}
+
if $freeipa::idstart < 10000 {
fail('Parameter "idstart" must be an integer greater than 10000.')
}
- # TODO: validate_legacy
- if ! is_domain_name($freeipa::domain) {
- fail('The parameter \'domain\' must pass validation as a domain name.')
- }
-
- # TODO: validate_legacy
- if ! is_domain_name($freeipa::final_realm) {
- fail('The parameter \'realm\' must pass validation as a domain name.')
- }
-
if $freeipa::ipa_role == 'master' {
if length($freeipa::admin_password) < 8 {
fail('When ipa_role is set to master, the parameter admin_password must be populated and at least of length 8.')
@@ -56,11 +40,8 @@ must be populated and at least of length 8."
if $freeipa::ipa_role != 'master' { # if replica or client
- # TODO: validate_legacy
- if $freeipa::ipa_master_fqdn == ''{
- fail("When creating a ${freeipa::ipa_role} the parameter named ipa_master_fqdn cannot be empty.")
- } elsif !is_domain_name($freeipa::ipa_master_fqdn) {
- fail('The parameter \'ipa_master_fqdn\' must pass validation as a domain name.')
+ if $freeipa::ipa_master_fqdn == 'default'{
+ fail("When creating a ${freeipa::ipa_role} the parameter named ipa_master_fqdn must be set.")
}
if $freeipa::final_domain_join_password == '' {
diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
index 72dafd70252ac6ad18a42412b5a54475744fb2bd..cfe6657deda3f7605eff8e11f3b8f3418837336e 100644
--- a/spec/classes/init_spec.rb
+++ b/spec/classes/init_spec.rb
@@ -105,47 +105,6 @@ describe 'freeipa', type: :class do
it { is_expected.to raise_error(Puppet::Error, %r{populated and at least of length 8}) }
end
-
- context 'with bad ip_address' do
- let :params do
- {
- ipa_role: 'master',
- domain: 'rspec.example.lan',
- admin_password: 'rspecrspec123',
- directory_services_password: 'rspecrspec123',
- ip_address: 'not_an_ip'
- }
- end
-
- it { is_expected.to raise_error(Puppet::Error, %r{parameter ip_address must pass validation}) }
- end
-
- context 'with bad domain' do
- let :params do
- {
- ipa_role: 'master',
- domain: 'not_a_domain',
- admin_password: 'rspecrspec123',
- directory_services_password: 'rspecrspec123'
- }
- end
-
- it { is_expected.to raise_error(Puppet::Error, %r{must pass validation as a domain name}) }
- end
-
- context 'with bad realm' do
- let :params do
- {
- ipa_role: 'master',
- domain: 'rspec.example.lan',
- realm: 'not_a_realm',
- admin_password: 'rspecrspec123',
- directory_services_password: 'rspecrspec123'
- }
- end
-
- it { is_expected.to raise_error(Puppet::Error, %r{must pass validation as a domain name}) }
- end
end
context 'as replica' do
@@ -191,20 +150,7 @@ describe 'freeipa', type: :class do
}
end
- it { is_expected.to raise_error(Puppet::Error, %r{parameter named ipa_master_fqdn cannot be empty}) }
- end
-
- context 'with bad ipa_master_fqdn' do
- let :params do
- {
- ipa_role: 'replica',
- domain: 'rspec.example.lan',
- ipa_master_fqdn: 'not_an_fqdn',
- domain_join_password: 'rspecrspec123'
- }
- end
-
- it { is_expected.to raise_error(Puppet::Error, %r{pass validation as a domain name}) }
+ it { is_expected.to raise_error(Puppet::Error, %r{parameter named ipa_master_fqdn must be set}) }
end
context 'missing domain_join_password' do
@@ -271,7 +217,7 @@ describe 'freeipa', type: :class do
}
end
- it { is_expected.to raise_error(Puppet::Error, %r{parameter named ipa_master_fqdn cannot be empty}) }
+ it { is_expected.to raise_error(Puppet::Error, %r{parameter named ipa_master_fqdn must be set}) }
end
context 'missing domain_join_password' do