Skip to content
This repository has been archived by the owner on Feb 18, 2022. It is now read-only.

Latest commit

 

History

History
131 lines (79 loc) · 3.05 KB

REFERENCE.md

File metadata and controls

131 lines (79 loc) · 3.05 KB
Raw

Reference

Table of Contents

Classes

Defined types

Classes

windows_puppet_certificates

This module takes the Puppet Master CA certificate and Puppet Agent client certificate and imports them into the Windows Certificate Store and marks the private key as Not Exportable. This is useful to allow Windows applications to consume these certificates in a Windows way. For example:

  • for client certificate based authentication in EAP in 802.1x
  • for automatically trusting the PE Console in web browsers
  • for encrypting secrets for the client to consume, for example Hiera eYaml
  • for encrypting secrets for the server to consume, for example encrypting Bitlocker keys

Examples

Just import the Puppet Master CA certificate
include windows_puppet_certificates
Import master and client certificate
class { 'windows_puppet_certificates':
  manage_master_cert => true,
  manage_client_cert => true,
}
Specify the Puppet config directory
class { 'windows_puppet_certificates':
  'confdir_path' => 'c:/programdata/puppetlabs/puppet/etc',
}

Parameters

The following parameters are available in the windows_puppet_certificates class.

ensure

Data type: Enum['present', 'absent']

Valid options are present and absent Default: present

Default value: 'present'

manage_master_cert

Data type: Boolean

When set to true the module will import the Puppet Master CA certificate into the computer Trusted Root CA certificate store. Default: true

Default value: true

manage_client_cert

Data type: Boolean

When set to true the module will import the Puppet Client certificate, and private key, into the computer Personal certificate store. Default: false - importing a private key should be an explicit decision.

Default value: false

confdir_path

Data type: Stdlib::Windowspath

The path to the Puppet config directory. Default: the value of $facts['puppet_cert_paths']['confdir']

Default value: $facts['puppet_cert_paths']['confdir']

Defined types

windows_puppet_certificates::windows_certificate

The windows_puppet_certificates::windows_certificate class.

Parameters

The following parameters are available in the windows_puppet_certificates::windows_certificate defined type.

cert_path

Data type: Stdlib::Windowspath

The path to the certificate file

cert_type

Data type: Enum['trusted_root_ca', 'personal']

The type of certificate being acted upon. Valid values are trusted_root_ca and personal

ensure

Data type: Enum['present']

Currently only present is supported Default: present

Default value: 'present'

key_path

Data type: Optional[Stdlib::Windowspath]

The path to the key file