File: REFERENCE.md

package info (click to toggle)
puppet-module-puppetlabs-java-ks 5.1.1-3
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 464 kB
  • sloc: ruby: 1,810; sh: 10; makefile: 4
file content (198 lines) | stat: -rw-r--r-- 6,205 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
 
# Reference

<!-- DO NOT EDIT: This document was generated by Puppet Strings -->

## Table of Contents

### Classes

* [`java_ks::config`](#java_ks--config): java_ks configuration

### Resource types

* [`java_ks`](#java_ks): Manages the entries in a java keystore, and uses composite namevars to accomplish the same alias spread across multiple target keystores.

## Classes

### <a name="java_ks--config"></a>`java_ks::config`

java_ks configuration

#### Parameters

The following parameters are available in the `java_ks::config` class:

* [`params`](#-java_ks--config--params)

##### <a name="-java_ks--config--params"></a>`params`

Data type: `Hash`

A hash containing the parameters required for the java config.

Default value: `{}`

## Resource types

### <a name="java_ks"></a>`java_ks`

Manages the entries in a java keystore, and uses composite namevars to
accomplish the same alias spread across multiple target keystores.

#### Properties

The following properties are available in the `java_ks` type.

##### `ensure`

Valid values: `present`, `absent`, `latest`

Has three states: present, absent, and latest.  Latest
will compare the on disk SHA1 fingerprint of the certificate to that
in keytool to determine if insync? returns true or false.  We redefine
insync? for this parameter to accomplish this.

Default value: `present`

##### `password`

The password used to protect the keystore.  If private keys are
subsequently also protected this password will be used to attempt
unlocking. Must be six or more characters in length. Cannot be used
together with :password_file, but you must pass at least one of these parameters.

#### Parameters

The following parameters are available in the `java_ks` type.

* [`certificate`](#-java_ks--certificate)
* [`certificate_content`](#-java_ks--certificate_content)
* [`chain`](#-java_ks--chain)
* [`destkeypass`](#-java_ks--destkeypass)
* [`keytool_timeout`](#-java_ks--keytool_timeout)
* [`name`](#-java_ks--name)
* [`password_fail_reset`](#-java_ks--password_fail_reset)
* [`password_file`](#-java_ks--password_file)
* [`path`](#-java_ks--path)
* [`private_key`](#-java_ks--private_key)
* [`private_key_content`](#-java_ks--private_key_content)
* [`private_key_type`](#-java_ks--private_key_type)
* [`provider`](#-java_ks--provider)
* [`source_alias`](#-java_ks--source_alias)
* [`source_password`](#-java_ks--source_password)
* [`storetype`](#-java_ks--storetype)
* [`target`](#-java_ks--target)
* [`trustcacerts`](#-java_ks--trustcacerts)

##### <a name="-java_ks--certificate"></a>`certificate`

A file containing a server certificate, followed by zero or more intermediate certificate authorities.
All certificates will be placed in the keystore. This will autorequire the specified file.

##### <a name="-java_ks--certificate_content"></a>`certificate_content`

A string containing a server certificate, followed by zero or more intermediate certificate authorities.
All certificates will be placed in the keystore.

##### <a name="-java_ks--chain"></a>`chain`

The intermediate certificate authorities, if they are to be taken
from a file separate from the server certificate. This will autorequire the specified file.

##### <a name="-java_ks--destkeypass"></a>`destkeypass`

The password used to protect the key in keystore.

##### <a name="-java_ks--keytool_timeout"></a>`keytool_timeout`

Timeout for the keytool command in seconds.

Default value: `120`

##### <a name="-java_ks--name"></a>`name`

namevar

The alias that is used to identify the entry in the keystore. This will be
converted to lowercase.

##### <a name="-java_ks--password_fail_reset"></a>`password_fail_reset`

Valid values: `true`, `false`

If the supplied password does not succeed in unlocking the
keystore file, then delete the keystore file and create a new one.
Default: false.

Default value: `false`

##### <a name="-java_ks--password_file"></a>`password_file`

The path to a file containing the password used to protect the
keystore. This cannot be used together with :password, but you must pass at least one of these parameters.

##### <a name="-java_ks--path"></a>`path`

The search path used for command (keytool, openssl) execution.
Paths can be specified as an array or as a '

##### <a name="-java_ks--private_key"></a>`private_key`

If you want an application to be a server and encrypt traffic,
you will need a private key.  Private key entries in a keystore must be
accompanied by a signed certificate for the keytool provider. This parameter
allows you to specify the file name containing the private key. This will autorequire
the specified file.

##### <a name="-java_ks--private_key_content"></a>`private_key_content`

If you want an application to be a server and encrypt traffic,
you will need a private key.  Private key entries in a keystore must be
accompanied by a signed certificate for the keytool provider. This parameter allows you to specify the content
of the private key.

##### <a name="-java_ks--private_key_type"></a>`private_key_type`

Valid values: `rsa`, `dsa`, `ec`

The type of the private key. Usually the private key is of type RSA
key but it can also be an Elliptic Curve key (EC) or DSA.
Valid options: <rsa>, <dsa>, <ec>. Defaults to <rsa>

Default value: `rsa`

##### <a name="-java_ks--provider"></a>`provider`

The specific backend to use for this `java_ks` resource. You will seldom need to specify this --- Puppet will usually
discover the appropriate provider for your platform.

##### <a name="-java_ks--source_alias"></a>`source_alias`

The source certificate alias

##### <a name="-java_ks--source_password"></a>`source_password`

The source keystore password

##### <a name="-java_ks--storetype"></a>`storetype`

Valid values: `jceks`, `pkcs12`, `jks`

Optional storetype
Valid options: <jceks>, <pkcs12>, <jks>

##### <a name="-java_ks--target"></a>`target`

namevar

Destination file for the keystore.  This will autorequire the parent directory of the file.

##### <a name="-java_ks--trustcacerts"></a>`trustcacerts`

Valid values: `true`, `false`

Certificate authorities aren't by default trusted so if you are adding a CA you need to set this to true.
Defaults to :false.

Default value: `false`