crypto_policy
Version information
This version is compatible with:
- Puppet Enterprise 2023.8.x, 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x
- Puppet >= 7.0.0 < 9.0.0
- , , , ,
Start using this module
Add this module to your Puppetfile:
mod 'simp-crypto_policy', '0.6.0'Learn more about managing modules with a PuppetfileDocumentation
pupmod-simp-crypto_policy
Table of Contents
Description
Manage, and provide information about, the system-wide crypto policies.
See update-crypto-policy(8) for additional information.
WARNING There are issues with
crypto-policies < 20190000which may render a FIPSsystem inaccessible.
Setup
What crypto_policy affects
Manages the system-wide crypto policy.
Applications may opt-in, or out, of usage by following the steps outlined in
update-crypto-policy(8).
Usage
class { 'crypto_policy': }
Reference
See REFERENCE.md for the full module reference.
Limitations
SIMP Puppet modules are generally intended for use on Red Hat Enterprise
Linux and compatible distributions, such as CentOS. Please see the
metadata.json file for the most up-to-date list of
supported operating systems, Puppet versions, and module dependencies.
Development
Please read our Contribution Guide.
If you find any issues, they can be submitted to our JIRA.
Reference
Table of Contents
Classes
crypto_policy: Configure the system crypto policy settingscrypto_policy::install: Manage the installation of the crypto policy package(s)crypto_policy::update: Helper class for triggering a run of update-crypto-policies
Classes
crypto_policy
Configure the system crypto policy settings
Parameters
The following parameters are available in the crypto_policy class:
ensure
Data type: Optional[String]
The system crypto policy that you wish to enforce
- Will be checked against
$facts['simplib__crypto_policy_state']['global_policies_available']for validity
Default value: simplib::lookup('simp_options::fips', { 'default_value' => pick($facts['fips_enabled'], false) }) ? { true => 'FIPS', default => undef
validate_policy
Data type: Boolean
Disables validation of the $ensure parameter prior to application
Default value: true
force_fips_override
Data type: Boolean
Set this to indicate that you wish to force the system into the mode
specified by $ensure even if the system is in FIPS mode
- WARNING: This may break all crypto on your system
Default value: false
manage_installation
Data type: Boolean
Enables management of the system installation via the crypto_policy::install class
Default value: true
crypto_policy::install
Manage the installation of the crypto policy package(s)
Parameters
The following parameters are available in the crypto_policy::install class:
packages
Data type: Array[String[1]]
The list of packages to manage for this capability
Default value: ['crypto-policies', 'crypto-policies-scripts']
package_ensure
Data type: String[1]
The 'ensure' parameter for $packages
- NOTE: There are issues with
crypto-policies < 20190000which may render a FIPS system inaccessible.
Default value: simplib::lookup('simp_options::package_ensure', { 'default_value' => 'latest' })
crypto_policy::update
This is deliberately not kept private in case other classes need to trigger an update but do not wish to include full management
Parameters
The following parameters are available in the crypto_policy::update class:
command
Data type: Stdlib::Absolutepath
The path to the command to be executed
Default value: '/usr/bin/update-crypto-policies'
- Mon Oct 23 2023 Steven Pritchard steve@sicura.us - 0.6.0
- [puppetsync] Add EL9 support
- Wed Oct 11 2023 Steven Pritchard steve@sicura.us - 0.5.0
- [puppetsync] Updates for Puppet 8
- These updates may include the following:
- Update Gemfile
- Add support for Puppet 8
- Drop support for Puppet 6
- Update module dependencies
- These updates may include the following:
- Wed Aug 23 2023 Steven Pritchard steve@sicura.us - 0.4.0
- Add AlmaLinux 8 support
- Mon Jun 12 2023 Chris Tessmer chris.tessmer@onyxpoint.com - 0.3.0
- Add RockyLinux 8 support
- Wed Jan 25 2023 Steven Pritchard steve@sicura.us - 0.2.2
- Handle empty simplib__crypto_policy_state fact (#28)
- Also manage crypto-policies-scripts package
- Thu Jun 16 2022 Steven Pritchard steve@sicura.us - 0.2.1
- Improve the ensure validation error message output
- Tue Jun 15 2021 Chris Tessmer chris.tessmer@onyxpoint.com - 0.2.0
- Removed support for Puppet 5
- Ensured support for Puppet 7 in requirements and stdlib
- Thu Jan 21 2021 Trevor Vaughan tvaughan@onyxpoint.com - 0.2.0
- Move the crypto_policy__state fact into simplib for use by other modules
- Fri Jan 01 2021 Trevor Vaughan tvaughan@onyxpoint.com - 0.1.4-0
- Fix support for puppet 5
- Thu Dec 24 2020 Trevor Vaughan tvaughan@onyxpoint.com - 0.1.3-0
- Ensure that the crypto-policy version is at a non-fatal bug level
- Add support for Puppet 7
- Fixed error string in main class
- Tue Oct 20 2020 Trevor Vaughan tvaughan@onyxpoint.com - 0.1.2-0
- Remove unnecessary hieradata directory
- Thu Oct 01 2020 Liz Nemsick lnemsick-simp@gmail.com - 0.1.1-0
- Update documentation
- Tue May 12 2020 Trevor Vaughan tvaughan@onyxpoint.com - 0.1.0-0
- Initial module release
Dependencies
- puppetlabs/stdlib (>= 8.0.0 < 10.0.0)
- simp/simplib (>= 4.9.0 < 5.0.0)